From 4691a11afd441a9435fb1374bbb6770fa9659042 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 6 Nov 2023 17:48:08 +0000 Subject: [PATCH 001/132] Bump mkdocs-material from 9.4.7 to 9.4.8 Bumps [mkdocs-material](https://github.com/squidfunk/mkdocs-material) from 9.4.7 to 9.4.8. - [Release notes](https://github.com/squidfunk/mkdocs-material/releases) - [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG) - [Commits](https://github.com/squidfunk/mkdocs-material/compare/9.4.7...9.4.8) --- updated-dependencies: - dependency-name: mkdocs-material dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index be153bc6..e6a703bb 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,4 +1,4 @@ mkdocs==1.5.3 -mkdocs-material==9.4.7 +mkdocs-material==9.4.8 pygments==2.16.1 pymdown-extensions==10.3.1 From 8254d8f3db711e2026439cb226018d173b835538 Mon Sep 17 00:00:00 2001 From: Dalton Hubble Date: Tue, 21 Nov 2023 06:16:29 -0800 Subject: [PATCH 002/132] Update Kubernetes from v1.28.3 to v1.28.4 * https://github.com/kubernetes/kubernetes/releases/tag/v1.28.4 --- README.md | 10 +++---- aws/fedora-coreos/kubernetes/README.md | 2 +- aws/fedora-coreos/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/workers/butane/worker.yaml | 2 +- aws/flatcar-linux/kubernetes/README.md | 2 +- aws/flatcar-linux/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/workers/butane/worker.yaml | 2 +- azure/fedora-coreos/kubernetes/README.md | 2 +- azure/fedora-coreos/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/workers/butane/worker.yaml | 2 +- azure/flatcar-linux/kubernetes/README.md | 2 +- azure/flatcar-linux/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/workers/butane/worker.yaml | 2 +- bare-metal/fedora-coreos/kubernetes/README.md | 2 +- .../fedora-coreos/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/worker/butane/worker.yaml | 2 +- bare-metal/flatcar-linux/kubernetes/README.md | 2 +- .../flatcar-linux/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/worker/butane/worker.yaml | 2 +- .../fedora-coreos/kubernetes/README.md | 2 +- .../fedora-coreos/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/butane/worker.yaml | 2 +- .../flatcar-linux/kubernetes/README.md | 2 +- .../flatcar-linux/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/butane/worker.yaml | 2 +- docs/advanced/arm64.md | 28 +++++++++---------- docs/advanced/nodes.md | 8 +++--- docs/advanced/worker-pools.md | 22 +++++++-------- docs/fedora-coreos/aws.md | 10 +++---- docs/fedora-coreos/azure.md | 10 +++---- docs/fedora-coreos/bare-metal.md | 12 ++++---- docs/fedora-coreos/digitalocean.md | 10 +++---- docs/fedora-coreos/google-cloud.md | 10 +++---- docs/flatcar-linux/aws.md | 10 +++---- docs/flatcar-linux/azure.md | 10 +++---- docs/flatcar-linux/bare-metal.md | 12 ++++---- docs/flatcar-linux/digitalocean.md | 10 +++---- docs/flatcar-linux/google-cloud.md | 10 +++---- docs/index.md | 10 +++---- docs/topics/maintenance.md | 8 +++--- .../fedora-coreos/kubernetes/README.md | 2 +- .../fedora-coreos/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/workers/butane/worker.yaml | 2 +- .../flatcar-linux/kubernetes/README.md | 2 +- .../flatcar-linux/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/workers/butane/worker.yaml | 2 +- 56 files changed, 145 insertions(+), 145 deletions(-) diff --git a/README.md b/README.md index e6c73518..07d43b62 100644 --- a/README.md +++ b/README.md @@ -13,7 +13,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.28.3 (upstream) +* Kubernetes v1.28.4 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/), SELinux enforcing * Advanced features like [worker pools](https://typhoon.psdn.io/advanced/worker-pools/), [preemptible](https://typhoon.psdn.io/flatcar-linux/google-cloud/#preemption) workers, and [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization @@ -65,7 +65,7 @@ Define a Kubernetes cluster by using the Terraform module for your chosen platfo ```tf module "yavin" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.28.3" + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.28.4" # Google Cloud cluster_name = "yavin" @@ -104,9 +104,9 @@ In 4-8 minutes (varies by platform), the cluster will be ready. This Google Clou $ export KUBECONFIG=/home/user/.kube/configs/yavin-config $ kubectl get nodes NAME ROLES STATUS AGE VERSION -yavin-controller-0.c.example-com.internal Ready 6m v1.28.3 -yavin-worker-jrbf.c.example-com.internal Ready 5m v1.28.3 -yavin-worker-mzdm.c.example-com.internal Ready 5m v1.28.3 +yavin-controller-0.c.example-com.internal Ready 6m v1.28.4 +yavin-worker-jrbf.c.example-com.internal Ready 5m v1.28.4 +yavin-worker-mzdm.c.example-com.internal Ready 5m v1.28.4 ``` List the pods. diff --git a/aws/fedora-coreos/kubernetes/README.md b/aws/fedora-coreos/kubernetes/README.md index 74aba0af..58ce66c7 100644 --- a/aws/fedora-coreos/kubernetes/README.md +++ b/aws/fedora-coreos/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.28.3 (upstream) +* Kubernetes v1.28.4 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/), SELinux enforcing * Advanced features like [worker pools](https://typhoon.psdn.io/advanced/worker-pools/), [spot](https://typhoon.psdn.io/fedora-coreos/aws/#spot) workers, and [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/aws/fedora-coreos/kubernetes/bootstrap.tf b/aws/fedora-coreos/kubernetes/bootstrap.tf index f08b85f4..236445af 100644 --- a/aws/fedora-coreos/kubernetes/bootstrap.tf +++ b/aws/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=d151ab77b7ebdfb878ea110c86cc77238189f1ed" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=a6e637d1966c76378a46a440bd3c17f616e821b8" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/aws/fedora-coreos/kubernetes/butane/controller.yaml b/aws/fedora-coreos/kubernetes/butane/controller.yaml index 044f5fba..ba3c2a12 100644 --- a/aws/fedora-coreos/kubernetes/butane/controller.yaml +++ b/aws/fedora-coreos/kubernetes/butane/controller.yaml @@ -57,7 +57,7 @@ systemd: After=afterburn.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.28.3 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.28.4 EnvironmentFile=/run/metadata/afterburn ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests @@ -116,7 +116,7 @@ systemd: --volume /opt/bootstrap/assets:/assets:ro,Z \ --volume /opt/bootstrap/apply:/apply:ro,Z \ --entrypoint=/apply \ - quay.io/poseidon/kubelet:v1.28.3 + quay.io/poseidon/kubelet:v1.28.4 ExecStartPost=/bin/touch /opt/bootstrap/bootstrap.done ExecStartPost=-/usr/bin/podman stop bootstrap storage: diff --git a/aws/fedora-coreos/kubernetes/workers/butane/worker.yaml b/aws/fedora-coreos/kubernetes/workers/butane/worker.yaml index f5c71872..0f8185ca 100644 --- a/aws/fedora-coreos/kubernetes/workers/butane/worker.yaml +++ b/aws/fedora-coreos/kubernetes/workers/butane/worker.yaml @@ -29,7 +29,7 @@ systemd: After=afterburn.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.28.3 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.28.4 EnvironmentFile=/run/metadata/afterburn ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests diff --git a/aws/flatcar-linux/kubernetes/README.md b/aws/flatcar-linux/kubernetes/README.md index aa7d7b16..516b0c22 100644 --- a/aws/flatcar-linux/kubernetes/README.md +++ b/aws/flatcar-linux/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.28.3 (upstream) +* Kubernetes v1.28.4 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/) * Advanced features like [worker pools](https://typhoon.psdn.io/advanced/worker-pools/), [spot](https://typhoon.psdn.io/flatcar-linux/aws/#spot) workers, and [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/aws/flatcar-linux/kubernetes/bootstrap.tf b/aws/flatcar-linux/kubernetes/bootstrap.tf index f08b85f4..236445af 100644 --- a/aws/flatcar-linux/kubernetes/bootstrap.tf +++ b/aws/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=d151ab77b7ebdfb878ea110c86cc77238189f1ed" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=a6e637d1966c76378a46a440bd3c17f616e821b8" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/aws/flatcar-linux/kubernetes/butane/controller.yaml b/aws/flatcar-linux/kubernetes/butane/controller.yaml index 58268cc9..e75d9e8f 100644 --- a/aws/flatcar-linux/kubernetes/butane/controller.yaml +++ b/aws/flatcar-linux/kubernetes/butane/controller.yaml @@ -58,7 +58,7 @@ systemd: After=coreos-metadata.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.28.3 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.28.4 EnvironmentFile=/run/metadata/coreos ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests @@ -109,7 +109,7 @@ systemd: Type=oneshot RemainAfterExit=true WorkingDirectory=/opt/bootstrap - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.28.3 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.28.4 ExecStart=/usr/bin/docker run \ -v /etc/kubernetes/pki:/etc/kubernetes/pki:ro \ -v /opt/bootstrap/assets:/assets:ro \ diff --git a/aws/flatcar-linux/kubernetes/workers/butane/worker.yaml b/aws/flatcar-linux/kubernetes/workers/butane/worker.yaml index 9e78ea78..ecd4d14c 100644 --- a/aws/flatcar-linux/kubernetes/workers/butane/worker.yaml +++ b/aws/flatcar-linux/kubernetes/workers/butane/worker.yaml @@ -30,7 +30,7 @@ systemd: After=coreos-metadata.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.28.3 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.28.4 EnvironmentFile=/run/metadata/coreos ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests diff --git a/azure/fedora-coreos/kubernetes/README.md b/azure/fedora-coreos/kubernetes/README.md index 09c7f897..25781df5 100644 --- a/azure/fedora-coreos/kubernetes/README.md +++ b/azure/fedora-coreos/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.28.3 (upstream) +* Kubernetes v1.28.4 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/), SELinux enforcing * Advanced features like [worker pools](https://typhoon.psdn.io/advanced/worker-pools/), [spot priority](https://typhoon.psdn.io/fedora-coreos/azure/#low-priority) workers, and [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/azure/fedora-coreos/kubernetes/bootstrap.tf b/azure/fedora-coreos/kubernetes/bootstrap.tf index 6cd97007..35325ae0 100644 --- a/azure/fedora-coreos/kubernetes/bootstrap.tf +++ b/azure/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=d151ab77b7ebdfb878ea110c86cc77238189f1ed" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=a6e637d1966c76378a46a440bd3c17f616e821b8" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/azure/fedora-coreos/kubernetes/butane/controller.yaml b/azure/fedora-coreos/kubernetes/butane/controller.yaml index f5397340..7b8ff6fd 100644 --- a/azure/fedora-coreos/kubernetes/butane/controller.yaml +++ b/azure/fedora-coreos/kubernetes/butane/controller.yaml @@ -54,7 +54,7 @@ systemd: Description=Kubelet (System Container) Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.28.3 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.28.4 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin @@ -111,7 +111,7 @@ systemd: --volume /opt/bootstrap/assets:/assets:ro,Z \ --volume /opt/bootstrap/apply:/apply:ro,Z \ --entrypoint=/apply \ - quay.io/poseidon/kubelet:v1.28.3 + quay.io/poseidon/kubelet:v1.28.4 ExecStartPost=/bin/touch /opt/bootstrap/bootstrap.done ExecStartPost=-/usr/bin/podman stop bootstrap storage: diff --git a/azure/fedora-coreos/kubernetes/workers/butane/worker.yaml b/azure/fedora-coreos/kubernetes/workers/butane/worker.yaml index ec50e714..c506273b 100644 --- a/azure/fedora-coreos/kubernetes/workers/butane/worker.yaml +++ b/azure/fedora-coreos/kubernetes/workers/butane/worker.yaml @@ -26,7 +26,7 @@ systemd: Description=Kubelet (System Container) Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.28.3 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.28.4 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin diff --git a/azure/flatcar-linux/kubernetes/README.md b/azure/flatcar-linux/kubernetes/README.md index 792f7b9b..d53f8b4a 100644 --- a/azure/flatcar-linux/kubernetes/README.md +++ b/azure/flatcar-linux/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.28.3 (upstream) +* Kubernetes v1.28.4 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/) * Advanced features like [worker pools](https://typhoon.psdn.io/advanced/worker-pools/), [low-priority](https://typhoon.psdn.io/flatcar-linux/azure/#low-priority) workers, and [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/azure/flatcar-linux/kubernetes/bootstrap.tf b/azure/flatcar-linux/kubernetes/bootstrap.tf index 6cd97007..35325ae0 100644 --- a/azure/flatcar-linux/kubernetes/bootstrap.tf +++ b/azure/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=d151ab77b7ebdfb878ea110c86cc77238189f1ed" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=a6e637d1966c76378a46a440bd3c17f616e821b8" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/azure/flatcar-linux/kubernetes/butane/controller.yaml b/azure/flatcar-linux/kubernetes/butane/controller.yaml index 20b4139a..977620f9 100644 --- a/azure/flatcar-linux/kubernetes/butane/controller.yaml +++ b/azure/flatcar-linux/kubernetes/butane/controller.yaml @@ -56,7 +56,7 @@ systemd: After=docker.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.28.3 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.28.4 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin @@ -105,7 +105,7 @@ systemd: Type=oneshot RemainAfterExit=true WorkingDirectory=/opt/bootstrap - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.28.3 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.28.4 ExecStart=/usr/bin/docker run \ -v /etc/kubernetes/pki:/etc/kubernetes/pki:ro \ -v /opt/bootstrap/assets:/assets:ro \ diff --git a/azure/flatcar-linux/kubernetes/workers/butane/worker.yaml b/azure/flatcar-linux/kubernetes/workers/butane/worker.yaml index 4a454a4a..f4df12ae 100644 --- a/azure/flatcar-linux/kubernetes/workers/butane/worker.yaml +++ b/azure/flatcar-linux/kubernetes/workers/butane/worker.yaml @@ -28,7 +28,7 @@ systemd: After=docker.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.28.3 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.28.4 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin diff --git a/bare-metal/fedora-coreos/kubernetes/README.md b/bare-metal/fedora-coreos/kubernetes/README.md index 4fde2d9b..212f6173 100644 --- a/bare-metal/fedora-coreos/kubernetes/README.md +++ b/bare-metal/fedora-coreos/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.28.3 (upstream) +* Kubernetes v1.28.4 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/), SELinux enforcing * Advanced features like [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/bare-metal/fedora-coreos/kubernetes/bootstrap.tf b/bare-metal/fedora-coreos/kubernetes/bootstrap.tf index 5c4a5b7c..0b012c7c 100644 --- a/bare-metal/fedora-coreos/kubernetes/bootstrap.tf +++ b/bare-metal/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=d151ab77b7ebdfb878ea110c86cc77238189f1ed" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=a6e637d1966c76378a46a440bd3c17f616e821b8" cluster_name = var.cluster_name api_servers = [var.k8s_domain_name] diff --git a/bare-metal/fedora-coreos/kubernetes/butane/controller.yaml b/bare-metal/fedora-coreos/kubernetes/butane/controller.yaml index e59c401c..9dfd6162 100644 --- a/bare-metal/fedora-coreos/kubernetes/butane/controller.yaml +++ b/bare-metal/fedora-coreos/kubernetes/butane/controller.yaml @@ -53,7 +53,7 @@ systemd: Description=Kubelet (System Container) Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.28.3 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.28.4 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin @@ -113,7 +113,7 @@ systemd: Type=oneshot RemainAfterExit=true WorkingDirectory=/opt/bootstrap - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.28.3 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.28.4 ExecStartPre=-/usr/bin/podman rm bootstrap ExecStart=/usr/bin/podman run --name bootstrap \ --network host \ diff --git a/bare-metal/fedora-coreos/kubernetes/worker/butane/worker.yaml b/bare-metal/fedora-coreos/kubernetes/worker/butane/worker.yaml index dec42385..b61185e3 100644 --- a/bare-metal/fedora-coreos/kubernetes/worker/butane/worker.yaml +++ b/bare-metal/fedora-coreos/kubernetes/worker/butane/worker.yaml @@ -25,7 +25,7 @@ systemd: Description=Kubelet (System Container) Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.28.3 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.28.4 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin diff --git a/bare-metal/flatcar-linux/kubernetes/README.md b/bare-metal/flatcar-linux/kubernetes/README.md index 29a5c165..07a945f0 100644 --- a/bare-metal/flatcar-linux/kubernetes/README.md +++ b/bare-metal/flatcar-linux/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.28.3 (upstream) +* Kubernetes v1.28.4 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/) * Advanced features like [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/bare-metal/flatcar-linux/kubernetes/bootstrap.tf b/bare-metal/flatcar-linux/kubernetes/bootstrap.tf index 7818a683..a9dc56e4 100644 --- a/bare-metal/flatcar-linux/kubernetes/bootstrap.tf +++ b/bare-metal/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=d151ab77b7ebdfb878ea110c86cc77238189f1ed" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=a6e637d1966c76378a46a440bd3c17f616e821b8" cluster_name = var.cluster_name api_servers = [var.k8s_domain_name] diff --git a/bare-metal/flatcar-linux/kubernetes/butane/controller.yaml b/bare-metal/flatcar-linux/kubernetes/butane/controller.yaml index 59dc077e..29e325d9 100644 --- a/bare-metal/flatcar-linux/kubernetes/butane/controller.yaml +++ b/bare-metal/flatcar-linux/kubernetes/butane/controller.yaml @@ -64,7 +64,7 @@ systemd: After=docker.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.28.3 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.28.4 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin @@ -114,7 +114,7 @@ systemd: Type=oneshot RemainAfterExit=true WorkingDirectory=/opt/bootstrap - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.28.3 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.28.4 ExecStart=/usr/bin/docker run \ -v /etc/kubernetes/pki:/etc/kubernetes/pki:ro \ -v /opt/bootstrap/assets:/assets:ro \ diff --git a/bare-metal/flatcar-linux/kubernetes/worker/butane/worker.yaml b/bare-metal/flatcar-linux/kubernetes/worker/butane/worker.yaml index 18bcb3c8..0339f609 100644 --- a/bare-metal/flatcar-linux/kubernetes/worker/butane/worker.yaml +++ b/bare-metal/flatcar-linux/kubernetes/worker/butane/worker.yaml @@ -36,7 +36,7 @@ systemd: After=docker.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.28.3 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.28.4 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin diff --git a/digital-ocean/fedora-coreos/kubernetes/README.md b/digital-ocean/fedora-coreos/kubernetes/README.md index 6869b821..7176b96c 100644 --- a/digital-ocean/fedora-coreos/kubernetes/README.md +++ b/digital-ocean/fedora-coreos/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.28.3 (upstream) +* Kubernetes v1.28.4 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/), SELinux enforcing * Advanced features like [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/digital-ocean/fedora-coreos/kubernetes/bootstrap.tf b/digital-ocean/fedora-coreos/kubernetes/bootstrap.tf index 43b6ec2e..aa60b6c3 100644 --- a/digital-ocean/fedora-coreos/kubernetes/bootstrap.tf +++ b/digital-ocean/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=d151ab77b7ebdfb878ea110c86cc77238189f1ed" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=a6e637d1966c76378a46a440bd3c17f616e821b8" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/digital-ocean/fedora-coreos/kubernetes/butane/controller.yaml b/digital-ocean/fedora-coreos/kubernetes/butane/controller.yaml index 35f55566..4c08e332 100644 --- a/digital-ocean/fedora-coreos/kubernetes/butane/controller.yaml +++ b/digital-ocean/fedora-coreos/kubernetes/butane/controller.yaml @@ -55,7 +55,7 @@ systemd: After=afterburn.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.28.3 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.28.4 EnvironmentFile=/run/metadata/afterburn ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests @@ -123,7 +123,7 @@ systemd: --volume /opt/bootstrap/assets:/assets:ro,Z \ --volume /opt/bootstrap/apply:/apply:ro,Z \ --entrypoint=/apply \ - quay.io/poseidon/kubelet:v1.28.3 + quay.io/poseidon/kubelet:v1.28.4 ExecStartPost=/bin/touch /opt/bootstrap/bootstrap.done ExecStartPost=-/usr/bin/podman stop bootstrap storage: diff --git a/digital-ocean/fedora-coreos/kubernetes/butane/worker.yaml b/digital-ocean/fedora-coreos/kubernetes/butane/worker.yaml index c330ebca..a9535804 100644 --- a/digital-ocean/fedora-coreos/kubernetes/butane/worker.yaml +++ b/digital-ocean/fedora-coreos/kubernetes/butane/worker.yaml @@ -28,7 +28,7 @@ systemd: After=afterburn.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.28.3 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.28.4 EnvironmentFile=/run/metadata/afterburn ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests diff --git a/digital-ocean/flatcar-linux/kubernetes/README.md b/digital-ocean/flatcar-linux/kubernetes/README.md index c5ae31d6..fde0db28 100644 --- a/digital-ocean/flatcar-linux/kubernetes/README.md +++ b/digital-ocean/flatcar-linux/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.28.3 (upstream) +* Kubernetes v1.28.4 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/) * Advanced features like [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/digital-ocean/flatcar-linux/kubernetes/bootstrap.tf b/digital-ocean/flatcar-linux/kubernetes/bootstrap.tf index 43b6ec2e..aa60b6c3 100644 --- a/digital-ocean/flatcar-linux/kubernetes/bootstrap.tf +++ b/digital-ocean/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=d151ab77b7ebdfb878ea110c86cc77238189f1ed" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=a6e637d1966c76378a46a440bd3c17f616e821b8" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/digital-ocean/flatcar-linux/kubernetes/butane/controller.yaml b/digital-ocean/flatcar-linux/kubernetes/butane/controller.yaml index fc7a18ba..2e05aeca 100644 --- a/digital-ocean/flatcar-linux/kubernetes/butane/controller.yaml +++ b/digital-ocean/flatcar-linux/kubernetes/butane/controller.yaml @@ -66,7 +66,7 @@ systemd: After=coreos-metadata.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.28.3 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.28.4 EnvironmentFile=/run/metadata/coreos ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests @@ -117,7 +117,7 @@ systemd: Type=oneshot RemainAfterExit=true WorkingDirectory=/opt/bootstrap - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.28.3 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.28.4 ExecStart=/usr/bin/docker run \ -v /etc/kubernetes/pki:/etc/kubernetes/pki:ro \ -v /opt/bootstrap/assets:/assets:ro \ diff --git a/digital-ocean/flatcar-linux/kubernetes/butane/worker.yaml b/digital-ocean/flatcar-linux/kubernetes/butane/worker.yaml index 2b8d1b30..82f8b82a 100644 --- a/digital-ocean/flatcar-linux/kubernetes/butane/worker.yaml +++ b/digital-ocean/flatcar-linux/kubernetes/butane/worker.yaml @@ -38,7 +38,7 @@ systemd: After=coreos-metadata.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.28.3 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.28.4 EnvironmentFile=/run/metadata/coreos ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests diff --git a/docs/advanced/arm64.md b/docs/advanced/arm64.md index 956e996e..47b1d734 100644 --- a/docs/advanced/arm64.md +++ b/docs/advanced/arm64.md @@ -15,7 +15,7 @@ Create a cluster on AWS with ARM64 controller and worker nodes. Container worklo ```tf module "gravitas" { - source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes?ref=v1.28.3" + source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes?ref=v1.28.4" # AWS cluster_name = "gravitas" @@ -40,7 +40,7 @@ Create a cluster on AWS with ARM64 controller and worker nodes. Container worklo ```tf module "gravitas" { - source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes?ref=v1.28.3" + source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes?ref=v1.28.4" # AWS cluster_name = "gravitas" @@ -66,9 +66,9 @@ Verify the cluster has only arm64 (`aarch64`) nodes. For Flatcar Linux, describe ``` $ kubectl get nodes -o wide NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME -ip-10-0-21-119 Ready 77s v1.28.3 10.0.21.119 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.aarch64 containerd://1.5.8 -ip-10-0-32-166 Ready 80s v1.28.3 10.0.32.166 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.aarch64 containerd://1.5.8 -ip-10-0-5-79 Ready 77s v1.28.3 10.0.5.79 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.aarch64 containerd://1.5.8 +ip-10-0-21-119 Ready 77s v1.28.4 10.0.21.119 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.aarch64 containerd://1.5.8 +ip-10-0-32-166 Ready 80s v1.28.4 10.0.32.166 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.aarch64 containerd://1.5.8 +ip-10-0-5-79 Ready 77s v1.28.4 10.0.5.79 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.aarch64 containerd://1.5.8 ``` ## Hybrid @@ -79,7 +79,7 @@ Create a hybrid/mixed arch cluster by defining an AWS cluster. Then define a [wo ```tf module "gravitas" { - source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes?ref=v1.28.3" + source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes?ref=v1.28.4" # AWS cluster_name = "gravitas" @@ -102,7 +102,7 @@ Create a hybrid/mixed arch cluster by defining an AWS cluster. Then define a [wo ```tf module "gravitas" { - source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes?ref=v1.28.3" + source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes?ref=v1.28.4" # AWS cluster_name = "gravitas" @@ -125,7 +125,7 @@ Create a hybrid/mixed arch cluster by defining an AWS cluster. Then define a [wo ```tf module "gravitas-arm64" { - source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes/workers?ref=v1.28.3" + source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes/workers?ref=v1.28.4" # AWS vpc_id = module.gravitas.vpc_id @@ -149,7 +149,7 @@ Create a hybrid/mixed arch cluster by defining an AWS cluster. Then define a [wo ```tf module "gravitas-arm64" { - source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes/workers?ref=v1.28.3" + source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes/workers?ref=v1.28.4" # AWS vpc_id = module.gravitas.vpc_id @@ -174,10 +174,10 @@ Verify amd64 (x86_64) and arm64 (aarch64) nodes are present. ``` $ kubectl get nodes -o wide NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME -ip-10-0-1-73 Ready 111m v1.28.3 10.0.1.73 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.x86_64 containerd://1.5.8 -ip-10-0-22-79... Ready 111m v1.28.3 10.0.22.79 Flatcar Container Linux by Kinvolk 3033.2.0 (Oklo) 5.10.84-flatcar containerd://1.5.8 -ip-10-0-24-130 Ready 111m v1.28.3 10.0.24.130 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.x86_64 containerd://1.5.8 -ip-10-0-39-19 Ready 111m v1.28.3 10.0.39.19 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.x86_64 containerd://1.5.8 +ip-10-0-1-73 Ready 111m v1.28.4 10.0.1.73 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.x86_64 containerd://1.5.8 +ip-10-0-22-79... Ready 111m v1.28.4 10.0.22.79 Flatcar Container Linux by Kinvolk 3033.2.0 (Oklo) 5.10.84-flatcar containerd://1.5.8 +ip-10-0-24-130 Ready 111m v1.28.4 10.0.24.130 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.x86_64 containerd://1.5.8 +ip-10-0-39-19 Ready 111m v1.28.4 10.0.39.19 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.x86_64 containerd://1.5.8 ``` ## Azure @@ -186,7 +186,7 @@ Create a cluster on Azure with ARM64 controller and worker nodes. Container work ```tf module "ramius" { - source = "git::https://github.com/poseidon/typhoon//azure/flatcar-linux/kubernetes?ref=v1.28.3" + source = "git::https://github.com/poseidon/typhoon//azure/flatcar-linux/kubernetes?ref=v1.28.4" # Azure cluster_name = "ramius" diff --git a/docs/advanced/nodes.md b/docs/advanced/nodes.md index 49816085..2e9c6476 100644 --- a/docs/advanced/nodes.md +++ b/docs/advanced/nodes.md @@ -36,7 +36,7 @@ Add custom initial worker node labels to default workers or worker pool nodes to ```tf module "yavin" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.28.3" + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.28.4" # Google Cloud cluster_name = "yavin" @@ -57,7 +57,7 @@ Add custom initial worker node labels to default workers or worker pool nodes to ```tf module "yavin-pool" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes/workers?ref=v1.28.3" + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes/workers?ref=v1.28.4" # Google Cloud cluster_name = "yavin" @@ -89,7 +89,7 @@ Add custom initial taints on worker pool nodes to indicate a node is unique and ```tf module "yavin" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.28.3" + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.28.4" # Google Cloud cluster_name = "yavin" @@ -110,7 +110,7 @@ Add custom initial taints on worker pool nodes to indicate a node is unique and ```tf module "yavin-pool" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes/workers?ref=v1.28.3" + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes/workers?ref=v1.28.4" # Google Cloud cluster_name = "yavin" diff --git a/docs/advanced/worker-pools.md b/docs/advanced/worker-pools.md index 861524f1..e4c3a0d4 100644 --- a/docs/advanced/worker-pools.md +++ b/docs/advanced/worker-pools.md @@ -19,7 +19,7 @@ Create a cluster following the AWS [tutorial](../flatcar-linux/aws.md#cluster). ```tf module "tempest-worker-pool" { - source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes/workers?ref=v1.28.3" + source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes/workers?ref=v1.28.4" # AWS vpc_id = module.tempest.vpc_id @@ -42,7 +42,7 @@ Create a cluster following the AWS [tutorial](../flatcar-linux/aws.md#cluster). ```tf module "tempest-worker-pool" { - source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes/workers?ref=v1.28.3" + source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes/workers?ref=v1.28.4" # AWS vpc_id = module.tempest.vpc_id @@ -111,7 +111,7 @@ Create a cluster following the Azure [tutorial](../flatcar-linux/azure.md#cluste ```tf module "ramius-worker-pool" { - source = "git::https://github.com/poseidon/typhoon//azure/fedora-coreos/kubernetes/workers?ref=v1.28.3" + source = "git::https://github.com/poseidon/typhoon//azure/fedora-coreos/kubernetes/workers?ref=v1.28.4" # Azure region = module.ramius.region @@ -137,7 +137,7 @@ Create a cluster following the Azure [tutorial](../flatcar-linux/azure.md#cluste ```tf module "ramius-worker-pool" { - source = "git::https://github.com/poseidon/typhoon//azure/flatcar-linux/kubernetes/workers?ref=v1.28.3" + source = "git::https://github.com/poseidon/typhoon//azure/flatcar-linux/kubernetes/workers?ref=v1.28.4" # Azure region = module.ramius.region @@ -207,7 +207,7 @@ Create a cluster following the Google Cloud [tutorial](../flatcar-linux/google-c ```tf module "yavin-worker-pool" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes/workers?ref=v1.28.3" + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes/workers?ref=v1.28.4" # Google Cloud region = "europe-west2" @@ -231,7 +231,7 @@ Create a cluster following the Google Cloud [tutorial](../flatcar-linux/google-c ```tf module "yavin-worker-pool" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/flatcar-linux/kubernetes/workers?ref=v1.28.3" + source = "git::https://github.com/poseidon/typhoon//google-cloud/flatcar-linux/kubernetes/workers?ref=v1.28.4" # Google Cloud region = "europe-west2" @@ -262,11 +262,11 @@ Verify a managed instance group of workers joins the cluster within a few minute ``` $ kubectl get nodes NAME STATUS AGE VERSION -yavin-controller-0.c.example-com.internal Ready 6m v1.28.3 -yavin-worker-jrbf.c.example-com.internal Ready 5m v1.28.3 -yavin-worker-mzdm.c.example-com.internal Ready 5m v1.28.3 -yavin-16x-worker-jrbf.c.example-com.internal Ready 3m v1.28.3 -yavin-16x-worker-mzdm.c.example-com.internal Ready 3m v1.28.3 +yavin-controller-0.c.example-com.internal Ready 6m v1.28.4 +yavin-worker-jrbf.c.example-com.internal Ready 5m v1.28.4 +yavin-worker-mzdm.c.example-com.internal Ready 5m v1.28.4 +yavin-16x-worker-jrbf.c.example-com.internal Ready 3m v1.28.4 +yavin-16x-worker-mzdm.c.example-com.internal Ready 3m v1.28.4 ``` ### Variables diff --git a/docs/fedora-coreos/aws.md b/docs/fedora-coreos/aws.md index db3fa3d7..ff6530a5 100644 --- a/docs/fedora-coreos/aws.md +++ b/docs/fedora-coreos/aws.md @@ -1,6 +1,6 @@ # AWS -In this tutorial, we'll create a Kubernetes v1.28.3 cluster on AWS with Fedora CoreOS. +In this tutorial, we'll create a Kubernetes v1.28.4 cluster on AWS with Fedora CoreOS. We'll declare a Kubernetes cluster using the Typhoon Terraform module. Then apply the changes to create a VPC, gateway, subnets, security groups, controller instances, worker auto-scaling group, network load balancer, and TLS assets. @@ -72,7 +72,7 @@ Define a Kubernetes cluster using the module `aws/fedora-coreos/kubernetes`. ```tf module "tempest" { - source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes?ref=v1.28.3" + source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes?ref=v1.28.4" # AWS cluster_name = "tempest" @@ -145,9 +145,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/tempest-config $ kubectl get nodes NAME STATUS ROLES AGE VERSION -ip-10-0-3-155 Ready 10m v1.28.3 -ip-10-0-26-65 Ready 10m v1.28.3 -ip-10-0-41-21 Ready 10m v1.28.3 +ip-10-0-3-155 Ready 10m v1.28.4 +ip-10-0-26-65 Ready 10m v1.28.4 +ip-10-0-41-21 Ready 10m v1.28.4 ``` List the pods. diff --git a/docs/fedora-coreos/azure.md b/docs/fedora-coreos/azure.md index 14fd27fb..d70061e4 100644 --- a/docs/fedora-coreos/azure.md +++ b/docs/fedora-coreos/azure.md @@ -1,6 +1,6 @@ # Azure -In this tutorial, we'll create a Kubernetes v1.28.3 cluster on Azure with Fedora CoreOS. +In this tutorial, we'll create a Kubernetes v1.28.4 cluster on Azure with Fedora CoreOS. We'll declare a Kubernetes cluster using the Typhoon Terraform module. Then apply the changes to create a resource group, virtual network, subnets, security groups, controller availability set, worker scale set, load balancer, and TLS assets. @@ -86,7 +86,7 @@ Define a Kubernetes cluster using the module `azure/fedora-coreos/kubernetes`. ```tf module "ramius" { - source = "git::https://github.com/poseidon/typhoon//azure/fedora-coreos/kubernetes?ref=v1.28.3" + source = "git::https://github.com/poseidon/typhoon//azure/fedora-coreos/kubernetes?ref=v1.28.4" # Azure cluster_name = "ramius" @@ -161,9 +161,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/ramius-config $ kubectl get nodes NAME STATUS ROLES AGE VERSION -ramius-controller-0 Ready 24m v1.28.3 -ramius-worker-000001 Ready 25m v1.28.3 -ramius-worker-000002 Ready 24m v1.28.3 +ramius-controller-0 Ready 24m v1.28.4 +ramius-worker-000001 Ready 25m v1.28.4 +ramius-worker-000002 Ready 24m v1.28.4 ``` List the pods. diff --git a/docs/fedora-coreos/bare-metal.md b/docs/fedora-coreos/bare-metal.md index 84fbc6f2..671ba4c9 100644 --- a/docs/fedora-coreos/bare-metal.md +++ b/docs/fedora-coreos/bare-metal.md @@ -1,6 +1,6 @@ # Bare-Metal -In this tutorial, we'll network boot and provision a Kubernetes v1.28.3 cluster on bare-metal with Fedora CoreOS. +In this tutorial, we'll network boot and provision a Kubernetes v1.28.4 cluster on bare-metal with Fedora CoreOS. First, we'll deploy a [Matchbox](https://github.com/poseidon/matchbox) service and setup a network boot environment. Then, we'll declare a Kubernetes cluster using the Typhoon Terraform module and power on machines. On PXE boot, machines will install Fedora CoreOS to disk, reboot into the disk install, and provision themselves as Kubernetes controllers or workers via Ignition. @@ -154,7 +154,7 @@ Define a Kubernetes cluster using the module `bare-metal/fedora-coreos/kubernete ```tf module "mercury" { - source = "git::https://github.com/poseidon/typhoon//bare-metal/fedora-coreos/kubernetes?ref=v1.28.3" + source = "git::https://github.com/poseidon/typhoon//bare-metal/fedora-coreos/kubernetes?ref=v1.28.4" # bare-metal cluster_name = "mercury" @@ -191,7 +191,7 @@ Workers with similar features can be defined inline using the `workers` field as ```tf module "mercury-node1" { - source = "git::https://github.com/poseidon/typhoon//bare-metal/fedora-coreos/kubernetes/worker?ref=v1.28.3" + source = "git::https://github.com/poseidon/typhoon//bare-metal/fedora-coreos/kubernetes/worker?ref=v1.28.4" # bare-metal cluster_name = "mercury" @@ -313,9 +313,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/mercury-config $ kubectl get nodes NAME STATUS ROLES AGE VERSION -node1.example.com Ready 10m v1.28.3 -node2.example.com Ready 10m v1.28.3 -node3.example.com Ready 10m v1.28.3 +node1.example.com Ready 10m v1.28.4 +node2.example.com Ready 10m v1.28.4 +node3.example.com Ready 10m v1.28.4 ``` List the pods. diff --git a/docs/fedora-coreos/digitalocean.md b/docs/fedora-coreos/digitalocean.md index bf3a5954..3f486980 100644 --- a/docs/fedora-coreos/digitalocean.md +++ b/docs/fedora-coreos/digitalocean.md @@ -1,6 +1,6 @@ # DigitalOcean -In this tutorial, we'll create a Kubernetes v1.28.3 cluster on DigitalOcean with Fedora CoreOS. +In this tutorial, we'll create a Kubernetes v1.28.4 cluster on DigitalOcean with Fedora CoreOS. We'll declare a Kubernetes cluster using the Typhoon Terraform module. Then apply the changes to create controller droplets, worker droplets, DNS records, tags, and TLS assets. @@ -81,7 +81,7 @@ Define a Kubernetes cluster using the module `digital-ocean/fedora-coreos/kubern ```tf module "nemo" { - source = "git::https://github.com/poseidon/typhoon//digital-ocean/fedora-coreos/kubernetes?ref=v1.28.3" + source = "git::https://github.com/poseidon/typhoon//digital-ocean/fedora-coreos/kubernetes?ref=v1.28.4" # Digital Ocean cluster_name = "nemo" @@ -155,9 +155,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/nemo-config $ kubectl get nodes NAME STATUS ROLES AGE VERSION -10.132.110.130 Ready 10m v1.28.3 -10.132.115.81 Ready 10m v1.28.3 -10.132.124.107 Ready 10m v1.28.3 +10.132.110.130 Ready 10m v1.28.4 +10.132.115.81 Ready 10m v1.28.4 +10.132.124.107 Ready 10m v1.28.4 ``` List the pods. diff --git a/docs/fedora-coreos/google-cloud.md b/docs/fedora-coreos/google-cloud.md index 5423d332..a7515b91 100644 --- a/docs/fedora-coreos/google-cloud.md +++ b/docs/fedora-coreos/google-cloud.md @@ -1,6 +1,6 @@ # Google Cloud -In this tutorial, we'll create a Kubernetes v1.28.3 cluster on Google Compute Engine with Fedora CoreOS. +In this tutorial, we'll create a Kubernetes v1.28.4 cluster on Google Compute Engine with Fedora CoreOS. We'll declare a Kubernetes cluster using the Typhoon Terraform module. Then apply the changes to create a network, firewall rules, health checks, controller instances, worker managed instance group, load balancers, and TLS assets. @@ -73,7 +73,7 @@ Define a Kubernetes cluster using the module `google-cloud/fedora-coreos/kuberne ```tf module "yavin" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.28.3" + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.28.4" # Google Cloud cluster_name = "yavin" @@ -147,9 +147,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/yavin-config $ kubectl get nodes NAME ROLES STATUS AGE VERSION -yavin-controller-0.c.example-com.internal Ready 6m v1.28.3 -yavin-worker-jrbf.c.example-com.internal Ready 5m v1.28.3 -yavin-worker-mzdm.c.example-com.internal Ready 5m v1.28.3 +yavin-controller-0.c.example-com.internal Ready 6m v1.28.4 +yavin-worker-jrbf.c.example-com.internal Ready 5m v1.28.4 +yavin-worker-mzdm.c.example-com.internal Ready 5m v1.28.4 ``` List the pods. diff --git a/docs/flatcar-linux/aws.md b/docs/flatcar-linux/aws.md index e8114a77..81b31cf4 100644 --- a/docs/flatcar-linux/aws.md +++ b/docs/flatcar-linux/aws.md @@ -1,6 +1,6 @@ # AWS -In this tutorial, we'll create a Kubernetes v1.28.3 cluster on AWS with Flatcar Linux. +In this tutorial, we'll create a Kubernetes v1.28.4 cluster on AWS with Flatcar Linux. We'll declare a Kubernetes cluster using the Typhoon Terraform module. Then apply the changes to create a VPC, gateway, subnets, security groups, controller instances, worker auto-scaling group, network load balancer, and TLS assets. @@ -72,7 +72,7 @@ Define a Kubernetes cluster using the module `aws/flatcar-linux/kubernetes`. ```tf module "tempest" { - source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes?ref=v1.28.3" + source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes?ref=v1.28.4" # AWS cluster_name = "tempest" @@ -145,9 +145,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/tempest-config $ kubectl get nodes NAME STATUS ROLES AGE VERSION -ip-10-0-3-155 Ready 10m v1.28.3 -ip-10-0-26-65 Ready 10m v1.28.3 -ip-10-0-41-21 Ready 10m v1.28.3 +ip-10-0-3-155 Ready 10m v1.28.4 +ip-10-0-26-65 Ready 10m v1.28.4 +ip-10-0-41-21 Ready 10m v1.28.4 ``` List the pods. diff --git a/docs/flatcar-linux/azure.md b/docs/flatcar-linux/azure.md index 0d5601b5..1acc7fe4 100644 --- a/docs/flatcar-linux/azure.md +++ b/docs/flatcar-linux/azure.md @@ -1,6 +1,6 @@ # Azure -In this tutorial, we'll create a Kubernetes v1.28.3 cluster on Azure with Flatcar Linux. +In this tutorial, we'll create a Kubernetes v1.28.4 cluster on Azure with Flatcar Linux. We'll declare a Kubernetes cluster using the Typhoon Terraform module. Then apply the changes to create a resource group, virtual network, subnets, security groups, controller availability set, worker scale set, load balancer, and TLS assets. @@ -75,7 +75,7 @@ Define a Kubernetes cluster using the module `azure/flatcar-linux/kubernetes`. ```tf module "ramius" { - source = "git::https://github.com/poseidon/typhoon//azure/flatcar-linux/kubernetes?ref=v1.28.3" + source = "git::https://github.com/poseidon/typhoon//azure/flatcar-linux/kubernetes?ref=v1.28.4" # Azure cluster_name = "ramius" @@ -149,9 +149,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/ramius-config $ kubectl get nodes NAME STATUS ROLES AGE VERSION -ramius-controller-0 Ready 24m v1.28.3 -ramius-worker-000001 Ready 25m v1.28.3 -ramius-worker-000002 Ready 24m v1.28.3 +ramius-controller-0 Ready 24m v1.28.4 +ramius-worker-000001 Ready 25m v1.28.4 +ramius-worker-000002 Ready 24m v1.28.4 ``` List the pods. diff --git a/docs/flatcar-linux/bare-metal.md b/docs/flatcar-linux/bare-metal.md index fc3979ea..ad541448 100644 --- a/docs/flatcar-linux/bare-metal.md +++ b/docs/flatcar-linux/bare-metal.md @@ -1,6 +1,6 @@ # Bare-Metal -In this tutorial, we'll network boot and provision a Kubernetes v1.28.3 cluster on bare-metal with Flatcar Linux. +In this tutorial, we'll network boot and provision a Kubernetes v1.28.4 cluster on bare-metal with Flatcar Linux. First, we'll deploy a [Matchbox](https://github.com/poseidon/matchbox) service and setup a network boot environment. Then, we'll declare a Kubernetes cluster using the Typhoon Terraform module and power on machines. On PXE boot, machines will install Container Linux to disk, reboot into the disk install, and provision themselves as Kubernetes controllers or workers via Ignition. @@ -154,7 +154,7 @@ Define a Kubernetes cluster using the module `bare-metal/flatcar-linux/kubernete ```tf module "mercury" { - source = "git::https://github.com/poseidon/typhoon//bare-metal/flatcar-linux/kubernetes?ref=v1.28.3" + source = "git::https://github.com/poseidon/typhoon//bare-metal/flatcar-linux/kubernetes?ref=v1.28.4" # bare-metal cluster_name = "mercury" @@ -194,7 +194,7 @@ Workers with similar features can be defined inline using the `workers` field as ```tf module "mercury-node1" { - source = "git::https://github.com/poseidon/typhoon//bare-metal/fedora-coreos/kubernetes/worker?ref=v1.28.3" + source = "git::https://github.com/poseidon/typhoon//bare-metal/fedora-coreos/kubernetes/worker?ref=v1.28.4" # bare-metal cluster_name = "mercury" @@ -323,9 +323,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/mercury-config $ kubectl get nodes NAME STATUS ROLES AGE VERSION -node1.example.com Ready 10m v1.28.3 -node2.example.com Ready 10m v1.28.3 -node3.example.com Ready 10m v1.28.3 +node1.example.com Ready 10m v1.28.4 +node2.example.com Ready 10m v1.28.4 +node3.example.com Ready 10m v1.28.4 ``` List the pods. diff --git a/docs/flatcar-linux/digitalocean.md b/docs/flatcar-linux/digitalocean.md index 4ab1f702..3cf58edc 100644 --- a/docs/flatcar-linux/digitalocean.md +++ b/docs/flatcar-linux/digitalocean.md @@ -1,6 +1,6 @@ # DigitalOcean -In this tutorial, we'll create a Kubernetes v1.28.3 cluster on DigitalOcean with Flatcar Linux. +In this tutorial, we'll create a Kubernetes v1.28.4 cluster on DigitalOcean with Flatcar Linux. We'll declare a Kubernetes cluster using the Typhoon Terraform module. Then apply the changes to create controller droplets, worker droplets, DNS records, tags, and TLS assets. @@ -81,7 +81,7 @@ Define a Kubernetes cluster using the module `digital-ocean/flatcar-linux/kubern ```tf module "nemo" { - source = "git::https://github.com/poseidon/typhoon//digital-ocean/flatcar-linux/kubernetes?ref=v1.28.3" + source = "git::https://github.com/poseidon/typhoon//digital-ocean/flatcar-linux/kubernetes?ref=v1.28.4" # Digital Ocean cluster_name = "nemo" @@ -155,9 +155,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/nemo-config $ kubectl get nodes NAME STATUS ROLES AGE VERSION -10.132.110.130 Ready 10m v1.28.3 -10.132.115.81 Ready 10m v1.28.3 -10.132.124.107 Ready 10m v1.28.3 +10.132.110.130 Ready 10m v1.28.4 +10.132.115.81 Ready 10m v1.28.4 +10.132.124.107 Ready 10m v1.28.4 ``` List the pods. diff --git a/docs/flatcar-linux/google-cloud.md b/docs/flatcar-linux/google-cloud.md index bc899f7c..002af2e2 100644 --- a/docs/flatcar-linux/google-cloud.md +++ b/docs/flatcar-linux/google-cloud.md @@ -1,6 +1,6 @@ # Google Cloud -In this tutorial, we'll create a Kubernetes v1.28.3 cluster on Google Compute Engine with Flatcar Linux. +In this tutorial, we'll create a Kubernetes v1.28.4 cluster on Google Compute Engine with Flatcar Linux. We'll declare a Kubernetes cluster using the Typhoon Terraform module. Then apply the changes to create a network, firewall rules, health checks, controller instances, worker managed instance group, load balancers, and TLS assets. @@ -73,7 +73,7 @@ Define a Kubernetes cluster using the module `google-cloud/flatcar-linux/kuberne ```tf module "yavin" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/flatcar-linux/kubernetes?ref=v1.28.3" + source = "git::https://github.com/poseidon/typhoon//google-cloud/flatcar-linux/kubernetes?ref=v1.28.4" # Google Cloud cluster_name = "yavin" @@ -147,9 +147,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/yavin-config $ kubectl get nodes NAME ROLES STATUS AGE VERSION -yavin-controller-0.c.example-com.internal Ready 6m v1.28.3 -yavin-worker-jrbf.c.example-com.internal Ready 5m v1.28.3 -yavin-worker-mzdm.c.example-com.internal Ready 5m v1.28.3 +yavin-controller-0.c.example-com.internal Ready 6m v1.28.4 +yavin-worker-jrbf.c.example-com.internal Ready 5m v1.28.4 +yavin-worker-mzdm.c.example-com.internal Ready 5m v1.28.4 ``` List the pods. diff --git a/docs/index.md b/docs/index.md index 9b26982e..e8537f74 100644 --- a/docs/index.md +++ b/docs/index.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.28.3 (upstream) +* Kubernetes v1.28.4 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/), SELinux enforcing * Advanced features like [worker pools](advanced/worker-pools/), [preemptible](fedora-coreos/google-cloud/#preemption) workers, and [snippets](advanced/customization/#hosts) customization @@ -62,7 +62,7 @@ Define a Kubernetes cluster by using the Terraform module for your chosen platfo ```tf module "yavin" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.28.3" + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.28.4" # Google Cloud cluster_name = "yavin" @@ -100,9 +100,9 @@ In 4-8 minutes (varies by platform), the cluster will be ready. This Google Clou $ export KUBECONFIG=/home/user/.kube/configs/yavin-config $ kubectl get nodes NAME ROLES STATUS AGE VERSION -yavin-controller-0.c.example-com.internal Ready 6m v1.28.3 -yavin-worker-jrbf.c.example-com.internal Ready 5m v1.28.3 -yavin-worker-mzdm.c.example-com.internal Ready 5m v1.28.3 +yavin-controller-0.c.example-com.internal Ready 6m v1.28.4 +yavin-worker-jrbf.c.example-com.internal Ready 5m v1.28.4 +yavin-worker-mzdm.c.example-com.internal Ready 5m v1.28.4 ``` List the pods. diff --git a/docs/topics/maintenance.md b/docs/topics/maintenance.md index 2df69dee..5bdb5796 100644 --- a/docs/topics/maintenance.md +++ b/docs/topics/maintenance.md @@ -13,12 +13,12 @@ Typhoon provides tagged releases to allow clusters to be versioned using ordinar ``` module "yavin" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.28.3" + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.28.4" ... } module "mercury" { - source = "git::https://github.com/poseidon/typhoon//bare-metal/flatcar-linux/kubernetes?ref=v1.28.3" + source = "git::https://github.com/poseidon/typhoon//bare-metal/flatcar-linux/kubernetes?ref=v1.28.4" ... } ``` @@ -192,7 +192,7 @@ Applying edits to most worker fields will start an instance refresh: However, changing `os_stream`/`os_channel` or new AMIs becoming available will NOT change the launch configuration or trigger an Instance Refresh. This allows Fedora CoreOS or Flatcar Linux to auto-update themselves via reboots and avoids unexpected terraform diffs for new AMIs. !!! note - Before Typhoon v1.28.3, worker nodes only used new launch configurations when replaced manually (or due to failure). If you must change node configuration manually, it's still possible. Create a new [worker pool](../advanced/worker-pools.md), then scale down the old worker pool as desired. + Before Typhoon v1.28.4, worker nodes only used new launch configurations when replaced manually (or due to failure). If you must change node configuration manually, it's still possible. Create a new [worker pool](../advanced/worker-pools.md), then scale down the old worker pool as desired. ### Google Cloud @@ -233,7 +233,7 @@ Applying edits to most worker fields will start an instance refresh: However, changing `os_stream`/`os_channel` or new compute images becoming available will NOT change the launch template or update instances. This allows Fedora CoreOS or Flatcar Linux to auto-update themselves via reboots and avoids unexpected terraform diffs for new AMIs. !!! note - Before Typhoon v1.28.3, worker nodes only used new launch templates when replaced manually (or due to failure). If you must change node configuration manually, it's still possible. Create a new [worker pool](../advanced/worker-pools.md), then scale down the old worker pool as desired. + Before Typhoon v1.28.4, worker nodes only used new launch templates when replaced manually (or due to failure). If you must change node configuration manually, it's still possible. Create a new [worker pool](../advanced/worker-pools.md), then scale down the old worker pool as desired. ## Upgrade poseidon/ct diff --git a/google-cloud/fedora-coreos/kubernetes/README.md b/google-cloud/fedora-coreos/kubernetes/README.md index 08f6c51d..d3209768 100644 --- a/google-cloud/fedora-coreos/kubernetes/README.md +++ b/google-cloud/fedora-coreos/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.28.3 (upstream) +* Kubernetes v1.28.4 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/), SELinux enforcing * Advanced features like [worker pools](https://typhoon.psdn.io/advanced/worker-pools/), [preemptible](https://typhoon.psdn.io/fedora-coreos/google-cloud/#preemption) workers, and [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/google-cloud/fedora-coreos/kubernetes/bootstrap.tf b/google-cloud/fedora-coreos/kubernetes/bootstrap.tf index db71a5a6..4916c56c 100644 --- a/google-cloud/fedora-coreos/kubernetes/bootstrap.tf +++ b/google-cloud/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=d151ab77b7ebdfb878ea110c86cc77238189f1ed" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=a6e637d1966c76378a46a440bd3c17f616e821b8" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/google-cloud/fedora-coreos/kubernetes/butane/controller.yaml b/google-cloud/fedora-coreos/kubernetes/butane/controller.yaml index 39e86d88..b983a773 100644 --- a/google-cloud/fedora-coreos/kubernetes/butane/controller.yaml +++ b/google-cloud/fedora-coreos/kubernetes/butane/controller.yaml @@ -54,7 +54,7 @@ systemd: Description=Kubelet (System Container) Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.28.3 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.28.4 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin @@ -111,7 +111,7 @@ systemd: --volume /opt/bootstrap/assets:/assets:ro,Z \ --volume /opt/bootstrap/apply:/apply:ro,Z \ --entrypoint=/apply \ - quay.io/poseidon/kubelet:v1.28.3 + quay.io/poseidon/kubelet:v1.28.4 ExecStartPost=/bin/touch /opt/bootstrap/bootstrap.done ExecStartPost=-/usr/bin/podman stop bootstrap storage: diff --git a/google-cloud/fedora-coreos/kubernetes/workers/butane/worker.yaml b/google-cloud/fedora-coreos/kubernetes/workers/butane/worker.yaml index 9e4b5133..f7e934ed 100644 --- a/google-cloud/fedora-coreos/kubernetes/workers/butane/worker.yaml +++ b/google-cloud/fedora-coreos/kubernetes/workers/butane/worker.yaml @@ -26,7 +26,7 @@ systemd: Description=Kubelet (System Container) Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.28.3 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.28.4 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin diff --git a/google-cloud/flatcar-linux/kubernetes/README.md b/google-cloud/flatcar-linux/kubernetes/README.md index be080790..41c2b3b6 100644 --- a/google-cloud/flatcar-linux/kubernetes/README.md +++ b/google-cloud/flatcar-linux/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.28.3 (upstream) +* Kubernetes v1.28.4 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/) * Advanced features like [worker pools](https://typhoon.psdn.io/advanced/worker-pools/), [preemptible](https://typhoon.psdn.io/flatcar-linux/google-cloud/#preemption) workers, and [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/google-cloud/flatcar-linux/kubernetes/bootstrap.tf b/google-cloud/flatcar-linux/kubernetes/bootstrap.tf index db71a5a6..4916c56c 100644 --- a/google-cloud/flatcar-linux/kubernetes/bootstrap.tf +++ b/google-cloud/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=d151ab77b7ebdfb878ea110c86cc77238189f1ed" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=a6e637d1966c76378a46a440bd3c17f616e821b8" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/google-cloud/flatcar-linux/kubernetes/butane/controller.yaml b/google-cloud/flatcar-linux/kubernetes/butane/controller.yaml index 9e512494..13c3c876 100644 --- a/google-cloud/flatcar-linux/kubernetes/butane/controller.yaml +++ b/google-cloud/flatcar-linux/kubernetes/butane/controller.yaml @@ -56,7 +56,7 @@ systemd: After=docker.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.28.3 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.28.4 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin @@ -105,7 +105,7 @@ systemd: Type=oneshot RemainAfterExit=true WorkingDirectory=/opt/bootstrap - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.28.3 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.28.4 ExecStart=/usr/bin/docker run \ -v /etc/kubernetes/pki:/etc/kubernetes/pki:ro \ -v /opt/bootstrap/assets:/assets:ro \ diff --git a/google-cloud/flatcar-linux/kubernetes/workers/butane/worker.yaml b/google-cloud/flatcar-linux/kubernetes/workers/butane/worker.yaml index af226674..4766e269 100644 --- a/google-cloud/flatcar-linux/kubernetes/workers/butane/worker.yaml +++ b/google-cloud/flatcar-linux/kubernetes/workers/butane/worker.yaml @@ -28,7 +28,7 @@ systemd: After=docker.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.28.3 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.28.4 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin From 493030de823f54930a0f7937247f8a29d0c782a6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 27 Nov 2023 17:13:57 +0000 Subject: [PATCH 003/132] Bump mkdocs-material from 9.4.8 to 9.4.14 Bumps [mkdocs-material](https://github.com/squidfunk/mkdocs-material) from 9.4.8 to 9.4.14. - [Release notes](https://github.com/squidfunk/mkdocs-material/releases) - [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG) - [Commits](https://github.com/squidfunk/mkdocs-material/compare/9.4.8...9.4.14) --- updated-dependencies: - dependency-name: mkdocs-material dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index e6a703bb..a915e0fb 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,4 +1,4 @@ mkdocs==1.5.3 -mkdocs-material==9.4.8 +mkdocs-material==9.4.14 pygments==2.16.1 pymdown-extensions==10.3.1 From 35435e56aeb1b3411159b9a1af2fb90df0394352 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 28 Nov 2023 05:30:59 +0000 Subject: [PATCH 004/132] Bump pymdown-extensions from 10.3.1 to 10.5 Bumps [pymdown-extensions](https://github.com/facelessuser/pymdown-extensions) from 10.3.1 to 10.5. - [Release notes](https://github.com/facelessuser/pymdown-extensions/releases) - [Commits](https://github.com/facelessuser/pymdown-extensions/compare/10.3.1...10.5) --- updated-dependencies: - dependency-name: pymdown-extensions dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index a915e0fb..89cad484 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,4 +1,4 @@ mkdocs==1.5.3 mkdocs-material==9.4.14 pygments==2.16.1 -pymdown-extensions==10.3.1 +pymdown-extensions==10.5 From 0ad69f88990ed6552fe335276a2982df945795f2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 28 Nov 2023 05:50:21 +0000 Subject: [PATCH 005/132] Bump pygments from 2.16.1 to 2.17.2 Bumps [pygments](https://github.com/pygments/pygments) from 2.16.1 to 2.17.2. - [Release notes](https://github.com/pygments/pygments/releases) - [Changelog](https://github.com/pygments/pygments/blob/master/CHANGES) - [Commits](https://github.com/pygments/pygments/compare/2.16.1...2.17.2) --- updated-dependencies: - dependency-name: pygments dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 89cad484..e905d9ac 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,4 +1,4 @@ mkdocs==1.5.3 mkdocs-material==9.4.14 -pygments==2.16.1 +pygments==2.17.2 pymdown-extensions==10.5 From 0d997def3194c4be52f0da9437b9e12dbd13267f Mon Sep 17 00:00:00 2001 From: Dalton Hubble Date: Sun, 10 Dec 2023 21:01:58 -0800 Subject: [PATCH 006/132] Add release note for v1.28.4 --- CHANGES.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGES.md b/CHANGES.md index c5ccb0dc..3a546775 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -4,6 +4,10 @@ Notable changes between versions. ## Latest +## v1.28.4 + +* Kubernetes [v1.28.4](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.28.md#v1284) + ## v1.28.3 * Kubernetes [v1.28.3](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.28.md#v1283) From 5e06f2981090d5d1022c2892d1b9f27d9bf7ac47 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 11 Dec 2023 17:26:37 +0000 Subject: [PATCH 007/132] Bump mkdocs-material from 9.4.14 to 9.5.2 Bumps [mkdocs-material](https://github.com/squidfunk/mkdocs-material) from 9.4.14 to 9.5.2. - [Release notes](https://github.com/squidfunk/mkdocs-material/releases) - [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG) - [Commits](https://github.com/squidfunk/mkdocs-material/compare/9.4.14...9.5.2) --- updated-dependencies: - dependency-name: mkdocs-material dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index e905d9ac..213b41b3 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,4 +1,4 @@ mkdocs==1.5.3 -mkdocs-material==9.4.14 +mkdocs-material==9.5.2 pygments==2.17.2 pymdown-extensions==10.5 From 84e4f02917c66f0d1358705698bde1c06fa8e7b5 Mon Sep 17 00:00:00 2001 From: Dalton Hubble Date: Thu, 21 Dec 2023 21:27:47 -0800 Subject: [PATCH 008/132] Update Kubernetes from v1.28.4 to v1.29.0 * https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.29.md --- CHANGES.md | 8 ++++++ README.md | 10 +++---- aws/fedora-coreos/kubernetes/README.md | 2 +- aws/fedora-coreos/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/workers/butane/worker.yaml | 2 +- aws/flatcar-linux/kubernetes/README.md | 2 +- aws/flatcar-linux/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/workers/butane/worker.yaml | 2 +- azure/fedora-coreos/kubernetes/README.md | 2 +- azure/fedora-coreos/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/workers/butane/worker.yaml | 2 +- azure/flatcar-linux/kubernetes/README.md | 2 +- azure/flatcar-linux/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/workers/butane/worker.yaml | 2 +- bare-metal/fedora-coreos/kubernetes/README.md | 2 +- .../fedora-coreos/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/worker/butane/worker.yaml | 2 +- bare-metal/flatcar-linux/kubernetes/README.md | 2 +- .../flatcar-linux/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/worker/butane/worker.yaml | 2 +- .../fedora-coreos/kubernetes/README.md | 2 +- .../fedora-coreos/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/butane/worker.yaml | 2 +- .../flatcar-linux/kubernetes/README.md | 2 +- .../flatcar-linux/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/butane/worker.yaml | 2 +- docs/advanced/arm64.md | 28 +++++++++---------- docs/advanced/nodes.md | 8 +++--- docs/advanced/worker-pools.md | 22 +++++++-------- docs/architecture/operating-systems.md | 4 +-- docs/fedora-coreos/aws.md | 10 +++---- docs/fedora-coreos/azure.md | 10 +++---- docs/fedora-coreos/bare-metal.md | 12 ++++---- docs/fedora-coreos/digitalocean.md | 10 +++---- docs/fedora-coreos/google-cloud.md | 10 +++---- docs/flatcar-linux/aws.md | 10 +++---- docs/flatcar-linux/azure.md | 10 +++---- docs/flatcar-linux/bare-metal.md | 12 ++++---- docs/flatcar-linux/digitalocean.md | 10 +++---- docs/flatcar-linux/google-cloud.md | 10 +++---- docs/index.md | 10 +++---- docs/topics/maintenance.md | 8 +++--- .../fedora-coreos/kubernetes/README.md | 2 +- .../fedora-coreos/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/workers/butane/worker.yaml | 2 +- .../flatcar-linux/kubernetes/README.md | 2 +- .../flatcar-linux/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/workers/butane/worker.yaml | 2 +- 58 files changed, 155 insertions(+), 147 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index 3a546775..238ad21d 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -4,6 +4,14 @@ Notable changes between versions. ## Latest +## v1.29.0 + +* Kubernetes [v1.29.0](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.29.md#v1290) + +### Known Issues + +* Calico and Fedora CoreOS cannot be used together currently ([calico#8372](https://github.com/projectcalico/calico/issues/8372)) + ## v1.28.4 * Kubernetes [v1.28.4](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.28.md#v1284) diff --git a/README.md b/README.md index 07d43b62..40b49efc 100644 --- a/README.md +++ b/README.md @@ -13,7 +13,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.28.4 (upstream) +* Kubernetes v1.29.0 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/), SELinux enforcing * Advanced features like [worker pools](https://typhoon.psdn.io/advanced/worker-pools/), [preemptible](https://typhoon.psdn.io/flatcar-linux/google-cloud/#preemption) workers, and [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization @@ -65,7 +65,7 @@ Define a Kubernetes cluster by using the Terraform module for your chosen platfo ```tf module "yavin" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.28.4" + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.29.0" # Google Cloud cluster_name = "yavin" @@ -104,9 +104,9 @@ In 4-8 minutes (varies by platform), the cluster will be ready. This Google Clou $ export KUBECONFIG=/home/user/.kube/configs/yavin-config $ kubectl get nodes NAME ROLES STATUS AGE VERSION -yavin-controller-0.c.example-com.internal Ready 6m v1.28.4 -yavin-worker-jrbf.c.example-com.internal Ready 5m v1.28.4 -yavin-worker-mzdm.c.example-com.internal Ready 5m v1.28.4 +yavin-controller-0.c.example-com.internal Ready 6m v1.29.0 +yavin-worker-jrbf.c.example-com.internal Ready 5m v1.29.0 +yavin-worker-mzdm.c.example-com.internal Ready 5m v1.29.0 ``` List the pods. diff --git a/aws/fedora-coreos/kubernetes/README.md b/aws/fedora-coreos/kubernetes/README.md index 58ce66c7..de5a1f59 100644 --- a/aws/fedora-coreos/kubernetes/README.md +++ b/aws/fedora-coreos/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.28.4 (upstream) +* Kubernetes v1.29.0 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/), SELinux enforcing * Advanced features like [worker pools](https://typhoon.psdn.io/advanced/worker-pools/), [spot](https://typhoon.psdn.io/fedora-coreos/aws/#spot) workers, and [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/aws/fedora-coreos/kubernetes/bootstrap.tf b/aws/fedora-coreos/kubernetes/bootstrap.tf index 236445af..e2f3c059 100644 --- a/aws/fedora-coreos/kubernetes/bootstrap.tf +++ b/aws/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=a6e637d1966c76378a46a440bd3c17f616e821b8" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=f0d22ec89517bd7cbb60723d1e6091f278e57bb2" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/aws/fedora-coreos/kubernetes/butane/controller.yaml b/aws/fedora-coreos/kubernetes/butane/controller.yaml index ba3c2a12..071e8aa3 100644 --- a/aws/fedora-coreos/kubernetes/butane/controller.yaml +++ b/aws/fedora-coreos/kubernetes/butane/controller.yaml @@ -57,7 +57,7 @@ systemd: After=afterburn.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.28.4 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.0 EnvironmentFile=/run/metadata/afterburn ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests @@ -116,7 +116,7 @@ systemd: --volume /opt/bootstrap/assets:/assets:ro,Z \ --volume /opt/bootstrap/apply:/apply:ro,Z \ --entrypoint=/apply \ - quay.io/poseidon/kubelet:v1.28.4 + quay.io/poseidon/kubelet:v1.29.0 ExecStartPost=/bin/touch /opt/bootstrap/bootstrap.done ExecStartPost=-/usr/bin/podman stop bootstrap storage: diff --git a/aws/fedora-coreos/kubernetes/workers/butane/worker.yaml b/aws/fedora-coreos/kubernetes/workers/butane/worker.yaml index 0f8185ca..1db2cd60 100644 --- a/aws/fedora-coreos/kubernetes/workers/butane/worker.yaml +++ b/aws/fedora-coreos/kubernetes/workers/butane/worker.yaml @@ -29,7 +29,7 @@ systemd: After=afterburn.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.28.4 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.0 EnvironmentFile=/run/metadata/afterburn ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests diff --git a/aws/flatcar-linux/kubernetes/README.md b/aws/flatcar-linux/kubernetes/README.md index 516b0c22..9c6cb6ba 100644 --- a/aws/flatcar-linux/kubernetes/README.md +++ b/aws/flatcar-linux/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.28.4 (upstream) +* Kubernetes v1.29.0 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/) * Advanced features like [worker pools](https://typhoon.psdn.io/advanced/worker-pools/), [spot](https://typhoon.psdn.io/flatcar-linux/aws/#spot) workers, and [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/aws/flatcar-linux/kubernetes/bootstrap.tf b/aws/flatcar-linux/kubernetes/bootstrap.tf index 236445af..e2f3c059 100644 --- a/aws/flatcar-linux/kubernetes/bootstrap.tf +++ b/aws/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=a6e637d1966c76378a46a440bd3c17f616e821b8" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=f0d22ec89517bd7cbb60723d1e6091f278e57bb2" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/aws/flatcar-linux/kubernetes/butane/controller.yaml b/aws/flatcar-linux/kubernetes/butane/controller.yaml index e75d9e8f..2d14492f 100644 --- a/aws/flatcar-linux/kubernetes/butane/controller.yaml +++ b/aws/flatcar-linux/kubernetes/butane/controller.yaml @@ -58,7 +58,7 @@ systemd: After=coreos-metadata.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.28.4 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.0 EnvironmentFile=/run/metadata/coreos ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests @@ -109,7 +109,7 @@ systemd: Type=oneshot RemainAfterExit=true WorkingDirectory=/opt/bootstrap - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.28.4 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.0 ExecStart=/usr/bin/docker run \ -v /etc/kubernetes/pki:/etc/kubernetes/pki:ro \ -v /opt/bootstrap/assets:/assets:ro \ diff --git a/aws/flatcar-linux/kubernetes/workers/butane/worker.yaml b/aws/flatcar-linux/kubernetes/workers/butane/worker.yaml index ecd4d14c..239f2629 100644 --- a/aws/flatcar-linux/kubernetes/workers/butane/worker.yaml +++ b/aws/flatcar-linux/kubernetes/workers/butane/worker.yaml @@ -30,7 +30,7 @@ systemd: After=coreos-metadata.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.28.4 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.0 EnvironmentFile=/run/metadata/coreos ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests diff --git a/azure/fedora-coreos/kubernetes/README.md b/azure/fedora-coreos/kubernetes/README.md index 25781df5..2eaba47c 100644 --- a/azure/fedora-coreos/kubernetes/README.md +++ b/azure/fedora-coreos/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.28.4 (upstream) +* Kubernetes v1.29.0 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/), SELinux enforcing * Advanced features like [worker pools](https://typhoon.psdn.io/advanced/worker-pools/), [spot priority](https://typhoon.psdn.io/fedora-coreos/azure/#low-priority) workers, and [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/azure/fedora-coreos/kubernetes/bootstrap.tf b/azure/fedora-coreos/kubernetes/bootstrap.tf index 35325ae0..b337fd52 100644 --- a/azure/fedora-coreos/kubernetes/bootstrap.tf +++ b/azure/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=a6e637d1966c76378a46a440bd3c17f616e821b8" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=f0d22ec89517bd7cbb60723d1e6091f278e57bb2" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/azure/fedora-coreos/kubernetes/butane/controller.yaml b/azure/fedora-coreos/kubernetes/butane/controller.yaml index 7b8ff6fd..24b8e799 100644 --- a/azure/fedora-coreos/kubernetes/butane/controller.yaml +++ b/azure/fedora-coreos/kubernetes/butane/controller.yaml @@ -54,7 +54,7 @@ systemd: Description=Kubelet (System Container) Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.28.4 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.0 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin @@ -111,7 +111,7 @@ systemd: --volume /opt/bootstrap/assets:/assets:ro,Z \ --volume /opt/bootstrap/apply:/apply:ro,Z \ --entrypoint=/apply \ - quay.io/poseidon/kubelet:v1.28.4 + quay.io/poseidon/kubelet:v1.29.0 ExecStartPost=/bin/touch /opt/bootstrap/bootstrap.done ExecStartPost=-/usr/bin/podman stop bootstrap storage: diff --git a/azure/fedora-coreos/kubernetes/workers/butane/worker.yaml b/azure/fedora-coreos/kubernetes/workers/butane/worker.yaml index c506273b..f6d33866 100644 --- a/azure/fedora-coreos/kubernetes/workers/butane/worker.yaml +++ b/azure/fedora-coreos/kubernetes/workers/butane/worker.yaml @@ -26,7 +26,7 @@ systemd: Description=Kubelet (System Container) Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.28.4 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.0 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin diff --git a/azure/flatcar-linux/kubernetes/README.md b/azure/flatcar-linux/kubernetes/README.md index d53f8b4a..a01a5009 100644 --- a/azure/flatcar-linux/kubernetes/README.md +++ b/azure/flatcar-linux/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.28.4 (upstream) +* Kubernetes v1.29.0 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/) * Advanced features like [worker pools](https://typhoon.psdn.io/advanced/worker-pools/), [low-priority](https://typhoon.psdn.io/flatcar-linux/azure/#low-priority) workers, and [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/azure/flatcar-linux/kubernetes/bootstrap.tf b/azure/flatcar-linux/kubernetes/bootstrap.tf index 35325ae0..b337fd52 100644 --- a/azure/flatcar-linux/kubernetes/bootstrap.tf +++ b/azure/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=a6e637d1966c76378a46a440bd3c17f616e821b8" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=f0d22ec89517bd7cbb60723d1e6091f278e57bb2" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/azure/flatcar-linux/kubernetes/butane/controller.yaml b/azure/flatcar-linux/kubernetes/butane/controller.yaml index 977620f9..6a1e3f96 100644 --- a/azure/flatcar-linux/kubernetes/butane/controller.yaml +++ b/azure/flatcar-linux/kubernetes/butane/controller.yaml @@ -56,7 +56,7 @@ systemd: After=docker.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.28.4 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.0 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin @@ -105,7 +105,7 @@ systemd: Type=oneshot RemainAfterExit=true WorkingDirectory=/opt/bootstrap - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.28.4 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.0 ExecStart=/usr/bin/docker run \ -v /etc/kubernetes/pki:/etc/kubernetes/pki:ro \ -v /opt/bootstrap/assets:/assets:ro \ diff --git a/azure/flatcar-linux/kubernetes/workers/butane/worker.yaml b/azure/flatcar-linux/kubernetes/workers/butane/worker.yaml index f4df12ae..50c967ad 100644 --- a/azure/flatcar-linux/kubernetes/workers/butane/worker.yaml +++ b/azure/flatcar-linux/kubernetes/workers/butane/worker.yaml @@ -28,7 +28,7 @@ systemd: After=docker.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.28.4 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.0 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin diff --git a/bare-metal/fedora-coreos/kubernetes/README.md b/bare-metal/fedora-coreos/kubernetes/README.md index 212f6173..6b8f4072 100644 --- a/bare-metal/fedora-coreos/kubernetes/README.md +++ b/bare-metal/fedora-coreos/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.28.4 (upstream) +* Kubernetes v1.29.0 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/), SELinux enforcing * Advanced features like [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/bare-metal/fedora-coreos/kubernetes/bootstrap.tf b/bare-metal/fedora-coreos/kubernetes/bootstrap.tf index 0b012c7c..062a2d26 100644 --- a/bare-metal/fedora-coreos/kubernetes/bootstrap.tf +++ b/bare-metal/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=a6e637d1966c76378a46a440bd3c17f616e821b8" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=f0d22ec89517bd7cbb60723d1e6091f278e57bb2" cluster_name = var.cluster_name api_servers = [var.k8s_domain_name] diff --git a/bare-metal/fedora-coreos/kubernetes/butane/controller.yaml b/bare-metal/fedora-coreos/kubernetes/butane/controller.yaml index 9dfd6162..916f42a4 100644 --- a/bare-metal/fedora-coreos/kubernetes/butane/controller.yaml +++ b/bare-metal/fedora-coreos/kubernetes/butane/controller.yaml @@ -53,7 +53,7 @@ systemd: Description=Kubelet (System Container) Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.28.4 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.0 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin @@ -113,7 +113,7 @@ systemd: Type=oneshot RemainAfterExit=true WorkingDirectory=/opt/bootstrap - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.28.4 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.0 ExecStartPre=-/usr/bin/podman rm bootstrap ExecStart=/usr/bin/podman run --name bootstrap \ --network host \ diff --git a/bare-metal/fedora-coreos/kubernetes/worker/butane/worker.yaml b/bare-metal/fedora-coreos/kubernetes/worker/butane/worker.yaml index b61185e3..20ccd870 100644 --- a/bare-metal/fedora-coreos/kubernetes/worker/butane/worker.yaml +++ b/bare-metal/fedora-coreos/kubernetes/worker/butane/worker.yaml @@ -25,7 +25,7 @@ systemd: Description=Kubelet (System Container) Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.28.4 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.0 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin diff --git a/bare-metal/flatcar-linux/kubernetes/README.md b/bare-metal/flatcar-linux/kubernetes/README.md index 07a945f0..e7501186 100644 --- a/bare-metal/flatcar-linux/kubernetes/README.md +++ b/bare-metal/flatcar-linux/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.28.4 (upstream) +* Kubernetes v1.29.0 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/) * Advanced features like [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/bare-metal/flatcar-linux/kubernetes/bootstrap.tf b/bare-metal/flatcar-linux/kubernetes/bootstrap.tf index a9dc56e4..a7f02456 100644 --- a/bare-metal/flatcar-linux/kubernetes/bootstrap.tf +++ b/bare-metal/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=a6e637d1966c76378a46a440bd3c17f616e821b8" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=f0d22ec89517bd7cbb60723d1e6091f278e57bb2" cluster_name = var.cluster_name api_servers = [var.k8s_domain_name] diff --git a/bare-metal/flatcar-linux/kubernetes/butane/controller.yaml b/bare-metal/flatcar-linux/kubernetes/butane/controller.yaml index 29e325d9..37f0e961 100644 --- a/bare-metal/flatcar-linux/kubernetes/butane/controller.yaml +++ b/bare-metal/flatcar-linux/kubernetes/butane/controller.yaml @@ -64,7 +64,7 @@ systemd: After=docker.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.28.4 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.0 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin @@ -114,7 +114,7 @@ systemd: Type=oneshot RemainAfterExit=true WorkingDirectory=/opt/bootstrap - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.28.4 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.0 ExecStart=/usr/bin/docker run \ -v /etc/kubernetes/pki:/etc/kubernetes/pki:ro \ -v /opt/bootstrap/assets:/assets:ro \ diff --git a/bare-metal/flatcar-linux/kubernetes/worker/butane/worker.yaml b/bare-metal/flatcar-linux/kubernetes/worker/butane/worker.yaml index 0339f609..71590279 100644 --- a/bare-metal/flatcar-linux/kubernetes/worker/butane/worker.yaml +++ b/bare-metal/flatcar-linux/kubernetes/worker/butane/worker.yaml @@ -36,7 +36,7 @@ systemd: After=docker.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.28.4 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.0 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin diff --git a/digital-ocean/fedora-coreos/kubernetes/README.md b/digital-ocean/fedora-coreos/kubernetes/README.md index 7176b96c..c3304b41 100644 --- a/digital-ocean/fedora-coreos/kubernetes/README.md +++ b/digital-ocean/fedora-coreos/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.28.4 (upstream) +* Kubernetes v1.29.0 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/), SELinux enforcing * Advanced features like [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/digital-ocean/fedora-coreos/kubernetes/bootstrap.tf b/digital-ocean/fedora-coreos/kubernetes/bootstrap.tf index aa60b6c3..fc8da932 100644 --- a/digital-ocean/fedora-coreos/kubernetes/bootstrap.tf +++ b/digital-ocean/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=a6e637d1966c76378a46a440bd3c17f616e821b8" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=f0d22ec89517bd7cbb60723d1e6091f278e57bb2" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/digital-ocean/fedora-coreos/kubernetes/butane/controller.yaml b/digital-ocean/fedora-coreos/kubernetes/butane/controller.yaml index 4c08e332..a67c9552 100644 --- a/digital-ocean/fedora-coreos/kubernetes/butane/controller.yaml +++ b/digital-ocean/fedora-coreos/kubernetes/butane/controller.yaml @@ -55,7 +55,7 @@ systemd: After=afterburn.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.28.4 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.0 EnvironmentFile=/run/metadata/afterburn ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests @@ -123,7 +123,7 @@ systemd: --volume /opt/bootstrap/assets:/assets:ro,Z \ --volume /opt/bootstrap/apply:/apply:ro,Z \ --entrypoint=/apply \ - quay.io/poseidon/kubelet:v1.28.4 + quay.io/poseidon/kubelet:v1.29.0 ExecStartPost=/bin/touch /opt/bootstrap/bootstrap.done ExecStartPost=-/usr/bin/podman stop bootstrap storage: diff --git a/digital-ocean/fedora-coreos/kubernetes/butane/worker.yaml b/digital-ocean/fedora-coreos/kubernetes/butane/worker.yaml index a9535804..40cf00f5 100644 --- a/digital-ocean/fedora-coreos/kubernetes/butane/worker.yaml +++ b/digital-ocean/fedora-coreos/kubernetes/butane/worker.yaml @@ -28,7 +28,7 @@ systemd: After=afterburn.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.28.4 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.0 EnvironmentFile=/run/metadata/afterburn ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests diff --git a/digital-ocean/flatcar-linux/kubernetes/README.md b/digital-ocean/flatcar-linux/kubernetes/README.md index fde0db28..72d569bb 100644 --- a/digital-ocean/flatcar-linux/kubernetes/README.md +++ b/digital-ocean/flatcar-linux/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.28.4 (upstream) +* Kubernetes v1.29.0 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/) * Advanced features like [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/digital-ocean/flatcar-linux/kubernetes/bootstrap.tf b/digital-ocean/flatcar-linux/kubernetes/bootstrap.tf index aa60b6c3..fc8da932 100644 --- a/digital-ocean/flatcar-linux/kubernetes/bootstrap.tf +++ b/digital-ocean/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=a6e637d1966c76378a46a440bd3c17f616e821b8" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=f0d22ec89517bd7cbb60723d1e6091f278e57bb2" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/digital-ocean/flatcar-linux/kubernetes/butane/controller.yaml b/digital-ocean/flatcar-linux/kubernetes/butane/controller.yaml index 2e05aeca..5a070dcb 100644 --- a/digital-ocean/flatcar-linux/kubernetes/butane/controller.yaml +++ b/digital-ocean/flatcar-linux/kubernetes/butane/controller.yaml @@ -66,7 +66,7 @@ systemd: After=coreos-metadata.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.28.4 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.0 EnvironmentFile=/run/metadata/coreos ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests @@ -117,7 +117,7 @@ systemd: Type=oneshot RemainAfterExit=true WorkingDirectory=/opt/bootstrap - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.28.4 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.0 ExecStart=/usr/bin/docker run \ -v /etc/kubernetes/pki:/etc/kubernetes/pki:ro \ -v /opt/bootstrap/assets:/assets:ro \ diff --git a/digital-ocean/flatcar-linux/kubernetes/butane/worker.yaml b/digital-ocean/flatcar-linux/kubernetes/butane/worker.yaml index 82f8b82a..6d559911 100644 --- a/digital-ocean/flatcar-linux/kubernetes/butane/worker.yaml +++ b/digital-ocean/flatcar-linux/kubernetes/butane/worker.yaml @@ -38,7 +38,7 @@ systemd: After=coreos-metadata.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.28.4 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.0 EnvironmentFile=/run/metadata/coreos ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests diff --git a/docs/advanced/arm64.md b/docs/advanced/arm64.md index 47b1d734..18e0b9ba 100644 --- a/docs/advanced/arm64.md +++ b/docs/advanced/arm64.md @@ -15,7 +15,7 @@ Create a cluster on AWS with ARM64 controller and worker nodes. Container worklo ```tf module "gravitas" { - source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes?ref=v1.28.4" + source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes?ref=v1.29.0" # AWS cluster_name = "gravitas" @@ -40,7 +40,7 @@ Create a cluster on AWS with ARM64 controller and worker nodes. Container worklo ```tf module "gravitas" { - source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes?ref=v1.28.4" + source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes?ref=v1.29.0" # AWS cluster_name = "gravitas" @@ -66,9 +66,9 @@ Verify the cluster has only arm64 (`aarch64`) nodes. For Flatcar Linux, describe ``` $ kubectl get nodes -o wide NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME -ip-10-0-21-119 Ready 77s v1.28.4 10.0.21.119 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.aarch64 containerd://1.5.8 -ip-10-0-32-166 Ready 80s v1.28.4 10.0.32.166 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.aarch64 containerd://1.5.8 -ip-10-0-5-79 Ready 77s v1.28.4 10.0.5.79 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.aarch64 containerd://1.5.8 +ip-10-0-21-119 Ready 77s v1.29.0 10.0.21.119 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.aarch64 containerd://1.5.8 +ip-10-0-32-166 Ready 80s v1.29.0 10.0.32.166 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.aarch64 containerd://1.5.8 +ip-10-0-5-79 Ready 77s v1.29.0 10.0.5.79 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.aarch64 containerd://1.5.8 ``` ## Hybrid @@ -79,7 +79,7 @@ Create a hybrid/mixed arch cluster by defining an AWS cluster. Then define a [wo ```tf module "gravitas" { - source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes?ref=v1.28.4" + source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes?ref=v1.29.0" # AWS cluster_name = "gravitas" @@ -102,7 +102,7 @@ Create a hybrid/mixed arch cluster by defining an AWS cluster. Then define a [wo ```tf module "gravitas" { - source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes?ref=v1.28.4" + source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes?ref=v1.29.0" # AWS cluster_name = "gravitas" @@ -125,7 +125,7 @@ Create a hybrid/mixed arch cluster by defining an AWS cluster. Then define a [wo ```tf module "gravitas-arm64" { - source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes/workers?ref=v1.28.4" + source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes/workers?ref=v1.29.0" # AWS vpc_id = module.gravitas.vpc_id @@ -149,7 +149,7 @@ Create a hybrid/mixed arch cluster by defining an AWS cluster. Then define a [wo ```tf module "gravitas-arm64" { - source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes/workers?ref=v1.28.4" + source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes/workers?ref=v1.29.0" # AWS vpc_id = module.gravitas.vpc_id @@ -174,10 +174,10 @@ Verify amd64 (x86_64) and arm64 (aarch64) nodes are present. ``` $ kubectl get nodes -o wide NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME -ip-10-0-1-73 Ready 111m v1.28.4 10.0.1.73 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.x86_64 containerd://1.5.8 -ip-10-0-22-79... Ready 111m v1.28.4 10.0.22.79 Flatcar Container Linux by Kinvolk 3033.2.0 (Oklo) 5.10.84-flatcar containerd://1.5.8 -ip-10-0-24-130 Ready 111m v1.28.4 10.0.24.130 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.x86_64 containerd://1.5.8 -ip-10-0-39-19 Ready 111m v1.28.4 10.0.39.19 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.x86_64 containerd://1.5.8 +ip-10-0-1-73 Ready 111m v1.29.0 10.0.1.73 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.x86_64 containerd://1.5.8 +ip-10-0-22-79... Ready 111m v1.29.0 10.0.22.79 Flatcar Container Linux by Kinvolk 3033.2.0 (Oklo) 5.10.84-flatcar containerd://1.5.8 +ip-10-0-24-130 Ready 111m v1.29.0 10.0.24.130 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.x86_64 containerd://1.5.8 +ip-10-0-39-19 Ready 111m v1.29.0 10.0.39.19 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.x86_64 containerd://1.5.8 ``` ## Azure @@ -186,7 +186,7 @@ Create a cluster on Azure with ARM64 controller and worker nodes. Container work ```tf module "ramius" { - source = "git::https://github.com/poseidon/typhoon//azure/flatcar-linux/kubernetes?ref=v1.28.4" + source = "git::https://github.com/poseidon/typhoon//azure/flatcar-linux/kubernetes?ref=v1.29.0" # Azure cluster_name = "ramius" diff --git a/docs/advanced/nodes.md b/docs/advanced/nodes.md index 2e9c6476..25010246 100644 --- a/docs/advanced/nodes.md +++ b/docs/advanced/nodes.md @@ -36,7 +36,7 @@ Add custom initial worker node labels to default workers or worker pool nodes to ```tf module "yavin" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.28.4" + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.29.0" # Google Cloud cluster_name = "yavin" @@ -57,7 +57,7 @@ Add custom initial worker node labels to default workers or worker pool nodes to ```tf module "yavin-pool" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes/workers?ref=v1.28.4" + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes/workers?ref=v1.29.0" # Google Cloud cluster_name = "yavin" @@ -89,7 +89,7 @@ Add custom initial taints on worker pool nodes to indicate a node is unique and ```tf module "yavin" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.28.4" + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.29.0" # Google Cloud cluster_name = "yavin" @@ -110,7 +110,7 @@ Add custom initial taints on worker pool nodes to indicate a node is unique and ```tf module "yavin-pool" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes/workers?ref=v1.28.4" + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes/workers?ref=v1.29.0" # Google Cloud cluster_name = "yavin" diff --git a/docs/advanced/worker-pools.md b/docs/advanced/worker-pools.md index e4c3a0d4..8772b178 100644 --- a/docs/advanced/worker-pools.md +++ b/docs/advanced/worker-pools.md @@ -19,7 +19,7 @@ Create a cluster following the AWS [tutorial](../flatcar-linux/aws.md#cluster). ```tf module "tempest-worker-pool" { - source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes/workers?ref=v1.28.4" + source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes/workers?ref=v1.29.0" # AWS vpc_id = module.tempest.vpc_id @@ -42,7 +42,7 @@ Create a cluster following the AWS [tutorial](../flatcar-linux/aws.md#cluster). ```tf module "tempest-worker-pool" { - source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes/workers?ref=v1.28.4" + source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes/workers?ref=v1.29.0" # AWS vpc_id = module.tempest.vpc_id @@ -111,7 +111,7 @@ Create a cluster following the Azure [tutorial](../flatcar-linux/azure.md#cluste ```tf module "ramius-worker-pool" { - source = "git::https://github.com/poseidon/typhoon//azure/fedora-coreos/kubernetes/workers?ref=v1.28.4" + source = "git::https://github.com/poseidon/typhoon//azure/fedora-coreos/kubernetes/workers?ref=v1.29.0" # Azure region = module.ramius.region @@ -137,7 +137,7 @@ Create a cluster following the Azure [tutorial](../flatcar-linux/azure.md#cluste ```tf module "ramius-worker-pool" { - source = "git::https://github.com/poseidon/typhoon//azure/flatcar-linux/kubernetes/workers?ref=v1.28.4" + source = "git::https://github.com/poseidon/typhoon//azure/flatcar-linux/kubernetes/workers?ref=v1.29.0" # Azure region = module.ramius.region @@ -207,7 +207,7 @@ Create a cluster following the Google Cloud [tutorial](../flatcar-linux/google-c ```tf module "yavin-worker-pool" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes/workers?ref=v1.28.4" + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes/workers?ref=v1.29.0" # Google Cloud region = "europe-west2" @@ -231,7 +231,7 @@ Create a cluster following the Google Cloud [tutorial](../flatcar-linux/google-c ```tf module "yavin-worker-pool" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/flatcar-linux/kubernetes/workers?ref=v1.28.4" + source = "git::https://github.com/poseidon/typhoon//google-cloud/flatcar-linux/kubernetes/workers?ref=v1.29.0" # Google Cloud region = "europe-west2" @@ -262,11 +262,11 @@ Verify a managed instance group of workers joins the cluster within a few minute ``` $ kubectl get nodes NAME STATUS AGE VERSION -yavin-controller-0.c.example-com.internal Ready 6m v1.28.4 -yavin-worker-jrbf.c.example-com.internal Ready 5m v1.28.4 -yavin-worker-mzdm.c.example-com.internal Ready 5m v1.28.4 -yavin-16x-worker-jrbf.c.example-com.internal Ready 3m v1.28.4 -yavin-16x-worker-mzdm.c.example-com.internal Ready 3m v1.28.4 +yavin-controller-0.c.example-com.internal Ready 6m v1.29.0 +yavin-worker-jrbf.c.example-com.internal Ready 5m v1.29.0 +yavin-worker-mzdm.c.example-com.internal Ready 5m v1.29.0 +yavin-16x-worker-jrbf.c.example-com.internal Ready 3m v1.29.0 +yavin-16x-worker-mzdm.c.example-com.internal Ready 3m v1.29.0 ``` ### Variables diff --git a/docs/architecture/operating-systems.md b/docs/architecture/operating-systems.md index 6445fccf..4de58b94 100644 --- a/docs/architecture/operating-systems.md +++ b/docs/architecture/operating-systems.md @@ -16,8 +16,8 @@ Together, they diversify Typhoon to support a range of container technologies. | Property | Flatcar Linux | Fedora CoreOS | |-------------------|---------------|---------------| -| Kernel | ~5.10.x | ~5.16.x | -| systemd | 249 | 249 | +| Kernel | ~5.15.x | ~6.5.x | +| systemd | 252 | 254 | | Username | core | core | | Ignition system | Ignition v3.x spec | Ignition v3.x spec | | storage driver | overlay2 (extfs) | overlay2 (xfs) | diff --git a/docs/fedora-coreos/aws.md b/docs/fedora-coreos/aws.md index ff6530a5..6ae58aa2 100644 --- a/docs/fedora-coreos/aws.md +++ b/docs/fedora-coreos/aws.md @@ -1,6 +1,6 @@ # AWS -In this tutorial, we'll create a Kubernetes v1.28.4 cluster on AWS with Fedora CoreOS. +In this tutorial, we'll create a Kubernetes v1.29.0 cluster on AWS with Fedora CoreOS. We'll declare a Kubernetes cluster using the Typhoon Terraform module. Then apply the changes to create a VPC, gateway, subnets, security groups, controller instances, worker auto-scaling group, network load balancer, and TLS assets. @@ -72,7 +72,7 @@ Define a Kubernetes cluster using the module `aws/fedora-coreos/kubernetes`. ```tf module "tempest" { - source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes?ref=v1.28.4" + source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes?ref=v1.29.0" # AWS cluster_name = "tempest" @@ -145,9 +145,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/tempest-config $ kubectl get nodes NAME STATUS ROLES AGE VERSION -ip-10-0-3-155 Ready 10m v1.28.4 -ip-10-0-26-65 Ready 10m v1.28.4 -ip-10-0-41-21 Ready 10m v1.28.4 +ip-10-0-3-155 Ready 10m v1.29.0 +ip-10-0-26-65 Ready 10m v1.29.0 +ip-10-0-41-21 Ready 10m v1.29.0 ``` List the pods. diff --git a/docs/fedora-coreos/azure.md b/docs/fedora-coreos/azure.md index d70061e4..9a7d84e3 100644 --- a/docs/fedora-coreos/azure.md +++ b/docs/fedora-coreos/azure.md @@ -1,6 +1,6 @@ # Azure -In this tutorial, we'll create a Kubernetes v1.28.4 cluster on Azure with Fedora CoreOS. +In this tutorial, we'll create a Kubernetes v1.29.0 cluster on Azure with Fedora CoreOS. We'll declare a Kubernetes cluster using the Typhoon Terraform module. Then apply the changes to create a resource group, virtual network, subnets, security groups, controller availability set, worker scale set, load balancer, and TLS assets. @@ -86,7 +86,7 @@ Define a Kubernetes cluster using the module `azure/fedora-coreos/kubernetes`. ```tf module "ramius" { - source = "git::https://github.com/poseidon/typhoon//azure/fedora-coreos/kubernetes?ref=v1.28.4" + source = "git::https://github.com/poseidon/typhoon//azure/fedora-coreos/kubernetes?ref=v1.29.0" # Azure cluster_name = "ramius" @@ -161,9 +161,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/ramius-config $ kubectl get nodes NAME STATUS ROLES AGE VERSION -ramius-controller-0 Ready 24m v1.28.4 -ramius-worker-000001 Ready 25m v1.28.4 -ramius-worker-000002 Ready 24m v1.28.4 +ramius-controller-0 Ready 24m v1.29.0 +ramius-worker-000001 Ready 25m v1.29.0 +ramius-worker-000002 Ready 24m v1.29.0 ``` List the pods. diff --git a/docs/fedora-coreos/bare-metal.md b/docs/fedora-coreos/bare-metal.md index 671ba4c9..b031bdac 100644 --- a/docs/fedora-coreos/bare-metal.md +++ b/docs/fedora-coreos/bare-metal.md @@ -1,6 +1,6 @@ # Bare-Metal -In this tutorial, we'll network boot and provision a Kubernetes v1.28.4 cluster on bare-metal with Fedora CoreOS. +In this tutorial, we'll network boot and provision a Kubernetes v1.29.0 cluster on bare-metal with Fedora CoreOS. First, we'll deploy a [Matchbox](https://github.com/poseidon/matchbox) service and setup a network boot environment. Then, we'll declare a Kubernetes cluster using the Typhoon Terraform module and power on machines. On PXE boot, machines will install Fedora CoreOS to disk, reboot into the disk install, and provision themselves as Kubernetes controllers or workers via Ignition. @@ -154,7 +154,7 @@ Define a Kubernetes cluster using the module `bare-metal/fedora-coreos/kubernete ```tf module "mercury" { - source = "git::https://github.com/poseidon/typhoon//bare-metal/fedora-coreos/kubernetes?ref=v1.28.4" + source = "git::https://github.com/poseidon/typhoon//bare-metal/fedora-coreos/kubernetes?ref=v1.29.0" # bare-metal cluster_name = "mercury" @@ -191,7 +191,7 @@ Workers with similar features can be defined inline using the `workers` field as ```tf module "mercury-node1" { - source = "git::https://github.com/poseidon/typhoon//bare-metal/fedora-coreos/kubernetes/worker?ref=v1.28.4" + source = "git::https://github.com/poseidon/typhoon//bare-metal/fedora-coreos/kubernetes/worker?ref=v1.29.0" # bare-metal cluster_name = "mercury" @@ -313,9 +313,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/mercury-config $ kubectl get nodes NAME STATUS ROLES AGE VERSION -node1.example.com Ready 10m v1.28.4 -node2.example.com Ready 10m v1.28.4 -node3.example.com Ready 10m v1.28.4 +node1.example.com Ready 10m v1.29.0 +node2.example.com Ready 10m v1.29.0 +node3.example.com Ready 10m v1.29.0 ``` List the pods. diff --git a/docs/fedora-coreos/digitalocean.md b/docs/fedora-coreos/digitalocean.md index 3f486980..110563e3 100644 --- a/docs/fedora-coreos/digitalocean.md +++ b/docs/fedora-coreos/digitalocean.md @@ -1,6 +1,6 @@ # DigitalOcean -In this tutorial, we'll create a Kubernetes v1.28.4 cluster on DigitalOcean with Fedora CoreOS. +In this tutorial, we'll create a Kubernetes v1.29.0 cluster on DigitalOcean with Fedora CoreOS. We'll declare a Kubernetes cluster using the Typhoon Terraform module. Then apply the changes to create controller droplets, worker droplets, DNS records, tags, and TLS assets. @@ -81,7 +81,7 @@ Define a Kubernetes cluster using the module `digital-ocean/fedora-coreos/kubern ```tf module "nemo" { - source = "git::https://github.com/poseidon/typhoon//digital-ocean/fedora-coreos/kubernetes?ref=v1.28.4" + source = "git::https://github.com/poseidon/typhoon//digital-ocean/fedora-coreos/kubernetes?ref=v1.29.0" # Digital Ocean cluster_name = "nemo" @@ -155,9 +155,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/nemo-config $ kubectl get nodes NAME STATUS ROLES AGE VERSION -10.132.110.130 Ready 10m v1.28.4 -10.132.115.81 Ready 10m v1.28.4 -10.132.124.107 Ready 10m v1.28.4 +10.132.110.130 Ready 10m v1.29.0 +10.132.115.81 Ready 10m v1.29.0 +10.132.124.107 Ready 10m v1.29.0 ``` List the pods. diff --git a/docs/fedora-coreos/google-cloud.md b/docs/fedora-coreos/google-cloud.md index a7515b91..3549ff11 100644 --- a/docs/fedora-coreos/google-cloud.md +++ b/docs/fedora-coreos/google-cloud.md @@ -1,6 +1,6 @@ # Google Cloud -In this tutorial, we'll create a Kubernetes v1.28.4 cluster on Google Compute Engine with Fedora CoreOS. +In this tutorial, we'll create a Kubernetes v1.29.0 cluster on Google Compute Engine with Fedora CoreOS. We'll declare a Kubernetes cluster using the Typhoon Terraform module. Then apply the changes to create a network, firewall rules, health checks, controller instances, worker managed instance group, load balancers, and TLS assets. @@ -73,7 +73,7 @@ Define a Kubernetes cluster using the module `google-cloud/fedora-coreos/kuberne ```tf module "yavin" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.28.4" + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.29.0" # Google Cloud cluster_name = "yavin" @@ -147,9 +147,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/yavin-config $ kubectl get nodes NAME ROLES STATUS AGE VERSION -yavin-controller-0.c.example-com.internal Ready 6m v1.28.4 -yavin-worker-jrbf.c.example-com.internal Ready 5m v1.28.4 -yavin-worker-mzdm.c.example-com.internal Ready 5m v1.28.4 +yavin-controller-0.c.example-com.internal Ready 6m v1.29.0 +yavin-worker-jrbf.c.example-com.internal Ready 5m v1.29.0 +yavin-worker-mzdm.c.example-com.internal Ready 5m v1.29.0 ``` List the pods. diff --git a/docs/flatcar-linux/aws.md b/docs/flatcar-linux/aws.md index 81b31cf4..765d30aa 100644 --- a/docs/flatcar-linux/aws.md +++ b/docs/flatcar-linux/aws.md @@ -1,6 +1,6 @@ # AWS -In this tutorial, we'll create a Kubernetes v1.28.4 cluster on AWS with Flatcar Linux. +In this tutorial, we'll create a Kubernetes v1.29.0 cluster on AWS with Flatcar Linux. We'll declare a Kubernetes cluster using the Typhoon Terraform module. Then apply the changes to create a VPC, gateway, subnets, security groups, controller instances, worker auto-scaling group, network load balancer, and TLS assets. @@ -72,7 +72,7 @@ Define a Kubernetes cluster using the module `aws/flatcar-linux/kubernetes`. ```tf module "tempest" { - source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes?ref=v1.28.4" + source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes?ref=v1.29.0" # AWS cluster_name = "tempest" @@ -145,9 +145,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/tempest-config $ kubectl get nodes NAME STATUS ROLES AGE VERSION -ip-10-0-3-155 Ready 10m v1.28.4 -ip-10-0-26-65 Ready 10m v1.28.4 -ip-10-0-41-21 Ready 10m v1.28.4 +ip-10-0-3-155 Ready 10m v1.29.0 +ip-10-0-26-65 Ready 10m v1.29.0 +ip-10-0-41-21 Ready 10m v1.29.0 ``` List the pods. diff --git a/docs/flatcar-linux/azure.md b/docs/flatcar-linux/azure.md index 1acc7fe4..e71828eb 100644 --- a/docs/flatcar-linux/azure.md +++ b/docs/flatcar-linux/azure.md @@ -1,6 +1,6 @@ # Azure -In this tutorial, we'll create a Kubernetes v1.28.4 cluster on Azure with Flatcar Linux. +In this tutorial, we'll create a Kubernetes v1.29.0 cluster on Azure with Flatcar Linux. We'll declare a Kubernetes cluster using the Typhoon Terraform module. Then apply the changes to create a resource group, virtual network, subnets, security groups, controller availability set, worker scale set, load balancer, and TLS assets. @@ -75,7 +75,7 @@ Define a Kubernetes cluster using the module `azure/flatcar-linux/kubernetes`. ```tf module "ramius" { - source = "git::https://github.com/poseidon/typhoon//azure/flatcar-linux/kubernetes?ref=v1.28.4" + source = "git::https://github.com/poseidon/typhoon//azure/flatcar-linux/kubernetes?ref=v1.29.0" # Azure cluster_name = "ramius" @@ -149,9 +149,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/ramius-config $ kubectl get nodes NAME STATUS ROLES AGE VERSION -ramius-controller-0 Ready 24m v1.28.4 -ramius-worker-000001 Ready 25m v1.28.4 -ramius-worker-000002 Ready 24m v1.28.4 +ramius-controller-0 Ready 24m v1.29.0 +ramius-worker-000001 Ready 25m v1.29.0 +ramius-worker-000002 Ready 24m v1.29.0 ``` List the pods. diff --git a/docs/flatcar-linux/bare-metal.md b/docs/flatcar-linux/bare-metal.md index ad541448..26a58558 100644 --- a/docs/flatcar-linux/bare-metal.md +++ b/docs/flatcar-linux/bare-metal.md @@ -1,6 +1,6 @@ # Bare-Metal -In this tutorial, we'll network boot and provision a Kubernetes v1.28.4 cluster on bare-metal with Flatcar Linux. +In this tutorial, we'll network boot and provision a Kubernetes v1.29.0 cluster on bare-metal with Flatcar Linux. First, we'll deploy a [Matchbox](https://github.com/poseidon/matchbox) service and setup a network boot environment. Then, we'll declare a Kubernetes cluster using the Typhoon Terraform module and power on machines. On PXE boot, machines will install Container Linux to disk, reboot into the disk install, and provision themselves as Kubernetes controllers or workers via Ignition. @@ -154,7 +154,7 @@ Define a Kubernetes cluster using the module `bare-metal/flatcar-linux/kubernete ```tf module "mercury" { - source = "git::https://github.com/poseidon/typhoon//bare-metal/flatcar-linux/kubernetes?ref=v1.28.4" + source = "git::https://github.com/poseidon/typhoon//bare-metal/flatcar-linux/kubernetes?ref=v1.29.0" # bare-metal cluster_name = "mercury" @@ -194,7 +194,7 @@ Workers with similar features can be defined inline using the `workers` field as ```tf module "mercury-node1" { - source = "git::https://github.com/poseidon/typhoon//bare-metal/fedora-coreos/kubernetes/worker?ref=v1.28.4" + source = "git::https://github.com/poseidon/typhoon//bare-metal/fedora-coreos/kubernetes/worker?ref=v1.29.0" # bare-metal cluster_name = "mercury" @@ -323,9 +323,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/mercury-config $ kubectl get nodes NAME STATUS ROLES AGE VERSION -node1.example.com Ready 10m v1.28.4 -node2.example.com Ready 10m v1.28.4 -node3.example.com Ready 10m v1.28.4 +node1.example.com Ready 10m v1.29.0 +node2.example.com Ready 10m v1.29.0 +node3.example.com Ready 10m v1.29.0 ``` List the pods. diff --git a/docs/flatcar-linux/digitalocean.md b/docs/flatcar-linux/digitalocean.md index 3cf58edc..f309cf03 100644 --- a/docs/flatcar-linux/digitalocean.md +++ b/docs/flatcar-linux/digitalocean.md @@ -1,6 +1,6 @@ # DigitalOcean -In this tutorial, we'll create a Kubernetes v1.28.4 cluster on DigitalOcean with Flatcar Linux. +In this tutorial, we'll create a Kubernetes v1.29.0 cluster on DigitalOcean with Flatcar Linux. We'll declare a Kubernetes cluster using the Typhoon Terraform module. Then apply the changes to create controller droplets, worker droplets, DNS records, tags, and TLS assets. @@ -81,7 +81,7 @@ Define a Kubernetes cluster using the module `digital-ocean/flatcar-linux/kubern ```tf module "nemo" { - source = "git::https://github.com/poseidon/typhoon//digital-ocean/flatcar-linux/kubernetes?ref=v1.28.4" + source = "git::https://github.com/poseidon/typhoon//digital-ocean/flatcar-linux/kubernetes?ref=v1.29.0" # Digital Ocean cluster_name = "nemo" @@ -155,9 +155,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/nemo-config $ kubectl get nodes NAME STATUS ROLES AGE VERSION -10.132.110.130 Ready 10m v1.28.4 -10.132.115.81 Ready 10m v1.28.4 -10.132.124.107 Ready 10m v1.28.4 +10.132.110.130 Ready 10m v1.29.0 +10.132.115.81 Ready 10m v1.29.0 +10.132.124.107 Ready 10m v1.29.0 ``` List the pods. diff --git a/docs/flatcar-linux/google-cloud.md b/docs/flatcar-linux/google-cloud.md index 002af2e2..23e2c4ae 100644 --- a/docs/flatcar-linux/google-cloud.md +++ b/docs/flatcar-linux/google-cloud.md @@ -1,6 +1,6 @@ # Google Cloud -In this tutorial, we'll create a Kubernetes v1.28.4 cluster on Google Compute Engine with Flatcar Linux. +In this tutorial, we'll create a Kubernetes v1.29.0 cluster on Google Compute Engine with Flatcar Linux. We'll declare a Kubernetes cluster using the Typhoon Terraform module. Then apply the changes to create a network, firewall rules, health checks, controller instances, worker managed instance group, load balancers, and TLS assets. @@ -73,7 +73,7 @@ Define a Kubernetes cluster using the module `google-cloud/flatcar-linux/kuberne ```tf module "yavin" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/flatcar-linux/kubernetes?ref=v1.28.4" + source = "git::https://github.com/poseidon/typhoon//google-cloud/flatcar-linux/kubernetes?ref=v1.29.0" # Google Cloud cluster_name = "yavin" @@ -147,9 +147,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/yavin-config $ kubectl get nodes NAME ROLES STATUS AGE VERSION -yavin-controller-0.c.example-com.internal Ready 6m v1.28.4 -yavin-worker-jrbf.c.example-com.internal Ready 5m v1.28.4 -yavin-worker-mzdm.c.example-com.internal Ready 5m v1.28.4 +yavin-controller-0.c.example-com.internal Ready 6m v1.29.0 +yavin-worker-jrbf.c.example-com.internal Ready 5m v1.29.0 +yavin-worker-mzdm.c.example-com.internal Ready 5m v1.29.0 ``` List the pods. diff --git a/docs/index.md b/docs/index.md index e8537f74..0f409876 100644 --- a/docs/index.md +++ b/docs/index.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.28.4 (upstream) +* Kubernetes v1.29.0 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/), SELinux enforcing * Advanced features like [worker pools](advanced/worker-pools/), [preemptible](fedora-coreos/google-cloud/#preemption) workers, and [snippets](advanced/customization/#hosts) customization @@ -62,7 +62,7 @@ Define a Kubernetes cluster by using the Terraform module for your chosen platfo ```tf module "yavin" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.28.4" + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.29.0" # Google Cloud cluster_name = "yavin" @@ -100,9 +100,9 @@ In 4-8 minutes (varies by platform), the cluster will be ready. This Google Clou $ export KUBECONFIG=/home/user/.kube/configs/yavin-config $ kubectl get nodes NAME ROLES STATUS AGE VERSION -yavin-controller-0.c.example-com.internal Ready 6m v1.28.4 -yavin-worker-jrbf.c.example-com.internal Ready 5m v1.28.4 -yavin-worker-mzdm.c.example-com.internal Ready 5m v1.28.4 +yavin-controller-0.c.example-com.internal Ready 6m v1.29.0 +yavin-worker-jrbf.c.example-com.internal Ready 5m v1.29.0 +yavin-worker-mzdm.c.example-com.internal Ready 5m v1.29.0 ``` List the pods. diff --git a/docs/topics/maintenance.md b/docs/topics/maintenance.md index 5bdb5796..fb6137d0 100644 --- a/docs/topics/maintenance.md +++ b/docs/topics/maintenance.md @@ -13,12 +13,12 @@ Typhoon provides tagged releases to allow clusters to be versioned using ordinar ``` module "yavin" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.28.4" + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.29.0" ... } module "mercury" { - source = "git::https://github.com/poseidon/typhoon//bare-metal/flatcar-linux/kubernetes?ref=v1.28.4" + source = "git::https://github.com/poseidon/typhoon//bare-metal/flatcar-linux/kubernetes?ref=v1.29.0" ... } ``` @@ -192,7 +192,7 @@ Applying edits to most worker fields will start an instance refresh: However, changing `os_stream`/`os_channel` or new AMIs becoming available will NOT change the launch configuration or trigger an Instance Refresh. This allows Fedora CoreOS or Flatcar Linux to auto-update themselves via reboots and avoids unexpected terraform diffs for new AMIs. !!! note - Before Typhoon v1.28.4, worker nodes only used new launch configurations when replaced manually (or due to failure). If you must change node configuration manually, it's still possible. Create a new [worker pool](../advanced/worker-pools.md), then scale down the old worker pool as desired. + Before Typhoon v1.29.0, worker nodes only used new launch configurations when replaced manually (or due to failure). If you must change node configuration manually, it's still possible. Create a new [worker pool](../advanced/worker-pools.md), then scale down the old worker pool as desired. ### Google Cloud @@ -233,7 +233,7 @@ Applying edits to most worker fields will start an instance refresh: However, changing `os_stream`/`os_channel` or new compute images becoming available will NOT change the launch template or update instances. This allows Fedora CoreOS or Flatcar Linux to auto-update themselves via reboots and avoids unexpected terraform diffs for new AMIs. !!! note - Before Typhoon v1.28.4, worker nodes only used new launch templates when replaced manually (or due to failure). If you must change node configuration manually, it's still possible. Create a new [worker pool](../advanced/worker-pools.md), then scale down the old worker pool as desired. + Before Typhoon v1.29.0, worker nodes only used new launch templates when replaced manually (or due to failure). If you must change node configuration manually, it's still possible. Create a new [worker pool](../advanced/worker-pools.md), then scale down the old worker pool as desired. ## Upgrade poseidon/ct diff --git a/google-cloud/fedora-coreos/kubernetes/README.md b/google-cloud/fedora-coreos/kubernetes/README.md index d3209768..3c166043 100644 --- a/google-cloud/fedora-coreos/kubernetes/README.md +++ b/google-cloud/fedora-coreos/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.28.4 (upstream) +* Kubernetes v1.29.0 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/), SELinux enforcing * Advanced features like [worker pools](https://typhoon.psdn.io/advanced/worker-pools/), [preemptible](https://typhoon.psdn.io/fedora-coreos/google-cloud/#preemption) workers, and [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/google-cloud/fedora-coreos/kubernetes/bootstrap.tf b/google-cloud/fedora-coreos/kubernetes/bootstrap.tf index 4916c56c..b9ffbe18 100644 --- a/google-cloud/fedora-coreos/kubernetes/bootstrap.tf +++ b/google-cloud/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=a6e637d1966c76378a46a440bd3c17f616e821b8" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=f0d22ec89517bd7cbb60723d1e6091f278e57bb2" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/google-cloud/fedora-coreos/kubernetes/butane/controller.yaml b/google-cloud/fedora-coreos/kubernetes/butane/controller.yaml index b983a773..48ba88bf 100644 --- a/google-cloud/fedora-coreos/kubernetes/butane/controller.yaml +++ b/google-cloud/fedora-coreos/kubernetes/butane/controller.yaml @@ -54,7 +54,7 @@ systemd: Description=Kubelet (System Container) Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.28.4 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.0 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin @@ -111,7 +111,7 @@ systemd: --volume /opt/bootstrap/assets:/assets:ro,Z \ --volume /opt/bootstrap/apply:/apply:ro,Z \ --entrypoint=/apply \ - quay.io/poseidon/kubelet:v1.28.4 + quay.io/poseidon/kubelet:v1.29.0 ExecStartPost=/bin/touch /opt/bootstrap/bootstrap.done ExecStartPost=-/usr/bin/podman stop bootstrap storage: diff --git a/google-cloud/fedora-coreos/kubernetes/workers/butane/worker.yaml b/google-cloud/fedora-coreos/kubernetes/workers/butane/worker.yaml index f7e934ed..9d090faa 100644 --- a/google-cloud/fedora-coreos/kubernetes/workers/butane/worker.yaml +++ b/google-cloud/fedora-coreos/kubernetes/workers/butane/worker.yaml @@ -26,7 +26,7 @@ systemd: Description=Kubelet (System Container) Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.28.4 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.0 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin diff --git a/google-cloud/flatcar-linux/kubernetes/README.md b/google-cloud/flatcar-linux/kubernetes/README.md index 41c2b3b6..cff3ac91 100644 --- a/google-cloud/flatcar-linux/kubernetes/README.md +++ b/google-cloud/flatcar-linux/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.28.4 (upstream) +* Kubernetes v1.29.0 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/) * Advanced features like [worker pools](https://typhoon.psdn.io/advanced/worker-pools/), [preemptible](https://typhoon.psdn.io/flatcar-linux/google-cloud/#preemption) workers, and [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/google-cloud/flatcar-linux/kubernetes/bootstrap.tf b/google-cloud/flatcar-linux/kubernetes/bootstrap.tf index 4916c56c..b9ffbe18 100644 --- a/google-cloud/flatcar-linux/kubernetes/bootstrap.tf +++ b/google-cloud/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=a6e637d1966c76378a46a440bd3c17f616e821b8" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=f0d22ec89517bd7cbb60723d1e6091f278e57bb2" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/google-cloud/flatcar-linux/kubernetes/butane/controller.yaml b/google-cloud/flatcar-linux/kubernetes/butane/controller.yaml index 13c3c876..0ae23853 100644 --- a/google-cloud/flatcar-linux/kubernetes/butane/controller.yaml +++ b/google-cloud/flatcar-linux/kubernetes/butane/controller.yaml @@ -56,7 +56,7 @@ systemd: After=docker.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.28.4 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.0 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin @@ -105,7 +105,7 @@ systemd: Type=oneshot RemainAfterExit=true WorkingDirectory=/opt/bootstrap - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.28.4 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.0 ExecStart=/usr/bin/docker run \ -v /etc/kubernetes/pki:/etc/kubernetes/pki:ro \ -v /opt/bootstrap/assets:/assets:ro \ diff --git a/google-cloud/flatcar-linux/kubernetes/workers/butane/worker.yaml b/google-cloud/flatcar-linux/kubernetes/workers/butane/worker.yaml index 4766e269..df982866 100644 --- a/google-cloud/flatcar-linux/kubernetes/workers/butane/worker.yaml +++ b/google-cloud/flatcar-linux/kubernetes/workers/butane/worker.yaml @@ -28,7 +28,7 @@ systemd: After=docker.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.28.4 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.0 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin From 5bea4b7d9cb7daeee2a43e2edf25de5bf26b9917 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 25 Dec 2023 17:16:04 +0000 Subject: [PATCH 009/132] Bump mkdocs-material from 9.5.2 to 9.5.3 Bumps [mkdocs-material](https://github.com/squidfunk/mkdocs-material) from 9.5.2 to 9.5.3. - [Release notes](https://github.com/squidfunk/mkdocs-material/releases) - [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG) - [Commits](https://github.com/squidfunk/mkdocs-material/compare/9.5.2...9.5.3) --- updated-dependencies: - dependency-name: mkdocs-material dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 213b41b3..ebfcfe8f 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,4 +1,4 @@ mkdocs==1.5.3 -mkdocs-material==9.5.2 +mkdocs-material==9.5.3 pygments==2.17.2 pymdown-extensions==10.5 From 25c9ec8e3de9fb12048af41a2358291ae2571b74 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 8 Jan 2024 03:32:00 +0000 Subject: [PATCH 010/132] Bump pymdown-extensions from 10.5 to 10.7 Bumps [pymdown-extensions](https://github.com/facelessuser/pymdown-extensions) from 10.5 to 10.7. - [Release notes](https://github.com/facelessuser/pymdown-extensions/releases) - [Commits](https://github.com/facelessuser/pymdown-extensions/compare/10.5...10.7) --- updated-dependencies: - dependency-name: pymdown-extensions dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index ebfcfe8f..722660a2 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,4 +1,4 @@ mkdocs==1.5.3 mkdocs-material==9.5.3 pygments==2.17.2 -pymdown-extensions==10.5 +pymdown-extensions==10.7 From af719e46f2feff09ad54e9f7507247de598998bd Mon Sep 17 00:00:00 2001 From: 8ball030 <35799987+8ball030@users.noreply.github.com> Date: Sat, 13 Jan 2024 04:16:10 +0000 Subject: [PATCH 011/132] feat ensured that appropriate rbacs are set to allow the ingressclass on gcp (#1409) --- addons/nginx-ingress/google-cloud/rbac/cluster-role.yaml | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/addons/nginx-ingress/google-cloud/rbac/cluster-role.yaml b/addons/nginx-ingress/google-cloud/rbac/cluster-role.yaml index 90edbeb1..a10fe262 100644 --- a/addons/nginx-ingress/google-cloud/rbac/cluster-role.yaml +++ b/addons/nginx-ingress/google-cloud/rbac/cluster-role.yaml @@ -59,4 +59,11 @@ rules: - get - list - watch - + - apiGroups: + - discovery.k8s.io + resources: + - "endpointslices" + verbs: + - get + - list + - watch From fbf4544cfd203dad1b5f08bbd7773525bb9497bc Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 15 Jan 2024 17:15:42 +0000 Subject: [PATCH 012/132] Bump mkdocs-material from 9.5.3 to 9.5.4 Bumps [mkdocs-material](https://github.com/squidfunk/mkdocs-material) from 9.5.3 to 9.5.4. - [Release notes](https://github.com/squidfunk/mkdocs-material/releases) - [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG) - [Commits](https://github.com/squidfunk/mkdocs-material/compare/9.5.3...9.5.4) --- updated-dependencies: - dependency-name: mkdocs-material dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 722660a2..7b68c5c6 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,4 +1,4 @@ mkdocs==1.5.3 -mkdocs-material==9.5.3 +mkdocs-material==9.5.4 pygments==2.17.2 pymdown-extensions==10.7 From 4d4c5413de0c1004225bfdb85357bffa8e548da8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 29 Jan 2024 17:46:18 +0000 Subject: [PATCH 013/132] Bump mkdocs-material from 9.5.4 to 9.5.6 Bumps [mkdocs-material](https://github.com/squidfunk/mkdocs-material) from 9.5.4 to 9.5.6. - [Release notes](https://github.com/squidfunk/mkdocs-material/releases) - [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG) - [Commits](https://github.com/squidfunk/mkdocs-material/compare/9.5.4...9.5.6) --- updated-dependencies: - dependency-name: mkdocs-material dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 7b68c5c6..05d5ecbc 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,4 +1,4 @@ mkdocs==1.5.3 -mkdocs-material==9.5.4 +mkdocs-material==9.5.6 pygments==2.17.2 pymdown-extensions==10.7 From 808eafd1780c6242f6bf28592f2eb22dd7ac7618 Mon Sep 17 00:00:00 2001 From: Dalton Hubble Date: Sun, 4 Feb 2024 10:38:50 -0800 Subject: [PATCH 014/132] Fix AWS launch template to retain support for IMDVv1 * AWS has recently started defaulting launch templates to IMDSv2 being "required". aws_launch_template is supposed to default to "optional" but it doesn't. * Requiring IMDSv2 sessions breaks a number of applications which don't use AWS SDKs and were never meant to be complex applications (e.g. shell scripts and the like) --- aws/fedora-coreos/kubernetes/workers/workers.tf | 5 +++++ aws/flatcar-linux/kubernetes/workers/workers.tf | 5 +++++ 2 files changed, 10 insertions(+) diff --git a/aws/fedora-coreos/kubernetes/workers/workers.tf b/aws/fedora-coreos/kubernetes/workers/workers.tf index 1b0fc1e3..9f0b0be0 100644 --- a/aws/fedora-coreos/kubernetes/workers/workers.tf +++ b/aws/fedora-coreos/kubernetes/workers/workers.tf @@ -78,6 +78,11 @@ resource "aws_launch_template" "worker" { # network vpc_security_group_ids = var.security_groups + # metadata + metadata_options { + http_tokens = "optional" + } + # spot dynamic "instance_market_options" { for_each = var.spot_price > 0 ? [1] : [] diff --git a/aws/flatcar-linux/kubernetes/workers/workers.tf b/aws/flatcar-linux/kubernetes/workers/workers.tf index 67c015ca..cf7ab00f 100644 --- a/aws/flatcar-linux/kubernetes/workers/workers.tf +++ b/aws/flatcar-linux/kubernetes/workers/workers.tf @@ -78,6 +78,11 @@ resource "aws_launch_template" "worker" { # network vpc_security_group_ids = var.security_groups + # metadata + metadata_options { + http_tokens = "optional" + } + # spot dynamic "instance_market_options" { for_each = var.spot_price > 0 ? [1] : [] From e247673a2062a875b489d0e2b1e35031c9ccf107 Mon Sep 17 00:00:00 2001 From: Dalton Hubble Date: Sun, 4 Feb 2024 10:46:04 -0800 Subject: [PATCH 015/132] Update Kubernetes from v1.29.0 to v1.29.1 * https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.29.md#v1291 --- CHANGES.md | 8 ++++++ README.md | 10 +++---- aws/fedora-coreos/kubernetes/README.md | 2 +- aws/fedora-coreos/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/workers/butane/worker.yaml | 2 +- aws/flatcar-linux/kubernetes/README.md | 2 +- aws/flatcar-linux/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/workers/butane/worker.yaml | 2 +- azure/fedora-coreos/kubernetes/README.md | 2 +- azure/fedora-coreos/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/workers/butane/worker.yaml | 2 +- azure/flatcar-linux/kubernetes/README.md | 2 +- azure/flatcar-linux/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/workers/butane/worker.yaml | 2 +- bare-metal/fedora-coreos/kubernetes/README.md | 2 +- .../fedora-coreos/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/worker/butane/worker.yaml | 2 +- bare-metal/flatcar-linux/kubernetes/README.md | 2 +- .../flatcar-linux/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/worker/butane/worker.yaml | 2 +- .../fedora-coreos/kubernetes/README.md | 2 +- .../fedora-coreos/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/butane/worker.yaml | 2 +- .../flatcar-linux/kubernetes/README.md | 2 +- .../flatcar-linux/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/butane/worker.yaml | 2 +- docs/advanced/arm64.md | 28 +++++++++---------- docs/advanced/nodes.md | 8 +++--- docs/advanced/worker-pools.md | 22 +++++++-------- docs/fedora-coreos/aws.md | 10 +++---- docs/fedora-coreos/azure.md | 10 +++---- docs/fedora-coreos/bare-metal.md | 12 ++++---- docs/fedora-coreos/digitalocean.md | 10 +++---- docs/fedora-coreos/google-cloud.md | 10 +++---- docs/flatcar-linux/aws.md | 10 +++---- docs/flatcar-linux/azure.md | 10 +++---- docs/flatcar-linux/bare-metal.md | 12 ++++---- docs/flatcar-linux/digitalocean.md | 10 +++---- docs/flatcar-linux/google-cloud.md | 10 +++---- docs/index.md | 10 +++---- docs/topics/maintenance.md | 8 +++--- .../fedora-coreos/kubernetes/README.md | 2 +- .../fedora-coreos/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/workers/butane/worker.yaml | 2 +- .../flatcar-linux/kubernetes/README.md | 2 +- .../flatcar-linux/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/workers/butane/worker.yaml | 2 +- 57 files changed, 153 insertions(+), 145 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index 238ad21d..4eb2fd43 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -4,6 +4,14 @@ Notable changes between versions. ## Latest +## v1.29.1 + +* Kubernetes [v1.29.1](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.29.md#v1291) + +### AWS + +* Continue to support AWS IMDSv1 ([#1412](https://github.com/poseidon/typhoon/pull/1412)) + ## v1.29.0 * Kubernetes [v1.29.0](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.29.md#v1290) diff --git a/README.md b/README.md index 40b49efc..35debe76 100644 --- a/README.md +++ b/README.md @@ -13,7 +13,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.29.0 (upstream) +* Kubernetes v1.29.1 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/), SELinux enforcing * Advanced features like [worker pools](https://typhoon.psdn.io/advanced/worker-pools/), [preemptible](https://typhoon.psdn.io/flatcar-linux/google-cloud/#preemption) workers, and [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization @@ -65,7 +65,7 @@ Define a Kubernetes cluster by using the Terraform module for your chosen platfo ```tf module "yavin" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.29.0" + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.29.1" # Google Cloud cluster_name = "yavin" @@ -104,9 +104,9 @@ In 4-8 minutes (varies by platform), the cluster will be ready. This Google Clou $ export KUBECONFIG=/home/user/.kube/configs/yavin-config $ kubectl get nodes NAME ROLES STATUS AGE VERSION -yavin-controller-0.c.example-com.internal Ready 6m v1.29.0 -yavin-worker-jrbf.c.example-com.internal Ready 5m v1.29.0 -yavin-worker-mzdm.c.example-com.internal Ready 5m v1.29.0 +yavin-controller-0.c.example-com.internal Ready 6m v1.29.1 +yavin-worker-jrbf.c.example-com.internal Ready 5m v1.29.1 +yavin-worker-mzdm.c.example-com.internal Ready 5m v1.29.1 ``` List the pods. diff --git a/aws/fedora-coreos/kubernetes/README.md b/aws/fedora-coreos/kubernetes/README.md index de5a1f59..613299e0 100644 --- a/aws/fedora-coreos/kubernetes/README.md +++ b/aws/fedora-coreos/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.29.0 (upstream) +* Kubernetes v1.29.1 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/), SELinux enforcing * Advanced features like [worker pools](https://typhoon.psdn.io/advanced/worker-pools/), [spot](https://typhoon.psdn.io/fedora-coreos/aws/#spot) workers, and [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/aws/fedora-coreos/kubernetes/bootstrap.tf b/aws/fedora-coreos/kubernetes/bootstrap.tf index e2f3c059..e88a45d7 100644 --- a/aws/fedora-coreos/kubernetes/bootstrap.tf +++ b/aws/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=f0d22ec89517bd7cbb60723d1e6091f278e57bb2" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=acc7460fcc2577ee2a5e81351e53bb183e36979a" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/aws/fedora-coreos/kubernetes/butane/controller.yaml b/aws/fedora-coreos/kubernetes/butane/controller.yaml index 071e8aa3..bc1927ec 100644 --- a/aws/fedora-coreos/kubernetes/butane/controller.yaml +++ b/aws/fedora-coreos/kubernetes/butane/controller.yaml @@ -57,7 +57,7 @@ systemd: After=afterburn.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.0 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.1 EnvironmentFile=/run/metadata/afterburn ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests @@ -116,7 +116,7 @@ systemd: --volume /opt/bootstrap/assets:/assets:ro,Z \ --volume /opt/bootstrap/apply:/apply:ro,Z \ --entrypoint=/apply \ - quay.io/poseidon/kubelet:v1.29.0 + quay.io/poseidon/kubelet:v1.29.1 ExecStartPost=/bin/touch /opt/bootstrap/bootstrap.done ExecStartPost=-/usr/bin/podman stop bootstrap storage: diff --git a/aws/fedora-coreos/kubernetes/workers/butane/worker.yaml b/aws/fedora-coreos/kubernetes/workers/butane/worker.yaml index 1db2cd60..4a7531ec 100644 --- a/aws/fedora-coreos/kubernetes/workers/butane/worker.yaml +++ b/aws/fedora-coreos/kubernetes/workers/butane/worker.yaml @@ -29,7 +29,7 @@ systemd: After=afterburn.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.0 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.1 EnvironmentFile=/run/metadata/afterburn ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests diff --git a/aws/flatcar-linux/kubernetes/README.md b/aws/flatcar-linux/kubernetes/README.md index 9c6cb6ba..4f354500 100644 --- a/aws/flatcar-linux/kubernetes/README.md +++ b/aws/flatcar-linux/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.29.0 (upstream) +* Kubernetes v1.29.1 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/) * Advanced features like [worker pools](https://typhoon.psdn.io/advanced/worker-pools/), [spot](https://typhoon.psdn.io/flatcar-linux/aws/#spot) workers, and [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/aws/flatcar-linux/kubernetes/bootstrap.tf b/aws/flatcar-linux/kubernetes/bootstrap.tf index e2f3c059..e88a45d7 100644 --- a/aws/flatcar-linux/kubernetes/bootstrap.tf +++ b/aws/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=f0d22ec89517bd7cbb60723d1e6091f278e57bb2" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=acc7460fcc2577ee2a5e81351e53bb183e36979a" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/aws/flatcar-linux/kubernetes/butane/controller.yaml b/aws/flatcar-linux/kubernetes/butane/controller.yaml index 2d14492f..5085271e 100644 --- a/aws/flatcar-linux/kubernetes/butane/controller.yaml +++ b/aws/flatcar-linux/kubernetes/butane/controller.yaml @@ -58,7 +58,7 @@ systemd: After=coreos-metadata.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.0 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.1 EnvironmentFile=/run/metadata/coreos ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests @@ -109,7 +109,7 @@ systemd: Type=oneshot RemainAfterExit=true WorkingDirectory=/opt/bootstrap - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.0 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.1 ExecStart=/usr/bin/docker run \ -v /etc/kubernetes/pki:/etc/kubernetes/pki:ro \ -v /opt/bootstrap/assets:/assets:ro \ diff --git a/aws/flatcar-linux/kubernetes/workers/butane/worker.yaml b/aws/flatcar-linux/kubernetes/workers/butane/worker.yaml index 239f2629..606289c0 100644 --- a/aws/flatcar-linux/kubernetes/workers/butane/worker.yaml +++ b/aws/flatcar-linux/kubernetes/workers/butane/worker.yaml @@ -30,7 +30,7 @@ systemd: After=coreos-metadata.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.0 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.1 EnvironmentFile=/run/metadata/coreos ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests diff --git a/azure/fedora-coreos/kubernetes/README.md b/azure/fedora-coreos/kubernetes/README.md index 2eaba47c..d8adcd54 100644 --- a/azure/fedora-coreos/kubernetes/README.md +++ b/azure/fedora-coreos/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.29.0 (upstream) +* Kubernetes v1.29.1 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/), SELinux enforcing * Advanced features like [worker pools](https://typhoon.psdn.io/advanced/worker-pools/), [spot priority](https://typhoon.psdn.io/fedora-coreos/azure/#low-priority) workers, and [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/azure/fedora-coreos/kubernetes/bootstrap.tf b/azure/fedora-coreos/kubernetes/bootstrap.tf index b337fd52..2197598e 100644 --- a/azure/fedora-coreos/kubernetes/bootstrap.tf +++ b/azure/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=f0d22ec89517bd7cbb60723d1e6091f278e57bb2" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=acc7460fcc2577ee2a5e81351e53bb183e36979a" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/azure/fedora-coreos/kubernetes/butane/controller.yaml b/azure/fedora-coreos/kubernetes/butane/controller.yaml index 24b8e799..27d8bdeb 100644 --- a/azure/fedora-coreos/kubernetes/butane/controller.yaml +++ b/azure/fedora-coreos/kubernetes/butane/controller.yaml @@ -54,7 +54,7 @@ systemd: Description=Kubelet (System Container) Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.0 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.1 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin @@ -111,7 +111,7 @@ systemd: --volume /opt/bootstrap/assets:/assets:ro,Z \ --volume /opt/bootstrap/apply:/apply:ro,Z \ --entrypoint=/apply \ - quay.io/poseidon/kubelet:v1.29.0 + quay.io/poseidon/kubelet:v1.29.1 ExecStartPost=/bin/touch /opt/bootstrap/bootstrap.done ExecStartPost=-/usr/bin/podman stop bootstrap storage: diff --git a/azure/fedora-coreos/kubernetes/workers/butane/worker.yaml b/azure/fedora-coreos/kubernetes/workers/butane/worker.yaml index f6d33866..1ac3ed68 100644 --- a/azure/fedora-coreos/kubernetes/workers/butane/worker.yaml +++ b/azure/fedora-coreos/kubernetes/workers/butane/worker.yaml @@ -26,7 +26,7 @@ systemd: Description=Kubelet (System Container) Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.0 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.1 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin diff --git a/azure/flatcar-linux/kubernetes/README.md b/azure/flatcar-linux/kubernetes/README.md index a01a5009..c1e24f27 100644 --- a/azure/flatcar-linux/kubernetes/README.md +++ b/azure/flatcar-linux/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.29.0 (upstream) +* Kubernetes v1.29.1 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/) * Advanced features like [worker pools](https://typhoon.psdn.io/advanced/worker-pools/), [low-priority](https://typhoon.psdn.io/flatcar-linux/azure/#low-priority) workers, and [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/azure/flatcar-linux/kubernetes/bootstrap.tf b/azure/flatcar-linux/kubernetes/bootstrap.tf index b337fd52..2197598e 100644 --- a/azure/flatcar-linux/kubernetes/bootstrap.tf +++ b/azure/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=f0d22ec89517bd7cbb60723d1e6091f278e57bb2" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=acc7460fcc2577ee2a5e81351e53bb183e36979a" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/azure/flatcar-linux/kubernetes/butane/controller.yaml b/azure/flatcar-linux/kubernetes/butane/controller.yaml index 6a1e3f96..c67efaa2 100644 --- a/azure/flatcar-linux/kubernetes/butane/controller.yaml +++ b/azure/flatcar-linux/kubernetes/butane/controller.yaml @@ -56,7 +56,7 @@ systemd: After=docker.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.0 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.1 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin @@ -105,7 +105,7 @@ systemd: Type=oneshot RemainAfterExit=true WorkingDirectory=/opt/bootstrap - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.0 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.1 ExecStart=/usr/bin/docker run \ -v /etc/kubernetes/pki:/etc/kubernetes/pki:ro \ -v /opt/bootstrap/assets:/assets:ro \ diff --git a/azure/flatcar-linux/kubernetes/workers/butane/worker.yaml b/azure/flatcar-linux/kubernetes/workers/butane/worker.yaml index 50c967ad..a0386203 100644 --- a/azure/flatcar-linux/kubernetes/workers/butane/worker.yaml +++ b/azure/flatcar-linux/kubernetes/workers/butane/worker.yaml @@ -28,7 +28,7 @@ systemd: After=docker.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.0 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.1 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin diff --git a/bare-metal/fedora-coreos/kubernetes/README.md b/bare-metal/fedora-coreos/kubernetes/README.md index 6b8f4072..4e681865 100644 --- a/bare-metal/fedora-coreos/kubernetes/README.md +++ b/bare-metal/fedora-coreos/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.29.0 (upstream) +* Kubernetes v1.29.1 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/), SELinux enforcing * Advanced features like [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/bare-metal/fedora-coreos/kubernetes/bootstrap.tf b/bare-metal/fedora-coreos/kubernetes/bootstrap.tf index 062a2d26..37564f42 100644 --- a/bare-metal/fedora-coreos/kubernetes/bootstrap.tf +++ b/bare-metal/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=f0d22ec89517bd7cbb60723d1e6091f278e57bb2" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=acc7460fcc2577ee2a5e81351e53bb183e36979a" cluster_name = var.cluster_name api_servers = [var.k8s_domain_name] diff --git a/bare-metal/fedora-coreos/kubernetes/butane/controller.yaml b/bare-metal/fedora-coreos/kubernetes/butane/controller.yaml index 916f42a4..fb544888 100644 --- a/bare-metal/fedora-coreos/kubernetes/butane/controller.yaml +++ b/bare-metal/fedora-coreos/kubernetes/butane/controller.yaml @@ -53,7 +53,7 @@ systemd: Description=Kubelet (System Container) Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.0 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.1 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin @@ -113,7 +113,7 @@ systemd: Type=oneshot RemainAfterExit=true WorkingDirectory=/opt/bootstrap - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.0 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.1 ExecStartPre=-/usr/bin/podman rm bootstrap ExecStart=/usr/bin/podman run --name bootstrap \ --network host \ diff --git a/bare-metal/fedora-coreos/kubernetes/worker/butane/worker.yaml b/bare-metal/fedora-coreos/kubernetes/worker/butane/worker.yaml index 20ccd870..5609e018 100644 --- a/bare-metal/fedora-coreos/kubernetes/worker/butane/worker.yaml +++ b/bare-metal/fedora-coreos/kubernetes/worker/butane/worker.yaml @@ -25,7 +25,7 @@ systemd: Description=Kubelet (System Container) Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.0 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.1 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin diff --git a/bare-metal/flatcar-linux/kubernetes/README.md b/bare-metal/flatcar-linux/kubernetes/README.md index e7501186..11166568 100644 --- a/bare-metal/flatcar-linux/kubernetes/README.md +++ b/bare-metal/flatcar-linux/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.29.0 (upstream) +* Kubernetes v1.29.1 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/) * Advanced features like [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/bare-metal/flatcar-linux/kubernetes/bootstrap.tf b/bare-metal/flatcar-linux/kubernetes/bootstrap.tf index a7f02456..1a80a0d0 100644 --- a/bare-metal/flatcar-linux/kubernetes/bootstrap.tf +++ b/bare-metal/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=f0d22ec89517bd7cbb60723d1e6091f278e57bb2" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=acc7460fcc2577ee2a5e81351e53bb183e36979a" cluster_name = var.cluster_name api_servers = [var.k8s_domain_name] diff --git a/bare-metal/flatcar-linux/kubernetes/butane/controller.yaml b/bare-metal/flatcar-linux/kubernetes/butane/controller.yaml index 37f0e961..325f1525 100644 --- a/bare-metal/flatcar-linux/kubernetes/butane/controller.yaml +++ b/bare-metal/flatcar-linux/kubernetes/butane/controller.yaml @@ -64,7 +64,7 @@ systemd: After=docker.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.0 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.1 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin @@ -114,7 +114,7 @@ systemd: Type=oneshot RemainAfterExit=true WorkingDirectory=/opt/bootstrap - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.0 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.1 ExecStart=/usr/bin/docker run \ -v /etc/kubernetes/pki:/etc/kubernetes/pki:ro \ -v /opt/bootstrap/assets:/assets:ro \ diff --git a/bare-metal/flatcar-linux/kubernetes/worker/butane/worker.yaml b/bare-metal/flatcar-linux/kubernetes/worker/butane/worker.yaml index 71590279..40b51daa 100644 --- a/bare-metal/flatcar-linux/kubernetes/worker/butane/worker.yaml +++ b/bare-metal/flatcar-linux/kubernetes/worker/butane/worker.yaml @@ -36,7 +36,7 @@ systemd: After=docker.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.0 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.1 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin diff --git a/digital-ocean/fedora-coreos/kubernetes/README.md b/digital-ocean/fedora-coreos/kubernetes/README.md index c3304b41..ba4e7fc9 100644 --- a/digital-ocean/fedora-coreos/kubernetes/README.md +++ b/digital-ocean/fedora-coreos/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.29.0 (upstream) +* Kubernetes v1.29.1 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/), SELinux enforcing * Advanced features like [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/digital-ocean/fedora-coreos/kubernetes/bootstrap.tf b/digital-ocean/fedora-coreos/kubernetes/bootstrap.tf index fc8da932..f1dc6672 100644 --- a/digital-ocean/fedora-coreos/kubernetes/bootstrap.tf +++ b/digital-ocean/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=f0d22ec89517bd7cbb60723d1e6091f278e57bb2" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=acc7460fcc2577ee2a5e81351e53bb183e36979a" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/digital-ocean/fedora-coreos/kubernetes/butane/controller.yaml b/digital-ocean/fedora-coreos/kubernetes/butane/controller.yaml index a67c9552..ad15841b 100644 --- a/digital-ocean/fedora-coreos/kubernetes/butane/controller.yaml +++ b/digital-ocean/fedora-coreos/kubernetes/butane/controller.yaml @@ -55,7 +55,7 @@ systemd: After=afterburn.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.0 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.1 EnvironmentFile=/run/metadata/afterburn ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests @@ -123,7 +123,7 @@ systemd: --volume /opt/bootstrap/assets:/assets:ro,Z \ --volume /opt/bootstrap/apply:/apply:ro,Z \ --entrypoint=/apply \ - quay.io/poseidon/kubelet:v1.29.0 + quay.io/poseidon/kubelet:v1.29.1 ExecStartPost=/bin/touch /opt/bootstrap/bootstrap.done ExecStartPost=-/usr/bin/podman stop bootstrap storage: diff --git a/digital-ocean/fedora-coreos/kubernetes/butane/worker.yaml b/digital-ocean/fedora-coreos/kubernetes/butane/worker.yaml index 40cf00f5..bf826096 100644 --- a/digital-ocean/fedora-coreos/kubernetes/butane/worker.yaml +++ b/digital-ocean/fedora-coreos/kubernetes/butane/worker.yaml @@ -28,7 +28,7 @@ systemd: After=afterburn.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.0 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.1 EnvironmentFile=/run/metadata/afterburn ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests diff --git a/digital-ocean/flatcar-linux/kubernetes/README.md b/digital-ocean/flatcar-linux/kubernetes/README.md index 72d569bb..dd9ca86a 100644 --- a/digital-ocean/flatcar-linux/kubernetes/README.md +++ b/digital-ocean/flatcar-linux/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.29.0 (upstream) +* Kubernetes v1.29.1 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/) * Advanced features like [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/digital-ocean/flatcar-linux/kubernetes/bootstrap.tf b/digital-ocean/flatcar-linux/kubernetes/bootstrap.tf index fc8da932..f1dc6672 100644 --- a/digital-ocean/flatcar-linux/kubernetes/bootstrap.tf +++ b/digital-ocean/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=f0d22ec89517bd7cbb60723d1e6091f278e57bb2" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=acc7460fcc2577ee2a5e81351e53bb183e36979a" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/digital-ocean/flatcar-linux/kubernetes/butane/controller.yaml b/digital-ocean/flatcar-linux/kubernetes/butane/controller.yaml index 5a070dcb..94f1a884 100644 --- a/digital-ocean/flatcar-linux/kubernetes/butane/controller.yaml +++ b/digital-ocean/flatcar-linux/kubernetes/butane/controller.yaml @@ -66,7 +66,7 @@ systemd: After=coreos-metadata.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.0 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.1 EnvironmentFile=/run/metadata/coreos ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests @@ -117,7 +117,7 @@ systemd: Type=oneshot RemainAfterExit=true WorkingDirectory=/opt/bootstrap - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.0 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.1 ExecStart=/usr/bin/docker run \ -v /etc/kubernetes/pki:/etc/kubernetes/pki:ro \ -v /opt/bootstrap/assets:/assets:ro \ diff --git a/digital-ocean/flatcar-linux/kubernetes/butane/worker.yaml b/digital-ocean/flatcar-linux/kubernetes/butane/worker.yaml index 6d559911..4b6a2f4b 100644 --- a/digital-ocean/flatcar-linux/kubernetes/butane/worker.yaml +++ b/digital-ocean/flatcar-linux/kubernetes/butane/worker.yaml @@ -38,7 +38,7 @@ systemd: After=coreos-metadata.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.0 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.1 EnvironmentFile=/run/metadata/coreos ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests diff --git a/docs/advanced/arm64.md b/docs/advanced/arm64.md index 18e0b9ba..1dbe3d6e 100644 --- a/docs/advanced/arm64.md +++ b/docs/advanced/arm64.md @@ -15,7 +15,7 @@ Create a cluster on AWS with ARM64 controller and worker nodes. Container worklo ```tf module "gravitas" { - source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes?ref=v1.29.0" + source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes?ref=v1.29.1" # AWS cluster_name = "gravitas" @@ -40,7 +40,7 @@ Create a cluster on AWS with ARM64 controller and worker nodes. Container worklo ```tf module "gravitas" { - source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes?ref=v1.29.0" + source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes?ref=v1.29.1" # AWS cluster_name = "gravitas" @@ -66,9 +66,9 @@ Verify the cluster has only arm64 (`aarch64`) nodes. For Flatcar Linux, describe ``` $ kubectl get nodes -o wide NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME -ip-10-0-21-119 Ready 77s v1.29.0 10.0.21.119 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.aarch64 containerd://1.5.8 -ip-10-0-32-166 Ready 80s v1.29.0 10.0.32.166 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.aarch64 containerd://1.5.8 -ip-10-0-5-79 Ready 77s v1.29.0 10.0.5.79 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.aarch64 containerd://1.5.8 +ip-10-0-21-119 Ready 77s v1.29.1 10.0.21.119 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.aarch64 containerd://1.5.8 +ip-10-0-32-166 Ready 80s v1.29.1 10.0.32.166 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.aarch64 containerd://1.5.8 +ip-10-0-5-79 Ready 77s v1.29.1 10.0.5.79 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.aarch64 containerd://1.5.8 ``` ## Hybrid @@ -79,7 +79,7 @@ Create a hybrid/mixed arch cluster by defining an AWS cluster. Then define a [wo ```tf module "gravitas" { - source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes?ref=v1.29.0" + source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes?ref=v1.29.1" # AWS cluster_name = "gravitas" @@ -102,7 +102,7 @@ Create a hybrid/mixed arch cluster by defining an AWS cluster. Then define a [wo ```tf module "gravitas" { - source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes?ref=v1.29.0" + source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes?ref=v1.29.1" # AWS cluster_name = "gravitas" @@ -125,7 +125,7 @@ Create a hybrid/mixed arch cluster by defining an AWS cluster. Then define a [wo ```tf module "gravitas-arm64" { - source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes/workers?ref=v1.29.0" + source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes/workers?ref=v1.29.1" # AWS vpc_id = module.gravitas.vpc_id @@ -149,7 +149,7 @@ Create a hybrid/mixed arch cluster by defining an AWS cluster. Then define a [wo ```tf module "gravitas-arm64" { - source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes/workers?ref=v1.29.0" + source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes/workers?ref=v1.29.1" # AWS vpc_id = module.gravitas.vpc_id @@ -174,10 +174,10 @@ Verify amd64 (x86_64) and arm64 (aarch64) nodes are present. ``` $ kubectl get nodes -o wide NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME -ip-10-0-1-73 Ready 111m v1.29.0 10.0.1.73 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.x86_64 containerd://1.5.8 -ip-10-0-22-79... Ready 111m v1.29.0 10.0.22.79 Flatcar Container Linux by Kinvolk 3033.2.0 (Oklo) 5.10.84-flatcar containerd://1.5.8 -ip-10-0-24-130 Ready 111m v1.29.0 10.0.24.130 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.x86_64 containerd://1.5.8 -ip-10-0-39-19 Ready 111m v1.29.0 10.0.39.19 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.x86_64 containerd://1.5.8 +ip-10-0-1-73 Ready 111m v1.29.1 10.0.1.73 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.x86_64 containerd://1.5.8 +ip-10-0-22-79... Ready 111m v1.29.1 10.0.22.79 Flatcar Container Linux by Kinvolk 3033.2.0 (Oklo) 5.10.84-flatcar containerd://1.5.8 +ip-10-0-24-130 Ready 111m v1.29.1 10.0.24.130 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.x86_64 containerd://1.5.8 +ip-10-0-39-19 Ready 111m v1.29.1 10.0.39.19 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.x86_64 containerd://1.5.8 ``` ## Azure @@ -186,7 +186,7 @@ Create a cluster on Azure with ARM64 controller and worker nodes. Container work ```tf module "ramius" { - source = "git::https://github.com/poseidon/typhoon//azure/flatcar-linux/kubernetes?ref=v1.29.0" + source = "git::https://github.com/poseidon/typhoon//azure/flatcar-linux/kubernetes?ref=v1.29.1" # Azure cluster_name = "ramius" diff --git a/docs/advanced/nodes.md b/docs/advanced/nodes.md index 25010246..1264d93e 100644 --- a/docs/advanced/nodes.md +++ b/docs/advanced/nodes.md @@ -36,7 +36,7 @@ Add custom initial worker node labels to default workers or worker pool nodes to ```tf module "yavin" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.29.0" + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.29.1" # Google Cloud cluster_name = "yavin" @@ -57,7 +57,7 @@ Add custom initial worker node labels to default workers or worker pool nodes to ```tf module "yavin-pool" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes/workers?ref=v1.29.0" + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes/workers?ref=v1.29.1" # Google Cloud cluster_name = "yavin" @@ -89,7 +89,7 @@ Add custom initial taints on worker pool nodes to indicate a node is unique and ```tf module "yavin" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.29.0" + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.29.1" # Google Cloud cluster_name = "yavin" @@ -110,7 +110,7 @@ Add custom initial taints on worker pool nodes to indicate a node is unique and ```tf module "yavin-pool" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes/workers?ref=v1.29.0" + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes/workers?ref=v1.29.1" # Google Cloud cluster_name = "yavin" diff --git a/docs/advanced/worker-pools.md b/docs/advanced/worker-pools.md index 8772b178..eb51d1a7 100644 --- a/docs/advanced/worker-pools.md +++ b/docs/advanced/worker-pools.md @@ -19,7 +19,7 @@ Create a cluster following the AWS [tutorial](../flatcar-linux/aws.md#cluster). ```tf module "tempest-worker-pool" { - source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes/workers?ref=v1.29.0" + source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes/workers?ref=v1.29.1" # AWS vpc_id = module.tempest.vpc_id @@ -42,7 +42,7 @@ Create a cluster following the AWS [tutorial](../flatcar-linux/aws.md#cluster). ```tf module "tempest-worker-pool" { - source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes/workers?ref=v1.29.0" + source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes/workers?ref=v1.29.1" # AWS vpc_id = module.tempest.vpc_id @@ -111,7 +111,7 @@ Create a cluster following the Azure [tutorial](../flatcar-linux/azure.md#cluste ```tf module "ramius-worker-pool" { - source = "git::https://github.com/poseidon/typhoon//azure/fedora-coreos/kubernetes/workers?ref=v1.29.0" + source = "git::https://github.com/poseidon/typhoon//azure/fedora-coreos/kubernetes/workers?ref=v1.29.1" # Azure region = module.ramius.region @@ -137,7 +137,7 @@ Create a cluster following the Azure [tutorial](../flatcar-linux/azure.md#cluste ```tf module "ramius-worker-pool" { - source = "git::https://github.com/poseidon/typhoon//azure/flatcar-linux/kubernetes/workers?ref=v1.29.0" + source = "git::https://github.com/poseidon/typhoon//azure/flatcar-linux/kubernetes/workers?ref=v1.29.1" # Azure region = module.ramius.region @@ -207,7 +207,7 @@ Create a cluster following the Google Cloud [tutorial](../flatcar-linux/google-c ```tf module "yavin-worker-pool" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes/workers?ref=v1.29.0" + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes/workers?ref=v1.29.1" # Google Cloud region = "europe-west2" @@ -231,7 +231,7 @@ Create a cluster following the Google Cloud [tutorial](../flatcar-linux/google-c ```tf module "yavin-worker-pool" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/flatcar-linux/kubernetes/workers?ref=v1.29.0" + source = "git::https://github.com/poseidon/typhoon//google-cloud/flatcar-linux/kubernetes/workers?ref=v1.29.1" # Google Cloud region = "europe-west2" @@ -262,11 +262,11 @@ Verify a managed instance group of workers joins the cluster within a few minute ``` $ kubectl get nodes NAME STATUS AGE VERSION -yavin-controller-0.c.example-com.internal Ready 6m v1.29.0 -yavin-worker-jrbf.c.example-com.internal Ready 5m v1.29.0 -yavin-worker-mzdm.c.example-com.internal Ready 5m v1.29.0 -yavin-16x-worker-jrbf.c.example-com.internal Ready 3m v1.29.0 -yavin-16x-worker-mzdm.c.example-com.internal Ready 3m v1.29.0 +yavin-controller-0.c.example-com.internal Ready 6m v1.29.1 +yavin-worker-jrbf.c.example-com.internal Ready 5m v1.29.1 +yavin-worker-mzdm.c.example-com.internal Ready 5m v1.29.1 +yavin-16x-worker-jrbf.c.example-com.internal Ready 3m v1.29.1 +yavin-16x-worker-mzdm.c.example-com.internal Ready 3m v1.29.1 ``` ### Variables diff --git a/docs/fedora-coreos/aws.md b/docs/fedora-coreos/aws.md index 6ae58aa2..2942e172 100644 --- a/docs/fedora-coreos/aws.md +++ b/docs/fedora-coreos/aws.md @@ -1,6 +1,6 @@ # AWS -In this tutorial, we'll create a Kubernetes v1.29.0 cluster on AWS with Fedora CoreOS. +In this tutorial, we'll create a Kubernetes v1.29.1 cluster on AWS with Fedora CoreOS. We'll declare a Kubernetes cluster using the Typhoon Terraform module. Then apply the changes to create a VPC, gateway, subnets, security groups, controller instances, worker auto-scaling group, network load balancer, and TLS assets. @@ -72,7 +72,7 @@ Define a Kubernetes cluster using the module `aws/fedora-coreos/kubernetes`. ```tf module "tempest" { - source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes?ref=v1.29.0" + source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes?ref=v1.29.1" # AWS cluster_name = "tempest" @@ -145,9 +145,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/tempest-config $ kubectl get nodes NAME STATUS ROLES AGE VERSION -ip-10-0-3-155 Ready 10m v1.29.0 -ip-10-0-26-65 Ready 10m v1.29.0 -ip-10-0-41-21 Ready 10m v1.29.0 +ip-10-0-3-155 Ready 10m v1.29.1 +ip-10-0-26-65 Ready 10m v1.29.1 +ip-10-0-41-21 Ready 10m v1.29.1 ``` List the pods. diff --git a/docs/fedora-coreos/azure.md b/docs/fedora-coreos/azure.md index 9a7d84e3..225d895b 100644 --- a/docs/fedora-coreos/azure.md +++ b/docs/fedora-coreos/azure.md @@ -1,6 +1,6 @@ # Azure -In this tutorial, we'll create a Kubernetes v1.29.0 cluster on Azure with Fedora CoreOS. +In this tutorial, we'll create a Kubernetes v1.29.1 cluster on Azure with Fedora CoreOS. We'll declare a Kubernetes cluster using the Typhoon Terraform module. Then apply the changes to create a resource group, virtual network, subnets, security groups, controller availability set, worker scale set, load balancer, and TLS assets. @@ -86,7 +86,7 @@ Define a Kubernetes cluster using the module `azure/fedora-coreos/kubernetes`. ```tf module "ramius" { - source = "git::https://github.com/poseidon/typhoon//azure/fedora-coreos/kubernetes?ref=v1.29.0" + source = "git::https://github.com/poseidon/typhoon//azure/fedora-coreos/kubernetes?ref=v1.29.1" # Azure cluster_name = "ramius" @@ -161,9 +161,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/ramius-config $ kubectl get nodes NAME STATUS ROLES AGE VERSION -ramius-controller-0 Ready 24m v1.29.0 -ramius-worker-000001 Ready 25m v1.29.0 -ramius-worker-000002 Ready 24m v1.29.0 +ramius-controller-0 Ready 24m v1.29.1 +ramius-worker-000001 Ready 25m v1.29.1 +ramius-worker-000002 Ready 24m v1.29.1 ``` List the pods. diff --git a/docs/fedora-coreos/bare-metal.md b/docs/fedora-coreos/bare-metal.md index b031bdac..837d1394 100644 --- a/docs/fedora-coreos/bare-metal.md +++ b/docs/fedora-coreos/bare-metal.md @@ -1,6 +1,6 @@ # Bare-Metal -In this tutorial, we'll network boot and provision a Kubernetes v1.29.0 cluster on bare-metal with Fedora CoreOS. +In this tutorial, we'll network boot and provision a Kubernetes v1.29.1 cluster on bare-metal with Fedora CoreOS. First, we'll deploy a [Matchbox](https://github.com/poseidon/matchbox) service and setup a network boot environment. Then, we'll declare a Kubernetes cluster using the Typhoon Terraform module and power on machines. On PXE boot, machines will install Fedora CoreOS to disk, reboot into the disk install, and provision themselves as Kubernetes controllers or workers via Ignition. @@ -154,7 +154,7 @@ Define a Kubernetes cluster using the module `bare-metal/fedora-coreos/kubernete ```tf module "mercury" { - source = "git::https://github.com/poseidon/typhoon//bare-metal/fedora-coreos/kubernetes?ref=v1.29.0" + source = "git::https://github.com/poseidon/typhoon//bare-metal/fedora-coreos/kubernetes?ref=v1.29.1" # bare-metal cluster_name = "mercury" @@ -191,7 +191,7 @@ Workers with similar features can be defined inline using the `workers` field as ```tf module "mercury-node1" { - source = "git::https://github.com/poseidon/typhoon//bare-metal/fedora-coreos/kubernetes/worker?ref=v1.29.0" + source = "git::https://github.com/poseidon/typhoon//bare-metal/fedora-coreos/kubernetes/worker?ref=v1.29.1" # bare-metal cluster_name = "mercury" @@ -313,9 +313,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/mercury-config $ kubectl get nodes NAME STATUS ROLES AGE VERSION -node1.example.com Ready 10m v1.29.0 -node2.example.com Ready 10m v1.29.0 -node3.example.com Ready 10m v1.29.0 +node1.example.com Ready 10m v1.29.1 +node2.example.com Ready 10m v1.29.1 +node3.example.com Ready 10m v1.29.1 ``` List the pods. diff --git a/docs/fedora-coreos/digitalocean.md b/docs/fedora-coreos/digitalocean.md index 110563e3..25fee56c 100644 --- a/docs/fedora-coreos/digitalocean.md +++ b/docs/fedora-coreos/digitalocean.md @@ -1,6 +1,6 @@ # DigitalOcean -In this tutorial, we'll create a Kubernetes v1.29.0 cluster on DigitalOcean with Fedora CoreOS. +In this tutorial, we'll create a Kubernetes v1.29.1 cluster on DigitalOcean with Fedora CoreOS. We'll declare a Kubernetes cluster using the Typhoon Terraform module. Then apply the changes to create controller droplets, worker droplets, DNS records, tags, and TLS assets. @@ -81,7 +81,7 @@ Define a Kubernetes cluster using the module `digital-ocean/fedora-coreos/kubern ```tf module "nemo" { - source = "git::https://github.com/poseidon/typhoon//digital-ocean/fedora-coreos/kubernetes?ref=v1.29.0" + source = "git::https://github.com/poseidon/typhoon//digital-ocean/fedora-coreos/kubernetes?ref=v1.29.1" # Digital Ocean cluster_name = "nemo" @@ -155,9 +155,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/nemo-config $ kubectl get nodes NAME STATUS ROLES AGE VERSION -10.132.110.130 Ready 10m v1.29.0 -10.132.115.81 Ready 10m v1.29.0 -10.132.124.107 Ready 10m v1.29.0 +10.132.110.130 Ready 10m v1.29.1 +10.132.115.81 Ready 10m v1.29.1 +10.132.124.107 Ready 10m v1.29.1 ``` List the pods. diff --git a/docs/fedora-coreos/google-cloud.md b/docs/fedora-coreos/google-cloud.md index 3549ff11..9325820e 100644 --- a/docs/fedora-coreos/google-cloud.md +++ b/docs/fedora-coreos/google-cloud.md @@ -1,6 +1,6 @@ # Google Cloud -In this tutorial, we'll create a Kubernetes v1.29.0 cluster on Google Compute Engine with Fedora CoreOS. +In this tutorial, we'll create a Kubernetes v1.29.1 cluster on Google Compute Engine with Fedora CoreOS. We'll declare a Kubernetes cluster using the Typhoon Terraform module. Then apply the changes to create a network, firewall rules, health checks, controller instances, worker managed instance group, load balancers, and TLS assets. @@ -73,7 +73,7 @@ Define a Kubernetes cluster using the module `google-cloud/fedora-coreos/kuberne ```tf module "yavin" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.29.0" + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.29.1" # Google Cloud cluster_name = "yavin" @@ -147,9 +147,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/yavin-config $ kubectl get nodes NAME ROLES STATUS AGE VERSION -yavin-controller-0.c.example-com.internal Ready 6m v1.29.0 -yavin-worker-jrbf.c.example-com.internal Ready 5m v1.29.0 -yavin-worker-mzdm.c.example-com.internal Ready 5m v1.29.0 +yavin-controller-0.c.example-com.internal Ready 6m v1.29.1 +yavin-worker-jrbf.c.example-com.internal Ready 5m v1.29.1 +yavin-worker-mzdm.c.example-com.internal Ready 5m v1.29.1 ``` List the pods. diff --git a/docs/flatcar-linux/aws.md b/docs/flatcar-linux/aws.md index 765d30aa..43b715a5 100644 --- a/docs/flatcar-linux/aws.md +++ b/docs/flatcar-linux/aws.md @@ -1,6 +1,6 @@ # AWS -In this tutorial, we'll create a Kubernetes v1.29.0 cluster on AWS with Flatcar Linux. +In this tutorial, we'll create a Kubernetes v1.29.1 cluster on AWS with Flatcar Linux. We'll declare a Kubernetes cluster using the Typhoon Terraform module. Then apply the changes to create a VPC, gateway, subnets, security groups, controller instances, worker auto-scaling group, network load balancer, and TLS assets. @@ -72,7 +72,7 @@ Define a Kubernetes cluster using the module `aws/flatcar-linux/kubernetes`. ```tf module "tempest" { - source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes?ref=v1.29.0" + source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes?ref=v1.29.1" # AWS cluster_name = "tempest" @@ -145,9 +145,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/tempest-config $ kubectl get nodes NAME STATUS ROLES AGE VERSION -ip-10-0-3-155 Ready 10m v1.29.0 -ip-10-0-26-65 Ready 10m v1.29.0 -ip-10-0-41-21 Ready 10m v1.29.0 +ip-10-0-3-155 Ready 10m v1.29.1 +ip-10-0-26-65 Ready 10m v1.29.1 +ip-10-0-41-21 Ready 10m v1.29.1 ``` List the pods. diff --git a/docs/flatcar-linux/azure.md b/docs/flatcar-linux/azure.md index e71828eb..ee09a9b1 100644 --- a/docs/flatcar-linux/azure.md +++ b/docs/flatcar-linux/azure.md @@ -1,6 +1,6 @@ # Azure -In this tutorial, we'll create a Kubernetes v1.29.0 cluster on Azure with Flatcar Linux. +In this tutorial, we'll create a Kubernetes v1.29.1 cluster on Azure with Flatcar Linux. We'll declare a Kubernetes cluster using the Typhoon Terraform module. Then apply the changes to create a resource group, virtual network, subnets, security groups, controller availability set, worker scale set, load balancer, and TLS assets. @@ -75,7 +75,7 @@ Define a Kubernetes cluster using the module `azure/flatcar-linux/kubernetes`. ```tf module "ramius" { - source = "git::https://github.com/poseidon/typhoon//azure/flatcar-linux/kubernetes?ref=v1.29.0" + source = "git::https://github.com/poseidon/typhoon//azure/flatcar-linux/kubernetes?ref=v1.29.1" # Azure cluster_name = "ramius" @@ -149,9 +149,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/ramius-config $ kubectl get nodes NAME STATUS ROLES AGE VERSION -ramius-controller-0 Ready 24m v1.29.0 -ramius-worker-000001 Ready 25m v1.29.0 -ramius-worker-000002 Ready 24m v1.29.0 +ramius-controller-0 Ready 24m v1.29.1 +ramius-worker-000001 Ready 25m v1.29.1 +ramius-worker-000002 Ready 24m v1.29.1 ``` List the pods. diff --git a/docs/flatcar-linux/bare-metal.md b/docs/flatcar-linux/bare-metal.md index 26a58558..6ff08962 100644 --- a/docs/flatcar-linux/bare-metal.md +++ b/docs/flatcar-linux/bare-metal.md @@ -1,6 +1,6 @@ # Bare-Metal -In this tutorial, we'll network boot and provision a Kubernetes v1.29.0 cluster on bare-metal with Flatcar Linux. +In this tutorial, we'll network boot and provision a Kubernetes v1.29.1 cluster on bare-metal with Flatcar Linux. First, we'll deploy a [Matchbox](https://github.com/poseidon/matchbox) service and setup a network boot environment. Then, we'll declare a Kubernetes cluster using the Typhoon Terraform module and power on machines. On PXE boot, machines will install Container Linux to disk, reboot into the disk install, and provision themselves as Kubernetes controllers or workers via Ignition. @@ -154,7 +154,7 @@ Define a Kubernetes cluster using the module `bare-metal/flatcar-linux/kubernete ```tf module "mercury" { - source = "git::https://github.com/poseidon/typhoon//bare-metal/flatcar-linux/kubernetes?ref=v1.29.0" + source = "git::https://github.com/poseidon/typhoon//bare-metal/flatcar-linux/kubernetes?ref=v1.29.1" # bare-metal cluster_name = "mercury" @@ -194,7 +194,7 @@ Workers with similar features can be defined inline using the `workers` field as ```tf module "mercury-node1" { - source = "git::https://github.com/poseidon/typhoon//bare-metal/fedora-coreos/kubernetes/worker?ref=v1.29.0" + source = "git::https://github.com/poseidon/typhoon//bare-metal/fedora-coreos/kubernetes/worker?ref=v1.29.1" # bare-metal cluster_name = "mercury" @@ -323,9 +323,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/mercury-config $ kubectl get nodes NAME STATUS ROLES AGE VERSION -node1.example.com Ready 10m v1.29.0 -node2.example.com Ready 10m v1.29.0 -node3.example.com Ready 10m v1.29.0 +node1.example.com Ready 10m v1.29.1 +node2.example.com Ready 10m v1.29.1 +node3.example.com Ready 10m v1.29.1 ``` List the pods. diff --git a/docs/flatcar-linux/digitalocean.md b/docs/flatcar-linux/digitalocean.md index f309cf03..78696b71 100644 --- a/docs/flatcar-linux/digitalocean.md +++ b/docs/flatcar-linux/digitalocean.md @@ -1,6 +1,6 @@ # DigitalOcean -In this tutorial, we'll create a Kubernetes v1.29.0 cluster on DigitalOcean with Flatcar Linux. +In this tutorial, we'll create a Kubernetes v1.29.1 cluster on DigitalOcean with Flatcar Linux. We'll declare a Kubernetes cluster using the Typhoon Terraform module. Then apply the changes to create controller droplets, worker droplets, DNS records, tags, and TLS assets. @@ -81,7 +81,7 @@ Define a Kubernetes cluster using the module `digital-ocean/flatcar-linux/kubern ```tf module "nemo" { - source = "git::https://github.com/poseidon/typhoon//digital-ocean/flatcar-linux/kubernetes?ref=v1.29.0" + source = "git::https://github.com/poseidon/typhoon//digital-ocean/flatcar-linux/kubernetes?ref=v1.29.1" # Digital Ocean cluster_name = "nemo" @@ -155,9 +155,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/nemo-config $ kubectl get nodes NAME STATUS ROLES AGE VERSION -10.132.110.130 Ready 10m v1.29.0 -10.132.115.81 Ready 10m v1.29.0 -10.132.124.107 Ready 10m v1.29.0 +10.132.110.130 Ready 10m v1.29.1 +10.132.115.81 Ready 10m v1.29.1 +10.132.124.107 Ready 10m v1.29.1 ``` List the pods. diff --git a/docs/flatcar-linux/google-cloud.md b/docs/flatcar-linux/google-cloud.md index 23e2c4ae..115faba8 100644 --- a/docs/flatcar-linux/google-cloud.md +++ b/docs/flatcar-linux/google-cloud.md @@ -1,6 +1,6 @@ # Google Cloud -In this tutorial, we'll create a Kubernetes v1.29.0 cluster on Google Compute Engine with Flatcar Linux. +In this tutorial, we'll create a Kubernetes v1.29.1 cluster on Google Compute Engine with Flatcar Linux. We'll declare a Kubernetes cluster using the Typhoon Terraform module. Then apply the changes to create a network, firewall rules, health checks, controller instances, worker managed instance group, load balancers, and TLS assets. @@ -73,7 +73,7 @@ Define a Kubernetes cluster using the module `google-cloud/flatcar-linux/kuberne ```tf module "yavin" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/flatcar-linux/kubernetes?ref=v1.29.0" + source = "git::https://github.com/poseidon/typhoon//google-cloud/flatcar-linux/kubernetes?ref=v1.29.1" # Google Cloud cluster_name = "yavin" @@ -147,9 +147,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/yavin-config $ kubectl get nodes NAME ROLES STATUS AGE VERSION -yavin-controller-0.c.example-com.internal Ready 6m v1.29.0 -yavin-worker-jrbf.c.example-com.internal Ready 5m v1.29.0 -yavin-worker-mzdm.c.example-com.internal Ready 5m v1.29.0 +yavin-controller-0.c.example-com.internal Ready 6m v1.29.1 +yavin-worker-jrbf.c.example-com.internal Ready 5m v1.29.1 +yavin-worker-mzdm.c.example-com.internal Ready 5m v1.29.1 ``` List the pods. diff --git a/docs/index.md b/docs/index.md index 0f409876..83f095d6 100644 --- a/docs/index.md +++ b/docs/index.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.29.0 (upstream) +* Kubernetes v1.29.1 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/), SELinux enforcing * Advanced features like [worker pools](advanced/worker-pools/), [preemptible](fedora-coreos/google-cloud/#preemption) workers, and [snippets](advanced/customization/#hosts) customization @@ -62,7 +62,7 @@ Define a Kubernetes cluster by using the Terraform module for your chosen platfo ```tf module "yavin" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.29.0" + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.29.1" # Google Cloud cluster_name = "yavin" @@ -100,9 +100,9 @@ In 4-8 minutes (varies by platform), the cluster will be ready. This Google Clou $ export KUBECONFIG=/home/user/.kube/configs/yavin-config $ kubectl get nodes NAME ROLES STATUS AGE VERSION -yavin-controller-0.c.example-com.internal Ready 6m v1.29.0 -yavin-worker-jrbf.c.example-com.internal Ready 5m v1.29.0 -yavin-worker-mzdm.c.example-com.internal Ready 5m v1.29.0 +yavin-controller-0.c.example-com.internal Ready 6m v1.29.1 +yavin-worker-jrbf.c.example-com.internal Ready 5m v1.29.1 +yavin-worker-mzdm.c.example-com.internal Ready 5m v1.29.1 ``` List the pods. diff --git a/docs/topics/maintenance.md b/docs/topics/maintenance.md index fb6137d0..a9005256 100644 --- a/docs/topics/maintenance.md +++ b/docs/topics/maintenance.md @@ -13,12 +13,12 @@ Typhoon provides tagged releases to allow clusters to be versioned using ordinar ``` module "yavin" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.29.0" + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.29.1" ... } module "mercury" { - source = "git::https://github.com/poseidon/typhoon//bare-metal/flatcar-linux/kubernetes?ref=v1.29.0" + source = "git::https://github.com/poseidon/typhoon//bare-metal/flatcar-linux/kubernetes?ref=v1.29.1" ... } ``` @@ -192,7 +192,7 @@ Applying edits to most worker fields will start an instance refresh: However, changing `os_stream`/`os_channel` or new AMIs becoming available will NOT change the launch configuration or trigger an Instance Refresh. This allows Fedora CoreOS or Flatcar Linux to auto-update themselves via reboots and avoids unexpected terraform diffs for new AMIs. !!! note - Before Typhoon v1.29.0, worker nodes only used new launch configurations when replaced manually (or due to failure). If you must change node configuration manually, it's still possible. Create a new [worker pool](../advanced/worker-pools.md), then scale down the old worker pool as desired. + Before Typhoon v1.29.1, worker nodes only used new launch configurations when replaced manually (or due to failure). If you must change node configuration manually, it's still possible. Create a new [worker pool](../advanced/worker-pools.md), then scale down the old worker pool as desired. ### Google Cloud @@ -233,7 +233,7 @@ Applying edits to most worker fields will start an instance refresh: However, changing `os_stream`/`os_channel` or new compute images becoming available will NOT change the launch template or update instances. This allows Fedora CoreOS or Flatcar Linux to auto-update themselves via reboots and avoids unexpected terraform diffs for new AMIs. !!! note - Before Typhoon v1.29.0, worker nodes only used new launch templates when replaced manually (or due to failure). If you must change node configuration manually, it's still possible. Create a new [worker pool](../advanced/worker-pools.md), then scale down the old worker pool as desired. + Before Typhoon v1.29.1, worker nodes only used new launch templates when replaced manually (or due to failure). If you must change node configuration manually, it's still possible. Create a new [worker pool](../advanced/worker-pools.md), then scale down the old worker pool as desired. ## Upgrade poseidon/ct diff --git a/google-cloud/fedora-coreos/kubernetes/README.md b/google-cloud/fedora-coreos/kubernetes/README.md index 3c166043..2a76c822 100644 --- a/google-cloud/fedora-coreos/kubernetes/README.md +++ b/google-cloud/fedora-coreos/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.29.0 (upstream) +* Kubernetes v1.29.1 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/), SELinux enforcing * Advanced features like [worker pools](https://typhoon.psdn.io/advanced/worker-pools/), [preemptible](https://typhoon.psdn.io/fedora-coreos/google-cloud/#preemption) workers, and [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/google-cloud/fedora-coreos/kubernetes/bootstrap.tf b/google-cloud/fedora-coreos/kubernetes/bootstrap.tf index b9ffbe18..e89dac44 100644 --- a/google-cloud/fedora-coreos/kubernetes/bootstrap.tf +++ b/google-cloud/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=f0d22ec89517bd7cbb60723d1e6091f278e57bb2" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=acc7460fcc2577ee2a5e81351e53bb183e36979a" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/google-cloud/fedora-coreos/kubernetes/butane/controller.yaml b/google-cloud/fedora-coreos/kubernetes/butane/controller.yaml index 48ba88bf..59ea3512 100644 --- a/google-cloud/fedora-coreos/kubernetes/butane/controller.yaml +++ b/google-cloud/fedora-coreos/kubernetes/butane/controller.yaml @@ -54,7 +54,7 @@ systemd: Description=Kubelet (System Container) Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.0 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.1 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin @@ -111,7 +111,7 @@ systemd: --volume /opt/bootstrap/assets:/assets:ro,Z \ --volume /opt/bootstrap/apply:/apply:ro,Z \ --entrypoint=/apply \ - quay.io/poseidon/kubelet:v1.29.0 + quay.io/poseidon/kubelet:v1.29.1 ExecStartPost=/bin/touch /opt/bootstrap/bootstrap.done ExecStartPost=-/usr/bin/podman stop bootstrap storage: diff --git a/google-cloud/fedora-coreos/kubernetes/workers/butane/worker.yaml b/google-cloud/fedora-coreos/kubernetes/workers/butane/worker.yaml index 9d090faa..310aea06 100644 --- a/google-cloud/fedora-coreos/kubernetes/workers/butane/worker.yaml +++ b/google-cloud/fedora-coreos/kubernetes/workers/butane/worker.yaml @@ -26,7 +26,7 @@ systemd: Description=Kubelet (System Container) Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.0 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.1 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin diff --git a/google-cloud/flatcar-linux/kubernetes/README.md b/google-cloud/flatcar-linux/kubernetes/README.md index cff3ac91..8c15a736 100644 --- a/google-cloud/flatcar-linux/kubernetes/README.md +++ b/google-cloud/flatcar-linux/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.29.0 (upstream) +* Kubernetes v1.29.1 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/) * Advanced features like [worker pools](https://typhoon.psdn.io/advanced/worker-pools/), [preemptible](https://typhoon.psdn.io/flatcar-linux/google-cloud/#preemption) workers, and [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/google-cloud/flatcar-linux/kubernetes/bootstrap.tf b/google-cloud/flatcar-linux/kubernetes/bootstrap.tf index b9ffbe18..e89dac44 100644 --- a/google-cloud/flatcar-linux/kubernetes/bootstrap.tf +++ b/google-cloud/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=f0d22ec89517bd7cbb60723d1e6091f278e57bb2" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=acc7460fcc2577ee2a5e81351e53bb183e36979a" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/google-cloud/flatcar-linux/kubernetes/butane/controller.yaml b/google-cloud/flatcar-linux/kubernetes/butane/controller.yaml index 0ae23853..ab5feea6 100644 --- a/google-cloud/flatcar-linux/kubernetes/butane/controller.yaml +++ b/google-cloud/flatcar-linux/kubernetes/butane/controller.yaml @@ -56,7 +56,7 @@ systemd: After=docker.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.0 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.1 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin @@ -105,7 +105,7 @@ systemd: Type=oneshot RemainAfterExit=true WorkingDirectory=/opt/bootstrap - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.0 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.1 ExecStart=/usr/bin/docker run \ -v /etc/kubernetes/pki:/etc/kubernetes/pki:ro \ -v /opt/bootstrap/assets:/assets:ro \ diff --git a/google-cloud/flatcar-linux/kubernetes/workers/butane/worker.yaml b/google-cloud/flatcar-linux/kubernetes/workers/butane/worker.yaml index df982866..98d4616a 100644 --- a/google-cloud/flatcar-linux/kubernetes/workers/butane/worker.yaml +++ b/google-cloud/flatcar-linux/kubernetes/workers/butane/worker.yaml @@ -28,7 +28,7 @@ systemd: After=docker.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.0 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.1 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin From 301f460d2508e6bb3e68402b60145c0ac074954c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 5 Feb 2024 17:38:51 +0000 Subject: [PATCH 016/132] Bump mkdocs-material from 9.5.6 to 9.5.7 Bumps [mkdocs-material](https://github.com/squidfunk/mkdocs-material) from 9.5.6 to 9.5.7. - [Release notes](https://github.com/squidfunk/mkdocs-material/releases) - [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG) - [Commits](https://github.com/squidfunk/mkdocs-material/compare/9.5.6...9.5.7) --- updated-dependencies: - dependency-name: mkdocs-material dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 05d5ecbc..7e2d9761 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,4 +1,4 @@ mkdocs==1.5.3 -mkdocs-material==9.5.6 +mkdocs-material==9.5.7 pygments==2.17.2 pymdown-extensions==10.7 From aecb7775a84941061e27849706fdd388cca487dc Mon Sep 17 00:00:00 2001 From: Dalton Hubble Date: Sun, 18 Feb 2024 15:36:37 -0800 Subject: [PATCH 017/132] Update etcd from v3.5.10 to v3.5.12 * https://github.com/etcd-io/etcd/releases/tag/v3.5.11 * https://github.com/etcd-io/etcd/releases/tag/v3.5.12 --- aws/fedora-coreos/kubernetes/butane/controller.yaml | 2 +- aws/flatcar-linux/kubernetes/butane/controller.yaml | 2 +- azure/fedora-coreos/kubernetes/butane/controller.yaml | 2 +- azure/flatcar-linux/kubernetes/butane/controller.yaml | 2 +- bare-metal/fedora-coreos/kubernetes/butane/controller.yaml | 2 +- bare-metal/flatcar-linux/kubernetes/butane/controller.yaml | 2 +- digital-ocean/fedora-coreos/kubernetes/butane/controller.yaml | 2 +- digital-ocean/flatcar-linux/kubernetes/butane/controller.yaml | 2 +- google-cloud/fedora-coreos/kubernetes/butane/controller.yaml | 2 +- google-cloud/flatcar-linux/kubernetes/butane/controller.yaml | 2 +- 10 files changed, 10 insertions(+), 10 deletions(-) diff --git a/aws/fedora-coreos/kubernetes/butane/controller.yaml b/aws/fedora-coreos/kubernetes/butane/controller.yaml index bc1927ec..82dbafbb 100644 --- a/aws/fedora-coreos/kubernetes/butane/controller.yaml +++ b/aws/fedora-coreos/kubernetes/butane/controller.yaml @@ -12,7 +12,7 @@ systemd: Wants=network-online.target After=network-online.target [Service] - Environment=ETCD_IMAGE=quay.io/coreos/etcd:v3.5.10 + Environment=ETCD_IMAGE=quay.io/coreos/etcd:v3.5.12 Type=exec ExecStartPre=/bin/mkdir -p /var/lib/etcd ExecStartPre=-/usr/bin/podman rm etcd diff --git a/aws/flatcar-linux/kubernetes/butane/controller.yaml b/aws/flatcar-linux/kubernetes/butane/controller.yaml index 5085271e..2f674d7b 100644 --- a/aws/flatcar-linux/kubernetes/butane/controller.yaml +++ b/aws/flatcar-linux/kubernetes/butane/controller.yaml @@ -11,7 +11,7 @@ systemd: Requires=docker.service After=docker.service [Service] - Environment=ETCD_IMAGE=quay.io/coreos/etcd:v3.5.10 + Environment=ETCD_IMAGE=quay.io/coreos/etcd:v3.5.12 ExecStartPre=/usr/bin/docker run -d \ --name etcd \ --network host \ diff --git a/azure/fedora-coreos/kubernetes/butane/controller.yaml b/azure/fedora-coreos/kubernetes/butane/controller.yaml index 27d8bdeb..adfb39fd 100644 --- a/azure/fedora-coreos/kubernetes/butane/controller.yaml +++ b/azure/fedora-coreos/kubernetes/butane/controller.yaml @@ -12,7 +12,7 @@ systemd: Wants=network-online.target After=network-online.target [Service] - Environment=ETCD_IMAGE=quay.io/coreos/etcd:v3.5.10 + Environment=ETCD_IMAGE=quay.io/coreos/etcd:v3.5.12 Type=exec ExecStartPre=/bin/mkdir -p /var/lib/etcd ExecStartPre=-/usr/bin/podman rm etcd diff --git a/azure/flatcar-linux/kubernetes/butane/controller.yaml b/azure/flatcar-linux/kubernetes/butane/controller.yaml index c67efaa2..a455adc5 100644 --- a/azure/flatcar-linux/kubernetes/butane/controller.yaml +++ b/azure/flatcar-linux/kubernetes/butane/controller.yaml @@ -11,7 +11,7 @@ systemd: Requires=docker.service After=docker.service [Service] - Environment=ETCD_IMAGE=quay.io/coreos/etcd:v3.5.10 + Environment=ETCD_IMAGE=quay.io/coreos/etcd:v3.5.12 ExecStartPre=/usr/bin/docker run -d \ --name etcd \ --network host \ diff --git a/bare-metal/fedora-coreos/kubernetes/butane/controller.yaml b/bare-metal/fedora-coreos/kubernetes/butane/controller.yaml index fb544888..6fed2979 100644 --- a/bare-metal/fedora-coreos/kubernetes/butane/controller.yaml +++ b/bare-metal/fedora-coreos/kubernetes/butane/controller.yaml @@ -12,7 +12,7 @@ systemd: Wants=network-online.target After=network-online.target [Service] - Environment=ETCD_IMAGE=quay.io/coreos/etcd:v3.5.10 + Environment=ETCD_IMAGE=quay.io/coreos/etcd:v3.5.12 Type=exec ExecStartPre=/bin/mkdir -p /var/lib/etcd ExecStartPre=-/usr/bin/podman rm etcd diff --git a/bare-metal/flatcar-linux/kubernetes/butane/controller.yaml b/bare-metal/flatcar-linux/kubernetes/butane/controller.yaml index 325f1525..85c3f5b9 100644 --- a/bare-metal/flatcar-linux/kubernetes/butane/controller.yaml +++ b/bare-metal/flatcar-linux/kubernetes/butane/controller.yaml @@ -11,7 +11,7 @@ systemd: Requires=docker.service After=docker.service [Service] - Environment=ETCD_IMAGE=quay.io/coreos/etcd:v3.5.10 + Environment=ETCD_IMAGE=quay.io/coreos/etcd:v3.5.12 ExecStartPre=/usr/bin/docker run -d \ --name etcd \ --network host \ diff --git a/digital-ocean/fedora-coreos/kubernetes/butane/controller.yaml b/digital-ocean/fedora-coreos/kubernetes/butane/controller.yaml index ad15841b..37a7c943 100644 --- a/digital-ocean/fedora-coreos/kubernetes/butane/controller.yaml +++ b/digital-ocean/fedora-coreos/kubernetes/butane/controller.yaml @@ -12,7 +12,7 @@ systemd: Wants=network-online.target After=network-online.target [Service] - Environment=ETCD_IMAGE=quay.io/coreos/etcd:v3.5.10 + Environment=ETCD_IMAGE=quay.io/coreos/etcd:v3.5.12 Type=exec ExecStartPre=/bin/mkdir -p /var/lib/etcd ExecStartPre=-/usr/bin/podman rm etcd diff --git a/digital-ocean/flatcar-linux/kubernetes/butane/controller.yaml b/digital-ocean/flatcar-linux/kubernetes/butane/controller.yaml index 94f1a884..3a4463ed 100644 --- a/digital-ocean/flatcar-linux/kubernetes/butane/controller.yaml +++ b/digital-ocean/flatcar-linux/kubernetes/butane/controller.yaml @@ -11,7 +11,7 @@ systemd: Requires=docker.service After=docker.service [Service] - Environment=ETCD_IMAGE=quay.io/coreos/etcd:v3.5.10 + Environment=ETCD_IMAGE=quay.io/coreos/etcd:v3.5.12 ExecStartPre=/usr/bin/docker run -d \ --name etcd \ --network host \ diff --git a/google-cloud/fedora-coreos/kubernetes/butane/controller.yaml b/google-cloud/fedora-coreos/kubernetes/butane/controller.yaml index 59ea3512..88ecad46 100644 --- a/google-cloud/fedora-coreos/kubernetes/butane/controller.yaml +++ b/google-cloud/fedora-coreos/kubernetes/butane/controller.yaml @@ -12,7 +12,7 @@ systemd: Wants=network-online.target After=network-online.target [Service] - Environment=ETCD_IMAGE=quay.io/coreos/etcd:v3.5.10 + Environment=ETCD_IMAGE=quay.io/coreos/etcd:v3.5.12 Type=exec ExecStartPre=/bin/mkdir -p /var/lib/etcd ExecStartPre=-/usr/bin/podman rm etcd diff --git a/google-cloud/flatcar-linux/kubernetes/butane/controller.yaml b/google-cloud/flatcar-linux/kubernetes/butane/controller.yaml index ab5feea6..c8af6f49 100644 --- a/google-cloud/flatcar-linux/kubernetes/butane/controller.yaml +++ b/google-cloud/flatcar-linux/kubernetes/butane/controller.yaml @@ -11,7 +11,7 @@ systemd: Requires=docker.service After=docker.service [Service] - Environment=ETCD_IMAGE=quay.io/coreos/etcd:v3.5.10 + Environment=ETCD_IMAGE=quay.io/coreos/etcd:v3.5.12 ExecStartPre=/usr/bin/docker run -d \ --name etcd \ --network host \ From ac3eab4e001c7532ca4bab4653665d75835c01d6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 12 Feb 2024 17:17:56 +0000 Subject: [PATCH 018/132] Bump mkdocs-material from 9.5.7 to 9.5.9 Bumps [mkdocs-material](https://github.com/squidfunk/mkdocs-material) from 9.5.7 to 9.5.9. - [Release notes](https://github.com/squidfunk/mkdocs-material/releases) - [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG) - [Commits](https://github.com/squidfunk/mkdocs-material/compare/9.5.7...9.5.9) --- updated-dependencies: - dependency-name: mkdocs-material dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 7e2d9761..146f90c4 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,4 +1,4 @@ mkdocs==1.5.3 -mkdocs-material==9.5.7 +mkdocs-material==9.5.9 pygments==2.17.2 pymdown-extensions==10.7 From f2f625984e3b6caa4d86c5f2f7ee64232f3f5c51 Mon Sep 17 00:00:00 2001 From: Dalton Hubble Date: Sun, 18 Feb 2024 17:56:01 -0800 Subject: [PATCH 019/132] Update Kubernetes from v1.29.1 to v1.29.2 * https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.29.md#v1292 --- CHANGES.md | 9 ++++++ README.md | 10 +++---- aws/fedora-coreos/kubernetes/README.md | 2 +- aws/fedora-coreos/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/workers/butane/worker.yaml | 2 +- aws/flatcar-linux/kubernetes/README.md | 2 +- aws/flatcar-linux/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/workers/butane/worker.yaml | 2 +- azure/fedora-coreos/kubernetes/README.md | 2 +- azure/fedora-coreos/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/workers/butane/worker.yaml | 2 +- azure/flatcar-linux/kubernetes/README.md | 2 +- azure/flatcar-linux/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/workers/butane/worker.yaml | 2 +- bare-metal/fedora-coreos/kubernetes/README.md | 2 +- .../fedora-coreos/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/worker/butane/worker.yaml | 2 +- bare-metal/flatcar-linux/kubernetes/README.md | 2 +- .../flatcar-linux/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/worker/butane/worker.yaml | 2 +- .../fedora-coreos/kubernetes/README.md | 2 +- .../fedora-coreos/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/butane/worker.yaml | 2 +- .../flatcar-linux/kubernetes/README.md | 2 +- .../flatcar-linux/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/butane/worker.yaml | 2 +- docs/advanced/arm64.md | 28 +++++++++---------- docs/advanced/nodes.md | 8 +++--- docs/advanced/worker-pools.md | 22 +++++++-------- docs/fedora-coreos/aws.md | 10 +++---- docs/fedora-coreos/azure.md | 10 +++---- docs/fedora-coreos/bare-metal.md | 12 ++++---- docs/fedora-coreos/digitalocean.md | 10 +++---- docs/fedora-coreos/google-cloud.md | 10 +++---- docs/flatcar-linux/aws.md | 10 +++---- docs/flatcar-linux/azure.md | 10 +++---- docs/flatcar-linux/bare-metal.md | 12 ++++---- docs/flatcar-linux/digitalocean.md | 10 +++---- docs/flatcar-linux/google-cloud.md | 10 +++---- docs/index.md | 10 +++---- docs/topics/maintenance.md | 8 +++--- .../fedora-coreos/kubernetes/README.md | 2 +- .../fedora-coreos/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/workers/butane/worker.yaml | 2 +- .../flatcar-linux/kubernetes/README.md | 2 +- .../flatcar-linux/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/workers/butane/worker.yaml | 2 +- 57 files changed, 154 insertions(+), 145 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index 4eb2fd43..d013160a 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -4,6 +4,11 @@ Notable changes between versions. ## Latest +## v1.29.2 + +* Kubernetes [v1.29.2](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.29.md#v1292) +* Update flannel from v0.22.2 to [v0.24.2](https://github.com/flannel-io/flannel/releases/tag/v0.24.2) + ## v1.29.1 * Kubernetes [v1.29.1](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.29.md#v1291) @@ -12,6 +17,10 @@ Notable changes between versions. * Continue to support AWS IMDSv1 ([#1412](https://github.com/poseidon/typhoon/pull/1412)) +### Known Issues + +* Calico and Fedora CoreOS cannot be used together currently ([calico#8372](https://github.com/projectcalico/calico/issues/8372)) + ## v1.29.0 * Kubernetes [v1.29.0](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.29.md#v1290) diff --git a/README.md b/README.md index 35debe76..58a62182 100644 --- a/README.md +++ b/README.md @@ -13,7 +13,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.29.1 (upstream) +* Kubernetes v1.29.2 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/), SELinux enforcing * Advanced features like [worker pools](https://typhoon.psdn.io/advanced/worker-pools/), [preemptible](https://typhoon.psdn.io/flatcar-linux/google-cloud/#preemption) workers, and [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization @@ -65,7 +65,7 @@ Define a Kubernetes cluster by using the Terraform module for your chosen platfo ```tf module "yavin" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.29.1" + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.29.2" # Google Cloud cluster_name = "yavin" @@ -104,9 +104,9 @@ In 4-8 minutes (varies by platform), the cluster will be ready. This Google Clou $ export KUBECONFIG=/home/user/.kube/configs/yavin-config $ kubectl get nodes NAME ROLES STATUS AGE VERSION -yavin-controller-0.c.example-com.internal Ready 6m v1.29.1 -yavin-worker-jrbf.c.example-com.internal Ready 5m v1.29.1 -yavin-worker-mzdm.c.example-com.internal Ready 5m v1.29.1 +yavin-controller-0.c.example-com.internal Ready 6m v1.29.2 +yavin-worker-jrbf.c.example-com.internal Ready 5m v1.29.2 +yavin-worker-mzdm.c.example-com.internal Ready 5m v1.29.2 ``` List the pods. diff --git a/aws/fedora-coreos/kubernetes/README.md b/aws/fedora-coreos/kubernetes/README.md index 613299e0..7c3e3cdf 100644 --- a/aws/fedora-coreos/kubernetes/README.md +++ b/aws/fedora-coreos/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.29.1 (upstream) +* Kubernetes v1.29.2 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/), SELinux enforcing * Advanced features like [worker pools](https://typhoon.psdn.io/advanced/worker-pools/), [spot](https://typhoon.psdn.io/fedora-coreos/aws/#spot) workers, and [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/aws/fedora-coreos/kubernetes/bootstrap.tf b/aws/fedora-coreos/kubernetes/bootstrap.tf index e88a45d7..902c2504 100644 --- a/aws/fedora-coreos/kubernetes/bootstrap.tf +++ b/aws/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=acc7460fcc2577ee2a5e81351e53bb183e36979a" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=2909ea9da3c600fb0f858b168e0799343438d6d9" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/aws/fedora-coreos/kubernetes/butane/controller.yaml b/aws/fedora-coreos/kubernetes/butane/controller.yaml index 82dbafbb..1c89c359 100644 --- a/aws/fedora-coreos/kubernetes/butane/controller.yaml +++ b/aws/fedora-coreos/kubernetes/butane/controller.yaml @@ -57,7 +57,7 @@ systemd: After=afterburn.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.1 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.2 EnvironmentFile=/run/metadata/afterburn ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests @@ -116,7 +116,7 @@ systemd: --volume /opt/bootstrap/assets:/assets:ro,Z \ --volume /opt/bootstrap/apply:/apply:ro,Z \ --entrypoint=/apply \ - quay.io/poseidon/kubelet:v1.29.1 + quay.io/poseidon/kubelet:v1.29.2 ExecStartPost=/bin/touch /opt/bootstrap/bootstrap.done ExecStartPost=-/usr/bin/podman stop bootstrap storage: diff --git a/aws/fedora-coreos/kubernetes/workers/butane/worker.yaml b/aws/fedora-coreos/kubernetes/workers/butane/worker.yaml index 4a7531ec..1bff5aef 100644 --- a/aws/fedora-coreos/kubernetes/workers/butane/worker.yaml +++ b/aws/fedora-coreos/kubernetes/workers/butane/worker.yaml @@ -29,7 +29,7 @@ systemd: After=afterburn.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.1 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.2 EnvironmentFile=/run/metadata/afterburn ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests diff --git a/aws/flatcar-linux/kubernetes/README.md b/aws/flatcar-linux/kubernetes/README.md index 4f354500..5364cff7 100644 --- a/aws/flatcar-linux/kubernetes/README.md +++ b/aws/flatcar-linux/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.29.1 (upstream) +* Kubernetes v1.29.2 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/) * Advanced features like [worker pools](https://typhoon.psdn.io/advanced/worker-pools/), [spot](https://typhoon.psdn.io/flatcar-linux/aws/#spot) workers, and [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/aws/flatcar-linux/kubernetes/bootstrap.tf b/aws/flatcar-linux/kubernetes/bootstrap.tf index e88a45d7..902c2504 100644 --- a/aws/flatcar-linux/kubernetes/bootstrap.tf +++ b/aws/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=acc7460fcc2577ee2a5e81351e53bb183e36979a" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=2909ea9da3c600fb0f858b168e0799343438d6d9" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/aws/flatcar-linux/kubernetes/butane/controller.yaml b/aws/flatcar-linux/kubernetes/butane/controller.yaml index 2f674d7b..0cfc11f3 100644 --- a/aws/flatcar-linux/kubernetes/butane/controller.yaml +++ b/aws/flatcar-linux/kubernetes/butane/controller.yaml @@ -58,7 +58,7 @@ systemd: After=coreos-metadata.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.1 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.2 EnvironmentFile=/run/metadata/coreos ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests @@ -109,7 +109,7 @@ systemd: Type=oneshot RemainAfterExit=true WorkingDirectory=/opt/bootstrap - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.1 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.2 ExecStart=/usr/bin/docker run \ -v /etc/kubernetes/pki:/etc/kubernetes/pki:ro \ -v /opt/bootstrap/assets:/assets:ro \ diff --git a/aws/flatcar-linux/kubernetes/workers/butane/worker.yaml b/aws/flatcar-linux/kubernetes/workers/butane/worker.yaml index 606289c0..f5682d11 100644 --- a/aws/flatcar-linux/kubernetes/workers/butane/worker.yaml +++ b/aws/flatcar-linux/kubernetes/workers/butane/worker.yaml @@ -30,7 +30,7 @@ systemd: After=coreos-metadata.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.1 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.2 EnvironmentFile=/run/metadata/coreos ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests diff --git a/azure/fedora-coreos/kubernetes/README.md b/azure/fedora-coreos/kubernetes/README.md index d8adcd54..4ab391ef 100644 --- a/azure/fedora-coreos/kubernetes/README.md +++ b/azure/fedora-coreos/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.29.1 (upstream) +* Kubernetes v1.29.2 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/), SELinux enforcing * Advanced features like [worker pools](https://typhoon.psdn.io/advanced/worker-pools/), [spot priority](https://typhoon.psdn.io/fedora-coreos/azure/#low-priority) workers, and [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/azure/fedora-coreos/kubernetes/bootstrap.tf b/azure/fedora-coreos/kubernetes/bootstrap.tf index 2197598e..d0771e17 100644 --- a/azure/fedora-coreos/kubernetes/bootstrap.tf +++ b/azure/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=acc7460fcc2577ee2a5e81351e53bb183e36979a" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=2909ea9da3c600fb0f858b168e0799343438d6d9" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/azure/fedora-coreos/kubernetes/butane/controller.yaml b/azure/fedora-coreos/kubernetes/butane/controller.yaml index adfb39fd..893d44c9 100644 --- a/azure/fedora-coreos/kubernetes/butane/controller.yaml +++ b/azure/fedora-coreos/kubernetes/butane/controller.yaml @@ -54,7 +54,7 @@ systemd: Description=Kubelet (System Container) Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.1 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.2 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin @@ -111,7 +111,7 @@ systemd: --volume /opt/bootstrap/assets:/assets:ro,Z \ --volume /opt/bootstrap/apply:/apply:ro,Z \ --entrypoint=/apply \ - quay.io/poseidon/kubelet:v1.29.1 + quay.io/poseidon/kubelet:v1.29.2 ExecStartPost=/bin/touch /opt/bootstrap/bootstrap.done ExecStartPost=-/usr/bin/podman stop bootstrap storage: diff --git a/azure/fedora-coreos/kubernetes/workers/butane/worker.yaml b/azure/fedora-coreos/kubernetes/workers/butane/worker.yaml index 1ac3ed68..b4a28d4a 100644 --- a/azure/fedora-coreos/kubernetes/workers/butane/worker.yaml +++ b/azure/fedora-coreos/kubernetes/workers/butane/worker.yaml @@ -26,7 +26,7 @@ systemd: Description=Kubelet (System Container) Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.1 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.2 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin diff --git a/azure/flatcar-linux/kubernetes/README.md b/azure/flatcar-linux/kubernetes/README.md index c1e24f27..dbc4c673 100644 --- a/azure/flatcar-linux/kubernetes/README.md +++ b/azure/flatcar-linux/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.29.1 (upstream) +* Kubernetes v1.29.2 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/) * Advanced features like [worker pools](https://typhoon.psdn.io/advanced/worker-pools/), [low-priority](https://typhoon.psdn.io/flatcar-linux/azure/#low-priority) workers, and [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/azure/flatcar-linux/kubernetes/bootstrap.tf b/azure/flatcar-linux/kubernetes/bootstrap.tf index 2197598e..d0771e17 100644 --- a/azure/flatcar-linux/kubernetes/bootstrap.tf +++ b/azure/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=acc7460fcc2577ee2a5e81351e53bb183e36979a" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=2909ea9da3c600fb0f858b168e0799343438d6d9" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/azure/flatcar-linux/kubernetes/butane/controller.yaml b/azure/flatcar-linux/kubernetes/butane/controller.yaml index a455adc5..8f9a7e7d 100644 --- a/azure/flatcar-linux/kubernetes/butane/controller.yaml +++ b/azure/flatcar-linux/kubernetes/butane/controller.yaml @@ -56,7 +56,7 @@ systemd: After=docker.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.1 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.2 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin @@ -105,7 +105,7 @@ systemd: Type=oneshot RemainAfterExit=true WorkingDirectory=/opt/bootstrap - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.1 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.2 ExecStart=/usr/bin/docker run \ -v /etc/kubernetes/pki:/etc/kubernetes/pki:ro \ -v /opt/bootstrap/assets:/assets:ro \ diff --git a/azure/flatcar-linux/kubernetes/workers/butane/worker.yaml b/azure/flatcar-linux/kubernetes/workers/butane/worker.yaml index a0386203..bd71ed7a 100644 --- a/azure/flatcar-linux/kubernetes/workers/butane/worker.yaml +++ b/azure/flatcar-linux/kubernetes/workers/butane/worker.yaml @@ -28,7 +28,7 @@ systemd: After=docker.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.1 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.2 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin diff --git a/bare-metal/fedora-coreos/kubernetes/README.md b/bare-metal/fedora-coreos/kubernetes/README.md index 4e681865..d0ed2652 100644 --- a/bare-metal/fedora-coreos/kubernetes/README.md +++ b/bare-metal/fedora-coreos/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.29.1 (upstream) +* Kubernetes v1.29.2 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/), SELinux enforcing * Advanced features like [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/bare-metal/fedora-coreos/kubernetes/bootstrap.tf b/bare-metal/fedora-coreos/kubernetes/bootstrap.tf index 37564f42..a7a83c6f 100644 --- a/bare-metal/fedora-coreos/kubernetes/bootstrap.tf +++ b/bare-metal/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=acc7460fcc2577ee2a5e81351e53bb183e36979a" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=2909ea9da3c600fb0f858b168e0799343438d6d9" cluster_name = var.cluster_name api_servers = [var.k8s_domain_name] diff --git a/bare-metal/fedora-coreos/kubernetes/butane/controller.yaml b/bare-metal/fedora-coreos/kubernetes/butane/controller.yaml index 6fed2979..52c442f6 100644 --- a/bare-metal/fedora-coreos/kubernetes/butane/controller.yaml +++ b/bare-metal/fedora-coreos/kubernetes/butane/controller.yaml @@ -53,7 +53,7 @@ systemd: Description=Kubelet (System Container) Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.1 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.2 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin @@ -113,7 +113,7 @@ systemd: Type=oneshot RemainAfterExit=true WorkingDirectory=/opt/bootstrap - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.1 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.2 ExecStartPre=-/usr/bin/podman rm bootstrap ExecStart=/usr/bin/podman run --name bootstrap \ --network host \ diff --git a/bare-metal/fedora-coreos/kubernetes/worker/butane/worker.yaml b/bare-metal/fedora-coreos/kubernetes/worker/butane/worker.yaml index 5609e018..628df0ed 100644 --- a/bare-metal/fedora-coreos/kubernetes/worker/butane/worker.yaml +++ b/bare-metal/fedora-coreos/kubernetes/worker/butane/worker.yaml @@ -25,7 +25,7 @@ systemd: Description=Kubelet (System Container) Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.1 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.2 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin diff --git a/bare-metal/flatcar-linux/kubernetes/README.md b/bare-metal/flatcar-linux/kubernetes/README.md index 11166568..5d857286 100644 --- a/bare-metal/flatcar-linux/kubernetes/README.md +++ b/bare-metal/flatcar-linux/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.29.1 (upstream) +* Kubernetes v1.29.2 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/) * Advanced features like [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/bare-metal/flatcar-linux/kubernetes/bootstrap.tf b/bare-metal/flatcar-linux/kubernetes/bootstrap.tf index 1a80a0d0..6810a617 100644 --- a/bare-metal/flatcar-linux/kubernetes/bootstrap.tf +++ b/bare-metal/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=acc7460fcc2577ee2a5e81351e53bb183e36979a" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=2909ea9da3c600fb0f858b168e0799343438d6d9" cluster_name = var.cluster_name api_servers = [var.k8s_domain_name] diff --git a/bare-metal/flatcar-linux/kubernetes/butane/controller.yaml b/bare-metal/flatcar-linux/kubernetes/butane/controller.yaml index 85c3f5b9..040ee557 100644 --- a/bare-metal/flatcar-linux/kubernetes/butane/controller.yaml +++ b/bare-metal/flatcar-linux/kubernetes/butane/controller.yaml @@ -64,7 +64,7 @@ systemd: After=docker.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.1 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.2 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin @@ -114,7 +114,7 @@ systemd: Type=oneshot RemainAfterExit=true WorkingDirectory=/opt/bootstrap - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.1 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.2 ExecStart=/usr/bin/docker run \ -v /etc/kubernetes/pki:/etc/kubernetes/pki:ro \ -v /opt/bootstrap/assets:/assets:ro \ diff --git a/bare-metal/flatcar-linux/kubernetes/worker/butane/worker.yaml b/bare-metal/flatcar-linux/kubernetes/worker/butane/worker.yaml index 40b51daa..9d45a91b 100644 --- a/bare-metal/flatcar-linux/kubernetes/worker/butane/worker.yaml +++ b/bare-metal/flatcar-linux/kubernetes/worker/butane/worker.yaml @@ -36,7 +36,7 @@ systemd: After=docker.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.1 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.2 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin diff --git a/digital-ocean/fedora-coreos/kubernetes/README.md b/digital-ocean/fedora-coreos/kubernetes/README.md index ba4e7fc9..b6f19126 100644 --- a/digital-ocean/fedora-coreos/kubernetes/README.md +++ b/digital-ocean/fedora-coreos/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.29.1 (upstream) +* Kubernetes v1.29.2 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/), SELinux enforcing * Advanced features like [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/digital-ocean/fedora-coreos/kubernetes/bootstrap.tf b/digital-ocean/fedora-coreos/kubernetes/bootstrap.tf index f1dc6672..f6f928a9 100644 --- a/digital-ocean/fedora-coreos/kubernetes/bootstrap.tf +++ b/digital-ocean/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=acc7460fcc2577ee2a5e81351e53bb183e36979a" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=2909ea9da3c600fb0f858b168e0799343438d6d9" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/digital-ocean/fedora-coreos/kubernetes/butane/controller.yaml b/digital-ocean/fedora-coreos/kubernetes/butane/controller.yaml index 37a7c943..e79a83ab 100644 --- a/digital-ocean/fedora-coreos/kubernetes/butane/controller.yaml +++ b/digital-ocean/fedora-coreos/kubernetes/butane/controller.yaml @@ -55,7 +55,7 @@ systemd: After=afterburn.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.1 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.2 EnvironmentFile=/run/metadata/afterburn ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests @@ -123,7 +123,7 @@ systemd: --volume /opt/bootstrap/assets:/assets:ro,Z \ --volume /opt/bootstrap/apply:/apply:ro,Z \ --entrypoint=/apply \ - quay.io/poseidon/kubelet:v1.29.1 + quay.io/poseidon/kubelet:v1.29.2 ExecStartPost=/bin/touch /opt/bootstrap/bootstrap.done ExecStartPost=-/usr/bin/podman stop bootstrap storage: diff --git a/digital-ocean/fedora-coreos/kubernetes/butane/worker.yaml b/digital-ocean/fedora-coreos/kubernetes/butane/worker.yaml index bf826096..a13f0d25 100644 --- a/digital-ocean/fedora-coreos/kubernetes/butane/worker.yaml +++ b/digital-ocean/fedora-coreos/kubernetes/butane/worker.yaml @@ -28,7 +28,7 @@ systemd: After=afterburn.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.1 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.2 EnvironmentFile=/run/metadata/afterburn ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests diff --git a/digital-ocean/flatcar-linux/kubernetes/README.md b/digital-ocean/flatcar-linux/kubernetes/README.md index dd9ca86a..5d7e200c 100644 --- a/digital-ocean/flatcar-linux/kubernetes/README.md +++ b/digital-ocean/flatcar-linux/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.29.1 (upstream) +* Kubernetes v1.29.2 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/) * Advanced features like [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/digital-ocean/flatcar-linux/kubernetes/bootstrap.tf b/digital-ocean/flatcar-linux/kubernetes/bootstrap.tf index f1dc6672..f6f928a9 100644 --- a/digital-ocean/flatcar-linux/kubernetes/bootstrap.tf +++ b/digital-ocean/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=acc7460fcc2577ee2a5e81351e53bb183e36979a" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=2909ea9da3c600fb0f858b168e0799343438d6d9" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/digital-ocean/flatcar-linux/kubernetes/butane/controller.yaml b/digital-ocean/flatcar-linux/kubernetes/butane/controller.yaml index 3a4463ed..a7ec4183 100644 --- a/digital-ocean/flatcar-linux/kubernetes/butane/controller.yaml +++ b/digital-ocean/flatcar-linux/kubernetes/butane/controller.yaml @@ -66,7 +66,7 @@ systemd: After=coreos-metadata.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.1 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.2 EnvironmentFile=/run/metadata/coreos ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests @@ -117,7 +117,7 @@ systemd: Type=oneshot RemainAfterExit=true WorkingDirectory=/opt/bootstrap - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.1 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.2 ExecStart=/usr/bin/docker run \ -v /etc/kubernetes/pki:/etc/kubernetes/pki:ro \ -v /opt/bootstrap/assets:/assets:ro \ diff --git a/digital-ocean/flatcar-linux/kubernetes/butane/worker.yaml b/digital-ocean/flatcar-linux/kubernetes/butane/worker.yaml index 4b6a2f4b..9baa2a52 100644 --- a/digital-ocean/flatcar-linux/kubernetes/butane/worker.yaml +++ b/digital-ocean/flatcar-linux/kubernetes/butane/worker.yaml @@ -38,7 +38,7 @@ systemd: After=coreos-metadata.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.1 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.2 EnvironmentFile=/run/metadata/coreos ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests diff --git a/docs/advanced/arm64.md b/docs/advanced/arm64.md index 1dbe3d6e..11e4c9d5 100644 --- a/docs/advanced/arm64.md +++ b/docs/advanced/arm64.md @@ -15,7 +15,7 @@ Create a cluster on AWS with ARM64 controller and worker nodes. Container worklo ```tf module "gravitas" { - source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes?ref=v1.29.1" + source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes?ref=v1.29.2" # AWS cluster_name = "gravitas" @@ -40,7 +40,7 @@ Create a cluster on AWS with ARM64 controller and worker nodes. Container worklo ```tf module "gravitas" { - source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes?ref=v1.29.1" + source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes?ref=v1.29.2" # AWS cluster_name = "gravitas" @@ -66,9 +66,9 @@ Verify the cluster has only arm64 (`aarch64`) nodes. For Flatcar Linux, describe ``` $ kubectl get nodes -o wide NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME -ip-10-0-21-119 Ready 77s v1.29.1 10.0.21.119 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.aarch64 containerd://1.5.8 -ip-10-0-32-166 Ready 80s v1.29.1 10.0.32.166 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.aarch64 containerd://1.5.8 -ip-10-0-5-79 Ready 77s v1.29.1 10.0.5.79 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.aarch64 containerd://1.5.8 +ip-10-0-21-119 Ready 77s v1.29.2 10.0.21.119 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.aarch64 containerd://1.5.8 +ip-10-0-32-166 Ready 80s v1.29.2 10.0.32.166 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.aarch64 containerd://1.5.8 +ip-10-0-5-79 Ready 77s v1.29.2 10.0.5.79 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.aarch64 containerd://1.5.8 ``` ## Hybrid @@ -79,7 +79,7 @@ Create a hybrid/mixed arch cluster by defining an AWS cluster. Then define a [wo ```tf module "gravitas" { - source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes?ref=v1.29.1" + source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes?ref=v1.29.2" # AWS cluster_name = "gravitas" @@ -102,7 +102,7 @@ Create a hybrid/mixed arch cluster by defining an AWS cluster. Then define a [wo ```tf module "gravitas" { - source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes?ref=v1.29.1" + source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes?ref=v1.29.2" # AWS cluster_name = "gravitas" @@ -125,7 +125,7 @@ Create a hybrid/mixed arch cluster by defining an AWS cluster. Then define a [wo ```tf module "gravitas-arm64" { - source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes/workers?ref=v1.29.1" + source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes/workers?ref=v1.29.2" # AWS vpc_id = module.gravitas.vpc_id @@ -149,7 +149,7 @@ Create a hybrid/mixed arch cluster by defining an AWS cluster. Then define a [wo ```tf module "gravitas-arm64" { - source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes/workers?ref=v1.29.1" + source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes/workers?ref=v1.29.2" # AWS vpc_id = module.gravitas.vpc_id @@ -174,10 +174,10 @@ Verify amd64 (x86_64) and arm64 (aarch64) nodes are present. ``` $ kubectl get nodes -o wide NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME -ip-10-0-1-73 Ready 111m v1.29.1 10.0.1.73 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.x86_64 containerd://1.5.8 -ip-10-0-22-79... Ready 111m v1.29.1 10.0.22.79 Flatcar Container Linux by Kinvolk 3033.2.0 (Oklo) 5.10.84-flatcar containerd://1.5.8 -ip-10-0-24-130 Ready 111m v1.29.1 10.0.24.130 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.x86_64 containerd://1.5.8 -ip-10-0-39-19 Ready 111m v1.29.1 10.0.39.19 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.x86_64 containerd://1.5.8 +ip-10-0-1-73 Ready 111m v1.29.2 10.0.1.73 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.x86_64 containerd://1.5.8 +ip-10-0-22-79... Ready 111m v1.29.2 10.0.22.79 Flatcar Container Linux by Kinvolk 3033.2.0 (Oklo) 5.10.84-flatcar containerd://1.5.8 +ip-10-0-24-130 Ready 111m v1.29.2 10.0.24.130 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.x86_64 containerd://1.5.8 +ip-10-0-39-19 Ready 111m v1.29.2 10.0.39.19 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.x86_64 containerd://1.5.8 ``` ## Azure @@ -186,7 +186,7 @@ Create a cluster on Azure with ARM64 controller and worker nodes. Container work ```tf module "ramius" { - source = "git::https://github.com/poseidon/typhoon//azure/flatcar-linux/kubernetes?ref=v1.29.1" + source = "git::https://github.com/poseidon/typhoon//azure/flatcar-linux/kubernetes?ref=v1.29.2" # Azure cluster_name = "ramius" diff --git a/docs/advanced/nodes.md b/docs/advanced/nodes.md index 1264d93e..9b5f8d2f 100644 --- a/docs/advanced/nodes.md +++ b/docs/advanced/nodes.md @@ -36,7 +36,7 @@ Add custom initial worker node labels to default workers or worker pool nodes to ```tf module "yavin" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.29.1" + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.29.2" # Google Cloud cluster_name = "yavin" @@ -57,7 +57,7 @@ Add custom initial worker node labels to default workers or worker pool nodes to ```tf module "yavin-pool" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes/workers?ref=v1.29.1" + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes/workers?ref=v1.29.2" # Google Cloud cluster_name = "yavin" @@ -89,7 +89,7 @@ Add custom initial taints on worker pool nodes to indicate a node is unique and ```tf module "yavin" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.29.1" + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.29.2" # Google Cloud cluster_name = "yavin" @@ -110,7 +110,7 @@ Add custom initial taints on worker pool nodes to indicate a node is unique and ```tf module "yavin-pool" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes/workers?ref=v1.29.1" + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes/workers?ref=v1.29.2" # Google Cloud cluster_name = "yavin" diff --git a/docs/advanced/worker-pools.md b/docs/advanced/worker-pools.md index eb51d1a7..c9021235 100644 --- a/docs/advanced/worker-pools.md +++ b/docs/advanced/worker-pools.md @@ -19,7 +19,7 @@ Create a cluster following the AWS [tutorial](../flatcar-linux/aws.md#cluster). ```tf module "tempest-worker-pool" { - source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes/workers?ref=v1.29.1" + source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes/workers?ref=v1.29.2" # AWS vpc_id = module.tempest.vpc_id @@ -42,7 +42,7 @@ Create a cluster following the AWS [tutorial](../flatcar-linux/aws.md#cluster). ```tf module "tempest-worker-pool" { - source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes/workers?ref=v1.29.1" + source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes/workers?ref=v1.29.2" # AWS vpc_id = module.tempest.vpc_id @@ -111,7 +111,7 @@ Create a cluster following the Azure [tutorial](../flatcar-linux/azure.md#cluste ```tf module "ramius-worker-pool" { - source = "git::https://github.com/poseidon/typhoon//azure/fedora-coreos/kubernetes/workers?ref=v1.29.1" + source = "git::https://github.com/poseidon/typhoon//azure/fedora-coreos/kubernetes/workers?ref=v1.29.2" # Azure region = module.ramius.region @@ -137,7 +137,7 @@ Create a cluster following the Azure [tutorial](../flatcar-linux/azure.md#cluste ```tf module "ramius-worker-pool" { - source = "git::https://github.com/poseidon/typhoon//azure/flatcar-linux/kubernetes/workers?ref=v1.29.1" + source = "git::https://github.com/poseidon/typhoon//azure/flatcar-linux/kubernetes/workers?ref=v1.29.2" # Azure region = module.ramius.region @@ -207,7 +207,7 @@ Create a cluster following the Google Cloud [tutorial](../flatcar-linux/google-c ```tf module "yavin-worker-pool" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes/workers?ref=v1.29.1" + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes/workers?ref=v1.29.2" # Google Cloud region = "europe-west2" @@ -231,7 +231,7 @@ Create a cluster following the Google Cloud [tutorial](../flatcar-linux/google-c ```tf module "yavin-worker-pool" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/flatcar-linux/kubernetes/workers?ref=v1.29.1" + source = "git::https://github.com/poseidon/typhoon//google-cloud/flatcar-linux/kubernetes/workers?ref=v1.29.2" # Google Cloud region = "europe-west2" @@ -262,11 +262,11 @@ Verify a managed instance group of workers joins the cluster within a few minute ``` $ kubectl get nodes NAME STATUS AGE VERSION -yavin-controller-0.c.example-com.internal Ready 6m v1.29.1 -yavin-worker-jrbf.c.example-com.internal Ready 5m v1.29.1 -yavin-worker-mzdm.c.example-com.internal Ready 5m v1.29.1 -yavin-16x-worker-jrbf.c.example-com.internal Ready 3m v1.29.1 -yavin-16x-worker-mzdm.c.example-com.internal Ready 3m v1.29.1 +yavin-controller-0.c.example-com.internal Ready 6m v1.29.2 +yavin-worker-jrbf.c.example-com.internal Ready 5m v1.29.2 +yavin-worker-mzdm.c.example-com.internal Ready 5m v1.29.2 +yavin-16x-worker-jrbf.c.example-com.internal Ready 3m v1.29.2 +yavin-16x-worker-mzdm.c.example-com.internal Ready 3m v1.29.2 ``` ### Variables diff --git a/docs/fedora-coreos/aws.md b/docs/fedora-coreos/aws.md index 2942e172..526c8420 100644 --- a/docs/fedora-coreos/aws.md +++ b/docs/fedora-coreos/aws.md @@ -1,6 +1,6 @@ # AWS -In this tutorial, we'll create a Kubernetes v1.29.1 cluster on AWS with Fedora CoreOS. +In this tutorial, we'll create a Kubernetes v1.29.2 cluster on AWS with Fedora CoreOS. We'll declare a Kubernetes cluster using the Typhoon Terraform module. Then apply the changes to create a VPC, gateway, subnets, security groups, controller instances, worker auto-scaling group, network load balancer, and TLS assets. @@ -72,7 +72,7 @@ Define a Kubernetes cluster using the module `aws/fedora-coreos/kubernetes`. ```tf module "tempest" { - source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes?ref=v1.29.1" + source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes?ref=v1.29.2" # AWS cluster_name = "tempest" @@ -145,9 +145,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/tempest-config $ kubectl get nodes NAME STATUS ROLES AGE VERSION -ip-10-0-3-155 Ready 10m v1.29.1 -ip-10-0-26-65 Ready 10m v1.29.1 -ip-10-0-41-21 Ready 10m v1.29.1 +ip-10-0-3-155 Ready 10m v1.29.2 +ip-10-0-26-65 Ready 10m v1.29.2 +ip-10-0-41-21 Ready 10m v1.29.2 ``` List the pods. diff --git a/docs/fedora-coreos/azure.md b/docs/fedora-coreos/azure.md index 225d895b..8ca53a40 100644 --- a/docs/fedora-coreos/azure.md +++ b/docs/fedora-coreos/azure.md @@ -1,6 +1,6 @@ # Azure -In this tutorial, we'll create a Kubernetes v1.29.1 cluster on Azure with Fedora CoreOS. +In this tutorial, we'll create a Kubernetes v1.29.2 cluster on Azure with Fedora CoreOS. We'll declare a Kubernetes cluster using the Typhoon Terraform module. Then apply the changes to create a resource group, virtual network, subnets, security groups, controller availability set, worker scale set, load balancer, and TLS assets. @@ -86,7 +86,7 @@ Define a Kubernetes cluster using the module `azure/fedora-coreos/kubernetes`. ```tf module "ramius" { - source = "git::https://github.com/poseidon/typhoon//azure/fedora-coreos/kubernetes?ref=v1.29.1" + source = "git::https://github.com/poseidon/typhoon//azure/fedora-coreos/kubernetes?ref=v1.29.2" # Azure cluster_name = "ramius" @@ -161,9 +161,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/ramius-config $ kubectl get nodes NAME STATUS ROLES AGE VERSION -ramius-controller-0 Ready 24m v1.29.1 -ramius-worker-000001 Ready 25m v1.29.1 -ramius-worker-000002 Ready 24m v1.29.1 +ramius-controller-0 Ready 24m v1.29.2 +ramius-worker-000001 Ready 25m v1.29.2 +ramius-worker-000002 Ready 24m v1.29.2 ``` List the pods. diff --git a/docs/fedora-coreos/bare-metal.md b/docs/fedora-coreos/bare-metal.md index 837d1394..9249dfa1 100644 --- a/docs/fedora-coreos/bare-metal.md +++ b/docs/fedora-coreos/bare-metal.md @@ -1,6 +1,6 @@ # Bare-Metal -In this tutorial, we'll network boot and provision a Kubernetes v1.29.1 cluster on bare-metal with Fedora CoreOS. +In this tutorial, we'll network boot and provision a Kubernetes v1.29.2 cluster on bare-metal with Fedora CoreOS. First, we'll deploy a [Matchbox](https://github.com/poseidon/matchbox) service and setup a network boot environment. Then, we'll declare a Kubernetes cluster using the Typhoon Terraform module and power on machines. On PXE boot, machines will install Fedora CoreOS to disk, reboot into the disk install, and provision themselves as Kubernetes controllers or workers via Ignition. @@ -154,7 +154,7 @@ Define a Kubernetes cluster using the module `bare-metal/fedora-coreos/kubernete ```tf module "mercury" { - source = "git::https://github.com/poseidon/typhoon//bare-metal/fedora-coreos/kubernetes?ref=v1.29.1" + source = "git::https://github.com/poseidon/typhoon//bare-metal/fedora-coreos/kubernetes?ref=v1.29.2" # bare-metal cluster_name = "mercury" @@ -191,7 +191,7 @@ Workers with similar features can be defined inline using the `workers` field as ```tf module "mercury-node1" { - source = "git::https://github.com/poseidon/typhoon//bare-metal/fedora-coreos/kubernetes/worker?ref=v1.29.1" + source = "git::https://github.com/poseidon/typhoon//bare-metal/fedora-coreos/kubernetes/worker?ref=v1.29.2" # bare-metal cluster_name = "mercury" @@ -313,9 +313,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/mercury-config $ kubectl get nodes NAME STATUS ROLES AGE VERSION -node1.example.com Ready 10m v1.29.1 -node2.example.com Ready 10m v1.29.1 -node3.example.com Ready 10m v1.29.1 +node1.example.com Ready 10m v1.29.2 +node2.example.com Ready 10m v1.29.2 +node3.example.com Ready 10m v1.29.2 ``` List the pods. diff --git a/docs/fedora-coreos/digitalocean.md b/docs/fedora-coreos/digitalocean.md index 25fee56c..e808bdec 100644 --- a/docs/fedora-coreos/digitalocean.md +++ b/docs/fedora-coreos/digitalocean.md @@ -1,6 +1,6 @@ # DigitalOcean -In this tutorial, we'll create a Kubernetes v1.29.1 cluster on DigitalOcean with Fedora CoreOS. +In this tutorial, we'll create a Kubernetes v1.29.2 cluster on DigitalOcean with Fedora CoreOS. We'll declare a Kubernetes cluster using the Typhoon Terraform module. Then apply the changes to create controller droplets, worker droplets, DNS records, tags, and TLS assets. @@ -81,7 +81,7 @@ Define a Kubernetes cluster using the module `digital-ocean/fedora-coreos/kubern ```tf module "nemo" { - source = "git::https://github.com/poseidon/typhoon//digital-ocean/fedora-coreos/kubernetes?ref=v1.29.1" + source = "git::https://github.com/poseidon/typhoon//digital-ocean/fedora-coreos/kubernetes?ref=v1.29.2" # Digital Ocean cluster_name = "nemo" @@ -155,9 +155,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/nemo-config $ kubectl get nodes NAME STATUS ROLES AGE VERSION -10.132.110.130 Ready 10m v1.29.1 -10.132.115.81 Ready 10m v1.29.1 -10.132.124.107 Ready 10m v1.29.1 +10.132.110.130 Ready 10m v1.29.2 +10.132.115.81 Ready 10m v1.29.2 +10.132.124.107 Ready 10m v1.29.2 ``` List the pods. diff --git a/docs/fedora-coreos/google-cloud.md b/docs/fedora-coreos/google-cloud.md index 9325820e..1d92d20c 100644 --- a/docs/fedora-coreos/google-cloud.md +++ b/docs/fedora-coreos/google-cloud.md @@ -1,6 +1,6 @@ # Google Cloud -In this tutorial, we'll create a Kubernetes v1.29.1 cluster on Google Compute Engine with Fedora CoreOS. +In this tutorial, we'll create a Kubernetes v1.29.2 cluster on Google Compute Engine with Fedora CoreOS. We'll declare a Kubernetes cluster using the Typhoon Terraform module. Then apply the changes to create a network, firewall rules, health checks, controller instances, worker managed instance group, load balancers, and TLS assets. @@ -73,7 +73,7 @@ Define a Kubernetes cluster using the module `google-cloud/fedora-coreos/kuberne ```tf module "yavin" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.29.1" + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.29.2" # Google Cloud cluster_name = "yavin" @@ -147,9 +147,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/yavin-config $ kubectl get nodes NAME ROLES STATUS AGE VERSION -yavin-controller-0.c.example-com.internal Ready 6m v1.29.1 -yavin-worker-jrbf.c.example-com.internal Ready 5m v1.29.1 -yavin-worker-mzdm.c.example-com.internal Ready 5m v1.29.1 +yavin-controller-0.c.example-com.internal Ready 6m v1.29.2 +yavin-worker-jrbf.c.example-com.internal Ready 5m v1.29.2 +yavin-worker-mzdm.c.example-com.internal Ready 5m v1.29.2 ``` List the pods. diff --git a/docs/flatcar-linux/aws.md b/docs/flatcar-linux/aws.md index 43b715a5..ca71f385 100644 --- a/docs/flatcar-linux/aws.md +++ b/docs/flatcar-linux/aws.md @@ -1,6 +1,6 @@ # AWS -In this tutorial, we'll create a Kubernetes v1.29.1 cluster on AWS with Flatcar Linux. +In this tutorial, we'll create a Kubernetes v1.29.2 cluster on AWS with Flatcar Linux. We'll declare a Kubernetes cluster using the Typhoon Terraform module. Then apply the changes to create a VPC, gateway, subnets, security groups, controller instances, worker auto-scaling group, network load balancer, and TLS assets. @@ -72,7 +72,7 @@ Define a Kubernetes cluster using the module `aws/flatcar-linux/kubernetes`. ```tf module "tempest" { - source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes?ref=v1.29.1" + source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes?ref=v1.29.2" # AWS cluster_name = "tempest" @@ -145,9 +145,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/tempest-config $ kubectl get nodes NAME STATUS ROLES AGE VERSION -ip-10-0-3-155 Ready 10m v1.29.1 -ip-10-0-26-65 Ready 10m v1.29.1 -ip-10-0-41-21 Ready 10m v1.29.1 +ip-10-0-3-155 Ready 10m v1.29.2 +ip-10-0-26-65 Ready 10m v1.29.2 +ip-10-0-41-21 Ready 10m v1.29.2 ``` List the pods. diff --git a/docs/flatcar-linux/azure.md b/docs/flatcar-linux/azure.md index ee09a9b1..6e9e5401 100644 --- a/docs/flatcar-linux/azure.md +++ b/docs/flatcar-linux/azure.md @@ -1,6 +1,6 @@ # Azure -In this tutorial, we'll create a Kubernetes v1.29.1 cluster on Azure with Flatcar Linux. +In this tutorial, we'll create a Kubernetes v1.29.2 cluster on Azure with Flatcar Linux. We'll declare a Kubernetes cluster using the Typhoon Terraform module. Then apply the changes to create a resource group, virtual network, subnets, security groups, controller availability set, worker scale set, load balancer, and TLS assets. @@ -75,7 +75,7 @@ Define a Kubernetes cluster using the module `azure/flatcar-linux/kubernetes`. ```tf module "ramius" { - source = "git::https://github.com/poseidon/typhoon//azure/flatcar-linux/kubernetes?ref=v1.29.1" + source = "git::https://github.com/poseidon/typhoon//azure/flatcar-linux/kubernetes?ref=v1.29.2" # Azure cluster_name = "ramius" @@ -149,9 +149,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/ramius-config $ kubectl get nodes NAME STATUS ROLES AGE VERSION -ramius-controller-0 Ready 24m v1.29.1 -ramius-worker-000001 Ready 25m v1.29.1 -ramius-worker-000002 Ready 24m v1.29.1 +ramius-controller-0 Ready 24m v1.29.2 +ramius-worker-000001 Ready 25m v1.29.2 +ramius-worker-000002 Ready 24m v1.29.2 ``` List the pods. diff --git a/docs/flatcar-linux/bare-metal.md b/docs/flatcar-linux/bare-metal.md index 6ff08962..875226db 100644 --- a/docs/flatcar-linux/bare-metal.md +++ b/docs/flatcar-linux/bare-metal.md @@ -1,6 +1,6 @@ # Bare-Metal -In this tutorial, we'll network boot and provision a Kubernetes v1.29.1 cluster on bare-metal with Flatcar Linux. +In this tutorial, we'll network boot and provision a Kubernetes v1.29.2 cluster on bare-metal with Flatcar Linux. First, we'll deploy a [Matchbox](https://github.com/poseidon/matchbox) service and setup a network boot environment. Then, we'll declare a Kubernetes cluster using the Typhoon Terraform module and power on machines. On PXE boot, machines will install Container Linux to disk, reboot into the disk install, and provision themselves as Kubernetes controllers or workers via Ignition. @@ -154,7 +154,7 @@ Define a Kubernetes cluster using the module `bare-metal/flatcar-linux/kubernete ```tf module "mercury" { - source = "git::https://github.com/poseidon/typhoon//bare-metal/flatcar-linux/kubernetes?ref=v1.29.1" + source = "git::https://github.com/poseidon/typhoon//bare-metal/flatcar-linux/kubernetes?ref=v1.29.2" # bare-metal cluster_name = "mercury" @@ -194,7 +194,7 @@ Workers with similar features can be defined inline using the `workers` field as ```tf module "mercury-node1" { - source = "git::https://github.com/poseidon/typhoon//bare-metal/fedora-coreos/kubernetes/worker?ref=v1.29.1" + source = "git::https://github.com/poseidon/typhoon//bare-metal/fedora-coreos/kubernetes/worker?ref=v1.29.2" # bare-metal cluster_name = "mercury" @@ -323,9 +323,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/mercury-config $ kubectl get nodes NAME STATUS ROLES AGE VERSION -node1.example.com Ready 10m v1.29.1 -node2.example.com Ready 10m v1.29.1 -node3.example.com Ready 10m v1.29.1 +node1.example.com Ready 10m v1.29.2 +node2.example.com Ready 10m v1.29.2 +node3.example.com Ready 10m v1.29.2 ``` List the pods. diff --git a/docs/flatcar-linux/digitalocean.md b/docs/flatcar-linux/digitalocean.md index 78696b71..c0e98247 100644 --- a/docs/flatcar-linux/digitalocean.md +++ b/docs/flatcar-linux/digitalocean.md @@ -1,6 +1,6 @@ # DigitalOcean -In this tutorial, we'll create a Kubernetes v1.29.1 cluster on DigitalOcean with Flatcar Linux. +In this tutorial, we'll create a Kubernetes v1.29.2 cluster on DigitalOcean with Flatcar Linux. We'll declare a Kubernetes cluster using the Typhoon Terraform module. Then apply the changes to create controller droplets, worker droplets, DNS records, tags, and TLS assets. @@ -81,7 +81,7 @@ Define a Kubernetes cluster using the module `digital-ocean/flatcar-linux/kubern ```tf module "nemo" { - source = "git::https://github.com/poseidon/typhoon//digital-ocean/flatcar-linux/kubernetes?ref=v1.29.1" + source = "git::https://github.com/poseidon/typhoon//digital-ocean/flatcar-linux/kubernetes?ref=v1.29.2" # Digital Ocean cluster_name = "nemo" @@ -155,9 +155,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/nemo-config $ kubectl get nodes NAME STATUS ROLES AGE VERSION -10.132.110.130 Ready 10m v1.29.1 -10.132.115.81 Ready 10m v1.29.1 -10.132.124.107 Ready 10m v1.29.1 +10.132.110.130 Ready 10m v1.29.2 +10.132.115.81 Ready 10m v1.29.2 +10.132.124.107 Ready 10m v1.29.2 ``` List the pods. diff --git a/docs/flatcar-linux/google-cloud.md b/docs/flatcar-linux/google-cloud.md index 115faba8..7415e591 100644 --- a/docs/flatcar-linux/google-cloud.md +++ b/docs/flatcar-linux/google-cloud.md @@ -1,6 +1,6 @@ # Google Cloud -In this tutorial, we'll create a Kubernetes v1.29.1 cluster on Google Compute Engine with Flatcar Linux. +In this tutorial, we'll create a Kubernetes v1.29.2 cluster on Google Compute Engine with Flatcar Linux. We'll declare a Kubernetes cluster using the Typhoon Terraform module. Then apply the changes to create a network, firewall rules, health checks, controller instances, worker managed instance group, load balancers, and TLS assets. @@ -73,7 +73,7 @@ Define a Kubernetes cluster using the module `google-cloud/flatcar-linux/kuberne ```tf module "yavin" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/flatcar-linux/kubernetes?ref=v1.29.1" + source = "git::https://github.com/poseidon/typhoon//google-cloud/flatcar-linux/kubernetes?ref=v1.29.2" # Google Cloud cluster_name = "yavin" @@ -147,9 +147,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/yavin-config $ kubectl get nodes NAME ROLES STATUS AGE VERSION -yavin-controller-0.c.example-com.internal Ready 6m v1.29.1 -yavin-worker-jrbf.c.example-com.internal Ready 5m v1.29.1 -yavin-worker-mzdm.c.example-com.internal Ready 5m v1.29.1 +yavin-controller-0.c.example-com.internal Ready 6m v1.29.2 +yavin-worker-jrbf.c.example-com.internal Ready 5m v1.29.2 +yavin-worker-mzdm.c.example-com.internal Ready 5m v1.29.2 ``` List the pods. diff --git a/docs/index.md b/docs/index.md index 83f095d6..5d4216b1 100644 --- a/docs/index.md +++ b/docs/index.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.29.1 (upstream) +* Kubernetes v1.29.2 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/), SELinux enforcing * Advanced features like [worker pools](advanced/worker-pools/), [preemptible](fedora-coreos/google-cloud/#preemption) workers, and [snippets](advanced/customization/#hosts) customization @@ -62,7 +62,7 @@ Define a Kubernetes cluster by using the Terraform module for your chosen platfo ```tf module "yavin" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.29.1" + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.29.2" # Google Cloud cluster_name = "yavin" @@ -100,9 +100,9 @@ In 4-8 minutes (varies by platform), the cluster will be ready. This Google Clou $ export KUBECONFIG=/home/user/.kube/configs/yavin-config $ kubectl get nodes NAME ROLES STATUS AGE VERSION -yavin-controller-0.c.example-com.internal Ready 6m v1.29.1 -yavin-worker-jrbf.c.example-com.internal Ready 5m v1.29.1 -yavin-worker-mzdm.c.example-com.internal Ready 5m v1.29.1 +yavin-controller-0.c.example-com.internal Ready 6m v1.29.2 +yavin-worker-jrbf.c.example-com.internal Ready 5m v1.29.2 +yavin-worker-mzdm.c.example-com.internal Ready 5m v1.29.2 ``` List the pods. diff --git a/docs/topics/maintenance.md b/docs/topics/maintenance.md index a9005256..e4efda20 100644 --- a/docs/topics/maintenance.md +++ b/docs/topics/maintenance.md @@ -13,12 +13,12 @@ Typhoon provides tagged releases to allow clusters to be versioned using ordinar ``` module "yavin" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.29.1" + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.29.2" ... } module "mercury" { - source = "git::https://github.com/poseidon/typhoon//bare-metal/flatcar-linux/kubernetes?ref=v1.29.1" + source = "git::https://github.com/poseidon/typhoon//bare-metal/flatcar-linux/kubernetes?ref=v1.29.2" ... } ``` @@ -192,7 +192,7 @@ Applying edits to most worker fields will start an instance refresh: However, changing `os_stream`/`os_channel` or new AMIs becoming available will NOT change the launch configuration or trigger an Instance Refresh. This allows Fedora CoreOS or Flatcar Linux to auto-update themselves via reboots and avoids unexpected terraform diffs for new AMIs. !!! note - Before Typhoon v1.29.1, worker nodes only used new launch configurations when replaced manually (or due to failure). If you must change node configuration manually, it's still possible. Create a new [worker pool](../advanced/worker-pools.md), then scale down the old worker pool as desired. + Before Typhoon v1.29.2, worker nodes only used new launch configurations when replaced manually (or due to failure). If you must change node configuration manually, it's still possible. Create a new [worker pool](../advanced/worker-pools.md), then scale down the old worker pool as desired. ### Google Cloud @@ -233,7 +233,7 @@ Applying edits to most worker fields will start an instance refresh: However, changing `os_stream`/`os_channel` or new compute images becoming available will NOT change the launch template or update instances. This allows Fedora CoreOS or Flatcar Linux to auto-update themselves via reboots and avoids unexpected terraform diffs for new AMIs. !!! note - Before Typhoon v1.29.1, worker nodes only used new launch templates when replaced manually (or due to failure). If you must change node configuration manually, it's still possible. Create a new [worker pool](../advanced/worker-pools.md), then scale down the old worker pool as desired. + Before Typhoon v1.29.2, worker nodes only used new launch templates when replaced manually (or due to failure). If you must change node configuration manually, it's still possible. Create a new [worker pool](../advanced/worker-pools.md), then scale down the old worker pool as desired. ## Upgrade poseidon/ct diff --git a/google-cloud/fedora-coreos/kubernetes/README.md b/google-cloud/fedora-coreos/kubernetes/README.md index 2a76c822..c1542c71 100644 --- a/google-cloud/fedora-coreos/kubernetes/README.md +++ b/google-cloud/fedora-coreos/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.29.1 (upstream) +* Kubernetes v1.29.2 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/), SELinux enforcing * Advanced features like [worker pools](https://typhoon.psdn.io/advanced/worker-pools/), [preemptible](https://typhoon.psdn.io/fedora-coreos/google-cloud/#preemption) workers, and [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/google-cloud/fedora-coreos/kubernetes/bootstrap.tf b/google-cloud/fedora-coreos/kubernetes/bootstrap.tf index e89dac44..2cb81bc1 100644 --- a/google-cloud/fedora-coreos/kubernetes/bootstrap.tf +++ b/google-cloud/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=acc7460fcc2577ee2a5e81351e53bb183e36979a" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=2909ea9da3c600fb0f858b168e0799343438d6d9" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/google-cloud/fedora-coreos/kubernetes/butane/controller.yaml b/google-cloud/fedora-coreos/kubernetes/butane/controller.yaml index 88ecad46..93b7af44 100644 --- a/google-cloud/fedora-coreos/kubernetes/butane/controller.yaml +++ b/google-cloud/fedora-coreos/kubernetes/butane/controller.yaml @@ -54,7 +54,7 @@ systemd: Description=Kubelet (System Container) Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.1 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.2 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin @@ -111,7 +111,7 @@ systemd: --volume /opt/bootstrap/assets:/assets:ro,Z \ --volume /opt/bootstrap/apply:/apply:ro,Z \ --entrypoint=/apply \ - quay.io/poseidon/kubelet:v1.29.1 + quay.io/poseidon/kubelet:v1.29.2 ExecStartPost=/bin/touch /opt/bootstrap/bootstrap.done ExecStartPost=-/usr/bin/podman stop bootstrap storage: diff --git a/google-cloud/fedora-coreos/kubernetes/workers/butane/worker.yaml b/google-cloud/fedora-coreos/kubernetes/workers/butane/worker.yaml index 310aea06..7084984f 100644 --- a/google-cloud/fedora-coreos/kubernetes/workers/butane/worker.yaml +++ b/google-cloud/fedora-coreos/kubernetes/workers/butane/worker.yaml @@ -26,7 +26,7 @@ systemd: Description=Kubelet (System Container) Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.1 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.2 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin diff --git a/google-cloud/flatcar-linux/kubernetes/README.md b/google-cloud/flatcar-linux/kubernetes/README.md index 8c15a736..22f705f8 100644 --- a/google-cloud/flatcar-linux/kubernetes/README.md +++ b/google-cloud/flatcar-linux/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.29.1 (upstream) +* Kubernetes v1.29.2 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/) * Advanced features like [worker pools](https://typhoon.psdn.io/advanced/worker-pools/), [preemptible](https://typhoon.psdn.io/flatcar-linux/google-cloud/#preemption) workers, and [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/google-cloud/flatcar-linux/kubernetes/bootstrap.tf b/google-cloud/flatcar-linux/kubernetes/bootstrap.tf index e89dac44..2cb81bc1 100644 --- a/google-cloud/flatcar-linux/kubernetes/bootstrap.tf +++ b/google-cloud/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=acc7460fcc2577ee2a5e81351e53bb183e36979a" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=2909ea9da3c600fb0f858b168e0799343438d6d9" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/google-cloud/flatcar-linux/kubernetes/butane/controller.yaml b/google-cloud/flatcar-linux/kubernetes/butane/controller.yaml index c8af6f49..30c1462f 100644 --- a/google-cloud/flatcar-linux/kubernetes/butane/controller.yaml +++ b/google-cloud/flatcar-linux/kubernetes/butane/controller.yaml @@ -56,7 +56,7 @@ systemd: After=docker.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.1 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.2 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin @@ -105,7 +105,7 @@ systemd: Type=oneshot RemainAfterExit=true WorkingDirectory=/opt/bootstrap - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.1 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.2 ExecStart=/usr/bin/docker run \ -v /etc/kubernetes/pki:/etc/kubernetes/pki:ro \ -v /opt/bootstrap/assets:/assets:ro \ diff --git a/google-cloud/flatcar-linux/kubernetes/workers/butane/worker.yaml b/google-cloud/flatcar-linux/kubernetes/workers/butane/worker.yaml index 98d4616a..4e73efeb 100644 --- a/google-cloud/flatcar-linux/kubernetes/workers/butane/worker.yaml +++ b/google-cloud/flatcar-linux/kubernetes/workers/butane/worker.yaml @@ -28,7 +28,7 @@ systemd: After=docker.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.1 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.2 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin From 0e7977694ff9147a17612750ca50ef07bd711da6 Mon Sep 17 00:00:00 2001 From: Dalton Hubble Date: Fri, 23 Feb 2024 22:53:21 -0800 Subject: [PATCH 020/132] Allow CNI networking to be set to none * Set CNI networking to "none" to skip installing any CNI provider (i.e. no flannel, Calico, or Cilium). In this mode, cluster nodes will be NotReady until you add your own CNI stack * Motivation: I now tend to manage CNI components as addon modules just like other applications overlaid onto a cluster. It allows for faster iteration and may eventually become the recommendation --- CHANGES.md | 1 + README.md | 7 ++++++- aws/fedora-coreos/kubernetes/butane/controller.yaml | 4 ++-- aws/flatcar-linux/kubernetes/butane/controller.yaml | 4 ++-- azure/fedora-coreos/kubernetes/butane/controller.yaml | 4 ++-- azure/flatcar-linux/kubernetes/butane/controller.yaml | 4 ++-- bare-metal/fedora-coreos/kubernetes/butane/controller.yaml | 4 ++-- bare-metal/flatcar-linux/kubernetes/butane/controller.yaml | 4 ++-- .../fedora-coreos/kubernetes/butane/controller.yaml | 4 ++-- .../flatcar-linux/kubernetes/butane/controller.yaml | 4 ++-- .../fedora-coreos/kubernetes/butane/controller.yaml | 4 ++-- .../flatcar-linux/kubernetes/butane/controller.yaml | 4 ++-- 12 files changed, 27 insertions(+), 21 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index d013160a..0e5177f5 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -8,6 +8,7 @@ Notable changes between versions. * Kubernetes [v1.29.2](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.29.md#v1292) * Update flannel from v0.22.2 to [v0.24.2](https://github.com/flannel-io/flannel/releases/tag/v0.24.2) +* Allow CNI `networking` to be set to "none" to skip bootstrapping flannel, Calico, or Cilium ([#1419](https://github.com/poseidon/typhoon/pull/1419)) ## v1.29.1 diff --git a/README.md b/README.md index 58a62182..8fa49a89 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,9 @@ -# Typhoon [![Release](https://img.shields.io/github/v/release/poseidon/typhoon)](https://github.com/poseidon/typhoon/releases) [![Stars](https://img.shields.io/github/stars/poseidon/typhoon)](https://github.com/poseidon/typhoon/stargazers) [![Sponsors](https://img.shields.io/github/sponsors/poseidon?logo=github)](https://github.com/sponsors/poseidon) [![Mastodon](https://img.shields.io/badge/follow-news-6364ff?logo=mastodon)](https://fosstodon.org/@typhoon) +# Typhoon + +[![Release](https://img.shields.io/github/v/release/poseidon/typhoon?style=flat-square)](https://github.com/poseidon/typhoon/releases) +[![Stars](https://img.shields.io/github/stars/poseidon/typhoon?style=flat-square)](https://github.com/poseidon/typhoon/stargazers) +[![Sponsors](https://img.shields.io/github/sponsors/poseidon?logo=github&style=flat-square)](https://github.com/sponsors/poseidon) +[![Mastodon](https://img.shields.io/badge/follow-news-6364ff?logo=mastodon&style=flat-square)](https://fosstodon.org/@typhoon) diff --git a/aws/fedora-coreos/kubernetes/butane/controller.yaml b/aws/fedora-coreos/kubernetes/butane/controller.yaml index 1c89c359..636498c8 100644 --- a/aws/fedora-coreos/kubernetes/butane/controller.yaml +++ b/aws/fedora-coreos/kubernetes/butane/controller.yaml @@ -177,8 +177,8 @@ storage: mv static-manifests/* /etc/kubernetes/manifests/ mkdir -p /opt/bootstrap/assets mv manifests /opt/bootstrap/assets/manifests - mv manifests-networking/* /opt/bootstrap/assets/manifests/ - rm -rf assets auth static-manifests tls manifests-networking + mv manifests-networking/* /opt/bootstrap/assets/manifests/ 2>/dev/null || true + rm -rf assets auth static-manifests tls manifests manifests-networking chcon -R -u system_u -t container_file_t /etc/kubernetes/pki - path: /opt/bootstrap/apply mode: 0544 diff --git a/aws/flatcar-linux/kubernetes/butane/controller.yaml b/aws/flatcar-linux/kubernetes/butane/controller.yaml index 0cfc11f3..b1cec1c4 100644 --- a/aws/flatcar-linux/kubernetes/butane/controller.yaml +++ b/aws/flatcar-linux/kubernetes/butane/controller.yaml @@ -177,8 +177,8 @@ storage: mv static-manifests/* /etc/kubernetes/manifests/ mkdir -p /opt/bootstrap/assets mv manifests /opt/bootstrap/assets/manifests - mv manifests-networking/* /opt/bootstrap/assets/manifests/ - rm -rf assets auth static-manifests tls manifests-networking + mv manifests-networking/* /opt/bootstrap/assets/manifests/ 2>/dev/null || true + rm -rf assets auth static-manifests tls manifests manifests-networking - path: /opt/bootstrap/apply mode: 0544 contents: diff --git a/azure/fedora-coreos/kubernetes/butane/controller.yaml b/azure/fedora-coreos/kubernetes/butane/controller.yaml index 893d44c9..e93486af 100644 --- a/azure/fedora-coreos/kubernetes/butane/controller.yaml +++ b/azure/fedora-coreos/kubernetes/butane/controller.yaml @@ -172,8 +172,8 @@ storage: mv static-manifests/* /etc/kubernetes/manifests/ mkdir -p /opt/bootstrap/assets mv manifests /opt/bootstrap/assets/manifests - mv manifests-networking/* /opt/bootstrap/assets/manifests/ - rm -rf assets auth static-manifests tls manifests-networking + mv manifests-networking/* /opt/bootstrap/assets/manifests/ 2>/dev/null || true + rm -rf assets auth static-manifests tls manifests-networking manifests chcon -R -u system_u -t container_file_t /etc/kubernetes/pki - path: /opt/bootstrap/apply mode: 0544 diff --git a/azure/flatcar-linux/kubernetes/butane/controller.yaml b/azure/flatcar-linux/kubernetes/butane/controller.yaml index 8f9a7e7d..26b02ab3 100644 --- a/azure/flatcar-linux/kubernetes/butane/controller.yaml +++ b/azure/flatcar-linux/kubernetes/butane/controller.yaml @@ -173,8 +173,8 @@ storage: mv static-manifests/* /etc/kubernetes/manifests/ mkdir -p /opt/bootstrap/assets mv manifests /opt/bootstrap/assets/manifests - mv manifests-networking/* /opt/bootstrap/assets/manifests/ - rm -rf assets auth static-manifests tls manifests-networking + mv manifests-networking/* /opt/bootstrap/assets/manifests/ 2>/dev/null || true + rm -rf assets auth static-manifests tls manifests-networking manifests - path: /opt/bootstrap/apply mode: 0544 contents: diff --git a/bare-metal/fedora-coreos/kubernetes/butane/controller.yaml b/bare-metal/fedora-coreos/kubernetes/butane/controller.yaml index 52c442f6..a91af370 100644 --- a/bare-metal/fedora-coreos/kubernetes/butane/controller.yaml +++ b/bare-metal/fedora-coreos/kubernetes/butane/controller.yaml @@ -182,8 +182,8 @@ storage: mv static-manifests/* /etc/kubernetes/manifests/ mkdir -p /opt/bootstrap/assets mv manifests /opt/bootstrap/assets/manifests - mv manifests-networking/* /opt/bootstrap/assets/manifests/ - rm -rf assets auth static-manifests tls manifests-networking + mv manifests-networking/* /opt/bootstrap/assets/manifests/ 2>/dev/null || true + rm -rf assets auth static-manifests tls manifests-networking manifests chcon -R -u system_u -t container_file_t /etc/kubernetes/pki - path: /opt/bootstrap/apply mode: 0544 diff --git a/bare-metal/flatcar-linux/kubernetes/butane/controller.yaml b/bare-metal/flatcar-linux/kubernetes/butane/controller.yaml index 040ee557..4eb70071 100644 --- a/bare-metal/flatcar-linux/kubernetes/butane/controller.yaml +++ b/bare-metal/flatcar-linux/kubernetes/butane/controller.yaml @@ -184,8 +184,8 @@ storage: mv static-manifests/* /etc/kubernetes/manifests/ mkdir -p /opt/bootstrap/assets mv manifests /opt/bootstrap/assets/manifests - mv manifests-networking/* /opt/bootstrap/assets/manifests/ - rm -rf assets auth static-manifests tls manifests-networking + mv manifests-networking/* /opt/bootstrap/assets/manifests/ 2>/dev/null || true + rm -rf assets auth static-manifests tls manifests-networking manifests - path: /opt/bootstrap/apply mode: 0544 contents: diff --git a/digital-ocean/fedora-coreos/kubernetes/butane/controller.yaml b/digital-ocean/fedora-coreos/kubernetes/butane/controller.yaml index e79a83ab..8695daec 100644 --- a/digital-ocean/fedora-coreos/kubernetes/butane/controller.yaml +++ b/digital-ocean/fedora-coreos/kubernetes/butane/controller.yaml @@ -179,8 +179,8 @@ storage: mv static-manifests/* /etc/kubernetes/manifests/ mkdir -p /opt/bootstrap/assets mv manifests /opt/bootstrap/assets/manifests - mv manifests-networking/* /opt/bootstrap/assets/manifests/ - rm -rf assets auth static-manifests tls manifests-networking + mv manifests-networking/* /opt/bootstrap/assets/manifests/ 2>/dev/null || true + rm -rf assets auth static-manifests tls manifests-networking manifests chcon -R -u system_u -t container_file_t /etc/kubernetes/pki - path: /opt/bootstrap/apply mode: 0544 diff --git a/digital-ocean/flatcar-linux/kubernetes/butane/controller.yaml b/digital-ocean/flatcar-linux/kubernetes/butane/controller.yaml index a7ec4183..eea709b1 100644 --- a/digital-ocean/flatcar-linux/kubernetes/butane/controller.yaml +++ b/digital-ocean/flatcar-linux/kubernetes/butane/controller.yaml @@ -182,8 +182,8 @@ storage: mv static-manifests/* /etc/kubernetes/manifests/ mkdir -p /opt/bootstrap/assets mv manifests /opt/bootstrap/assets/manifests - mv manifests-networking/* /opt/bootstrap/assets/manifests/ - rm -rf assets auth static-manifests tls manifests-networking + mv manifests-networking/* /opt/bootstrap/assets/manifests/ 2>/dev/null || true + rm -rf assets auth static-manifests tls manifests-networking manifests - path: /opt/bootstrap/apply mode: 0544 contents: diff --git a/google-cloud/fedora-coreos/kubernetes/butane/controller.yaml b/google-cloud/fedora-coreos/kubernetes/butane/controller.yaml index 93b7af44..c8500578 100644 --- a/google-cloud/fedora-coreos/kubernetes/butane/controller.yaml +++ b/google-cloud/fedora-coreos/kubernetes/butane/controller.yaml @@ -171,8 +171,8 @@ storage: mv static-manifests/* /etc/kubernetes/manifests/ mkdir -p /opt/bootstrap/assets mv manifests /opt/bootstrap/assets/manifests - mv manifests-networking/* /opt/bootstrap/assets/manifests/ - rm -rf assets auth static-manifests tls manifests-networking + mv manifests-networking/* /opt/bootstrap/assets/manifests/ 2>/dev/null || true + rm -rf assets auth static-manifests tls manifests-networking manifests chcon -R -u system_u -t container_file_t /etc/kubernetes/pki - path: /opt/bootstrap/apply mode: 0544 diff --git a/google-cloud/flatcar-linux/kubernetes/butane/controller.yaml b/google-cloud/flatcar-linux/kubernetes/butane/controller.yaml index 30c1462f..2ce2c085 100644 --- a/google-cloud/flatcar-linux/kubernetes/butane/controller.yaml +++ b/google-cloud/flatcar-linux/kubernetes/butane/controller.yaml @@ -172,8 +172,8 @@ storage: mv static-manifests/* /etc/kubernetes/manifests/ mkdir -p /opt/bootstrap/assets mv manifests /opt/bootstrap/assets/manifests - mv manifests-networking/* /opt/bootstrap/assets/manifests/ - rm -rf assets auth static-manifests tls manifests-networking + mv manifests-networking/* /opt/bootstrap/assets/manifests/ 2>/dev/null || true + rm -rf assets auth static-manifests tls manifests-networking manifests - path: /opt/bootstrap/apply mode: 0544 contents: From 7a46eb03ae3928e7141ce01ce04eac81253af8b3 Mon Sep 17 00:00:00 2001 From: Dalton Hubble Date: Fri, 23 Feb 2024 22:59:31 -0800 Subject: [PATCH 021/132] Update Cilium from v1.14.3 to v1.15.1 * https://github.com/cilium/cilium/releases/tag/v1.15.1 --- CHANGES.md | 1 + aws/fedora-coreos/kubernetes/bootstrap.tf | 2 +- aws/flatcar-linux/kubernetes/bootstrap.tf | 2 +- azure/fedora-coreos/kubernetes/bootstrap.tf | 2 +- azure/flatcar-linux/kubernetes/bootstrap.tf | 2 +- bare-metal/fedora-coreos/kubernetes/bootstrap.tf | 2 +- bare-metal/flatcar-linux/kubernetes/bootstrap.tf | 2 +- digital-ocean/fedora-coreos/kubernetes/bootstrap.tf | 2 +- digital-ocean/flatcar-linux/kubernetes/bootstrap.tf | 2 +- google-cloud/fedora-coreos/kubernetes/bootstrap.tf | 2 +- google-cloud/flatcar-linux/kubernetes/bootstrap.tf | 2 +- 11 files changed, 11 insertions(+), 10 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index 0e5177f5..ac406b42 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -7,6 +7,7 @@ Notable changes between versions. ## v1.29.2 * Kubernetes [v1.29.2](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.29.md#v1292) +* Update Cilium from v1.14.3 to [v1.15.1](https://github.com/cilium/cilium/releases/tag/v1.15.1) * Update flannel from v0.22.2 to [v0.24.2](https://github.com/flannel-io/flannel/releases/tag/v0.24.2) * Allow CNI `networking` to be set to "none" to skip bootstrapping flannel, Calico, or Cilium ([#1419](https://github.com/poseidon/typhoon/pull/1419)) diff --git a/aws/fedora-coreos/kubernetes/bootstrap.tf b/aws/fedora-coreos/kubernetes/bootstrap.tf index 902c2504..24cc5f08 100644 --- a/aws/fedora-coreos/kubernetes/bootstrap.tf +++ b/aws/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=2909ea9da3c600fb0f858b168e0799343438d6d9" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=da65b4816d47cada5ed08da93009055b070bbee7" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/aws/flatcar-linux/kubernetes/bootstrap.tf b/aws/flatcar-linux/kubernetes/bootstrap.tf index 902c2504..24cc5f08 100644 --- a/aws/flatcar-linux/kubernetes/bootstrap.tf +++ b/aws/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=2909ea9da3c600fb0f858b168e0799343438d6d9" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=da65b4816d47cada5ed08da93009055b070bbee7" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/azure/fedora-coreos/kubernetes/bootstrap.tf b/azure/fedora-coreos/kubernetes/bootstrap.tf index d0771e17..16cc0c16 100644 --- a/azure/fedora-coreos/kubernetes/bootstrap.tf +++ b/azure/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=2909ea9da3c600fb0f858b168e0799343438d6d9" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=da65b4816d47cada5ed08da93009055b070bbee7" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/azure/flatcar-linux/kubernetes/bootstrap.tf b/azure/flatcar-linux/kubernetes/bootstrap.tf index d0771e17..16cc0c16 100644 --- a/azure/flatcar-linux/kubernetes/bootstrap.tf +++ b/azure/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=2909ea9da3c600fb0f858b168e0799343438d6d9" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=da65b4816d47cada5ed08da93009055b070bbee7" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/bare-metal/fedora-coreos/kubernetes/bootstrap.tf b/bare-metal/fedora-coreos/kubernetes/bootstrap.tf index a7a83c6f..9ce564bd 100644 --- a/bare-metal/fedora-coreos/kubernetes/bootstrap.tf +++ b/bare-metal/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=2909ea9da3c600fb0f858b168e0799343438d6d9" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=da65b4816d47cada5ed08da93009055b070bbee7" cluster_name = var.cluster_name api_servers = [var.k8s_domain_name] diff --git a/bare-metal/flatcar-linux/kubernetes/bootstrap.tf b/bare-metal/flatcar-linux/kubernetes/bootstrap.tf index 6810a617..ecc38fbb 100644 --- a/bare-metal/flatcar-linux/kubernetes/bootstrap.tf +++ b/bare-metal/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=2909ea9da3c600fb0f858b168e0799343438d6d9" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=da65b4816d47cada5ed08da93009055b070bbee7" cluster_name = var.cluster_name api_servers = [var.k8s_domain_name] diff --git a/digital-ocean/fedora-coreos/kubernetes/bootstrap.tf b/digital-ocean/fedora-coreos/kubernetes/bootstrap.tf index f6f928a9..b7fd4273 100644 --- a/digital-ocean/fedora-coreos/kubernetes/bootstrap.tf +++ b/digital-ocean/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=2909ea9da3c600fb0f858b168e0799343438d6d9" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=da65b4816d47cada5ed08da93009055b070bbee7" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/digital-ocean/flatcar-linux/kubernetes/bootstrap.tf b/digital-ocean/flatcar-linux/kubernetes/bootstrap.tf index f6f928a9..b7fd4273 100644 --- a/digital-ocean/flatcar-linux/kubernetes/bootstrap.tf +++ b/digital-ocean/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=2909ea9da3c600fb0f858b168e0799343438d6d9" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=da65b4816d47cada5ed08da93009055b070bbee7" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/google-cloud/fedora-coreos/kubernetes/bootstrap.tf b/google-cloud/fedora-coreos/kubernetes/bootstrap.tf index 2cb81bc1..f0b7e02f 100644 --- a/google-cloud/fedora-coreos/kubernetes/bootstrap.tf +++ b/google-cloud/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=2909ea9da3c600fb0f858b168e0799343438d6d9" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=da65b4816d47cada5ed08da93009055b070bbee7" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/google-cloud/flatcar-linux/kubernetes/bootstrap.tf b/google-cloud/flatcar-linux/kubernetes/bootstrap.tf index 2cb81bc1..f0b7e02f 100644 --- a/google-cloud/flatcar-linux/kubernetes/bootstrap.tf +++ b/google-cloud/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=2909ea9da3c600fb0f858b168e0799343438d6d9" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=da65b4816d47cada5ed08da93009055b070bbee7" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] From 2325a503e1a294792470d51d9f638a52bb1e700c Mon Sep 17 00:00:00 2001 From: Dalton Hubble Date: Sat, 24 Feb 2024 18:48:06 -0800 Subject: [PATCH 022/132] Add an `install_container_networking` variable (default `true`) * When `true`, the chosen container `networking` provider is installed during cluster bootstrap * Set `false` to self-manage the container networking provider. This allows flannel, Calico, or Cilium to be managed via Terraform (like any other Kubernetes resources). Nodes will be NotReady until you apply the self-managed container networking provider. This may become the default in future. --- CHANGES.md | 8 +++++++- aws/fedora-coreos/kubernetes/bootstrap.tf | 2 +- aws/fedora-coreos/kubernetes/variables.tf | 6 ++++++ aws/flatcar-linux/kubernetes/bootstrap.tf | 2 +- aws/flatcar-linux/kubernetes/variables.tf | 6 ++++++ azure/fedora-coreos/kubernetes/bootstrap.tf | 3 +-- azure/fedora-coreos/kubernetes/variables.tf | 6 ++++++ azure/flatcar-linux/kubernetes/bootstrap.tf | 3 +-- azure/flatcar-linux/kubernetes/variables.tf | 6 ++++++ bare-metal/fedora-coreos/kubernetes/bootstrap.tf | 2 +- bare-metal/fedora-coreos/kubernetes/variables.tf | 6 ++++++ bare-metal/flatcar-linux/kubernetes/bootstrap.tf | 2 +- bare-metal/flatcar-linux/kubernetes/variables.tf | 6 ++++++ digital-ocean/fedora-coreos/kubernetes/bootstrap.tf | 3 +-- digital-ocean/fedora-coreos/kubernetes/variables.tf | 6 ++++++ digital-ocean/flatcar-linux/kubernetes/bootstrap.tf | 3 +-- digital-ocean/flatcar-linux/kubernetes/variables.tf | 6 ++++++ google-cloud/fedora-coreos/kubernetes/bootstrap.tf | 2 +- google-cloud/fedora-coreos/kubernetes/variables.tf | 6 ++++++ google-cloud/flatcar-linux/kubernetes/bootstrap.tf | 2 +- google-cloud/flatcar-linux/kubernetes/variables.tf | 6 ++++++ 21 files changed, 77 insertions(+), 15 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index ac406b42..5ba612ec 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -9,7 +9,13 @@ Notable changes between versions. * Kubernetes [v1.29.2](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.29.md#v1292) * Update Cilium from v1.14.3 to [v1.15.1](https://github.com/cilium/cilium/releases/tag/v1.15.1) * Update flannel from v0.22.2 to [v0.24.2](https://github.com/flannel-io/flannel/releases/tag/v0.24.2) -* Allow CNI `networking` to be set to "none" to skip bootstrapping flannel, Calico, or Cilium ([#1419](https://github.com/poseidon/typhoon/pull/1419)) +* Add an `install_container_networking` variable (default `true`) + * When `true`, the chosen container `networking` provider is installed during cluster bootstrap + * Set `false` to self-manage the container networking provider. This allows flannel, Calico, or Cilium + to be managed via Terraform (like any other Kubernetes resources). Nodes will be NotReady until you + apply the self-managed container networking provider. This may become the default in future. + * Continue to set `networking` to one of the three supported container networking providers. Most + require custom firewall / security policies be present across nodes so they have some infra tie-ins. ## v1.29.1 diff --git a/aws/fedora-coreos/kubernetes/bootstrap.tf b/aws/fedora-coreos/kubernetes/bootstrap.tf index 24cc5f08..37f47553 100644 --- a/aws/fedora-coreos/kubernetes/bootstrap.tf +++ b/aws/fedora-coreos/kubernetes/bootstrap.tf @@ -5,7 +5,7 @@ module "bootstrap" { cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] etcd_servers = aws_route53_record.etcds.*.fqdn - networking = var.networking + networking = var.install_container_networking ? var.networking : "none" network_mtu = var.network_mtu pod_cidr = var.pod_cidr service_cidr = var.service_cidr diff --git a/aws/fedora-coreos/kubernetes/variables.tf b/aws/fedora-coreos/kubernetes/variables.tf index b8679bf9..52f6bd46 100644 --- a/aws/fedora-coreos/kubernetes/variables.tf +++ b/aws/fedora-coreos/kubernetes/variables.tf @@ -107,6 +107,12 @@ variable "networking" { default = "cilium" } +variable "install_container_networking" { + type = bool + description = "Install the chosen networking provider during cluster bootstrap (use false to self-manage)" + default = true +} + variable "network_mtu" { type = number description = "CNI interface MTU (applies to calico only). Use 8981 if using instances types with Jumbo frames." diff --git a/aws/flatcar-linux/kubernetes/bootstrap.tf b/aws/flatcar-linux/kubernetes/bootstrap.tf index 24cc5f08..37f47553 100644 --- a/aws/flatcar-linux/kubernetes/bootstrap.tf +++ b/aws/flatcar-linux/kubernetes/bootstrap.tf @@ -5,7 +5,7 @@ module "bootstrap" { cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] etcd_servers = aws_route53_record.etcds.*.fqdn - networking = var.networking + networking = var.install_container_networking ? var.networking : "none" network_mtu = var.network_mtu pod_cidr = var.pod_cidr service_cidr = var.service_cidr diff --git a/aws/flatcar-linux/kubernetes/variables.tf b/aws/flatcar-linux/kubernetes/variables.tf index 81e62ed2..25839dd6 100644 --- a/aws/flatcar-linux/kubernetes/variables.tf +++ b/aws/flatcar-linux/kubernetes/variables.tf @@ -107,6 +107,12 @@ variable "networking" { default = "cilium" } +variable "install_container_networking" { + type = bool + description = "Install the chosen networking provider during cluster bootstrap (use false to self-manage)" + default = true +} + variable "network_mtu" { type = number description = "CNI interface MTU (applies to calico only). Use 8981 if using instances types with Jumbo frames." diff --git a/azure/fedora-coreos/kubernetes/bootstrap.tf b/azure/fedora-coreos/kubernetes/bootstrap.tf index 16cc0c16..29ca8471 100644 --- a/azure/fedora-coreos/kubernetes/bootstrap.tf +++ b/azure/fedora-coreos/kubernetes/bootstrap.tf @@ -6,8 +6,7 @@ module "bootstrap" { api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] etcd_servers = formatlist("%s.%s", azurerm_dns_a_record.etcds.*.name, var.dns_zone) - networking = var.networking - + networking = var.install_container_networking ? var.networking : "none" # only effective with Calico networking # we should be able to use 1450 MTU, but in practice, 1410 was needed network_encapsulation = "vxlan" diff --git a/azure/fedora-coreos/kubernetes/variables.tf b/azure/fedora-coreos/kubernetes/variables.tf index 05ae4496..05e3050b 100644 --- a/azure/fedora-coreos/kubernetes/variables.tf +++ b/azure/fedora-coreos/kubernetes/variables.tf @@ -94,6 +94,12 @@ variable "networking" { default = "cilium" } +variable "install_container_networking" { + type = bool + description = "Install the chosen networking provider during cluster bootstrap (use false to self-manage)" + default = true +} + variable "host_cidr" { type = string description = "CIDR IPv4 range to assign to instances" diff --git a/azure/flatcar-linux/kubernetes/bootstrap.tf b/azure/flatcar-linux/kubernetes/bootstrap.tf index 16cc0c16..29ca8471 100644 --- a/azure/flatcar-linux/kubernetes/bootstrap.tf +++ b/azure/flatcar-linux/kubernetes/bootstrap.tf @@ -6,8 +6,7 @@ module "bootstrap" { api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] etcd_servers = formatlist("%s.%s", azurerm_dns_a_record.etcds.*.name, var.dns_zone) - networking = var.networking - + networking = var.install_container_networking ? var.networking : "none" # only effective with Calico networking # we should be able to use 1450 MTU, but in practice, 1410 was needed network_encapsulation = "vxlan" diff --git a/azure/flatcar-linux/kubernetes/variables.tf b/azure/flatcar-linux/kubernetes/variables.tf index 7b2dd15a..e14b871a 100644 --- a/azure/flatcar-linux/kubernetes/variables.tf +++ b/azure/flatcar-linux/kubernetes/variables.tf @@ -100,6 +100,12 @@ variable "networking" { default = "cilium" } +variable "install_container_networking" { + type = bool + description = "Install the chosen networking provider during cluster bootstrap (use false to self-manage)" + default = true +} + variable "host_cidr" { type = string description = "CIDR IPv4 range to assign to instances" diff --git a/bare-metal/fedora-coreos/kubernetes/bootstrap.tf b/bare-metal/fedora-coreos/kubernetes/bootstrap.tf index 9ce564bd..77d9b605 100644 --- a/bare-metal/fedora-coreos/kubernetes/bootstrap.tf +++ b/bare-metal/fedora-coreos/kubernetes/bootstrap.tf @@ -5,7 +5,7 @@ module "bootstrap" { cluster_name = var.cluster_name api_servers = [var.k8s_domain_name] etcd_servers = var.controllers.*.domain - networking = var.networking + networking = var.install_container_networking ? var.networking : "none" network_mtu = var.network_mtu network_ip_autodetection_method = var.network_ip_autodetection_method pod_cidr = var.pod_cidr diff --git a/bare-metal/fedora-coreos/kubernetes/variables.tf b/bare-metal/fedora-coreos/kubernetes/variables.tf index 943c2f0c..daee1916 100644 --- a/bare-metal/fedora-coreos/kubernetes/variables.tf +++ b/bare-metal/fedora-coreos/kubernetes/variables.tf @@ -92,6 +92,12 @@ variable "networking" { default = "cilium" } +variable "install_container_networking" { + type = bool + description = "Install the chosen networking provider during cluster bootstrap (use false to self-manage)" + default = true +} + variable "network_mtu" { type = number description = "CNI interface MTU (applies to calico only)" diff --git a/bare-metal/flatcar-linux/kubernetes/bootstrap.tf b/bare-metal/flatcar-linux/kubernetes/bootstrap.tf index ecc38fbb..d21f3a98 100644 --- a/bare-metal/flatcar-linux/kubernetes/bootstrap.tf +++ b/bare-metal/flatcar-linux/kubernetes/bootstrap.tf @@ -5,7 +5,7 @@ module "bootstrap" { cluster_name = var.cluster_name api_servers = [var.k8s_domain_name] etcd_servers = var.controllers.*.domain - networking = var.networking + networking = var.install_container_networking ? var.networking : "none" network_mtu = var.network_mtu network_ip_autodetection_method = var.network_ip_autodetection_method pod_cidr = var.pod_cidr diff --git a/bare-metal/flatcar-linux/kubernetes/variables.tf b/bare-metal/flatcar-linux/kubernetes/variables.tf index 2f379887..422a1a66 100644 --- a/bare-metal/flatcar-linux/kubernetes/variables.tf +++ b/bare-metal/flatcar-linux/kubernetes/variables.tf @@ -91,6 +91,12 @@ variable "networking" { default = "cilium" } +variable "install_container_networking" { + type = bool + description = "Install the chosen networking provider during cluster bootstrap (use false to self-manage)" + default = true +} + variable "network_mtu" { type = number description = "CNI interface MTU (applies to calico only)" diff --git a/digital-ocean/fedora-coreos/kubernetes/bootstrap.tf b/digital-ocean/fedora-coreos/kubernetes/bootstrap.tf index b7fd4273..17b238e0 100644 --- a/digital-ocean/fedora-coreos/kubernetes/bootstrap.tf +++ b/digital-ocean/fedora-coreos/kubernetes/bootstrap.tf @@ -6,8 +6,7 @@ module "bootstrap" { api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] etcd_servers = digitalocean_record.etcds.*.fqdn - networking = var.networking - + networking = var.install_container_networking ? var.networking : "none" # only effective with Calico networking network_encapsulation = "vxlan" network_mtu = "1450" diff --git a/digital-ocean/fedora-coreos/kubernetes/variables.tf b/digital-ocean/fedora-coreos/kubernetes/variables.tf index 4a6dd8ad..4dc67bd2 100644 --- a/digital-ocean/fedora-coreos/kubernetes/variables.tf +++ b/digital-ocean/fedora-coreos/kubernetes/variables.tf @@ -71,6 +71,12 @@ variable "networking" { default = "cilium" } +variable "install_container_networking" { + type = bool + description = "Install the chosen networking provider during cluster bootstrap (use false to self-manage)" + default = true +} + variable "pod_cidr" { type = string description = "CIDR IPv4 range to assign Kubernetes pods" diff --git a/digital-ocean/flatcar-linux/kubernetes/bootstrap.tf b/digital-ocean/flatcar-linux/kubernetes/bootstrap.tf index b7fd4273..17b238e0 100644 --- a/digital-ocean/flatcar-linux/kubernetes/bootstrap.tf +++ b/digital-ocean/flatcar-linux/kubernetes/bootstrap.tf @@ -6,8 +6,7 @@ module "bootstrap" { api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] etcd_servers = digitalocean_record.etcds.*.fqdn - networking = var.networking - + networking = var.install_container_networking ? var.networking : "none" # only effective with Calico networking network_encapsulation = "vxlan" network_mtu = "1450" diff --git a/digital-ocean/flatcar-linux/kubernetes/variables.tf b/digital-ocean/flatcar-linux/kubernetes/variables.tf index 7c755af6..3748b69b 100644 --- a/digital-ocean/flatcar-linux/kubernetes/variables.tf +++ b/digital-ocean/flatcar-linux/kubernetes/variables.tf @@ -71,6 +71,12 @@ variable "networking" { default = "cilium" } +variable "install_container_networking" { + type = bool + description = "Install the chosen networking provider during cluster bootstrap (use false to self-manage)" + default = true +} + variable "pod_cidr" { type = string description = "CIDR IPv4 range to assign Kubernetes pods" diff --git a/google-cloud/fedora-coreos/kubernetes/bootstrap.tf b/google-cloud/fedora-coreos/kubernetes/bootstrap.tf index f0b7e02f..dff45bcb 100644 --- a/google-cloud/fedora-coreos/kubernetes/bootstrap.tf +++ b/google-cloud/fedora-coreos/kubernetes/bootstrap.tf @@ -5,7 +5,7 @@ module "bootstrap" { cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] etcd_servers = [for fqdn in google_dns_record_set.etcds.*.name : trimsuffix(fqdn, ".")] - networking = var.networking + networking = var.install_container_networking ? var.networking : "none" network_mtu = 1440 pod_cidr = var.pod_cidr service_cidr = var.service_cidr diff --git a/google-cloud/fedora-coreos/kubernetes/variables.tf b/google-cloud/fedora-coreos/kubernetes/variables.tf index 4ea49983..ad561e13 100644 --- a/google-cloud/fedora-coreos/kubernetes/variables.tf +++ b/google-cloud/fedora-coreos/kubernetes/variables.tf @@ -94,6 +94,12 @@ variable "networking" { default = "cilium" } +variable "install_container_networking" { + type = bool + description = "Install the chosen networking provider during cluster bootstrap (use false to self-manage)" + default = true +} + variable "pod_cidr" { type = string description = "CIDR IPv4 range to assign Kubernetes pods" diff --git a/google-cloud/flatcar-linux/kubernetes/bootstrap.tf b/google-cloud/flatcar-linux/kubernetes/bootstrap.tf index f0b7e02f..dff45bcb 100644 --- a/google-cloud/flatcar-linux/kubernetes/bootstrap.tf +++ b/google-cloud/flatcar-linux/kubernetes/bootstrap.tf @@ -5,7 +5,7 @@ module "bootstrap" { cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] etcd_servers = [for fqdn in google_dns_record_set.etcds.*.name : trimsuffix(fqdn, ".")] - networking = var.networking + networking = var.install_container_networking ? var.networking : "none" network_mtu = 1440 pod_cidr = var.pod_cidr service_cidr = var.service_cidr diff --git a/google-cloud/flatcar-linux/kubernetes/variables.tf b/google-cloud/flatcar-linux/kubernetes/variables.tf index e13da824..3a510f49 100644 --- a/google-cloud/flatcar-linux/kubernetes/variables.tf +++ b/google-cloud/flatcar-linux/kubernetes/variables.tf @@ -94,6 +94,12 @@ variable "networking" { default = "cilium" } +variable "install_container_networking" { + type = bool + description = "Install the chosen networking provider during cluster bootstrap (use false to self-manage)" + default = true +} + variable "pod_cidr" { type = string description = "CIDR IPv4 range to assign Kubernetes pods" From ab66d11edf240cb5293e29779229c72010b891c7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 19 Feb 2024 17:45:12 +0000 Subject: [PATCH 023/132] Bump mkdocs-material from 9.5.9 to 9.5.10 Bumps [mkdocs-material](https://github.com/squidfunk/mkdocs-material) from 9.5.9 to 9.5.10. - [Release notes](https://github.com/squidfunk/mkdocs-material/releases) - [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG) - [Commits](https://github.com/squidfunk/mkdocs-material/compare/9.5.9...9.5.10) --- updated-dependencies: - dependency-name: mkdocs-material dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 146f90c4..d56ac6c8 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,4 +1,4 @@ mkdocs==1.5.3 -mkdocs-material==9.5.9 +mkdocs-material==9.5.10 pygments==2.17.2 pymdown-extensions==10.7 From 41907a0ba6260056571111e7bfb6914225ce280f Mon Sep 17 00:00:00 2001 From: Dalton Hubble Date: Sun, 25 Feb 2024 12:05:21 -0800 Subject: [PATCH 024/132] Update Calico from v3.26.3 to v3.27.2 * Update fixes Calico incompatibility with Fedora CoreOS Rel: https://github.com/projectcalico/calico/issues/8372 --- CHANGES.md | 2 ++ aws/fedora-coreos/kubernetes/bootstrap.tf | 2 +- aws/flatcar-linux/kubernetes/bootstrap.tf | 2 +- azure/fedora-coreos/kubernetes/bootstrap.tf | 2 +- azure/flatcar-linux/kubernetes/bootstrap.tf | 2 +- bare-metal/fedora-coreos/kubernetes/bootstrap.tf | 2 +- bare-metal/flatcar-linux/kubernetes/bootstrap.tf | 2 +- digital-ocean/fedora-coreos/kubernetes/bootstrap.tf | 2 +- digital-ocean/flatcar-linux/kubernetes/bootstrap.tf | 2 +- google-cloud/fedora-coreos/kubernetes/bootstrap.tf | 2 +- google-cloud/flatcar-linux/kubernetes/bootstrap.tf | 2 +- 11 files changed, 12 insertions(+), 10 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index 5ba612ec..65570a68 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -8,6 +8,8 @@ Notable changes between versions. * Kubernetes [v1.29.2](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.29.md#v1292) * Update Cilium from v1.14.3 to [v1.15.1](https://github.com/cilium/cilium/releases/tag/v1.15.1) +* Update Calico from v3.26.3 to [v3.27.2](https://github.com/projectcalico/calico/releases/tag/v3.27.2) + * Fix upstream incompatibility with Fedora CoreOS ([calico#8372](https://github.com/projectcalico/calico/issues/8372)) * Update flannel from v0.22.2 to [v0.24.2](https://github.com/flannel-io/flannel/releases/tag/v0.24.2) * Add an `install_container_networking` variable (default `true`) * When `true`, the chosen container `networking` provider is installed during cluster bootstrap diff --git a/aws/fedora-coreos/kubernetes/bootstrap.tf b/aws/fedora-coreos/kubernetes/bootstrap.tf index 37f47553..0313a7e3 100644 --- a/aws/fedora-coreos/kubernetes/bootstrap.tf +++ b/aws/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=da65b4816d47cada5ed08da93009055b070bbee7" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=e9d52a997e96f40ccaa58c61731f736417d98997" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/aws/flatcar-linux/kubernetes/bootstrap.tf b/aws/flatcar-linux/kubernetes/bootstrap.tf index 37f47553..0313a7e3 100644 --- a/aws/flatcar-linux/kubernetes/bootstrap.tf +++ b/aws/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=da65b4816d47cada5ed08da93009055b070bbee7" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=e9d52a997e96f40ccaa58c61731f736417d98997" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/azure/fedora-coreos/kubernetes/bootstrap.tf b/azure/fedora-coreos/kubernetes/bootstrap.tf index 29ca8471..6c3c1078 100644 --- a/azure/fedora-coreos/kubernetes/bootstrap.tf +++ b/azure/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=da65b4816d47cada5ed08da93009055b070bbee7" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=e9d52a997e96f40ccaa58c61731f736417d98997" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/azure/flatcar-linux/kubernetes/bootstrap.tf b/azure/flatcar-linux/kubernetes/bootstrap.tf index 29ca8471..6c3c1078 100644 --- a/azure/flatcar-linux/kubernetes/bootstrap.tf +++ b/azure/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=da65b4816d47cada5ed08da93009055b070bbee7" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=e9d52a997e96f40ccaa58c61731f736417d98997" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/bare-metal/fedora-coreos/kubernetes/bootstrap.tf b/bare-metal/fedora-coreos/kubernetes/bootstrap.tf index 77d9b605..33e4fa60 100644 --- a/bare-metal/fedora-coreos/kubernetes/bootstrap.tf +++ b/bare-metal/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=da65b4816d47cada5ed08da93009055b070bbee7" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=e9d52a997e96f40ccaa58c61731f736417d98997" cluster_name = var.cluster_name api_servers = [var.k8s_domain_name] diff --git a/bare-metal/flatcar-linux/kubernetes/bootstrap.tf b/bare-metal/flatcar-linux/kubernetes/bootstrap.tf index d21f3a98..f04be96e 100644 --- a/bare-metal/flatcar-linux/kubernetes/bootstrap.tf +++ b/bare-metal/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=da65b4816d47cada5ed08da93009055b070bbee7" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=e9d52a997e96f40ccaa58c61731f736417d98997" cluster_name = var.cluster_name api_servers = [var.k8s_domain_name] diff --git a/digital-ocean/fedora-coreos/kubernetes/bootstrap.tf b/digital-ocean/fedora-coreos/kubernetes/bootstrap.tf index 17b238e0..55a593d6 100644 --- a/digital-ocean/fedora-coreos/kubernetes/bootstrap.tf +++ b/digital-ocean/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=da65b4816d47cada5ed08da93009055b070bbee7" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=e9d52a997e96f40ccaa58c61731f736417d98997" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/digital-ocean/flatcar-linux/kubernetes/bootstrap.tf b/digital-ocean/flatcar-linux/kubernetes/bootstrap.tf index 17b238e0..55a593d6 100644 --- a/digital-ocean/flatcar-linux/kubernetes/bootstrap.tf +++ b/digital-ocean/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=da65b4816d47cada5ed08da93009055b070bbee7" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=e9d52a997e96f40ccaa58c61731f736417d98997" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/google-cloud/fedora-coreos/kubernetes/bootstrap.tf b/google-cloud/fedora-coreos/kubernetes/bootstrap.tf index dff45bcb..cc943b53 100644 --- a/google-cloud/fedora-coreos/kubernetes/bootstrap.tf +++ b/google-cloud/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=da65b4816d47cada5ed08da93009055b070bbee7" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=e9d52a997e96f40ccaa58c61731f736417d98997" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/google-cloud/flatcar-linux/kubernetes/bootstrap.tf b/google-cloud/flatcar-linux/kubernetes/bootstrap.tf index dff45bcb..cc943b53 100644 --- a/google-cloud/flatcar-linux/kubernetes/bootstrap.tf +++ b/google-cloud/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=da65b4816d47cada5ed08da93009055b070bbee7" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=e9d52a997e96f40ccaa58c61731f736417d98997" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] From ed82c414234dd83258a5f67fae3fe7c04ce9bcec Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 26 Feb 2024 17:07:04 +0000 Subject: [PATCH 025/132] Bump mkdocs-material from 9.5.10 to 9.5.11 Bumps [mkdocs-material](https://github.com/squidfunk/mkdocs-material) from 9.5.10 to 9.5.11. - [Release notes](https://github.com/squidfunk/mkdocs-material/releases) - [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG) - [Commits](https://github.com/squidfunk/mkdocs-material/compare/9.5.10...9.5.11) --- updated-dependencies: - dependency-name: mkdocs-material dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index d56ac6c8..35490370 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,4 +1,4 @@ mkdocs==1.5.3 -mkdocs-material==9.5.10 +mkdocs-material==9.5.11 pygments==2.17.2 pymdown-extensions==10.7 From e9c7c4a4c16c18d94373d3397aa31643fafb0080 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 4 Mar 2024 17:57:16 +0000 Subject: [PATCH 026/132] Bump mkdocs-material from 9.5.11 to 9.5.12 Bumps [mkdocs-material](https://github.com/squidfunk/mkdocs-material) from 9.5.11 to 9.5.12. - [Release notes](https://github.com/squidfunk/mkdocs-material/releases) - [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG) - [Commits](https://github.com/squidfunk/mkdocs-material/compare/9.5.11...9.5.12) --- updated-dependencies: - dependency-name: mkdocs-material dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 35490370..d7a7f9ca 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,4 +1,4 @@ mkdocs==1.5.3 -mkdocs-material==9.5.11 +mkdocs-material==9.5.12 pygments==2.17.2 pymdown-extensions==10.7 From 7af83404e130d811a31125f332caf12c1c90c6c2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 18 Mar 2024 17:38:05 +0000 Subject: [PATCH 027/132] Bump mkdocs-material from 9.5.12 to 9.5.14 Bumps [mkdocs-material](https://github.com/squidfunk/mkdocs-material) from 9.5.12 to 9.5.14. - [Release notes](https://github.com/squidfunk/mkdocs-material/releases) - [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG) - [Commits](https://github.com/squidfunk/mkdocs-material/compare/9.5.12...9.5.14) --- updated-dependencies: - dependency-name: mkdocs-material dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index d7a7f9ca..8de452d2 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,4 +1,4 @@ mkdocs==1.5.3 -mkdocs-material==9.5.12 +mkdocs-material==9.5.14 pygments==2.17.2 pymdown-extensions==10.7 From 803866950420b6a7eb9f51a5602564904eb192b9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 18 Mar 2024 22:27:10 +0000 Subject: [PATCH 028/132] Bump pymdown-extensions from 10.7 to 10.7.1 Bumps [pymdown-extensions](https://github.com/facelessuser/pymdown-extensions) from 10.7 to 10.7.1. - [Release notes](https://github.com/facelessuser/pymdown-extensions/releases) - [Commits](https://github.com/facelessuser/pymdown-extensions/compare/10.7...10.7.1) --- updated-dependencies: - dependency-name: pymdown-extensions dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 8de452d2..14be64f1 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,4 +1,4 @@ mkdocs==1.5.3 mkdocs-material==9.5.14 pygments==2.17.2 -pymdown-extensions==10.7 +pymdown-extensions==10.7.1 From fbe36b8b1677ecb304692851034613ee40c0c359 Mon Sep 17 00:00:00 2001 From: Dalton Hubble Date: Fri, 22 Mar 2024 11:18:33 -0700 Subject: [PATCH 029/132] Update Cilium and flannel container image versions * https://github.com/cilium/cilium/releases/tag/v1.15.2 * https://github.com/flannel-io/flannel/releases/tag/v0.24.4 --- CHANGES.md | 3 +++ aws/fedora-coreos/kubernetes/bootstrap.tf | 2 +- aws/flatcar-linux/kubernetes/bootstrap.tf | 2 +- azure/fedora-coreos/kubernetes/bootstrap.tf | 2 +- azure/flatcar-linux/kubernetes/bootstrap.tf | 2 +- bare-metal/fedora-coreos/kubernetes/bootstrap.tf | 2 +- bare-metal/flatcar-linux/kubernetes/bootstrap.tf | 2 +- digital-ocean/fedora-coreos/kubernetes/bootstrap.tf | 2 +- digital-ocean/flatcar-linux/kubernetes/bootstrap.tf | 2 +- google-cloud/fedora-coreos/kubernetes/bootstrap.tf | 2 +- google-cloud/flatcar-linux/kubernetes/bootstrap.tf | 2 +- 11 files changed, 13 insertions(+), 10 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index 65570a68..b1dabf2a 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -4,6 +4,9 @@ Notable changes between versions. ## Latest +* Update Cilium from v1.15.1 to [v1.15.2](https://github.com/cilium/cilium/releases/tag/v1.15.2) +* Update flannel from v0.24.2 to [v0.24.4](https://github.com/flannel-io/flannel/releases/tag/v0.24.4) + ## v1.29.2 * Kubernetes [v1.29.2](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.29.md#v1292) diff --git a/aws/fedora-coreos/kubernetes/bootstrap.tf b/aws/fedora-coreos/kubernetes/bootstrap.tf index 0313a7e3..bea49a99 100644 --- a/aws/fedora-coreos/kubernetes/bootstrap.tf +++ b/aws/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=e9d52a997e96f40ccaa58c61731f736417d98997" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=5dfa185b9de48b43cfa6bf5996331e311d312d57" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/aws/flatcar-linux/kubernetes/bootstrap.tf b/aws/flatcar-linux/kubernetes/bootstrap.tf index 0313a7e3..bea49a99 100644 --- a/aws/flatcar-linux/kubernetes/bootstrap.tf +++ b/aws/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=e9d52a997e96f40ccaa58c61731f736417d98997" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=5dfa185b9de48b43cfa6bf5996331e311d312d57" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/azure/fedora-coreos/kubernetes/bootstrap.tf b/azure/fedora-coreos/kubernetes/bootstrap.tf index 6c3c1078..2d6091c3 100644 --- a/azure/fedora-coreos/kubernetes/bootstrap.tf +++ b/azure/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=e9d52a997e96f40ccaa58c61731f736417d98997" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=5dfa185b9de48b43cfa6bf5996331e311d312d57" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/azure/flatcar-linux/kubernetes/bootstrap.tf b/azure/flatcar-linux/kubernetes/bootstrap.tf index 6c3c1078..2d6091c3 100644 --- a/azure/flatcar-linux/kubernetes/bootstrap.tf +++ b/azure/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=e9d52a997e96f40ccaa58c61731f736417d98997" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=5dfa185b9de48b43cfa6bf5996331e311d312d57" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/bare-metal/fedora-coreos/kubernetes/bootstrap.tf b/bare-metal/fedora-coreos/kubernetes/bootstrap.tf index 33e4fa60..c786e654 100644 --- a/bare-metal/fedora-coreos/kubernetes/bootstrap.tf +++ b/bare-metal/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=e9d52a997e96f40ccaa58c61731f736417d98997" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=5dfa185b9de48b43cfa6bf5996331e311d312d57" cluster_name = var.cluster_name api_servers = [var.k8s_domain_name] diff --git a/bare-metal/flatcar-linux/kubernetes/bootstrap.tf b/bare-metal/flatcar-linux/kubernetes/bootstrap.tf index f04be96e..a1524ec9 100644 --- a/bare-metal/flatcar-linux/kubernetes/bootstrap.tf +++ b/bare-metal/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=e9d52a997e96f40ccaa58c61731f736417d98997" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=5dfa185b9de48b43cfa6bf5996331e311d312d57" cluster_name = var.cluster_name api_servers = [var.k8s_domain_name] diff --git a/digital-ocean/fedora-coreos/kubernetes/bootstrap.tf b/digital-ocean/fedora-coreos/kubernetes/bootstrap.tf index 55a593d6..251b24af 100644 --- a/digital-ocean/fedora-coreos/kubernetes/bootstrap.tf +++ b/digital-ocean/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=e9d52a997e96f40ccaa58c61731f736417d98997" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=5dfa185b9de48b43cfa6bf5996331e311d312d57" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/digital-ocean/flatcar-linux/kubernetes/bootstrap.tf b/digital-ocean/flatcar-linux/kubernetes/bootstrap.tf index 55a593d6..251b24af 100644 --- a/digital-ocean/flatcar-linux/kubernetes/bootstrap.tf +++ b/digital-ocean/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=e9d52a997e96f40ccaa58c61731f736417d98997" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=5dfa185b9de48b43cfa6bf5996331e311d312d57" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/google-cloud/fedora-coreos/kubernetes/bootstrap.tf b/google-cloud/fedora-coreos/kubernetes/bootstrap.tf index cc943b53..575025e8 100644 --- a/google-cloud/fedora-coreos/kubernetes/bootstrap.tf +++ b/google-cloud/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=e9d52a997e96f40ccaa58c61731f736417d98997" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=5dfa185b9de48b43cfa6bf5996331e311d312d57" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/google-cloud/flatcar-linux/kubernetes/bootstrap.tf b/google-cloud/flatcar-linux/kubernetes/bootstrap.tf index cc943b53..575025e8 100644 --- a/google-cloud/flatcar-linux/kubernetes/bootstrap.tf +++ b/google-cloud/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=e9d52a997e96f40ccaa58c61731f736417d98997" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=5dfa185b9de48b43cfa6bf5996331e311d312d57" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] From 734c8c2107115ce9332f307ecc75bb0b1ef0c77e Mon Sep 17 00:00:00 2001 From: 8ball030 <35799987+8ball030@users.noreply.github.com> Date: Fri, 22 Mar 2024 18:23:00 +0000 Subject: [PATCH 030/132] Allow stopping Google Cloud controller nodes to resize them (#1424) * Google Cloud requires VMs be stopped in order to update their properties. This is only allowed if explicitly enabled --- google-cloud/fedora-coreos/kubernetes/controllers.tf | 1 + google-cloud/flatcar-linux/kubernetes/controllers.tf | 1 + 2 files changed, 2 insertions(+) diff --git a/google-cloud/fedora-coreos/kubernetes/controllers.tf b/google-cloud/fedora-coreos/kubernetes/controllers.tf index 3ae436b3..8c0510b3 100644 --- a/google-cloud/fedora-coreos/kubernetes/controllers.tf +++ b/google-cloud/fedora-coreos/kubernetes/controllers.tf @@ -56,6 +56,7 @@ resource "google_compute_instance" "controllers" { } can_ip_forward = true + allow_stopping_for_update = true tags = ["${var.cluster_name}-controller"] lifecycle { diff --git a/google-cloud/flatcar-linux/kubernetes/controllers.tf b/google-cloud/flatcar-linux/kubernetes/controllers.tf index b9233051..6de8fcfb 100644 --- a/google-cloud/flatcar-linux/kubernetes/controllers.tf +++ b/google-cloud/flatcar-linux/kubernetes/controllers.tf @@ -33,6 +33,7 @@ resource "google_compute_instance" "controllers" { # use a zone in the region and wrap around (e.g. controllers > zones) zone = element(local.zones, count.index) machine_type = var.controller_type + allow_stopping_for_update = true metadata = { user-data = data.ct_config.controllers.*.rendered[count.index] From 8524aa00bcefdf1f260f6c7febf6781532d7b96b Mon Sep 17 00:00:00 2001 From: Dalton Hubble Date: Sat, 23 Mar 2024 00:47:10 -0700 Subject: [PATCH 031/132] Update Kubernetes from v1.29.2 to v1.29.3 * https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.29.md#v1293 --- README.md | 10 +++---- aws/fedora-coreos/kubernetes/README.md | 2 +- aws/fedora-coreos/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/workers/butane/worker.yaml | 2 +- aws/flatcar-linux/kubernetes/README.md | 2 +- aws/flatcar-linux/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/workers/butane/worker.yaml | 2 +- azure/fedora-coreos/kubernetes/README.md | 2 +- azure/fedora-coreos/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/workers/butane/worker.yaml | 2 +- azure/flatcar-linux/kubernetes/README.md | 2 +- azure/flatcar-linux/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/workers/butane/worker.yaml | 2 +- bare-metal/fedora-coreos/kubernetes/README.md | 2 +- .../fedora-coreos/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/worker/butane/worker.yaml | 2 +- bare-metal/flatcar-linux/kubernetes/README.md | 2 +- .../flatcar-linux/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/worker/butane/worker.yaml | 2 +- .../fedora-coreos/kubernetes/README.md | 2 +- .../fedora-coreos/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/butane/worker.yaml | 2 +- .../flatcar-linux/kubernetes/README.md | 2 +- .../flatcar-linux/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/butane/worker.yaml | 2 +- docs/advanced/arm64.md | 28 +++++++++---------- docs/advanced/nodes.md | 8 +++--- docs/advanced/worker-pools.md | 22 +++++++-------- docs/fedora-coreos/aws.md | 10 +++---- docs/fedora-coreos/azure.md | 10 +++---- docs/fedora-coreos/bare-metal.md | 12 ++++---- docs/fedora-coreos/digitalocean.md | 10 +++---- docs/fedora-coreos/google-cloud.md | 10 +++---- docs/flatcar-linux/aws.md | 10 +++---- docs/flatcar-linux/azure.md | 10 +++---- docs/flatcar-linux/bare-metal.md | 12 ++++---- docs/flatcar-linux/digitalocean.md | 10 +++---- docs/flatcar-linux/google-cloud.md | 10 +++---- docs/index.md | 10 +++---- docs/topics/maintenance.md | 8 +++--- .../fedora-coreos/kubernetes/README.md | 2 +- .../fedora-coreos/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/workers/butane/worker.yaml | 2 +- .../flatcar-linux/kubernetes/README.md | 2 +- .../flatcar-linux/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/workers/butane/worker.yaml | 2 +- 56 files changed, 145 insertions(+), 145 deletions(-) diff --git a/README.md b/README.md index 8fa49a89..99f0ce61 100644 --- a/README.md +++ b/README.md @@ -18,7 +18,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.29.2 (upstream) +* Kubernetes v1.29.3 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/), SELinux enforcing * Advanced features like [worker pools](https://typhoon.psdn.io/advanced/worker-pools/), [preemptible](https://typhoon.psdn.io/flatcar-linux/google-cloud/#preemption) workers, and [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization @@ -70,7 +70,7 @@ Define a Kubernetes cluster by using the Terraform module for your chosen platfo ```tf module "yavin" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.29.2" + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.29.3" # Google Cloud cluster_name = "yavin" @@ -109,9 +109,9 @@ In 4-8 minutes (varies by platform), the cluster will be ready. This Google Clou $ export KUBECONFIG=/home/user/.kube/configs/yavin-config $ kubectl get nodes NAME ROLES STATUS AGE VERSION -yavin-controller-0.c.example-com.internal Ready 6m v1.29.2 -yavin-worker-jrbf.c.example-com.internal Ready 5m v1.29.2 -yavin-worker-mzdm.c.example-com.internal Ready 5m v1.29.2 +yavin-controller-0.c.example-com.internal Ready 6m v1.29.3 +yavin-worker-jrbf.c.example-com.internal Ready 5m v1.29.3 +yavin-worker-mzdm.c.example-com.internal Ready 5m v1.29.3 ``` List the pods. diff --git a/aws/fedora-coreos/kubernetes/README.md b/aws/fedora-coreos/kubernetes/README.md index 7c3e3cdf..5b475264 100644 --- a/aws/fedora-coreos/kubernetes/README.md +++ b/aws/fedora-coreos/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.29.2 (upstream) +* Kubernetes v1.29.3 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/), SELinux enforcing * Advanced features like [worker pools](https://typhoon.psdn.io/advanced/worker-pools/), [spot](https://typhoon.psdn.io/fedora-coreos/aws/#spot) workers, and [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/aws/fedora-coreos/kubernetes/bootstrap.tf b/aws/fedora-coreos/kubernetes/bootstrap.tf index bea49a99..80336a46 100644 --- a/aws/fedora-coreos/kubernetes/bootstrap.tf +++ b/aws/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=5dfa185b9de48b43cfa6bf5996331e311d312d57" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=9145a587b3b0354ec8757064a4835d9e4d6267c0" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/aws/fedora-coreos/kubernetes/butane/controller.yaml b/aws/fedora-coreos/kubernetes/butane/controller.yaml index 636498c8..865e45f6 100644 --- a/aws/fedora-coreos/kubernetes/butane/controller.yaml +++ b/aws/fedora-coreos/kubernetes/butane/controller.yaml @@ -57,7 +57,7 @@ systemd: After=afterburn.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.2 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.3 EnvironmentFile=/run/metadata/afterburn ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests @@ -116,7 +116,7 @@ systemd: --volume /opt/bootstrap/assets:/assets:ro,Z \ --volume /opt/bootstrap/apply:/apply:ro,Z \ --entrypoint=/apply \ - quay.io/poseidon/kubelet:v1.29.2 + quay.io/poseidon/kubelet:v1.29.3 ExecStartPost=/bin/touch /opt/bootstrap/bootstrap.done ExecStartPost=-/usr/bin/podman stop bootstrap storage: diff --git a/aws/fedora-coreos/kubernetes/workers/butane/worker.yaml b/aws/fedora-coreos/kubernetes/workers/butane/worker.yaml index 1bff5aef..22cbc1dc 100644 --- a/aws/fedora-coreos/kubernetes/workers/butane/worker.yaml +++ b/aws/fedora-coreos/kubernetes/workers/butane/worker.yaml @@ -29,7 +29,7 @@ systemd: After=afterburn.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.2 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.3 EnvironmentFile=/run/metadata/afterburn ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests diff --git a/aws/flatcar-linux/kubernetes/README.md b/aws/flatcar-linux/kubernetes/README.md index 5364cff7..ba743ea2 100644 --- a/aws/flatcar-linux/kubernetes/README.md +++ b/aws/flatcar-linux/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.29.2 (upstream) +* Kubernetes v1.29.3 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/) * Advanced features like [worker pools](https://typhoon.psdn.io/advanced/worker-pools/), [spot](https://typhoon.psdn.io/flatcar-linux/aws/#spot) workers, and [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/aws/flatcar-linux/kubernetes/bootstrap.tf b/aws/flatcar-linux/kubernetes/bootstrap.tf index bea49a99..80336a46 100644 --- a/aws/flatcar-linux/kubernetes/bootstrap.tf +++ b/aws/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=5dfa185b9de48b43cfa6bf5996331e311d312d57" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=9145a587b3b0354ec8757064a4835d9e4d6267c0" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/aws/flatcar-linux/kubernetes/butane/controller.yaml b/aws/flatcar-linux/kubernetes/butane/controller.yaml index b1cec1c4..2150af4c 100644 --- a/aws/flatcar-linux/kubernetes/butane/controller.yaml +++ b/aws/flatcar-linux/kubernetes/butane/controller.yaml @@ -58,7 +58,7 @@ systemd: After=coreos-metadata.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.2 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.3 EnvironmentFile=/run/metadata/coreos ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests @@ -109,7 +109,7 @@ systemd: Type=oneshot RemainAfterExit=true WorkingDirectory=/opt/bootstrap - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.2 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.3 ExecStart=/usr/bin/docker run \ -v /etc/kubernetes/pki:/etc/kubernetes/pki:ro \ -v /opt/bootstrap/assets:/assets:ro \ diff --git a/aws/flatcar-linux/kubernetes/workers/butane/worker.yaml b/aws/flatcar-linux/kubernetes/workers/butane/worker.yaml index f5682d11..1665e8f4 100644 --- a/aws/flatcar-linux/kubernetes/workers/butane/worker.yaml +++ b/aws/flatcar-linux/kubernetes/workers/butane/worker.yaml @@ -30,7 +30,7 @@ systemd: After=coreos-metadata.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.2 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.3 EnvironmentFile=/run/metadata/coreos ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests diff --git a/azure/fedora-coreos/kubernetes/README.md b/azure/fedora-coreos/kubernetes/README.md index 4ab391ef..ffde87bb 100644 --- a/azure/fedora-coreos/kubernetes/README.md +++ b/azure/fedora-coreos/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.29.2 (upstream) +* Kubernetes v1.29.3 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/), SELinux enforcing * Advanced features like [worker pools](https://typhoon.psdn.io/advanced/worker-pools/), [spot priority](https://typhoon.psdn.io/fedora-coreos/azure/#low-priority) workers, and [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/azure/fedora-coreos/kubernetes/bootstrap.tf b/azure/fedora-coreos/kubernetes/bootstrap.tf index 2d6091c3..ac5872a3 100644 --- a/azure/fedora-coreos/kubernetes/bootstrap.tf +++ b/azure/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=5dfa185b9de48b43cfa6bf5996331e311d312d57" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=9145a587b3b0354ec8757064a4835d9e4d6267c0" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/azure/fedora-coreos/kubernetes/butane/controller.yaml b/azure/fedora-coreos/kubernetes/butane/controller.yaml index e93486af..651b8c8b 100644 --- a/azure/fedora-coreos/kubernetes/butane/controller.yaml +++ b/azure/fedora-coreos/kubernetes/butane/controller.yaml @@ -54,7 +54,7 @@ systemd: Description=Kubelet (System Container) Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.2 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.3 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin @@ -111,7 +111,7 @@ systemd: --volume /opt/bootstrap/assets:/assets:ro,Z \ --volume /opt/bootstrap/apply:/apply:ro,Z \ --entrypoint=/apply \ - quay.io/poseidon/kubelet:v1.29.2 + quay.io/poseidon/kubelet:v1.29.3 ExecStartPost=/bin/touch /opt/bootstrap/bootstrap.done ExecStartPost=-/usr/bin/podman stop bootstrap storage: diff --git a/azure/fedora-coreos/kubernetes/workers/butane/worker.yaml b/azure/fedora-coreos/kubernetes/workers/butane/worker.yaml index b4a28d4a..4e577791 100644 --- a/azure/fedora-coreos/kubernetes/workers/butane/worker.yaml +++ b/azure/fedora-coreos/kubernetes/workers/butane/worker.yaml @@ -26,7 +26,7 @@ systemd: Description=Kubelet (System Container) Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.2 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.3 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin diff --git a/azure/flatcar-linux/kubernetes/README.md b/azure/flatcar-linux/kubernetes/README.md index dbc4c673..ccdb0e9c 100644 --- a/azure/flatcar-linux/kubernetes/README.md +++ b/azure/flatcar-linux/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.29.2 (upstream) +* Kubernetes v1.29.3 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/) * Advanced features like [worker pools](https://typhoon.psdn.io/advanced/worker-pools/), [low-priority](https://typhoon.psdn.io/flatcar-linux/azure/#low-priority) workers, and [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/azure/flatcar-linux/kubernetes/bootstrap.tf b/azure/flatcar-linux/kubernetes/bootstrap.tf index 2d6091c3..ac5872a3 100644 --- a/azure/flatcar-linux/kubernetes/bootstrap.tf +++ b/azure/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=5dfa185b9de48b43cfa6bf5996331e311d312d57" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=9145a587b3b0354ec8757064a4835d9e4d6267c0" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/azure/flatcar-linux/kubernetes/butane/controller.yaml b/azure/flatcar-linux/kubernetes/butane/controller.yaml index 26b02ab3..0c8a2d26 100644 --- a/azure/flatcar-linux/kubernetes/butane/controller.yaml +++ b/azure/flatcar-linux/kubernetes/butane/controller.yaml @@ -56,7 +56,7 @@ systemd: After=docker.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.2 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.3 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin @@ -105,7 +105,7 @@ systemd: Type=oneshot RemainAfterExit=true WorkingDirectory=/opt/bootstrap - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.2 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.3 ExecStart=/usr/bin/docker run \ -v /etc/kubernetes/pki:/etc/kubernetes/pki:ro \ -v /opt/bootstrap/assets:/assets:ro \ diff --git a/azure/flatcar-linux/kubernetes/workers/butane/worker.yaml b/azure/flatcar-linux/kubernetes/workers/butane/worker.yaml index bd71ed7a..57be7b2b 100644 --- a/azure/flatcar-linux/kubernetes/workers/butane/worker.yaml +++ b/azure/flatcar-linux/kubernetes/workers/butane/worker.yaml @@ -28,7 +28,7 @@ systemd: After=docker.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.2 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.3 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin diff --git a/bare-metal/fedora-coreos/kubernetes/README.md b/bare-metal/fedora-coreos/kubernetes/README.md index d0ed2652..a04466fb 100644 --- a/bare-metal/fedora-coreos/kubernetes/README.md +++ b/bare-metal/fedora-coreos/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.29.2 (upstream) +* Kubernetes v1.29.3 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/), SELinux enforcing * Advanced features like [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/bare-metal/fedora-coreos/kubernetes/bootstrap.tf b/bare-metal/fedora-coreos/kubernetes/bootstrap.tf index c786e654..8a64126c 100644 --- a/bare-metal/fedora-coreos/kubernetes/bootstrap.tf +++ b/bare-metal/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=5dfa185b9de48b43cfa6bf5996331e311d312d57" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=9145a587b3b0354ec8757064a4835d9e4d6267c0" cluster_name = var.cluster_name api_servers = [var.k8s_domain_name] diff --git a/bare-metal/fedora-coreos/kubernetes/butane/controller.yaml b/bare-metal/fedora-coreos/kubernetes/butane/controller.yaml index a91af370..6791aed0 100644 --- a/bare-metal/fedora-coreos/kubernetes/butane/controller.yaml +++ b/bare-metal/fedora-coreos/kubernetes/butane/controller.yaml @@ -53,7 +53,7 @@ systemd: Description=Kubelet (System Container) Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.2 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.3 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin @@ -113,7 +113,7 @@ systemd: Type=oneshot RemainAfterExit=true WorkingDirectory=/opt/bootstrap - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.2 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.3 ExecStartPre=-/usr/bin/podman rm bootstrap ExecStart=/usr/bin/podman run --name bootstrap \ --network host \ diff --git a/bare-metal/fedora-coreos/kubernetes/worker/butane/worker.yaml b/bare-metal/fedora-coreos/kubernetes/worker/butane/worker.yaml index 628df0ed..9d3a5ede 100644 --- a/bare-metal/fedora-coreos/kubernetes/worker/butane/worker.yaml +++ b/bare-metal/fedora-coreos/kubernetes/worker/butane/worker.yaml @@ -25,7 +25,7 @@ systemd: Description=Kubelet (System Container) Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.2 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.3 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin diff --git a/bare-metal/flatcar-linux/kubernetes/README.md b/bare-metal/flatcar-linux/kubernetes/README.md index 5d857286..a2391800 100644 --- a/bare-metal/flatcar-linux/kubernetes/README.md +++ b/bare-metal/flatcar-linux/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.29.2 (upstream) +* Kubernetes v1.29.3 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/) * Advanced features like [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/bare-metal/flatcar-linux/kubernetes/bootstrap.tf b/bare-metal/flatcar-linux/kubernetes/bootstrap.tf index a1524ec9..9a4717bf 100644 --- a/bare-metal/flatcar-linux/kubernetes/bootstrap.tf +++ b/bare-metal/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=5dfa185b9de48b43cfa6bf5996331e311d312d57" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=9145a587b3b0354ec8757064a4835d9e4d6267c0" cluster_name = var.cluster_name api_servers = [var.k8s_domain_name] diff --git a/bare-metal/flatcar-linux/kubernetes/butane/controller.yaml b/bare-metal/flatcar-linux/kubernetes/butane/controller.yaml index 4eb70071..8c1b54a6 100644 --- a/bare-metal/flatcar-linux/kubernetes/butane/controller.yaml +++ b/bare-metal/flatcar-linux/kubernetes/butane/controller.yaml @@ -64,7 +64,7 @@ systemd: After=docker.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.2 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.3 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin @@ -114,7 +114,7 @@ systemd: Type=oneshot RemainAfterExit=true WorkingDirectory=/opt/bootstrap - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.2 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.3 ExecStart=/usr/bin/docker run \ -v /etc/kubernetes/pki:/etc/kubernetes/pki:ro \ -v /opt/bootstrap/assets:/assets:ro \ diff --git a/bare-metal/flatcar-linux/kubernetes/worker/butane/worker.yaml b/bare-metal/flatcar-linux/kubernetes/worker/butane/worker.yaml index 9d45a91b..c418eb19 100644 --- a/bare-metal/flatcar-linux/kubernetes/worker/butane/worker.yaml +++ b/bare-metal/flatcar-linux/kubernetes/worker/butane/worker.yaml @@ -36,7 +36,7 @@ systemd: After=docker.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.2 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.3 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin diff --git a/digital-ocean/fedora-coreos/kubernetes/README.md b/digital-ocean/fedora-coreos/kubernetes/README.md index b6f19126..41beadea 100644 --- a/digital-ocean/fedora-coreos/kubernetes/README.md +++ b/digital-ocean/fedora-coreos/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.29.2 (upstream) +* Kubernetes v1.29.3 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/), SELinux enforcing * Advanced features like [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/digital-ocean/fedora-coreos/kubernetes/bootstrap.tf b/digital-ocean/fedora-coreos/kubernetes/bootstrap.tf index 251b24af..4f83bfa7 100644 --- a/digital-ocean/fedora-coreos/kubernetes/bootstrap.tf +++ b/digital-ocean/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=5dfa185b9de48b43cfa6bf5996331e311d312d57" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=9145a587b3b0354ec8757064a4835d9e4d6267c0" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/digital-ocean/fedora-coreos/kubernetes/butane/controller.yaml b/digital-ocean/fedora-coreos/kubernetes/butane/controller.yaml index 8695daec..843799f7 100644 --- a/digital-ocean/fedora-coreos/kubernetes/butane/controller.yaml +++ b/digital-ocean/fedora-coreos/kubernetes/butane/controller.yaml @@ -55,7 +55,7 @@ systemd: After=afterburn.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.2 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.3 EnvironmentFile=/run/metadata/afterburn ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests @@ -123,7 +123,7 @@ systemd: --volume /opt/bootstrap/assets:/assets:ro,Z \ --volume /opt/bootstrap/apply:/apply:ro,Z \ --entrypoint=/apply \ - quay.io/poseidon/kubelet:v1.29.2 + quay.io/poseidon/kubelet:v1.29.3 ExecStartPost=/bin/touch /opt/bootstrap/bootstrap.done ExecStartPost=-/usr/bin/podman stop bootstrap storage: diff --git a/digital-ocean/fedora-coreos/kubernetes/butane/worker.yaml b/digital-ocean/fedora-coreos/kubernetes/butane/worker.yaml index a13f0d25..43dc82b5 100644 --- a/digital-ocean/fedora-coreos/kubernetes/butane/worker.yaml +++ b/digital-ocean/fedora-coreos/kubernetes/butane/worker.yaml @@ -28,7 +28,7 @@ systemd: After=afterburn.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.2 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.3 EnvironmentFile=/run/metadata/afterburn ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests diff --git a/digital-ocean/flatcar-linux/kubernetes/README.md b/digital-ocean/flatcar-linux/kubernetes/README.md index 5d7e200c..1ff0175e 100644 --- a/digital-ocean/flatcar-linux/kubernetes/README.md +++ b/digital-ocean/flatcar-linux/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.29.2 (upstream) +* Kubernetes v1.29.3 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/) * Advanced features like [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/digital-ocean/flatcar-linux/kubernetes/bootstrap.tf b/digital-ocean/flatcar-linux/kubernetes/bootstrap.tf index 251b24af..4f83bfa7 100644 --- a/digital-ocean/flatcar-linux/kubernetes/bootstrap.tf +++ b/digital-ocean/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=5dfa185b9de48b43cfa6bf5996331e311d312d57" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=9145a587b3b0354ec8757064a4835d9e4d6267c0" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/digital-ocean/flatcar-linux/kubernetes/butane/controller.yaml b/digital-ocean/flatcar-linux/kubernetes/butane/controller.yaml index eea709b1..8c91d26b 100644 --- a/digital-ocean/flatcar-linux/kubernetes/butane/controller.yaml +++ b/digital-ocean/flatcar-linux/kubernetes/butane/controller.yaml @@ -66,7 +66,7 @@ systemd: After=coreos-metadata.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.2 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.3 EnvironmentFile=/run/metadata/coreos ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests @@ -117,7 +117,7 @@ systemd: Type=oneshot RemainAfterExit=true WorkingDirectory=/opt/bootstrap - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.2 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.3 ExecStart=/usr/bin/docker run \ -v /etc/kubernetes/pki:/etc/kubernetes/pki:ro \ -v /opt/bootstrap/assets:/assets:ro \ diff --git a/digital-ocean/flatcar-linux/kubernetes/butane/worker.yaml b/digital-ocean/flatcar-linux/kubernetes/butane/worker.yaml index 9baa2a52..77a5b294 100644 --- a/digital-ocean/flatcar-linux/kubernetes/butane/worker.yaml +++ b/digital-ocean/flatcar-linux/kubernetes/butane/worker.yaml @@ -38,7 +38,7 @@ systemd: After=coreos-metadata.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.2 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.3 EnvironmentFile=/run/metadata/coreos ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests diff --git a/docs/advanced/arm64.md b/docs/advanced/arm64.md index 11e4c9d5..95803124 100644 --- a/docs/advanced/arm64.md +++ b/docs/advanced/arm64.md @@ -15,7 +15,7 @@ Create a cluster on AWS with ARM64 controller and worker nodes. Container worklo ```tf module "gravitas" { - source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes?ref=v1.29.2" + source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes?ref=v1.29.3" # AWS cluster_name = "gravitas" @@ -40,7 +40,7 @@ Create a cluster on AWS with ARM64 controller and worker nodes. Container worklo ```tf module "gravitas" { - source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes?ref=v1.29.2" + source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes?ref=v1.29.3" # AWS cluster_name = "gravitas" @@ -66,9 +66,9 @@ Verify the cluster has only arm64 (`aarch64`) nodes. For Flatcar Linux, describe ``` $ kubectl get nodes -o wide NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME -ip-10-0-21-119 Ready 77s v1.29.2 10.0.21.119 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.aarch64 containerd://1.5.8 -ip-10-0-32-166 Ready 80s v1.29.2 10.0.32.166 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.aarch64 containerd://1.5.8 -ip-10-0-5-79 Ready 77s v1.29.2 10.0.5.79 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.aarch64 containerd://1.5.8 +ip-10-0-21-119 Ready 77s v1.29.3 10.0.21.119 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.aarch64 containerd://1.5.8 +ip-10-0-32-166 Ready 80s v1.29.3 10.0.32.166 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.aarch64 containerd://1.5.8 +ip-10-0-5-79 Ready 77s v1.29.3 10.0.5.79 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.aarch64 containerd://1.5.8 ``` ## Hybrid @@ -79,7 +79,7 @@ Create a hybrid/mixed arch cluster by defining an AWS cluster. Then define a [wo ```tf module "gravitas" { - source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes?ref=v1.29.2" + source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes?ref=v1.29.3" # AWS cluster_name = "gravitas" @@ -102,7 +102,7 @@ Create a hybrid/mixed arch cluster by defining an AWS cluster. Then define a [wo ```tf module "gravitas" { - source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes?ref=v1.29.2" + source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes?ref=v1.29.3" # AWS cluster_name = "gravitas" @@ -125,7 +125,7 @@ Create a hybrid/mixed arch cluster by defining an AWS cluster. Then define a [wo ```tf module "gravitas-arm64" { - source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes/workers?ref=v1.29.2" + source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes/workers?ref=v1.29.3" # AWS vpc_id = module.gravitas.vpc_id @@ -149,7 +149,7 @@ Create a hybrid/mixed arch cluster by defining an AWS cluster. Then define a [wo ```tf module "gravitas-arm64" { - source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes/workers?ref=v1.29.2" + source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes/workers?ref=v1.29.3" # AWS vpc_id = module.gravitas.vpc_id @@ -174,10 +174,10 @@ Verify amd64 (x86_64) and arm64 (aarch64) nodes are present. ``` $ kubectl get nodes -o wide NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME -ip-10-0-1-73 Ready 111m v1.29.2 10.0.1.73 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.x86_64 containerd://1.5.8 -ip-10-0-22-79... Ready 111m v1.29.2 10.0.22.79 Flatcar Container Linux by Kinvolk 3033.2.0 (Oklo) 5.10.84-flatcar containerd://1.5.8 -ip-10-0-24-130 Ready 111m v1.29.2 10.0.24.130 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.x86_64 containerd://1.5.8 -ip-10-0-39-19 Ready 111m v1.29.2 10.0.39.19 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.x86_64 containerd://1.5.8 +ip-10-0-1-73 Ready 111m v1.29.3 10.0.1.73 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.x86_64 containerd://1.5.8 +ip-10-0-22-79... Ready 111m v1.29.3 10.0.22.79 Flatcar Container Linux by Kinvolk 3033.2.0 (Oklo) 5.10.84-flatcar containerd://1.5.8 +ip-10-0-24-130 Ready 111m v1.29.3 10.0.24.130 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.x86_64 containerd://1.5.8 +ip-10-0-39-19 Ready 111m v1.29.3 10.0.39.19 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.x86_64 containerd://1.5.8 ``` ## Azure @@ -186,7 +186,7 @@ Create a cluster on Azure with ARM64 controller and worker nodes. Container work ```tf module "ramius" { - source = "git::https://github.com/poseidon/typhoon//azure/flatcar-linux/kubernetes?ref=v1.29.2" + source = "git::https://github.com/poseidon/typhoon//azure/flatcar-linux/kubernetes?ref=v1.29.3" # Azure cluster_name = "ramius" diff --git a/docs/advanced/nodes.md b/docs/advanced/nodes.md index 9b5f8d2f..7b8e7d91 100644 --- a/docs/advanced/nodes.md +++ b/docs/advanced/nodes.md @@ -36,7 +36,7 @@ Add custom initial worker node labels to default workers or worker pool nodes to ```tf module "yavin" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.29.2" + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.29.3" # Google Cloud cluster_name = "yavin" @@ -57,7 +57,7 @@ Add custom initial worker node labels to default workers or worker pool nodes to ```tf module "yavin-pool" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes/workers?ref=v1.29.2" + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes/workers?ref=v1.29.3" # Google Cloud cluster_name = "yavin" @@ -89,7 +89,7 @@ Add custom initial taints on worker pool nodes to indicate a node is unique and ```tf module "yavin" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.29.2" + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.29.3" # Google Cloud cluster_name = "yavin" @@ -110,7 +110,7 @@ Add custom initial taints on worker pool nodes to indicate a node is unique and ```tf module "yavin-pool" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes/workers?ref=v1.29.2" + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes/workers?ref=v1.29.3" # Google Cloud cluster_name = "yavin" diff --git a/docs/advanced/worker-pools.md b/docs/advanced/worker-pools.md index c9021235..fc836fbf 100644 --- a/docs/advanced/worker-pools.md +++ b/docs/advanced/worker-pools.md @@ -19,7 +19,7 @@ Create a cluster following the AWS [tutorial](../flatcar-linux/aws.md#cluster). ```tf module "tempest-worker-pool" { - source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes/workers?ref=v1.29.2" + source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes/workers?ref=v1.29.3" # AWS vpc_id = module.tempest.vpc_id @@ -42,7 +42,7 @@ Create a cluster following the AWS [tutorial](../flatcar-linux/aws.md#cluster). ```tf module "tempest-worker-pool" { - source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes/workers?ref=v1.29.2" + source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes/workers?ref=v1.29.3" # AWS vpc_id = module.tempest.vpc_id @@ -111,7 +111,7 @@ Create a cluster following the Azure [tutorial](../flatcar-linux/azure.md#cluste ```tf module "ramius-worker-pool" { - source = "git::https://github.com/poseidon/typhoon//azure/fedora-coreos/kubernetes/workers?ref=v1.29.2" + source = "git::https://github.com/poseidon/typhoon//azure/fedora-coreos/kubernetes/workers?ref=v1.29.3" # Azure region = module.ramius.region @@ -137,7 +137,7 @@ Create a cluster following the Azure [tutorial](../flatcar-linux/azure.md#cluste ```tf module "ramius-worker-pool" { - source = "git::https://github.com/poseidon/typhoon//azure/flatcar-linux/kubernetes/workers?ref=v1.29.2" + source = "git::https://github.com/poseidon/typhoon//azure/flatcar-linux/kubernetes/workers?ref=v1.29.3" # Azure region = module.ramius.region @@ -207,7 +207,7 @@ Create a cluster following the Google Cloud [tutorial](../flatcar-linux/google-c ```tf module "yavin-worker-pool" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes/workers?ref=v1.29.2" + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes/workers?ref=v1.29.3" # Google Cloud region = "europe-west2" @@ -231,7 +231,7 @@ Create a cluster following the Google Cloud [tutorial](../flatcar-linux/google-c ```tf module "yavin-worker-pool" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/flatcar-linux/kubernetes/workers?ref=v1.29.2" + source = "git::https://github.com/poseidon/typhoon//google-cloud/flatcar-linux/kubernetes/workers?ref=v1.29.3" # Google Cloud region = "europe-west2" @@ -262,11 +262,11 @@ Verify a managed instance group of workers joins the cluster within a few minute ``` $ kubectl get nodes NAME STATUS AGE VERSION -yavin-controller-0.c.example-com.internal Ready 6m v1.29.2 -yavin-worker-jrbf.c.example-com.internal Ready 5m v1.29.2 -yavin-worker-mzdm.c.example-com.internal Ready 5m v1.29.2 -yavin-16x-worker-jrbf.c.example-com.internal Ready 3m v1.29.2 -yavin-16x-worker-mzdm.c.example-com.internal Ready 3m v1.29.2 +yavin-controller-0.c.example-com.internal Ready 6m v1.29.3 +yavin-worker-jrbf.c.example-com.internal Ready 5m v1.29.3 +yavin-worker-mzdm.c.example-com.internal Ready 5m v1.29.3 +yavin-16x-worker-jrbf.c.example-com.internal Ready 3m v1.29.3 +yavin-16x-worker-mzdm.c.example-com.internal Ready 3m v1.29.3 ``` ### Variables diff --git a/docs/fedora-coreos/aws.md b/docs/fedora-coreos/aws.md index 526c8420..2a37007c 100644 --- a/docs/fedora-coreos/aws.md +++ b/docs/fedora-coreos/aws.md @@ -1,6 +1,6 @@ # AWS -In this tutorial, we'll create a Kubernetes v1.29.2 cluster on AWS with Fedora CoreOS. +In this tutorial, we'll create a Kubernetes v1.29.3 cluster on AWS with Fedora CoreOS. We'll declare a Kubernetes cluster using the Typhoon Terraform module. Then apply the changes to create a VPC, gateway, subnets, security groups, controller instances, worker auto-scaling group, network load balancer, and TLS assets. @@ -72,7 +72,7 @@ Define a Kubernetes cluster using the module `aws/fedora-coreos/kubernetes`. ```tf module "tempest" { - source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes?ref=v1.29.2" + source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes?ref=v1.29.3" # AWS cluster_name = "tempest" @@ -145,9 +145,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/tempest-config $ kubectl get nodes NAME STATUS ROLES AGE VERSION -ip-10-0-3-155 Ready 10m v1.29.2 -ip-10-0-26-65 Ready 10m v1.29.2 -ip-10-0-41-21 Ready 10m v1.29.2 +ip-10-0-3-155 Ready 10m v1.29.3 +ip-10-0-26-65 Ready 10m v1.29.3 +ip-10-0-41-21 Ready 10m v1.29.3 ``` List the pods. diff --git a/docs/fedora-coreos/azure.md b/docs/fedora-coreos/azure.md index 8ca53a40..79f43d3c 100644 --- a/docs/fedora-coreos/azure.md +++ b/docs/fedora-coreos/azure.md @@ -1,6 +1,6 @@ # Azure -In this tutorial, we'll create a Kubernetes v1.29.2 cluster on Azure with Fedora CoreOS. +In this tutorial, we'll create a Kubernetes v1.29.3 cluster on Azure with Fedora CoreOS. We'll declare a Kubernetes cluster using the Typhoon Terraform module. Then apply the changes to create a resource group, virtual network, subnets, security groups, controller availability set, worker scale set, load balancer, and TLS assets. @@ -86,7 +86,7 @@ Define a Kubernetes cluster using the module `azure/fedora-coreos/kubernetes`. ```tf module "ramius" { - source = "git::https://github.com/poseidon/typhoon//azure/fedora-coreos/kubernetes?ref=v1.29.2" + source = "git::https://github.com/poseidon/typhoon//azure/fedora-coreos/kubernetes?ref=v1.29.3" # Azure cluster_name = "ramius" @@ -161,9 +161,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/ramius-config $ kubectl get nodes NAME STATUS ROLES AGE VERSION -ramius-controller-0 Ready 24m v1.29.2 -ramius-worker-000001 Ready 25m v1.29.2 -ramius-worker-000002 Ready 24m v1.29.2 +ramius-controller-0 Ready 24m v1.29.3 +ramius-worker-000001 Ready 25m v1.29.3 +ramius-worker-000002 Ready 24m v1.29.3 ``` List the pods. diff --git a/docs/fedora-coreos/bare-metal.md b/docs/fedora-coreos/bare-metal.md index 9249dfa1..8e0644a3 100644 --- a/docs/fedora-coreos/bare-metal.md +++ b/docs/fedora-coreos/bare-metal.md @@ -1,6 +1,6 @@ # Bare-Metal -In this tutorial, we'll network boot and provision a Kubernetes v1.29.2 cluster on bare-metal with Fedora CoreOS. +In this tutorial, we'll network boot and provision a Kubernetes v1.29.3 cluster on bare-metal with Fedora CoreOS. First, we'll deploy a [Matchbox](https://github.com/poseidon/matchbox) service and setup a network boot environment. Then, we'll declare a Kubernetes cluster using the Typhoon Terraform module and power on machines. On PXE boot, machines will install Fedora CoreOS to disk, reboot into the disk install, and provision themselves as Kubernetes controllers or workers via Ignition. @@ -154,7 +154,7 @@ Define a Kubernetes cluster using the module `bare-metal/fedora-coreos/kubernete ```tf module "mercury" { - source = "git::https://github.com/poseidon/typhoon//bare-metal/fedora-coreos/kubernetes?ref=v1.29.2" + source = "git::https://github.com/poseidon/typhoon//bare-metal/fedora-coreos/kubernetes?ref=v1.29.3" # bare-metal cluster_name = "mercury" @@ -191,7 +191,7 @@ Workers with similar features can be defined inline using the `workers` field as ```tf module "mercury-node1" { - source = "git::https://github.com/poseidon/typhoon//bare-metal/fedora-coreos/kubernetes/worker?ref=v1.29.2" + source = "git::https://github.com/poseidon/typhoon//bare-metal/fedora-coreos/kubernetes/worker?ref=v1.29.3" # bare-metal cluster_name = "mercury" @@ -313,9 +313,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/mercury-config $ kubectl get nodes NAME STATUS ROLES AGE VERSION -node1.example.com Ready 10m v1.29.2 -node2.example.com Ready 10m v1.29.2 -node3.example.com Ready 10m v1.29.2 +node1.example.com Ready 10m v1.29.3 +node2.example.com Ready 10m v1.29.3 +node3.example.com Ready 10m v1.29.3 ``` List the pods. diff --git a/docs/fedora-coreos/digitalocean.md b/docs/fedora-coreos/digitalocean.md index e808bdec..2886e4c2 100644 --- a/docs/fedora-coreos/digitalocean.md +++ b/docs/fedora-coreos/digitalocean.md @@ -1,6 +1,6 @@ # DigitalOcean -In this tutorial, we'll create a Kubernetes v1.29.2 cluster on DigitalOcean with Fedora CoreOS. +In this tutorial, we'll create a Kubernetes v1.29.3 cluster on DigitalOcean with Fedora CoreOS. We'll declare a Kubernetes cluster using the Typhoon Terraform module. Then apply the changes to create controller droplets, worker droplets, DNS records, tags, and TLS assets. @@ -81,7 +81,7 @@ Define a Kubernetes cluster using the module `digital-ocean/fedora-coreos/kubern ```tf module "nemo" { - source = "git::https://github.com/poseidon/typhoon//digital-ocean/fedora-coreos/kubernetes?ref=v1.29.2" + source = "git::https://github.com/poseidon/typhoon//digital-ocean/fedora-coreos/kubernetes?ref=v1.29.3" # Digital Ocean cluster_name = "nemo" @@ -155,9 +155,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/nemo-config $ kubectl get nodes NAME STATUS ROLES AGE VERSION -10.132.110.130 Ready 10m v1.29.2 -10.132.115.81 Ready 10m v1.29.2 -10.132.124.107 Ready 10m v1.29.2 +10.132.110.130 Ready 10m v1.29.3 +10.132.115.81 Ready 10m v1.29.3 +10.132.124.107 Ready 10m v1.29.3 ``` List the pods. diff --git a/docs/fedora-coreos/google-cloud.md b/docs/fedora-coreos/google-cloud.md index 1d92d20c..d30da708 100644 --- a/docs/fedora-coreos/google-cloud.md +++ b/docs/fedora-coreos/google-cloud.md @@ -1,6 +1,6 @@ # Google Cloud -In this tutorial, we'll create a Kubernetes v1.29.2 cluster on Google Compute Engine with Fedora CoreOS. +In this tutorial, we'll create a Kubernetes v1.29.3 cluster on Google Compute Engine with Fedora CoreOS. We'll declare a Kubernetes cluster using the Typhoon Terraform module. Then apply the changes to create a network, firewall rules, health checks, controller instances, worker managed instance group, load balancers, and TLS assets. @@ -73,7 +73,7 @@ Define a Kubernetes cluster using the module `google-cloud/fedora-coreos/kuberne ```tf module "yavin" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.29.2" + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.29.3" # Google Cloud cluster_name = "yavin" @@ -147,9 +147,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/yavin-config $ kubectl get nodes NAME ROLES STATUS AGE VERSION -yavin-controller-0.c.example-com.internal Ready 6m v1.29.2 -yavin-worker-jrbf.c.example-com.internal Ready 5m v1.29.2 -yavin-worker-mzdm.c.example-com.internal Ready 5m v1.29.2 +yavin-controller-0.c.example-com.internal Ready 6m v1.29.3 +yavin-worker-jrbf.c.example-com.internal Ready 5m v1.29.3 +yavin-worker-mzdm.c.example-com.internal Ready 5m v1.29.3 ``` List the pods. diff --git a/docs/flatcar-linux/aws.md b/docs/flatcar-linux/aws.md index ca71f385..59a84b52 100644 --- a/docs/flatcar-linux/aws.md +++ b/docs/flatcar-linux/aws.md @@ -1,6 +1,6 @@ # AWS -In this tutorial, we'll create a Kubernetes v1.29.2 cluster on AWS with Flatcar Linux. +In this tutorial, we'll create a Kubernetes v1.29.3 cluster on AWS with Flatcar Linux. We'll declare a Kubernetes cluster using the Typhoon Terraform module. Then apply the changes to create a VPC, gateway, subnets, security groups, controller instances, worker auto-scaling group, network load balancer, and TLS assets. @@ -72,7 +72,7 @@ Define a Kubernetes cluster using the module `aws/flatcar-linux/kubernetes`. ```tf module "tempest" { - source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes?ref=v1.29.2" + source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes?ref=v1.29.3" # AWS cluster_name = "tempest" @@ -145,9 +145,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/tempest-config $ kubectl get nodes NAME STATUS ROLES AGE VERSION -ip-10-0-3-155 Ready 10m v1.29.2 -ip-10-0-26-65 Ready 10m v1.29.2 -ip-10-0-41-21 Ready 10m v1.29.2 +ip-10-0-3-155 Ready 10m v1.29.3 +ip-10-0-26-65 Ready 10m v1.29.3 +ip-10-0-41-21 Ready 10m v1.29.3 ``` List the pods. diff --git a/docs/flatcar-linux/azure.md b/docs/flatcar-linux/azure.md index 6e9e5401..8403b21e 100644 --- a/docs/flatcar-linux/azure.md +++ b/docs/flatcar-linux/azure.md @@ -1,6 +1,6 @@ # Azure -In this tutorial, we'll create a Kubernetes v1.29.2 cluster on Azure with Flatcar Linux. +In this tutorial, we'll create a Kubernetes v1.29.3 cluster on Azure with Flatcar Linux. We'll declare a Kubernetes cluster using the Typhoon Terraform module. Then apply the changes to create a resource group, virtual network, subnets, security groups, controller availability set, worker scale set, load balancer, and TLS assets. @@ -75,7 +75,7 @@ Define a Kubernetes cluster using the module `azure/flatcar-linux/kubernetes`. ```tf module "ramius" { - source = "git::https://github.com/poseidon/typhoon//azure/flatcar-linux/kubernetes?ref=v1.29.2" + source = "git::https://github.com/poseidon/typhoon//azure/flatcar-linux/kubernetes?ref=v1.29.3" # Azure cluster_name = "ramius" @@ -149,9 +149,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/ramius-config $ kubectl get nodes NAME STATUS ROLES AGE VERSION -ramius-controller-0 Ready 24m v1.29.2 -ramius-worker-000001 Ready 25m v1.29.2 -ramius-worker-000002 Ready 24m v1.29.2 +ramius-controller-0 Ready 24m v1.29.3 +ramius-worker-000001 Ready 25m v1.29.3 +ramius-worker-000002 Ready 24m v1.29.3 ``` List the pods. diff --git a/docs/flatcar-linux/bare-metal.md b/docs/flatcar-linux/bare-metal.md index 875226db..f104a463 100644 --- a/docs/flatcar-linux/bare-metal.md +++ b/docs/flatcar-linux/bare-metal.md @@ -1,6 +1,6 @@ # Bare-Metal -In this tutorial, we'll network boot and provision a Kubernetes v1.29.2 cluster on bare-metal with Flatcar Linux. +In this tutorial, we'll network boot and provision a Kubernetes v1.29.3 cluster on bare-metal with Flatcar Linux. First, we'll deploy a [Matchbox](https://github.com/poseidon/matchbox) service and setup a network boot environment. Then, we'll declare a Kubernetes cluster using the Typhoon Terraform module and power on machines. On PXE boot, machines will install Container Linux to disk, reboot into the disk install, and provision themselves as Kubernetes controllers or workers via Ignition. @@ -154,7 +154,7 @@ Define a Kubernetes cluster using the module `bare-metal/flatcar-linux/kubernete ```tf module "mercury" { - source = "git::https://github.com/poseidon/typhoon//bare-metal/flatcar-linux/kubernetes?ref=v1.29.2" + source = "git::https://github.com/poseidon/typhoon//bare-metal/flatcar-linux/kubernetes?ref=v1.29.3" # bare-metal cluster_name = "mercury" @@ -194,7 +194,7 @@ Workers with similar features can be defined inline using the `workers` field as ```tf module "mercury-node1" { - source = "git::https://github.com/poseidon/typhoon//bare-metal/fedora-coreos/kubernetes/worker?ref=v1.29.2" + source = "git::https://github.com/poseidon/typhoon//bare-metal/fedora-coreos/kubernetes/worker?ref=v1.29.3" # bare-metal cluster_name = "mercury" @@ -323,9 +323,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/mercury-config $ kubectl get nodes NAME STATUS ROLES AGE VERSION -node1.example.com Ready 10m v1.29.2 -node2.example.com Ready 10m v1.29.2 -node3.example.com Ready 10m v1.29.2 +node1.example.com Ready 10m v1.29.3 +node2.example.com Ready 10m v1.29.3 +node3.example.com Ready 10m v1.29.3 ``` List the pods. diff --git a/docs/flatcar-linux/digitalocean.md b/docs/flatcar-linux/digitalocean.md index c0e98247..d588a80b 100644 --- a/docs/flatcar-linux/digitalocean.md +++ b/docs/flatcar-linux/digitalocean.md @@ -1,6 +1,6 @@ # DigitalOcean -In this tutorial, we'll create a Kubernetes v1.29.2 cluster on DigitalOcean with Flatcar Linux. +In this tutorial, we'll create a Kubernetes v1.29.3 cluster on DigitalOcean with Flatcar Linux. We'll declare a Kubernetes cluster using the Typhoon Terraform module. Then apply the changes to create controller droplets, worker droplets, DNS records, tags, and TLS assets. @@ -81,7 +81,7 @@ Define a Kubernetes cluster using the module `digital-ocean/flatcar-linux/kubern ```tf module "nemo" { - source = "git::https://github.com/poseidon/typhoon//digital-ocean/flatcar-linux/kubernetes?ref=v1.29.2" + source = "git::https://github.com/poseidon/typhoon//digital-ocean/flatcar-linux/kubernetes?ref=v1.29.3" # Digital Ocean cluster_name = "nemo" @@ -155,9 +155,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/nemo-config $ kubectl get nodes NAME STATUS ROLES AGE VERSION -10.132.110.130 Ready 10m v1.29.2 -10.132.115.81 Ready 10m v1.29.2 -10.132.124.107 Ready 10m v1.29.2 +10.132.110.130 Ready 10m v1.29.3 +10.132.115.81 Ready 10m v1.29.3 +10.132.124.107 Ready 10m v1.29.3 ``` List the pods. diff --git a/docs/flatcar-linux/google-cloud.md b/docs/flatcar-linux/google-cloud.md index 7415e591..11c18901 100644 --- a/docs/flatcar-linux/google-cloud.md +++ b/docs/flatcar-linux/google-cloud.md @@ -1,6 +1,6 @@ # Google Cloud -In this tutorial, we'll create a Kubernetes v1.29.2 cluster on Google Compute Engine with Flatcar Linux. +In this tutorial, we'll create a Kubernetes v1.29.3 cluster on Google Compute Engine with Flatcar Linux. We'll declare a Kubernetes cluster using the Typhoon Terraform module. Then apply the changes to create a network, firewall rules, health checks, controller instances, worker managed instance group, load balancers, and TLS assets. @@ -73,7 +73,7 @@ Define a Kubernetes cluster using the module `google-cloud/flatcar-linux/kuberne ```tf module "yavin" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/flatcar-linux/kubernetes?ref=v1.29.2" + source = "git::https://github.com/poseidon/typhoon//google-cloud/flatcar-linux/kubernetes?ref=v1.29.3" # Google Cloud cluster_name = "yavin" @@ -147,9 +147,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/yavin-config $ kubectl get nodes NAME ROLES STATUS AGE VERSION -yavin-controller-0.c.example-com.internal Ready 6m v1.29.2 -yavin-worker-jrbf.c.example-com.internal Ready 5m v1.29.2 -yavin-worker-mzdm.c.example-com.internal Ready 5m v1.29.2 +yavin-controller-0.c.example-com.internal Ready 6m v1.29.3 +yavin-worker-jrbf.c.example-com.internal Ready 5m v1.29.3 +yavin-worker-mzdm.c.example-com.internal Ready 5m v1.29.3 ``` List the pods. diff --git a/docs/index.md b/docs/index.md index 5d4216b1..0e518208 100644 --- a/docs/index.md +++ b/docs/index.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.29.2 (upstream) +* Kubernetes v1.29.3 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/), SELinux enforcing * Advanced features like [worker pools](advanced/worker-pools/), [preemptible](fedora-coreos/google-cloud/#preemption) workers, and [snippets](advanced/customization/#hosts) customization @@ -62,7 +62,7 @@ Define a Kubernetes cluster by using the Terraform module for your chosen platfo ```tf module "yavin" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.29.2" + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.29.3" # Google Cloud cluster_name = "yavin" @@ -100,9 +100,9 @@ In 4-8 minutes (varies by platform), the cluster will be ready. This Google Clou $ export KUBECONFIG=/home/user/.kube/configs/yavin-config $ kubectl get nodes NAME ROLES STATUS AGE VERSION -yavin-controller-0.c.example-com.internal Ready 6m v1.29.2 -yavin-worker-jrbf.c.example-com.internal Ready 5m v1.29.2 -yavin-worker-mzdm.c.example-com.internal Ready 5m v1.29.2 +yavin-controller-0.c.example-com.internal Ready 6m v1.29.3 +yavin-worker-jrbf.c.example-com.internal Ready 5m v1.29.3 +yavin-worker-mzdm.c.example-com.internal Ready 5m v1.29.3 ``` List the pods. diff --git a/docs/topics/maintenance.md b/docs/topics/maintenance.md index e4efda20..caa424a8 100644 --- a/docs/topics/maintenance.md +++ b/docs/topics/maintenance.md @@ -13,12 +13,12 @@ Typhoon provides tagged releases to allow clusters to be versioned using ordinar ``` module "yavin" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.29.2" + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.29.3" ... } module "mercury" { - source = "git::https://github.com/poseidon/typhoon//bare-metal/flatcar-linux/kubernetes?ref=v1.29.2" + source = "git::https://github.com/poseidon/typhoon//bare-metal/flatcar-linux/kubernetes?ref=v1.29.3" ... } ``` @@ -192,7 +192,7 @@ Applying edits to most worker fields will start an instance refresh: However, changing `os_stream`/`os_channel` or new AMIs becoming available will NOT change the launch configuration or trigger an Instance Refresh. This allows Fedora CoreOS or Flatcar Linux to auto-update themselves via reboots and avoids unexpected terraform diffs for new AMIs. !!! note - Before Typhoon v1.29.2, worker nodes only used new launch configurations when replaced manually (or due to failure). If you must change node configuration manually, it's still possible. Create a new [worker pool](../advanced/worker-pools.md), then scale down the old worker pool as desired. + Before Typhoon v1.29.3, worker nodes only used new launch configurations when replaced manually (or due to failure). If you must change node configuration manually, it's still possible. Create a new [worker pool](../advanced/worker-pools.md), then scale down the old worker pool as desired. ### Google Cloud @@ -233,7 +233,7 @@ Applying edits to most worker fields will start an instance refresh: However, changing `os_stream`/`os_channel` or new compute images becoming available will NOT change the launch template or update instances. This allows Fedora CoreOS or Flatcar Linux to auto-update themselves via reboots and avoids unexpected terraform diffs for new AMIs. !!! note - Before Typhoon v1.29.2, worker nodes only used new launch templates when replaced manually (or due to failure). If you must change node configuration manually, it's still possible. Create a new [worker pool](../advanced/worker-pools.md), then scale down the old worker pool as desired. + Before Typhoon v1.29.3, worker nodes only used new launch templates when replaced manually (or due to failure). If you must change node configuration manually, it's still possible. Create a new [worker pool](../advanced/worker-pools.md), then scale down the old worker pool as desired. ## Upgrade poseidon/ct diff --git a/google-cloud/fedora-coreos/kubernetes/README.md b/google-cloud/fedora-coreos/kubernetes/README.md index c1542c71..3d48b716 100644 --- a/google-cloud/fedora-coreos/kubernetes/README.md +++ b/google-cloud/fedora-coreos/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.29.2 (upstream) +* Kubernetes v1.29.3 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/), SELinux enforcing * Advanced features like [worker pools](https://typhoon.psdn.io/advanced/worker-pools/), [preemptible](https://typhoon.psdn.io/fedora-coreos/google-cloud/#preemption) workers, and [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/google-cloud/fedora-coreos/kubernetes/bootstrap.tf b/google-cloud/fedora-coreos/kubernetes/bootstrap.tf index 575025e8..4e00ce3b 100644 --- a/google-cloud/fedora-coreos/kubernetes/bootstrap.tf +++ b/google-cloud/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=5dfa185b9de48b43cfa6bf5996331e311d312d57" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=9145a587b3b0354ec8757064a4835d9e4d6267c0" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/google-cloud/fedora-coreos/kubernetes/butane/controller.yaml b/google-cloud/fedora-coreos/kubernetes/butane/controller.yaml index c8500578..08b596c5 100644 --- a/google-cloud/fedora-coreos/kubernetes/butane/controller.yaml +++ b/google-cloud/fedora-coreos/kubernetes/butane/controller.yaml @@ -54,7 +54,7 @@ systemd: Description=Kubelet (System Container) Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.2 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.3 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin @@ -111,7 +111,7 @@ systemd: --volume /opt/bootstrap/assets:/assets:ro,Z \ --volume /opt/bootstrap/apply:/apply:ro,Z \ --entrypoint=/apply \ - quay.io/poseidon/kubelet:v1.29.2 + quay.io/poseidon/kubelet:v1.29.3 ExecStartPost=/bin/touch /opt/bootstrap/bootstrap.done ExecStartPost=-/usr/bin/podman stop bootstrap storage: diff --git a/google-cloud/fedora-coreos/kubernetes/workers/butane/worker.yaml b/google-cloud/fedora-coreos/kubernetes/workers/butane/worker.yaml index 7084984f..a9306055 100644 --- a/google-cloud/fedora-coreos/kubernetes/workers/butane/worker.yaml +++ b/google-cloud/fedora-coreos/kubernetes/workers/butane/worker.yaml @@ -26,7 +26,7 @@ systemd: Description=Kubelet (System Container) Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.2 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.3 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin diff --git a/google-cloud/flatcar-linux/kubernetes/README.md b/google-cloud/flatcar-linux/kubernetes/README.md index 22f705f8..641e0aab 100644 --- a/google-cloud/flatcar-linux/kubernetes/README.md +++ b/google-cloud/flatcar-linux/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.29.2 (upstream) +* Kubernetes v1.29.3 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/) * Advanced features like [worker pools](https://typhoon.psdn.io/advanced/worker-pools/), [preemptible](https://typhoon.psdn.io/flatcar-linux/google-cloud/#preemption) workers, and [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/google-cloud/flatcar-linux/kubernetes/bootstrap.tf b/google-cloud/flatcar-linux/kubernetes/bootstrap.tf index 575025e8..4e00ce3b 100644 --- a/google-cloud/flatcar-linux/kubernetes/bootstrap.tf +++ b/google-cloud/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=5dfa185b9de48b43cfa6bf5996331e311d312d57" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=9145a587b3b0354ec8757064a4835d9e4d6267c0" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/google-cloud/flatcar-linux/kubernetes/butane/controller.yaml b/google-cloud/flatcar-linux/kubernetes/butane/controller.yaml index 2ce2c085..ec3a4504 100644 --- a/google-cloud/flatcar-linux/kubernetes/butane/controller.yaml +++ b/google-cloud/flatcar-linux/kubernetes/butane/controller.yaml @@ -56,7 +56,7 @@ systemd: After=docker.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.2 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.3 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin @@ -105,7 +105,7 @@ systemd: Type=oneshot RemainAfterExit=true WorkingDirectory=/opt/bootstrap - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.2 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.3 ExecStart=/usr/bin/docker run \ -v /etc/kubernetes/pki:/etc/kubernetes/pki:ro \ -v /opt/bootstrap/assets:/assets:ro \ diff --git a/google-cloud/flatcar-linux/kubernetes/workers/butane/worker.yaml b/google-cloud/flatcar-linux/kubernetes/workers/butane/worker.yaml index 4e73efeb..8f7d4333 100644 --- a/google-cloud/flatcar-linux/kubernetes/workers/butane/worker.yaml +++ b/google-cloud/flatcar-linux/kubernetes/workers/butane/worker.yaml @@ -28,7 +28,7 @@ systemd: After=docker.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.2 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.3 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin From 4c3dd07ab336de2adf9cd88b4b74041339240a3e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 25 Mar 2024 17:29:59 +0000 Subject: [PATCH 032/132] Bump mkdocs-material from 9.5.14 to 9.5.15 Bumps [mkdocs-material](https://github.com/squidfunk/mkdocs-material) from 9.5.14 to 9.5.15. - [Release notes](https://github.com/squidfunk/mkdocs-material/releases) - [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG) - [Commits](https://github.com/squidfunk/mkdocs-material/compare/9.5.14...9.5.15) --- updated-dependencies: - dependency-name: mkdocs-material dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 14be64f1..cbb0e97d 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,4 +1,4 @@ mkdocs==1.5.3 -mkdocs-material==9.5.14 +mkdocs-material==9.5.15 pygments==2.17.2 pymdown-extensions==10.7.1 From 4bc10a8a4cf1fbde7cf3d2e30dc93cf41a82e636 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 1 Apr 2024 17:28:46 +0000 Subject: [PATCH 033/132] Bump mkdocs-material from 9.5.15 to 9.5.16 Bumps [mkdocs-material](https://github.com/squidfunk/mkdocs-material) from 9.5.15 to 9.5.16. - [Release notes](https://github.com/squidfunk/mkdocs-material/releases) - [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG) - [Commits](https://github.com/squidfunk/mkdocs-material/compare/9.5.15...9.5.16) --- updated-dependencies: - dependency-name: mkdocs-material dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index cbb0e97d..a487c18b 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,4 +1,4 @@ mkdocs==1.5.3 -mkdocs-material==9.5.15 +mkdocs-material==9.5.16 pygments==2.17.2 pymdown-extensions==10.7.1 From cafcdbc3e77fd9d1c525227d8f6b7e6c3e5db328 Mon Sep 17 00:00:00 2001 From: Dalton Hubble Date: Wed, 3 Apr 2024 22:48:36 -0700 Subject: [PATCH 034/132] Update etcd from v3.5.12 to v3.5.13 and bump Calico/Cilium * Update Cilium from v1.15.2 to v1.15.3 * Update Calico from v3.27.2 to v3.27.3 --- CHANGES.md | 8 ++++++++ aws/fedora-coreos/kubernetes/bootstrap.tf | 2 +- aws/fedora-coreos/kubernetes/butane/controller.yaml | 2 +- aws/flatcar-linux/kubernetes/bootstrap.tf | 2 +- aws/flatcar-linux/kubernetes/butane/controller.yaml | 2 +- azure/fedora-coreos/kubernetes/bootstrap.tf | 2 +- azure/fedora-coreos/kubernetes/butane/controller.yaml | 2 +- azure/flatcar-linux/kubernetes/bootstrap.tf | 2 +- azure/flatcar-linux/kubernetes/butane/controller.yaml | 2 +- bare-metal/fedora-coreos/kubernetes/bootstrap.tf | 2 +- .../fedora-coreos/kubernetes/butane/controller.yaml | 2 +- bare-metal/flatcar-linux/kubernetes/bootstrap.tf | 2 +- .../flatcar-linux/kubernetes/butane/controller.yaml | 2 +- digital-ocean/fedora-coreos/kubernetes/bootstrap.tf | 2 +- .../fedora-coreos/kubernetes/butane/controller.yaml | 2 +- digital-ocean/flatcar-linux/kubernetes/bootstrap.tf | 2 +- .../flatcar-linux/kubernetes/butane/controller.yaml | 2 +- google-cloud/fedora-coreos/kubernetes/bootstrap.tf | 2 +- .../fedora-coreos/kubernetes/butane/controller.yaml | 2 +- google-cloud/flatcar-linux/kubernetes/bootstrap.tf | 2 +- .../flatcar-linux/kubernetes/butane/controller.yaml | 2 +- 21 files changed, 28 insertions(+), 20 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index b1dabf2a..0764b2a7 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -4,12 +4,20 @@ Notable changes between versions. ## Latest +* Update etcd from v3.5.12 to [v3.5.13](https://github.com/etcd-io/etcd/releases/tag/v3.5.13) +* Update Cilium from v1.15.2 to [v1.15.3](https://github.com/cilium/cilium/releases/tag/v1.15.3) +* Update Calico from v3.27.2 to [v3.27.3](https://github.com/projectcalico/calico/releases/tag/v3.27.3) + +## v1.29.3 + +* Kubernetes [v1.29.3](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.29.md#v1293) * Update Cilium from v1.15.1 to [v1.15.2](https://github.com/cilium/cilium/releases/tag/v1.15.2) * Update flannel from v0.24.2 to [v0.24.4](https://github.com/flannel-io/flannel/releases/tag/v0.24.4) ## v1.29.2 * Kubernetes [v1.29.2](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.29.md#v1292) +* Update etcd from v3.5.10 to [v3.5.12](https://github.com/etcd-io/etcd/releases/tag/v3.5.12) * Update Cilium from v1.14.3 to [v1.15.1](https://github.com/cilium/cilium/releases/tag/v1.15.1) * Update Calico from v3.26.3 to [v3.27.2](https://github.com/projectcalico/calico/releases/tag/v3.27.2) * Fix upstream incompatibility with Fedora CoreOS ([calico#8372](https://github.com/projectcalico/calico/issues/8372)) diff --git a/aws/fedora-coreos/kubernetes/bootstrap.tf b/aws/fedora-coreos/kubernetes/bootstrap.tf index 80336a46..7e4f261e 100644 --- a/aws/fedora-coreos/kubernetes/bootstrap.tf +++ b/aws/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=9145a587b3b0354ec8757064a4835d9e4d6267c0" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=959b9ea04d8d3229739488e401051c6922da950b" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/aws/fedora-coreos/kubernetes/butane/controller.yaml b/aws/fedora-coreos/kubernetes/butane/controller.yaml index 865e45f6..345644c9 100644 --- a/aws/fedora-coreos/kubernetes/butane/controller.yaml +++ b/aws/fedora-coreos/kubernetes/butane/controller.yaml @@ -12,7 +12,7 @@ systemd: Wants=network-online.target After=network-online.target [Service] - Environment=ETCD_IMAGE=quay.io/coreos/etcd:v3.5.12 + Environment=ETCD_IMAGE=quay.io/coreos/etcd:v3.5.13 Type=exec ExecStartPre=/bin/mkdir -p /var/lib/etcd ExecStartPre=-/usr/bin/podman rm etcd diff --git a/aws/flatcar-linux/kubernetes/bootstrap.tf b/aws/flatcar-linux/kubernetes/bootstrap.tf index 80336a46..7e4f261e 100644 --- a/aws/flatcar-linux/kubernetes/bootstrap.tf +++ b/aws/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=9145a587b3b0354ec8757064a4835d9e4d6267c0" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=959b9ea04d8d3229739488e401051c6922da950b" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/aws/flatcar-linux/kubernetes/butane/controller.yaml b/aws/flatcar-linux/kubernetes/butane/controller.yaml index 2150af4c..a3a6e08d 100644 --- a/aws/flatcar-linux/kubernetes/butane/controller.yaml +++ b/aws/flatcar-linux/kubernetes/butane/controller.yaml @@ -11,7 +11,7 @@ systemd: Requires=docker.service After=docker.service [Service] - Environment=ETCD_IMAGE=quay.io/coreos/etcd:v3.5.12 + Environment=ETCD_IMAGE=quay.io/coreos/etcd:v3.5.13 ExecStartPre=/usr/bin/docker run -d \ --name etcd \ --network host \ diff --git a/azure/fedora-coreos/kubernetes/bootstrap.tf b/azure/fedora-coreos/kubernetes/bootstrap.tf index ac5872a3..ddab75ee 100644 --- a/azure/fedora-coreos/kubernetes/bootstrap.tf +++ b/azure/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=9145a587b3b0354ec8757064a4835d9e4d6267c0" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=959b9ea04d8d3229739488e401051c6922da950b" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/azure/fedora-coreos/kubernetes/butane/controller.yaml b/azure/fedora-coreos/kubernetes/butane/controller.yaml index 651b8c8b..b603757f 100644 --- a/azure/fedora-coreos/kubernetes/butane/controller.yaml +++ b/azure/fedora-coreos/kubernetes/butane/controller.yaml @@ -12,7 +12,7 @@ systemd: Wants=network-online.target After=network-online.target [Service] - Environment=ETCD_IMAGE=quay.io/coreos/etcd:v3.5.12 + Environment=ETCD_IMAGE=quay.io/coreos/etcd:v3.5.13 Type=exec ExecStartPre=/bin/mkdir -p /var/lib/etcd ExecStartPre=-/usr/bin/podman rm etcd diff --git a/azure/flatcar-linux/kubernetes/bootstrap.tf b/azure/flatcar-linux/kubernetes/bootstrap.tf index ac5872a3..ddab75ee 100644 --- a/azure/flatcar-linux/kubernetes/bootstrap.tf +++ b/azure/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=9145a587b3b0354ec8757064a4835d9e4d6267c0" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=959b9ea04d8d3229739488e401051c6922da950b" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/azure/flatcar-linux/kubernetes/butane/controller.yaml b/azure/flatcar-linux/kubernetes/butane/controller.yaml index 0c8a2d26..8f242f10 100644 --- a/azure/flatcar-linux/kubernetes/butane/controller.yaml +++ b/azure/flatcar-linux/kubernetes/butane/controller.yaml @@ -11,7 +11,7 @@ systemd: Requires=docker.service After=docker.service [Service] - Environment=ETCD_IMAGE=quay.io/coreos/etcd:v3.5.12 + Environment=ETCD_IMAGE=quay.io/coreos/etcd:v3.5.13 ExecStartPre=/usr/bin/docker run -d \ --name etcd \ --network host \ diff --git a/bare-metal/fedora-coreos/kubernetes/bootstrap.tf b/bare-metal/fedora-coreos/kubernetes/bootstrap.tf index 8a64126c..a3e48d32 100644 --- a/bare-metal/fedora-coreos/kubernetes/bootstrap.tf +++ b/bare-metal/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=9145a587b3b0354ec8757064a4835d9e4d6267c0" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=959b9ea04d8d3229739488e401051c6922da950b" cluster_name = var.cluster_name api_servers = [var.k8s_domain_name] diff --git a/bare-metal/fedora-coreos/kubernetes/butane/controller.yaml b/bare-metal/fedora-coreos/kubernetes/butane/controller.yaml index 6791aed0..ebc1c6e2 100644 --- a/bare-metal/fedora-coreos/kubernetes/butane/controller.yaml +++ b/bare-metal/fedora-coreos/kubernetes/butane/controller.yaml @@ -12,7 +12,7 @@ systemd: Wants=network-online.target After=network-online.target [Service] - Environment=ETCD_IMAGE=quay.io/coreos/etcd:v3.5.12 + Environment=ETCD_IMAGE=quay.io/coreos/etcd:v3.5.13 Type=exec ExecStartPre=/bin/mkdir -p /var/lib/etcd ExecStartPre=-/usr/bin/podman rm etcd diff --git a/bare-metal/flatcar-linux/kubernetes/bootstrap.tf b/bare-metal/flatcar-linux/kubernetes/bootstrap.tf index 9a4717bf..7cbda11d 100644 --- a/bare-metal/flatcar-linux/kubernetes/bootstrap.tf +++ b/bare-metal/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=9145a587b3b0354ec8757064a4835d9e4d6267c0" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=959b9ea04d8d3229739488e401051c6922da950b" cluster_name = var.cluster_name api_servers = [var.k8s_domain_name] diff --git a/bare-metal/flatcar-linux/kubernetes/butane/controller.yaml b/bare-metal/flatcar-linux/kubernetes/butane/controller.yaml index 8c1b54a6..f46069aa 100644 --- a/bare-metal/flatcar-linux/kubernetes/butane/controller.yaml +++ b/bare-metal/flatcar-linux/kubernetes/butane/controller.yaml @@ -11,7 +11,7 @@ systemd: Requires=docker.service After=docker.service [Service] - Environment=ETCD_IMAGE=quay.io/coreos/etcd:v3.5.12 + Environment=ETCD_IMAGE=quay.io/coreos/etcd:v3.5.13 ExecStartPre=/usr/bin/docker run -d \ --name etcd \ --network host \ diff --git a/digital-ocean/fedora-coreos/kubernetes/bootstrap.tf b/digital-ocean/fedora-coreos/kubernetes/bootstrap.tf index 4f83bfa7..eb0b6467 100644 --- a/digital-ocean/fedora-coreos/kubernetes/bootstrap.tf +++ b/digital-ocean/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=9145a587b3b0354ec8757064a4835d9e4d6267c0" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=959b9ea04d8d3229739488e401051c6922da950b" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/digital-ocean/fedora-coreos/kubernetes/butane/controller.yaml b/digital-ocean/fedora-coreos/kubernetes/butane/controller.yaml index 843799f7..a6389a50 100644 --- a/digital-ocean/fedora-coreos/kubernetes/butane/controller.yaml +++ b/digital-ocean/fedora-coreos/kubernetes/butane/controller.yaml @@ -12,7 +12,7 @@ systemd: Wants=network-online.target After=network-online.target [Service] - Environment=ETCD_IMAGE=quay.io/coreos/etcd:v3.5.12 + Environment=ETCD_IMAGE=quay.io/coreos/etcd:v3.5.13 Type=exec ExecStartPre=/bin/mkdir -p /var/lib/etcd ExecStartPre=-/usr/bin/podman rm etcd diff --git a/digital-ocean/flatcar-linux/kubernetes/bootstrap.tf b/digital-ocean/flatcar-linux/kubernetes/bootstrap.tf index 4f83bfa7..eb0b6467 100644 --- a/digital-ocean/flatcar-linux/kubernetes/bootstrap.tf +++ b/digital-ocean/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=9145a587b3b0354ec8757064a4835d9e4d6267c0" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=959b9ea04d8d3229739488e401051c6922da950b" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/digital-ocean/flatcar-linux/kubernetes/butane/controller.yaml b/digital-ocean/flatcar-linux/kubernetes/butane/controller.yaml index 8c91d26b..ed71d158 100644 --- a/digital-ocean/flatcar-linux/kubernetes/butane/controller.yaml +++ b/digital-ocean/flatcar-linux/kubernetes/butane/controller.yaml @@ -11,7 +11,7 @@ systemd: Requires=docker.service After=docker.service [Service] - Environment=ETCD_IMAGE=quay.io/coreos/etcd:v3.5.12 + Environment=ETCD_IMAGE=quay.io/coreos/etcd:v3.5.13 ExecStartPre=/usr/bin/docker run -d \ --name etcd \ --network host \ diff --git a/google-cloud/fedora-coreos/kubernetes/bootstrap.tf b/google-cloud/fedora-coreos/kubernetes/bootstrap.tf index 4e00ce3b..95b5d668 100644 --- a/google-cloud/fedora-coreos/kubernetes/bootstrap.tf +++ b/google-cloud/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=9145a587b3b0354ec8757064a4835d9e4d6267c0" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=959b9ea04d8d3229739488e401051c6922da950b" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/google-cloud/fedora-coreos/kubernetes/butane/controller.yaml b/google-cloud/fedora-coreos/kubernetes/butane/controller.yaml index 08b596c5..967196ae 100644 --- a/google-cloud/fedora-coreos/kubernetes/butane/controller.yaml +++ b/google-cloud/fedora-coreos/kubernetes/butane/controller.yaml @@ -12,7 +12,7 @@ systemd: Wants=network-online.target After=network-online.target [Service] - Environment=ETCD_IMAGE=quay.io/coreos/etcd:v3.5.12 + Environment=ETCD_IMAGE=quay.io/coreos/etcd:v3.5.13 Type=exec ExecStartPre=/bin/mkdir -p /var/lib/etcd ExecStartPre=-/usr/bin/podman rm etcd diff --git a/google-cloud/flatcar-linux/kubernetes/bootstrap.tf b/google-cloud/flatcar-linux/kubernetes/bootstrap.tf index 4e00ce3b..95b5d668 100644 --- a/google-cloud/flatcar-linux/kubernetes/bootstrap.tf +++ b/google-cloud/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=9145a587b3b0354ec8757064a4835d9e4d6267c0" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=959b9ea04d8d3229739488e401051c6922da950b" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/google-cloud/flatcar-linux/kubernetes/butane/controller.yaml b/google-cloud/flatcar-linux/kubernetes/butane/controller.yaml index ec3a4504..56e134cd 100644 --- a/google-cloud/flatcar-linux/kubernetes/butane/controller.yaml +++ b/google-cloud/flatcar-linux/kubernetes/butane/controller.yaml @@ -11,7 +11,7 @@ systemd: Requires=docker.service After=docker.service [Service] - Environment=ETCD_IMAGE=quay.io/coreos/etcd:v3.5.12 + Environment=ETCD_IMAGE=quay.io/coreos/etcd:v3.5.13 ExecStartPre=/usr/bin/docker run -d \ --name etcd \ --network host \ From bda94bd2784a8740728ab0f9a7874ff4ced0e86a Mon Sep 17 00:00:00 2001 From: Dalton Hubble Date: Wed, 3 Apr 2024 22:54:06 -0700 Subject: [PATCH 035/132] Add release.yaml to help auto-populate release notes * Auto-populated release notes have a nice way of highlighting new contributors and sorting dependency updates to the bottom. I'll still keep the hand-written changelog notes at the top because they're written for those who want a better summary than just a bunch of PR titles * Remove the PR template since its often unused --- .github/PULL_REQUEST_TEMPLATE.md | 10 ---------- .github/release.yaml | 12 ++++++++++++ 2 files changed, 12 insertions(+), 10 deletions(-) delete mode 100644 .github/PULL_REQUEST_TEMPLATE.md create mode 100644 .github/release.yaml diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md deleted file mode 100644 index 6943ea7b..00000000 --- a/.github/PULL_REQUEST_TEMPLATE.md +++ /dev/null @@ -1,10 +0,0 @@ -High level description of the change. - -* Specific change -* Specific change - -## Testing - -Describe your work to validate the change works. - -rel: issue number (if applicable) diff --git a/.github/release.yaml b/.github/release.yaml new file mode 100644 index 00000000..3073b415 --- /dev/null +++ b/.github/release.yaml @@ -0,0 +1,12 @@ +changelog: + categories: + - title: Contributions + labels: + - '*' + exclude: + labels: + - dependencies + - no-release-note + - title: Dependencies + labels: + - dependencies From 88112d4de257c92077d038adbfb4661f95df1495 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 22 Apr 2024 17:06:17 +0000 Subject: [PATCH 036/132] Bump mkdocs-material from 9.5.16 to 9.5.18 Bumps [mkdocs-material](https://github.com/squidfunk/mkdocs-material) from 9.5.16 to 9.5.18. - [Release notes](https://github.com/squidfunk/mkdocs-material/releases) - [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG) - [Commits](https://github.com/squidfunk/mkdocs-material/compare/9.5.16...9.5.18) --- updated-dependencies: - dependency-name: mkdocs-material dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index a487c18b..4fe98ff1 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,4 +1,4 @@ mkdocs==1.5.3 -mkdocs-material==9.5.16 +mkdocs-material==9.5.18 pygments==2.17.2 pymdown-extensions==10.7.1 From ed9a031d39699d8b9364a04b450de4b8352df44a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 22 Apr 2024 17:06:22 +0000 Subject: [PATCH 037/132] Bump pymdown-extensions from 10.7.1 to 10.8 Bumps [pymdown-extensions](https://github.com/facelessuser/pymdown-extensions) from 10.7.1 to 10.8. - [Release notes](https://github.com/facelessuser/pymdown-extensions/releases) - [Commits](https://github.com/facelessuser/pymdown-extensions/compare/10.7.1...10.8) --- updated-dependencies: - dependency-name: pymdown-extensions dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 4fe98ff1..36b4cb65 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,4 +1,4 @@ mkdocs==1.5.3 mkdocs-material==9.5.18 pygments==2.17.2 -pymdown-extensions==10.7.1 +pymdown-extensions==10.8 From 6ac5a0222bcc59d18aacff937336dcc22cc851e2 Mon Sep 17 00:00:00 2001 From: Dalton Hubble Date: Tue, 23 Apr 2024 20:45:34 -0700 Subject: [PATCH 038/132] Update Kubernetes from v1.29.3 to v1.30.0 * https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.30.md#v1300 --- CHANGES.md | 3 ++ README.md | 10 +++---- aws/fedora-coreos/kubernetes/README.md | 2 +- aws/fedora-coreos/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/workers/butane/worker.yaml | 2 +- aws/flatcar-linux/kubernetes/README.md | 2 +- aws/flatcar-linux/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/workers/butane/worker.yaml | 2 +- azure/fedora-coreos/kubernetes/README.md | 2 +- azure/fedora-coreos/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/workers/butane/worker.yaml | 2 +- azure/flatcar-linux/kubernetes/README.md | 2 +- azure/flatcar-linux/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/workers/butane/worker.yaml | 2 +- bare-metal/fedora-coreos/kubernetes/README.md | 2 +- .../fedora-coreos/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/worker/butane/worker.yaml | 2 +- bare-metal/flatcar-linux/kubernetes/README.md | 2 +- .../flatcar-linux/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/worker/butane/worker.yaml | 2 +- .../fedora-coreos/kubernetes/README.md | 2 +- .../fedora-coreos/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/butane/worker.yaml | 2 +- .../flatcar-linux/kubernetes/README.md | 2 +- .../flatcar-linux/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/butane/worker.yaml | 2 +- docs/advanced/arm64.md | 28 +++++++++---------- docs/advanced/nodes.md | 8 +++--- docs/advanced/worker-pools.md | 22 +++++++-------- docs/fedora-coreos/aws.md | 10 +++---- docs/fedora-coreos/azure.md | 10 +++---- docs/fedora-coreos/bare-metal.md | 12 ++++---- docs/fedora-coreos/digitalocean.md | 10 +++---- docs/fedora-coreos/google-cloud.md | 10 +++---- docs/flatcar-linux/aws.md | 10 +++---- docs/flatcar-linux/azure.md | 10 +++---- docs/flatcar-linux/bare-metal.md | 12 ++++---- docs/flatcar-linux/digitalocean.md | 10 +++---- docs/flatcar-linux/google-cloud.md | 10 +++---- docs/index.md | 10 +++---- docs/topics/maintenance.md | 8 +++--- .../fedora-coreos/kubernetes/README.md | 2 +- .../fedora-coreos/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/workers/butane/worker.yaml | 2 +- .../flatcar-linux/kubernetes/README.md | 2 +- .../flatcar-linux/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/workers/butane/worker.yaml | 2 +- 57 files changed, 148 insertions(+), 145 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index 0764b2a7..6e607821 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -4,6 +4,9 @@ Notable changes between versions. ## Latest +## v1.30.0 + +* Kubernetes [v1.30.0](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.30.md#v1300) * Update etcd from v3.5.12 to [v3.5.13](https://github.com/etcd-io/etcd/releases/tag/v3.5.13) * Update Cilium from v1.15.2 to [v1.15.3](https://github.com/cilium/cilium/releases/tag/v1.15.3) * Update Calico from v3.27.2 to [v3.27.3](https://github.com/projectcalico/calico/releases/tag/v3.27.3) diff --git a/README.md b/README.md index 99f0ce61..01232447 100644 --- a/README.md +++ b/README.md @@ -18,7 +18,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.29.3 (upstream) +* Kubernetes v1.30.0 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/), SELinux enforcing * Advanced features like [worker pools](https://typhoon.psdn.io/advanced/worker-pools/), [preemptible](https://typhoon.psdn.io/flatcar-linux/google-cloud/#preemption) workers, and [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization @@ -70,7 +70,7 @@ Define a Kubernetes cluster by using the Terraform module for your chosen platfo ```tf module "yavin" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.29.3" + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.30.0" # Google Cloud cluster_name = "yavin" @@ -109,9 +109,9 @@ In 4-8 minutes (varies by platform), the cluster will be ready. This Google Clou $ export KUBECONFIG=/home/user/.kube/configs/yavin-config $ kubectl get nodes NAME ROLES STATUS AGE VERSION -yavin-controller-0.c.example-com.internal Ready 6m v1.29.3 -yavin-worker-jrbf.c.example-com.internal Ready 5m v1.29.3 -yavin-worker-mzdm.c.example-com.internal Ready 5m v1.29.3 +yavin-controller-0.c.example-com.internal Ready 6m v1.30.0 +yavin-worker-jrbf.c.example-com.internal Ready 5m v1.30.0 +yavin-worker-mzdm.c.example-com.internal Ready 5m v1.30.0 ``` List the pods. diff --git a/aws/fedora-coreos/kubernetes/README.md b/aws/fedora-coreos/kubernetes/README.md index 5b475264..af796aaa 100644 --- a/aws/fedora-coreos/kubernetes/README.md +++ b/aws/fedora-coreos/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.29.3 (upstream) +* Kubernetes v1.30.0 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/), SELinux enforcing * Advanced features like [worker pools](https://typhoon.psdn.io/advanced/worker-pools/), [spot](https://typhoon.psdn.io/fedora-coreos/aws/#spot) workers, and [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/aws/fedora-coreos/kubernetes/bootstrap.tf b/aws/fedora-coreos/kubernetes/bootstrap.tf index 7e4f261e..f5005e67 100644 --- a/aws/fedora-coreos/kubernetes/bootstrap.tf +++ b/aws/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=959b9ea04d8d3229739488e401051c6922da950b" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=d233e90754e68d258a60abf1087e11377bdc1e4b" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/aws/fedora-coreos/kubernetes/butane/controller.yaml b/aws/fedora-coreos/kubernetes/butane/controller.yaml index 345644c9..35aed20b 100644 --- a/aws/fedora-coreos/kubernetes/butane/controller.yaml +++ b/aws/fedora-coreos/kubernetes/butane/controller.yaml @@ -57,7 +57,7 @@ systemd: After=afterburn.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.3 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.0 EnvironmentFile=/run/metadata/afterburn ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests @@ -116,7 +116,7 @@ systemd: --volume /opt/bootstrap/assets:/assets:ro,Z \ --volume /opt/bootstrap/apply:/apply:ro,Z \ --entrypoint=/apply \ - quay.io/poseidon/kubelet:v1.29.3 + quay.io/poseidon/kubelet:v1.30.0 ExecStartPost=/bin/touch /opt/bootstrap/bootstrap.done ExecStartPost=-/usr/bin/podman stop bootstrap storage: diff --git a/aws/fedora-coreos/kubernetes/workers/butane/worker.yaml b/aws/fedora-coreos/kubernetes/workers/butane/worker.yaml index 22cbc1dc..53067e65 100644 --- a/aws/fedora-coreos/kubernetes/workers/butane/worker.yaml +++ b/aws/fedora-coreos/kubernetes/workers/butane/worker.yaml @@ -29,7 +29,7 @@ systemd: After=afterburn.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.3 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.0 EnvironmentFile=/run/metadata/afterburn ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests diff --git a/aws/flatcar-linux/kubernetes/README.md b/aws/flatcar-linux/kubernetes/README.md index ba743ea2..9e0551b0 100644 --- a/aws/flatcar-linux/kubernetes/README.md +++ b/aws/flatcar-linux/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.29.3 (upstream) +* Kubernetes v1.30.0 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/) * Advanced features like [worker pools](https://typhoon.psdn.io/advanced/worker-pools/), [spot](https://typhoon.psdn.io/flatcar-linux/aws/#spot) workers, and [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/aws/flatcar-linux/kubernetes/bootstrap.tf b/aws/flatcar-linux/kubernetes/bootstrap.tf index 7e4f261e..f5005e67 100644 --- a/aws/flatcar-linux/kubernetes/bootstrap.tf +++ b/aws/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=959b9ea04d8d3229739488e401051c6922da950b" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=d233e90754e68d258a60abf1087e11377bdc1e4b" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/aws/flatcar-linux/kubernetes/butane/controller.yaml b/aws/flatcar-linux/kubernetes/butane/controller.yaml index a3a6e08d..f5d288b1 100644 --- a/aws/flatcar-linux/kubernetes/butane/controller.yaml +++ b/aws/flatcar-linux/kubernetes/butane/controller.yaml @@ -58,7 +58,7 @@ systemd: After=coreos-metadata.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.3 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.0 EnvironmentFile=/run/metadata/coreos ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests @@ -109,7 +109,7 @@ systemd: Type=oneshot RemainAfterExit=true WorkingDirectory=/opt/bootstrap - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.3 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.0 ExecStart=/usr/bin/docker run \ -v /etc/kubernetes/pki:/etc/kubernetes/pki:ro \ -v /opt/bootstrap/assets:/assets:ro \ diff --git a/aws/flatcar-linux/kubernetes/workers/butane/worker.yaml b/aws/flatcar-linux/kubernetes/workers/butane/worker.yaml index 1665e8f4..20ee3ef1 100644 --- a/aws/flatcar-linux/kubernetes/workers/butane/worker.yaml +++ b/aws/flatcar-linux/kubernetes/workers/butane/worker.yaml @@ -30,7 +30,7 @@ systemd: After=coreos-metadata.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.3 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.0 EnvironmentFile=/run/metadata/coreos ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests diff --git a/azure/fedora-coreos/kubernetes/README.md b/azure/fedora-coreos/kubernetes/README.md index ffde87bb..182b955b 100644 --- a/azure/fedora-coreos/kubernetes/README.md +++ b/azure/fedora-coreos/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.29.3 (upstream) +* Kubernetes v1.30.0 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/), SELinux enforcing * Advanced features like [worker pools](https://typhoon.psdn.io/advanced/worker-pools/), [spot priority](https://typhoon.psdn.io/fedora-coreos/azure/#low-priority) workers, and [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/azure/fedora-coreos/kubernetes/bootstrap.tf b/azure/fedora-coreos/kubernetes/bootstrap.tf index ddab75ee..60eee7aa 100644 --- a/azure/fedora-coreos/kubernetes/bootstrap.tf +++ b/azure/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=959b9ea04d8d3229739488e401051c6922da950b" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=d233e90754e68d258a60abf1087e11377bdc1e4b" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/azure/fedora-coreos/kubernetes/butane/controller.yaml b/azure/fedora-coreos/kubernetes/butane/controller.yaml index b603757f..fd39c83b 100644 --- a/azure/fedora-coreos/kubernetes/butane/controller.yaml +++ b/azure/fedora-coreos/kubernetes/butane/controller.yaml @@ -54,7 +54,7 @@ systemd: Description=Kubelet (System Container) Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.3 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.0 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin @@ -111,7 +111,7 @@ systemd: --volume /opt/bootstrap/assets:/assets:ro,Z \ --volume /opt/bootstrap/apply:/apply:ro,Z \ --entrypoint=/apply \ - quay.io/poseidon/kubelet:v1.29.3 + quay.io/poseidon/kubelet:v1.30.0 ExecStartPost=/bin/touch /opt/bootstrap/bootstrap.done ExecStartPost=-/usr/bin/podman stop bootstrap storage: diff --git a/azure/fedora-coreos/kubernetes/workers/butane/worker.yaml b/azure/fedora-coreos/kubernetes/workers/butane/worker.yaml index 4e577791..6debd16b 100644 --- a/azure/fedora-coreos/kubernetes/workers/butane/worker.yaml +++ b/azure/fedora-coreos/kubernetes/workers/butane/worker.yaml @@ -26,7 +26,7 @@ systemd: Description=Kubelet (System Container) Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.3 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.0 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin diff --git a/azure/flatcar-linux/kubernetes/README.md b/azure/flatcar-linux/kubernetes/README.md index ccdb0e9c..363a3faf 100644 --- a/azure/flatcar-linux/kubernetes/README.md +++ b/azure/flatcar-linux/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.29.3 (upstream) +* Kubernetes v1.30.0 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/) * Advanced features like [worker pools](https://typhoon.psdn.io/advanced/worker-pools/), [low-priority](https://typhoon.psdn.io/flatcar-linux/azure/#low-priority) workers, and [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/azure/flatcar-linux/kubernetes/bootstrap.tf b/azure/flatcar-linux/kubernetes/bootstrap.tf index ddab75ee..60eee7aa 100644 --- a/azure/flatcar-linux/kubernetes/bootstrap.tf +++ b/azure/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=959b9ea04d8d3229739488e401051c6922da950b" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=d233e90754e68d258a60abf1087e11377bdc1e4b" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/azure/flatcar-linux/kubernetes/butane/controller.yaml b/azure/flatcar-linux/kubernetes/butane/controller.yaml index 8f242f10..575f798c 100644 --- a/azure/flatcar-linux/kubernetes/butane/controller.yaml +++ b/azure/flatcar-linux/kubernetes/butane/controller.yaml @@ -56,7 +56,7 @@ systemd: After=docker.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.3 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.0 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin @@ -105,7 +105,7 @@ systemd: Type=oneshot RemainAfterExit=true WorkingDirectory=/opt/bootstrap - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.3 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.0 ExecStart=/usr/bin/docker run \ -v /etc/kubernetes/pki:/etc/kubernetes/pki:ro \ -v /opt/bootstrap/assets:/assets:ro \ diff --git a/azure/flatcar-linux/kubernetes/workers/butane/worker.yaml b/azure/flatcar-linux/kubernetes/workers/butane/worker.yaml index 57be7b2b..9f71dab7 100644 --- a/azure/flatcar-linux/kubernetes/workers/butane/worker.yaml +++ b/azure/flatcar-linux/kubernetes/workers/butane/worker.yaml @@ -28,7 +28,7 @@ systemd: After=docker.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.3 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.0 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin diff --git a/bare-metal/fedora-coreos/kubernetes/README.md b/bare-metal/fedora-coreos/kubernetes/README.md index a04466fb..12445b8d 100644 --- a/bare-metal/fedora-coreos/kubernetes/README.md +++ b/bare-metal/fedora-coreos/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.29.3 (upstream) +* Kubernetes v1.30.0 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/), SELinux enforcing * Advanced features like [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/bare-metal/fedora-coreos/kubernetes/bootstrap.tf b/bare-metal/fedora-coreos/kubernetes/bootstrap.tf index a3e48d32..9a37b9a2 100644 --- a/bare-metal/fedora-coreos/kubernetes/bootstrap.tf +++ b/bare-metal/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=959b9ea04d8d3229739488e401051c6922da950b" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=d233e90754e68d258a60abf1087e11377bdc1e4b" cluster_name = var.cluster_name api_servers = [var.k8s_domain_name] diff --git a/bare-metal/fedora-coreos/kubernetes/butane/controller.yaml b/bare-metal/fedora-coreos/kubernetes/butane/controller.yaml index ebc1c6e2..5e1756f8 100644 --- a/bare-metal/fedora-coreos/kubernetes/butane/controller.yaml +++ b/bare-metal/fedora-coreos/kubernetes/butane/controller.yaml @@ -53,7 +53,7 @@ systemd: Description=Kubelet (System Container) Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.3 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.0 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin @@ -113,7 +113,7 @@ systemd: Type=oneshot RemainAfterExit=true WorkingDirectory=/opt/bootstrap - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.3 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.0 ExecStartPre=-/usr/bin/podman rm bootstrap ExecStart=/usr/bin/podman run --name bootstrap \ --network host \ diff --git a/bare-metal/fedora-coreos/kubernetes/worker/butane/worker.yaml b/bare-metal/fedora-coreos/kubernetes/worker/butane/worker.yaml index 9d3a5ede..06d49c07 100644 --- a/bare-metal/fedora-coreos/kubernetes/worker/butane/worker.yaml +++ b/bare-metal/fedora-coreos/kubernetes/worker/butane/worker.yaml @@ -25,7 +25,7 @@ systemd: Description=Kubelet (System Container) Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.3 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.0 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin diff --git a/bare-metal/flatcar-linux/kubernetes/README.md b/bare-metal/flatcar-linux/kubernetes/README.md index a2391800..71452e61 100644 --- a/bare-metal/flatcar-linux/kubernetes/README.md +++ b/bare-metal/flatcar-linux/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.29.3 (upstream) +* Kubernetes v1.30.0 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/) * Advanced features like [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/bare-metal/flatcar-linux/kubernetes/bootstrap.tf b/bare-metal/flatcar-linux/kubernetes/bootstrap.tf index 7cbda11d..0c90a9d2 100644 --- a/bare-metal/flatcar-linux/kubernetes/bootstrap.tf +++ b/bare-metal/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=959b9ea04d8d3229739488e401051c6922da950b" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=d233e90754e68d258a60abf1087e11377bdc1e4b" cluster_name = var.cluster_name api_servers = [var.k8s_domain_name] diff --git a/bare-metal/flatcar-linux/kubernetes/butane/controller.yaml b/bare-metal/flatcar-linux/kubernetes/butane/controller.yaml index f46069aa..e48236ea 100644 --- a/bare-metal/flatcar-linux/kubernetes/butane/controller.yaml +++ b/bare-metal/flatcar-linux/kubernetes/butane/controller.yaml @@ -64,7 +64,7 @@ systemd: After=docker.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.3 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.0 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin @@ -114,7 +114,7 @@ systemd: Type=oneshot RemainAfterExit=true WorkingDirectory=/opt/bootstrap - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.3 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.0 ExecStart=/usr/bin/docker run \ -v /etc/kubernetes/pki:/etc/kubernetes/pki:ro \ -v /opt/bootstrap/assets:/assets:ro \ diff --git a/bare-metal/flatcar-linux/kubernetes/worker/butane/worker.yaml b/bare-metal/flatcar-linux/kubernetes/worker/butane/worker.yaml index c418eb19..15ea5514 100644 --- a/bare-metal/flatcar-linux/kubernetes/worker/butane/worker.yaml +++ b/bare-metal/flatcar-linux/kubernetes/worker/butane/worker.yaml @@ -36,7 +36,7 @@ systemd: After=docker.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.3 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.0 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin diff --git a/digital-ocean/fedora-coreos/kubernetes/README.md b/digital-ocean/fedora-coreos/kubernetes/README.md index 41beadea..9e6e5ac4 100644 --- a/digital-ocean/fedora-coreos/kubernetes/README.md +++ b/digital-ocean/fedora-coreos/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.29.3 (upstream) +* Kubernetes v1.30.0 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/), SELinux enforcing * Advanced features like [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/digital-ocean/fedora-coreos/kubernetes/bootstrap.tf b/digital-ocean/fedora-coreos/kubernetes/bootstrap.tf index eb0b6467..9a8b66d5 100644 --- a/digital-ocean/fedora-coreos/kubernetes/bootstrap.tf +++ b/digital-ocean/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=959b9ea04d8d3229739488e401051c6922da950b" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=d233e90754e68d258a60abf1087e11377bdc1e4b" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/digital-ocean/fedora-coreos/kubernetes/butane/controller.yaml b/digital-ocean/fedora-coreos/kubernetes/butane/controller.yaml index a6389a50..8197d605 100644 --- a/digital-ocean/fedora-coreos/kubernetes/butane/controller.yaml +++ b/digital-ocean/fedora-coreos/kubernetes/butane/controller.yaml @@ -55,7 +55,7 @@ systemd: After=afterburn.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.3 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.0 EnvironmentFile=/run/metadata/afterburn ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests @@ -123,7 +123,7 @@ systemd: --volume /opt/bootstrap/assets:/assets:ro,Z \ --volume /opt/bootstrap/apply:/apply:ro,Z \ --entrypoint=/apply \ - quay.io/poseidon/kubelet:v1.29.3 + quay.io/poseidon/kubelet:v1.30.0 ExecStartPost=/bin/touch /opt/bootstrap/bootstrap.done ExecStartPost=-/usr/bin/podman stop bootstrap storage: diff --git a/digital-ocean/fedora-coreos/kubernetes/butane/worker.yaml b/digital-ocean/fedora-coreos/kubernetes/butane/worker.yaml index 43dc82b5..e5f9ff62 100644 --- a/digital-ocean/fedora-coreos/kubernetes/butane/worker.yaml +++ b/digital-ocean/fedora-coreos/kubernetes/butane/worker.yaml @@ -28,7 +28,7 @@ systemd: After=afterburn.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.3 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.0 EnvironmentFile=/run/metadata/afterburn ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests diff --git a/digital-ocean/flatcar-linux/kubernetes/README.md b/digital-ocean/flatcar-linux/kubernetes/README.md index 1ff0175e..b5e275f2 100644 --- a/digital-ocean/flatcar-linux/kubernetes/README.md +++ b/digital-ocean/flatcar-linux/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.29.3 (upstream) +* Kubernetes v1.30.0 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/) * Advanced features like [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/digital-ocean/flatcar-linux/kubernetes/bootstrap.tf b/digital-ocean/flatcar-linux/kubernetes/bootstrap.tf index eb0b6467..9a8b66d5 100644 --- a/digital-ocean/flatcar-linux/kubernetes/bootstrap.tf +++ b/digital-ocean/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=959b9ea04d8d3229739488e401051c6922da950b" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=d233e90754e68d258a60abf1087e11377bdc1e4b" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/digital-ocean/flatcar-linux/kubernetes/butane/controller.yaml b/digital-ocean/flatcar-linux/kubernetes/butane/controller.yaml index ed71d158..6013c862 100644 --- a/digital-ocean/flatcar-linux/kubernetes/butane/controller.yaml +++ b/digital-ocean/flatcar-linux/kubernetes/butane/controller.yaml @@ -66,7 +66,7 @@ systemd: After=coreos-metadata.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.3 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.0 EnvironmentFile=/run/metadata/coreos ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests @@ -117,7 +117,7 @@ systemd: Type=oneshot RemainAfterExit=true WorkingDirectory=/opt/bootstrap - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.3 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.0 ExecStart=/usr/bin/docker run \ -v /etc/kubernetes/pki:/etc/kubernetes/pki:ro \ -v /opt/bootstrap/assets:/assets:ro \ diff --git a/digital-ocean/flatcar-linux/kubernetes/butane/worker.yaml b/digital-ocean/flatcar-linux/kubernetes/butane/worker.yaml index 77a5b294..ad2f3468 100644 --- a/digital-ocean/flatcar-linux/kubernetes/butane/worker.yaml +++ b/digital-ocean/flatcar-linux/kubernetes/butane/worker.yaml @@ -38,7 +38,7 @@ systemd: After=coreos-metadata.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.3 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.0 EnvironmentFile=/run/metadata/coreos ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests diff --git a/docs/advanced/arm64.md b/docs/advanced/arm64.md index 95803124..f3e17f8a 100644 --- a/docs/advanced/arm64.md +++ b/docs/advanced/arm64.md @@ -15,7 +15,7 @@ Create a cluster on AWS with ARM64 controller and worker nodes. Container worklo ```tf module "gravitas" { - source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes?ref=v1.29.3" + source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes?ref=v1.30.0" # AWS cluster_name = "gravitas" @@ -40,7 +40,7 @@ Create a cluster on AWS with ARM64 controller and worker nodes. Container worklo ```tf module "gravitas" { - source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes?ref=v1.29.3" + source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes?ref=v1.30.0" # AWS cluster_name = "gravitas" @@ -66,9 +66,9 @@ Verify the cluster has only arm64 (`aarch64`) nodes. For Flatcar Linux, describe ``` $ kubectl get nodes -o wide NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME -ip-10-0-21-119 Ready 77s v1.29.3 10.0.21.119 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.aarch64 containerd://1.5.8 -ip-10-0-32-166 Ready 80s v1.29.3 10.0.32.166 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.aarch64 containerd://1.5.8 -ip-10-0-5-79 Ready 77s v1.29.3 10.0.5.79 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.aarch64 containerd://1.5.8 +ip-10-0-21-119 Ready 77s v1.30.0 10.0.21.119 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.aarch64 containerd://1.5.8 +ip-10-0-32-166 Ready 80s v1.30.0 10.0.32.166 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.aarch64 containerd://1.5.8 +ip-10-0-5-79 Ready 77s v1.30.0 10.0.5.79 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.aarch64 containerd://1.5.8 ``` ## Hybrid @@ -79,7 +79,7 @@ Create a hybrid/mixed arch cluster by defining an AWS cluster. Then define a [wo ```tf module "gravitas" { - source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes?ref=v1.29.3" + source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes?ref=v1.30.0" # AWS cluster_name = "gravitas" @@ -102,7 +102,7 @@ Create a hybrid/mixed arch cluster by defining an AWS cluster. Then define a [wo ```tf module "gravitas" { - source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes?ref=v1.29.3" + source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes?ref=v1.30.0" # AWS cluster_name = "gravitas" @@ -125,7 +125,7 @@ Create a hybrid/mixed arch cluster by defining an AWS cluster. Then define a [wo ```tf module "gravitas-arm64" { - source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes/workers?ref=v1.29.3" + source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes/workers?ref=v1.30.0" # AWS vpc_id = module.gravitas.vpc_id @@ -149,7 +149,7 @@ Create a hybrid/mixed arch cluster by defining an AWS cluster. Then define a [wo ```tf module "gravitas-arm64" { - source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes/workers?ref=v1.29.3" + source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes/workers?ref=v1.30.0" # AWS vpc_id = module.gravitas.vpc_id @@ -174,10 +174,10 @@ Verify amd64 (x86_64) and arm64 (aarch64) nodes are present. ``` $ kubectl get nodes -o wide NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME -ip-10-0-1-73 Ready 111m v1.29.3 10.0.1.73 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.x86_64 containerd://1.5.8 -ip-10-0-22-79... Ready 111m v1.29.3 10.0.22.79 Flatcar Container Linux by Kinvolk 3033.2.0 (Oklo) 5.10.84-flatcar containerd://1.5.8 -ip-10-0-24-130 Ready 111m v1.29.3 10.0.24.130 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.x86_64 containerd://1.5.8 -ip-10-0-39-19 Ready 111m v1.29.3 10.0.39.19 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.x86_64 containerd://1.5.8 +ip-10-0-1-73 Ready 111m v1.30.0 10.0.1.73 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.x86_64 containerd://1.5.8 +ip-10-0-22-79... Ready 111m v1.30.0 10.0.22.79 Flatcar Container Linux by Kinvolk 3033.2.0 (Oklo) 5.10.84-flatcar containerd://1.5.8 +ip-10-0-24-130 Ready 111m v1.30.0 10.0.24.130 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.x86_64 containerd://1.5.8 +ip-10-0-39-19 Ready 111m v1.30.0 10.0.39.19 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.x86_64 containerd://1.5.8 ``` ## Azure @@ -186,7 +186,7 @@ Create a cluster on Azure with ARM64 controller and worker nodes. Container work ```tf module "ramius" { - source = "git::https://github.com/poseidon/typhoon//azure/flatcar-linux/kubernetes?ref=v1.29.3" + source = "git::https://github.com/poseidon/typhoon//azure/flatcar-linux/kubernetes?ref=v1.30.0" # Azure cluster_name = "ramius" diff --git a/docs/advanced/nodes.md b/docs/advanced/nodes.md index 7b8e7d91..1c1183b6 100644 --- a/docs/advanced/nodes.md +++ b/docs/advanced/nodes.md @@ -36,7 +36,7 @@ Add custom initial worker node labels to default workers or worker pool nodes to ```tf module "yavin" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.29.3" + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.30.0" # Google Cloud cluster_name = "yavin" @@ -57,7 +57,7 @@ Add custom initial worker node labels to default workers or worker pool nodes to ```tf module "yavin-pool" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes/workers?ref=v1.29.3" + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes/workers?ref=v1.30.0" # Google Cloud cluster_name = "yavin" @@ -89,7 +89,7 @@ Add custom initial taints on worker pool nodes to indicate a node is unique and ```tf module "yavin" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.29.3" + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.30.0" # Google Cloud cluster_name = "yavin" @@ -110,7 +110,7 @@ Add custom initial taints on worker pool nodes to indicate a node is unique and ```tf module "yavin-pool" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes/workers?ref=v1.29.3" + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes/workers?ref=v1.30.0" # Google Cloud cluster_name = "yavin" diff --git a/docs/advanced/worker-pools.md b/docs/advanced/worker-pools.md index fc836fbf..d77716ab 100644 --- a/docs/advanced/worker-pools.md +++ b/docs/advanced/worker-pools.md @@ -19,7 +19,7 @@ Create a cluster following the AWS [tutorial](../flatcar-linux/aws.md#cluster). ```tf module "tempest-worker-pool" { - source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes/workers?ref=v1.29.3" + source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes/workers?ref=v1.30.0" # AWS vpc_id = module.tempest.vpc_id @@ -42,7 +42,7 @@ Create a cluster following the AWS [tutorial](../flatcar-linux/aws.md#cluster). ```tf module "tempest-worker-pool" { - source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes/workers?ref=v1.29.3" + source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes/workers?ref=v1.30.0" # AWS vpc_id = module.tempest.vpc_id @@ -111,7 +111,7 @@ Create a cluster following the Azure [tutorial](../flatcar-linux/azure.md#cluste ```tf module "ramius-worker-pool" { - source = "git::https://github.com/poseidon/typhoon//azure/fedora-coreos/kubernetes/workers?ref=v1.29.3" + source = "git::https://github.com/poseidon/typhoon//azure/fedora-coreos/kubernetes/workers?ref=v1.30.0" # Azure region = module.ramius.region @@ -137,7 +137,7 @@ Create a cluster following the Azure [tutorial](../flatcar-linux/azure.md#cluste ```tf module "ramius-worker-pool" { - source = "git::https://github.com/poseidon/typhoon//azure/flatcar-linux/kubernetes/workers?ref=v1.29.3" + source = "git::https://github.com/poseidon/typhoon//azure/flatcar-linux/kubernetes/workers?ref=v1.30.0" # Azure region = module.ramius.region @@ -207,7 +207,7 @@ Create a cluster following the Google Cloud [tutorial](../flatcar-linux/google-c ```tf module "yavin-worker-pool" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes/workers?ref=v1.29.3" + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes/workers?ref=v1.30.0" # Google Cloud region = "europe-west2" @@ -231,7 +231,7 @@ Create a cluster following the Google Cloud [tutorial](../flatcar-linux/google-c ```tf module "yavin-worker-pool" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/flatcar-linux/kubernetes/workers?ref=v1.29.3" + source = "git::https://github.com/poseidon/typhoon//google-cloud/flatcar-linux/kubernetes/workers?ref=v1.30.0" # Google Cloud region = "europe-west2" @@ -262,11 +262,11 @@ Verify a managed instance group of workers joins the cluster within a few minute ``` $ kubectl get nodes NAME STATUS AGE VERSION -yavin-controller-0.c.example-com.internal Ready 6m v1.29.3 -yavin-worker-jrbf.c.example-com.internal Ready 5m v1.29.3 -yavin-worker-mzdm.c.example-com.internal Ready 5m v1.29.3 -yavin-16x-worker-jrbf.c.example-com.internal Ready 3m v1.29.3 -yavin-16x-worker-mzdm.c.example-com.internal Ready 3m v1.29.3 +yavin-controller-0.c.example-com.internal Ready 6m v1.30.0 +yavin-worker-jrbf.c.example-com.internal Ready 5m v1.30.0 +yavin-worker-mzdm.c.example-com.internal Ready 5m v1.30.0 +yavin-16x-worker-jrbf.c.example-com.internal Ready 3m v1.30.0 +yavin-16x-worker-mzdm.c.example-com.internal Ready 3m v1.30.0 ``` ### Variables diff --git a/docs/fedora-coreos/aws.md b/docs/fedora-coreos/aws.md index 2a37007c..3ed5dc9a 100644 --- a/docs/fedora-coreos/aws.md +++ b/docs/fedora-coreos/aws.md @@ -1,6 +1,6 @@ # AWS -In this tutorial, we'll create a Kubernetes v1.29.3 cluster on AWS with Fedora CoreOS. +In this tutorial, we'll create a Kubernetes v1.30.0 cluster on AWS with Fedora CoreOS. We'll declare a Kubernetes cluster using the Typhoon Terraform module. Then apply the changes to create a VPC, gateway, subnets, security groups, controller instances, worker auto-scaling group, network load balancer, and TLS assets. @@ -72,7 +72,7 @@ Define a Kubernetes cluster using the module `aws/fedora-coreos/kubernetes`. ```tf module "tempest" { - source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes?ref=v1.29.3" + source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes?ref=v1.30.0" # AWS cluster_name = "tempest" @@ -145,9 +145,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/tempest-config $ kubectl get nodes NAME STATUS ROLES AGE VERSION -ip-10-0-3-155 Ready 10m v1.29.3 -ip-10-0-26-65 Ready 10m v1.29.3 -ip-10-0-41-21 Ready 10m v1.29.3 +ip-10-0-3-155 Ready 10m v1.30.0 +ip-10-0-26-65 Ready 10m v1.30.0 +ip-10-0-41-21 Ready 10m v1.30.0 ``` List the pods. diff --git a/docs/fedora-coreos/azure.md b/docs/fedora-coreos/azure.md index 79f43d3c..ae6ab904 100644 --- a/docs/fedora-coreos/azure.md +++ b/docs/fedora-coreos/azure.md @@ -1,6 +1,6 @@ # Azure -In this tutorial, we'll create a Kubernetes v1.29.3 cluster on Azure with Fedora CoreOS. +In this tutorial, we'll create a Kubernetes v1.30.0 cluster on Azure with Fedora CoreOS. We'll declare a Kubernetes cluster using the Typhoon Terraform module. Then apply the changes to create a resource group, virtual network, subnets, security groups, controller availability set, worker scale set, load balancer, and TLS assets. @@ -86,7 +86,7 @@ Define a Kubernetes cluster using the module `azure/fedora-coreos/kubernetes`. ```tf module "ramius" { - source = "git::https://github.com/poseidon/typhoon//azure/fedora-coreos/kubernetes?ref=v1.29.3" + source = "git::https://github.com/poseidon/typhoon//azure/fedora-coreos/kubernetes?ref=v1.30.0" # Azure cluster_name = "ramius" @@ -161,9 +161,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/ramius-config $ kubectl get nodes NAME STATUS ROLES AGE VERSION -ramius-controller-0 Ready 24m v1.29.3 -ramius-worker-000001 Ready 25m v1.29.3 -ramius-worker-000002 Ready 24m v1.29.3 +ramius-controller-0 Ready 24m v1.30.0 +ramius-worker-000001 Ready 25m v1.30.0 +ramius-worker-000002 Ready 24m v1.30.0 ``` List the pods. diff --git a/docs/fedora-coreos/bare-metal.md b/docs/fedora-coreos/bare-metal.md index 8e0644a3..7fbf40b8 100644 --- a/docs/fedora-coreos/bare-metal.md +++ b/docs/fedora-coreos/bare-metal.md @@ -1,6 +1,6 @@ # Bare-Metal -In this tutorial, we'll network boot and provision a Kubernetes v1.29.3 cluster on bare-metal with Fedora CoreOS. +In this tutorial, we'll network boot and provision a Kubernetes v1.30.0 cluster on bare-metal with Fedora CoreOS. First, we'll deploy a [Matchbox](https://github.com/poseidon/matchbox) service and setup a network boot environment. Then, we'll declare a Kubernetes cluster using the Typhoon Terraform module and power on machines. On PXE boot, machines will install Fedora CoreOS to disk, reboot into the disk install, and provision themselves as Kubernetes controllers or workers via Ignition. @@ -154,7 +154,7 @@ Define a Kubernetes cluster using the module `bare-metal/fedora-coreos/kubernete ```tf module "mercury" { - source = "git::https://github.com/poseidon/typhoon//bare-metal/fedora-coreos/kubernetes?ref=v1.29.3" + source = "git::https://github.com/poseidon/typhoon//bare-metal/fedora-coreos/kubernetes?ref=v1.30.0" # bare-metal cluster_name = "mercury" @@ -191,7 +191,7 @@ Workers with similar features can be defined inline using the `workers` field as ```tf module "mercury-node1" { - source = "git::https://github.com/poseidon/typhoon//bare-metal/fedora-coreos/kubernetes/worker?ref=v1.29.3" + source = "git::https://github.com/poseidon/typhoon//bare-metal/fedora-coreos/kubernetes/worker?ref=v1.30.0" # bare-metal cluster_name = "mercury" @@ -313,9 +313,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/mercury-config $ kubectl get nodes NAME STATUS ROLES AGE VERSION -node1.example.com Ready 10m v1.29.3 -node2.example.com Ready 10m v1.29.3 -node3.example.com Ready 10m v1.29.3 +node1.example.com Ready 10m v1.30.0 +node2.example.com Ready 10m v1.30.0 +node3.example.com Ready 10m v1.30.0 ``` List the pods. diff --git a/docs/fedora-coreos/digitalocean.md b/docs/fedora-coreos/digitalocean.md index 2886e4c2..b1b9f862 100644 --- a/docs/fedora-coreos/digitalocean.md +++ b/docs/fedora-coreos/digitalocean.md @@ -1,6 +1,6 @@ # DigitalOcean -In this tutorial, we'll create a Kubernetes v1.29.3 cluster on DigitalOcean with Fedora CoreOS. +In this tutorial, we'll create a Kubernetes v1.30.0 cluster on DigitalOcean with Fedora CoreOS. We'll declare a Kubernetes cluster using the Typhoon Terraform module. Then apply the changes to create controller droplets, worker droplets, DNS records, tags, and TLS assets. @@ -81,7 +81,7 @@ Define a Kubernetes cluster using the module `digital-ocean/fedora-coreos/kubern ```tf module "nemo" { - source = "git::https://github.com/poseidon/typhoon//digital-ocean/fedora-coreos/kubernetes?ref=v1.29.3" + source = "git::https://github.com/poseidon/typhoon//digital-ocean/fedora-coreos/kubernetes?ref=v1.30.0" # Digital Ocean cluster_name = "nemo" @@ -155,9 +155,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/nemo-config $ kubectl get nodes NAME STATUS ROLES AGE VERSION -10.132.110.130 Ready 10m v1.29.3 -10.132.115.81 Ready 10m v1.29.3 -10.132.124.107 Ready 10m v1.29.3 +10.132.110.130 Ready 10m v1.30.0 +10.132.115.81 Ready 10m v1.30.0 +10.132.124.107 Ready 10m v1.30.0 ``` List the pods. diff --git a/docs/fedora-coreos/google-cloud.md b/docs/fedora-coreos/google-cloud.md index d30da708..5faa46f6 100644 --- a/docs/fedora-coreos/google-cloud.md +++ b/docs/fedora-coreos/google-cloud.md @@ -1,6 +1,6 @@ # Google Cloud -In this tutorial, we'll create a Kubernetes v1.29.3 cluster on Google Compute Engine with Fedora CoreOS. +In this tutorial, we'll create a Kubernetes v1.30.0 cluster on Google Compute Engine with Fedora CoreOS. We'll declare a Kubernetes cluster using the Typhoon Terraform module. Then apply the changes to create a network, firewall rules, health checks, controller instances, worker managed instance group, load balancers, and TLS assets. @@ -73,7 +73,7 @@ Define a Kubernetes cluster using the module `google-cloud/fedora-coreos/kuberne ```tf module "yavin" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.29.3" + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.30.0" # Google Cloud cluster_name = "yavin" @@ -147,9 +147,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/yavin-config $ kubectl get nodes NAME ROLES STATUS AGE VERSION -yavin-controller-0.c.example-com.internal Ready 6m v1.29.3 -yavin-worker-jrbf.c.example-com.internal Ready 5m v1.29.3 -yavin-worker-mzdm.c.example-com.internal Ready 5m v1.29.3 +yavin-controller-0.c.example-com.internal Ready 6m v1.30.0 +yavin-worker-jrbf.c.example-com.internal Ready 5m v1.30.0 +yavin-worker-mzdm.c.example-com.internal Ready 5m v1.30.0 ``` List the pods. diff --git a/docs/flatcar-linux/aws.md b/docs/flatcar-linux/aws.md index 59a84b52..87d47ec0 100644 --- a/docs/flatcar-linux/aws.md +++ b/docs/flatcar-linux/aws.md @@ -1,6 +1,6 @@ # AWS -In this tutorial, we'll create a Kubernetes v1.29.3 cluster on AWS with Flatcar Linux. +In this tutorial, we'll create a Kubernetes v1.30.0 cluster on AWS with Flatcar Linux. We'll declare a Kubernetes cluster using the Typhoon Terraform module. Then apply the changes to create a VPC, gateway, subnets, security groups, controller instances, worker auto-scaling group, network load balancer, and TLS assets. @@ -72,7 +72,7 @@ Define a Kubernetes cluster using the module `aws/flatcar-linux/kubernetes`. ```tf module "tempest" { - source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes?ref=v1.29.3" + source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes?ref=v1.30.0" # AWS cluster_name = "tempest" @@ -145,9 +145,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/tempest-config $ kubectl get nodes NAME STATUS ROLES AGE VERSION -ip-10-0-3-155 Ready 10m v1.29.3 -ip-10-0-26-65 Ready 10m v1.29.3 -ip-10-0-41-21 Ready 10m v1.29.3 +ip-10-0-3-155 Ready 10m v1.30.0 +ip-10-0-26-65 Ready 10m v1.30.0 +ip-10-0-41-21 Ready 10m v1.30.0 ``` List the pods. diff --git a/docs/flatcar-linux/azure.md b/docs/flatcar-linux/azure.md index 8403b21e..db203a16 100644 --- a/docs/flatcar-linux/azure.md +++ b/docs/flatcar-linux/azure.md @@ -1,6 +1,6 @@ # Azure -In this tutorial, we'll create a Kubernetes v1.29.3 cluster on Azure with Flatcar Linux. +In this tutorial, we'll create a Kubernetes v1.30.0 cluster on Azure with Flatcar Linux. We'll declare a Kubernetes cluster using the Typhoon Terraform module. Then apply the changes to create a resource group, virtual network, subnets, security groups, controller availability set, worker scale set, load balancer, and TLS assets. @@ -75,7 +75,7 @@ Define a Kubernetes cluster using the module `azure/flatcar-linux/kubernetes`. ```tf module "ramius" { - source = "git::https://github.com/poseidon/typhoon//azure/flatcar-linux/kubernetes?ref=v1.29.3" + source = "git::https://github.com/poseidon/typhoon//azure/flatcar-linux/kubernetes?ref=v1.30.0" # Azure cluster_name = "ramius" @@ -149,9 +149,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/ramius-config $ kubectl get nodes NAME STATUS ROLES AGE VERSION -ramius-controller-0 Ready 24m v1.29.3 -ramius-worker-000001 Ready 25m v1.29.3 -ramius-worker-000002 Ready 24m v1.29.3 +ramius-controller-0 Ready 24m v1.30.0 +ramius-worker-000001 Ready 25m v1.30.0 +ramius-worker-000002 Ready 24m v1.30.0 ``` List the pods. diff --git a/docs/flatcar-linux/bare-metal.md b/docs/flatcar-linux/bare-metal.md index f104a463..36e17a44 100644 --- a/docs/flatcar-linux/bare-metal.md +++ b/docs/flatcar-linux/bare-metal.md @@ -1,6 +1,6 @@ # Bare-Metal -In this tutorial, we'll network boot and provision a Kubernetes v1.29.3 cluster on bare-metal with Flatcar Linux. +In this tutorial, we'll network boot and provision a Kubernetes v1.30.0 cluster on bare-metal with Flatcar Linux. First, we'll deploy a [Matchbox](https://github.com/poseidon/matchbox) service and setup a network boot environment. Then, we'll declare a Kubernetes cluster using the Typhoon Terraform module and power on machines. On PXE boot, machines will install Container Linux to disk, reboot into the disk install, and provision themselves as Kubernetes controllers or workers via Ignition. @@ -154,7 +154,7 @@ Define a Kubernetes cluster using the module `bare-metal/flatcar-linux/kubernete ```tf module "mercury" { - source = "git::https://github.com/poseidon/typhoon//bare-metal/flatcar-linux/kubernetes?ref=v1.29.3" + source = "git::https://github.com/poseidon/typhoon//bare-metal/flatcar-linux/kubernetes?ref=v1.30.0" # bare-metal cluster_name = "mercury" @@ -194,7 +194,7 @@ Workers with similar features can be defined inline using the `workers` field as ```tf module "mercury-node1" { - source = "git::https://github.com/poseidon/typhoon//bare-metal/fedora-coreos/kubernetes/worker?ref=v1.29.3" + source = "git::https://github.com/poseidon/typhoon//bare-metal/fedora-coreos/kubernetes/worker?ref=v1.30.0" # bare-metal cluster_name = "mercury" @@ -323,9 +323,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/mercury-config $ kubectl get nodes NAME STATUS ROLES AGE VERSION -node1.example.com Ready 10m v1.29.3 -node2.example.com Ready 10m v1.29.3 -node3.example.com Ready 10m v1.29.3 +node1.example.com Ready 10m v1.30.0 +node2.example.com Ready 10m v1.30.0 +node3.example.com Ready 10m v1.30.0 ``` List the pods. diff --git a/docs/flatcar-linux/digitalocean.md b/docs/flatcar-linux/digitalocean.md index d588a80b..d3006bec 100644 --- a/docs/flatcar-linux/digitalocean.md +++ b/docs/flatcar-linux/digitalocean.md @@ -1,6 +1,6 @@ # DigitalOcean -In this tutorial, we'll create a Kubernetes v1.29.3 cluster on DigitalOcean with Flatcar Linux. +In this tutorial, we'll create a Kubernetes v1.30.0 cluster on DigitalOcean with Flatcar Linux. We'll declare a Kubernetes cluster using the Typhoon Terraform module. Then apply the changes to create controller droplets, worker droplets, DNS records, tags, and TLS assets. @@ -81,7 +81,7 @@ Define a Kubernetes cluster using the module `digital-ocean/flatcar-linux/kubern ```tf module "nemo" { - source = "git::https://github.com/poseidon/typhoon//digital-ocean/flatcar-linux/kubernetes?ref=v1.29.3" + source = "git::https://github.com/poseidon/typhoon//digital-ocean/flatcar-linux/kubernetes?ref=v1.30.0" # Digital Ocean cluster_name = "nemo" @@ -155,9 +155,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/nemo-config $ kubectl get nodes NAME STATUS ROLES AGE VERSION -10.132.110.130 Ready 10m v1.29.3 -10.132.115.81 Ready 10m v1.29.3 -10.132.124.107 Ready 10m v1.29.3 +10.132.110.130 Ready 10m v1.30.0 +10.132.115.81 Ready 10m v1.30.0 +10.132.124.107 Ready 10m v1.30.0 ``` List the pods. diff --git a/docs/flatcar-linux/google-cloud.md b/docs/flatcar-linux/google-cloud.md index 11c18901..6b145c31 100644 --- a/docs/flatcar-linux/google-cloud.md +++ b/docs/flatcar-linux/google-cloud.md @@ -1,6 +1,6 @@ # Google Cloud -In this tutorial, we'll create a Kubernetes v1.29.3 cluster on Google Compute Engine with Flatcar Linux. +In this tutorial, we'll create a Kubernetes v1.30.0 cluster on Google Compute Engine with Flatcar Linux. We'll declare a Kubernetes cluster using the Typhoon Terraform module. Then apply the changes to create a network, firewall rules, health checks, controller instances, worker managed instance group, load balancers, and TLS assets. @@ -73,7 +73,7 @@ Define a Kubernetes cluster using the module `google-cloud/flatcar-linux/kuberne ```tf module "yavin" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/flatcar-linux/kubernetes?ref=v1.29.3" + source = "git::https://github.com/poseidon/typhoon//google-cloud/flatcar-linux/kubernetes?ref=v1.30.0" # Google Cloud cluster_name = "yavin" @@ -147,9 +147,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/yavin-config $ kubectl get nodes NAME ROLES STATUS AGE VERSION -yavin-controller-0.c.example-com.internal Ready 6m v1.29.3 -yavin-worker-jrbf.c.example-com.internal Ready 5m v1.29.3 -yavin-worker-mzdm.c.example-com.internal Ready 5m v1.29.3 +yavin-controller-0.c.example-com.internal Ready 6m v1.30.0 +yavin-worker-jrbf.c.example-com.internal Ready 5m v1.30.0 +yavin-worker-mzdm.c.example-com.internal Ready 5m v1.30.0 ``` List the pods. diff --git a/docs/index.md b/docs/index.md index 0e518208..fddcdea1 100644 --- a/docs/index.md +++ b/docs/index.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.29.3 (upstream) +* Kubernetes v1.30.0 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/), SELinux enforcing * Advanced features like [worker pools](advanced/worker-pools/), [preemptible](fedora-coreos/google-cloud/#preemption) workers, and [snippets](advanced/customization/#hosts) customization @@ -62,7 +62,7 @@ Define a Kubernetes cluster by using the Terraform module for your chosen platfo ```tf module "yavin" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.29.3" + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.30.0" # Google Cloud cluster_name = "yavin" @@ -100,9 +100,9 @@ In 4-8 minutes (varies by platform), the cluster will be ready. This Google Clou $ export KUBECONFIG=/home/user/.kube/configs/yavin-config $ kubectl get nodes NAME ROLES STATUS AGE VERSION -yavin-controller-0.c.example-com.internal Ready 6m v1.29.3 -yavin-worker-jrbf.c.example-com.internal Ready 5m v1.29.3 -yavin-worker-mzdm.c.example-com.internal Ready 5m v1.29.3 +yavin-controller-0.c.example-com.internal Ready 6m v1.30.0 +yavin-worker-jrbf.c.example-com.internal Ready 5m v1.30.0 +yavin-worker-mzdm.c.example-com.internal Ready 5m v1.30.0 ``` List the pods. diff --git a/docs/topics/maintenance.md b/docs/topics/maintenance.md index caa424a8..0cef7640 100644 --- a/docs/topics/maintenance.md +++ b/docs/topics/maintenance.md @@ -13,12 +13,12 @@ Typhoon provides tagged releases to allow clusters to be versioned using ordinar ``` module "yavin" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.29.3" + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.30.0" ... } module "mercury" { - source = "git::https://github.com/poseidon/typhoon//bare-metal/flatcar-linux/kubernetes?ref=v1.29.3" + source = "git::https://github.com/poseidon/typhoon//bare-metal/flatcar-linux/kubernetes?ref=v1.30.0" ... } ``` @@ -192,7 +192,7 @@ Applying edits to most worker fields will start an instance refresh: However, changing `os_stream`/`os_channel` or new AMIs becoming available will NOT change the launch configuration or trigger an Instance Refresh. This allows Fedora CoreOS or Flatcar Linux to auto-update themselves via reboots and avoids unexpected terraform diffs for new AMIs. !!! note - Before Typhoon v1.29.3, worker nodes only used new launch configurations when replaced manually (or due to failure). If you must change node configuration manually, it's still possible. Create a new [worker pool](../advanced/worker-pools.md), then scale down the old worker pool as desired. + Before Typhoon v1.30.0, worker nodes only used new launch configurations when replaced manually (or due to failure). If you must change node configuration manually, it's still possible. Create a new [worker pool](../advanced/worker-pools.md), then scale down the old worker pool as desired. ### Google Cloud @@ -233,7 +233,7 @@ Applying edits to most worker fields will start an instance refresh: However, changing `os_stream`/`os_channel` or new compute images becoming available will NOT change the launch template or update instances. This allows Fedora CoreOS or Flatcar Linux to auto-update themselves via reboots and avoids unexpected terraform diffs for new AMIs. !!! note - Before Typhoon v1.29.3, worker nodes only used new launch templates when replaced manually (or due to failure). If you must change node configuration manually, it's still possible. Create a new [worker pool](../advanced/worker-pools.md), then scale down the old worker pool as desired. + Before Typhoon v1.30.0, worker nodes only used new launch templates when replaced manually (or due to failure). If you must change node configuration manually, it's still possible. Create a new [worker pool](../advanced/worker-pools.md), then scale down the old worker pool as desired. ## Upgrade poseidon/ct diff --git a/google-cloud/fedora-coreos/kubernetes/README.md b/google-cloud/fedora-coreos/kubernetes/README.md index 3d48b716..c933983b 100644 --- a/google-cloud/fedora-coreos/kubernetes/README.md +++ b/google-cloud/fedora-coreos/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.29.3 (upstream) +* Kubernetes v1.30.0 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/), SELinux enforcing * Advanced features like [worker pools](https://typhoon.psdn.io/advanced/worker-pools/), [preemptible](https://typhoon.psdn.io/fedora-coreos/google-cloud/#preemption) workers, and [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/google-cloud/fedora-coreos/kubernetes/bootstrap.tf b/google-cloud/fedora-coreos/kubernetes/bootstrap.tf index 95b5d668..26568e7a 100644 --- a/google-cloud/fedora-coreos/kubernetes/bootstrap.tf +++ b/google-cloud/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=959b9ea04d8d3229739488e401051c6922da950b" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=d233e90754e68d258a60abf1087e11377bdc1e4b" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/google-cloud/fedora-coreos/kubernetes/butane/controller.yaml b/google-cloud/fedora-coreos/kubernetes/butane/controller.yaml index 967196ae..580b2189 100644 --- a/google-cloud/fedora-coreos/kubernetes/butane/controller.yaml +++ b/google-cloud/fedora-coreos/kubernetes/butane/controller.yaml @@ -54,7 +54,7 @@ systemd: Description=Kubelet (System Container) Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.3 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.0 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin @@ -111,7 +111,7 @@ systemd: --volume /opt/bootstrap/assets:/assets:ro,Z \ --volume /opt/bootstrap/apply:/apply:ro,Z \ --entrypoint=/apply \ - quay.io/poseidon/kubelet:v1.29.3 + quay.io/poseidon/kubelet:v1.30.0 ExecStartPost=/bin/touch /opt/bootstrap/bootstrap.done ExecStartPost=-/usr/bin/podman stop bootstrap storage: diff --git a/google-cloud/fedora-coreos/kubernetes/workers/butane/worker.yaml b/google-cloud/fedora-coreos/kubernetes/workers/butane/worker.yaml index a9306055..8a49b432 100644 --- a/google-cloud/fedora-coreos/kubernetes/workers/butane/worker.yaml +++ b/google-cloud/fedora-coreos/kubernetes/workers/butane/worker.yaml @@ -26,7 +26,7 @@ systemd: Description=Kubelet (System Container) Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.3 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.0 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin diff --git a/google-cloud/flatcar-linux/kubernetes/README.md b/google-cloud/flatcar-linux/kubernetes/README.md index 641e0aab..0123348f 100644 --- a/google-cloud/flatcar-linux/kubernetes/README.md +++ b/google-cloud/flatcar-linux/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.29.3 (upstream) +* Kubernetes v1.30.0 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/) * Advanced features like [worker pools](https://typhoon.psdn.io/advanced/worker-pools/), [preemptible](https://typhoon.psdn.io/flatcar-linux/google-cloud/#preemption) workers, and [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/google-cloud/flatcar-linux/kubernetes/bootstrap.tf b/google-cloud/flatcar-linux/kubernetes/bootstrap.tf index 95b5d668..26568e7a 100644 --- a/google-cloud/flatcar-linux/kubernetes/bootstrap.tf +++ b/google-cloud/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=959b9ea04d8d3229739488e401051c6922da950b" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=d233e90754e68d258a60abf1087e11377bdc1e4b" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/google-cloud/flatcar-linux/kubernetes/butane/controller.yaml b/google-cloud/flatcar-linux/kubernetes/butane/controller.yaml index 56e134cd..0c1684df 100644 --- a/google-cloud/flatcar-linux/kubernetes/butane/controller.yaml +++ b/google-cloud/flatcar-linux/kubernetes/butane/controller.yaml @@ -56,7 +56,7 @@ systemd: After=docker.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.3 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.0 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin @@ -105,7 +105,7 @@ systemd: Type=oneshot RemainAfterExit=true WorkingDirectory=/opt/bootstrap - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.3 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.0 ExecStart=/usr/bin/docker run \ -v /etc/kubernetes/pki:/etc/kubernetes/pki:ro \ -v /opt/bootstrap/assets:/assets:ro \ diff --git a/google-cloud/flatcar-linux/kubernetes/workers/butane/worker.yaml b/google-cloud/flatcar-linux/kubernetes/workers/butane/worker.yaml index 8f7d4333..3ecbb79a 100644 --- a/google-cloud/flatcar-linux/kubernetes/workers/butane/worker.yaml +++ b/google-cloud/flatcar-linux/kubernetes/workers/butane/worker.yaml @@ -28,7 +28,7 @@ systemd: After=docker.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.29.3 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.0 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin From 7d8c0631cd47e6fc8316f3f315afcdfde2a2707c Mon Sep 17 00:00:00 2001 From: Dalton Hubble Date: Thu, 25 Apr 2024 21:47:51 -0700 Subject: [PATCH 039/132] Update mkdocs and mkdocs-material together * There was a bit of discussion upstream about the pinning but that is resolved https://github.com/squidfunk/mkdocs-material/issues/7076 --- requirements.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/requirements.txt b/requirements.txt index 36b4cb65..496be1b0 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,4 +1,4 @@ -mkdocs==1.5.3 -mkdocs-material==9.5.18 +mkdocs==1.6.0 +mkdocs-material==9.5.19 pygments==2.17.2 pymdown-extensions==10.8 From 9e9362154d5571842aaff586eea918fccd24f02f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 29 Apr 2024 17:38:50 +0000 Subject: [PATCH 040/132] Bump pymdown-extensions from 10.8 to 10.8.1 Bumps [pymdown-extensions](https://github.com/facelessuser/pymdown-extensions) from 10.8 to 10.8.1. - [Release notes](https://github.com/facelessuser/pymdown-extensions/releases) - [Commits](https://github.com/facelessuser/pymdown-extensions/compare/10.8...10.8.1) --- updated-dependencies: - dependency-name: pymdown-extensions dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 496be1b0..059f2978 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,4 +1,4 @@ mkdocs==1.6.0 mkdocs-material==9.5.19 pygments==2.17.2 -pymdown-extensions==10.8 +pymdown-extensions==10.8.1 From 15608fa6aefe58a06e78442b6234b243a7c6f687 Mon Sep 17 00:00:00 2001 From: "dghubble-renovate[bot]" <119624128+dghubble-renovate[bot]@users.noreply.github.com> Date: Sat, 4 May 2024 15:38:02 +0000 Subject: [PATCH 041/132] Bump mkdocs-material from 9.5.19 to v9.5.21 --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 059f2978..6b04cdca 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,4 +1,4 @@ mkdocs==1.6.0 -mkdocs-material==9.5.19 +mkdocs-material==9.5.21 pygments==2.17.2 pymdown-extensions==10.8.1 From ed0fa5c9a9efad692940677d27e4ae86ebb32352 Mon Sep 17 00:00:00 2001 From: "dghubble-renovate[bot]" <119624128+dghubble-renovate[bot]@users.noreply.github.com> Date: Sat, 4 May 2024 15:46:49 +0000 Subject: [PATCH 042/132] Bump pygments from 2.17.2 to v2.18.0 --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 6b04cdca..fa895925 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,4 +1,4 @@ mkdocs==1.6.0 mkdocs-material==9.5.21 -pygments==2.17.2 +pygments==2.18.0 pymdown-extensions==10.8.1 From e8a42ae33e688ddac4ba1fc2d9920c57238b6178 Mon Sep 17 00:00:00 2001 From: "dghubble-renovate[bot]" <119624128+dghubble-renovate[bot]@users.noreply.github.com> Date: Sat, 4 May 2024 15:38:06 +0000 Subject: [PATCH 043/132] Bump provider ct to v0.13.0 --- aws/flatcar-linux/kubernetes/versions.tf | 2 +- aws/flatcar-linux/kubernetes/workers/versions.tf | 2 +- azure/flatcar-linux/kubernetes/versions.tf | 2 +- azure/flatcar-linux/kubernetes/workers/versions.tf | 2 +- bare-metal/flatcar-linux/kubernetes/versions.tf | 2 +- bare-metal/flatcar-linux/kubernetes/worker/versions.tf | 2 +- digital-ocean/fedora-coreos/kubernetes/versions.tf | 2 +- digital-ocean/flatcar-linux/kubernetes/versions.tf | 2 +- google-cloud/flatcar-linux/kubernetes/versions.tf | 2 +- google-cloud/flatcar-linux/kubernetes/workers/versions.tf | 2 +- 10 files changed, 10 insertions(+), 10 deletions(-) diff --git a/aws/flatcar-linux/kubernetes/versions.tf b/aws/flatcar-linux/kubernetes/versions.tf index 5eaa340c..f9f11f4b 100644 --- a/aws/flatcar-linux/kubernetes/versions.tf +++ b/aws/flatcar-linux/kubernetes/versions.tf @@ -7,7 +7,7 @@ terraform { null = ">= 2.1" ct = { source = "poseidon/ct" - version = "~> 0.11" + version = "~> 0.13" } } } diff --git a/aws/flatcar-linux/kubernetes/workers/versions.tf b/aws/flatcar-linux/kubernetes/workers/versions.tf index 4d442fc3..256e9c63 100644 --- a/aws/flatcar-linux/kubernetes/workers/versions.tf +++ b/aws/flatcar-linux/kubernetes/workers/versions.tf @@ -6,7 +6,7 @@ terraform { aws = ">= 2.23, <= 6.0" ct = { source = "poseidon/ct" - version = "~> 0.11" + version = "~> 0.13" } } } diff --git a/azure/flatcar-linux/kubernetes/versions.tf b/azure/flatcar-linux/kubernetes/versions.tf index 04b3ca6c..2cc5ec75 100644 --- a/azure/flatcar-linux/kubernetes/versions.tf +++ b/azure/flatcar-linux/kubernetes/versions.tf @@ -7,7 +7,7 @@ terraform { null = ">= 2.1" ct = { source = "poseidon/ct" - version = "~> 0.11" + version = "~> 0.13" } } } diff --git a/azure/flatcar-linux/kubernetes/workers/versions.tf b/azure/flatcar-linux/kubernetes/workers/versions.tf index 3f82d350..4ca84265 100644 --- a/azure/flatcar-linux/kubernetes/workers/versions.tf +++ b/azure/flatcar-linux/kubernetes/workers/versions.tf @@ -6,7 +6,7 @@ terraform { azurerm = ">= 2.8, < 4.0" ct = { source = "poseidon/ct" - version = "~> 0.11" + version = "~> 0.13" } } } diff --git a/bare-metal/flatcar-linux/kubernetes/versions.tf b/bare-metal/flatcar-linux/kubernetes/versions.tf index 1d149448..881c372e 100644 --- a/bare-metal/flatcar-linux/kubernetes/versions.tf +++ b/bare-metal/flatcar-linux/kubernetes/versions.tf @@ -6,7 +6,7 @@ terraform { null = ">= 2.1" ct = { source = "poseidon/ct" - version = "~> 0.9" + version = "~> 0.13" } matchbox = { source = "poseidon/matchbox" diff --git a/bare-metal/flatcar-linux/kubernetes/worker/versions.tf b/bare-metal/flatcar-linux/kubernetes/worker/versions.tf index 4ab5a11e..9471abf7 100644 --- a/bare-metal/flatcar-linux/kubernetes/worker/versions.tf +++ b/bare-metal/flatcar-linux/kubernetes/worker/versions.tf @@ -6,7 +6,7 @@ terraform { null = ">= 2.1" ct = { source = "poseidon/ct" - version = "~> 0.9" + version = "~> 0.13" } matchbox = { source = "poseidon/matchbox" diff --git a/digital-ocean/fedora-coreos/kubernetes/versions.tf b/digital-ocean/fedora-coreos/kubernetes/versions.tf index 0e6823f5..4860c07c 100644 --- a/digital-ocean/fedora-coreos/kubernetes/versions.tf +++ b/digital-ocean/fedora-coreos/kubernetes/versions.tf @@ -6,7 +6,7 @@ terraform { null = ">= 2.1" ct = { source = "poseidon/ct" - version = "~> 0.9" + version = "~> 0.13" } digitalocean = { source = "digitalocean/digitalocean" diff --git a/digital-ocean/flatcar-linux/kubernetes/versions.tf b/digital-ocean/flatcar-linux/kubernetes/versions.tf index 3c8aa2fd..4860c07c 100644 --- a/digital-ocean/flatcar-linux/kubernetes/versions.tf +++ b/digital-ocean/flatcar-linux/kubernetes/versions.tf @@ -6,7 +6,7 @@ terraform { null = ">= 2.1" ct = { source = "poseidon/ct" - version = "~> 0.11" + version = "~> 0.13" } digitalocean = { source = "digitalocean/digitalocean" diff --git a/google-cloud/flatcar-linux/kubernetes/versions.tf b/google-cloud/flatcar-linux/kubernetes/versions.tf index 23cec3aa..4c0366e0 100644 --- a/google-cloud/flatcar-linux/kubernetes/versions.tf +++ b/google-cloud/flatcar-linux/kubernetes/versions.tf @@ -7,7 +7,7 @@ terraform { null = ">= 2.1" ct = { source = "poseidon/ct" - version = "~> 0.11" + version = "~> 0.13" } } } diff --git a/google-cloud/flatcar-linux/kubernetes/workers/versions.tf b/google-cloud/flatcar-linux/kubernetes/workers/versions.tf index 894b24b6..7524cee7 100644 --- a/google-cloud/flatcar-linux/kubernetes/workers/versions.tf +++ b/google-cloud/flatcar-linux/kubernetes/workers/versions.tf @@ -6,7 +6,7 @@ terraform { google = ">= 2.19" ct = { source = "poseidon/ct" - version = "~> 0.11" + version = "~> 0.13" } } } From 78d5100181fc55c3b920c1ce077ccd932bd6e169 Mon Sep 17 00:00:00 2001 From: Dalton Hubble Date: Sun, 12 May 2024 08:24:38 -0700 Subject: [PATCH 044/132] Update Cilium and flannel container images * Update Cilium from v1.15.3 to v1.25.4 * Update flannel from v0.24.4 to v0.25.1 --- CHANGES.md | 3 +++ aws/fedora-coreos/kubernetes/bootstrap.tf | 2 +- aws/flatcar-linux/kubernetes/bootstrap.tf | 2 +- azure/fedora-coreos/kubernetes/bootstrap.tf | 2 +- azure/flatcar-linux/kubernetes/bootstrap.tf | 2 +- bare-metal/fedora-coreos/kubernetes/bootstrap.tf | 2 +- bare-metal/flatcar-linux/kubernetes/bootstrap.tf | 2 +- digital-ocean/fedora-coreos/kubernetes/bootstrap.tf | 2 +- digital-ocean/flatcar-linux/kubernetes/bootstrap.tf | 2 +- google-cloud/fedora-coreos/kubernetes/bootstrap.tf | 2 +- google-cloud/flatcar-linux/kubernetes/bootstrap.tf | 2 +- 11 files changed, 13 insertions(+), 10 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index 6e607821..fb82ee83 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -4,6 +4,9 @@ Notable changes between versions. ## Latest +* Update Cilium from v1.15.3 to [v1.15.4](https://github.com/cilium/cilium/releases/tag/v1.15.4) +* Update flannel from v0.24.4 to [v0.25.1](https://github.com/flannel-io/flannel/releases/tag/v0.25.1) + ## v1.30.0 * Kubernetes [v1.30.0](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.30.md#v1300) diff --git a/aws/fedora-coreos/kubernetes/bootstrap.tf b/aws/fedora-coreos/kubernetes/bootstrap.tf index f5005e67..543092cd 100644 --- a/aws/fedora-coreos/kubernetes/bootstrap.tf +++ b/aws/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=d233e90754e68d258a60abf1087e11377bdc1e4b" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=baf406f2616f9536af2e09d969c8b6a87dc3ed17" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/aws/flatcar-linux/kubernetes/bootstrap.tf b/aws/flatcar-linux/kubernetes/bootstrap.tf index f5005e67..543092cd 100644 --- a/aws/flatcar-linux/kubernetes/bootstrap.tf +++ b/aws/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=d233e90754e68d258a60abf1087e11377bdc1e4b" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=baf406f2616f9536af2e09d969c8b6a87dc3ed17" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/azure/fedora-coreos/kubernetes/bootstrap.tf b/azure/fedora-coreos/kubernetes/bootstrap.tf index 60eee7aa..678c2a28 100644 --- a/azure/fedora-coreos/kubernetes/bootstrap.tf +++ b/azure/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=d233e90754e68d258a60abf1087e11377bdc1e4b" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=baf406f2616f9536af2e09d969c8b6a87dc3ed17" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/azure/flatcar-linux/kubernetes/bootstrap.tf b/azure/flatcar-linux/kubernetes/bootstrap.tf index 60eee7aa..678c2a28 100644 --- a/azure/flatcar-linux/kubernetes/bootstrap.tf +++ b/azure/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=d233e90754e68d258a60abf1087e11377bdc1e4b" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=baf406f2616f9536af2e09d969c8b6a87dc3ed17" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/bare-metal/fedora-coreos/kubernetes/bootstrap.tf b/bare-metal/fedora-coreos/kubernetes/bootstrap.tf index 9a37b9a2..caba82a3 100644 --- a/bare-metal/fedora-coreos/kubernetes/bootstrap.tf +++ b/bare-metal/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=d233e90754e68d258a60abf1087e11377bdc1e4b" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=baf406f2616f9536af2e09d969c8b6a87dc3ed17" cluster_name = var.cluster_name api_servers = [var.k8s_domain_name] diff --git a/bare-metal/flatcar-linux/kubernetes/bootstrap.tf b/bare-metal/flatcar-linux/kubernetes/bootstrap.tf index 0c90a9d2..4288812d 100644 --- a/bare-metal/flatcar-linux/kubernetes/bootstrap.tf +++ b/bare-metal/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=d233e90754e68d258a60abf1087e11377bdc1e4b" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=baf406f2616f9536af2e09d969c8b6a87dc3ed17" cluster_name = var.cluster_name api_servers = [var.k8s_domain_name] diff --git a/digital-ocean/fedora-coreos/kubernetes/bootstrap.tf b/digital-ocean/fedora-coreos/kubernetes/bootstrap.tf index 9a8b66d5..71d8aaed 100644 --- a/digital-ocean/fedora-coreos/kubernetes/bootstrap.tf +++ b/digital-ocean/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=d233e90754e68d258a60abf1087e11377bdc1e4b" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=baf406f2616f9536af2e09d969c8b6a87dc3ed17" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/digital-ocean/flatcar-linux/kubernetes/bootstrap.tf b/digital-ocean/flatcar-linux/kubernetes/bootstrap.tf index 9a8b66d5..71d8aaed 100644 --- a/digital-ocean/flatcar-linux/kubernetes/bootstrap.tf +++ b/digital-ocean/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=d233e90754e68d258a60abf1087e11377bdc1e4b" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=baf406f2616f9536af2e09d969c8b6a87dc3ed17" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/google-cloud/fedora-coreos/kubernetes/bootstrap.tf b/google-cloud/fedora-coreos/kubernetes/bootstrap.tf index 26568e7a..ca7b6d8c 100644 --- a/google-cloud/fedora-coreos/kubernetes/bootstrap.tf +++ b/google-cloud/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=d233e90754e68d258a60abf1087e11377bdc1e4b" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=baf406f2616f9536af2e09d969c8b6a87dc3ed17" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/google-cloud/flatcar-linux/kubernetes/bootstrap.tf b/google-cloud/flatcar-linux/kubernetes/bootstrap.tf index 26568e7a..ca7b6d8c 100644 --- a/google-cloud/flatcar-linux/kubernetes/bootstrap.tf +++ b/google-cloud/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=d233e90754e68d258a60abf1087e11377bdc1e4b" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=baf406f2616f9536af2e09d969c8b6a87dc3ed17" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] From d08cd317d9968516ea22b9e63c30f23cad5c9a61 Mon Sep 17 00:00:00 2001 From: Dalton Hubble Date: Sun, 12 May 2024 21:03:40 -0700 Subject: [PATCH 045/132] Allow CoreDNS and kube-proxy to be optional components * Allow for more minimal base cluster setups, that manage CoreDNS or kube-proxy as applications, with rolling updates, or deploy systems. Or in the case of kube-proxy, its becoming more common to not install it and instead use Cilium * Add a `components` pass-through variable to configure pre-installed components like kube-proxy and CoreDNS. These components can be disabled (individually or together) to allow for managing components with separate plan/apply processes or automations * terraform-render-bootstrap manifest assets are now structured as manifests/{coredns,kube-proxy,network} so adapt the controller layout scripts accordingly * This is similar to some changes in v1.29.2 that allowed for the container networking provider manifests to be skipped Related: https://github.com/poseidon/typhoon/pull/1419, https://github.com/poseidon/typhoon/pull/1421 --- CHANGES.md | 2 +- aws/fedora-coreos/kubernetes/bootstrap.tf | 3 ++- aws/fedora-coreos/kubernetes/butane/controller.yaml | 5 ++--- aws/fedora-coreos/kubernetes/variables.tf | 13 +++++++++++++ aws/flatcar-linux/kubernetes/bootstrap.tf | 3 ++- aws/flatcar-linux/kubernetes/butane/controller.yaml | 5 ++--- aws/flatcar-linux/kubernetes/variables.tf | 13 +++++++++++++ azure/fedora-coreos/kubernetes/bootstrap.tf | 3 ++- .../fedora-coreos/kubernetes/butane/controller.yaml | 5 ++--- azure/fedora-coreos/kubernetes/variables.tf | 13 +++++++++++++ azure/flatcar-linux/kubernetes/bootstrap.tf | 3 ++- .../flatcar-linux/kubernetes/butane/controller.yaml | 5 ++--- azure/flatcar-linux/kubernetes/variables.tf | 13 +++++++++++++ bare-metal/fedora-coreos/kubernetes/bootstrap.tf | 3 ++- .../fedora-coreos/kubernetes/butane/controller.yaml | 5 ++--- bare-metal/fedora-coreos/kubernetes/variables.tf | 12 ++++++++++++ bare-metal/flatcar-linux/kubernetes/bootstrap.tf | 3 ++- .../flatcar-linux/kubernetes/butane/controller.yaml | 5 ++--- bare-metal/flatcar-linux/kubernetes/variables.tf | 12 ++++++++++++ digital-ocean/fedora-coreos/kubernetes/bootstrap.tf | 3 ++- .../fedora-coreos/kubernetes/butane/controller.yaml | 5 ++--- digital-ocean/fedora-coreos/kubernetes/variables.tf | 12 ++++++++++++ digital-ocean/flatcar-linux/kubernetes/bootstrap.tf | 3 ++- .../flatcar-linux/kubernetes/butane/controller.yaml | 5 ++--- digital-ocean/flatcar-linux/kubernetes/variables.tf | 12 ++++++++++++ google-cloud/fedora-coreos/kubernetes/bootstrap.tf | 3 ++- .../fedora-coreos/kubernetes/butane/controller.yaml | 5 ++--- .../fedora-coreos/kubernetes/controllers.tf | 4 ++-- google-cloud/fedora-coreos/kubernetes/variables.tf | 13 +++++++++++++ google-cloud/flatcar-linux/kubernetes/bootstrap.tf | 3 ++- .../flatcar-linux/kubernetes/butane/controller.yaml | 5 ++--- .../flatcar-linux/kubernetes/controllers.tf | 4 ++-- google-cloud/flatcar-linux/kubernetes/variables.tf | 13 +++++++++++++ 33 files changed, 171 insertions(+), 45 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index fb82ee83..6e886e5f 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -28,7 +28,7 @@ Notable changes between versions. * Update Calico from v3.26.3 to [v3.27.2](https://github.com/projectcalico/calico/releases/tag/v3.27.2) * Fix upstream incompatibility with Fedora CoreOS ([calico#8372](https://github.com/projectcalico/calico/issues/8372)) * Update flannel from v0.22.2 to [v0.24.2](https://github.com/flannel-io/flannel/releases/tag/v0.24.2) -* Add an `install_container_networking` variable (default `true`) +* Add an `install_container_networking` variable (default `true`) ([#1421](https://github.com/poseidon/typhoon/pull/1421)) * When `true`, the chosen container `networking` provider is installed during cluster bootstrap * Set `false` to self-manage the container networking provider. This allows flannel, Calico, or Cilium to be managed via Terraform (like any other Kubernetes resources). Nodes will be NotReady until you diff --git a/aws/fedora-coreos/kubernetes/bootstrap.tf b/aws/fedora-coreos/kubernetes/bootstrap.tf index 543092cd..26513431 100644 --- a/aws/fedora-coreos/kubernetes/bootstrap.tf +++ b/aws/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=baf406f2616f9536af2e09d969c8b6a87dc3ed17" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=990286021a37985dcf079d4615e1deaa15575e17" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] @@ -13,5 +13,6 @@ module "bootstrap" { enable_reporting = var.enable_reporting enable_aggregation = var.enable_aggregation daemonset_tolerations = var.daemonset_tolerations + components = var.components } diff --git a/aws/fedora-coreos/kubernetes/butane/controller.yaml b/aws/fedora-coreos/kubernetes/butane/controller.yaml index 35aed20b..0aed2cf7 100644 --- a/aws/fedora-coreos/kubernetes/butane/controller.yaml +++ b/aws/fedora-coreos/kubernetes/butane/controller.yaml @@ -163,7 +163,7 @@ storage: contents: inline: | #!/bin/bash -e - mkdir -p -- auth tls/etcd tls/k8s static-manifests manifests/coredns manifests-networking + mkdir -p -- auth tls/{etcd,k8s} static-manifests manifests/{coredns,kube-proxy,network} awk '/#####/ {filename=$2; next} {print > filename}' assets mkdir -p /etc/ssl/etcd/etcd mkdir -p /etc/kubernetes/pki @@ -177,8 +177,7 @@ storage: mv static-manifests/* /etc/kubernetes/manifests/ mkdir -p /opt/bootstrap/assets mv manifests /opt/bootstrap/assets/manifests - mv manifests-networking/* /opt/bootstrap/assets/manifests/ 2>/dev/null || true - rm -rf assets auth static-manifests tls manifests manifests-networking + rm -rf assets auth static-manifests tls manifests chcon -R -u system_u -t container_file_t /etc/kubernetes/pki - path: /opt/bootstrap/apply mode: 0544 diff --git a/aws/fedora-coreos/kubernetes/variables.tf b/aws/fedora-coreos/kubernetes/variables.tf index 52f6bd46..edb4e670 100644 --- a/aws/fedora-coreos/kubernetes/variables.tf +++ b/aws/fedora-coreos/kubernetes/variables.tf @@ -182,3 +182,16 @@ variable "daemonset_tolerations" { description = "List of additional taint keys kube-system DaemonSets should tolerate (e.g. ['custom-role', 'gpu-role'])" default = [] } + +variable "components" { + description = "Configure pre-installed cluster components" + # Component configs are passed through to terraform-render-bootstrap, + # which handles type enforcement and defines defaults + # https://github.com/poseidon/terraform-render-bootstrap/blob/main/variables.tf#L95 + type = object({ + enable = optional(bool) + coredns = optional(map(any)) + kube_proxy = optional(map(any)) + }) + default = null +} diff --git a/aws/flatcar-linux/kubernetes/bootstrap.tf b/aws/flatcar-linux/kubernetes/bootstrap.tf index 543092cd..26513431 100644 --- a/aws/flatcar-linux/kubernetes/bootstrap.tf +++ b/aws/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=baf406f2616f9536af2e09d969c8b6a87dc3ed17" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=990286021a37985dcf079d4615e1deaa15575e17" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] @@ -13,5 +13,6 @@ module "bootstrap" { enable_reporting = var.enable_reporting enable_aggregation = var.enable_aggregation daemonset_tolerations = var.daemonset_tolerations + components = var.components } diff --git a/aws/flatcar-linux/kubernetes/butane/controller.yaml b/aws/flatcar-linux/kubernetes/butane/controller.yaml index f5d288b1..189f99b6 100644 --- a/aws/flatcar-linux/kubernetes/butane/controller.yaml +++ b/aws/flatcar-linux/kubernetes/butane/controller.yaml @@ -162,7 +162,7 @@ storage: contents: inline: | #!/bin/bash -e - mkdir -p -- auth tls/etcd tls/k8s static-manifests manifests/coredns manifests-networking + mkdir -p -- auth tls/{etcd,k8s} static-manifests manifests/{coredns,kube-proxy,network} awk '/#####/ {filename=$2; next} {print > filename}' assets mkdir -p /etc/ssl/etcd/etcd mkdir -p /etc/kubernetes/pki @@ -177,8 +177,7 @@ storage: mv static-manifests/* /etc/kubernetes/manifests/ mkdir -p /opt/bootstrap/assets mv manifests /opt/bootstrap/assets/manifests - mv manifests-networking/* /opt/bootstrap/assets/manifests/ 2>/dev/null || true - rm -rf assets auth static-manifests tls manifests manifests-networking + rm -rf assets auth static-manifests tls manifests - path: /opt/bootstrap/apply mode: 0544 contents: diff --git a/aws/flatcar-linux/kubernetes/variables.tf b/aws/flatcar-linux/kubernetes/variables.tf index 25839dd6..a6203df0 100644 --- a/aws/flatcar-linux/kubernetes/variables.tf +++ b/aws/flatcar-linux/kubernetes/variables.tf @@ -182,3 +182,16 @@ variable "daemonset_tolerations" { description = "List of additional taint keys kube-system DaemonSets should tolerate (e.g. ['custom-role', 'gpu-role'])" default = [] } + +variable "components" { + description = "Configure pre-installed cluster components" + # Component configs are passed through to terraform-render-bootstrap, + # which handles type enforcement and defines defaults + # https://github.com/poseidon/terraform-render-bootstrap/blob/main/variables.tf#L95 + type = object({ + enable = optional(bool) + coredns = optional(map(any)) + kube_proxy = optional(map(any)) + }) + default = null +} diff --git a/azure/fedora-coreos/kubernetes/bootstrap.tf b/azure/fedora-coreos/kubernetes/bootstrap.tf index 678c2a28..0c5e76f9 100644 --- a/azure/fedora-coreos/kubernetes/bootstrap.tf +++ b/azure/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=baf406f2616f9536af2e09d969c8b6a87dc3ed17" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=990286021a37985dcf079d4615e1deaa15575e17" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] @@ -18,5 +18,6 @@ module "bootstrap" { enable_reporting = var.enable_reporting enable_aggregation = var.enable_aggregation daemonset_tolerations = var.daemonset_tolerations + components = var.components } diff --git a/azure/fedora-coreos/kubernetes/butane/controller.yaml b/azure/fedora-coreos/kubernetes/butane/controller.yaml index fd39c83b..275e8108 100644 --- a/azure/fedora-coreos/kubernetes/butane/controller.yaml +++ b/azure/fedora-coreos/kubernetes/butane/controller.yaml @@ -158,7 +158,7 @@ storage: contents: inline: | #!/bin/bash -e - mkdir -p -- auth tls/etcd tls/k8s static-manifests manifests/coredns manifests-networking + mkdir -p -- auth tls/{etcd,k8s} static-manifests manifests/{coredns,kube-proxy,network} awk '/#####/ {filename=$2; next} {print > filename}' assets mkdir -p /etc/ssl/etcd/etcd mkdir -p /etc/kubernetes/pki @@ -172,8 +172,7 @@ storage: mv static-manifests/* /etc/kubernetes/manifests/ mkdir -p /opt/bootstrap/assets mv manifests /opt/bootstrap/assets/manifests - mv manifests-networking/* /opt/bootstrap/assets/manifests/ 2>/dev/null || true - rm -rf assets auth static-manifests tls manifests-networking manifests + rm -rf assets auth static-manifests tls manifests chcon -R -u system_u -t container_file_t /etc/kubernetes/pki - path: /opt/bootstrap/apply mode: 0544 diff --git a/azure/fedora-coreos/kubernetes/variables.tf b/azure/fedora-coreos/kubernetes/variables.tf index 05e3050b..4f15bfbe 100644 --- a/azure/fedora-coreos/kubernetes/variables.tf +++ b/azure/fedora-coreos/kubernetes/variables.tf @@ -152,3 +152,16 @@ variable "daemonset_tolerations" { description = "List of additional taint keys kube-system DaemonSets should tolerate (e.g. ['custom-role', 'gpu-role'])" default = [] } + +variable "components" { + description = "Configure pre-installed cluster components" + # Component configs are passed through to terraform-render-bootstrap, + # which handles type enforcement and defines defaults + # https://github.com/poseidon/terraform-render-bootstrap/blob/main/variables.tf#L95 + type = object({ + enable = optional(bool) + coredns = optional(map(any)) + kube_proxy = optional(map(any)) + }) + default = null +} diff --git a/azure/flatcar-linux/kubernetes/bootstrap.tf b/azure/flatcar-linux/kubernetes/bootstrap.tf index 678c2a28..0c5e76f9 100644 --- a/azure/flatcar-linux/kubernetes/bootstrap.tf +++ b/azure/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=baf406f2616f9536af2e09d969c8b6a87dc3ed17" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=990286021a37985dcf079d4615e1deaa15575e17" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] @@ -18,5 +18,6 @@ module "bootstrap" { enable_reporting = var.enable_reporting enable_aggregation = var.enable_aggregation daemonset_tolerations = var.daemonset_tolerations + components = var.components } diff --git a/azure/flatcar-linux/kubernetes/butane/controller.yaml b/azure/flatcar-linux/kubernetes/butane/controller.yaml index 575f798c..058b1287 100644 --- a/azure/flatcar-linux/kubernetes/butane/controller.yaml +++ b/azure/flatcar-linux/kubernetes/butane/controller.yaml @@ -158,7 +158,7 @@ storage: contents: inline: | #!/bin/bash -e - mkdir -p -- auth tls/etcd tls/k8s static-manifests manifests/coredns manifests-networking + mkdir -p -- auth tls/{etcd,k8s} static-manifests manifests/{coredns,kube-proxy,network} awk '/#####/ {filename=$2; next} {print > filename}' assets mkdir -p /etc/ssl/etcd/etcd mkdir -p /etc/kubernetes/pki @@ -173,8 +173,7 @@ storage: mv static-manifests/* /etc/kubernetes/manifests/ mkdir -p /opt/bootstrap/assets mv manifests /opt/bootstrap/assets/manifests - mv manifests-networking/* /opt/bootstrap/assets/manifests/ 2>/dev/null || true - rm -rf assets auth static-manifests tls manifests-networking manifests + rm -rf assets auth static-manifests tls manifests - path: /opt/bootstrap/apply mode: 0544 contents: diff --git a/azure/flatcar-linux/kubernetes/variables.tf b/azure/flatcar-linux/kubernetes/variables.tf index e14b871a..38b45917 100644 --- a/azure/flatcar-linux/kubernetes/variables.tf +++ b/azure/flatcar-linux/kubernetes/variables.tf @@ -169,3 +169,16 @@ variable "cluster_domain_suffix" { description = "Queries for domains with the suffix will be answered by coredns. Default is cluster.local (e.g. foo.default.svc.cluster.local) " default = "cluster.local" } + +variable "components" { + description = "Configure pre-installed cluster components" + # Component configs are passed through to terraform-render-bootstrap, + # which handles type enforcement and defines defaults + # https://github.com/poseidon/terraform-render-bootstrap/blob/main/variables.tf#L95 + type = object({ + enable = optional(bool) + coredns = optional(map(any)) + kube_proxy = optional(map(any)) + }) + default = null +} diff --git a/bare-metal/fedora-coreos/kubernetes/bootstrap.tf b/bare-metal/fedora-coreos/kubernetes/bootstrap.tf index caba82a3..98824313 100644 --- a/bare-metal/fedora-coreos/kubernetes/bootstrap.tf +++ b/bare-metal/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=baf406f2616f9536af2e09d969c8b6a87dc3ed17" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=990286021a37985dcf079d4615e1deaa15575e17" cluster_name = var.cluster_name api_servers = [var.k8s_domain_name] @@ -13,6 +13,7 @@ module "bootstrap" { cluster_domain_suffix = var.cluster_domain_suffix enable_reporting = var.enable_reporting enable_aggregation = var.enable_aggregation + components = var.components } diff --git a/bare-metal/fedora-coreos/kubernetes/butane/controller.yaml b/bare-metal/fedora-coreos/kubernetes/butane/controller.yaml index 5e1756f8..220addca 100644 --- a/bare-metal/fedora-coreos/kubernetes/butane/controller.yaml +++ b/bare-metal/fedora-coreos/kubernetes/butane/controller.yaml @@ -168,7 +168,7 @@ storage: contents: inline: | #!/bin/bash -e - mkdir -p -- auth tls/etcd tls/k8s static-manifests manifests/coredns manifests-networking + mkdir -p -- auth tls/{etcd,k8s} static-manifests manifests/{coredns,kube-proxy,network} awk '/#####/ {filename=$2; next} {print > filename}' assets mkdir -p /etc/ssl/etcd/etcd mkdir -p /etc/kubernetes/pki @@ -182,8 +182,7 @@ storage: mv static-manifests/* /etc/kubernetes/manifests/ mkdir -p /opt/bootstrap/assets mv manifests /opt/bootstrap/assets/manifests - mv manifests-networking/* /opt/bootstrap/assets/manifests/ 2>/dev/null || true - rm -rf assets auth static-manifests tls manifests-networking manifests + rm -rf assets auth static-manifests tls manifests chcon -R -u system_u -t container_file_t /etc/kubernetes/pki - path: /opt/bootstrap/apply mode: 0544 diff --git a/bare-metal/fedora-coreos/kubernetes/variables.tf b/bare-metal/fedora-coreos/kubernetes/variables.tf index daee1916..0fbc634e 100644 --- a/bare-metal/fedora-coreos/kubernetes/variables.tf +++ b/bare-metal/fedora-coreos/kubernetes/variables.tf @@ -165,3 +165,15 @@ variable "cluster_domain_suffix" { default = "cluster.local" } +variable "components" { + description = "Configure pre-installed cluster components" + # Component configs are passed through to terraform-render-bootstrap, + # which handles type enforcement and defines defaults + # https://github.com/poseidon/terraform-render-bootstrap/blob/main/variables.tf#L95 + type = object({ + enable = optional(bool) + coredns = optional(map(any)) + kube_proxy = optional(map(any)) + }) + default = null +} diff --git a/bare-metal/flatcar-linux/kubernetes/bootstrap.tf b/bare-metal/flatcar-linux/kubernetes/bootstrap.tf index 4288812d..1e584bdd 100644 --- a/bare-metal/flatcar-linux/kubernetes/bootstrap.tf +++ b/bare-metal/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=baf406f2616f9536af2e09d969c8b6a87dc3ed17" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=990286021a37985dcf079d4615e1deaa15575e17" cluster_name = var.cluster_name api_servers = [var.k8s_domain_name] @@ -13,5 +13,6 @@ module "bootstrap" { cluster_domain_suffix = var.cluster_domain_suffix enable_reporting = var.enable_reporting enable_aggregation = var.enable_aggregation + components = var.components } diff --git a/bare-metal/flatcar-linux/kubernetes/butane/controller.yaml b/bare-metal/flatcar-linux/kubernetes/butane/controller.yaml index e48236ea..a56064d2 100644 --- a/bare-metal/flatcar-linux/kubernetes/butane/controller.yaml +++ b/bare-metal/flatcar-linux/kubernetes/butane/controller.yaml @@ -169,7 +169,7 @@ storage: contents: inline: | #!/bin/bash -e - mkdir -p -- auth tls/etcd tls/k8s static-manifests manifests/coredns manifests-networking + mkdir -p -- auth tls/{etcd,k8s} static-manifests manifests/{coredns,kube-proxy,network} awk '/#####/ {filename=$2; next} {print > filename}' assets mkdir -p /etc/ssl/etcd/etcd mkdir -p /etc/kubernetes/pki @@ -184,8 +184,7 @@ storage: mv static-manifests/* /etc/kubernetes/manifests/ mkdir -p /opt/bootstrap/assets mv manifests /opt/bootstrap/assets/manifests - mv manifests-networking/* /opt/bootstrap/assets/manifests/ 2>/dev/null || true - rm -rf assets auth static-manifests tls manifests-networking manifests + rm -rf assets auth static-manifests tls manifests - path: /opt/bootstrap/apply mode: 0544 contents: diff --git a/bare-metal/flatcar-linux/kubernetes/variables.tf b/bare-metal/flatcar-linux/kubernetes/variables.tf index 422a1a66..8cc1a526 100644 --- a/bare-metal/flatcar-linux/kubernetes/variables.tf +++ b/bare-metal/flatcar-linux/kubernetes/variables.tf @@ -181,3 +181,15 @@ variable "cluster_domain_suffix" { default = "cluster.local" } +variable "components" { + description = "Configure pre-installed cluster components" + # Component configs are passed through to terraform-render-bootstrap, + # which handles type enforcement and defines defaults + # https://github.com/poseidon/terraform-render-bootstrap/blob/main/variables.tf#L95 + type = object({ + enable = optional(bool) + coredns = optional(map(any)) + kube_proxy = optional(map(any)) + }) + default = null +} diff --git a/digital-ocean/fedora-coreos/kubernetes/bootstrap.tf b/digital-ocean/fedora-coreos/kubernetes/bootstrap.tf index 71d8aaed..08f74428 100644 --- a/digital-ocean/fedora-coreos/kubernetes/bootstrap.tf +++ b/digital-ocean/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=baf406f2616f9536af2e09d969c8b6a87dc3ed17" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=990286021a37985dcf079d4615e1deaa15575e17" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] @@ -16,5 +16,6 @@ module "bootstrap" { cluster_domain_suffix = var.cluster_domain_suffix enable_reporting = var.enable_reporting enable_aggregation = var.enable_aggregation + components = var.components } diff --git a/digital-ocean/fedora-coreos/kubernetes/butane/controller.yaml b/digital-ocean/fedora-coreos/kubernetes/butane/controller.yaml index 8197d605..9862de68 100644 --- a/digital-ocean/fedora-coreos/kubernetes/butane/controller.yaml +++ b/digital-ocean/fedora-coreos/kubernetes/butane/controller.yaml @@ -165,7 +165,7 @@ storage: contents: inline: | #!/bin/bash -e - mkdir -p -- auth tls/etcd tls/k8s static-manifests manifests/coredns manifests-networking + mkdir -p -- auth tls/{etcd,k8s} static-manifests manifests/{coredns,kube-proxy,network} awk '/#####/ {filename=$2; next} {print > filename}' assets mkdir -p /etc/ssl/etcd/etcd mkdir -p /etc/kubernetes/pki @@ -179,8 +179,7 @@ storage: mv static-manifests/* /etc/kubernetes/manifests/ mkdir -p /opt/bootstrap/assets mv manifests /opt/bootstrap/assets/manifests - mv manifests-networking/* /opt/bootstrap/assets/manifests/ 2>/dev/null || true - rm -rf assets auth static-manifests tls manifests-networking manifests + rm -rf assets auth static-manifests tls manifests chcon -R -u system_u -t container_file_t /etc/kubernetes/pki - path: /opt/bootstrap/apply mode: 0544 diff --git a/digital-ocean/fedora-coreos/kubernetes/variables.tf b/digital-ocean/fedora-coreos/kubernetes/variables.tf index 4dc67bd2..ccdfb3cd 100644 --- a/digital-ocean/fedora-coreos/kubernetes/variables.tf +++ b/digital-ocean/fedora-coreos/kubernetes/variables.tf @@ -112,3 +112,15 @@ variable "cluster_domain_suffix" { default = "cluster.local" } +variable "components" { + description = "Configure pre-installed cluster components" + # Component configs are passed through to terraform-render-bootstrap, + # which handles type enforcement and defines defaults + # https://github.com/poseidon/terraform-render-bootstrap/blob/main/variables.tf#L95 + type = object({ + enable = optional(bool) + coredns = optional(map(any)) + kube_proxy = optional(map(any)) + }) + default = null +} diff --git a/digital-ocean/flatcar-linux/kubernetes/bootstrap.tf b/digital-ocean/flatcar-linux/kubernetes/bootstrap.tf index 71d8aaed..08f74428 100644 --- a/digital-ocean/flatcar-linux/kubernetes/bootstrap.tf +++ b/digital-ocean/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=baf406f2616f9536af2e09d969c8b6a87dc3ed17" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=990286021a37985dcf079d4615e1deaa15575e17" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] @@ -16,5 +16,6 @@ module "bootstrap" { cluster_domain_suffix = var.cluster_domain_suffix enable_reporting = var.enable_reporting enable_aggregation = var.enable_aggregation + components = var.components } diff --git a/digital-ocean/flatcar-linux/kubernetes/butane/controller.yaml b/digital-ocean/flatcar-linux/kubernetes/butane/controller.yaml index 6013c862..c450d5a4 100644 --- a/digital-ocean/flatcar-linux/kubernetes/butane/controller.yaml +++ b/digital-ocean/flatcar-linux/kubernetes/butane/controller.yaml @@ -167,7 +167,7 @@ storage: contents: inline: | #!/bin/bash -e - mkdir -p -- auth tls/etcd tls/k8s static-manifests manifests/coredns manifests-networking + mkdir -p -- auth tls/{etcd,k8s} static-manifests manifests/{coredns,kube-proxy,network} awk '/#####/ {filename=$2; next} {print > filename}' assets mkdir -p /etc/ssl/etcd/etcd mkdir -p /etc/kubernetes/pki @@ -182,8 +182,7 @@ storage: mv static-manifests/* /etc/kubernetes/manifests/ mkdir -p /opt/bootstrap/assets mv manifests /opt/bootstrap/assets/manifests - mv manifests-networking/* /opt/bootstrap/assets/manifests/ 2>/dev/null || true - rm -rf assets auth static-manifests tls manifests-networking manifests + rm -rf assets auth static-manifests tls manifests - path: /opt/bootstrap/apply mode: 0544 contents: diff --git a/digital-ocean/flatcar-linux/kubernetes/variables.tf b/digital-ocean/flatcar-linux/kubernetes/variables.tf index 3748b69b..96ec7f34 100644 --- a/digital-ocean/flatcar-linux/kubernetes/variables.tf +++ b/digital-ocean/flatcar-linux/kubernetes/variables.tf @@ -112,3 +112,15 @@ variable "cluster_domain_suffix" { default = "cluster.local" } +variable "components" { + description = "Configure pre-installed cluster components" + # Component configs are passed through to terraform-render-bootstrap, + # which handles type enforcement and defines defaults + # https://github.com/poseidon/terraform-render-bootstrap/blob/main/variables.tf#L95 + type = object({ + enable = optional(bool) + coredns = optional(map(any)) + kube_proxy = optional(map(any)) + }) + default = null +} diff --git a/google-cloud/fedora-coreos/kubernetes/bootstrap.tf b/google-cloud/fedora-coreos/kubernetes/bootstrap.tf index ca7b6d8c..1beff93a 100644 --- a/google-cloud/fedora-coreos/kubernetes/bootstrap.tf +++ b/google-cloud/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=baf406f2616f9536af2e09d969c8b6a87dc3ed17" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=990286021a37985dcf079d4615e1deaa15575e17" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] @@ -13,6 +13,7 @@ module "bootstrap" { enable_reporting = var.enable_reporting enable_aggregation = var.enable_aggregation daemonset_tolerations = var.daemonset_tolerations + components = var.components // temporary external_apiserver_port = 443 diff --git a/google-cloud/fedora-coreos/kubernetes/butane/controller.yaml b/google-cloud/fedora-coreos/kubernetes/butane/controller.yaml index 580b2189..e137c89a 100644 --- a/google-cloud/fedora-coreos/kubernetes/butane/controller.yaml +++ b/google-cloud/fedora-coreos/kubernetes/butane/controller.yaml @@ -157,7 +157,7 @@ storage: contents: inline: | #!/bin/bash -e - mkdir -p -- auth tls/etcd tls/k8s static-manifests manifests/coredns manifests-networking + mkdir -p -- auth tls/{etcd,k8s} static-manifests manifests/{coredns,kube-proxy,network} awk '/#####/ {filename=$2; next} {print > filename}' assets mkdir -p /etc/ssl/etcd/etcd mkdir -p /etc/kubernetes/pki @@ -171,8 +171,7 @@ storage: mv static-manifests/* /etc/kubernetes/manifests/ mkdir -p /opt/bootstrap/assets mv manifests /opt/bootstrap/assets/manifests - mv manifests-networking/* /opt/bootstrap/assets/manifests/ 2>/dev/null || true - rm -rf assets auth static-manifests tls manifests-networking manifests + rm -rf assets auth static-manifests tls manifests chcon -R -u system_u -t container_file_t /etc/kubernetes/pki - path: /opt/bootstrap/apply mode: 0544 diff --git a/google-cloud/fedora-coreos/kubernetes/controllers.tf b/google-cloud/fedora-coreos/kubernetes/controllers.tf index 8c0510b3..bf06dc9d 100644 --- a/google-cloud/fedora-coreos/kubernetes/controllers.tf +++ b/google-cloud/fedora-coreos/kubernetes/controllers.tf @@ -55,9 +55,9 @@ resource "google_compute_instance" "controllers" { } } - can_ip_forward = true + can_ip_forward = true allow_stopping_for_update = true - tags = ["${var.cluster_name}-controller"] + tags = ["${var.cluster_name}-controller"] lifecycle { ignore_changes = [ diff --git a/google-cloud/fedora-coreos/kubernetes/variables.tf b/google-cloud/fedora-coreos/kubernetes/variables.tf index ad561e13..20e8ffa6 100644 --- a/google-cloud/fedora-coreos/kubernetes/variables.tf +++ b/google-cloud/fedora-coreos/kubernetes/variables.tf @@ -147,3 +147,16 @@ variable "daemonset_tolerations" { description = "List of additional taint keys kube-system DaemonSets should tolerate (e.g. ['custom-role', 'gpu-role'])" default = [] } + +variable "components" { + description = "Configure pre-installed cluster components" + # Component configs are passed through to terraform-render-bootstrap, + # which handles type enforcement and defines defaults + # https://github.com/poseidon/terraform-render-bootstrap/blob/main/variables.tf#L95 + type = object({ + enable = optional(bool) + coredns = optional(map(any)) + kube_proxy = optional(map(any)) + }) + default = null +} diff --git a/google-cloud/flatcar-linux/kubernetes/bootstrap.tf b/google-cloud/flatcar-linux/kubernetes/bootstrap.tf index ca7b6d8c..1beff93a 100644 --- a/google-cloud/flatcar-linux/kubernetes/bootstrap.tf +++ b/google-cloud/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=baf406f2616f9536af2e09d969c8b6a87dc3ed17" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=990286021a37985dcf079d4615e1deaa15575e17" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] @@ -13,6 +13,7 @@ module "bootstrap" { enable_reporting = var.enable_reporting enable_aggregation = var.enable_aggregation daemonset_tolerations = var.daemonset_tolerations + components = var.components // temporary external_apiserver_port = 443 diff --git a/google-cloud/flatcar-linux/kubernetes/butane/controller.yaml b/google-cloud/flatcar-linux/kubernetes/butane/controller.yaml index 0c1684df..44f2bbfe 100644 --- a/google-cloud/flatcar-linux/kubernetes/butane/controller.yaml +++ b/google-cloud/flatcar-linux/kubernetes/butane/controller.yaml @@ -157,7 +157,7 @@ storage: contents: inline: | #!/bin/bash -e - mkdir -p -- auth tls/etcd tls/k8s static-manifests manifests/coredns manifests-networking + mkdir -p -- auth tls/{etcd,k8s} static-manifests manifests/{coredns,kube-proxy,network} awk '/#####/ {filename=$2; next} {print > filename}' assets mkdir -p /etc/ssl/etcd/etcd mkdir -p /etc/kubernetes/pki @@ -172,8 +172,7 @@ storage: mv static-manifests/* /etc/kubernetes/manifests/ mkdir -p /opt/bootstrap/assets mv manifests /opt/bootstrap/assets/manifests - mv manifests-networking/* /opt/bootstrap/assets/manifests/ 2>/dev/null || true - rm -rf assets auth static-manifests tls manifests-networking manifests + rm -rf assets auth static-manifests tls manifests - path: /opt/bootstrap/apply mode: 0544 contents: diff --git a/google-cloud/flatcar-linux/kubernetes/controllers.tf b/google-cloud/flatcar-linux/kubernetes/controllers.tf index 6de8fcfb..c2591e1b 100644 --- a/google-cloud/flatcar-linux/kubernetes/controllers.tf +++ b/google-cloud/flatcar-linux/kubernetes/controllers.tf @@ -31,8 +31,8 @@ resource "google_compute_instance" "controllers" { name = "${var.cluster_name}-controller-${count.index}" # use a zone in the region and wrap around (e.g. controllers > zones) - zone = element(local.zones, count.index) - machine_type = var.controller_type + zone = element(local.zones, count.index) + machine_type = var.controller_type allow_stopping_for_update = true metadata = { diff --git a/google-cloud/flatcar-linux/kubernetes/variables.tf b/google-cloud/flatcar-linux/kubernetes/variables.tf index 3a510f49..134668ed 100644 --- a/google-cloud/flatcar-linux/kubernetes/variables.tf +++ b/google-cloud/flatcar-linux/kubernetes/variables.tf @@ -147,3 +147,16 @@ variable "daemonset_tolerations" { description = "List of additional taint keys kube-system DaemonSets should tolerate (e.g. ['custom-role', 'gpu-role'])" default = [] } + +variable "components" { + description = "Configure pre-installed cluster components" + # Component configs are passed through to terraform-render-bootstrap, + # which handles type enforcement and defines defaults + # https://github.com/poseidon/terraform-render-bootstrap/blob/main/variables.tf#L95 + type = object({ + enable = optional(bool) + coredns = optional(map(any)) + kube_proxy = optional(map(any)) + }) + default = null +} From 1d63592c42c02bcfbc5f3f140e83a8e226b4a839 Mon Sep 17 00:00:00 2001 From: "dghubble-renovate[bot]" <119624128+dghubble-renovate[bot]@users.noreply.github.com> Date: Sun, 12 May 2024 12:40:59 +0000 Subject: [PATCH 046/132] Bump mkdocs-material from 9.5.21 to v9.5.22 --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index fa895925..36d596d7 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,4 +1,4 @@ mkdocs==1.6.0 -mkdocs-material==9.5.21 +mkdocs-material==9.5.22 pygments==2.18.0 pymdown-extensions==10.8.1 From cc80ec9b980af4f3143e31e797d6ef880bb3d2fd Mon Sep 17 00:00:00 2001 From: Dalton Hubble Date: Mon, 13 May 2024 08:38:36 -0700 Subject: [PATCH 047/132] Add firewall and security rules for Cilium/Hubble metrics * Add firewall or security riles to allow node-to-node traffic on ports 9962-9965 for Cilium and Hubble metrics. Cilium runs with host network, so these require cloud firewall changes --- CHANGES.md | 1 + aws/fedora-coreos/kubernetes/security.tf | 48 +++++++++++++++++++ aws/flatcar-linux/kubernetes/security.tf | 48 +++++++++++++++++++ azure/fedora-coreos/kubernetes/security.tf | 36 +++++++++++++- azure/flatcar-linux/kubernetes/security.tf | 36 +++++++++++++- .../fedora-coreos/kubernetes/network.tf | 7 +++ .../flatcar-linux/kubernetes/network.tf | 7 +++ .../fedora-coreos/kubernetes/network.tf | 14 ++++-- .../flatcar-linux/kubernetes/network.tf | 14 ++++-- 9 files changed, 199 insertions(+), 12 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index 6e886e5f..145fd5f4 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -4,6 +4,7 @@ Notable changes between versions. ## Latest +* Add firewall rules and security group rules for Cilium and Hubble metrics ([#1449](https://github.com/poseidon/typhoon/pull/1449)) * Update Cilium from v1.15.3 to [v1.15.4](https://github.com/cilium/cilium/releases/tag/v1.15.4) * Update flannel from v0.24.4 to [v0.25.1](https://github.com/flannel-io/flannel/releases/tag/v0.25.1) diff --git a/aws/fedora-coreos/kubernetes/security.tf b/aws/fedora-coreos/kubernetes/security.tf index 3d94cd66..7bd62e42 100644 --- a/aws/fedora-coreos/kubernetes/security.tf +++ b/aws/fedora-coreos/kubernetes/security.tf @@ -92,6 +92,30 @@ resource "aws_security_group_rule" "controller-cilium-health-self" { self = true } +resource "aws_security_group_rule" "controller-cilium-metrics" { + count = var.networking == "cilium" ? 1 : 0 + + security_group_id = aws_security_group.controller.id + + type = "ingress" + protocol = "tcp" + from_port = 9962 + to_port = 9965 + source_security_group_id = aws_security_group.worker.id +} + +resource "aws_security_group_rule" "controller-cilium-metrics-self" { + count = var.networking == "cilium" ? 1 : 0 + + security_group_id = aws_security_group.controller.id + + type = "ingress" + protocol = "tcp" + from_port = 9962 + to_port = 9965 + self = true +} + # IANA VXLAN default resource "aws_security_group_rule" "controller-vxlan" { count = var.networking == "flannel" ? 1 : 0 @@ -379,6 +403,30 @@ resource "aws_security_group_rule" "worker-cilium-health-self" { self = true } +resource "aws_security_group_rule" "worker-cilium-metrics" { + count = var.networking == "cilium" ? 1 : 0 + + security_group_id = aws_security_group.worker.id + + type = "ingress" + protocol = "tcp" + from_port = 9962 + to_port = 9965 + source_security_group_id = aws_security_group.controller.id +} + +resource "aws_security_group_rule" "worker-cilium-metrics-self" { + count = var.networking == "cilium" ? 1 : 0 + + security_group_id = aws_security_group.worker.id + + type = "ingress" + protocol = "tcp" + from_port = 9962 + to_port = 9965 + self = true +} + # IANA VXLAN default resource "aws_security_group_rule" "worker-vxlan" { count = var.networking == "flannel" ? 1 : 0 diff --git a/aws/flatcar-linux/kubernetes/security.tf b/aws/flatcar-linux/kubernetes/security.tf index 3d94cd66..7bd62e42 100644 --- a/aws/flatcar-linux/kubernetes/security.tf +++ b/aws/flatcar-linux/kubernetes/security.tf @@ -92,6 +92,30 @@ resource "aws_security_group_rule" "controller-cilium-health-self" { self = true } +resource "aws_security_group_rule" "controller-cilium-metrics" { + count = var.networking == "cilium" ? 1 : 0 + + security_group_id = aws_security_group.controller.id + + type = "ingress" + protocol = "tcp" + from_port = 9962 + to_port = 9965 + source_security_group_id = aws_security_group.worker.id +} + +resource "aws_security_group_rule" "controller-cilium-metrics-self" { + count = var.networking == "cilium" ? 1 : 0 + + security_group_id = aws_security_group.controller.id + + type = "ingress" + protocol = "tcp" + from_port = 9962 + to_port = 9965 + self = true +} + # IANA VXLAN default resource "aws_security_group_rule" "controller-vxlan" { count = var.networking == "flannel" ? 1 : 0 @@ -379,6 +403,30 @@ resource "aws_security_group_rule" "worker-cilium-health-self" { self = true } +resource "aws_security_group_rule" "worker-cilium-metrics" { + count = var.networking == "cilium" ? 1 : 0 + + security_group_id = aws_security_group.worker.id + + type = "ingress" + protocol = "tcp" + from_port = 9962 + to_port = 9965 + source_security_group_id = aws_security_group.controller.id +} + +resource "aws_security_group_rule" "worker-cilium-metrics-self" { + count = var.networking == "cilium" ? 1 : 0 + + security_group_id = aws_security_group.worker.id + + type = "ingress" + protocol = "tcp" + from_port = 9962 + to_port = 9965 + self = true +} + # IANA VXLAN default resource "aws_security_group_rule" "worker-vxlan" { count = var.networking == "flannel" ? 1 : 0 diff --git a/azure/fedora-coreos/kubernetes/security.tf b/azure/fedora-coreos/kubernetes/security.tf index 0367cee1..4d6110a0 100644 --- a/azure/fedora-coreos/kubernetes/security.tf +++ b/azure/fedora-coreos/kubernetes/security.tf @@ -121,7 +121,7 @@ resource "azurerm_network_security_rule" "controller-cilium-health" { name = "allow-cilium-health" network_security_group_name = azurerm_network_security_group.controller.name - priority = "2019" + priority = "2018" access = "Allow" direction = "Inbound" protocol = "Tcp" @@ -131,6 +131,22 @@ resource "azurerm_network_security_rule" "controller-cilium-health" { destination_address_prefixes = azurerm_subnet.controller.address_prefixes } +resource "azurerm_network_security_rule" "controller-cilium-metrics" { + resource_group_name = azurerm_resource_group.cluster.name + count = var.networking == "cilium" ? 1 : 0 + + name = "allow-cilium-metrics" + network_security_group_name = azurerm_network_security_group.controller.name + priority = "2019" + access = "Allow" + direction = "Inbound" + protocol = "Tcp" + source_port_range = "*" + destination_port_range = "9962-9965" + source_address_prefixes = concat(azurerm_subnet.controller.address_prefixes, azurerm_subnet.worker.address_prefixes) + destination_address_prefixes = azurerm_subnet.controller.address_prefixes +} + resource "azurerm_network_security_rule" "controller-vxlan" { resource_group_name = azurerm_resource_group.cluster.name @@ -303,7 +319,7 @@ resource "azurerm_network_security_rule" "worker-cilium-health" { name = "allow-cilium-health" network_security_group_name = azurerm_network_security_group.worker.name - priority = "2014" + priority = "2013" access = "Allow" direction = "Inbound" protocol = "Tcp" @@ -313,6 +329,22 @@ resource "azurerm_network_security_rule" "worker-cilium-health" { destination_address_prefixes = azurerm_subnet.worker.address_prefixes } +resource "azurerm_network_security_rule" "worker-cilium-metrics" { + resource_group_name = azurerm_resource_group.cluster.name + count = var.networking == "cilium" ? 1 : 0 + + name = "allow-cilium-metrics" + network_security_group_name = azurerm_network_security_group.worker.name + priority = "2014" + access = "Allow" + direction = "Inbound" + protocol = "Tcp" + source_port_range = "*" + destination_port_range = "9962-9965" + source_address_prefixes = concat(azurerm_subnet.controller.address_prefixes, azurerm_subnet.worker.address_prefixes) + destination_address_prefixes = azurerm_subnet.worker.address_prefixes +} + resource "azurerm_network_security_rule" "worker-vxlan" { resource_group_name = azurerm_resource_group.cluster.name diff --git a/azure/flatcar-linux/kubernetes/security.tf b/azure/flatcar-linux/kubernetes/security.tf index 0367cee1..4d6110a0 100644 --- a/azure/flatcar-linux/kubernetes/security.tf +++ b/azure/flatcar-linux/kubernetes/security.tf @@ -121,7 +121,7 @@ resource "azurerm_network_security_rule" "controller-cilium-health" { name = "allow-cilium-health" network_security_group_name = azurerm_network_security_group.controller.name - priority = "2019" + priority = "2018" access = "Allow" direction = "Inbound" protocol = "Tcp" @@ -131,6 +131,22 @@ resource "azurerm_network_security_rule" "controller-cilium-health" { destination_address_prefixes = azurerm_subnet.controller.address_prefixes } +resource "azurerm_network_security_rule" "controller-cilium-metrics" { + resource_group_name = azurerm_resource_group.cluster.name + count = var.networking == "cilium" ? 1 : 0 + + name = "allow-cilium-metrics" + network_security_group_name = azurerm_network_security_group.controller.name + priority = "2019" + access = "Allow" + direction = "Inbound" + protocol = "Tcp" + source_port_range = "*" + destination_port_range = "9962-9965" + source_address_prefixes = concat(azurerm_subnet.controller.address_prefixes, azurerm_subnet.worker.address_prefixes) + destination_address_prefixes = azurerm_subnet.controller.address_prefixes +} + resource "azurerm_network_security_rule" "controller-vxlan" { resource_group_name = azurerm_resource_group.cluster.name @@ -303,7 +319,7 @@ resource "azurerm_network_security_rule" "worker-cilium-health" { name = "allow-cilium-health" network_security_group_name = azurerm_network_security_group.worker.name - priority = "2014" + priority = "2013" access = "Allow" direction = "Inbound" protocol = "Tcp" @@ -313,6 +329,22 @@ resource "azurerm_network_security_rule" "worker-cilium-health" { destination_address_prefixes = azurerm_subnet.worker.address_prefixes } +resource "azurerm_network_security_rule" "worker-cilium-metrics" { + resource_group_name = azurerm_resource_group.cluster.name + count = var.networking == "cilium" ? 1 : 0 + + name = "allow-cilium-metrics" + network_security_group_name = azurerm_network_security_group.worker.name + priority = "2014" + access = "Allow" + direction = "Inbound" + protocol = "Tcp" + source_port_range = "*" + destination_port_range = "9962-9965" + source_address_prefixes = concat(azurerm_subnet.controller.address_prefixes, azurerm_subnet.worker.address_prefixes) + destination_address_prefixes = azurerm_subnet.worker.address_prefixes +} + resource "azurerm_network_security_rule" "worker-vxlan" { resource_group_name = azurerm_resource_group.cluster.name diff --git a/digital-ocean/fedora-coreos/kubernetes/network.tf b/digital-ocean/fedora-coreos/kubernetes/network.tf index 0d506e58..b506c64e 100644 --- a/digital-ocean/fedora-coreos/kubernetes/network.tf +++ b/digital-ocean/fedora-coreos/kubernetes/network.tf @@ -32,6 +32,13 @@ resource "digitalocean_firewall" "rules" { source_tags = [digitalocean_tag.controllers.name, digitalocean_tag.workers.name] } + # Cilium metrics + inbound_rule { + protocol = "tcp" + port_range = "9962-9965" + source_tags = [digitalocean_tag.controllers.name, digitalocean_tag.workers.name] + } + # IANA vxlan (flannel, calico) inbound_rule { protocol = "udp" diff --git a/digital-ocean/flatcar-linux/kubernetes/network.tf b/digital-ocean/flatcar-linux/kubernetes/network.tf index 0d506e58..b506c64e 100644 --- a/digital-ocean/flatcar-linux/kubernetes/network.tf +++ b/digital-ocean/flatcar-linux/kubernetes/network.tf @@ -32,6 +32,13 @@ resource "digitalocean_firewall" "rules" { source_tags = [digitalocean_tag.controllers.name, digitalocean_tag.workers.name] } + # Cilium metrics + inbound_rule { + protocol = "tcp" + port_range = "9962-9965" + source_tags = [digitalocean_tag.controllers.name, digitalocean_tag.workers.name] + } + # IANA vxlan (flannel, calico) inbound_rule { protocol = "udp" diff --git a/google-cloud/fedora-coreos/kubernetes/network.tf b/google-cloud/fedora-coreos/kubernetes/network.tf index 40c490b6..fcbcd9af 100644 --- a/google-cloud/fedora-coreos/kubernetes/network.tf +++ b/google-cloud/fedora-coreos/kubernetes/network.tf @@ -112,13 +112,14 @@ resource "google_compute_firewall" "internal-vxlan" { target_tags = ["${var.cluster_name}-controller", "${var.cluster_name}-worker"] } -# Cilium VXLAN -resource "google_compute_firewall" "internal-linux-vxlan" { +# Cilium +resource "google_compute_firewall" "internal-cilium" { count = var.networking == "cilium" ? 1 : 0 - name = "${var.cluster_name}-linux-vxlan" + name = "${var.cluster_name}-cilium" network = google_compute_network.network.name + # vxlan allow { protocol = "udp" ports = [8472] @@ -128,12 +129,17 @@ resource "google_compute_firewall" "internal-linux-vxlan" { allow { protocol = "icmp" } - allow { protocol = "tcp" ports = [4240] } + # metrics + allow { + protocol = "tcp" + ports = [9962, 9963, 9964, 9965] + } + source_tags = ["${var.cluster_name}-controller", "${var.cluster_name}-worker"] target_tags = ["${var.cluster_name}-controller", "${var.cluster_name}-worker"] } diff --git a/google-cloud/flatcar-linux/kubernetes/network.tf b/google-cloud/flatcar-linux/kubernetes/network.tf index 40c490b6..fcbcd9af 100644 --- a/google-cloud/flatcar-linux/kubernetes/network.tf +++ b/google-cloud/flatcar-linux/kubernetes/network.tf @@ -112,13 +112,14 @@ resource "google_compute_firewall" "internal-vxlan" { target_tags = ["${var.cluster_name}-controller", "${var.cluster_name}-worker"] } -# Cilium VXLAN -resource "google_compute_firewall" "internal-linux-vxlan" { +# Cilium +resource "google_compute_firewall" "internal-cilium" { count = var.networking == "cilium" ? 1 : 0 - name = "${var.cluster_name}-linux-vxlan" + name = "${var.cluster_name}-cilium" network = google_compute_network.network.name + # vxlan allow { protocol = "udp" ports = [8472] @@ -128,12 +129,17 @@ resource "google_compute_firewall" "internal-linux-vxlan" { allow { protocol = "icmp" } - allow { protocol = "tcp" ports = [4240] } + # metrics + allow { + protocol = "tcp" + ports = [9962, 9963, 9964, 9965] + } + source_tags = ["${var.cluster_name}-controller", "${var.cluster_name}-worker"] target_tags = ["${var.cluster_name}-controller", "${var.cluster_name}-worker"] } From 3f34e047f10fa176b020b4fd66e57c7180adacf8 Mon Sep 17 00:00:00 2001 From: Dalton Hubble Date: Tue, 14 May 2024 21:19:31 -0700 Subject: [PATCH 048/132] azure: Add controller security group and subnet outputs * Output the network security group name and address prefixes for controller nodes, to allow adding custom network security rules that apply specifically to controller nodes --- CHANGES.md | 5 +++++ azure/fedora-coreos/kubernetes/outputs.tf | 13 ++++++++++++- azure/flatcar-linux/kubernetes/outputs.tf | 13 ++++++++++++- docs/architecture/azure.md | 2 +- 4 files changed, 30 insertions(+), 3 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index 145fd5f4..73981927 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -8,6 +8,11 @@ Notable changes between versions. * Update Cilium from v1.15.3 to [v1.15.4](https://github.com/cilium/cilium/releases/tag/v1.15.4) * Update flannel from v0.24.4 to [v0.25.1](https://github.com/flannel-io/flannel/releases/tag/v0.25.1) +### Azure + +* Add `controller_security_group_name` output for adding custom security rules ([#1450](https://github.com/poseidon/typhoon/pull/1450)) +* Add `controller_address_prefixes` output for adding custom security rules ([#1450](https://github.com/poseidon/typhoon/pull/1450)) + ## v1.30.0 * Kubernetes [v1.30.0](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.30.md#v1300) diff --git a/azure/fedora-coreos/kubernetes/outputs.tf b/azure/fedora-coreos/kubernetes/outputs.tf index 1fb9cd4d..5794caad 100644 --- a/azure/fedora-coreos/kubernetes/outputs.tf +++ b/azure/fedora-coreos/kubernetes/outputs.tf @@ -39,8 +39,19 @@ output "kubeconfig" { # Outputs for custom firewalling +output "controller_security_group_name" { + description = "Network Security Group for controller nodes" + value = azurerm_network_security_group.controller.name +} + output "worker_security_group_name" { - value = azurerm_network_security_group.worker.name + description = "Network Security Group for worker nodes" + value = azurerm_network_security_group.worker.name +} + +output "controller_address_prefixes" { + description = "Controller network subnet CIDR addresses (for source/destination)" + value = azurerm_subnet.controller.address_prefixes } output "worker_address_prefixes" { diff --git a/azure/flatcar-linux/kubernetes/outputs.tf b/azure/flatcar-linux/kubernetes/outputs.tf index 1fb9cd4d..5794caad 100644 --- a/azure/flatcar-linux/kubernetes/outputs.tf +++ b/azure/flatcar-linux/kubernetes/outputs.tf @@ -39,8 +39,19 @@ output "kubeconfig" { # Outputs for custom firewalling +output "controller_security_group_name" { + description = "Network Security Group for controller nodes" + value = azurerm_network_security_group.controller.name +} + output "worker_security_group_name" { - value = azurerm_network_security_group.worker.name + description = "Network Security Group for worker nodes" + value = azurerm_network_security_group.worker.name +} + +output "controller_address_prefixes" { + description = "Controller network subnet CIDR addresses (for source/destination)" + value = azurerm_subnet.controller.address_prefixes } output "worker_address_prefixes" { diff --git a/docs/architecture/azure.md b/docs/architecture/azure.md index 2f9c0ab1..587e298d 100644 --- a/docs/architecture/azure.md +++ b/docs/architecture/azure.md @@ -51,7 +51,7 @@ Add firewall rules to the worker security group. ```tf resource "azurerm_network_security_rule" "some-app" { - resource_group_name = "${module.ramius.resource_group_name}" + resource_group_name = module.ramius.resource_group_name name = "some-app" network_security_group_name = module.ramius.worker_security_group_name From 178d1e6eb1675a2dbb4d7779f20a210c380f9ee1 Mon Sep 17 00:00:00 2001 From: "dghubble-renovate[bot]" <119624128+dghubble-renovate[bot]@users.noreply.github.com> Date: Wed, 15 May 2024 16:00:52 +0000 Subject: [PATCH 049/132] Bump mkdocs-material from 9.5.22 to v9.5.23 --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 36d596d7..f8b1b24f 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,4 +1,4 @@ mkdocs==1.6.0 -mkdocs-material==9.5.22 +mkdocs-material==9.5.23 pygments==2.18.0 pymdown-extensions==10.8.1 From 563feacd29b1f8df5010f0287e7fa915f2b0464a Mon Sep 17 00:00:00 2001 From: Dalton Hubble Date: Wed, 15 May 2024 21:59:00 -0700 Subject: [PATCH 050/132] Update Kubernetes from v1.30.0 to v1.30.1 * https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.30.md#v1301 --- CHANGES.md | 3 ++ README.md | 10 +++---- aws/fedora-coreos/kubernetes/README.md | 2 +- aws/fedora-coreos/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/workers/butane/worker.yaml | 2 +- aws/flatcar-linux/kubernetes/README.md | 2 +- aws/flatcar-linux/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/workers/butane/worker.yaml | 2 +- azure/fedora-coreos/kubernetes/README.md | 2 +- azure/fedora-coreos/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/workers/butane/worker.yaml | 2 +- azure/flatcar-linux/kubernetes/README.md | 2 +- azure/flatcar-linux/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/workers/butane/worker.yaml | 2 +- bare-metal/fedora-coreos/kubernetes/README.md | 2 +- .../fedora-coreos/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/worker/butane/worker.yaml | 2 +- bare-metal/flatcar-linux/kubernetes/README.md | 2 +- .../flatcar-linux/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/worker/butane/worker.yaml | 2 +- .../fedora-coreos/kubernetes/README.md | 2 +- .../fedora-coreos/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/butane/worker.yaml | 2 +- .../flatcar-linux/kubernetes/README.md | 2 +- .../flatcar-linux/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/butane/worker.yaml | 2 +- docs/advanced/arm64.md | 28 +++++++++---------- docs/advanced/nodes.md | 8 +++--- docs/advanced/worker-pools.md | 22 +++++++-------- docs/fedora-coreos/aws.md | 10 +++---- docs/fedora-coreos/azure.md | 10 +++---- docs/fedora-coreos/bare-metal.md | 12 ++++---- docs/fedora-coreos/digitalocean.md | 10 +++---- docs/fedora-coreos/google-cloud.md | 10 +++---- docs/flatcar-linux/aws.md | 10 +++---- docs/flatcar-linux/azure.md | 10 +++---- docs/flatcar-linux/bare-metal.md | 12 ++++---- docs/flatcar-linux/digitalocean.md | 10 +++---- docs/flatcar-linux/google-cloud.md | 10 +++---- docs/index.md | 10 +++---- docs/topics/maintenance.md | 8 +++--- .../fedora-coreos/kubernetes/README.md | 2 +- .../fedora-coreos/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/workers/butane/worker.yaml | 2 +- .../flatcar-linux/kubernetes/README.md | 2 +- .../flatcar-linux/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/workers/butane/worker.yaml | 2 +- 57 files changed, 148 insertions(+), 145 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index 73981927..62ad6539 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -4,6 +4,9 @@ Notable changes between versions. ## Latest +## v1.30.1 + +* Kubernetes [v1.30.1](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.30.md#v1301) * Add firewall rules and security group rules for Cilium and Hubble metrics ([#1449](https://github.com/poseidon/typhoon/pull/1449)) * Update Cilium from v1.15.3 to [v1.15.4](https://github.com/cilium/cilium/releases/tag/v1.15.4) * Update flannel from v0.24.4 to [v0.25.1](https://github.com/flannel-io/flannel/releases/tag/v0.25.1) diff --git a/README.md b/README.md index 01232447..0ecacaf4 100644 --- a/README.md +++ b/README.md @@ -18,7 +18,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.30.0 (upstream) +* Kubernetes v1.30.1 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/), SELinux enforcing * Advanced features like [worker pools](https://typhoon.psdn.io/advanced/worker-pools/), [preemptible](https://typhoon.psdn.io/flatcar-linux/google-cloud/#preemption) workers, and [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization @@ -70,7 +70,7 @@ Define a Kubernetes cluster by using the Terraform module for your chosen platfo ```tf module "yavin" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.30.0" + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.30.1" # Google Cloud cluster_name = "yavin" @@ -109,9 +109,9 @@ In 4-8 minutes (varies by platform), the cluster will be ready. This Google Clou $ export KUBECONFIG=/home/user/.kube/configs/yavin-config $ kubectl get nodes NAME ROLES STATUS AGE VERSION -yavin-controller-0.c.example-com.internal Ready 6m v1.30.0 -yavin-worker-jrbf.c.example-com.internal Ready 5m v1.30.0 -yavin-worker-mzdm.c.example-com.internal Ready 5m v1.30.0 +yavin-controller-0.c.example-com.internal Ready 6m v1.30.1 +yavin-worker-jrbf.c.example-com.internal Ready 5m v1.30.1 +yavin-worker-mzdm.c.example-com.internal Ready 5m v1.30.1 ``` List the pods. diff --git a/aws/fedora-coreos/kubernetes/README.md b/aws/fedora-coreos/kubernetes/README.md index af796aaa..6fe50920 100644 --- a/aws/fedora-coreos/kubernetes/README.md +++ b/aws/fedora-coreos/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.30.0 (upstream) +* Kubernetes v1.30.1 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/), SELinux enforcing * Advanced features like [worker pools](https://typhoon.psdn.io/advanced/worker-pools/), [spot](https://typhoon.psdn.io/fedora-coreos/aws/#spot) workers, and [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/aws/fedora-coreos/kubernetes/bootstrap.tf b/aws/fedora-coreos/kubernetes/bootstrap.tf index 26513431..cb859f35 100644 --- a/aws/fedora-coreos/kubernetes/bootstrap.tf +++ b/aws/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=990286021a37985dcf079d4615e1deaa15575e17" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=452bcf379d94f5d479c1dee281fd479872271415" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/aws/fedora-coreos/kubernetes/butane/controller.yaml b/aws/fedora-coreos/kubernetes/butane/controller.yaml index 0aed2cf7..965660ee 100644 --- a/aws/fedora-coreos/kubernetes/butane/controller.yaml +++ b/aws/fedora-coreos/kubernetes/butane/controller.yaml @@ -57,7 +57,7 @@ systemd: After=afterburn.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.0 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.1 EnvironmentFile=/run/metadata/afterburn ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests @@ -116,7 +116,7 @@ systemd: --volume /opt/bootstrap/assets:/assets:ro,Z \ --volume /opt/bootstrap/apply:/apply:ro,Z \ --entrypoint=/apply \ - quay.io/poseidon/kubelet:v1.30.0 + quay.io/poseidon/kubelet:v1.30.1 ExecStartPost=/bin/touch /opt/bootstrap/bootstrap.done ExecStartPost=-/usr/bin/podman stop bootstrap storage: diff --git a/aws/fedora-coreos/kubernetes/workers/butane/worker.yaml b/aws/fedora-coreos/kubernetes/workers/butane/worker.yaml index 53067e65..a45be7b3 100644 --- a/aws/fedora-coreos/kubernetes/workers/butane/worker.yaml +++ b/aws/fedora-coreos/kubernetes/workers/butane/worker.yaml @@ -29,7 +29,7 @@ systemd: After=afterburn.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.0 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.1 EnvironmentFile=/run/metadata/afterburn ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests diff --git a/aws/flatcar-linux/kubernetes/README.md b/aws/flatcar-linux/kubernetes/README.md index 9e0551b0..03b2ada2 100644 --- a/aws/flatcar-linux/kubernetes/README.md +++ b/aws/flatcar-linux/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.30.0 (upstream) +* Kubernetes v1.30.1 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/) * Advanced features like [worker pools](https://typhoon.psdn.io/advanced/worker-pools/), [spot](https://typhoon.psdn.io/flatcar-linux/aws/#spot) workers, and [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/aws/flatcar-linux/kubernetes/bootstrap.tf b/aws/flatcar-linux/kubernetes/bootstrap.tf index 26513431..cb859f35 100644 --- a/aws/flatcar-linux/kubernetes/bootstrap.tf +++ b/aws/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=990286021a37985dcf079d4615e1deaa15575e17" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=452bcf379d94f5d479c1dee281fd479872271415" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/aws/flatcar-linux/kubernetes/butane/controller.yaml b/aws/flatcar-linux/kubernetes/butane/controller.yaml index 189f99b6..1b0aab45 100644 --- a/aws/flatcar-linux/kubernetes/butane/controller.yaml +++ b/aws/flatcar-linux/kubernetes/butane/controller.yaml @@ -58,7 +58,7 @@ systemd: After=coreos-metadata.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.0 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.1 EnvironmentFile=/run/metadata/coreos ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests @@ -109,7 +109,7 @@ systemd: Type=oneshot RemainAfterExit=true WorkingDirectory=/opt/bootstrap - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.0 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.1 ExecStart=/usr/bin/docker run \ -v /etc/kubernetes/pki:/etc/kubernetes/pki:ro \ -v /opt/bootstrap/assets:/assets:ro \ diff --git a/aws/flatcar-linux/kubernetes/workers/butane/worker.yaml b/aws/flatcar-linux/kubernetes/workers/butane/worker.yaml index 20ee3ef1..5e5a2655 100644 --- a/aws/flatcar-linux/kubernetes/workers/butane/worker.yaml +++ b/aws/flatcar-linux/kubernetes/workers/butane/worker.yaml @@ -30,7 +30,7 @@ systemd: After=coreos-metadata.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.0 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.1 EnvironmentFile=/run/metadata/coreos ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests diff --git a/azure/fedora-coreos/kubernetes/README.md b/azure/fedora-coreos/kubernetes/README.md index 182b955b..4edcfc60 100644 --- a/azure/fedora-coreos/kubernetes/README.md +++ b/azure/fedora-coreos/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.30.0 (upstream) +* Kubernetes v1.30.1 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/), SELinux enforcing * Advanced features like [worker pools](https://typhoon.psdn.io/advanced/worker-pools/), [spot priority](https://typhoon.psdn.io/fedora-coreos/azure/#low-priority) workers, and [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/azure/fedora-coreos/kubernetes/bootstrap.tf b/azure/fedora-coreos/kubernetes/bootstrap.tf index 0c5e76f9..00ae4798 100644 --- a/azure/fedora-coreos/kubernetes/bootstrap.tf +++ b/azure/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=990286021a37985dcf079d4615e1deaa15575e17" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=452bcf379d94f5d479c1dee281fd479872271415" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/azure/fedora-coreos/kubernetes/butane/controller.yaml b/azure/fedora-coreos/kubernetes/butane/controller.yaml index 275e8108..004c1be4 100644 --- a/azure/fedora-coreos/kubernetes/butane/controller.yaml +++ b/azure/fedora-coreos/kubernetes/butane/controller.yaml @@ -54,7 +54,7 @@ systemd: Description=Kubelet (System Container) Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.0 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.1 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin @@ -111,7 +111,7 @@ systemd: --volume /opt/bootstrap/assets:/assets:ro,Z \ --volume /opt/bootstrap/apply:/apply:ro,Z \ --entrypoint=/apply \ - quay.io/poseidon/kubelet:v1.30.0 + quay.io/poseidon/kubelet:v1.30.1 ExecStartPost=/bin/touch /opt/bootstrap/bootstrap.done ExecStartPost=-/usr/bin/podman stop bootstrap storage: diff --git a/azure/fedora-coreos/kubernetes/workers/butane/worker.yaml b/azure/fedora-coreos/kubernetes/workers/butane/worker.yaml index 6debd16b..79128fa8 100644 --- a/azure/fedora-coreos/kubernetes/workers/butane/worker.yaml +++ b/azure/fedora-coreos/kubernetes/workers/butane/worker.yaml @@ -26,7 +26,7 @@ systemd: Description=Kubelet (System Container) Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.0 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.1 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin diff --git a/azure/flatcar-linux/kubernetes/README.md b/azure/flatcar-linux/kubernetes/README.md index 363a3faf..b542f425 100644 --- a/azure/flatcar-linux/kubernetes/README.md +++ b/azure/flatcar-linux/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.30.0 (upstream) +* Kubernetes v1.30.1 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/) * Advanced features like [worker pools](https://typhoon.psdn.io/advanced/worker-pools/), [low-priority](https://typhoon.psdn.io/flatcar-linux/azure/#low-priority) workers, and [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/azure/flatcar-linux/kubernetes/bootstrap.tf b/azure/flatcar-linux/kubernetes/bootstrap.tf index 0c5e76f9..00ae4798 100644 --- a/azure/flatcar-linux/kubernetes/bootstrap.tf +++ b/azure/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=990286021a37985dcf079d4615e1deaa15575e17" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=452bcf379d94f5d479c1dee281fd479872271415" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/azure/flatcar-linux/kubernetes/butane/controller.yaml b/azure/flatcar-linux/kubernetes/butane/controller.yaml index 058b1287..00e46d16 100644 --- a/azure/flatcar-linux/kubernetes/butane/controller.yaml +++ b/azure/flatcar-linux/kubernetes/butane/controller.yaml @@ -56,7 +56,7 @@ systemd: After=docker.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.0 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.1 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin @@ -105,7 +105,7 @@ systemd: Type=oneshot RemainAfterExit=true WorkingDirectory=/opt/bootstrap - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.0 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.1 ExecStart=/usr/bin/docker run \ -v /etc/kubernetes/pki:/etc/kubernetes/pki:ro \ -v /opt/bootstrap/assets:/assets:ro \ diff --git a/azure/flatcar-linux/kubernetes/workers/butane/worker.yaml b/azure/flatcar-linux/kubernetes/workers/butane/worker.yaml index 9f71dab7..84e591a6 100644 --- a/azure/flatcar-linux/kubernetes/workers/butane/worker.yaml +++ b/azure/flatcar-linux/kubernetes/workers/butane/worker.yaml @@ -28,7 +28,7 @@ systemd: After=docker.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.0 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.1 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin diff --git a/bare-metal/fedora-coreos/kubernetes/README.md b/bare-metal/fedora-coreos/kubernetes/README.md index 12445b8d..d78ddc6d 100644 --- a/bare-metal/fedora-coreos/kubernetes/README.md +++ b/bare-metal/fedora-coreos/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.30.0 (upstream) +* Kubernetes v1.30.1 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/), SELinux enforcing * Advanced features like [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/bare-metal/fedora-coreos/kubernetes/bootstrap.tf b/bare-metal/fedora-coreos/kubernetes/bootstrap.tf index 98824313..6001a3b2 100644 --- a/bare-metal/fedora-coreos/kubernetes/bootstrap.tf +++ b/bare-metal/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=990286021a37985dcf079d4615e1deaa15575e17" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=452bcf379d94f5d479c1dee281fd479872271415" cluster_name = var.cluster_name api_servers = [var.k8s_domain_name] diff --git a/bare-metal/fedora-coreos/kubernetes/butane/controller.yaml b/bare-metal/fedora-coreos/kubernetes/butane/controller.yaml index 220addca..31ba1637 100644 --- a/bare-metal/fedora-coreos/kubernetes/butane/controller.yaml +++ b/bare-metal/fedora-coreos/kubernetes/butane/controller.yaml @@ -53,7 +53,7 @@ systemd: Description=Kubelet (System Container) Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.0 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.1 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin @@ -113,7 +113,7 @@ systemd: Type=oneshot RemainAfterExit=true WorkingDirectory=/opt/bootstrap - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.0 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.1 ExecStartPre=-/usr/bin/podman rm bootstrap ExecStart=/usr/bin/podman run --name bootstrap \ --network host \ diff --git a/bare-metal/fedora-coreos/kubernetes/worker/butane/worker.yaml b/bare-metal/fedora-coreos/kubernetes/worker/butane/worker.yaml index 06d49c07..e3990e67 100644 --- a/bare-metal/fedora-coreos/kubernetes/worker/butane/worker.yaml +++ b/bare-metal/fedora-coreos/kubernetes/worker/butane/worker.yaml @@ -25,7 +25,7 @@ systemd: Description=Kubelet (System Container) Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.0 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.1 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin diff --git a/bare-metal/flatcar-linux/kubernetes/README.md b/bare-metal/flatcar-linux/kubernetes/README.md index 71452e61..22e427e6 100644 --- a/bare-metal/flatcar-linux/kubernetes/README.md +++ b/bare-metal/flatcar-linux/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.30.0 (upstream) +* Kubernetes v1.30.1 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/) * Advanced features like [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/bare-metal/flatcar-linux/kubernetes/bootstrap.tf b/bare-metal/flatcar-linux/kubernetes/bootstrap.tf index 1e584bdd..1b32df22 100644 --- a/bare-metal/flatcar-linux/kubernetes/bootstrap.tf +++ b/bare-metal/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=990286021a37985dcf079d4615e1deaa15575e17" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=452bcf379d94f5d479c1dee281fd479872271415" cluster_name = var.cluster_name api_servers = [var.k8s_domain_name] diff --git a/bare-metal/flatcar-linux/kubernetes/butane/controller.yaml b/bare-metal/flatcar-linux/kubernetes/butane/controller.yaml index a56064d2..faf79518 100644 --- a/bare-metal/flatcar-linux/kubernetes/butane/controller.yaml +++ b/bare-metal/flatcar-linux/kubernetes/butane/controller.yaml @@ -64,7 +64,7 @@ systemd: After=docker.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.0 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.1 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin @@ -114,7 +114,7 @@ systemd: Type=oneshot RemainAfterExit=true WorkingDirectory=/opt/bootstrap - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.0 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.1 ExecStart=/usr/bin/docker run \ -v /etc/kubernetes/pki:/etc/kubernetes/pki:ro \ -v /opt/bootstrap/assets:/assets:ro \ diff --git a/bare-metal/flatcar-linux/kubernetes/worker/butane/worker.yaml b/bare-metal/flatcar-linux/kubernetes/worker/butane/worker.yaml index 15ea5514..b0a52261 100644 --- a/bare-metal/flatcar-linux/kubernetes/worker/butane/worker.yaml +++ b/bare-metal/flatcar-linux/kubernetes/worker/butane/worker.yaml @@ -36,7 +36,7 @@ systemd: After=docker.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.0 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.1 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin diff --git a/digital-ocean/fedora-coreos/kubernetes/README.md b/digital-ocean/fedora-coreos/kubernetes/README.md index 9e6e5ac4..20fbb592 100644 --- a/digital-ocean/fedora-coreos/kubernetes/README.md +++ b/digital-ocean/fedora-coreos/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.30.0 (upstream) +* Kubernetes v1.30.1 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/), SELinux enforcing * Advanced features like [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/digital-ocean/fedora-coreos/kubernetes/bootstrap.tf b/digital-ocean/fedora-coreos/kubernetes/bootstrap.tf index 08f74428..c3182404 100644 --- a/digital-ocean/fedora-coreos/kubernetes/bootstrap.tf +++ b/digital-ocean/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=990286021a37985dcf079d4615e1deaa15575e17" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=452bcf379d94f5d479c1dee281fd479872271415" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/digital-ocean/fedora-coreos/kubernetes/butane/controller.yaml b/digital-ocean/fedora-coreos/kubernetes/butane/controller.yaml index 9862de68..8f409219 100644 --- a/digital-ocean/fedora-coreos/kubernetes/butane/controller.yaml +++ b/digital-ocean/fedora-coreos/kubernetes/butane/controller.yaml @@ -55,7 +55,7 @@ systemd: After=afterburn.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.0 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.1 EnvironmentFile=/run/metadata/afterburn ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests @@ -123,7 +123,7 @@ systemd: --volume /opt/bootstrap/assets:/assets:ro,Z \ --volume /opt/bootstrap/apply:/apply:ro,Z \ --entrypoint=/apply \ - quay.io/poseidon/kubelet:v1.30.0 + quay.io/poseidon/kubelet:v1.30.1 ExecStartPost=/bin/touch /opt/bootstrap/bootstrap.done ExecStartPost=-/usr/bin/podman stop bootstrap storage: diff --git a/digital-ocean/fedora-coreos/kubernetes/butane/worker.yaml b/digital-ocean/fedora-coreos/kubernetes/butane/worker.yaml index e5f9ff62..aae09b45 100644 --- a/digital-ocean/fedora-coreos/kubernetes/butane/worker.yaml +++ b/digital-ocean/fedora-coreos/kubernetes/butane/worker.yaml @@ -28,7 +28,7 @@ systemd: After=afterburn.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.0 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.1 EnvironmentFile=/run/metadata/afterburn ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests diff --git a/digital-ocean/flatcar-linux/kubernetes/README.md b/digital-ocean/flatcar-linux/kubernetes/README.md index b5e275f2..f389744f 100644 --- a/digital-ocean/flatcar-linux/kubernetes/README.md +++ b/digital-ocean/flatcar-linux/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.30.0 (upstream) +* Kubernetes v1.30.1 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/) * Advanced features like [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/digital-ocean/flatcar-linux/kubernetes/bootstrap.tf b/digital-ocean/flatcar-linux/kubernetes/bootstrap.tf index 08f74428..c3182404 100644 --- a/digital-ocean/flatcar-linux/kubernetes/bootstrap.tf +++ b/digital-ocean/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=990286021a37985dcf079d4615e1deaa15575e17" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=452bcf379d94f5d479c1dee281fd479872271415" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/digital-ocean/flatcar-linux/kubernetes/butane/controller.yaml b/digital-ocean/flatcar-linux/kubernetes/butane/controller.yaml index c450d5a4..d50c68c4 100644 --- a/digital-ocean/flatcar-linux/kubernetes/butane/controller.yaml +++ b/digital-ocean/flatcar-linux/kubernetes/butane/controller.yaml @@ -66,7 +66,7 @@ systemd: After=coreos-metadata.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.0 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.1 EnvironmentFile=/run/metadata/coreos ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests @@ -117,7 +117,7 @@ systemd: Type=oneshot RemainAfterExit=true WorkingDirectory=/opt/bootstrap - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.0 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.1 ExecStart=/usr/bin/docker run \ -v /etc/kubernetes/pki:/etc/kubernetes/pki:ro \ -v /opt/bootstrap/assets:/assets:ro \ diff --git a/digital-ocean/flatcar-linux/kubernetes/butane/worker.yaml b/digital-ocean/flatcar-linux/kubernetes/butane/worker.yaml index ad2f3468..39994b68 100644 --- a/digital-ocean/flatcar-linux/kubernetes/butane/worker.yaml +++ b/digital-ocean/flatcar-linux/kubernetes/butane/worker.yaml @@ -38,7 +38,7 @@ systemd: After=coreos-metadata.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.0 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.1 EnvironmentFile=/run/metadata/coreos ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests diff --git a/docs/advanced/arm64.md b/docs/advanced/arm64.md index f3e17f8a..a80950af 100644 --- a/docs/advanced/arm64.md +++ b/docs/advanced/arm64.md @@ -15,7 +15,7 @@ Create a cluster on AWS with ARM64 controller and worker nodes. Container worklo ```tf module "gravitas" { - source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes?ref=v1.30.0" + source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes?ref=v1.30.1" # AWS cluster_name = "gravitas" @@ -40,7 +40,7 @@ Create a cluster on AWS with ARM64 controller and worker nodes. Container worklo ```tf module "gravitas" { - source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes?ref=v1.30.0" + source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes?ref=v1.30.1" # AWS cluster_name = "gravitas" @@ -66,9 +66,9 @@ Verify the cluster has only arm64 (`aarch64`) nodes. For Flatcar Linux, describe ``` $ kubectl get nodes -o wide NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME -ip-10-0-21-119 Ready 77s v1.30.0 10.0.21.119 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.aarch64 containerd://1.5.8 -ip-10-0-32-166 Ready 80s v1.30.0 10.0.32.166 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.aarch64 containerd://1.5.8 -ip-10-0-5-79 Ready 77s v1.30.0 10.0.5.79 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.aarch64 containerd://1.5.8 +ip-10-0-21-119 Ready 77s v1.30.1 10.0.21.119 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.aarch64 containerd://1.5.8 +ip-10-0-32-166 Ready 80s v1.30.1 10.0.32.166 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.aarch64 containerd://1.5.8 +ip-10-0-5-79 Ready 77s v1.30.1 10.0.5.79 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.aarch64 containerd://1.5.8 ``` ## Hybrid @@ -79,7 +79,7 @@ Create a hybrid/mixed arch cluster by defining an AWS cluster. Then define a [wo ```tf module "gravitas" { - source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes?ref=v1.30.0" + source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes?ref=v1.30.1" # AWS cluster_name = "gravitas" @@ -102,7 +102,7 @@ Create a hybrid/mixed arch cluster by defining an AWS cluster. Then define a [wo ```tf module "gravitas" { - source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes?ref=v1.30.0" + source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes?ref=v1.30.1" # AWS cluster_name = "gravitas" @@ -125,7 +125,7 @@ Create a hybrid/mixed arch cluster by defining an AWS cluster. Then define a [wo ```tf module "gravitas-arm64" { - source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes/workers?ref=v1.30.0" + source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes/workers?ref=v1.30.1" # AWS vpc_id = module.gravitas.vpc_id @@ -149,7 +149,7 @@ Create a hybrid/mixed arch cluster by defining an AWS cluster. Then define a [wo ```tf module "gravitas-arm64" { - source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes/workers?ref=v1.30.0" + source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes/workers?ref=v1.30.1" # AWS vpc_id = module.gravitas.vpc_id @@ -174,10 +174,10 @@ Verify amd64 (x86_64) and arm64 (aarch64) nodes are present. ``` $ kubectl get nodes -o wide NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME -ip-10-0-1-73 Ready 111m v1.30.0 10.0.1.73 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.x86_64 containerd://1.5.8 -ip-10-0-22-79... Ready 111m v1.30.0 10.0.22.79 Flatcar Container Linux by Kinvolk 3033.2.0 (Oklo) 5.10.84-flatcar containerd://1.5.8 -ip-10-0-24-130 Ready 111m v1.30.0 10.0.24.130 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.x86_64 containerd://1.5.8 -ip-10-0-39-19 Ready 111m v1.30.0 10.0.39.19 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.x86_64 containerd://1.5.8 +ip-10-0-1-73 Ready 111m v1.30.1 10.0.1.73 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.x86_64 containerd://1.5.8 +ip-10-0-22-79... Ready 111m v1.30.1 10.0.22.79 Flatcar Container Linux by Kinvolk 3033.2.0 (Oklo) 5.10.84-flatcar containerd://1.5.8 +ip-10-0-24-130 Ready 111m v1.30.1 10.0.24.130 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.x86_64 containerd://1.5.8 +ip-10-0-39-19 Ready 111m v1.30.1 10.0.39.19 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.x86_64 containerd://1.5.8 ``` ## Azure @@ -186,7 +186,7 @@ Create a cluster on Azure with ARM64 controller and worker nodes. Container work ```tf module "ramius" { - source = "git::https://github.com/poseidon/typhoon//azure/flatcar-linux/kubernetes?ref=v1.30.0" + source = "git::https://github.com/poseidon/typhoon//azure/flatcar-linux/kubernetes?ref=v1.30.1" # Azure cluster_name = "ramius" diff --git a/docs/advanced/nodes.md b/docs/advanced/nodes.md index 1c1183b6..7c015739 100644 --- a/docs/advanced/nodes.md +++ b/docs/advanced/nodes.md @@ -36,7 +36,7 @@ Add custom initial worker node labels to default workers or worker pool nodes to ```tf module "yavin" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.30.0" + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.30.1" # Google Cloud cluster_name = "yavin" @@ -57,7 +57,7 @@ Add custom initial worker node labels to default workers or worker pool nodes to ```tf module "yavin-pool" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes/workers?ref=v1.30.0" + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes/workers?ref=v1.30.1" # Google Cloud cluster_name = "yavin" @@ -89,7 +89,7 @@ Add custom initial taints on worker pool nodes to indicate a node is unique and ```tf module "yavin" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.30.0" + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.30.1" # Google Cloud cluster_name = "yavin" @@ -110,7 +110,7 @@ Add custom initial taints on worker pool nodes to indicate a node is unique and ```tf module "yavin-pool" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes/workers?ref=v1.30.0" + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes/workers?ref=v1.30.1" # Google Cloud cluster_name = "yavin" diff --git a/docs/advanced/worker-pools.md b/docs/advanced/worker-pools.md index d77716ab..16b3e802 100644 --- a/docs/advanced/worker-pools.md +++ b/docs/advanced/worker-pools.md @@ -19,7 +19,7 @@ Create a cluster following the AWS [tutorial](../flatcar-linux/aws.md#cluster). ```tf module "tempest-worker-pool" { - source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes/workers?ref=v1.30.0" + source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes/workers?ref=v1.30.1" # AWS vpc_id = module.tempest.vpc_id @@ -42,7 +42,7 @@ Create a cluster following the AWS [tutorial](../flatcar-linux/aws.md#cluster). ```tf module "tempest-worker-pool" { - source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes/workers?ref=v1.30.0" + source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes/workers?ref=v1.30.1" # AWS vpc_id = module.tempest.vpc_id @@ -111,7 +111,7 @@ Create a cluster following the Azure [tutorial](../flatcar-linux/azure.md#cluste ```tf module "ramius-worker-pool" { - source = "git::https://github.com/poseidon/typhoon//azure/fedora-coreos/kubernetes/workers?ref=v1.30.0" + source = "git::https://github.com/poseidon/typhoon//azure/fedora-coreos/kubernetes/workers?ref=v1.30.1" # Azure region = module.ramius.region @@ -137,7 +137,7 @@ Create a cluster following the Azure [tutorial](../flatcar-linux/azure.md#cluste ```tf module "ramius-worker-pool" { - source = "git::https://github.com/poseidon/typhoon//azure/flatcar-linux/kubernetes/workers?ref=v1.30.0" + source = "git::https://github.com/poseidon/typhoon//azure/flatcar-linux/kubernetes/workers?ref=v1.30.1" # Azure region = module.ramius.region @@ -207,7 +207,7 @@ Create a cluster following the Google Cloud [tutorial](../flatcar-linux/google-c ```tf module "yavin-worker-pool" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes/workers?ref=v1.30.0" + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes/workers?ref=v1.30.1" # Google Cloud region = "europe-west2" @@ -231,7 +231,7 @@ Create a cluster following the Google Cloud [tutorial](../flatcar-linux/google-c ```tf module "yavin-worker-pool" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/flatcar-linux/kubernetes/workers?ref=v1.30.0" + source = "git::https://github.com/poseidon/typhoon//google-cloud/flatcar-linux/kubernetes/workers?ref=v1.30.1" # Google Cloud region = "europe-west2" @@ -262,11 +262,11 @@ Verify a managed instance group of workers joins the cluster within a few minute ``` $ kubectl get nodes NAME STATUS AGE VERSION -yavin-controller-0.c.example-com.internal Ready 6m v1.30.0 -yavin-worker-jrbf.c.example-com.internal Ready 5m v1.30.0 -yavin-worker-mzdm.c.example-com.internal Ready 5m v1.30.0 -yavin-16x-worker-jrbf.c.example-com.internal Ready 3m v1.30.0 -yavin-16x-worker-mzdm.c.example-com.internal Ready 3m v1.30.0 +yavin-controller-0.c.example-com.internal Ready 6m v1.30.1 +yavin-worker-jrbf.c.example-com.internal Ready 5m v1.30.1 +yavin-worker-mzdm.c.example-com.internal Ready 5m v1.30.1 +yavin-16x-worker-jrbf.c.example-com.internal Ready 3m v1.30.1 +yavin-16x-worker-mzdm.c.example-com.internal Ready 3m v1.30.1 ``` ### Variables diff --git a/docs/fedora-coreos/aws.md b/docs/fedora-coreos/aws.md index 3ed5dc9a..00cf93bd 100644 --- a/docs/fedora-coreos/aws.md +++ b/docs/fedora-coreos/aws.md @@ -1,6 +1,6 @@ # AWS -In this tutorial, we'll create a Kubernetes v1.30.0 cluster on AWS with Fedora CoreOS. +In this tutorial, we'll create a Kubernetes v1.30.1 cluster on AWS with Fedora CoreOS. We'll declare a Kubernetes cluster using the Typhoon Terraform module. Then apply the changes to create a VPC, gateway, subnets, security groups, controller instances, worker auto-scaling group, network load balancer, and TLS assets. @@ -72,7 +72,7 @@ Define a Kubernetes cluster using the module `aws/fedora-coreos/kubernetes`. ```tf module "tempest" { - source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes?ref=v1.30.0" + source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes?ref=v1.30.1" # AWS cluster_name = "tempest" @@ -145,9 +145,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/tempest-config $ kubectl get nodes NAME STATUS ROLES AGE VERSION -ip-10-0-3-155 Ready 10m v1.30.0 -ip-10-0-26-65 Ready 10m v1.30.0 -ip-10-0-41-21 Ready 10m v1.30.0 +ip-10-0-3-155 Ready 10m v1.30.1 +ip-10-0-26-65 Ready 10m v1.30.1 +ip-10-0-41-21 Ready 10m v1.30.1 ``` List the pods. diff --git a/docs/fedora-coreos/azure.md b/docs/fedora-coreos/azure.md index ae6ab904..c0243d32 100644 --- a/docs/fedora-coreos/azure.md +++ b/docs/fedora-coreos/azure.md @@ -1,6 +1,6 @@ # Azure -In this tutorial, we'll create a Kubernetes v1.30.0 cluster on Azure with Fedora CoreOS. +In this tutorial, we'll create a Kubernetes v1.30.1 cluster on Azure with Fedora CoreOS. We'll declare a Kubernetes cluster using the Typhoon Terraform module. Then apply the changes to create a resource group, virtual network, subnets, security groups, controller availability set, worker scale set, load balancer, and TLS assets. @@ -86,7 +86,7 @@ Define a Kubernetes cluster using the module `azure/fedora-coreos/kubernetes`. ```tf module "ramius" { - source = "git::https://github.com/poseidon/typhoon//azure/fedora-coreos/kubernetes?ref=v1.30.0" + source = "git::https://github.com/poseidon/typhoon//azure/fedora-coreos/kubernetes?ref=v1.30.1" # Azure cluster_name = "ramius" @@ -161,9 +161,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/ramius-config $ kubectl get nodes NAME STATUS ROLES AGE VERSION -ramius-controller-0 Ready 24m v1.30.0 -ramius-worker-000001 Ready 25m v1.30.0 -ramius-worker-000002 Ready 24m v1.30.0 +ramius-controller-0 Ready 24m v1.30.1 +ramius-worker-000001 Ready 25m v1.30.1 +ramius-worker-000002 Ready 24m v1.30.1 ``` List the pods. diff --git a/docs/fedora-coreos/bare-metal.md b/docs/fedora-coreos/bare-metal.md index 7fbf40b8..db42b158 100644 --- a/docs/fedora-coreos/bare-metal.md +++ b/docs/fedora-coreos/bare-metal.md @@ -1,6 +1,6 @@ # Bare-Metal -In this tutorial, we'll network boot and provision a Kubernetes v1.30.0 cluster on bare-metal with Fedora CoreOS. +In this tutorial, we'll network boot and provision a Kubernetes v1.30.1 cluster on bare-metal with Fedora CoreOS. First, we'll deploy a [Matchbox](https://github.com/poseidon/matchbox) service and setup a network boot environment. Then, we'll declare a Kubernetes cluster using the Typhoon Terraform module and power on machines. On PXE boot, machines will install Fedora CoreOS to disk, reboot into the disk install, and provision themselves as Kubernetes controllers or workers via Ignition. @@ -154,7 +154,7 @@ Define a Kubernetes cluster using the module `bare-metal/fedora-coreos/kubernete ```tf module "mercury" { - source = "git::https://github.com/poseidon/typhoon//bare-metal/fedora-coreos/kubernetes?ref=v1.30.0" + source = "git::https://github.com/poseidon/typhoon//bare-metal/fedora-coreos/kubernetes?ref=v1.30.1" # bare-metal cluster_name = "mercury" @@ -191,7 +191,7 @@ Workers with similar features can be defined inline using the `workers` field as ```tf module "mercury-node1" { - source = "git::https://github.com/poseidon/typhoon//bare-metal/fedora-coreos/kubernetes/worker?ref=v1.30.0" + source = "git::https://github.com/poseidon/typhoon//bare-metal/fedora-coreos/kubernetes/worker?ref=v1.30.1" # bare-metal cluster_name = "mercury" @@ -313,9 +313,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/mercury-config $ kubectl get nodes NAME STATUS ROLES AGE VERSION -node1.example.com Ready 10m v1.30.0 -node2.example.com Ready 10m v1.30.0 -node3.example.com Ready 10m v1.30.0 +node1.example.com Ready 10m v1.30.1 +node2.example.com Ready 10m v1.30.1 +node3.example.com Ready 10m v1.30.1 ``` List the pods. diff --git a/docs/fedora-coreos/digitalocean.md b/docs/fedora-coreos/digitalocean.md index b1b9f862..16fdda99 100644 --- a/docs/fedora-coreos/digitalocean.md +++ b/docs/fedora-coreos/digitalocean.md @@ -1,6 +1,6 @@ # DigitalOcean -In this tutorial, we'll create a Kubernetes v1.30.0 cluster on DigitalOcean with Fedora CoreOS. +In this tutorial, we'll create a Kubernetes v1.30.1 cluster on DigitalOcean with Fedora CoreOS. We'll declare a Kubernetes cluster using the Typhoon Terraform module. Then apply the changes to create controller droplets, worker droplets, DNS records, tags, and TLS assets. @@ -81,7 +81,7 @@ Define a Kubernetes cluster using the module `digital-ocean/fedora-coreos/kubern ```tf module "nemo" { - source = "git::https://github.com/poseidon/typhoon//digital-ocean/fedora-coreos/kubernetes?ref=v1.30.0" + source = "git::https://github.com/poseidon/typhoon//digital-ocean/fedora-coreos/kubernetes?ref=v1.30.1" # Digital Ocean cluster_name = "nemo" @@ -155,9 +155,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/nemo-config $ kubectl get nodes NAME STATUS ROLES AGE VERSION -10.132.110.130 Ready 10m v1.30.0 -10.132.115.81 Ready 10m v1.30.0 -10.132.124.107 Ready 10m v1.30.0 +10.132.110.130 Ready 10m v1.30.1 +10.132.115.81 Ready 10m v1.30.1 +10.132.124.107 Ready 10m v1.30.1 ``` List the pods. diff --git a/docs/fedora-coreos/google-cloud.md b/docs/fedora-coreos/google-cloud.md index 5faa46f6..45e005c5 100644 --- a/docs/fedora-coreos/google-cloud.md +++ b/docs/fedora-coreos/google-cloud.md @@ -1,6 +1,6 @@ # Google Cloud -In this tutorial, we'll create a Kubernetes v1.30.0 cluster on Google Compute Engine with Fedora CoreOS. +In this tutorial, we'll create a Kubernetes v1.30.1 cluster on Google Compute Engine with Fedora CoreOS. We'll declare a Kubernetes cluster using the Typhoon Terraform module. Then apply the changes to create a network, firewall rules, health checks, controller instances, worker managed instance group, load balancers, and TLS assets. @@ -73,7 +73,7 @@ Define a Kubernetes cluster using the module `google-cloud/fedora-coreos/kuberne ```tf module "yavin" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.30.0" + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.30.1" # Google Cloud cluster_name = "yavin" @@ -147,9 +147,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/yavin-config $ kubectl get nodes NAME ROLES STATUS AGE VERSION -yavin-controller-0.c.example-com.internal Ready 6m v1.30.0 -yavin-worker-jrbf.c.example-com.internal Ready 5m v1.30.0 -yavin-worker-mzdm.c.example-com.internal Ready 5m v1.30.0 +yavin-controller-0.c.example-com.internal Ready 6m v1.30.1 +yavin-worker-jrbf.c.example-com.internal Ready 5m v1.30.1 +yavin-worker-mzdm.c.example-com.internal Ready 5m v1.30.1 ``` List the pods. diff --git a/docs/flatcar-linux/aws.md b/docs/flatcar-linux/aws.md index 87d47ec0..4c3b23ee 100644 --- a/docs/flatcar-linux/aws.md +++ b/docs/flatcar-linux/aws.md @@ -1,6 +1,6 @@ # AWS -In this tutorial, we'll create a Kubernetes v1.30.0 cluster on AWS with Flatcar Linux. +In this tutorial, we'll create a Kubernetes v1.30.1 cluster on AWS with Flatcar Linux. We'll declare a Kubernetes cluster using the Typhoon Terraform module. Then apply the changes to create a VPC, gateway, subnets, security groups, controller instances, worker auto-scaling group, network load balancer, and TLS assets. @@ -72,7 +72,7 @@ Define a Kubernetes cluster using the module `aws/flatcar-linux/kubernetes`. ```tf module "tempest" { - source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes?ref=v1.30.0" + source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes?ref=v1.30.1" # AWS cluster_name = "tempest" @@ -145,9 +145,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/tempest-config $ kubectl get nodes NAME STATUS ROLES AGE VERSION -ip-10-0-3-155 Ready 10m v1.30.0 -ip-10-0-26-65 Ready 10m v1.30.0 -ip-10-0-41-21 Ready 10m v1.30.0 +ip-10-0-3-155 Ready 10m v1.30.1 +ip-10-0-26-65 Ready 10m v1.30.1 +ip-10-0-41-21 Ready 10m v1.30.1 ``` List the pods. diff --git a/docs/flatcar-linux/azure.md b/docs/flatcar-linux/azure.md index db203a16..a8ad05f1 100644 --- a/docs/flatcar-linux/azure.md +++ b/docs/flatcar-linux/azure.md @@ -1,6 +1,6 @@ # Azure -In this tutorial, we'll create a Kubernetes v1.30.0 cluster on Azure with Flatcar Linux. +In this tutorial, we'll create a Kubernetes v1.30.1 cluster on Azure with Flatcar Linux. We'll declare a Kubernetes cluster using the Typhoon Terraform module. Then apply the changes to create a resource group, virtual network, subnets, security groups, controller availability set, worker scale set, load balancer, and TLS assets. @@ -75,7 +75,7 @@ Define a Kubernetes cluster using the module `azure/flatcar-linux/kubernetes`. ```tf module "ramius" { - source = "git::https://github.com/poseidon/typhoon//azure/flatcar-linux/kubernetes?ref=v1.30.0" + source = "git::https://github.com/poseidon/typhoon//azure/flatcar-linux/kubernetes?ref=v1.30.1" # Azure cluster_name = "ramius" @@ -149,9 +149,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/ramius-config $ kubectl get nodes NAME STATUS ROLES AGE VERSION -ramius-controller-0 Ready 24m v1.30.0 -ramius-worker-000001 Ready 25m v1.30.0 -ramius-worker-000002 Ready 24m v1.30.0 +ramius-controller-0 Ready 24m v1.30.1 +ramius-worker-000001 Ready 25m v1.30.1 +ramius-worker-000002 Ready 24m v1.30.1 ``` List the pods. diff --git a/docs/flatcar-linux/bare-metal.md b/docs/flatcar-linux/bare-metal.md index 36e17a44..8eece86e 100644 --- a/docs/flatcar-linux/bare-metal.md +++ b/docs/flatcar-linux/bare-metal.md @@ -1,6 +1,6 @@ # Bare-Metal -In this tutorial, we'll network boot and provision a Kubernetes v1.30.0 cluster on bare-metal with Flatcar Linux. +In this tutorial, we'll network boot and provision a Kubernetes v1.30.1 cluster on bare-metal with Flatcar Linux. First, we'll deploy a [Matchbox](https://github.com/poseidon/matchbox) service and setup a network boot environment. Then, we'll declare a Kubernetes cluster using the Typhoon Terraform module and power on machines. On PXE boot, machines will install Container Linux to disk, reboot into the disk install, and provision themselves as Kubernetes controllers or workers via Ignition. @@ -154,7 +154,7 @@ Define a Kubernetes cluster using the module `bare-metal/flatcar-linux/kubernete ```tf module "mercury" { - source = "git::https://github.com/poseidon/typhoon//bare-metal/flatcar-linux/kubernetes?ref=v1.30.0" + source = "git::https://github.com/poseidon/typhoon//bare-metal/flatcar-linux/kubernetes?ref=v1.30.1" # bare-metal cluster_name = "mercury" @@ -194,7 +194,7 @@ Workers with similar features can be defined inline using the `workers` field as ```tf module "mercury-node1" { - source = "git::https://github.com/poseidon/typhoon//bare-metal/fedora-coreos/kubernetes/worker?ref=v1.30.0" + source = "git::https://github.com/poseidon/typhoon//bare-metal/fedora-coreos/kubernetes/worker?ref=v1.30.1" # bare-metal cluster_name = "mercury" @@ -323,9 +323,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/mercury-config $ kubectl get nodes NAME STATUS ROLES AGE VERSION -node1.example.com Ready 10m v1.30.0 -node2.example.com Ready 10m v1.30.0 -node3.example.com Ready 10m v1.30.0 +node1.example.com Ready 10m v1.30.1 +node2.example.com Ready 10m v1.30.1 +node3.example.com Ready 10m v1.30.1 ``` List the pods. diff --git a/docs/flatcar-linux/digitalocean.md b/docs/flatcar-linux/digitalocean.md index d3006bec..9bf02651 100644 --- a/docs/flatcar-linux/digitalocean.md +++ b/docs/flatcar-linux/digitalocean.md @@ -1,6 +1,6 @@ # DigitalOcean -In this tutorial, we'll create a Kubernetes v1.30.0 cluster on DigitalOcean with Flatcar Linux. +In this tutorial, we'll create a Kubernetes v1.30.1 cluster on DigitalOcean with Flatcar Linux. We'll declare a Kubernetes cluster using the Typhoon Terraform module. Then apply the changes to create controller droplets, worker droplets, DNS records, tags, and TLS assets. @@ -81,7 +81,7 @@ Define a Kubernetes cluster using the module `digital-ocean/flatcar-linux/kubern ```tf module "nemo" { - source = "git::https://github.com/poseidon/typhoon//digital-ocean/flatcar-linux/kubernetes?ref=v1.30.0" + source = "git::https://github.com/poseidon/typhoon//digital-ocean/flatcar-linux/kubernetes?ref=v1.30.1" # Digital Ocean cluster_name = "nemo" @@ -155,9 +155,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/nemo-config $ kubectl get nodes NAME STATUS ROLES AGE VERSION -10.132.110.130 Ready 10m v1.30.0 -10.132.115.81 Ready 10m v1.30.0 -10.132.124.107 Ready 10m v1.30.0 +10.132.110.130 Ready 10m v1.30.1 +10.132.115.81 Ready 10m v1.30.1 +10.132.124.107 Ready 10m v1.30.1 ``` List the pods. diff --git a/docs/flatcar-linux/google-cloud.md b/docs/flatcar-linux/google-cloud.md index 6b145c31..db84466e 100644 --- a/docs/flatcar-linux/google-cloud.md +++ b/docs/flatcar-linux/google-cloud.md @@ -1,6 +1,6 @@ # Google Cloud -In this tutorial, we'll create a Kubernetes v1.30.0 cluster on Google Compute Engine with Flatcar Linux. +In this tutorial, we'll create a Kubernetes v1.30.1 cluster on Google Compute Engine with Flatcar Linux. We'll declare a Kubernetes cluster using the Typhoon Terraform module. Then apply the changes to create a network, firewall rules, health checks, controller instances, worker managed instance group, load balancers, and TLS assets. @@ -73,7 +73,7 @@ Define a Kubernetes cluster using the module `google-cloud/flatcar-linux/kuberne ```tf module "yavin" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/flatcar-linux/kubernetes?ref=v1.30.0" + source = "git::https://github.com/poseidon/typhoon//google-cloud/flatcar-linux/kubernetes?ref=v1.30.1" # Google Cloud cluster_name = "yavin" @@ -147,9 +147,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/yavin-config $ kubectl get nodes NAME ROLES STATUS AGE VERSION -yavin-controller-0.c.example-com.internal Ready 6m v1.30.0 -yavin-worker-jrbf.c.example-com.internal Ready 5m v1.30.0 -yavin-worker-mzdm.c.example-com.internal Ready 5m v1.30.0 +yavin-controller-0.c.example-com.internal Ready 6m v1.30.1 +yavin-worker-jrbf.c.example-com.internal Ready 5m v1.30.1 +yavin-worker-mzdm.c.example-com.internal Ready 5m v1.30.1 ``` List the pods. diff --git a/docs/index.md b/docs/index.md index fddcdea1..84f309f4 100644 --- a/docs/index.md +++ b/docs/index.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.30.0 (upstream) +* Kubernetes v1.30.1 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/), SELinux enforcing * Advanced features like [worker pools](advanced/worker-pools/), [preemptible](fedora-coreos/google-cloud/#preemption) workers, and [snippets](advanced/customization/#hosts) customization @@ -62,7 +62,7 @@ Define a Kubernetes cluster by using the Terraform module for your chosen platfo ```tf module "yavin" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.30.0" + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.30.1" # Google Cloud cluster_name = "yavin" @@ -100,9 +100,9 @@ In 4-8 minutes (varies by platform), the cluster will be ready. This Google Clou $ export KUBECONFIG=/home/user/.kube/configs/yavin-config $ kubectl get nodes NAME ROLES STATUS AGE VERSION -yavin-controller-0.c.example-com.internal Ready 6m v1.30.0 -yavin-worker-jrbf.c.example-com.internal Ready 5m v1.30.0 -yavin-worker-mzdm.c.example-com.internal Ready 5m v1.30.0 +yavin-controller-0.c.example-com.internal Ready 6m v1.30.1 +yavin-worker-jrbf.c.example-com.internal Ready 5m v1.30.1 +yavin-worker-mzdm.c.example-com.internal Ready 5m v1.30.1 ``` List the pods. diff --git a/docs/topics/maintenance.md b/docs/topics/maintenance.md index 0cef7640..6a503e97 100644 --- a/docs/topics/maintenance.md +++ b/docs/topics/maintenance.md @@ -13,12 +13,12 @@ Typhoon provides tagged releases to allow clusters to be versioned using ordinar ``` module "yavin" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.30.0" + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.30.1" ... } module "mercury" { - source = "git::https://github.com/poseidon/typhoon//bare-metal/flatcar-linux/kubernetes?ref=v1.30.0" + source = "git::https://github.com/poseidon/typhoon//bare-metal/flatcar-linux/kubernetes?ref=v1.30.1" ... } ``` @@ -192,7 +192,7 @@ Applying edits to most worker fields will start an instance refresh: However, changing `os_stream`/`os_channel` or new AMIs becoming available will NOT change the launch configuration or trigger an Instance Refresh. This allows Fedora CoreOS or Flatcar Linux to auto-update themselves via reboots and avoids unexpected terraform diffs for new AMIs. !!! note - Before Typhoon v1.30.0, worker nodes only used new launch configurations when replaced manually (or due to failure). If you must change node configuration manually, it's still possible. Create a new [worker pool](../advanced/worker-pools.md), then scale down the old worker pool as desired. + Before Typhoon v1.30.1, worker nodes only used new launch configurations when replaced manually (or due to failure). If you must change node configuration manually, it's still possible. Create a new [worker pool](../advanced/worker-pools.md), then scale down the old worker pool as desired. ### Google Cloud @@ -233,7 +233,7 @@ Applying edits to most worker fields will start an instance refresh: However, changing `os_stream`/`os_channel` or new compute images becoming available will NOT change the launch template or update instances. This allows Fedora CoreOS or Flatcar Linux to auto-update themselves via reboots and avoids unexpected terraform diffs for new AMIs. !!! note - Before Typhoon v1.30.0, worker nodes only used new launch templates when replaced manually (or due to failure). If you must change node configuration manually, it's still possible. Create a new [worker pool](../advanced/worker-pools.md), then scale down the old worker pool as desired. + Before Typhoon v1.30.1, worker nodes only used new launch templates when replaced manually (or due to failure). If you must change node configuration manually, it's still possible. Create a new [worker pool](../advanced/worker-pools.md), then scale down the old worker pool as desired. ## Upgrade poseidon/ct diff --git a/google-cloud/fedora-coreos/kubernetes/README.md b/google-cloud/fedora-coreos/kubernetes/README.md index c933983b..a22871b8 100644 --- a/google-cloud/fedora-coreos/kubernetes/README.md +++ b/google-cloud/fedora-coreos/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.30.0 (upstream) +* Kubernetes v1.30.1 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/), SELinux enforcing * Advanced features like [worker pools](https://typhoon.psdn.io/advanced/worker-pools/), [preemptible](https://typhoon.psdn.io/fedora-coreos/google-cloud/#preemption) workers, and [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/google-cloud/fedora-coreos/kubernetes/bootstrap.tf b/google-cloud/fedora-coreos/kubernetes/bootstrap.tf index 1beff93a..7de0b14a 100644 --- a/google-cloud/fedora-coreos/kubernetes/bootstrap.tf +++ b/google-cloud/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=990286021a37985dcf079d4615e1deaa15575e17" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=452bcf379d94f5d479c1dee281fd479872271415" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/google-cloud/fedora-coreos/kubernetes/butane/controller.yaml b/google-cloud/fedora-coreos/kubernetes/butane/controller.yaml index e137c89a..6e3d3d51 100644 --- a/google-cloud/fedora-coreos/kubernetes/butane/controller.yaml +++ b/google-cloud/fedora-coreos/kubernetes/butane/controller.yaml @@ -54,7 +54,7 @@ systemd: Description=Kubelet (System Container) Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.0 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.1 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin @@ -111,7 +111,7 @@ systemd: --volume /opt/bootstrap/assets:/assets:ro,Z \ --volume /opt/bootstrap/apply:/apply:ro,Z \ --entrypoint=/apply \ - quay.io/poseidon/kubelet:v1.30.0 + quay.io/poseidon/kubelet:v1.30.1 ExecStartPost=/bin/touch /opt/bootstrap/bootstrap.done ExecStartPost=-/usr/bin/podman stop bootstrap storage: diff --git a/google-cloud/fedora-coreos/kubernetes/workers/butane/worker.yaml b/google-cloud/fedora-coreos/kubernetes/workers/butane/worker.yaml index 8a49b432..27601f27 100644 --- a/google-cloud/fedora-coreos/kubernetes/workers/butane/worker.yaml +++ b/google-cloud/fedora-coreos/kubernetes/workers/butane/worker.yaml @@ -26,7 +26,7 @@ systemd: Description=Kubelet (System Container) Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.0 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.1 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin diff --git a/google-cloud/flatcar-linux/kubernetes/README.md b/google-cloud/flatcar-linux/kubernetes/README.md index 0123348f..c061988e 100644 --- a/google-cloud/flatcar-linux/kubernetes/README.md +++ b/google-cloud/flatcar-linux/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.30.0 (upstream) +* Kubernetes v1.30.1 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/) * Advanced features like [worker pools](https://typhoon.psdn.io/advanced/worker-pools/), [preemptible](https://typhoon.psdn.io/flatcar-linux/google-cloud/#preemption) workers, and [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/google-cloud/flatcar-linux/kubernetes/bootstrap.tf b/google-cloud/flatcar-linux/kubernetes/bootstrap.tf index 1beff93a..7de0b14a 100644 --- a/google-cloud/flatcar-linux/kubernetes/bootstrap.tf +++ b/google-cloud/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=990286021a37985dcf079d4615e1deaa15575e17" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=452bcf379d94f5d479c1dee281fd479872271415" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/google-cloud/flatcar-linux/kubernetes/butane/controller.yaml b/google-cloud/flatcar-linux/kubernetes/butane/controller.yaml index 44f2bbfe..7ba4298f 100644 --- a/google-cloud/flatcar-linux/kubernetes/butane/controller.yaml +++ b/google-cloud/flatcar-linux/kubernetes/butane/controller.yaml @@ -56,7 +56,7 @@ systemd: After=docker.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.0 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.1 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin @@ -105,7 +105,7 @@ systemd: Type=oneshot RemainAfterExit=true WorkingDirectory=/opt/bootstrap - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.0 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.1 ExecStart=/usr/bin/docker run \ -v /etc/kubernetes/pki:/etc/kubernetes/pki:ro \ -v /opt/bootstrap/assets:/assets:ro \ diff --git a/google-cloud/flatcar-linux/kubernetes/workers/butane/worker.yaml b/google-cloud/flatcar-linux/kubernetes/workers/butane/worker.yaml index 3ecbb79a..5a25e5cb 100644 --- a/google-cloud/flatcar-linux/kubernetes/workers/butane/worker.yaml +++ b/google-cloud/flatcar-linux/kubernetes/workers/butane/worker.yaml @@ -28,7 +28,7 @@ systemd: After=docker.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.0 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.1 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin From b3c384fbc0dc52ce5b898fd22c1f4a947a407f50 Mon Sep 17 00:00:00 2001 From: Dalton Hubble Date: Sat, 18 May 2024 15:05:33 -0700 Subject: [PATCH 051/132] Introduce the component system for managing pre-installed addons * Previously: Typhoon provisions clusters with kube-system components like CoreDNS, kube-proxy, and a chosen CNI provider (among flannel, Calico, or Cilium) pre-installed. This is convenient since clusters come with "batteries included". But it also means upgrading these components is generally done in lock-step, by upgrading to a new Typhoon / Kubernetes release * It can be valuable to manage these components with a separate plan/apply process or through automations and deploy systems. For example, this allows managing CoreDNS separately from the cluster's lifecycle. * These "components" will continue to be pre-installed by default, but a new `components` variable allows them to be disabled and managed as "addons", components you apply after cluster creation and manage on a rolling basis. For some of these, we may provide Terraform modules to aide in managing these components. ``` module "cluster" { # defaults components = { enable = true coredns = { enable = true } kube_proxy = { enable = true } # Only the CNI set in var.networking will be installed flannel = { enable = true } calico = { enable = true } cilium = { enable = true } } } ``` An earlier variable `install_container_networking = true/false` has been removed, since it can now be achieved with this more extensible and general components mechanism by setting the chosen networking provider enable field to false. --- CHANGES.md | 1 + aws/fedora-coreos/kubernetes/bootstrap.tf | 4 +- aws/fedora-coreos/kubernetes/variables.tf | 9 +- aws/flatcar-linux/kubernetes/bootstrap.tf | 4 +- aws/flatcar-linux/kubernetes/variables.tf | 9 +- azure/fedora-coreos/kubernetes/bootstrap.tf | 4 +- azure/fedora-coreos/kubernetes/variables.tf | 9 +- azure/flatcar-linux/kubernetes/bootstrap.tf | 4 +- azure/flatcar-linux/kubernetes/variables.tf | 9 +- .../fedora-coreos/kubernetes/bootstrap.tf | 4 +- .../fedora-coreos/kubernetes/variables.tf | 9 +- .../flatcar-linux/kubernetes/bootstrap.tf | 4 +- .../flatcar-linux/kubernetes/variables.tf | 9 +- .../fedora-coreos/kubernetes/bootstrap.tf | 4 +- .../fedora-coreos/kubernetes/variables.tf | 9 +- .../flatcar-linux/kubernetes/bootstrap.tf | 4 +- .../flatcar-linux/kubernetes/variables.tf | 9 +- docs/addons/overview.md | 126 +++++++++++++++++- docs/fedora-coreos/aws.md | 2 +- docs/fedora-coreos/azure.md | 2 +- docs/fedora-coreos/bare-metal.md | 2 +- docs/fedora-coreos/digitalocean.md | 2 +- docs/fedora-coreos/google-cloud.md | 2 +- docs/flatcar-linux/aws.md | 2 +- docs/flatcar-linux/azure.md | 2 +- docs/flatcar-linux/bare-metal.md | 2 +- docs/flatcar-linux/digitalocean.md | 2 +- docs/flatcar-linux/google-cloud.md | 2 +- .../fedora-coreos/kubernetes/bootstrap.tf | 4 +- .../fedora-coreos/kubernetes/variables.tf | 9 +- .../flatcar-linux/kubernetes/bootstrap.tf | 4 +- .../flatcar-linux/kubernetes/variables.tf | 9 +- 32 files changed, 185 insertions(+), 92 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index 62ad6539..9cc715e8 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -8,6 +8,7 @@ Notable changes between versions. * Kubernetes [v1.30.1](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.30.md#v1301) * Add firewall rules and security group rules for Cilium and Hubble metrics ([#1449](https://github.com/poseidon/typhoon/pull/1449)) +* Introduce `components` variabe to enable/disable/configure pre-installed components ([#1453](https://github.com/poseidon/typhoon/pull/1453)) * Update Cilium from v1.15.3 to [v1.15.4](https://github.com/cilium/cilium/releases/tag/v1.15.4) * Update flannel from v0.24.4 to [v0.25.1](https://github.com/flannel-io/flannel/releases/tag/v0.25.1) diff --git a/aws/fedora-coreos/kubernetes/bootstrap.tf b/aws/fedora-coreos/kubernetes/bootstrap.tf index cb859f35..3482068b 100644 --- a/aws/fedora-coreos/kubernetes/bootstrap.tf +++ b/aws/fedora-coreos/kubernetes/bootstrap.tf @@ -1,11 +1,11 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=452bcf379d94f5d479c1dee281fd479872271415" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=a54fe54d9895f5dd51332b79533143f52792090f" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] etcd_servers = aws_route53_record.etcds.*.fqdn - networking = var.install_container_networking ? var.networking : "none" + networking = var.networking network_mtu = var.network_mtu pod_cidr = var.pod_cidr service_cidr = var.service_cidr diff --git a/aws/fedora-coreos/kubernetes/variables.tf b/aws/fedora-coreos/kubernetes/variables.tf index edb4e670..09524e62 100644 --- a/aws/fedora-coreos/kubernetes/variables.tf +++ b/aws/fedora-coreos/kubernetes/variables.tf @@ -107,12 +107,6 @@ variable "networking" { default = "cilium" } -variable "install_container_networking" { - type = bool - description = "Install the chosen networking provider during cluster bootstrap (use false to self-manage)" - default = true -} - variable "network_mtu" { type = number description = "CNI interface MTU (applies to calico only). Use 8981 if using instances types with Jumbo frames." @@ -192,6 +186,9 @@ variable "components" { enable = optional(bool) coredns = optional(map(any)) kube_proxy = optional(map(any)) + flannel = optional(map(any)) + calico = optional(map(any)) + cilium = optional(map(any)) }) default = null } diff --git a/aws/flatcar-linux/kubernetes/bootstrap.tf b/aws/flatcar-linux/kubernetes/bootstrap.tf index cb859f35..3482068b 100644 --- a/aws/flatcar-linux/kubernetes/bootstrap.tf +++ b/aws/flatcar-linux/kubernetes/bootstrap.tf @@ -1,11 +1,11 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=452bcf379d94f5d479c1dee281fd479872271415" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=a54fe54d9895f5dd51332b79533143f52792090f" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] etcd_servers = aws_route53_record.etcds.*.fqdn - networking = var.install_container_networking ? var.networking : "none" + networking = var.networking network_mtu = var.network_mtu pod_cidr = var.pod_cidr service_cidr = var.service_cidr diff --git a/aws/flatcar-linux/kubernetes/variables.tf b/aws/flatcar-linux/kubernetes/variables.tf index a6203df0..cc86d5ec 100644 --- a/aws/flatcar-linux/kubernetes/variables.tf +++ b/aws/flatcar-linux/kubernetes/variables.tf @@ -107,12 +107,6 @@ variable "networking" { default = "cilium" } -variable "install_container_networking" { - type = bool - description = "Install the chosen networking provider during cluster bootstrap (use false to self-manage)" - default = true -} - variable "network_mtu" { type = number description = "CNI interface MTU (applies to calico only). Use 8981 if using instances types with Jumbo frames." @@ -192,6 +186,9 @@ variable "components" { enable = optional(bool) coredns = optional(map(any)) kube_proxy = optional(map(any)) + flannel = optional(map(any)) + calico = optional(map(any)) + cilium = optional(map(any)) }) default = null } diff --git a/azure/fedora-coreos/kubernetes/bootstrap.tf b/azure/fedora-coreos/kubernetes/bootstrap.tf index 00ae4798..68fe5af6 100644 --- a/azure/fedora-coreos/kubernetes/bootstrap.tf +++ b/azure/fedora-coreos/kubernetes/bootstrap.tf @@ -1,12 +1,12 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=452bcf379d94f5d479c1dee281fd479872271415" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=a54fe54d9895f5dd51332b79533143f52792090f" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] etcd_servers = formatlist("%s.%s", azurerm_dns_a_record.etcds.*.name, var.dns_zone) - networking = var.install_container_networking ? var.networking : "none" + networking = var.networking # only effective with Calico networking # we should be able to use 1450 MTU, but in practice, 1410 was needed network_encapsulation = "vxlan" diff --git a/azure/fedora-coreos/kubernetes/variables.tf b/azure/fedora-coreos/kubernetes/variables.tf index 4f15bfbe..b323dd6a 100644 --- a/azure/fedora-coreos/kubernetes/variables.tf +++ b/azure/fedora-coreos/kubernetes/variables.tf @@ -94,12 +94,6 @@ variable "networking" { default = "cilium" } -variable "install_container_networking" { - type = bool - description = "Install the chosen networking provider during cluster bootstrap (use false to self-manage)" - default = true -} - variable "host_cidr" { type = string description = "CIDR IPv4 range to assign to instances" @@ -162,6 +156,9 @@ variable "components" { enable = optional(bool) coredns = optional(map(any)) kube_proxy = optional(map(any)) + flannel = optional(map(any)) + calico = optional(map(any)) + cilium = optional(map(any)) }) default = null } diff --git a/azure/flatcar-linux/kubernetes/bootstrap.tf b/azure/flatcar-linux/kubernetes/bootstrap.tf index 00ae4798..68fe5af6 100644 --- a/azure/flatcar-linux/kubernetes/bootstrap.tf +++ b/azure/flatcar-linux/kubernetes/bootstrap.tf @@ -1,12 +1,12 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=452bcf379d94f5d479c1dee281fd479872271415" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=a54fe54d9895f5dd51332b79533143f52792090f" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] etcd_servers = formatlist("%s.%s", azurerm_dns_a_record.etcds.*.name, var.dns_zone) - networking = var.install_container_networking ? var.networking : "none" + networking = var.networking # only effective with Calico networking # we should be able to use 1450 MTU, but in practice, 1410 was needed network_encapsulation = "vxlan" diff --git a/azure/flatcar-linux/kubernetes/variables.tf b/azure/flatcar-linux/kubernetes/variables.tf index 38b45917..27159e97 100644 --- a/azure/flatcar-linux/kubernetes/variables.tf +++ b/azure/flatcar-linux/kubernetes/variables.tf @@ -100,12 +100,6 @@ variable "networking" { default = "cilium" } -variable "install_container_networking" { - type = bool - description = "Install the chosen networking provider during cluster bootstrap (use false to self-manage)" - default = true -} - variable "host_cidr" { type = string description = "CIDR IPv4 range to assign to instances" @@ -179,6 +173,9 @@ variable "components" { enable = optional(bool) coredns = optional(map(any)) kube_proxy = optional(map(any)) + flannel = optional(map(any)) + calico = optional(map(any)) + cilium = optional(map(any)) }) default = null } diff --git a/bare-metal/fedora-coreos/kubernetes/bootstrap.tf b/bare-metal/fedora-coreos/kubernetes/bootstrap.tf index 6001a3b2..d7cc1431 100644 --- a/bare-metal/fedora-coreos/kubernetes/bootstrap.tf +++ b/bare-metal/fedora-coreos/kubernetes/bootstrap.tf @@ -1,11 +1,11 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=452bcf379d94f5d479c1dee281fd479872271415" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=a54fe54d9895f5dd51332b79533143f52792090f" cluster_name = var.cluster_name api_servers = [var.k8s_domain_name] etcd_servers = var.controllers.*.domain - networking = var.install_container_networking ? var.networking : "none" + networking = var.networking network_mtu = var.network_mtu network_ip_autodetection_method = var.network_ip_autodetection_method pod_cidr = var.pod_cidr diff --git a/bare-metal/fedora-coreos/kubernetes/variables.tf b/bare-metal/fedora-coreos/kubernetes/variables.tf index 0fbc634e..2a1c08e2 100644 --- a/bare-metal/fedora-coreos/kubernetes/variables.tf +++ b/bare-metal/fedora-coreos/kubernetes/variables.tf @@ -92,12 +92,6 @@ variable "networking" { default = "cilium" } -variable "install_container_networking" { - type = bool - description = "Install the chosen networking provider during cluster bootstrap (use false to self-manage)" - default = true -} - variable "network_mtu" { type = number description = "CNI interface MTU (applies to calico only)" @@ -174,6 +168,9 @@ variable "components" { enable = optional(bool) coredns = optional(map(any)) kube_proxy = optional(map(any)) + flannel = optional(map(any)) + calico = optional(map(any)) + cilium = optional(map(any)) }) default = null } diff --git a/bare-metal/flatcar-linux/kubernetes/bootstrap.tf b/bare-metal/flatcar-linux/kubernetes/bootstrap.tf index 1b32df22..d0727169 100644 --- a/bare-metal/flatcar-linux/kubernetes/bootstrap.tf +++ b/bare-metal/flatcar-linux/kubernetes/bootstrap.tf @@ -1,11 +1,11 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=452bcf379d94f5d479c1dee281fd479872271415" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=a54fe54d9895f5dd51332b79533143f52792090f" cluster_name = var.cluster_name api_servers = [var.k8s_domain_name] etcd_servers = var.controllers.*.domain - networking = var.install_container_networking ? var.networking : "none" + networking = var.networking network_mtu = var.network_mtu network_ip_autodetection_method = var.network_ip_autodetection_method pod_cidr = var.pod_cidr diff --git a/bare-metal/flatcar-linux/kubernetes/variables.tf b/bare-metal/flatcar-linux/kubernetes/variables.tf index 8cc1a526..e486b409 100644 --- a/bare-metal/flatcar-linux/kubernetes/variables.tf +++ b/bare-metal/flatcar-linux/kubernetes/variables.tf @@ -91,12 +91,6 @@ variable "networking" { default = "cilium" } -variable "install_container_networking" { - type = bool - description = "Install the chosen networking provider during cluster bootstrap (use false to self-manage)" - default = true -} - variable "network_mtu" { type = number description = "CNI interface MTU (applies to calico only)" @@ -190,6 +184,9 @@ variable "components" { enable = optional(bool) coredns = optional(map(any)) kube_proxy = optional(map(any)) + flannel = optional(map(any)) + calico = optional(map(any)) + cilium = optional(map(any)) }) default = null } diff --git a/digital-ocean/fedora-coreos/kubernetes/bootstrap.tf b/digital-ocean/fedora-coreos/kubernetes/bootstrap.tf index c3182404..193cff6d 100644 --- a/digital-ocean/fedora-coreos/kubernetes/bootstrap.tf +++ b/digital-ocean/fedora-coreos/kubernetes/bootstrap.tf @@ -1,12 +1,12 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=452bcf379d94f5d479c1dee281fd479872271415" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=a54fe54d9895f5dd51332b79533143f52792090f" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] etcd_servers = digitalocean_record.etcds.*.fqdn - networking = var.install_container_networking ? var.networking : "none" + networking = var.networking # only effective with Calico networking network_encapsulation = "vxlan" network_mtu = "1450" diff --git a/digital-ocean/fedora-coreos/kubernetes/variables.tf b/digital-ocean/fedora-coreos/kubernetes/variables.tf index ccdfb3cd..0f577899 100644 --- a/digital-ocean/fedora-coreos/kubernetes/variables.tf +++ b/digital-ocean/fedora-coreos/kubernetes/variables.tf @@ -71,12 +71,6 @@ variable "networking" { default = "cilium" } -variable "install_container_networking" { - type = bool - description = "Install the chosen networking provider during cluster bootstrap (use false to self-manage)" - default = true -} - variable "pod_cidr" { type = string description = "CIDR IPv4 range to assign Kubernetes pods" @@ -121,6 +115,9 @@ variable "components" { enable = optional(bool) coredns = optional(map(any)) kube_proxy = optional(map(any)) + flannel = optional(map(any)) + calico = optional(map(any)) + cilium = optional(map(any)) }) default = null } diff --git a/digital-ocean/flatcar-linux/kubernetes/bootstrap.tf b/digital-ocean/flatcar-linux/kubernetes/bootstrap.tf index c3182404..193cff6d 100644 --- a/digital-ocean/flatcar-linux/kubernetes/bootstrap.tf +++ b/digital-ocean/flatcar-linux/kubernetes/bootstrap.tf @@ -1,12 +1,12 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=452bcf379d94f5d479c1dee281fd479872271415" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=a54fe54d9895f5dd51332b79533143f52792090f" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] etcd_servers = digitalocean_record.etcds.*.fqdn - networking = var.install_container_networking ? var.networking : "none" + networking = var.networking # only effective with Calico networking network_encapsulation = "vxlan" network_mtu = "1450" diff --git a/digital-ocean/flatcar-linux/kubernetes/variables.tf b/digital-ocean/flatcar-linux/kubernetes/variables.tf index 96ec7f34..7426f38a 100644 --- a/digital-ocean/flatcar-linux/kubernetes/variables.tf +++ b/digital-ocean/flatcar-linux/kubernetes/variables.tf @@ -71,12 +71,6 @@ variable "networking" { default = "cilium" } -variable "install_container_networking" { - type = bool - description = "Install the chosen networking provider during cluster bootstrap (use false to self-manage)" - default = true -} - variable "pod_cidr" { type = string description = "CIDR IPv4 range to assign Kubernetes pods" @@ -121,6 +115,9 @@ variable "components" { enable = optional(bool) coredns = optional(map(any)) kube_proxy = optional(map(any)) + flannel = optional(map(any)) + calico = optional(map(any)) + cilium = optional(map(any)) }) default = null } diff --git a/docs/addons/overview.md b/docs/addons/overview.md index 13708c2b..ac6680d6 100644 --- a/docs/addons/overview.md +++ b/docs/addons/overview.md @@ -1,9 +1,131 @@ -# Addons +# Components -Typhoon clusters are verified to work well with several post-install addons. +Typhoon's component model allows for managing cluster components independent from the cluster's lifecycle, upgrading in a rolling or automated fashion, or customizing components in advanced ways. + +Typhoon clusters install core components like `CoreDNS`, `kube-proxy`, and a chosen CNI provider (`flannel`, `calico`, or `cilium`) by default. Since v1.30.1, pre-installed components are optional. Other "addon" components like Nginx Ingress, Prometheus, or Grafana may be optionally applied though the component model (after cluster creation). + +## Components + +Pre-installed by default: + +* CoreDNS +* kube-proxy +* CNI provider (set via `var.networking`) + * flannel + * Calico + * Cilium + +Addons: * Nginx [Ingress Controller](ingress.md) * [Prometheus](prometheus.md) * [Grafana](grafana.md) * [fleetlock](fleetlock.md) +## Pre-installed Components + +By default, Typhoon clusters install `CoreDNS`, `kube-proxy`, and a chosen CNI provider (`flannel`, `calico`, or `cilium`). Disable any or all of these components using the `components` system. + +```tf +module "yavin" { + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.30.1" + + # Google Cloud + cluster_name = "yavin" + region = "us-central1" + dns_zone = "example.com" + dns_zone_name = "example-zone" + + # configuration + ssh_authorized_key = "ssh-ed25519 AAAAB3Nz..." + + # pre-installed components (defaults shown) + components = { + enable = true + coredns = { + enable = true + } + kube_proxy = { + enable = true + } + # Only the CNI set in var.networking will be installed + flannel = { + enable = true + } + calico = { + enable = true + } + cilium = { + enable = true + } + } +} +``` + +!!! warn + Disabling pre-installed components is for advanced users who intend to manage these components separately. Without a CNI provider, cluster nodes will be NotReady and wait for the CNI provider to be applied. + +## Managing Components + +If you choose to manage components youself, a recommended pattern is to use a separate Terraform workspace per component, like you would any application. + +``` +mkdir -p infra/components/{coredns, cilium} + +tree components/coredns +components/coredns/ +├── backend.tf +├── manifests.tf +└── providers.tf +``` + +Let's consider managing CoreDNS resources. Configure the `kubernetes` provider to use the kubeconfig credentials of your Typhoon cluster(s) in a `providers.tf` file. Here we show provider blocks for interacting with Typhoon clusters on AWS, Azure, or Google Cloud, assuming each cluster's `kubeconfig-admin` output was written to local file. + +```tf +provider "kubernetes" { + alias = "aws" + config_path = "~/.kube/configs/aws-config" +} + +provider "kubernetes" { + alias = "google" + config_path = "~/.kube/configs/google-config" +} + +... +``` + +Typhoon maintains Terraform modules for most addon components. You can reference `main`, a tagged release, a SHA revision, or custom module of your own. Define the CoreDNS manifests using the `addons/coredns` module in a `manifests.tf` file. + +```tf +# CoreDNS manifests for the aws cluster +module "aws" { + source = "git::https://github.com/poseidon/typhoon//addons/coredns?ref=v1.30.1" + providers = { + kubernetes = kubernetes.aws + } +} + +# CoreDNS manifests for the google cloud cluster +module "aws" { + source = "git::https://github.com/poseidon/typhoon//addons/coredns?ref=v1.30.1" + providers = { + kubernetes = kubernetes.google + } +} +... +``` + +Plan and apply the CoreDNS Kubernetes resources to cluster(s). + +``` +terraform plan +terraform apply +... +module.aws.kubernetes_service_account.coredns: Refreshing state... [id=kube-system/coredns] +module.aws.kubernetes_config_map.coredns: Refreshing state... [id=kube-system/coredns] +module.aws.kubernetes_cluster_role.coredns: Refreshing state... [id=system:coredns] +module.aws.kubernetes_cluster_role_binding.coredns: Refreshing state... [id=system:coredns] +module.aws.kubernetes_service.coredns: Refreshing state... [id=kube-system/coredns] +... +``` diff --git a/docs/fedora-coreos/aws.md b/docs/fedora-coreos/aws.md index 00cf93bd..d8728766 100644 --- a/docs/fedora-coreos/aws.md +++ b/docs/fedora-coreos/aws.md @@ -4,7 +4,7 @@ In this tutorial, we'll create a Kubernetes v1.30.1 cluster on AWS with Fedora C We'll declare a Kubernetes cluster using the Typhoon Terraform module. Then apply the changes to create a VPC, gateway, subnets, security groups, controller instances, worker auto-scaling group, network load balancer, and TLS assets. -Controller hosts are provisioned to run an `etcd-member` peer and a `kubelet` service. Worker hosts run a `kubelet` service. Controller nodes run `kube-apiserver`, `kube-scheduler`, `kube-controller-manager`, and `coredns`, while `kube-proxy` and `calico` (or `flannel`) run on every node. A generated `kubeconfig` provides `kubectl` access to the cluster. +Controller hosts are provisioned to run an `etcd-member` peer and a `kubelet` service. Worker hosts run a `kubelet` service. Controller nodes run `kube-apiserver`, `kube-scheduler`, `kube-controller-manager`, and `coredns`, while `kube-proxy` and (`flannel`, `calico`, or `cilium`) run on every node. A generated `kubeconfig` provides `kubectl` access to the cluster. ## Requirements diff --git a/docs/fedora-coreos/azure.md b/docs/fedora-coreos/azure.md index c0243d32..b7957340 100644 --- a/docs/fedora-coreos/azure.md +++ b/docs/fedora-coreos/azure.md @@ -4,7 +4,7 @@ In this tutorial, we'll create a Kubernetes v1.30.1 cluster on Azure with Fedora We'll declare a Kubernetes cluster using the Typhoon Terraform module. Then apply the changes to create a resource group, virtual network, subnets, security groups, controller availability set, worker scale set, load balancer, and TLS assets. -Controller hosts are provisioned to run an `etcd-member` peer and a `kubelet` service. Worker hosts run a `kubelet` service. Controller nodes run `kube-apiserver`, `kube-scheduler`, `kube-controller-manager`, and `coredns`, while `kube-proxy` and `calico` (or `flannel`) run on every node. A generated `kubeconfig` provides `kubectl` access to the cluster. +Controller hosts are provisioned to run an `etcd-member` peer and a `kubelet` service. Worker hosts run a `kubelet` service. Controller nodes run `kube-apiserver`, `kube-scheduler`, `kube-controller-manager`, and `coredns`, while `kube-proxy` and (`flannel`, `calico`, or `cilium`) run on every node. A generated `kubeconfig` provides `kubectl` access to the cluster. ## Requirements diff --git a/docs/fedora-coreos/bare-metal.md b/docs/fedora-coreos/bare-metal.md index db42b158..ccc04506 100644 --- a/docs/fedora-coreos/bare-metal.md +++ b/docs/fedora-coreos/bare-metal.md @@ -4,7 +4,7 @@ In this tutorial, we'll network boot and provision a Kubernetes v1.30.1 cluster First, we'll deploy a [Matchbox](https://github.com/poseidon/matchbox) service and setup a network boot environment. Then, we'll declare a Kubernetes cluster using the Typhoon Terraform module and power on machines. On PXE boot, machines will install Fedora CoreOS to disk, reboot into the disk install, and provision themselves as Kubernetes controllers or workers via Ignition. -Controller hosts are provisioned to run an `etcd-member` peer and a `kubelet` service. Worker hosts run a `kubelet` service. Controller nodes run `kube-apiserver`, `kube-scheduler`, `kube-controller-manager`, and `coredns`, while `kube-proxy` and `calico` (or `flannel`) run on every node. A generated `kubeconfig` provides `kubectl` access to the cluster. +Controller hosts are provisioned to run an `etcd-member` peer and a `kubelet` service. Worker hosts run a `kubelet` service. Controller nodes run `kube-apiserver`, `kube-scheduler`, `kube-controller-manager`, and `coredns`, while `kube-proxy` and (`flannel`, `calico`, or `cilium`) run on every node. A generated `kubeconfig` provides `kubectl` access to the cluster. ## Requirements diff --git a/docs/fedora-coreos/digitalocean.md b/docs/fedora-coreos/digitalocean.md index 16fdda99..e3cc5d3a 100644 --- a/docs/fedora-coreos/digitalocean.md +++ b/docs/fedora-coreos/digitalocean.md @@ -4,7 +4,7 @@ In this tutorial, we'll create a Kubernetes v1.30.1 cluster on DigitalOcean with We'll declare a Kubernetes cluster using the Typhoon Terraform module. Then apply the changes to create controller droplets, worker droplets, DNS records, tags, and TLS assets. -Controller hosts are provisioned to run an `etcd-member` peer and a `kubelet` service. Worker hosts run a `kubelet` service. Controller nodes run `kube-apiserver`, `kube-scheduler`, `kube-controller-manager`, and `coredns`, while `kube-proxy` and `calico` (or `flannel`) run on every node. A generated `kubeconfig` provides `kubectl` access to the cluster. +Controller hosts are provisioned to run an `etcd-member` peer and a `kubelet` service. Worker hosts run a `kubelet` service. Controller nodes run `kube-apiserver`, `kube-scheduler`, `kube-controller-manager`, and `coredns`, while `kube-proxy` and (`flannel`, `calico`, or `cilium`) run on every node. A generated `kubeconfig` provides `kubectl` access to the cluster. ## Requirements diff --git a/docs/fedora-coreos/google-cloud.md b/docs/fedora-coreos/google-cloud.md index 45e005c5..6e5f08ba 100644 --- a/docs/fedora-coreos/google-cloud.md +++ b/docs/fedora-coreos/google-cloud.md @@ -4,7 +4,7 @@ In this tutorial, we'll create a Kubernetes v1.30.1 cluster on Google Compute En We'll declare a Kubernetes cluster using the Typhoon Terraform module. Then apply the changes to create a network, firewall rules, health checks, controller instances, worker managed instance group, load balancers, and TLS assets. -Controller hosts are provisioned to run an `etcd-member` peer and a `kubelet` service. Worker hosts run a `kubelet` service. Controller nodes run `kube-apiserver`, `kube-scheduler`, `kube-controller-manager`, and `coredns`, while `kube-proxy` and `calico` (or `flannel`) run on every node. A generated `kubeconfig` provides `kubectl` access to the cluster. +Controller hosts are provisioned to run an `etcd-member` peer and a `kubelet` service. Worker hosts run a `kubelet` service. Controller nodes run `kube-apiserver`, `kube-scheduler`, `kube-controller-manager`, and `coredns`, while `kube-proxy` and (`flannel`, `calico`, or `cilium`) run on every node. A generated `kubeconfig` provides `kubectl` access to the cluster. ## Requirements diff --git a/docs/flatcar-linux/aws.md b/docs/flatcar-linux/aws.md index 4c3b23ee..a016c865 100644 --- a/docs/flatcar-linux/aws.md +++ b/docs/flatcar-linux/aws.md @@ -4,7 +4,7 @@ In this tutorial, we'll create a Kubernetes v1.30.1 cluster on AWS with Flatcar We'll declare a Kubernetes cluster using the Typhoon Terraform module. Then apply the changes to create a VPC, gateway, subnets, security groups, controller instances, worker auto-scaling group, network load balancer, and TLS assets. -Controller hosts are provisioned to run an `etcd-member` peer and a `kubelet` service. Worker hosts run a `kubelet` service. Controller nodes run `kube-apiserver`, `kube-scheduler`, `kube-controller-manager`, and `coredns`, while `kube-proxy` and `calico` (or `flannel`) run on every node. A generated `kubeconfig` provides `kubectl` access to the cluster. +Controller hosts are provisioned to run an `etcd-member` peer and a `kubelet` service. Worker hosts run a `kubelet` service. Controller nodes run `kube-apiserver`, `kube-scheduler`, `kube-controller-manager`, and `coredns`, while `kube-proxy` and (`flannel`, `calico`, or `cilium`) run on every node. A generated `kubeconfig` provides `kubectl` access to the cluster. ## Requirements diff --git a/docs/flatcar-linux/azure.md b/docs/flatcar-linux/azure.md index a8ad05f1..59bff3e0 100644 --- a/docs/flatcar-linux/azure.md +++ b/docs/flatcar-linux/azure.md @@ -4,7 +4,7 @@ In this tutorial, we'll create a Kubernetes v1.30.1 cluster on Azure with Flatca We'll declare a Kubernetes cluster using the Typhoon Terraform module. Then apply the changes to create a resource group, virtual network, subnets, security groups, controller availability set, worker scale set, load balancer, and TLS assets. -Controller hosts are provisioned to run an `etcd-member` peer and a `kubelet` service. Worker hosts run a `kubelet` service. Controller nodes run `kube-apiserver`, `kube-scheduler`, `kube-controller-manager`, and `coredns`, while `kube-proxy` and `calico` (or `flannel`) run on every node. A generated `kubeconfig` provides `kubectl` access to the cluster. +Controller hosts are provisioned to run an `etcd-member` peer and a `kubelet` service. Worker hosts run a `kubelet` service. Controller nodes run `kube-apiserver`, `kube-scheduler`, `kube-controller-manager`, and `coredns`, while `kube-proxy` and (`flannel`, `calico`, or `cilium`) run on every node. A generated `kubeconfig` provides `kubectl` access to the cluster. ## Requirements diff --git a/docs/flatcar-linux/bare-metal.md b/docs/flatcar-linux/bare-metal.md index 8eece86e..6a9d86d7 100644 --- a/docs/flatcar-linux/bare-metal.md +++ b/docs/flatcar-linux/bare-metal.md @@ -4,7 +4,7 @@ In this tutorial, we'll network boot and provision a Kubernetes v1.30.1 cluster First, we'll deploy a [Matchbox](https://github.com/poseidon/matchbox) service and setup a network boot environment. Then, we'll declare a Kubernetes cluster using the Typhoon Terraform module and power on machines. On PXE boot, machines will install Container Linux to disk, reboot into the disk install, and provision themselves as Kubernetes controllers or workers via Ignition. -Controller hosts are provisioned to run an `etcd-member` peer and a `kubelet` service. Worker hosts run a `kubelet` service. Controller nodes run `kube-apiserver`, `kube-scheduler`, `kube-controller-manager`, and `coredns` while `kube-proxy` and `calico` (or `flannel`) run on every node. A generated `kubeconfig` provides `kubectl` access to the cluster. +Controller hosts are provisioned to run an `etcd-member` peer and a `kubelet` service. Worker hosts run a `kubelet` service. Controller nodes run `kube-apiserver`, `kube-scheduler`, `kube-controller-manager`, and `coredns` while `kube-proxy` and (`flannel`, `calico`, or `cilium`) run on every node. A generated `kubeconfig` provides `kubectl` access to the cluster. ## Requirements diff --git a/docs/flatcar-linux/digitalocean.md b/docs/flatcar-linux/digitalocean.md index 9bf02651..4bc44156 100644 --- a/docs/flatcar-linux/digitalocean.md +++ b/docs/flatcar-linux/digitalocean.md @@ -4,7 +4,7 @@ In this tutorial, we'll create a Kubernetes v1.30.1 cluster on DigitalOcean with We'll declare a Kubernetes cluster using the Typhoon Terraform module. Then apply the changes to create controller droplets, worker droplets, DNS records, tags, and TLS assets. -Controller hosts are provisioned to run an `etcd-member` peer and a `kubelet` service. Worker hosts run a `kubelet` service. Controller nodes run `kube-apiserver`, `kube-scheduler`, `kube-controller-manager`, and `coredns`, while `kube-proxy` and `calico` (or `flannel`) run on every node. A generated `kubeconfig` provides `kubectl` access to the cluster. +Controller hosts are provisioned to run an `etcd-member` peer and a `kubelet` service. Worker hosts run a `kubelet` service. Controller nodes run `kube-apiserver`, `kube-scheduler`, `kube-controller-manager`, and `coredns`, while `kube-proxy` and (`flannel`, `calico`, or `cilium`) run on every node. A generated `kubeconfig` provides `kubectl` access to the cluster. ## Requirements diff --git a/docs/flatcar-linux/google-cloud.md b/docs/flatcar-linux/google-cloud.md index db84466e..c476b09e 100644 --- a/docs/flatcar-linux/google-cloud.md +++ b/docs/flatcar-linux/google-cloud.md @@ -4,7 +4,7 @@ In this tutorial, we'll create a Kubernetes v1.30.1 cluster on Google Compute En We'll declare a Kubernetes cluster using the Typhoon Terraform module. Then apply the changes to create a network, firewall rules, health checks, controller instances, worker managed instance group, load balancers, and TLS assets. -Controller hosts are provisioned to run an `etcd-member` peer and a `kubelet` service. Worker hosts run a `kubelet` service. Controller nodes run `kube-apiserver`, `kube-scheduler`, `kube-controller-manager`, and `coredns`, while `kube-proxy` and `calico` (or `flannel`) run on every node. A generated `kubeconfig` provides `kubectl` access to the cluster. +Controller hosts are provisioned to run an `etcd-member` peer and a `kubelet` service. Worker hosts run a `kubelet` service. Controller nodes run `kube-apiserver`, `kube-scheduler`, `kube-controller-manager`, and `coredns`, while `kube-proxy` and (`flannel`, `calico`, or `cilium`) run on every node. A generated `kubeconfig` provides `kubectl` access to the cluster. ## Requirements diff --git a/google-cloud/fedora-coreos/kubernetes/bootstrap.tf b/google-cloud/fedora-coreos/kubernetes/bootstrap.tf index 7de0b14a..c3007465 100644 --- a/google-cloud/fedora-coreos/kubernetes/bootstrap.tf +++ b/google-cloud/fedora-coreos/kubernetes/bootstrap.tf @@ -1,11 +1,11 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=452bcf379d94f5d479c1dee281fd479872271415" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=a54fe54d9895f5dd51332b79533143f52792090f" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] etcd_servers = [for fqdn in google_dns_record_set.etcds.*.name : trimsuffix(fqdn, ".")] - networking = var.install_container_networking ? var.networking : "none" + networking = var.networking network_mtu = 1440 pod_cidr = var.pod_cidr service_cidr = var.service_cidr diff --git a/google-cloud/fedora-coreos/kubernetes/variables.tf b/google-cloud/fedora-coreos/kubernetes/variables.tf index 20e8ffa6..8c23aec1 100644 --- a/google-cloud/fedora-coreos/kubernetes/variables.tf +++ b/google-cloud/fedora-coreos/kubernetes/variables.tf @@ -94,12 +94,6 @@ variable "networking" { default = "cilium" } -variable "install_container_networking" { - type = bool - description = "Install the chosen networking provider during cluster bootstrap (use false to self-manage)" - default = true -} - variable "pod_cidr" { type = string description = "CIDR IPv4 range to assign Kubernetes pods" @@ -157,6 +151,9 @@ variable "components" { enable = optional(bool) coredns = optional(map(any)) kube_proxy = optional(map(any)) + flannel = optional(map(any)) + calico = optional(map(any)) + cilium = optional(map(any)) }) default = null } diff --git a/google-cloud/flatcar-linux/kubernetes/bootstrap.tf b/google-cloud/flatcar-linux/kubernetes/bootstrap.tf index 7de0b14a..c3007465 100644 --- a/google-cloud/flatcar-linux/kubernetes/bootstrap.tf +++ b/google-cloud/flatcar-linux/kubernetes/bootstrap.tf @@ -1,11 +1,11 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=452bcf379d94f5d479c1dee281fd479872271415" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=a54fe54d9895f5dd51332b79533143f52792090f" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] etcd_servers = [for fqdn in google_dns_record_set.etcds.*.name : trimsuffix(fqdn, ".")] - networking = var.install_container_networking ? var.networking : "none" + networking = var.networking network_mtu = 1440 pod_cidr = var.pod_cidr service_cidr = var.service_cidr diff --git a/google-cloud/flatcar-linux/kubernetes/variables.tf b/google-cloud/flatcar-linux/kubernetes/variables.tf index 134668ed..fc2796ad 100644 --- a/google-cloud/flatcar-linux/kubernetes/variables.tf +++ b/google-cloud/flatcar-linux/kubernetes/variables.tf @@ -94,12 +94,6 @@ variable "networking" { default = "cilium" } -variable "install_container_networking" { - type = bool - description = "Install the chosen networking provider during cluster bootstrap (use false to self-manage)" - default = true -} - variable "pod_cidr" { type = string description = "CIDR IPv4 range to assign Kubernetes pods" @@ -157,6 +151,9 @@ variable "components" { enable = optional(bool) coredns = optional(map(any)) kube_proxy = optional(map(any)) + flannel = optional(map(any)) + calico = optional(map(any)) + cilium = optional(map(any)) }) default = null } From 533ace7011754208da5952d4dae4f2cea84f084a Mon Sep 17 00:00:00 2001 From: Dalton Hubble Date: Sun, 19 May 2024 16:38:08 -0700 Subject: [PATCH 052/132] Update Cilium from v1.15.4 to v1.15.5 * https://github.com/cilium/cilium/releases/tag/v1.15.5 --- CHANGES.md | 2 +- aws/fedora-coreos/kubernetes/bootstrap.tf | 2 +- aws/flatcar-linux/kubernetes/bootstrap.tf | 2 +- azure/fedora-coreos/kubernetes/bootstrap.tf | 2 +- azure/flatcar-linux/kubernetes/bootstrap.tf | 2 +- bare-metal/fedora-coreos/kubernetes/bootstrap.tf | 2 +- bare-metal/flatcar-linux/kubernetes/bootstrap.tf | 2 +- digital-ocean/fedora-coreos/kubernetes/bootstrap.tf | 2 +- digital-ocean/flatcar-linux/kubernetes/bootstrap.tf | 2 +- google-cloud/fedora-coreos/kubernetes/bootstrap.tf | 2 +- google-cloud/flatcar-linux/kubernetes/bootstrap.tf | 2 +- 11 files changed, 11 insertions(+), 11 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index 9cc715e8..a151c346 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -9,7 +9,7 @@ Notable changes between versions. * Kubernetes [v1.30.1](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.30.md#v1301) * Add firewall rules and security group rules for Cilium and Hubble metrics ([#1449](https://github.com/poseidon/typhoon/pull/1449)) * Introduce `components` variabe to enable/disable/configure pre-installed components ([#1453](https://github.com/poseidon/typhoon/pull/1453)) -* Update Cilium from v1.15.3 to [v1.15.4](https://github.com/cilium/cilium/releases/tag/v1.15.4) +* Update Cilium from v1.15.3 to [v1.15.5](https://github.com/cilium/cilium/releases/tag/v1.15.5) * Update flannel from v0.24.4 to [v0.25.1](https://github.com/flannel-io/flannel/releases/tag/v0.25.1) ### Azure diff --git a/aws/fedora-coreos/kubernetes/bootstrap.tf b/aws/fedora-coreos/kubernetes/bootstrap.tf index 3482068b..c3225b98 100644 --- a/aws/fedora-coreos/kubernetes/bootstrap.tf +++ b/aws/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=a54fe54d9895f5dd51332b79533143f52792090f" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=e1b1e0c75e77e042cf369f463f0e656297a201a8" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/aws/flatcar-linux/kubernetes/bootstrap.tf b/aws/flatcar-linux/kubernetes/bootstrap.tf index 3482068b..c3225b98 100644 --- a/aws/flatcar-linux/kubernetes/bootstrap.tf +++ b/aws/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=a54fe54d9895f5dd51332b79533143f52792090f" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=e1b1e0c75e77e042cf369f463f0e656297a201a8" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/azure/fedora-coreos/kubernetes/bootstrap.tf b/azure/fedora-coreos/kubernetes/bootstrap.tf index 68fe5af6..75920f64 100644 --- a/azure/fedora-coreos/kubernetes/bootstrap.tf +++ b/azure/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=a54fe54d9895f5dd51332b79533143f52792090f" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=e1b1e0c75e77e042cf369f463f0e656297a201a8" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/azure/flatcar-linux/kubernetes/bootstrap.tf b/azure/flatcar-linux/kubernetes/bootstrap.tf index 68fe5af6..75920f64 100644 --- a/azure/flatcar-linux/kubernetes/bootstrap.tf +++ b/azure/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=a54fe54d9895f5dd51332b79533143f52792090f" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=e1b1e0c75e77e042cf369f463f0e656297a201a8" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/bare-metal/fedora-coreos/kubernetes/bootstrap.tf b/bare-metal/fedora-coreos/kubernetes/bootstrap.tf index d7cc1431..7ed62bfe 100644 --- a/bare-metal/fedora-coreos/kubernetes/bootstrap.tf +++ b/bare-metal/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=a54fe54d9895f5dd51332b79533143f52792090f" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=e1b1e0c75e77e042cf369f463f0e656297a201a8" cluster_name = var.cluster_name api_servers = [var.k8s_domain_name] diff --git a/bare-metal/flatcar-linux/kubernetes/bootstrap.tf b/bare-metal/flatcar-linux/kubernetes/bootstrap.tf index d0727169..5c3e9715 100644 --- a/bare-metal/flatcar-linux/kubernetes/bootstrap.tf +++ b/bare-metal/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=a54fe54d9895f5dd51332b79533143f52792090f" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=e1b1e0c75e77e042cf369f463f0e656297a201a8" cluster_name = var.cluster_name api_servers = [var.k8s_domain_name] diff --git a/digital-ocean/fedora-coreos/kubernetes/bootstrap.tf b/digital-ocean/fedora-coreos/kubernetes/bootstrap.tf index 193cff6d..a4e78a1c 100644 --- a/digital-ocean/fedora-coreos/kubernetes/bootstrap.tf +++ b/digital-ocean/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=a54fe54d9895f5dd51332b79533143f52792090f" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=e1b1e0c75e77e042cf369f463f0e656297a201a8" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/digital-ocean/flatcar-linux/kubernetes/bootstrap.tf b/digital-ocean/flatcar-linux/kubernetes/bootstrap.tf index 193cff6d..a4e78a1c 100644 --- a/digital-ocean/flatcar-linux/kubernetes/bootstrap.tf +++ b/digital-ocean/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=a54fe54d9895f5dd51332b79533143f52792090f" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=e1b1e0c75e77e042cf369f463f0e656297a201a8" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/google-cloud/fedora-coreos/kubernetes/bootstrap.tf b/google-cloud/fedora-coreos/kubernetes/bootstrap.tf index c3007465..fe270ff2 100644 --- a/google-cloud/fedora-coreos/kubernetes/bootstrap.tf +++ b/google-cloud/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=a54fe54d9895f5dd51332b79533143f52792090f" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=e1b1e0c75e77e042cf369f463f0e656297a201a8" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/google-cloud/flatcar-linux/kubernetes/bootstrap.tf b/google-cloud/flatcar-linux/kubernetes/bootstrap.tf index c3007465..fe270ff2 100644 --- a/google-cloud/flatcar-linux/kubernetes/bootstrap.tf +++ b/google-cloud/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=a54fe54d9895f5dd51332b79533143f52792090f" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=e1b1e0c75e77e042cf369f463f0e656297a201a8" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] From 7b8a51070f14595f7a086078ddaedc74c5ad1029 Mon Sep 17 00:00:00 2001 From: Dalton Hubble Date: Sun, 19 May 2024 16:53:47 -0700 Subject: [PATCH 053/132] Add Terraform modules for CoreDNS, Cilium, and flannel * With the new component system, these components can be managed independent from the cluster and rolled or edited in advanced ways --- CHANGES.md | 3 +- README.md | 10 +- addons/cilium/cluster-role-binding.tf | 36 +++ addons/cilium/cluster-role.tf | 112 ++++++++ addons/cilium/config.tf | 196 +++++++++++++ addons/cilium/daemonset.tf | 379 +++++++++++++++++++++++++ addons/cilium/deployment.tf | 163 +++++++++++ addons/cilium/service-account.tf | 15 + addons/cilium/variables.tf | 17 ++ addons/cilium/versions.tf | 8 + addons/coredns/cluster-role.tf | 37 +++ addons/coredns/config.tf | 30 ++ addons/coredns/deployment.tf | 151 ++++++++++ addons/coredns/service-account.tf | 24 ++ addons/coredns/service.tf | 31 ++ addons/coredns/variables.tf | 15 + addons/coredns/versions.tf | 9 + addons/flannel/cluster-role-binding.tf | 18 ++ addons/flannel/cluster-role.tf | 24 ++ addons/flannel/config.tf | 44 +++ addons/flannel/daemonset.tf | 167 +++++++++++ addons/flannel/service-account.tf | 7 + addons/flannel/variables.tf | 11 + addons/flannel/versions.tf | 8 + 24 files changed, 1513 insertions(+), 2 deletions(-) create mode 100644 addons/cilium/cluster-role-binding.tf create mode 100644 addons/cilium/cluster-role.tf create mode 100644 addons/cilium/config.tf create mode 100644 addons/cilium/daemonset.tf create mode 100644 addons/cilium/deployment.tf create mode 100644 addons/cilium/service-account.tf create mode 100644 addons/cilium/variables.tf create mode 100644 addons/cilium/versions.tf create mode 100644 addons/coredns/cluster-role.tf create mode 100644 addons/coredns/config.tf create mode 100644 addons/coredns/deployment.tf create mode 100644 addons/coredns/service-account.tf create mode 100644 addons/coredns/service.tf create mode 100644 addons/coredns/variables.tf create mode 100644 addons/coredns/versions.tf create mode 100644 addons/flannel/cluster-role-binding.tf create mode 100644 addons/flannel/cluster-role.tf create mode 100644 addons/flannel/config.tf create mode 100644 addons/flannel/daemonset.tf create mode 100644 addons/flannel/service-account.tf create mode 100644 addons/flannel/variables.tf create mode 100644 addons/flannel/versions.tf diff --git a/CHANGES.md b/CHANGES.md index a151c346..f226ceca 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -8,9 +8,10 @@ Notable changes between versions. * Kubernetes [v1.30.1](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.30.md#v1301) * Add firewall rules and security group rules for Cilium and Hubble metrics ([#1449](https://github.com/poseidon/typhoon/pull/1449)) -* Introduce `components` variabe to enable/disable/configure pre-installed components ([#1453](https://github.com/poseidon/typhoon/pull/1453)) * Update Cilium from v1.15.3 to [v1.15.5](https://github.com/cilium/cilium/releases/tag/v1.15.5) * Update flannel from v0.24.4 to [v0.25.1](https://github.com/flannel-io/flannel/releases/tag/v0.25.1) +* Introduce `components` variabe to enable/disable/configure pre-installed components ([#1453](https://github.com/poseidon/typhoon/pull/1453)) +* Add Terraform modules for `coredns`, `cilium`, and `flannel` components ### Azure diff --git a/README.md b/README.md index 0ecacaf4..f90f5a5c 100644 --- a/README.md +++ b/README.md @@ -26,7 +26,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Modules -Typhoon provides a Terraform Module for each supported operating system and platform. +Typhoon provides a Terraform Module for defining a Kubernetes cluster on each supported operating system and platform. Typhoon is available for [Fedora CoreOS](https://getfedora.org/coreos/). @@ -57,6 +57,14 @@ Typhoon is available for [Flatcar Linux](https://www.flatcar-linux.org/releases/ | AWS | Flatcar Linux (ARM64) | [aws/flatcar-linux/kubernetes](aws/flatcar-linux/kubernetes) | alpha | | Azure | Flatcar Linux (ARM64) | [azure/flatcar-linux/kubernetes](azure/flatcar-linux/kubernetes) | alpha | +Typhoon also provides Terraform Modules for optionally managing individual components applied onto clusters. + +| Name | Terraform Module | Status | +|---------|------------------|--------| +| CoreDNS | [addons/coredns](addons/coredns) | beta | +| Cilium | [addons/cilium](addons/cilium) | beta | +| flannel | [addons/flannel](addons/flannel) | beta | + ## Documentation * [Docs](https://typhoon.psdn.io) diff --git a/addons/cilium/cluster-role-binding.tf b/addons/cilium/cluster-role-binding.tf new file mode 100644 index 00000000..4e52951e --- /dev/null +++ b/addons/cilium/cluster-role-binding.tf @@ -0,0 +1,36 @@ +resource "kubernetes_cluster_role_binding" "operator" { + metadata { + name = "cilium-operator" + } + + role_ref { + api_group = "rbac.authorization.k8s.io" + kind = "ClusterRole" + name = "cilium-operator" + } + + subject { + kind = "ServiceAccount" + name = "cilium-operator" + namespace = "kube-system" + } +} + +resource "kubernetes_cluster_role_binding" "agent" { + metadata { + name = "cilium-agent" + } + + role_ref { + api_group = "rbac.authorization.k8s.io" + kind = "ClusterRole" + name = "cilium-agent" + } + + subject { + kind = "ServiceAccount" + name = "cilium-agent" + namespace = "kube-system" + } +} + diff --git a/addons/cilium/cluster-role.tf b/addons/cilium/cluster-role.tf new file mode 100644 index 00000000..a791ab3b --- /dev/null +++ b/addons/cilium/cluster-role.tf @@ -0,0 +1,112 @@ +resource "kubernetes_cluster_role" "operator" { + metadata { + name = "cilium-operator" + } + + # detect and restart [core|kube]dns pods on startup + rule { + verbs = ["get", "list", "watch", "delete"] + api_groups = [""] + resources = ["pods"] + } + + rule { + verbs = ["list", "watch"] + api_groups = [""] + resources = ["nodes"] + } + + rule { + verbs = ["patch"] + api_groups = [""] + resources = ["nodes", "nodes/status"] + } + + rule { + verbs = ["get", "list", "watch"] + api_groups = ["discovery.k8s.io"] + resources = ["endpointslices"] + } + + rule { + verbs = ["get", "list", "watch"] + api_groups = [""] + resources = ["services"] + } + + # Perform LB IP allocation for BGP + rule { + verbs = ["update"] + api_groups = [""] + resources = ["services/status"] + } + + # Perform the translation of a CNP that contains `ToGroup` to its endpoints + rule { + verbs = ["get", "list", "watch"] + api_groups = [""] + resources = ["services", "endpoints", "namespaces"] + } + + rule { + verbs = ["*"] + api_groups = ["cilium.io"] + resources = ["ciliumnetworkpolicies", "ciliumnetworkpolicies/status", "ciliumnetworkpolicies/finalizers", "ciliumclusterwidenetworkpolicies", "ciliumclusterwidenetworkpolicies/status", "ciliumclusterwidenetworkpolicies/finalizers", "ciliumendpoints", "ciliumendpoints/status", "ciliumendpoints/finalizers", "ciliumnodes", "ciliumnodes/status", "ciliumnodes/finalizers", "ciliumidentities", "ciliumidentities/status", "ciliumidentities/finalizers", "ciliumlocalredirectpolicies", "ciliumlocalredirectpolicies/status", "ciliumlocalredirectpolicies/finalizers", "ciliumendpointslices", "ciliumloadbalancerippools", "ciliumloadbalancerippools/status", "ciliumcidrgroups", "ciliuml2announcementpolicies", "ciliuml2announcementpolicies/status", "ciliumpodippools"] + } + + rule { + verbs = ["create", "get", "list", "update", "watch"] + api_groups = ["apiextensions.k8s.io"] + resources = ["customresourcedefinitions"] + } + + # Cilium leader elects if among multiple operator replicas + rule { + verbs = ["create", "get", "update"] + api_groups = ["coordination.k8s.io"] + resources = ["leases"] + } +} + +resource "kubernetes_cluster_role" "agent" { + metadata { + name = "cilium-agent" + } + + rule { + verbs = ["get", "list", "watch"] + api_groups = ["networking.k8s.io"] + resources = ["networkpolicies"] + } + + rule { + verbs = ["get", "list", "watch"] + api_groups = ["discovery.k8s.io"] + resources = ["endpointslices"] + } + + rule { + verbs = ["get", "list", "watch"] + api_groups = [""] + resources = ["namespaces", "services", "pods", "endpoints", "nodes"] + } + + rule { + verbs = ["patch"] + api_groups = [""] + resources = ["nodes/status"] + } + + rule { + verbs = ["create", "get", "list", "watch", "update"] + api_groups = ["apiextensions.k8s.io"] + resources = ["customresourcedefinitions"] + } + + rule { + verbs = ["*"] + api_groups = ["cilium.io"] + resources = ["ciliumnetworkpolicies", "ciliumnetworkpolicies/status", "ciliumclusterwidenetworkpolicies", "ciliumclusterwidenetworkpolicies/status", "ciliumendpoints", "ciliumendpoints/status", "ciliumnodes", "ciliumnodes/status", "ciliumidentities", "ciliumidentities/status", "ciliumlocalredirectpolicies", "ciliumlocalredirectpolicies/status", "ciliumegressnatpolicies", "ciliumendpointslices", "ciliumcidrgroups", "ciliuml2announcementpolicies", "ciliuml2announcementpolicies/status", "ciliumpodippools"] + } +} + diff --git a/addons/cilium/config.tf b/addons/cilium/config.tf new file mode 100644 index 00000000..799428af --- /dev/null +++ b/addons/cilium/config.tf @@ -0,0 +1,196 @@ +resource "kubernetes_config_map" "cilium" { + metadata { + name = "cilium" + namespace = "kube-system" + } + data = { + # Identity allocation mode selects how identities are shared between cilium + # nodes by setting how they are stored. The options are "crd" or "kvstore". + # - "crd" stores identities in kubernetes as CRDs (custom resource definition). + # These can be queried with: + # kubectl get ciliumid + # - "kvstore" stores identities in a kvstore, etcd or consul, that is + # configured below. Cilium versions before 1.6 supported only the kvstore + # backend. Upgrades from these older cilium versions should continue using + # the kvstore by commenting out the identity-allocation-mode below, or + # setting it to "kvstore". + identity-allocation-mode = "crd" + cilium-endpoint-gc-interval = "5m0s" + nodes-gc-interval = "5m0s" + + # If you want to run cilium in debug mode change this value to true + debug = "false" + # The agent can be put into the following three policy enforcement modes + # default, always and never. + # https://docs.cilium.io/en/latest/policy/intro/#policy-enforcement-modes + enable-policy = "default" + + # Prometheus + enable-metrics = "true" + prometheus-serve-addr = ":9962" + operator-prometheus-serve-addr = ":9963" + proxy-prometheus-port = "9964" # envoy + + # Enable IPv4 addressing. If enabled, all endpoints are allocated an IPv4 + # address. + enable-ipv4 = "true" + + # Enable IPv6 addressing. If enabled, all endpoints are allocated an IPv6 + # address. + enable-ipv6 = "false" + + # Enable probing for a more efficient clock source for the BPF datapath + enable-bpf-clock-probe = "true" + + # Enable use of transparent proxying mechanisms (Linux 5.7+) + enable-bpf-tproxy = "false" + + # If you want cilium monitor to aggregate tracing for packets, set this level + # to "low", "medium", or "maximum". The higher the level, the less packets + # that will be seen in monitor output. + monitor-aggregation = "medium" + + # The monitor aggregation interval governs the typical time between monitor + # notification events for each allowed connection. + # + # Only effective when monitor aggregation is set to "medium" or higher. + monitor-aggregation-interval = "5s" + + # The monitor aggregation flags determine which TCP flags which, upon the + # first observation, cause monitor notifications to be generated. + # + # Only effective when monitor aggregation is set to "medium" or higher. + monitor-aggregation-flags = "all" + + # Specifies the ratio (0.0-1.0) of total system memory to use for dynamic + # sizing of the TCP CT, non-TCP CT, NAT and policy BPF maps. + bpf-map-dynamic-size-ratio = "0.0025" + # bpf-policy-map-max specified the maximum number of entries in endpoint + # policy map (per endpoint) + bpf-policy-map-max = "16384" + # bpf-lb-map-max specifies the maximum number of entries in bpf lb service, + # backend and affinity maps. + bpf-lb-map-max = "65536" + + # Pre-allocation of map entries allows per-packet latency to be reduced, at + # the expense of up-front memory allocation for the entries in the maps. The + # default value below will minimize memory usage in the default installation; + # users who are sensitive to latency may consider setting this to "true". + # + # This option was introduced in Cilium 1.4. Cilium 1.3 and earlier ignore + # this option and behave as though it is set to "true". + # + # If this value is modified, then during the next Cilium startup the restore + # of existing endpoints and tracking of ongoing connections may be disrupted. + # As a result, reply packets may be dropped and the load-balancing decisions + # for established connections may change. + # + # If this option is set to "false" during an upgrade from 1.3 or earlier to + # 1.4 or later, then it may cause one-time disruptions during the upgrade. + preallocate-bpf-maps = "false" + + # Name of the cluster. Only relevant when building a mesh of clusters. + cluster-name = "default" + # Unique ID of the cluster. Must be unique across all conneted clusters and + # in the range of 1 and 255. Only relevant when building a mesh of clusters. + cluster-id = "0" + + # Encapsulation mode for communication between nodes + # Possible values: + # - disabled + # - vxlan (default) + # - geneve + routing-mode = "tunnel" + tunnel = "vxlan" + # Enables L7 proxy for L7 policy enforcement and visibility + enable-l7-proxy = "true" + + auto-direct-node-routes = "false" + + # enableXTSocketFallback enables the fallback compatibility solution + # when the xt_socket kernel module is missing and it is needed for + # the datapath L7 redirection to work properly. See documentation + # for details on when this can be disabled: + # http://docs.cilium.io/en/latest/install/system_requirements/#admin-kernel-version. + enable-xt-socket-fallback = "true" + + # installIptablesRules enables installation of iptables rules to allow for + # TPROXY (L7 proxy injection), itpables based masquerading and compatibility + # with kube-proxy. See documentation for details on when this can be + # disabled. + install-iptables-rules = "true" + + # masquerade traffic leaving the node destined for outside + enable-ipv4-masquerade = "true" + enable-ipv6-masquerade = "false" + + # bpfMasquerade enables masquerading with BPF instead of iptables + enable-bpf-masquerade = "true" + + # kube-proxy + kube-proxy-replacement = "false" + kube-proxy-replacement-healthz-bind-address = "" + enable-session-affinity = "true" + + # ClusterIPs from host namespace + bpf-lb-sock = "true" + # ClusterIPs from external nodes + bpf-lb-external-clusterip = "true" + + # NodePort + enable-node-port = "true" + enable-health-check-nodeport = "false" + + # ExternalIPs + enable-external-ips = "true" + + # HostPort + enable-host-port = "true" + + # IPAM + ipam = "cluster-pool" + disable-cnp-status-updates = "true" + cluster-pool-ipv4-cidr = "${var.pod_cidr}" + cluster-pool-ipv4-mask-size = "24" + + # Health + agent-health-port = "9876" + enable-health-checking = "true" + enable-endpoint-health-checking = "true" + + # Identity + enable-well-known-identities = "false" + enable-remote-node-identity = "true" + + # Hubble server + enable-hubble = var.enable_hubble + hubble-disable-tls = "false" + hubble-listen-address = ":4244" + hubble-socket-path = "/var/run/cilium/hubble.sock" + hubble-tls-client-ca-files = "/var/lib/cilium/tls/hubble/client-ca.crt" + hubble-tls-cert-file = "/var/lib/cilium/tls/hubble/server.crt" + hubble-tls-key-file = "/var/lib/cilium/tls/hubble/server.key" + hubble-export-file-max-backups = "5" + hubble-export-file-max-size-mb = "10" + + # Hubble metrics + hubble-metrics-server = ":9965" + hubble-metrics = "dns drop tcp flow port-distribution icmp httpV2" + enable-hubble-open-metrics = "false" + + + # Misc + enable-bandwidth-manager = "false" + enable-local-redirect-policy = "false" + policy-audit-mode = "false" + operator-api-serve-addr = "127.0.0.1:9234" + enable-l2-neigh-discovery = "true" + enable-k8s-terminating-endpoint = "true" + enable-k8s-networkpolicy = "true" + external-envoy-proxy = "false" + write-cni-conf-when-ready = "/host/etc/cni/net.d/05-cilium.conflist" + cni-exclusive = "true" + cni-log-file = "/var/run/cilium/cilium-cni.log" + } +} + diff --git a/addons/cilium/daemonset.tf b/addons/cilium/daemonset.tf new file mode 100644 index 00000000..5c175246 --- /dev/null +++ b/addons/cilium/daemonset.tf @@ -0,0 +1,379 @@ +resource "kubernetes_daemonset" "cilium" { + wait_for_rollout = false + + metadata { + name = "cilium" + namespace = "kube-system" + labels = { + k8s-app = "cilium" + } + } + spec { + strategy { + type = "RollingUpdate" + rolling_update { + max_unavailable = "1" + } + } + selector { + match_labels = { + k8s-app = "cilium-agent" + } + } + template { + metadata { + labels = { + k8s-app = "cilium-agent" + } + annotations = { + "prometheus.io/port" = "9962" + "prometheus.io/scrape" = "true" + } + } + spec { + host_network = true + priority_class_name = "system-node-critical" + service_account_name = "cilium-agent" + security_context { + seccomp_profile { + type = "RuntimeDefault" + } + } + toleration { + key = "node-role.kubernetes.io/controller" + operator = "Exists" + } + toleration { + key = "node.kubernetes.io/not-ready" + operator = "Exists" + } + dynamic "toleration" { + for_each = var.daemonset_tolerations + content { + key = toleration.value + operator = "Exists" + } + } + automount_service_account_token = true + enable_service_links = false + + # Cilium v1.13.1 starts installing CNI plugins in yet another init container + # https://github.com/cilium/cilium/pull/24075 + init_container { + name = "install-cni" + image = "quay.io/cilium/cilium:v1.15.5" + command = ["/install-plugin.sh"] + security_context { + allow_privilege_escalation = true + privileged = true + capabilities { + drop = ["ALL"] + } + } + volume_mount { + name = "cni-bin-dir" + mount_path = "/host/opt/cni/bin" + } + } + + # Required to mount cgroup2 filesystem on the underlying Kubernetes node. + # We use nsenter command with host's cgroup and mount namespaces enabled. + init_container { + name = "mount-cgroup" + image = "quay.io/cilium/cilium:v1.15.5" + command = [ + "sh", + "-ec", + # The statically linked Go program binary is invoked to avoid any + # dependency on utilities like sh and mount that can be missing on certain + # distros installed on the underlying host. Copy the binary to the + # same directory where we install cilium cni plugin so that exec permissions + # are available. + "cp /usr/bin/cilium-mount /hostbin/cilium-mount && nsenter --cgroup=/hostproc/1/ns/cgroup --mount=/hostproc/1/ns/mnt \"$${BIN_PATH}/cilium-mount\" $CGROUP_ROOT; rm /hostbin/cilium-mount" + ] + env { + name = "CGROUP_ROOT" + value = "/run/cilium/cgroupv2" + } + env { + name = "BIN_PATH" + value = "/opt/cni/bin" + } + security_context { + allow_privilege_escalation = true + privileged = true + } + volume_mount { + name = "hostproc" + mount_path = "/hostproc" + } + volume_mount { + name = "cni-bin-dir" + mount_path = "/hostbin" + } + } + + init_container { + name = "clean-cilium-state" + image = "quay.io/cilium/cilium:v1.15.5" + command = ["/init-container.sh"] + security_context { + allow_privilege_escalation = true + privileged = true + } + volume_mount { + name = "sys-fs-bpf" + mount_path = "/sys/fs/bpf" + } + volume_mount { + name = "var-run-cilium" + mount_path = "/var/run/cilium" + } + # Required to mount cgroup filesystem from the host to cilium agent pod + volume_mount { + name = "cilium-cgroup" + mount_path = "/run/cilium/cgroupv2" + mount_propagation = "HostToContainer" + } + } + + container { + name = "cilium-agent" + image = "quay.io/cilium/cilium:v1.15.5" + command = ["cilium-agent"] + args = [ + "--config-dir=/tmp/cilium/config-map" + ] + env { + name = "K8S_NODE_NAME" + value_from { + field_ref { + api_version = "v1" + field_path = "spec.nodeName" + } + } + } + env { + name = "CILIUM_K8S_NAMESPACE" + value_from { + field_ref { + api_version = "v1" + field_path = "metadata.namespace" + } + } + } + env { + name = "KUBERNETES_SERVICE_HOST" + value_from { + config_map_key_ref { + name = "in-cluster" + key = "apiserver-host" + } + } + } + env { + name = "KUBERNETES_SERVICE_PORT" + value_from { + config_map_key_ref { + name = "in-cluster" + key = "apiserver-port" + } + } + } + port { + name = "peer-service" + protocol = "TCP" + container_port = 4244 + } + # Metrics + port { + name = "metrics" + protocol = "TCP" + container_port = 9962 + } + port { + name = "envoy-metrics" + protocol = "TCP" + container_port = 9964 + } + port { + name = "hubble-metrics" + protocol = "TCP" + container_port = 9965 + } + # Not yet used, prefer exec's + port { + name = "health" + protocol = "TCP" + container_port = 9876 + } + lifecycle { + pre_stop { + exec { + command = ["/cni-uninstall.sh"] + } + } + } + security_context { + allow_privilege_escalation = true + privileged = true + } + liveness_probe { + exec { + command = ["cilium", "status", "--brief"] + } + initial_delay_seconds = 120 + timeout_seconds = 5 + period_seconds = 30 + success_threshold = 1 + failure_threshold = 10 + } + readiness_probe { + exec { + command = ["cilium", "status", "--brief"] + } + initial_delay_seconds = 5 + timeout_seconds = 5 + period_seconds = 20 + success_threshold = 1 + failure_threshold = 3 + } + # Load kernel modules + volume_mount { + name = "lib-modules" + read_only = true + mount_path = "/lib/modules" + } + # Access iptables concurrently + volume_mount { + name = "xtables-lock" + mount_path = "/run/xtables.lock" + } + # Keep state between restarts + volume_mount { + name = "var-run-cilium" + mount_path = "/var/run/cilium" + } + volume_mount { + name = "sys-fs-bpf" + mount_path = "/sys/fs/bpf" + mount_propagation = "Bidirectional" + } + # Configuration + volume_mount { + name = "config" + read_only = true + mount_path = "/tmp/cilium/config-map" + } + # Install config on host + volume_mount { + name = "cni-conf-dir" + mount_path = "/host/etc/cni/net.d" + } + # Hubble + volume_mount { + name = "hubble-tls" + mount_path = "/var/lib/cilium/tls/hubble" + read_only = true + } + } + termination_grace_period_seconds = 1 + + # Load kernel modules + volume { + name = "lib-modules" + host_path { + path = "/lib/modules" + } + } + # Access iptables concurrently with other processes (e.g. kube-proxy) + volume { + name = "xtables-lock" + host_path { + path = "/run/xtables.lock" + type = "FileOrCreate" + } + } + # Keep state between restarts + volume { + name = "var-run-cilium" + host_path { + path = "/var/run/cilium" + type = "DirectoryOrCreate" + } + } + # Keep state for bpf maps between restarts + volume { + name = "sys-fs-bpf" + host_path { + path = "/sys/fs/bpf" + type = "DirectoryOrCreate" + } + } + # Mount host cgroup2 filesystem + volume { + name = "hostproc" + host_path { + path = "/proc" + type = "Directory" + } + } + volume { + name = "cilium-cgroup" + host_path { + path = "/run/cilium/cgroupv2" + type = "DirectoryOrCreate" + } + } + # Read configuration + volume { + name = "config" + config_map { + name = "cilium" + } + } + # Install CNI plugin and config on host + volume { + name = "cni-bin-dir" + host_path { + path = "/opt/cni/bin" + type = "DirectoryOrCreate" + } + } + volume { + name = "cni-conf-dir" + host_path { + path = "/etc/cni/net.d" + type = "DirectoryOrCreate" + } + } + # Hubble TLS (optional) + volume { + name = "hubble-tls" + projected { + default_mode = "0400" + sources { + secret { + name = "hubble-server-certs" + optional = true + items { + key = "ca.crt" + path = "client-ca.crt" + } + items { + key = "tls.crt" + path = "server.crt" + } + items { + key = "tls.key" + path = "server.key" + } + } + } + } + } + } + } + } +} + diff --git a/addons/cilium/deployment.tf b/addons/cilium/deployment.tf new file mode 100644 index 00000000..886333d5 --- /dev/null +++ b/addons/cilium/deployment.tf @@ -0,0 +1,163 @@ +resource "kubernetes_deployment" "operator" { + wait_for_rollout = false + metadata { + name = "cilium-operator" + namespace = "kube-system" + } + spec { + replicas = 1 + strategy { + type = "RollingUpdate" + rolling_update { + max_unavailable = "1" + } + } + selector { + match_labels = { + name = "cilium-operator" + } + } + template { + metadata { + labels = { + name = "cilium-operator" + } + annotations = { + "prometheus.io/scrape" = "true" + "prometheus.io/port" = "9963" + } + } + spec { + host_network = true + priority_class_name = "system-cluster-critical" + service_account_name = "cilium-operator" + security_context { + seccomp_profile { + type = "RuntimeDefault" + } + } + toleration { + key = "node-role.kubernetes.io/controller" + operator = "Exists" + } + toleration { + key = "node.kubernetes.io/not-ready" + operator = "Exists" + } + topology_spread_constraint { + max_skew = 1 + topology_key = "kubernetes.io/hostname" + when_unsatisfiable = "DoNotSchedule" + label_selector { + match_labels = { + name = "cilium-operator" + } + } + } + automount_service_account_token = true + enable_service_links = false + container { + name = "cilium-operator" + image = "quay.io/cilium/operator-generic:v1.15.5" + command = ["cilium-operator-generic"] + args = [ + "--config-dir=/tmp/cilium/config-map", + "--debug=$(CILIUM_DEBUG)" + ] + env { + name = "K8S_NODE_NAME" + value_from { + field_ref { + api_version = "v1" + field_path = "spec.nodeName" + } + } + } + env { + name = "CILIUM_K8S_NAMESPACE" + value_from { + field_ref { + api_version = "v1" + field_path = "metadata.namespace" + } + } + } + env { + name = "KUBERNETES_SERVICE_HOST" + value_from { + config_map_key_ref { + name = "in-cluster" + key = "apiserver-host" + } + } + } + env { + name = "KUBERNETES_SERVICE_PORT" + value_from { + config_map_key_ref { + name = "in-cluster" + key = "apiserver-port" + } + } + } + env { + name = "CILIUM_DEBUG" + value_from { + config_map_key_ref { + name = "cilium" + key = "debug" + optional = true + } + } + } + port { + name = "metrics" + protocol = "TCP" + host_port = 9963 + container_port = 9963 + } + port { + name = "health" + container_port = 9234 + protocol = "TCP" + } + liveness_probe { + http_get { + scheme = "HTTP" + host = "127.0.0.1" + port = "9234" + path = "/healthz" + } + initial_delay_seconds = 60 + timeout_seconds = 3 + period_seconds = 10 + } + readiness_probe { + http_get { + scheme = "HTTP" + host = "127.0.0.1" + port = "9234" + path = "/healthz" + } + timeout_seconds = 3 + period_seconds = 15 + failure_threshold = 5 + } + volume_mount { + name = "config" + read_only = true + mount_path = "/tmp/cilium/config-map" + } + } + + volume { + name = "config" + config_map { + name = "cilium" + } + } + } + } + } +} + diff --git a/addons/cilium/service-account.tf b/addons/cilium/service-account.tf new file mode 100644 index 00000000..5729dcd8 --- /dev/null +++ b/addons/cilium/service-account.tf @@ -0,0 +1,15 @@ +resource "kubernetes_service_account" "operator" { + metadata { + name = "cilium-operator" + namespace = "kube-system" + } + automount_service_account_token = false +} + +resource "kubernetes_service_account" "agent" { + metadata { + name = "cilium-agent" + namespace = "kube-system" + } + automount_service_account_token = false +} diff --git a/addons/cilium/variables.tf b/addons/cilium/variables.tf new file mode 100644 index 00000000..6d269fd2 --- /dev/null +++ b/addons/cilium/variables.tf @@ -0,0 +1,17 @@ +variable "pod_cidr" { + type = string + description = "CIDR IP range to assign Kubernetes pods" + default = "10.2.0.0/16" +} + +variable "daemonset_tolerations" { + type = list(string) + description = "List of additional taint keys kube-system DaemonSets should tolerate (e.g. ['custom-role', 'gpu-role'])" + default = [] +} + +variable "enable_hubble" { + type = bool + description = "Run the embedded Hubble Server and mount hubble-server-certs Secret" + default = true +} diff --git a/addons/cilium/versions.tf b/addons/cilium/versions.tf new file mode 100644 index 00000000..ad7f7415 --- /dev/null +++ b/addons/cilium/versions.tf @@ -0,0 +1,8 @@ +terraform { + required_providers { + kubernetes = { + source = "hashicorp/kubernetes" + version = "~> 2.8" + } + } +} diff --git a/addons/coredns/cluster-role.tf b/addons/coredns/cluster-role.tf new file mode 100644 index 00000000..3cc095e8 --- /dev/null +++ b/addons/coredns/cluster-role.tf @@ -0,0 +1,37 @@ +resource "kubernetes_cluster_role" "coredns" { + metadata { + name = "system:coredns" + } + rule { + api_groups = [""] + resources = [ + "endpoints", + "services", + "pods", + "namespaces", + ] + verbs = [ + "list", + "watch", + ] + } + rule { + api_groups = [""] + resources = [ + "nodes", + ] + verbs = [ + "get", + ] + } + rule { + api_groups = ["discovery.k8s.io"] + resources = [ + "endpointslices", + ] + verbs = [ + "list", + "watch", + ] + } +} diff --git a/addons/coredns/config.tf b/addons/coredns/config.tf new file mode 100644 index 00000000..e1a614cb --- /dev/null +++ b/addons/coredns/config.tf @@ -0,0 +1,30 @@ +resource "kubernetes_config_map" "coredns" { + metadata { + name = "coredns" + namespace = "kube-system" + } + data = { + "Corefile" = <<-EOF + .:53 { + errors + health { + lameduck 5s + } + ready + log . { + class error + } + kubernetes ${var.cluster_domain_suffix} in-addr.arpa ip6.arpa { + pods insecure + fallthrough in-addr.arpa ip6.arpa + } + prometheus :9153 + forward . /etc/resolv.conf + cache 30 + loop + reload + loadbalance + } + EOF + } +} diff --git a/addons/coredns/deployment.tf b/addons/coredns/deployment.tf new file mode 100644 index 00000000..f52bc6c7 --- /dev/null +++ b/addons/coredns/deployment.tf @@ -0,0 +1,151 @@ +resource "kubernetes_deployment" "coredns" { + wait_for_rollout = false + metadata { + name = "coredns" + namespace = "kube-system" + labels = { + k8s-app = "coredns" + "kubernetes.io/name" = "CoreDNS" + } + } + spec { + replicas = var.replicas + strategy { + type = "RollingUpdate" + rolling_update { + max_unavailable = "1" + } + } + selector { + match_labels = { + k8s-app = "coredns" + tier = "control-plane" + } + } + template { + metadata { + labels = { + k8s-app = "coredns" + tier = "control-plane" + } + } + spec { + affinity { + node_affinity { + preferred_during_scheduling_ignored_during_execution { + weight = 100 + preference { + match_expressions { + key = "node.kubernetes.io/controller" + operator = "Exists" + } + } + } + } + pod_anti_affinity { + preferred_during_scheduling_ignored_during_execution { + weight = 100 + pod_affinity_term { + label_selector { + match_expressions { + key = "tier" + operator = "In" + values = ["control-plane"] + } + match_expressions { + key = "k8s-app" + operator = "In" + values = ["coredns"] + } + } + topology_key = "kubernetes.io/hostname" + } + } + } + } + dns_policy = "Default" + priority_class_name = "system-cluster-critical" + security_context { + seccomp_profile { + type = "RuntimeDefault" + } + } + service_account_name = "coredns" + toleration { + key = "node-role.kubernetes.io/controller" + effect = "NoSchedule" + } + container { + name = "coredns" + image = "registry.k8s.io/coredns/coredns:v1.11.1" + args = ["-conf", "/etc/coredns/Corefile"] + port { + name = "dns" + container_port = 53 + protocol = "UDP" + } + port { + name = "dns-tcp" + container_port = 53 + protocol = "TCP" + } + port { + name = "metrics" + container_port = 9153 + protocol = "TCP" + } + resources { + requests = { + cpu = "100m" + memory = "70Mi" + } + limits = { + memory = "170Mi" + } + } + security_context { + capabilities { + add = ["NET_BIND_SERVICE"] + drop = ["all"] + } + read_only_root_filesystem = true + } + liveness_probe { + http_get { + path = "/health" + port = "8080" + scheme = "HTTP" + } + initial_delay_seconds = 60 + timeout_seconds = 5 + success_threshold = 1 + failure_threshold = 5 + } + readiness_probe { + http_get { + path = "/ready" + port = "8181" + scheme = "HTTP" + } + } + volume_mount { + name = "config" + mount_path = "/etc/coredns" + read_only = true + } + } + volume { + name = "config" + config_map { + name = "coredns" + items { + key = "Corefile" + path = "Corefile" + } + } + } + } + } + } +} + diff --git a/addons/coredns/service-account.tf b/addons/coredns/service-account.tf new file mode 100644 index 00000000..61a124e1 --- /dev/null +++ b/addons/coredns/service-account.tf @@ -0,0 +1,24 @@ +resource "kubernetes_service_account" "coredns" { + metadata { + name = "coredns" + namespace = "kube-system" + } + automount_service_account_token = false +} + + +resource "kubernetes_cluster_role_binding" "coredns" { + metadata { + name = "system:coredns" + } + role_ref { + api_group = "rbac.authorization.k8s.io" + kind = "ClusterRole" + name = "system:coredns" + } + subject { + kind = "ServiceAccount" + name = "coredns" + namespace = "kube-system" + } +} diff --git a/addons/coredns/service.tf b/addons/coredns/service.tf new file mode 100644 index 00000000..9bcf59d5 --- /dev/null +++ b/addons/coredns/service.tf @@ -0,0 +1,31 @@ +resource "kubernetes_service" "coredns" { + metadata { + name = "coredns" + namespace = "kube-system" + labels = { + "k8s-app" = "coredns" + "kubernetes.io/name" = "CoreDNS" + } + annotations = { + "prometheus.io/scrape" = "true" + "prometheus.io/port" = "9153" + } + } + spec { + type = "ClusterIP" + cluster_ip = var.cluster_dns_service_ip + selector = { + k8s-app = "coredns" + } + port { + name = "dns" + protocol = "UDP" + port = 53 + } + port { + name = "dns-tcp" + protocol = "TCP" + port = 53 + } + } +} diff --git a/addons/coredns/variables.tf b/addons/coredns/variables.tf new file mode 100644 index 00000000..1bd8c4da --- /dev/null +++ b/addons/coredns/variables.tf @@ -0,0 +1,15 @@ +variable "replicas" { + type = number + description = "CoreDNS replica count" + default = 2 +} + +variable "cluster_dns_service_ip" { + description = "Must be set to `cluster_dns_service_ip` output by cluster" + default = "10.3.0.10" +} + +variable "cluster_domain_suffix" { + description = "Must be set to `cluster_domain_suffix` output by cluster" + default = "cluster.local" +} diff --git a/addons/coredns/versions.tf b/addons/coredns/versions.tf new file mode 100644 index 00000000..5d8ee2d7 --- /dev/null +++ b/addons/coredns/versions.tf @@ -0,0 +1,9 @@ +terraform { + required_providers { + kubernetes = { + source = "hashicorp/kubernetes" + version = "~> 2.8" + } + } +} + diff --git a/addons/flannel/cluster-role-binding.tf b/addons/flannel/cluster-role-binding.tf new file mode 100644 index 00000000..3a7aa9e7 --- /dev/null +++ b/addons/flannel/cluster-role-binding.tf @@ -0,0 +1,18 @@ +resource "kubernetes_cluster_role_binding" "flannel" { + metadata { + name = "flannel" + } + + role_ref { + api_group = "rbac.authorization.k8s.io" + kind = "ClusterRole" + name = "flannel" + } + + subject { + kind = "ServiceAccount" + name = "flannel" + namespace = "kube-system" + } +} + diff --git a/addons/flannel/cluster-role.tf b/addons/flannel/cluster-role.tf new file mode 100644 index 00000000..9c2d461d --- /dev/null +++ b/addons/flannel/cluster-role.tf @@ -0,0 +1,24 @@ +resource "kubernetes_cluster_role" "flannel" { + metadata { + name = "flannel" + } + + rule { + api_groups = [""] + resources = ["pods"] + verbs = ["get"] + } + + rule { + api_groups = [""] + resources = ["nodes"] + verbs = ["list", "watch"] + } + + rule { + api_groups = [""] + resources = ["nodes/status"] + verbs = ["patch"] + } +} + diff --git a/addons/flannel/config.tf b/addons/flannel/config.tf new file mode 100644 index 00000000..4a0f8cc9 --- /dev/null +++ b/addons/flannel/config.tf @@ -0,0 +1,44 @@ +resource "kubernetes_config_map" "config" { + metadata { + name = "flannel-config" + namespace = "kube-system" + labels = { + k8s-app = "flannel" + tier = "node" + } + } + + data = { + "cni-conf.json" = <<-EOF + { + "name": "cbr0", + "cniVersion": "0.3.1", + "plugins": [ + { + "type": "flannel", + "delegate": { + "hairpinMode": true, + "isDefaultGateway": true + } + }, + { + "type": "portmap", + "capabilities": { + "portMappings": true + } + } + ] + } + EOF + "net-conf.json" = <<-EOF + { + "Network": "${var.pod_cidr}", + "Backend": { + "Type": "vxlan", + "Port": 4789 + } + } + EOF + } +} + diff --git a/addons/flannel/daemonset.tf b/addons/flannel/daemonset.tf new file mode 100644 index 00000000..f184072f --- /dev/null +++ b/addons/flannel/daemonset.tf @@ -0,0 +1,167 @@ +resource "kubernetes_daemonset" "flannel" { + metadata { + name = "flannel" + namespace = "kube-system" + labels = { + k8s-app = "flannel" + } + } + spec { + strategy { + type = "RollingUpdate" + rolling_update { + max_unavailable = "1" + } + } + selector { + match_labels = { + k8s-app = "flannel" + } + } + template { + metadata { + labels = { + k8s-app = "flannel" + } + } + spec { + host_network = true + priority_class_name = "system-node-critical" + service_account_name = "flannel" + security_context { + seccomp_profile { + type = "RuntimeDefault" + } + } + toleration { + key = "node-role.kubernetes.io/controller" + operator = "Exists" + } + toleration { + key = "node.kubernetes.io/not-ready" + operator = "Exists" + } + dynamic "toleration" { + for_each = var.daemonset_tolerations + content { + key = toleration.value + operator = "Exists" + } + } + init_container { + name = "install-cni" + image = "quay.io/poseidon/flannel-cni:v0.4.2" + command = ["/install-cni.sh"] + env { + name = "CNI_NETWORK_CONFIG" + value_from { + config_map_key_ref { + name = "flannel-config" + key = "cni-conf.json" + } + } + } + volume_mount { + name = "cni-bin-dir" + mount_path = "/host/opt/cni/bin/" + } + volume_mount { + name = "cni-conf-dir" + mount_path = "/host/etc/cni/net.d" + } + } + + container { + name = "flannel" + image = "docker.io/flannel/flannel:v0.25.1" + command = [ + "/opt/bin/flanneld", + "--ip-masq", + "--kube-subnet-mgr", + "--iface=$(POD_IP)" + ] + env { + name = "POD_NAME" + value_from { + field_ref { + field_path = "metadata.name" + } + } + } + env { + name = "POD_NAMESPACE" + value_from { + field_ref { + field_path = "metadata.namespace" + } + } + } + env { + name = "POD_IP" + value_from { + field_ref { + field_path = "status.podIP" + } + } + } + security_context { + privileged = true + } + resources { + requests = { + cpu = "100m" + } + } + volume_mount { + name = "flannel-config" + mount_path = "/etc/kube-flannel/" + } + volume_mount { + name = "run-flannel" + mount_path = "/run/flannel" + } + volume_mount { + name = "xtables-lock" + mount_path = "/run/xtables.lock" + } + } + + volume { + name = "flannel-config" + config_map { + name = "flannel-config" + } + } + volume { + name = "run-flannel" + host_path { + path = "/run/flannel" + } + } + # Used by install-cni + volume { + name = "cni-bin-dir" + host_path { + path = "/opt/cni/bin" + } + } + volume { + name = "cni-conf-dir" + host_path { + path = "/etc/cni/net.d" + type = "DirectoryOrCreate" + } + } + # Acces iptables concurrently + volume { + name = "xtables-lock" + host_path { + path = "/run/xtables.lock" + type = "FileOrCreate" + } + } + } + } + } +} + diff --git a/addons/flannel/service-account.tf b/addons/flannel/service-account.tf new file mode 100644 index 00000000..b3b81c13 --- /dev/null +++ b/addons/flannel/service-account.tf @@ -0,0 +1,7 @@ +resource "kubernetes_service_account" "flannel" { + metadata { + name = "flannel" + namespace = "kube-system" + } +} + diff --git a/addons/flannel/variables.tf b/addons/flannel/variables.tf new file mode 100644 index 00000000..7a6ad2fc --- /dev/null +++ b/addons/flannel/variables.tf @@ -0,0 +1,11 @@ +variable "pod_cidr" { + type = string + description = "CIDR IP range to assign Kubernetes pods" + default = "10.2.0.0/16" +} + +variable "daemonset_tolerations" { + type = list(string) + description = "List of additional taint keys kube-system DaemonSets should tolerate (e.g. ['custom-role', 'gpu-role'])" + default = [] +} diff --git a/addons/flannel/versions.tf b/addons/flannel/versions.tf new file mode 100644 index 00000000..ad7f7415 --- /dev/null +++ b/addons/flannel/versions.tf @@ -0,0 +1,8 @@ +terraform { + required_providers { + kubernetes = { + source = "hashicorp/kubernetes" + version = "~> 2.8" + } + } +} From c48b04ea880fe2379f8446a65c1d2341e622e71f Mon Sep 17 00:00:00 2001 From: Dalton Hubble Date: Sun, 19 May 2024 17:10:47 -0700 Subject: [PATCH 054/132] Update docs to mention components --- docs/index.md | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/docs/index.md b/docs/index.md index 84f309f4..5ababe58 100644 --- a/docs/index.md +++ b/docs/index.md @@ -19,7 +19,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Modules -Typhoon provides a Terraform Module for each supported operating system and platform. +Typhoon provides a Terraform Module for defining a Kubernetes cluster on each supported operating system and platform. Typhoon is available for [Fedora CoreOS](https://getfedora.org/coreos/). @@ -50,6 +50,14 @@ Typhoon is available for [Flatcar Linux](https://www.flatcar-linux.org/releases/ | AWS | Flatcar Linux (ARM64) | [aws/flatcar-linux/kubernetes](advanced/arm64.md) | alpha | | Azure | Flatcar Linux (ARM64) | [azure/flatcar-linux/kubernetes](advanced/arm64.md) | alpha | +Typhoon also provides Terraform Modules for optionally managing individual components applied onto clusters. + +| Name | Terraform Module | Status | +|---------|------------------|--------| +| CoreDNS | [addons/coredns](addons/coredns) | beta | +| Cilium | [addons/cilium](addons/cilium) | beta | +| flannel | [addons/flannel](addons/flannel) | beta | + ## Documentation * Architecture [concepts](architecture/concepts.md) and [operating-systems](architecture/operating-systems.md) From fa8f3d81b4189d8a246a0e76ce244bd81bf6959d Mon Sep 17 00:00:00 2001 From: "dghubble-renovate[bot]" <119624128+dghubble-renovate[bot]@users.noreply.github.com> Date: Mon, 20 May 2024 11:00:48 +0000 Subject: [PATCH 055/132] Bump mkdocs-material from 9.5.23 to v9.5.24 --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index f8b1b24f..2827afd6 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,4 +1,4 @@ mkdocs==1.6.0 -mkdocs-material==9.5.23 +mkdocs-material==9.5.24 pygments==2.18.0 pymdown-extensions==10.8.1 From e942ae9f4af7bf8a338ccc37edea185dd9a4c895 Mon Sep 17 00:00:00 2001 From: "dghubble-renovate[bot]" <119624128+dghubble-renovate[bot]@users.noreply.github.com> Date: Thu, 23 May 2024 14:00:53 +0000 Subject: [PATCH 056/132] Bump docker.io/flannel/flannel image from v0.25.1 to v0.25.2 --- addons/flannel/daemonset.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/addons/flannel/daemonset.tf b/addons/flannel/daemonset.tf index f184072f..0668a1cd 100644 --- a/addons/flannel/daemonset.tf +++ b/addons/flannel/daemonset.tf @@ -73,7 +73,7 @@ resource "kubernetes_daemonset" "flannel" { container { name = "flannel" - image = "docker.io/flannel/flannel:v0.25.1" + image = "docker.io/flannel/flannel:v0.25.2" command = [ "/opt/bin/flanneld", "--ip-masq", From 2d020a2ce35347e0e17321fac5b5c6ae3bb41dfa Mon Sep 17 00:00:00 2001 From: "dghubble-renovate[bot]" <119624128+dghubble-renovate[bot]@users.noreply.github.com> Date: Mon, 27 May 2024 13:41:05 +0000 Subject: [PATCH 057/132] Bump mkdocs-material from 9.5.24 to v9.5.25 --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 2827afd6..3b3ec9e3 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,4 +1,4 @@ mkdocs==1.6.0 -mkdocs-material==9.5.24 +mkdocs-material==9.5.25 pygments==2.18.0 pymdown-extensions==10.8.1 From d6e4f49cd9393f2fa8fc9dd04f5ff1ccce1597ee Mon Sep 17 00:00:00 2001 From: "dghubble-renovate[bot]" <119624128+dghubble-renovate[bot]@users.noreply.github.com> Date: Fri, 31 May 2024 14:00:43 +0000 Subject: [PATCH 058/132] Bump docker.io/flannel/flannel image from v0.25.2 to v0.25.3 --- addons/flannel/daemonset.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/addons/flannel/daemonset.tf b/addons/flannel/daemonset.tf index 0668a1cd..9de8bd8f 100644 --- a/addons/flannel/daemonset.tf +++ b/addons/flannel/daemonset.tf @@ -73,7 +73,7 @@ resource "kubernetes_daemonset" "flannel" { container { name = "flannel" - image = "docker.io/flannel/flannel:v0.25.2" + image = "docker.io/flannel/flannel:v0.25.3" command = [ "/opt/bin/flanneld", "--ip-masq", From 9be5250a711fcc6006c539a3e75482e3e3740ffa Mon Sep 17 00:00:00 2001 From: "dghubble-renovate[bot]" <119624128+dghubble-renovate[bot]@users.noreply.github.com> Date: Thu, 6 Jun 2024 16:01:01 +0000 Subject: [PATCH 059/132] Bump mkdocs-material from 9.5.25 to v9.5.26 --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 3b3ec9e3..347e628c 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,4 +1,4 @@ mkdocs==1.6.0 -mkdocs-material==9.5.25 +mkdocs-material==9.5.26 pygments==2.18.0 pymdown-extensions==10.8.1 From 8fd2c95cec70128856639f623e36bd0464071c0a Mon Sep 17 00:00:00 2001 From: "dghubble-renovate[bot]" <119624128+dghubble-renovate[bot]@users.noreply.github.com> Date: Mon, 10 Jun 2024 16:36:00 +0000 Subject: [PATCH 060/132] Bump docker.io/flannel/flannel image from v0.25.3 to v0.25.4 --- addons/flannel/daemonset.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/addons/flannel/daemonset.tf b/addons/flannel/daemonset.tf index 9de8bd8f..aa6adb51 100644 --- a/addons/flannel/daemonset.tf +++ b/addons/flannel/daemonset.tf @@ -73,7 +73,7 @@ resource "kubernetes_daemonset" "flannel" { container { name = "flannel" - image = "docker.io/flannel/flannel:v0.25.3" + image = "docker.io/flannel/flannel:v0.25.4" command = [ "/opt/bin/flanneld", "--ip-masq", From 158a681a8b771738338671b2615d4720e7478d3c Mon Sep 17 00:00:00 2001 From: "dghubble-renovate[bot]" <119624128+dghubble-renovate[bot]@users.noreply.github.com> Date: Mon, 10 Jun 2024 14:26:03 +0000 Subject: [PATCH 061/132] Bump quay.io/cilium/cilium image from v1.15.5 to v1.15.6 --- addons/cilium/daemonset.tf | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/addons/cilium/daemonset.tf b/addons/cilium/daemonset.tf index 5c175246..be36204c 100644 --- a/addons/cilium/daemonset.tf +++ b/addons/cilium/daemonset.tf @@ -61,7 +61,7 @@ resource "kubernetes_daemonset" "cilium" { # https://github.com/cilium/cilium/pull/24075 init_container { name = "install-cni" - image = "quay.io/cilium/cilium:v1.15.5" + image = "quay.io/cilium/cilium:v1.15.6" command = ["/install-plugin.sh"] security_context { allow_privilege_escalation = true @@ -80,7 +80,7 @@ resource "kubernetes_daemonset" "cilium" { # We use nsenter command with host's cgroup and mount namespaces enabled. init_container { name = "mount-cgroup" - image = "quay.io/cilium/cilium:v1.15.5" + image = "quay.io/cilium/cilium:v1.15.6" command = [ "sh", "-ec", @@ -115,7 +115,7 @@ resource "kubernetes_daemonset" "cilium" { init_container { name = "clean-cilium-state" - image = "quay.io/cilium/cilium:v1.15.5" + image = "quay.io/cilium/cilium:v1.15.6" command = ["/init-container.sh"] security_context { allow_privilege_escalation = true @@ -139,7 +139,7 @@ resource "kubernetes_daemonset" "cilium" { container { name = "cilium-agent" - image = "quay.io/cilium/cilium:v1.15.5" + image = "quay.io/cilium/cilium:v1.15.6" command = ["cilium-agent"] args = [ "--config-dir=/tmp/cilium/config-map" From 5090e60fe0ba8157cc149fec5c5fbecc880633bf Mon Sep 17 00:00:00 2001 From: "dghubble-renovate[bot]" <119624128+dghubble-renovate[bot]@users.noreply.github.com> Date: Mon, 10 Jun 2024 14:21:04 +0000 Subject: [PATCH 062/132] Bump quay.io/cilium/operator-generic image from v1.15.5 to v1.15.6 --- addons/cilium/deployment.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/addons/cilium/deployment.tf b/addons/cilium/deployment.tf index 886333d5..92117890 100644 --- a/addons/cilium/deployment.tf +++ b/addons/cilium/deployment.tf @@ -58,7 +58,7 @@ resource "kubernetes_deployment" "operator" { enable_service_links = false container { name = "cilium-operator" - image = "quay.io/cilium/operator-generic:v1.15.5" + image = "quay.io/cilium/operator-generic:v1.15.6" command = ["cilium-operator-generic"] args = [ "--config-dir=/tmp/cilium/config-map", From da99a01f430e1013c13c4f2f849d49276a28e202 Mon Sep 17 00:00:00 2001 From: "dghubble-renovate[bot]" <119624128+dghubble-renovate[bot]@users.noreply.github.com> Date: Sun, 16 Jun 2024 18:41:35 +0000 Subject: [PATCH 063/132] Bump mkdocs-material from 9.5.26 to v9.5.27 --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 347e628c..1b3620df 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,4 +1,4 @@ mkdocs==1.6.0 -mkdocs-material==9.5.26 +mkdocs-material==9.5.27 pygments==2.18.0 pymdown-extensions==10.8.1 From 931d6d18de2a48027219b1da54bbc1dbd50ae7f4 Mon Sep 17 00:00:00 2001 From: Dalton Hubble Date: Mon, 17 Jun 2024 08:20:03 -0700 Subject: [PATCH 064/132] Update Kubernetes from v1.30.1 to v1.30.2 * Update CoreDNS from v1.9.4 to v1.11.1 * Update Cilium from v1.15.5 to v1.15.6 * Update flannel from v0.25.1 to v0.25.4 --- README.md | 10 +++---- aws/fedora-coreos/kubernetes/README.md | 2 +- aws/fedora-coreos/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/workers/butane/worker.yaml | 2 +- aws/flatcar-linux/kubernetes/README.md | 2 +- aws/flatcar-linux/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/workers/butane/worker.yaml | 2 +- azure/fedora-coreos/kubernetes/README.md | 2 +- azure/fedora-coreos/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/workers/butane/worker.yaml | 2 +- azure/flatcar-linux/kubernetes/README.md | 2 +- azure/flatcar-linux/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/workers/butane/worker.yaml | 2 +- bare-metal/fedora-coreos/kubernetes/README.md | 2 +- .../fedora-coreos/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/worker/butane/worker.yaml | 2 +- bare-metal/flatcar-linux/kubernetes/README.md | 2 +- .../flatcar-linux/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/worker/butane/worker.yaml | 2 +- .../fedora-coreos/kubernetes/README.md | 2 +- .../fedora-coreos/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/butane/worker.yaml | 2 +- .../flatcar-linux/kubernetes/README.md | 2 +- .../flatcar-linux/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/butane/worker.yaml | 2 +- docs/advanced/arm64.md | 28 +++++++++---------- docs/advanced/nodes.md | 8 +++--- docs/advanced/worker-pools.md | 22 +++++++-------- docs/fedora-coreos/aws.md | 10 +++---- docs/fedora-coreos/azure.md | 10 +++---- docs/fedora-coreos/bare-metal.md | 12 ++++---- docs/fedora-coreos/digitalocean.md | 10 +++---- docs/fedora-coreos/google-cloud.md | 10 +++---- docs/flatcar-linux/aws.md | 10 +++---- docs/flatcar-linux/azure.md | 10 +++---- docs/flatcar-linux/bare-metal.md | 12 ++++---- docs/flatcar-linux/digitalocean.md | 10 +++---- docs/flatcar-linux/google-cloud.md | 10 +++---- docs/index.md | 10 +++---- docs/topics/maintenance.md | 8 +++--- .../fedora-coreos/kubernetes/README.md | 2 +- .../fedora-coreos/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/workers/butane/worker.yaml | 2 +- .../flatcar-linux/kubernetes/README.md | 2 +- .../flatcar-linux/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/workers/butane/worker.yaml | 2 +- 56 files changed, 145 insertions(+), 145 deletions(-) diff --git a/README.md b/README.md index f90f5a5c..2ce903ad 100644 --- a/README.md +++ b/README.md @@ -18,7 +18,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.30.1 (upstream) +* Kubernetes v1.30.2 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/), SELinux enforcing * Advanced features like [worker pools](https://typhoon.psdn.io/advanced/worker-pools/), [preemptible](https://typhoon.psdn.io/flatcar-linux/google-cloud/#preemption) workers, and [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization @@ -78,7 +78,7 @@ Define a Kubernetes cluster by using the Terraform module for your chosen platfo ```tf module "yavin" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.30.1" + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.30.2" # Google Cloud cluster_name = "yavin" @@ -117,9 +117,9 @@ In 4-8 minutes (varies by platform), the cluster will be ready. This Google Clou $ export KUBECONFIG=/home/user/.kube/configs/yavin-config $ kubectl get nodes NAME ROLES STATUS AGE VERSION -yavin-controller-0.c.example-com.internal Ready 6m v1.30.1 -yavin-worker-jrbf.c.example-com.internal Ready 5m v1.30.1 -yavin-worker-mzdm.c.example-com.internal Ready 5m v1.30.1 +yavin-controller-0.c.example-com.internal Ready 6m v1.30.2 +yavin-worker-jrbf.c.example-com.internal Ready 5m v1.30.2 +yavin-worker-mzdm.c.example-com.internal Ready 5m v1.30.2 ``` List the pods. diff --git a/aws/fedora-coreos/kubernetes/README.md b/aws/fedora-coreos/kubernetes/README.md index 6fe50920..f5babf51 100644 --- a/aws/fedora-coreos/kubernetes/README.md +++ b/aws/fedora-coreos/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.30.1 (upstream) +* Kubernetes v1.30.2 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/), SELinux enforcing * Advanced features like [worker pools](https://typhoon.psdn.io/advanced/worker-pools/), [spot](https://typhoon.psdn.io/fedora-coreos/aws/#spot) workers, and [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/aws/fedora-coreos/kubernetes/bootstrap.tf b/aws/fedora-coreos/kubernetes/bootstrap.tf index c3225b98..db40a086 100644 --- a/aws/fedora-coreos/kubernetes/bootstrap.tf +++ b/aws/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=e1b1e0c75e77e042cf369f463f0e656297a201a8" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=886f501bf7b624fc12acac83449b81d0dc8b8849" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/aws/fedora-coreos/kubernetes/butane/controller.yaml b/aws/fedora-coreos/kubernetes/butane/controller.yaml index 965660ee..87163553 100644 --- a/aws/fedora-coreos/kubernetes/butane/controller.yaml +++ b/aws/fedora-coreos/kubernetes/butane/controller.yaml @@ -57,7 +57,7 @@ systemd: After=afterburn.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.1 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.2 EnvironmentFile=/run/metadata/afterburn ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests @@ -116,7 +116,7 @@ systemd: --volume /opt/bootstrap/assets:/assets:ro,Z \ --volume /opt/bootstrap/apply:/apply:ro,Z \ --entrypoint=/apply \ - quay.io/poseidon/kubelet:v1.30.1 + quay.io/poseidon/kubelet:v1.30.2 ExecStartPost=/bin/touch /opt/bootstrap/bootstrap.done ExecStartPost=-/usr/bin/podman stop bootstrap storage: diff --git a/aws/fedora-coreos/kubernetes/workers/butane/worker.yaml b/aws/fedora-coreos/kubernetes/workers/butane/worker.yaml index a45be7b3..e72e4cca 100644 --- a/aws/fedora-coreos/kubernetes/workers/butane/worker.yaml +++ b/aws/fedora-coreos/kubernetes/workers/butane/worker.yaml @@ -29,7 +29,7 @@ systemd: After=afterburn.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.1 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.2 EnvironmentFile=/run/metadata/afterburn ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests diff --git a/aws/flatcar-linux/kubernetes/README.md b/aws/flatcar-linux/kubernetes/README.md index 03b2ada2..41ce325b 100644 --- a/aws/flatcar-linux/kubernetes/README.md +++ b/aws/flatcar-linux/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.30.1 (upstream) +* Kubernetes v1.30.2 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/) * Advanced features like [worker pools](https://typhoon.psdn.io/advanced/worker-pools/), [spot](https://typhoon.psdn.io/flatcar-linux/aws/#spot) workers, and [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/aws/flatcar-linux/kubernetes/bootstrap.tf b/aws/flatcar-linux/kubernetes/bootstrap.tf index c3225b98..db40a086 100644 --- a/aws/flatcar-linux/kubernetes/bootstrap.tf +++ b/aws/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=e1b1e0c75e77e042cf369f463f0e656297a201a8" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=886f501bf7b624fc12acac83449b81d0dc8b8849" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/aws/flatcar-linux/kubernetes/butane/controller.yaml b/aws/flatcar-linux/kubernetes/butane/controller.yaml index 1b0aab45..94e197c7 100644 --- a/aws/flatcar-linux/kubernetes/butane/controller.yaml +++ b/aws/flatcar-linux/kubernetes/butane/controller.yaml @@ -58,7 +58,7 @@ systemd: After=coreos-metadata.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.1 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.2 EnvironmentFile=/run/metadata/coreos ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests @@ -109,7 +109,7 @@ systemd: Type=oneshot RemainAfterExit=true WorkingDirectory=/opt/bootstrap - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.1 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.2 ExecStart=/usr/bin/docker run \ -v /etc/kubernetes/pki:/etc/kubernetes/pki:ro \ -v /opt/bootstrap/assets:/assets:ro \ diff --git a/aws/flatcar-linux/kubernetes/workers/butane/worker.yaml b/aws/flatcar-linux/kubernetes/workers/butane/worker.yaml index 5e5a2655..a8fbaf71 100644 --- a/aws/flatcar-linux/kubernetes/workers/butane/worker.yaml +++ b/aws/flatcar-linux/kubernetes/workers/butane/worker.yaml @@ -30,7 +30,7 @@ systemd: After=coreos-metadata.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.1 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.2 EnvironmentFile=/run/metadata/coreos ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests diff --git a/azure/fedora-coreos/kubernetes/README.md b/azure/fedora-coreos/kubernetes/README.md index 4edcfc60..6034f4ed 100644 --- a/azure/fedora-coreos/kubernetes/README.md +++ b/azure/fedora-coreos/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.30.1 (upstream) +* Kubernetes v1.30.2 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/), SELinux enforcing * Advanced features like [worker pools](https://typhoon.psdn.io/advanced/worker-pools/), [spot priority](https://typhoon.psdn.io/fedora-coreos/azure/#low-priority) workers, and [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/azure/fedora-coreos/kubernetes/bootstrap.tf b/azure/fedora-coreos/kubernetes/bootstrap.tf index 75920f64..62396439 100644 --- a/azure/fedora-coreos/kubernetes/bootstrap.tf +++ b/azure/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=e1b1e0c75e77e042cf369f463f0e656297a201a8" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=886f501bf7b624fc12acac83449b81d0dc8b8849" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/azure/fedora-coreos/kubernetes/butane/controller.yaml b/azure/fedora-coreos/kubernetes/butane/controller.yaml index 004c1be4..209583e3 100644 --- a/azure/fedora-coreos/kubernetes/butane/controller.yaml +++ b/azure/fedora-coreos/kubernetes/butane/controller.yaml @@ -54,7 +54,7 @@ systemd: Description=Kubelet (System Container) Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.1 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.2 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin @@ -111,7 +111,7 @@ systemd: --volume /opt/bootstrap/assets:/assets:ro,Z \ --volume /opt/bootstrap/apply:/apply:ro,Z \ --entrypoint=/apply \ - quay.io/poseidon/kubelet:v1.30.1 + quay.io/poseidon/kubelet:v1.30.2 ExecStartPost=/bin/touch /opt/bootstrap/bootstrap.done ExecStartPost=-/usr/bin/podman stop bootstrap storage: diff --git a/azure/fedora-coreos/kubernetes/workers/butane/worker.yaml b/azure/fedora-coreos/kubernetes/workers/butane/worker.yaml index 79128fa8..c0e94cd4 100644 --- a/azure/fedora-coreos/kubernetes/workers/butane/worker.yaml +++ b/azure/fedora-coreos/kubernetes/workers/butane/worker.yaml @@ -26,7 +26,7 @@ systemd: Description=Kubelet (System Container) Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.1 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.2 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin diff --git a/azure/flatcar-linux/kubernetes/README.md b/azure/flatcar-linux/kubernetes/README.md index b542f425..2214251c 100644 --- a/azure/flatcar-linux/kubernetes/README.md +++ b/azure/flatcar-linux/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.30.1 (upstream) +* Kubernetes v1.30.2 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/) * Advanced features like [worker pools](https://typhoon.psdn.io/advanced/worker-pools/), [low-priority](https://typhoon.psdn.io/flatcar-linux/azure/#low-priority) workers, and [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/azure/flatcar-linux/kubernetes/bootstrap.tf b/azure/flatcar-linux/kubernetes/bootstrap.tf index 75920f64..62396439 100644 --- a/azure/flatcar-linux/kubernetes/bootstrap.tf +++ b/azure/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=e1b1e0c75e77e042cf369f463f0e656297a201a8" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=886f501bf7b624fc12acac83449b81d0dc8b8849" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/azure/flatcar-linux/kubernetes/butane/controller.yaml b/azure/flatcar-linux/kubernetes/butane/controller.yaml index 00e46d16..eced4bf7 100644 --- a/azure/flatcar-linux/kubernetes/butane/controller.yaml +++ b/azure/flatcar-linux/kubernetes/butane/controller.yaml @@ -56,7 +56,7 @@ systemd: After=docker.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.1 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.2 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin @@ -105,7 +105,7 @@ systemd: Type=oneshot RemainAfterExit=true WorkingDirectory=/opt/bootstrap - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.1 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.2 ExecStart=/usr/bin/docker run \ -v /etc/kubernetes/pki:/etc/kubernetes/pki:ro \ -v /opt/bootstrap/assets:/assets:ro \ diff --git a/azure/flatcar-linux/kubernetes/workers/butane/worker.yaml b/azure/flatcar-linux/kubernetes/workers/butane/worker.yaml index 84e591a6..d18b0f0f 100644 --- a/azure/flatcar-linux/kubernetes/workers/butane/worker.yaml +++ b/azure/flatcar-linux/kubernetes/workers/butane/worker.yaml @@ -28,7 +28,7 @@ systemd: After=docker.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.1 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.2 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin diff --git a/bare-metal/fedora-coreos/kubernetes/README.md b/bare-metal/fedora-coreos/kubernetes/README.md index d78ddc6d..306c15d7 100644 --- a/bare-metal/fedora-coreos/kubernetes/README.md +++ b/bare-metal/fedora-coreos/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.30.1 (upstream) +* Kubernetes v1.30.2 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/), SELinux enforcing * Advanced features like [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/bare-metal/fedora-coreos/kubernetes/bootstrap.tf b/bare-metal/fedora-coreos/kubernetes/bootstrap.tf index 7ed62bfe..e0c7e557 100644 --- a/bare-metal/fedora-coreos/kubernetes/bootstrap.tf +++ b/bare-metal/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=e1b1e0c75e77e042cf369f463f0e656297a201a8" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=886f501bf7b624fc12acac83449b81d0dc8b8849" cluster_name = var.cluster_name api_servers = [var.k8s_domain_name] diff --git a/bare-metal/fedora-coreos/kubernetes/butane/controller.yaml b/bare-metal/fedora-coreos/kubernetes/butane/controller.yaml index 31ba1637..943c7c9f 100644 --- a/bare-metal/fedora-coreos/kubernetes/butane/controller.yaml +++ b/bare-metal/fedora-coreos/kubernetes/butane/controller.yaml @@ -53,7 +53,7 @@ systemd: Description=Kubelet (System Container) Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.1 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.2 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin @@ -113,7 +113,7 @@ systemd: Type=oneshot RemainAfterExit=true WorkingDirectory=/opt/bootstrap - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.1 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.2 ExecStartPre=-/usr/bin/podman rm bootstrap ExecStart=/usr/bin/podman run --name bootstrap \ --network host \ diff --git a/bare-metal/fedora-coreos/kubernetes/worker/butane/worker.yaml b/bare-metal/fedora-coreos/kubernetes/worker/butane/worker.yaml index e3990e67..cd5e8ef9 100644 --- a/bare-metal/fedora-coreos/kubernetes/worker/butane/worker.yaml +++ b/bare-metal/fedora-coreos/kubernetes/worker/butane/worker.yaml @@ -25,7 +25,7 @@ systemd: Description=Kubelet (System Container) Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.1 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.2 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin diff --git a/bare-metal/flatcar-linux/kubernetes/README.md b/bare-metal/flatcar-linux/kubernetes/README.md index 22e427e6..c20ed609 100644 --- a/bare-metal/flatcar-linux/kubernetes/README.md +++ b/bare-metal/flatcar-linux/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.30.1 (upstream) +* Kubernetes v1.30.2 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/) * Advanced features like [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/bare-metal/flatcar-linux/kubernetes/bootstrap.tf b/bare-metal/flatcar-linux/kubernetes/bootstrap.tf index 5c3e9715..71026dc0 100644 --- a/bare-metal/flatcar-linux/kubernetes/bootstrap.tf +++ b/bare-metal/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=e1b1e0c75e77e042cf369f463f0e656297a201a8" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=886f501bf7b624fc12acac83449b81d0dc8b8849" cluster_name = var.cluster_name api_servers = [var.k8s_domain_name] diff --git a/bare-metal/flatcar-linux/kubernetes/butane/controller.yaml b/bare-metal/flatcar-linux/kubernetes/butane/controller.yaml index faf79518..4885c5c0 100644 --- a/bare-metal/flatcar-linux/kubernetes/butane/controller.yaml +++ b/bare-metal/flatcar-linux/kubernetes/butane/controller.yaml @@ -64,7 +64,7 @@ systemd: After=docker.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.1 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.2 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin @@ -114,7 +114,7 @@ systemd: Type=oneshot RemainAfterExit=true WorkingDirectory=/opt/bootstrap - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.1 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.2 ExecStart=/usr/bin/docker run \ -v /etc/kubernetes/pki:/etc/kubernetes/pki:ro \ -v /opt/bootstrap/assets:/assets:ro \ diff --git a/bare-metal/flatcar-linux/kubernetes/worker/butane/worker.yaml b/bare-metal/flatcar-linux/kubernetes/worker/butane/worker.yaml index b0a52261..476e4f99 100644 --- a/bare-metal/flatcar-linux/kubernetes/worker/butane/worker.yaml +++ b/bare-metal/flatcar-linux/kubernetes/worker/butane/worker.yaml @@ -36,7 +36,7 @@ systemd: After=docker.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.1 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.2 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin diff --git a/digital-ocean/fedora-coreos/kubernetes/README.md b/digital-ocean/fedora-coreos/kubernetes/README.md index 20fbb592..1f36ac97 100644 --- a/digital-ocean/fedora-coreos/kubernetes/README.md +++ b/digital-ocean/fedora-coreos/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.30.1 (upstream) +* Kubernetes v1.30.2 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/), SELinux enforcing * Advanced features like [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/digital-ocean/fedora-coreos/kubernetes/bootstrap.tf b/digital-ocean/fedora-coreos/kubernetes/bootstrap.tf index a4e78a1c..70b7863e 100644 --- a/digital-ocean/fedora-coreos/kubernetes/bootstrap.tf +++ b/digital-ocean/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=e1b1e0c75e77e042cf369f463f0e656297a201a8" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=886f501bf7b624fc12acac83449b81d0dc8b8849" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/digital-ocean/fedora-coreos/kubernetes/butane/controller.yaml b/digital-ocean/fedora-coreos/kubernetes/butane/controller.yaml index 8f409219..36414db8 100644 --- a/digital-ocean/fedora-coreos/kubernetes/butane/controller.yaml +++ b/digital-ocean/fedora-coreos/kubernetes/butane/controller.yaml @@ -55,7 +55,7 @@ systemd: After=afterburn.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.1 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.2 EnvironmentFile=/run/metadata/afterburn ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests @@ -123,7 +123,7 @@ systemd: --volume /opt/bootstrap/assets:/assets:ro,Z \ --volume /opt/bootstrap/apply:/apply:ro,Z \ --entrypoint=/apply \ - quay.io/poseidon/kubelet:v1.30.1 + quay.io/poseidon/kubelet:v1.30.2 ExecStartPost=/bin/touch /opt/bootstrap/bootstrap.done ExecStartPost=-/usr/bin/podman stop bootstrap storage: diff --git a/digital-ocean/fedora-coreos/kubernetes/butane/worker.yaml b/digital-ocean/fedora-coreos/kubernetes/butane/worker.yaml index aae09b45..72edfcc0 100644 --- a/digital-ocean/fedora-coreos/kubernetes/butane/worker.yaml +++ b/digital-ocean/fedora-coreos/kubernetes/butane/worker.yaml @@ -28,7 +28,7 @@ systemd: After=afterburn.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.1 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.2 EnvironmentFile=/run/metadata/afterburn ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests diff --git a/digital-ocean/flatcar-linux/kubernetes/README.md b/digital-ocean/flatcar-linux/kubernetes/README.md index f389744f..01f81adb 100644 --- a/digital-ocean/flatcar-linux/kubernetes/README.md +++ b/digital-ocean/flatcar-linux/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.30.1 (upstream) +* Kubernetes v1.30.2 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/) * Advanced features like [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/digital-ocean/flatcar-linux/kubernetes/bootstrap.tf b/digital-ocean/flatcar-linux/kubernetes/bootstrap.tf index a4e78a1c..70b7863e 100644 --- a/digital-ocean/flatcar-linux/kubernetes/bootstrap.tf +++ b/digital-ocean/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=e1b1e0c75e77e042cf369f463f0e656297a201a8" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=886f501bf7b624fc12acac83449b81d0dc8b8849" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/digital-ocean/flatcar-linux/kubernetes/butane/controller.yaml b/digital-ocean/flatcar-linux/kubernetes/butane/controller.yaml index d50c68c4..33fad42e 100644 --- a/digital-ocean/flatcar-linux/kubernetes/butane/controller.yaml +++ b/digital-ocean/flatcar-linux/kubernetes/butane/controller.yaml @@ -66,7 +66,7 @@ systemd: After=coreos-metadata.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.1 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.2 EnvironmentFile=/run/metadata/coreos ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests @@ -117,7 +117,7 @@ systemd: Type=oneshot RemainAfterExit=true WorkingDirectory=/opt/bootstrap - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.1 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.2 ExecStart=/usr/bin/docker run \ -v /etc/kubernetes/pki:/etc/kubernetes/pki:ro \ -v /opt/bootstrap/assets:/assets:ro \ diff --git a/digital-ocean/flatcar-linux/kubernetes/butane/worker.yaml b/digital-ocean/flatcar-linux/kubernetes/butane/worker.yaml index 39994b68..a3d6fb8f 100644 --- a/digital-ocean/flatcar-linux/kubernetes/butane/worker.yaml +++ b/digital-ocean/flatcar-linux/kubernetes/butane/worker.yaml @@ -38,7 +38,7 @@ systemd: After=coreos-metadata.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.1 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.2 EnvironmentFile=/run/metadata/coreos ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests diff --git a/docs/advanced/arm64.md b/docs/advanced/arm64.md index a80950af..9cfcb715 100644 --- a/docs/advanced/arm64.md +++ b/docs/advanced/arm64.md @@ -15,7 +15,7 @@ Create a cluster on AWS with ARM64 controller and worker nodes. Container worklo ```tf module "gravitas" { - source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes?ref=v1.30.1" + source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes?ref=v1.30.2" # AWS cluster_name = "gravitas" @@ -40,7 +40,7 @@ Create a cluster on AWS with ARM64 controller and worker nodes. Container worklo ```tf module "gravitas" { - source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes?ref=v1.30.1" + source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes?ref=v1.30.2" # AWS cluster_name = "gravitas" @@ -66,9 +66,9 @@ Verify the cluster has only arm64 (`aarch64`) nodes. For Flatcar Linux, describe ``` $ kubectl get nodes -o wide NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME -ip-10-0-21-119 Ready 77s v1.30.1 10.0.21.119 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.aarch64 containerd://1.5.8 -ip-10-0-32-166 Ready 80s v1.30.1 10.0.32.166 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.aarch64 containerd://1.5.8 -ip-10-0-5-79 Ready 77s v1.30.1 10.0.5.79 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.aarch64 containerd://1.5.8 +ip-10-0-21-119 Ready 77s v1.30.2 10.0.21.119 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.aarch64 containerd://1.5.8 +ip-10-0-32-166 Ready 80s v1.30.2 10.0.32.166 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.aarch64 containerd://1.5.8 +ip-10-0-5-79 Ready 77s v1.30.2 10.0.5.79 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.aarch64 containerd://1.5.8 ``` ## Hybrid @@ -79,7 +79,7 @@ Create a hybrid/mixed arch cluster by defining an AWS cluster. Then define a [wo ```tf module "gravitas" { - source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes?ref=v1.30.1" + source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes?ref=v1.30.2" # AWS cluster_name = "gravitas" @@ -102,7 +102,7 @@ Create a hybrid/mixed arch cluster by defining an AWS cluster. Then define a [wo ```tf module "gravitas" { - source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes?ref=v1.30.1" + source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes?ref=v1.30.2" # AWS cluster_name = "gravitas" @@ -125,7 +125,7 @@ Create a hybrid/mixed arch cluster by defining an AWS cluster. Then define a [wo ```tf module "gravitas-arm64" { - source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes/workers?ref=v1.30.1" + source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes/workers?ref=v1.30.2" # AWS vpc_id = module.gravitas.vpc_id @@ -149,7 +149,7 @@ Create a hybrid/mixed arch cluster by defining an AWS cluster. Then define a [wo ```tf module "gravitas-arm64" { - source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes/workers?ref=v1.30.1" + source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes/workers?ref=v1.30.2" # AWS vpc_id = module.gravitas.vpc_id @@ -174,10 +174,10 @@ Verify amd64 (x86_64) and arm64 (aarch64) nodes are present. ``` $ kubectl get nodes -o wide NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME -ip-10-0-1-73 Ready 111m v1.30.1 10.0.1.73 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.x86_64 containerd://1.5.8 -ip-10-0-22-79... Ready 111m v1.30.1 10.0.22.79 Flatcar Container Linux by Kinvolk 3033.2.0 (Oklo) 5.10.84-flatcar containerd://1.5.8 -ip-10-0-24-130 Ready 111m v1.30.1 10.0.24.130 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.x86_64 containerd://1.5.8 -ip-10-0-39-19 Ready 111m v1.30.1 10.0.39.19 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.x86_64 containerd://1.5.8 +ip-10-0-1-73 Ready 111m v1.30.2 10.0.1.73 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.x86_64 containerd://1.5.8 +ip-10-0-22-79... Ready 111m v1.30.2 10.0.22.79 Flatcar Container Linux by Kinvolk 3033.2.0 (Oklo) 5.10.84-flatcar containerd://1.5.8 +ip-10-0-24-130 Ready 111m v1.30.2 10.0.24.130 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.x86_64 containerd://1.5.8 +ip-10-0-39-19 Ready 111m v1.30.2 10.0.39.19 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.x86_64 containerd://1.5.8 ``` ## Azure @@ -186,7 +186,7 @@ Create a cluster on Azure with ARM64 controller and worker nodes. Container work ```tf module "ramius" { - source = "git::https://github.com/poseidon/typhoon//azure/flatcar-linux/kubernetes?ref=v1.30.1" + source = "git::https://github.com/poseidon/typhoon//azure/flatcar-linux/kubernetes?ref=v1.30.2" # Azure cluster_name = "ramius" diff --git a/docs/advanced/nodes.md b/docs/advanced/nodes.md index 7c015739..8ec984dd 100644 --- a/docs/advanced/nodes.md +++ b/docs/advanced/nodes.md @@ -36,7 +36,7 @@ Add custom initial worker node labels to default workers or worker pool nodes to ```tf module "yavin" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.30.1" + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.30.2" # Google Cloud cluster_name = "yavin" @@ -57,7 +57,7 @@ Add custom initial worker node labels to default workers or worker pool nodes to ```tf module "yavin-pool" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes/workers?ref=v1.30.1" + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes/workers?ref=v1.30.2" # Google Cloud cluster_name = "yavin" @@ -89,7 +89,7 @@ Add custom initial taints on worker pool nodes to indicate a node is unique and ```tf module "yavin" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.30.1" + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.30.2" # Google Cloud cluster_name = "yavin" @@ -110,7 +110,7 @@ Add custom initial taints on worker pool nodes to indicate a node is unique and ```tf module "yavin-pool" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes/workers?ref=v1.30.1" + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes/workers?ref=v1.30.2" # Google Cloud cluster_name = "yavin" diff --git a/docs/advanced/worker-pools.md b/docs/advanced/worker-pools.md index 16b3e802..ae325a1e 100644 --- a/docs/advanced/worker-pools.md +++ b/docs/advanced/worker-pools.md @@ -19,7 +19,7 @@ Create a cluster following the AWS [tutorial](../flatcar-linux/aws.md#cluster). ```tf module "tempest-worker-pool" { - source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes/workers?ref=v1.30.1" + source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes/workers?ref=v1.30.2" # AWS vpc_id = module.tempest.vpc_id @@ -42,7 +42,7 @@ Create a cluster following the AWS [tutorial](../flatcar-linux/aws.md#cluster). ```tf module "tempest-worker-pool" { - source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes/workers?ref=v1.30.1" + source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes/workers?ref=v1.30.2" # AWS vpc_id = module.tempest.vpc_id @@ -111,7 +111,7 @@ Create a cluster following the Azure [tutorial](../flatcar-linux/azure.md#cluste ```tf module "ramius-worker-pool" { - source = "git::https://github.com/poseidon/typhoon//azure/fedora-coreos/kubernetes/workers?ref=v1.30.1" + source = "git::https://github.com/poseidon/typhoon//azure/fedora-coreos/kubernetes/workers?ref=v1.30.2" # Azure region = module.ramius.region @@ -137,7 +137,7 @@ Create a cluster following the Azure [tutorial](../flatcar-linux/azure.md#cluste ```tf module "ramius-worker-pool" { - source = "git::https://github.com/poseidon/typhoon//azure/flatcar-linux/kubernetes/workers?ref=v1.30.1" + source = "git::https://github.com/poseidon/typhoon//azure/flatcar-linux/kubernetes/workers?ref=v1.30.2" # Azure region = module.ramius.region @@ -207,7 +207,7 @@ Create a cluster following the Google Cloud [tutorial](../flatcar-linux/google-c ```tf module "yavin-worker-pool" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes/workers?ref=v1.30.1" + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes/workers?ref=v1.30.2" # Google Cloud region = "europe-west2" @@ -231,7 +231,7 @@ Create a cluster following the Google Cloud [tutorial](../flatcar-linux/google-c ```tf module "yavin-worker-pool" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/flatcar-linux/kubernetes/workers?ref=v1.30.1" + source = "git::https://github.com/poseidon/typhoon//google-cloud/flatcar-linux/kubernetes/workers?ref=v1.30.2" # Google Cloud region = "europe-west2" @@ -262,11 +262,11 @@ Verify a managed instance group of workers joins the cluster within a few minute ``` $ kubectl get nodes NAME STATUS AGE VERSION -yavin-controller-0.c.example-com.internal Ready 6m v1.30.1 -yavin-worker-jrbf.c.example-com.internal Ready 5m v1.30.1 -yavin-worker-mzdm.c.example-com.internal Ready 5m v1.30.1 -yavin-16x-worker-jrbf.c.example-com.internal Ready 3m v1.30.1 -yavin-16x-worker-mzdm.c.example-com.internal Ready 3m v1.30.1 +yavin-controller-0.c.example-com.internal Ready 6m v1.30.2 +yavin-worker-jrbf.c.example-com.internal Ready 5m v1.30.2 +yavin-worker-mzdm.c.example-com.internal Ready 5m v1.30.2 +yavin-16x-worker-jrbf.c.example-com.internal Ready 3m v1.30.2 +yavin-16x-worker-mzdm.c.example-com.internal Ready 3m v1.30.2 ``` ### Variables diff --git a/docs/fedora-coreos/aws.md b/docs/fedora-coreos/aws.md index d8728766..4f9f80a9 100644 --- a/docs/fedora-coreos/aws.md +++ b/docs/fedora-coreos/aws.md @@ -1,6 +1,6 @@ # AWS -In this tutorial, we'll create a Kubernetes v1.30.1 cluster on AWS with Fedora CoreOS. +In this tutorial, we'll create a Kubernetes v1.30.2 cluster on AWS with Fedora CoreOS. We'll declare a Kubernetes cluster using the Typhoon Terraform module. Then apply the changes to create a VPC, gateway, subnets, security groups, controller instances, worker auto-scaling group, network load balancer, and TLS assets. @@ -72,7 +72,7 @@ Define a Kubernetes cluster using the module `aws/fedora-coreos/kubernetes`. ```tf module "tempest" { - source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes?ref=v1.30.1" + source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes?ref=v1.30.2" # AWS cluster_name = "tempest" @@ -145,9 +145,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/tempest-config $ kubectl get nodes NAME STATUS ROLES AGE VERSION -ip-10-0-3-155 Ready 10m v1.30.1 -ip-10-0-26-65 Ready 10m v1.30.1 -ip-10-0-41-21 Ready 10m v1.30.1 +ip-10-0-3-155 Ready 10m v1.30.2 +ip-10-0-26-65 Ready 10m v1.30.2 +ip-10-0-41-21 Ready 10m v1.30.2 ``` List the pods. diff --git a/docs/fedora-coreos/azure.md b/docs/fedora-coreos/azure.md index b7957340..ccced47a 100644 --- a/docs/fedora-coreos/azure.md +++ b/docs/fedora-coreos/azure.md @@ -1,6 +1,6 @@ # Azure -In this tutorial, we'll create a Kubernetes v1.30.1 cluster on Azure with Fedora CoreOS. +In this tutorial, we'll create a Kubernetes v1.30.2 cluster on Azure with Fedora CoreOS. We'll declare a Kubernetes cluster using the Typhoon Terraform module. Then apply the changes to create a resource group, virtual network, subnets, security groups, controller availability set, worker scale set, load balancer, and TLS assets. @@ -86,7 +86,7 @@ Define a Kubernetes cluster using the module `azure/fedora-coreos/kubernetes`. ```tf module "ramius" { - source = "git::https://github.com/poseidon/typhoon//azure/fedora-coreos/kubernetes?ref=v1.30.1" + source = "git::https://github.com/poseidon/typhoon//azure/fedora-coreos/kubernetes?ref=v1.30.2" # Azure cluster_name = "ramius" @@ -161,9 +161,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/ramius-config $ kubectl get nodes NAME STATUS ROLES AGE VERSION -ramius-controller-0 Ready 24m v1.30.1 -ramius-worker-000001 Ready 25m v1.30.1 -ramius-worker-000002 Ready 24m v1.30.1 +ramius-controller-0 Ready 24m v1.30.2 +ramius-worker-000001 Ready 25m v1.30.2 +ramius-worker-000002 Ready 24m v1.30.2 ``` List the pods. diff --git a/docs/fedora-coreos/bare-metal.md b/docs/fedora-coreos/bare-metal.md index ccc04506..fed08a2e 100644 --- a/docs/fedora-coreos/bare-metal.md +++ b/docs/fedora-coreos/bare-metal.md @@ -1,6 +1,6 @@ # Bare-Metal -In this tutorial, we'll network boot and provision a Kubernetes v1.30.1 cluster on bare-metal with Fedora CoreOS. +In this tutorial, we'll network boot and provision a Kubernetes v1.30.2 cluster on bare-metal with Fedora CoreOS. First, we'll deploy a [Matchbox](https://github.com/poseidon/matchbox) service and setup a network boot environment. Then, we'll declare a Kubernetes cluster using the Typhoon Terraform module and power on machines. On PXE boot, machines will install Fedora CoreOS to disk, reboot into the disk install, and provision themselves as Kubernetes controllers or workers via Ignition. @@ -154,7 +154,7 @@ Define a Kubernetes cluster using the module `bare-metal/fedora-coreos/kubernete ```tf module "mercury" { - source = "git::https://github.com/poseidon/typhoon//bare-metal/fedora-coreos/kubernetes?ref=v1.30.1" + source = "git::https://github.com/poseidon/typhoon//bare-metal/fedora-coreos/kubernetes?ref=v1.30.2" # bare-metal cluster_name = "mercury" @@ -191,7 +191,7 @@ Workers with similar features can be defined inline using the `workers` field as ```tf module "mercury-node1" { - source = "git::https://github.com/poseidon/typhoon//bare-metal/fedora-coreos/kubernetes/worker?ref=v1.30.1" + source = "git::https://github.com/poseidon/typhoon//bare-metal/fedora-coreos/kubernetes/worker?ref=v1.30.2" # bare-metal cluster_name = "mercury" @@ -313,9 +313,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/mercury-config $ kubectl get nodes NAME STATUS ROLES AGE VERSION -node1.example.com Ready 10m v1.30.1 -node2.example.com Ready 10m v1.30.1 -node3.example.com Ready 10m v1.30.1 +node1.example.com Ready 10m v1.30.2 +node2.example.com Ready 10m v1.30.2 +node3.example.com Ready 10m v1.30.2 ``` List the pods. diff --git a/docs/fedora-coreos/digitalocean.md b/docs/fedora-coreos/digitalocean.md index e3cc5d3a..56995967 100644 --- a/docs/fedora-coreos/digitalocean.md +++ b/docs/fedora-coreos/digitalocean.md @@ -1,6 +1,6 @@ # DigitalOcean -In this tutorial, we'll create a Kubernetes v1.30.1 cluster on DigitalOcean with Fedora CoreOS. +In this tutorial, we'll create a Kubernetes v1.30.2 cluster on DigitalOcean with Fedora CoreOS. We'll declare a Kubernetes cluster using the Typhoon Terraform module. Then apply the changes to create controller droplets, worker droplets, DNS records, tags, and TLS assets. @@ -81,7 +81,7 @@ Define a Kubernetes cluster using the module `digital-ocean/fedora-coreos/kubern ```tf module "nemo" { - source = "git::https://github.com/poseidon/typhoon//digital-ocean/fedora-coreos/kubernetes?ref=v1.30.1" + source = "git::https://github.com/poseidon/typhoon//digital-ocean/fedora-coreos/kubernetes?ref=v1.30.2" # Digital Ocean cluster_name = "nemo" @@ -155,9 +155,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/nemo-config $ kubectl get nodes NAME STATUS ROLES AGE VERSION -10.132.110.130 Ready 10m v1.30.1 -10.132.115.81 Ready 10m v1.30.1 -10.132.124.107 Ready 10m v1.30.1 +10.132.110.130 Ready 10m v1.30.2 +10.132.115.81 Ready 10m v1.30.2 +10.132.124.107 Ready 10m v1.30.2 ``` List the pods. diff --git a/docs/fedora-coreos/google-cloud.md b/docs/fedora-coreos/google-cloud.md index 6e5f08ba..68ef6768 100644 --- a/docs/fedora-coreos/google-cloud.md +++ b/docs/fedora-coreos/google-cloud.md @@ -1,6 +1,6 @@ # Google Cloud -In this tutorial, we'll create a Kubernetes v1.30.1 cluster on Google Compute Engine with Fedora CoreOS. +In this tutorial, we'll create a Kubernetes v1.30.2 cluster on Google Compute Engine with Fedora CoreOS. We'll declare a Kubernetes cluster using the Typhoon Terraform module. Then apply the changes to create a network, firewall rules, health checks, controller instances, worker managed instance group, load balancers, and TLS assets. @@ -73,7 +73,7 @@ Define a Kubernetes cluster using the module `google-cloud/fedora-coreos/kuberne ```tf module "yavin" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.30.1" + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.30.2" # Google Cloud cluster_name = "yavin" @@ -147,9 +147,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/yavin-config $ kubectl get nodes NAME ROLES STATUS AGE VERSION -yavin-controller-0.c.example-com.internal Ready 6m v1.30.1 -yavin-worker-jrbf.c.example-com.internal Ready 5m v1.30.1 -yavin-worker-mzdm.c.example-com.internal Ready 5m v1.30.1 +yavin-controller-0.c.example-com.internal Ready 6m v1.30.2 +yavin-worker-jrbf.c.example-com.internal Ready 5m v1.30.2 +yavin-worker-mzdm.c.example-com.internal Ready 5m v1.30.2 ``` List the pods. diff --git a/docs/flatcar-linux/aws.md b/docs/flatcar-linux/aws.md index a016c865..8bbfe156 100644 --- a/docs/flatcar-linux/aws.md +++ b/docs/flatcar-linux/aws.md @@ -1,6 +1,6 @@ # AWS -In this tutorial, we'll create a Kubernetes v1.30.1 cluster on AWS with Flatcar Linux. +In this tutorial, we'll create a Kubernetes v1.30.2 cluster on AWS with Flatcar Linux. We'll declare a Kubernetes cluster using the Typhoon Terraform module. Then apply the changes to create a VPC, gateway, subnets, security groups, controller instances, worker auto-scaling group, network load balancer, and TLS assets. @@ -72,7 +72,7 @@ Define a Kubernetes cluster using the module `aws/flatcar-linux/kubernetes`. ```tf module "tempest" { - source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes?ref=v1.30.1" + source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes?ref=v1.30.2" # AWS cluster_name = "tempest" @@ -145,9 +145,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/tempest-config $ kubectl get nodes NAME STATUS ROLES AGE VERSION -ip-10-0-3-155 Ready 10m v1.30.1 -ip-10-0-26-65 Ready 10m v1.30.1 -ip-10-0-41-21 Ready 10m v1.30.1 +ip-10-0-3-155 Ready 10m v1.30.2 +ip-10-0-26-65 Ready 10m v1.30.2 +ip-10-0-41-21 Ready 10m v1.30.2 ``` List the pods. diff --git a/docs/flatcar-linux/azure.md b/docs/flatcar-linux/azure.md index 59bff3e0..39ebb42f 100644 --- a/docs/flatcar-linux/azure.md +++ b/docs/flatcar-linux/azure.md @@ -1,6 +1,6 @@ # Azure -In this tutorial, we'll create a Kubernetes v1.30.1 cluster on Azure with Flatcar Linux. +In this tutorial, we'll create a Kubernetes v1.30.2 cluster on Azure with Flatcar Linux. We'll declare a Kubernetes cluster using the Typhoon Terraform module. Then apply the changes to create a resource group, virtual network, subnets, security groups, controller availability set, worker scale set, load balancer, and TLS assets. @@ -75,7 +75,7 @@ Define a Kubernetes cluster using the module `azure/flatcar-linux/kubernetes`. ```tf module "ramius" { - source = "git::https://github.com/poseidon/typhoon//azure/flatcar-linux/kubernetes?ref=v1.30.1" + source = "git::https://github.com/poseidon/typhoon//azure/flatcar-linux/kubernetes?ref=v1.30.2" # Azure cluster_name = "ramius" @@ -149,9 +149,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/ramius-config $ kubectl get nodes NAME STATUS ROLES AGE VERSION -ramius-controller-0 Ready 24m v1.30.1 -ramius-worker-000001 Ready 25m v1.30.1 -ramius-worker-000002 Ready 24m v1.30.1 +ramius-controller-0 Ready 24m v1.30.2 +ramius-worker-000001 Ready 25m v1.30.2 +ramius-worker-000002 Ready 24m v1.30.2 ``` List the pods. diff --git a/docs/flatcar-linux/bare-metal.md b/docs/flatcar-linux/bare-metal.md index 6a9d86d7..9930fd84 100644 --- a/docs/flatcar-linux/bare-metal.md +++ b/docs/flatcar-linux/bare-metal.md @@ -1,6 +1,6 @@ # Bare-Metal -In this tutorial, we'll network boot and provision a Kubernetes v1.30.1 cluster on bare-metal with Flatcar Linux. +In this tutorial, we'll network boot and provision a Kubernetes v1.30.2 cluster on bare-metal with Flatcar Linux. First, we'll deploy a [Matchbox](https://github.com/poseidon/matchbox) service and setup a network boot environment. Then, we'll declare a Kubernetes cluster using the Typhoon Terraform module and power on machines. On PXE boot, machines will install Container Linux to disk, reboot into the disk install, and provision themselves as Kubernetes controllers or workers via Ignition. @@ -154,7 +154,7 @@ Define a Kubernetes cluster using the module `bare-metal/flatcar-linux/kubernete ```tf module "mercury" { - source = "git::https://github.com/poseidon/typhoon//bare-metal/flatcar-linux/kubernetes?ref=v1.30.1" + source = "git::https://github.com/poseidon/typhoon//bare-metal/flatcar-linux/kubernetes?ref=v1.30.2" # bare-metal cluster_name = "mercury" @@ -194,7 +194,7 @@ Workers with similar features can be defined inline using the `workers` field as ```tf module "mercury-node1" { - source = "git::https://github.com/poseidon/typhoon//bare-metal/fedora-coreos/kubernetes/worker?ref=v1.30.1" + source = "git::https://github.com/poseidon/typhoon//bare-metal/fedora-coreos/kubernetes/worker?ref=v1.30.2" # bare-metal cluster_name = "mercury" @@ -323,9 +323,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/mercury-config $ kubectl get nodes NAME STATUS ROLES AGE VERSION -node1.example.com Ready 10m v1.30.1 -node2.example.com Ready 10m v1.30.1 -node3.example.com Ready 10m v1.30.1 +node1.example.com Ready 10m v1.30.2 +node2.example.com Ready 10m v1.30.2 +node3.example.com Ready 10m v1.30.2 ``` List the pods. diff --git a/docs/flatcar-linux/digitalocean.md b/docs/flatcar-linux/digitalocean.md index 4bc44156..9e0f8dbf 100644 --- a/docs/flatcar-linux/digitalocean.md +++ b/docs/flatcar-linux/digitalocean.md @@ -1,6 +1,6 @@ # DigitalOcean -In this tutorial, we'll create a Kubernetes v1.30.1 cluster on DigitalOcean with Flatcar Linux. +In this tutorial, we'll create a Kubernetes v1.30.2 cluster on DigitalOcean with Flatcar Linux. We'll declare a Kubernetes cluster using the Typhoon Terraform module. Then apply the changes to create controller droplets, worker droplets, DNS records, tags, and TLS assets. @@ -81,7 +81,7 @@ Define a Kubernetes cluster using the module `digital-ocean/flatcar-linux/kubern ```tf module "nemo" { - source = "git::https://github.com/poseidon/typhoon//digital-ocean/flatcar-linux/kubernetes?ref=v1.30.1" + source = "git::https://github.com/poseidon/typhoon//digital-ocean/flatcar-linux/kubernetes?ref=v1.30.2" # Digital Ocean cluster_name = "nemo" @@ -155,9 +155,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/nemo-config $ kubectl get nodes NAME STATUS ROLES AGE VERSION -10.132.110.130 Ready 10m v1.30.1 -10.132.115.81 Ready 10m v1.30.1 -10.132.124.107 Ready 10m v1.30.1 +10.132.110.130 Ready 10m v1.30.2 +10.132.115.81 Ready 10m v1.30.2 +10.132.124.107 Ready 10m v1.30.2 ``` List the pods. diff --git a/docs/flatcar-linux/google-cloud.md b/docs/flatcar-linux/google-cloud.md index c476b09e..11dc3541 100644 --- a/docs/flatcar-linux/google-cloud.md +++ b/docs/flatcar-linux/google-cloud.md @@ -1,6 +1,6 @@ # Google Cloud -In this tutorial, we'll create a Kubernetes v1.30.1 cluster on Google Compute Engine with Flatcar Linux. +In this tutorial, we'll create a Kubernetes v1.30.2 cluster on Google Compute Engine with Flatcar Linux. We'll declare a Kubernetes cluster using the Typhoon Terraform module. Then apply the changes to create a network, firewall rules, health checks, controller instances, worker managed instance group, load balancers, and TLS assets. @@ -73,7 +73,7 @@ Define a Kubernetes cluster using the module `google-cloud/flatcar-linux/kuberne ```tf module "yavin" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/flatcar-linux/kubernetes?ref=v1.30.1" + source = "git::https://github.com/poseidon/typhoon//google-cloud/flatcar-linux/kubernetes?ref=v1.30.2" # Google Cloud cluster_name = "yavin" @@ -147,9 +147,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/yavin-config $ kubectl get nodes NAME ROLES STATUS AGE VERSION -yavin-controller-0.c.example-com.internal Ready 6m v1.30.1 -yavin-worker-jrbf.c.example-com.internal Ready 5m v1.30.1 -yavin-worker-mzdm.c.example-com.internal Ready 5m v1.30.1 +yavin-controller-0.c.example-com.internal Ready 6m v1.30.2 +yavin-worker-jrbf.c.example-com.internal Ready 5m v1.30.2 +yavin-worker-mzdm.c.example-com.internal Ready 5m v1.30.2 ``` List the pods. diff --git a/docs/index.md b/docs/index.md index 5ababe58..5971ebf4 100644 --- a/docs/index.md +++ b/docs/index.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.30.1 (upstream) +* Kubernetes v1.30.2 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/), SELinux enforcing * Advanced features like [worker pools](advanced/worker-pools/), [preemptible](fedora-coreos/google-cloud/#preemption) workers, and [snippets](advanced/customization/#hosts) customization @@ -70,7 +70,7 @@ Define a Kubernetes cluster by using the Terraform module for your chosen platfo ```tf module "yavin" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.30.1" + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.30.2" # Google Cloud cluster_name = "yavin" @@ -108,9 +108,9 @@ In 4-8 minutes (varies by platform), the cluster will be ready. This Google Clou $ export KUBECONFIG=/home/user/.kube/configs/yavin-config $ kubectl get nodes NAME ROLES STATUS AGE VERSION -yavin-controller-0.c.example-com.internal Ready 6m v1.30.1 -yavin-worker-jrbf.c.example-com.internal Ready 5m v1.30.1 -yavin-worker-mzdm.c.example-com.internal Ready 5m v1.30.1 +yavin-controller-0.c.example-com.internal Ready 6m v1.30.2 +yavin-worker-jrbf.c.example-com.internal Ready 5m v1.30.2 +yavin-worker-mzdm.c.example-com.internal Ready 5m v1.30.2 ``` List the pods. diff --git a/docs/topics/maintenance.md b/docs/topics/maintenance.md index 6a503e97..55bffdbc 100644 --- a/docs/topics/maintenance.md +++ b/docs/topics/maintenance.md @@ -13,12 +13,12 @@ Typhoon provides tagged releases to allow clusters to be versioned using ordinar ``` module "yavin" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.30.1" + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.30.2" ... } module "mercury" { - source = "git::https://github.com/poseidon/typhoon//bare-metal/flatcar-linux/kubernetes?ref=v1.30.1" + source = "git::https://github.com/poseidon/typhoon//bare-metal/flatcar-linux/kubernetes?ref=v1.30.2" ... } ``` @@ -192,7 +192,7 @@ Applying edits to most worker fields will start an instance refresh: However, changing `os_stream`/`os_channel` or new AMIs becoming available will NOT change the launch configuration or trigger an Instance Refresh. This allows Fedora CoreOS or Flatcar Linux to auto-update themselves via reboots and avoids unexpected terraform diffs for new AMIs. !!! note - Before Typhoon v1.30.1, worker nodes only used new launch configurations when replaced manually (or due to failure). If you must change node configuration manually, it's still possible. Create a new [worker pool](../advanced/worker-pools.md), then scale down the old worker pool as desired. + Before Typhoon v1.30.2, worker nodes only used new launch configurations when replaced manually (or due to failure). If you must change node configuration manually, it's still possible. Create a new [worker pool](../advanced/worker-pools.md), then scale down the old worker pool as desired. ### Google Cloud @@ -233,7 +233,7 @@ Applying edits to most worker fields will start an instance refresh: However, changing `os_stream`/`os_channel` or new compute images becoming available will NOT change the launch template or update instances. This allows Fedora CoreOS or Flatcar Linux to auto-update themselves via reboots and avoids unexpected terraform diffs for new AMIs. !!! note - Before Typhoon v1.30.1, worker nodes only used new launch templates when replaced manually (or due to failure). If you must change node configuration manually, it's still possible. Create a new [worker pool](../advanced/worker-pools.md), then scale down the old worker pool as desired. + Before Typhoon v1.30.2, worker nodes only used new launch templates when replaced manually (or due to failure). If you must change node configuration manually, it's still possible. Create a new [worker pool](../advanced/worker-pools.md), then scale down the old worker pool as desired. ## Upgrade poseidon/ct diff --git a/google-cloud/fedora-coreos/kubernetes/README.md b/google-cloud/fedora-coreos/kubernetes/README.md index a22871b8..f647131d 100644 --- a/google-cloud/fedora-coreos/kubernetes/README.md +++ b/google-cloud/fedora-coreos/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.30.1 (upstream) +* Kubernetes v1.30.2 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/), SELinux enforcing * Advanced features like [worker pools](https://typhoon.psdn.io/advanced/worker-pools/), [preemptible](https://typhoon.psdn.io/fedora-coreos/google-cloud/#preemption) workers, and [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/google-cloud/fedora-coreos/kubernetes/bootstrap.tf b/google-cloud/fedora-coreos/kubernetes/bootstrap.tf index fe270ff2..64db6409 100644 --- a/google-cloud/fedora-coreos/kubernetes/bootstrap.tf +++ b/google-cloud/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=e1b1e0c75e77e042cf369f463f0e656297a201a8" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=886f501bf7b624fc12acac83449b81d0dc8b8849" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/google-cloud/fedora-coreos/kubernetes/butane/controller.yaml b/google-cloud/fedora-coreos/kubernetes/butane/controller.yaml index 6e3d3d51..4cbe0aef 100644 --- a/google-cloud/fedora-coreos/kubernetes/butane/controller.yaml +++ b/google-cloud/fedora-coreos/kubernetes/butane/controller.yaml @@ -54,7 +54,7 @@ systemd: Description=Kubelet (System Container) Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.1 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.2 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin @@ -111,7 +111,7 @@ systemd: --volume /opt/bootstrap/assets:/assets:ro,Z \ --volume /opt/bootstrap/apply:/apply:ro,Z \ --entrypoint=/apply \ - quay.io/poseidon/kubelet:v1.30.1 + quay.io/poseidon/kubelet:v1.30.2 ExecStartPost=/bin/touch /opt/bootstrap/bootstrap.done ExecStartPost=-/usr/bin/podman stop bootstrap storage: diff --git a/google-cloud/fedora-coreos/kubernetes/workers/butane/worker.yaml b/google-cloud/fedora-coreos/kubernetes/workers/butane/worker.yaml index 27601f27..ad5d7247 100644 --- a/google-cloud/fedora-coreos/kubernetes/workers/butane/worker.yaml +++ b/google-cloud/fedora-coreos/kubernetes/workers/butane/worker.yaml @@ -26,7 +26,7 @@ systemd: Description=Kubelet (System Container) Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.1 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.2 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin diff --git a/google-cloud/flatcar-linux/kubernetes/README.md b/google-cloud/flatcar-linux/kubernetes/README.md index c061988e..dc3fde50 100644 --- a/google-cloud/flatcar-linux/kubernetes/README.md +++ b/google-cloud/flatcar-linux/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.30.1 (upstream) +* Kubernetes v1.30.2 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/) * Advanced features like [worker pools](https://typhoon.psdn.io/advanced/worker-pools/), [preemptible](https://typhoon.psdn.io/flatcar-linux/google-cloud/#preemption) workers, and [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/google-cloud/flatcar-linux/kubernetes/bootstrap.tf b/google-cloud/flatcar-linux/kubernetes/bootstrap.tf index fe270ff2..64db6409 100644 --- a/google-cloud/flatcar-linux/kubernetes/bootstrap.tf +++ b/google-cloud/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=e1b1e0c75e77e042cf369f463f0e656297a201a8" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=886f501bf7b624fc12acac83449b81d0dc8b8849" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/google-cloud/flatcar-linux/kubernetes/butane/controller.yaml b/google-cloud/flatcar-linux/kubernetes/butane/controller.yaml index 7ba4298f..4184fd1a 100644 --- a/google-cloud/flatcar-linux/kubernetes/butane/controller.yaml +++ b/google-cloud/flatcar-linux/kubernetes/butane/controller.yaml @@ -56,7 +56,7 @@ systemd: After=docker.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.1 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.2 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin @@ -105,7 +105,7 @@ systemd: Type=oneshot RemainAfterExit=true WorkingDirectory=/opt/bootstrap - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.1 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.2 ExecStart=/usr/bin/docker run \ -v /etc/kubernetes/pki:/etc/kubernetes/pki:ro \ -v /opt/bootstrap/assets:/assets:ro \ diff --git a/google-cloud/flatcar-linux/kubernetes/workers/butane/worker.yaml b/google-cloud/flatcar-linux/kubernetes/workers/butane/worker.yaml index 5a25e5cb..066ba52c 100644 --- a/google-cloud/flatcar-linux/kubernetes/workers/butane/worker.yaml +++ b/google-cloud/flatcar-linux/kubernetes/workers/butane/worker.yaml @@ -28,7 +28,7 @@ systemd: After=docker.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.1 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.2 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin From 3483ed8bd59e84f63632e3421f132e646d1fc663 Mon Sep 17 00:00:00 2001 From: "dghubble-renovate[bot]" <119624128+dghubble-renovate[bot]@users.noreply.github.com> Date: Tue, 2 Jul 2024 23:06:00 +0000 Subject: [PATCH 065/132] Bump mkdocs-material from 9.5.27 to v9.5.28 --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 1b3620df..069770b0 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,4 +1,4 @@ mkdocs==1.6.0 -mkdocs-material==9.5.27 +mkdocs-material==9.5.28 pygments==2.18.0 pymdown-extensions==10.8.1 From 48d497395751d889a436b29da0a7afb484d3a715 Mon Sep 17 00:00:00 2001 From: Dalton Hubble Date: Fri, 5 Jul 2024 17:21:50 -0700 Subject: [PATCH 066/132] Add IPv6 support for Typhoon Azure clusters * Define a dual-stack virtual network with both IPv4 and IPv6 private address space. Change `host_cidr` variable (string) to a `network_cidr` variable (object) with "ipv4" and "ipv6" fields that list CIDR strings. * Define dual-stack controller and worker subnets. Disable Azure default outbound access (a deprecated fallback mechanism) * Enable dual-stack load balancing to Kubernetes Ingress by adding a public IPv6 frontend IP and LB rule to the load balancer. * Enable worker outbound IPv6 connectivity through load balancer SNAT by adding an IPv6 frontend IP and outbound rule * Configure controller nodes with a public IPv6 address to provide direct outbound IPv6 connectivity * Add an IPv6 worker backend pool. Azure requires separate IPv4 and IPv6 backend pools, though the health probe can be shared * Extend network security group rules for IPv6 source/destinations Checklist: Access to controller and worker nodes via IPv6 addresses: * SSH access to controller nodes via public IPv6 address * SSH access to worker nodes via (private) IPv6 address (via controller) Outbound IPv6 connectivity from controller and worker nodes: ``` nc -6 -zv ipv6.google.com 80 Ncat: Version 7.94 ( https://nmap.org/ncat ) Ncat: Connected to [2607:f8b0:4001:c16::66]:80. Ncat: 0 bytes sent, 0 bytes received in 0.02 seconds. ``` Serve Ingress traffic via IPv4 or IPv6 just requires setting up A and AAAA records and running the ingress controller with `hostNetwork: true` since, hostPort only forwards IPv4 traffic --- CHANGES.md | 32 +++ azure/fedora-coreos/kubernetes/controllers.tf | 80 ++++-- azure/fedora-coreos/kubernetes/lb.tf | 130 ++++++--- azure/fedora-coreos/kubernetes/locals.tf | 6 + azure/fedora-coreos/kubernetes/network.tf | 52 +++- azure/fedora-coreos/kubernetes/outputs.tf | 18 +- azure/fedora-coreos/kubernetes/security.tf | 272 +++++++++--------- azure/fedora-coreos/kubernetes/ssh.tf | 4 +- azure/fedora-coreos/kubernetes/variables.tf | 13 +- azure/fedora-coreos/kubernetes/workers.tf | 10 +- .../kubernetes/workers/variables.tf | 9 +- .../kubernetes/workers/workers.tf | 53 ++-- azure/flatcar-linux/kubernetes/controllers.tf | 111 ++++--- azure/flatcar-linux/kubernetes/lb.tf | 132 ++++++--- azure/flatcar-linux/kubernetes/locals.tf | 6 + azure/flatcar-linux/kubernetes/network.tf | 52 +++- azure/flatcar-linux/kubernetes/outputs.tf | 18 +- azure/flatcar-linux/kubernetes/security.tf | 272 +++++++++--------- azure/flatcar-linux/kubernetes/ssh.tf | 4 +- azure/flatcar-linux/kubernetes/variables.tf | 13 +- azure/flatcar-linux/kubernetes/workers.tf | 10 +- .../kubernetes/workers/variables.tf | 9 +- .../kubernetes/workers/workers.tf | 53 ++-- docs/addons/ingress.md | 17 +- docs/advanced/worker-pools.md | 26 +- docs/architecture/azure.md | 39 ++- docs/fedora-coreos/azure.md | 12 +- docs/flatcar-linux/azure.md | 6 +- 28 files changed, 899 insertions(+), 560 deletions(-) create mode 100644 azure/fedora-coreos/kubernetes/locals.tf create mode 100644 azure/flatcar-linux/kubernetes/locals.tf diff --git a/CHANGES.md b/CHANGES.md index f226ceca..45efc341 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -4,6 +4,38 @@ Notable changes between versions. ## Latest +### Azure + +* Configure the virtual network and subnets with IPv6 private address space + * Change `host_cidr` variable (string) to a `network_cidr` object with `ipv4` and `ipv6` fields that list CIDR strings. Leave the variable unset to use the defaults. (**breaking**) +* Add support for dual-stack Kubernetes Ingress Load Balancing + * Add a public IPv6 frontend, 80/443 rules, and a worker-ipv6 backend pool + * Change the `controller_address_prefixes` output from a list of strings to an object with `ipv4` and `ipv6` fields. Most Azure resources can't accept a mix, so these are split out (**breaking**) + * Change the `worker_address_prefixes` output from a list of strings to an object with `ipv4` and `ipv6` fields. Most Azure resources can't accept a mix, so these are split out (**breaking**) + * Change the `backend_address_pool_id` output (and worker module input) from a string to an object with `ipv4` and `ipv6` fields that list ids (**breaking**) +* Configure nodes to have outbound IPv6 internet connectivity (analogous to IPv4 SNAT) + * Configure controller nodes to have a public IPv6 address + * Configure worker nodes to use outbound rules and the load balancer for SNAT +* Extend network security rules to allow IPv6 traffic, analogous to IPv4 + +```diff +module "cluster" { + ... + # optional +- host_cidr = "10.0.0.0/16" ++ network_cidr = { ++ ipv4 = ["10.0.0.0/16"] ++ } +} +``` + +## v1.30.2 + +* Kubernetes [v1.30.2](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.30.md#v1302) +* Update CoreDNS from v1.9.4 to v1.11.1 +* Update Cilium from v1.15.5 to [v1.15.6](https://github.com/cilium/cilium/releases/tag/v1.15.6) +* Update flannel from v0.25.1 to [v0.25.4](https://github.com/flannel-io/flannel/releases/tag/v0.25.4) + ## v1.30.1 * Kubernetes [v1.30.1](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.30.md#v1301) diff --git a/azure/fedora-coreos/kubernetes/controllers.tf b/azure/fedora-coreos/kubernetes/controllers.tf index 6381f1d0..346d6584 100644 --- a/azure/fedora-coreos/kubernetes/controllers.tf +++ b/azure/fedora-coreos/kubernetes/controllers.tf @@ -19,14 +19,13 @@ resource "azurerm_dns_a_record" "etcds" { ttl = 300 # private IPv4 address for etcd - records = [azurerm_network_interface.controllers.*.private_ip_address[count.index]] + records = [azurerm_network_interface.controllers[count.index].private_ip_address] } # Controller availability set to spread controllers resource "azurerm_availability_set" "controllers" { - resource_group_name = azurerm_resource_group.cluster.name - name = "${var.cluster_name}-controllers" + resource_group_name = azurerm_resource_group.cluster.name location = var.region platform_fault_domain_count = 2 platform_update_domain_count = 4 @@ -35,15 +34,13 @@ resource "azurerm_availability_set" "controllers" { # Controller instances resource "azurerm_linux_virtual_machine" "controllers" { - count = var.controller_count - resource_group_name = azurerm_resource_group.cluster.name + count = var.controller_count name = "${var.cluster_name}-controller-${count.index}" + resource_group_name = azurerm_resource_group.cluster.name location = var.region availability_set_id = azurerm_availability_set.controllers.id - - size = var.controller_type - custom_data = base64encode(data.ct_config.controllers.*.rendered[count.index]) + size = var.controller_type # storage source_image_id = var.os_image @@ -56,10 +53,16 @@ resource "azurerm_linux_virtual_machine" "controllers" { # network network_interface_ids = [ - azurerm_network_interface.controllers.*.id[count.index] + azurerm_network_interface.controllers[count.index].id ] - # Azure requires setting admin_ssh_key, though Ignition custom_data handles it too + # boot + custom_data = base64encode(data.ct_config.controllers[count.index].rendered) + boot_diagnostics { + # defaults to a managed storage account + } + + # Azure requires an RSA admin_ssh_key admin_username = "core" admin_ssh_key { username = "core" @@ -74,31 +77,52 @@ resource "azurerm_linux_virtual_machine" "controllers" { } } -# Controller public IPv4 addresses -resource "azurerm_public_ip" "controllers" { - count = var.controller_count - resource_group_name = azurerm_resource_group.cluster.name +# Controller node public IPv4 addresses +resource "azurerm_public_ip" "controllers-ipv4" { + count = var.controller_count - name = "${var.cluster_name}-controller-${count.index}" - location = azurerm_resource_group.cluster.location - sku = "Standard" - allocation_method = "Static" + name = "${var.cluster_name}-controller-${count.index}-ipv4" + resource_group_name = azurerm_resource_group.cluster.name + location = azurerm_resource_group.cluster.location + ip_version = "IPv4" + sku = "Standard" + allocation_method = "Static" } -# Controller NICs with public and private IPv4 -resource "azurerm_network_interface" "controllers" { - count = var.controller_count - resource_group_name = azurerm_resource_group.cluster.name +# Controller node public IPv6 addresses +resource "azurerm_public_ip" "controllers-ipv6" { + count = var.controller_count - name = "${var.cluster_name}-controller-${count.index}" - location = azurerm_resource_group.cluster.location + name = "${var.cluster_name}-controller-${count.index}-ipv6" + resource_group_name = azurerm_resource_group.cluster.name + location = azurerm_resource_group.cluster.location + ip_version = "IPv6" + sku = "Standard" + allocation_method = "Static" +} + +# Controllers' network interfaces +resource "azurerm_network_interface" "controllers" { + count = var.controller_count + + name = "${var.cluster_name}-controller-${count.index}" + resource_group_name = azurerm_resource_group.cluster.name + location = azurerm_resource_group.cluster.location ip_configuration { - name = "ip0" + name = "ipv4" + primary = true subnet_id = azurerm_subnet.controller.id private_ip_address_allocation = "Dynamic" - # instance public IPv4 - public_ip_address_id = azurerm_public_ip.controllers.*.id[count.index] + private_ip_address_version = "IPv4" + public_ip_address_id = azurerm_public_ip.controllers-ipv4[count.index].id + } + ip_configuration { + name = "ipv6" + subnet_id = azurerm_subnet.controller.id + private_ip_address_allocation = "Dynamic" + private_ip_address_version = "IPv6" + public_ip_address_id = azurerm_public_ip.controllers-ipv6[count.index].id } } @@ -115,7 +139,7 @@ resource "azurerm_network_interface_backend_address_pool_association" "controlle count = var.controller_count network_interface_id = azurerm_network_interface.controllers[count.index].id - ip_configuration_name = "ip0" + ip_configuration_name = "ipv4" backend_address_pool_id = azurerm_lb_backend_address_pool.controller.id } diff --git a/azure/fedora-coreos/kubernetes/lb.tf b/azure/fedora-coreos/kubernetes/lb.tf index 4e139471..e9a7223f 100644 --- a/azure/fedora-coreos/kubernetes/lb.tf +++ b/azure/fedora-coreos/kubernetes/lb.tf @@ -15,31 +15,39 @@ resource "azurerm_dns_a_record" "apiserver" { # Static IPv4 address for the apiserver frontend resource "azurerm_public_ip" "apiserver-ipv4" { + name = "${var.cluster_name}-apiserver-ipv4" resource_group_name = azurerm_resource_group.cluster.name - - name = "${var.cluster_name}-apiserver-ipv4" - location = var.region - sku = "Standard" - allocation_method = "Static" + location = var.region + sku = "Standard" + allocation_method = "Static" } # Static IPv4 address for the ingress frontend resource "azurerm_public_ip" "ingress-ipv4" { + name = "${var.cluster_name}-ingress-ipv4" resource_group_name = azurerm_resource_group.cluster.name + location = var.region + ip_version = "IPv4" + sku = "Standard" + allocation_method = "Static" +} - name = "${var.cluster_name}-ingress-ipv4" - location = var.region - sku = "Standard" - allocation_method = "Static" +# Static IPv6 address for the ingress frontend +resource "azurerm_public_ip" "ingress-ipv6" { + name = "${var.cluster_name}-ingress-ipv6" + resource_group_name = azurerm_resource_group.cluster.name + location = var.region + ip_version = "IPv6" + sku = "Standard" + allocation_method = "Static" } # Network Load Balancer for apiservers and ingress resource "azurerm_lb" "cluster" { + name = var.cluster_name resource_group_name = azurerm_resource_group.cluster.name - - name = var.cluster_name - location = var.region - sku = "Standard" + location = var.region + sku = "Standard" frontend_ip_configuration { name = "apiserver" @@ -47,15 +55,21 @@ resource "azurerm_lb" "cluster" { } frontend_ip_configuration { - name = "ingress" + name = "ingress-ipv4" public_ip_address_id = azurerm_public_ip.ingress-ipv4.id } + + frontend_ip_configuration { + name = "ingress-ipv6" + public_ip_address_id = azurerm_public_ip.ingress-ipv6.id + } } resource "azurerm_lb_rule" "apiserver" { name = "apiserver" loadbalancer_id = azurerm_lb.cluster.id frontend_ip_configuration_name = "apiserver" + disable_outbound_snat = true protocol = "Tcp" frontend_port = 6443 @@ -64,44 +78,60 @@ resource "azurerm_lb_rule" "apiserver" { probe_id = azurerm_lb_probe.apiserver.id } -resource "azurerm_lb_rule" "ingress-http" { - name = "ingress-http" +resource "azurerm_lb_rule" "ingress-http-ipv4" { + name = "ingress-http-ipv4" loadbalancer_id = azurerm_lb.cluster.id - frontend_ip_configuration_name = "ingress" + frontend_ip_configuration_name = "ingress-ipv4" disable_outbound_snat = true protocol = "Tcp" frontend_port = 80 backend_port = 80 - backend_address_pool_ids = [azurerm_lb_backend_address_pool.worker.id] + backend_address_pool_ids = [azurerm_lb_backend_address_pool.worker-ipv4.id] probe_id = azurerm_lb_probe.ingress.id } -resource "azurerm_lb_rule" "ingress-https" { - name = "ingress-https" +resource "azurerm_lb_rule" "ingress-https-ipv4" { + name = "ingress-https-ipv4" loadbalancer_id = azurerm_lb.cluster.id - frontend_ip_configuration_name = "ingress" + frontend_ip_configuration_name = "ingress-ipv4" disable_outbound_snat = true protocol = "Tcp" frontend_port = 443 backend_port = 443 - backend_address_pool_ids = [azurerm_lb_backend_address_pool.worker.id] + backend_address_pool_ids = [azurerm_lb_backend_address_pool.worker-ipv4.id] probe_id = azurerm_lb_probe.ingress.id } -# Worker outbound TCP/UDP SNAT -resource "azurerm_lb_outbound_rule" "worker-outbound" { - name = "worker" - loadbalancer_id = azurerm_lb.cluster.id - frontend_ip_configuration { - name = "ingress" - } +resource "azurerm_lb_rule" "ingress-http-ipv6" { + name = "ingress-http-ipv6" + loadbalancer_id = azurerm_lb.cluster.id + frontend_ip_configuration_name = "ingress-ipv6" + disable_outbound_snat = true - protocol = "All" - backend_address_pool_id = azurerm_lb_backend_address_pool.worker.id + protocol = "Tcp" + frontend_port = 80 + backend_port = 80 + backend_address_pool_ids = [azurerm_lb_backend_address_pool.worker-ipv6.id] + probe_id = azurerm_lb_probe.ingress.id } +resource "azurerm_lb_rule" "ingress-https-ipv6" { + name = "ingress-https-ipv6" + loadbalancer_id = azurerm_lb.cluster.id + frontend_ip_configuration_name = "ingress-ipv6" + disable_outbound_snat = true + + protocol = "Tcp" + frontend_port = 443 + backend_port = 443 + backend_address_pool_ids = [azurerm_lb_backend_address_pool.worker-ipv6.id] + probe_id = azurerm_lb_probe.ingress.id +} + +# Backend Address Pools + # Address pool of controllers resource "azurerm_lb_backend_address_pool" "controller" { name = "controller" @@ -109,8 +139,13 @@ resource "azurerm_lb_backend_address_pool" "controller" { } # Address pool of workers -resource "azurerm_lb_backend_address_pool" "worker" { - name = "worker" +resource "azurerm_lb_backend_address_pool" "worker-ipv4" { + name = "worker-ipv4" + loadbalancer_id = azurerm_lb.cluster.id +} + +resource "azurerm_lb_backend_address_pool" "worker-ipv6" { + name = "worker-ipv6" loadbalancer_id = azurerm_lb.cluster.id } @@ -122,10 +157,8 @@ resource "azurerm_lb_probe" "apiserver" { loadbalancer_id = azurerm_lb.cluster.id protocol = "Tcp" port = 6443 - # unhealthy threshold - number_of_probes = 3 - + number_of_probes = 3 interval_in_seconds = 5 } @@ -136,10 +169,29 @@ resource "azurerm_lb_probe" "ingress" { protocol = "Http" port = 10254 request_path = "/healthz" - # unhealthy threshold - number_of_probes = 3 - + number_of_probes = 3 interval_in_seconds = 5 } +# Outbound SNAT + +resource "azurerm_lb_outbound_rule" "outbound-ipv4" { + name = "outbound-ipv4" + protocol = "All" + loadbalancer_id = azurerm_lb.cluster.id + backend_address_pool_id = azurerm_lb_backend_address_pool.worker-ipv4.id + frontend_ip_configuration { + name = "ingress-ipv4" + } +} + +resource "azurerm_lb_outbound_rule" "outbound-ipv6" { + name = "outbound-ipv6" + protocol = "All" + loadbalancer_id = azurerm_lb.cluster.id + backend_address_pool_id = azurerm_lb_backend_address_pool.worker-ipv6.id + frontend_ip_configuration { + name = "ingress-ipv6" + } +} diff --git a/azure/fedora-coreos/kubernetes/locals.tf b/azure/fedora-coreos/kubernetes/locals.tf new file mode 100644 index 00000000..0c840906 --- /dev/null +++ b/azure/fedora-coreos/kubernetes/locals.tf @@ -0,0 +1,6 @@ +locals { + backend_address_pool_ids = { + ipv4 = [azurerm_lb_backend_address_pool.worker-ipv4.id] + ipv6 = [azurerm_lb_backend_address_pool.worker-ipv6.id] + } +} diff --git a/azure/fedora-coreos/kubernetes/network.tf b/azure/fedora-coreos/kubernetes/network.tf index 0fcaa8b8..1f1599fd 100644 --- a/azure/fedora-coreos/kubernetes/network.tf +++ b/azure/fedora-coreos/kubernetes/network.tf @@ -1,3 +1,21 @@ +locals { + # Subdivide the virtual network into subnets + # - controllers use netnum 0 + # - workers use netnum 1 + controller_subnets = { + ipv4 = [for i, cidr in var.network_cidr.ipv4 : cidrsubnet(cidr, 1, 0)] + ipv6 = [for i, cidr in var.network_cidr.ipv6 : cidrsubnet(cidr, 16, 0)] + } + worker_subnets = { + ipv4 = [for i, cidr in var.network_cidr.ipv4 : cidrsubnet(cidr, 1, 1)] + ipv6 = [for i, cidr in var.network_cidr.ipv6 : cidrsubnet(cidr, 16, 1)] + } + cluster_subnets = { + ipv4 = concat(local.controller_subnets.ipv4, local.worker_subnets.ipv4) + ipv6 = concat(local.controller_subnets.ipv6, local.worker_subnets.ipv6) + } +} + # Organize cluster into a resource group resource "azurerm_resource_group" "cluster" { name = var.cluster_name @@ -5,23 +23,30 @@ resource "azurerm_resource_group" "cluster" { } resource "azurerm_virtual_network" "network" { + name = var.cluster_name resource_group_name = azurerm_resource_group.cluster.name + location = azurerm_resource_group.cluster.location + address_space = concat( + var.network_cidr.ipv4, + var.network_cidr.ipv6 + ) - name = var.cluster_name - location = azurerm_resource_group.cluster.location - address_space = [var.host_cidr] } -# Subnets - separate subnets for controller and workers because Azure -# network security groups are based on IPv4 CIDR rather than instance -# tags like GCP or security group membership like AWS +# Subnets - separate subnets for controllers and workers because Azure +# network security groups are oriented around address prefixes rather +# than instance tags (GCP) or security group membership (AWS) resource "azurerm_subnet" "controller" { - resource_group_name = azurerm_resource_group.cluster.name - name = "controller" + resource_group_name = azurerm_resource_group.cluster.name virtual_network_name = azurerm_virtual_network.network.name - address_prefixes = [cidrsubnet(var.host_cidr, 1, 0)] + address_prefixes = concat( + local.controller_subnets.ipv4, + local.controller_subnets.ipv6, + ) + default_outbound_access_enabled = false + } resource "azurerm_subnet_network_security_group_association" "controller" { @@ -30,11 +55,14 @@ resource "azurerm_subnet_network_security_group_association" "controller" { } resource "azurerm_subnet" "worker" { - resource_group_name = azurerm_resource_group.cluster.name - name = "worker" + resource_group_name = azurerm_resource_group.cluster.name virtual_network_name = azurerm_virtual_network.network.name - address_prefixes = [cidrsubnet(var.host_cidr, 1, 1)] + address_prefixes = concat( + local.worker_subnets.ipv4, + local.worker_subnets.ipv6, + ) + default_outbound_access_enabled = false } resource "azurerm_subnet_network_security_group_association" "worker" { diff --git a/azure/fedora-coreos/kubernetes/outputs.tf b/azure/fedora-coreos/kubernetes/outputs.tf index 5794caad..8b6f4897 100644 --- a/azure/fedora-coreos/kubernetes/outputs.tf +++ b/azure/fedora-coreos/kubernetes/outputs.tf @@ -10,6 +10,11 @@ output "ingress_static_ipv4" { description = "IPv4 address of the load balancer for distributing traffic to Ingress controllers" } +output "ingress_static_ipv6" { + value = azurerm_public_ip.ingress-ipv6.ip_address + description = "IPv6 address of the load balancer for distributing traffic to Ingress controllers" +} + # Outputs for worker pools output "region" { @@ -51,12 +56,12 @@ output "worker_security_group_name" { output "controller_address_prefixes" { description = "Controller network subnet CIDR addresses (for source/destination)" - value = azurerm_subnet.controller.address_prefixes + value = local.controller_subnets } output "worker_address_prefixes" { description = "Worker network subnet CIDR addresses (for source/destination)" - value = azurerm_subnet.worker.address_prefixes + value = local.worker_subnets } # Outputs for custom load balancing @@ -66,9 +71,12 @@ output "loadbalancer_id" { value = azurerm_lb.cluster.id } -output "backend_address_pool_id" { - description = "ID of the worker backend address pool" - value = azurerm_lb_backend_address_pool.worker.id +output "backend_address_pool_ids" { + description = "IDs of the worker backend address pools" + value = { + ipv4 = [azurerm_lb_backend_address_pool.worker-ipv4.id] + ipv6 = [azurerm_lb_backend_address_pool.worker-ipv6.id] + } } # Outputs for debug diff --git a/azure/fedora-coreos/kubernetes/security.tf b/azure/fedora-coreos/kubernetes/security.tf index 4d6110a0..f9a70273 100644 --- a/azure/fedora-coreos/kubernetes/security.tf +++ b/azure/fedora-coreos/kubernetes/security.tf @@ -1,214 +1,223 @@ # Controller security group resource "azurerm_network_security_group" "controller" { + name = "${var.cluster_name}-controller" resource_group_name = azurerm_resource_group.cluster.name - - name = "${var.cluster_name}-controller" - location = azurerm_resource_group.cluster.location + location = azurerm_resource_group.cluster.location } resource "azurerm_network_security_rule" "controller-icmp" { - resource_group_name = azurerm_resource_group.cluster.name + for_each = local.controller_subnets - name = "allow-icmp" + name = "allow-icmp-${each.key}" + resource_group_name = azurerm_resource_group.cluster.name network_security_group_name = azurerm_network_security_group.controller.name - priority = "1995" + priority = 1995 + (each.key == "ipv4" ? 0 : 1) access = "Allow" direction = "Inbound" protocol = "Icmp" source_port_range = "*" destination_port_range = "*" - source_address_prefixes = concat(azurerm_subnet.controller.address_prefixes, azurerm_subnet.worker.address_prefixes) - destination_address_prefixes = azurerm_subnet.controller.address_prefixes + source_address_prefixes = local.cluster_subnets[each.key] + destination_address_prefixes = local.controller_subnets[each.key] } resource "azurerm_network_security_rule" "controller-ssh" { - resource_group_name = azurerm_resource_group.cluster.name + for_each = local.controller_subnets - name = "allow-ssh" + name = "allow-ssh-${each.key}" + resource_group_name = azurerm_resource_group.cluster.name network_security_group_name = azurerm_network_security_group.controller.name - priority = "2000" + priority = 2000 + (each.key == "ipv4" ? 0 : 1) access = "Allow" direction = "Inbound" protocol = "Tcp" source_port_range = "*" destination_port_range = "22" source_address_prefix = "*" - destination_address_prefixes = azurerm_subnet.controller.address_prefixes + destination_address_prefixes = local.controller_subnets[each.key] } resource "azurerm_network_security_rule" "controller-etcd" { - resource_group_name = azurerm_resource_group.cluster.name + for_each = local.controller_subnets - name = "allow-etcd" + name = "allow-etcd-${each.key}" + resource_group_name = azurerm_resource_group.cluster.name network_security_group_name = azurerm_network_security_group.controller.name - priority = "2005" + priority = 2005 + (each.key == "ipv4" ? 0 : 1) access = "Allow" direction = "Inbound" protocol = "Tcp" source_port_range = "*" destination_port_range = "2379-2380" - source_address_prefixes = azurerm_subnet.controller.address_prefixes - destination_address_prefixes = azurerm_subnet.controller.address_prefixes + source_address_prefixes = local.controller_subnets[each.key] + destination_address_prefixes = local.controller_subnets[each.key] } # Allow Prometheus to scrape etcd metrics resource "azurerm_network_security_rule" "controller-etcd-metrics" { - resource_group_name = azurerm_resource_group.cluster.name + for_each = local.controller_subnets - name = "allow-etcd-metrics" + name = "allow-etcd-metrics-${each.key}" + resource_group_name = azurerm_resource_group.cluster.name network_security_group_name = azurerm_network_security_group.controller.name - priority = "2010" + priority = 2010 + (each.key == "ipv4" ? 0 : 1) access = "Allow" direction = "Inbound" protocol = "Tcp" source_port_range = "*" destination_port_range = "2381" - source_address_prefixes = azurerm_subnet.worker.address_prefixes - destination_address_prefixes = azurerm_subnet.controller.address_prefixes + source_address_prefixes = local.worker_subnets[each.key] + destination_address_prefixes = local.controller_subnets[each.key] } # Allow Prometheus to scrape kube-proxy metrics resource "azurerm_network_security_rule" "controller-kube-proxy" { - resource_group_name = azurerm_resource_group.cluster.name + for_each = local.controller_subnets - name = "allow-kube-proxy-metrics" + name = "allow-kube-proxy-metrics-${each.key}" + resource_group_name = azurerm_resource_group.cluster.name network_security_group_name = azurerm_network_security_group.controller.name - priority = "2011" + priority = 2012 + (each.key == "ipv4" ? 0 : 1) access = "Allow" direction = "Inbound" protocol = "Tcp" source_port_range = "*" destination_port_range = "10249" - source_address_prefixes = azurerm_subnet.worker.address_prefixes - destination_address_prefixes = azurerm_subnet.controller.address_prefixes + source_address_prefixes = local.worker_subnets[each.key] + destination_address_prefixes = local.controller_subnets[each.key] } # Allow Prometheus to scrape kube-scheduler and kube-controller-manager metrics resource "azurerm_network_security_rule" "controller-kube-metrics" { - resource_group_name = azurerm_resource_group.cluster.name + for_each = local.controller_subnets - name = "allow-kube-metrics" + name = "allow-kube-metrics-${each.key}" + resource_group_name = azurerm_resource_group.cluster.name network_security_group_name = azurerm_network_security_group.controller.name - priority = "2012" + priority = 2014 + (each.key == "ipv4" ? 0 : 1) access = "Allow" direction = "Inbound" protocol = "Tcp" source_port_range = "*" destination_port_range = "10257-10259" - source_address_prefixes = azurerm_subnet.worker.address_prefixes - destination_address_prefixes = azurerm_subnet.controller.address_prefixes + source_address_prefixes = local.worker_subnets[each.key] + destination_address_prefixes = local.controller_subnets[each.key] } resource "azurerm_network_security_rule" "controller-apiserver" { - resource_group_name = azurerm_resource_group.cluster.name + for_each = local.controller_subnets - name = "allow-apiserver" + name = "allow-apiserver-${each.key}" + resource_group_name = azurerm_resource_group.cluster.name network_security_group_name = azurerm_network_security_group.controller.name - priority = "2015" + priority = 2016 + (each.key == "ipv4" ? 0 : 1) access = "Allow" direction = "Inbound" protocol = "Tcp" source_port_range = "*" destination_port_range = "6443" source_address_prefix = "*" - destination_address_prefixes = azurerm_subnet.controller.address_prefixes + destination_address_prefixes = local.controller_subnets[each.key] } resource "azurerm_network_security_rule" "controller-cilium-health" { - resource_group_name = azurerm_resource_group.cluster.name - count = var.networking == "cilium" ? 1 : 0 + for_each = var.networking == "cilium" ? local.controller_subnets : {} - name = "allow-cilium-health" + name = "allow-cilium-health-${each.key}" + resource_group_name = azurerm_resource_group.cluster.name network_security_group_name = azurerm_network_security_group.controller.name - priority = "2018" + priority = 2018 + (each.key == "ipv4" ? 0 : 1) access = "Allow" direction = "Inbound" protocol = "Tcp" source_port_range = "*" destination_port_range = "4240" - source_address_prefixes = concat(azurerm_subnet.controller.address_prefixes, azurerm_subnet.worker.address_prefixes) - destination_address_prefixes = azurerm_subnet.controller.address_prefixes + source_address_prefixes = local.cluster_subnets[each.key] + destination_address_prefixes = local.controller_subnets[each.key] } resource "azurerm_network_security_rule" "controller-cilium-metrics" { - resource_group_name = azurerm_resource_group.cluster.name - count = var.networking == "cilium" ? 1 : 0 + for_each = var.networking == "cilium" ? local.controller_subnets : {} - name = "allow-cilium-metrics" + name = "allow-cilium-metrics-${each.key}" + resource_group_name = azurerm_resource_group.cluster.name network_security_group_name = azurerm_network_security_group.controller.name - priority = "2019" + priority = 2035 + (each.key == "ipv4" ? 0 : 1) access = "Allow" direction = "Inbound" protocol = "Tcp" source_port_range = "*" destination_port_range = "9962-9965" - source_address_prefixes = concat(azurerm_subnet.controller.address_prefixes, azurerm_subnet.worker.address_prefixes) - destination_address_prefixes = azurerm_subnet.controller.address_prefixes + source_address_prefixes = local.cluster_subnets[each.key] + destination_address_prefixes = local.controller_subnets[each.key] } resource "azurerm_network_security_rule" "controller-vxlan" { - resource_group_name = azurerm_resource_group.cluster.name + for_each = local.controller_subnets - name = "allow-vxlan" + name = "allow-vxlan-${each.key}" + resource_group_name = azurerm_resource_group.cluster.name network_security_group_name = azurerm_network_security_group.controller.name - priority = "2020" + priority = 2020 + (each.key == "ipv4" ? 0 : 1) access = "Allow" direction = "Inbound" protocol = "Udp" source_port_range = "*" destination_port_range = "4789" - source_address_prefixes = concat(azurerm_subnet.controller.address_prefixes, azurerm_subnet.worker.address_prefixes) - destination_address_prefixes = azurerm_subnet.controller.address_prefixes + source_address_prefixes = local.cluster_subnets[each.key] + destination_address_prefixes = local.controller_subnets[each.key] } resource "azurerm_network_security_rule" "controller-linux-vxlan" { - resource_group_name = azurerm_resource_group.cluster.name + for_each = local.controller_subnets - name = "allow-linux-vxlan" + name = "allow-linux-vxlan-${each.key}" + resource_group_name = azurerm_resource_group.cluster.name network_security_group_name = azurerm_network_security_group.controller.name - priority = "2021" + priority = 2022 + (each.key == "ipv4" ? 0 : 1) access = "Allow" direction = "Inbound" protocol = "Udp" source_port_range = "*" destination_port_range = "8472" - source_address_prefixes = concat(azurerm_subnet.controller.address_prefixes, azurerm_subnet.worker.address_prefixes) - destination_address_prefixes = azurerm_subnet.controller.address_prefixes + source_address_prefixes = local.cluster_subnets[each.key] + destination_address_prefixes = local.controller_subnets[each.key] } # Allow Prometheus to scrape node-exporter daemonset resource "azurerm_network_security_rule" "controller-node-exporter" { - resource_group_name = azurerm_resource_group.cluster.name + for_each = local.controller_subnets - name = "allow-node-exporter" + name = "allow-node-exporter-${each.key}" + resource_group_name = azurerm_resource_group.cluster.name network_security_group_name = azurerm_network_security_group.controller.name - priority = "2025" + priority = 2025 + (each.key == "ipv4" ? 0 : 1) access = "Allow" direction = "Inbound" protocol = "Tcp" source_port_range = "*" destination_port_range = "9100" - source_address_prefixes = azurerm_subnet.worker.address_prefixes - destination_address_prefixes = azurerm_subnet.controller.address_prefixes + source_address_prefixes = local.worker_subnets[each.key] + destination_address_prefixes = local.controller_subnets[each.key] } # Allow apiserver to access kubelet's for exec, log, port-forward resource "azurerm_network_security_rule" "controller-kubelet" { - resource_group_name = azurerm_resource_group.cluster.name + for_each = local.controller_subnets - name = "allow-kubelet" + name = "allow-kubelet-${each.key}" + resource_group_name = azurerm_resource_group.cluster.name network_security_group_name = azurerm_network_security_group.controller.name - priority = "2030" + priority = 2030 + (each.key == "ipv4" ? 0 : 1) access = "Allow" direction = "Inbound" protocol = "Tcp" source_port_range = "*" destination_port_range = "10250" - # allow Prometheus to scrape kubelet metrics too - source_address_prefixes = concat(azurerm_subnet.controller.address_prefixes, azurerm_subnet.worker.address_prefixes) - destination_address_prefixes = azurerm_subnet.controller.address_prefixes + source_address_prefixes = local.cluster_subnets[each.key] + destination_address_prefixes = local.controller_subnets[each.key] } # Override Azure AllowVNetInBound and AllowAzureLoadBalancerInBound @@ -247,182 +256,189 @@ resource "azurerm_network_security_rule" "controller-deny-all" { # Worker security group resource "azurerm_network_security_group" "worker" { + name = "${var.cluster_name}-worker" resource_group_name = azurerm_resource_group.cluster.name - - name = "${var.cluster_name}-worker" - location = azurerm_resource_group.cluster.location + location = azurerm_resource_group.cluster.location } resource "azurerm_network_security_rule" "worker-icmp" { - resource_group_name = azurerm_resource_group.cluster.name + for_each = local.worker_subnets - name = "allow-icmp" + name = "allow-icmp-${each.key}" + resource_group_name = azurerm_resource_group.cluster.name network_security_group_name = azurerm_network_security_group.worker.name - priority = "1995" + priority = 1995 + (each.key == "ipv4" ? 0 : 1) access = "Allow" direction = "Inbound" protocol = "Icmp" source_port_range = "*" destination_port_range = "*" - source_address_prefixes = concat(azurerm_subnet.controller.address_prefixes, azurerm_subnet.worker.address_prefixes) - destination_address_prefixes = azurerm_subnet.worker.address_prefixes + source_address_prefixes = local.cluster_subnets[each.key] + destination_address_prefixes = local.worker_subnets[each.key] } resource "azurerm_network_security_rule" "worker-ssh" { - resource_group_name = azurerm_resource_group.cluster.name + for_each = local.worker_subnets - name = "allow-ssh" + name = "allow-ssh-${each.key}" + resource_group_name = azurerm_resource_group.cluster.name network_security_group_name = azurerm_network_security_group.worker.name - priority = "2000" + priority = 2000 + (each.key == "ipv4" ? 0 : 1) access = "Allow" direction = "Inbound" protocol = "Tcp" source_port_range = "*" destination_port_range = "22" - source_address_prefixes = azurerm_subnet.controller.address_prefixes - destination_address_prefixes = azurerm_subnet.worker.address_prefixes + source_address_prefixes = local.controller_subnets[each.key] + destination_address_prefixes = local.worker_subnets[each.key] } resource "azurerm_network_security_rule" "worker-http" { - resource_group_name = azurerm_resource_group.cluster.name + for_each = local.worker_subnets - name = "allow-http" + name = "allow-http-${each.key}" + resource_group_name = azurerm_resource_group.cluster.name network_security_group_name = azurerm_network_security_group.worker.name - priority = "2005" + priority = 2005 + (each.key == "ipv4" ? 0 : 1) access = "Allow" direction = "Inbound" protocol = "Tcp" source_port_range = "*" destination_port_range = "80" source_address_prefix = "*" - destination_address_prefixes = azurerm_subnet.worker.address_prefixes + destination_address_prefixes = local.worker_subnets[each.key] } resource "azurerm_network_security_rule" "worker-https" { - resource_group_name = azurerm_resource_group.cluster.name + for_each = local.worker_subnets - name = "allow-https" + name = "allow-https-${each.key}" + resource_group_name = azurerm_resource_group.cluster.name network_security_group_name = azurerm_network_security_group.worker.name - priority = "2010" + priority = 2010 + (each.key == "ipv4" ? 0 : 1) access = "Allow" direction = "Inbound" protocol = "Tcp" source_port_range = "*" destination_port_range = "443" source_address_prefix = "*" - destination_address_prefixes = azurerm_subnet.worker.address_prefixes + destination_address_prefixes = local.worker_subnets[each.key] } resource "azurerm_network_security_rule" "worker-cilium-health" { - resource_group_name = azurerm_resource_group.cluster.name - count = var.networking == "cilium" ? 1 : 0 + for_each = var.networking == "cilium" ? local.worker_subnets : {} - name = "allow-cilium-health" + name = "allow-cilium-health-${each.key}" + resource_group_name = azurerm_resource_group.cluster.name network_security_group_name = azurerm_network_security_group.worker.name - priority = "2013" + priority = 2012 + (each.key == "ipv4" ? 0 : 1) access = "Allow" direction = "Inbound" protocol = "Tcp" source_port_range = "*" destination_port_range = "4240" - source_address_prefixes = concat(azurerm_subnet.controller.address_prefixes, azurerm_subnet.worker.address_prefixes) - destination_address_prefixes = azurerm_subnet.worker.address_prefixes + source_address_prefixes = local.cluster_subnets[each.key] + destination_address_prefixes = local.worker_subnets[each.key] } resource "azurerm_network_security_rule" "worker-cilium-metrics" { - resource_group_name = azurerm_resource_group.cluster.name - count = var.networking == "cilium" ? 1 : 0 + for_each = var.networking == "cilium" ? local.worker_subnets : {} - name = "allow-cilium-metrics" + name = "allow-cilium-metrics-${each.key}" + resource_group_name = azurerm_resource_group.cluster.name network_security_group_name = azurerm_network_security_group.worker.name - priority = "2014" + priority = 2014 + (each.key == "ipv4" ? 0 : 1) access = "Allow" direction = "Inbound" protocol = "Tcp" source_port_range = "*" destination_port_range = "9962-9965" - source_address_prefixes = concat(azurerm_subnet.controller.address_prefixes, azurerm_subnet.worker.address_prefixes) - destination_address_prefixes = azurerm_subnet.worker.address_prefixes + source_address_prefixes = local.cluster_subnets[each.key] + destination_address_prefixes = local.worker_subnets[each.key] } resource "azurerm_network_security_rule" "worker-vxlan" { - resource_group_name = azurerm_resource_group.cluster.name + for_each = local.worker_subnets - name = "allow-vxlan" + name = "allow-vxlan-${each.key}" + resource_group_name = azurerm_resource_group.cluster.name network_security_group_name = azurerm_network_security_group.worker.name - priority = "2015" + priority = 2016 + (each.key == "ipv4" ? 0 : 1) access = "Allow" direction = "Inbound" protocol = "Udp" source_port_range = "*" destination_port_range = "4789" - source_address_prefixes = concat(azurerm_subnet.controller.address_prefixes, azurerm_subnet.worker.address_prefixes) - destination_address_prefixes = azurerm_subnet.worker.address_prefixes + source_address_prefixes = local.cluster_subnets[each.key] + destination_address_prefixes = local.worker_subnets[each.key] } resource "azurerm_network_security_rule" "worker-linux-vxlan" { - resource_group_name = azurerm_resource_group.cluster.name + for_each = local.worker_subnets - name = "allow-linux-vxlan" + name = "allow-linux-vxlan-${each.key}" + resource_group_name = azurerm_resource_group.cluster.name network_security_group_name = azurerm_network_security_group.worker.name - priority = "2016" + priority = 2018 + (each.key == "ipv4" ? 0 : 1) access = "Allow" direction = "Inbound" protocol = "Udp" source_port_range = "*" destination_port_range = "8472" - source_address_prefixes = concat(azurerm_subnet.controller.address_prefixes, azurerm_subnet.worker.address_prefixes) - destination_address_prefixes = azurerm_subnet.worker.address_prefixes + source_address_prefixes = local.cluster_subnets[each.key] + destination_address_prefixes = local.worker_subnets[each.key] } # Allow Prometheus to scrape node-exporter daemonset resource "azurerm_network_security_rule" "worker-node-exporter" { - resource_group_name = azurerm_resource_group.cluster.name + for_each = local.worker_subnets - name = "allow-node-exporter" + name = "allow-node-exporter-${each.key}" + resource_group_name = azurerm_resource_group.cluster.name network_security_group_name = azurerm_network_security_group.worker.name - priority = "2020" + priority = 2020 + (each.key == "ipv4" ? 0 : 1) access = "Allow" direction = "Inbound" protocol = "Tcp" source_port_range = "*" destination_port_range = "9100" - source_address_prefixes = azurerm_subnet.worker.address_prefixes - destination_address_prefixes = azurerm_subnet.worker.address_prefixes + source_address_prefixes = local.worker_subnets[each.key] + destination_address_prefixes = local.worker_subnets[each.key] } # Allow Prometheus to scrape kube-proxy resource "azurerm_network_security_rule" "worker-kube-proxy" { - resource_group_name = azurerm_resource_group.cluster.name + for_each = local.worker_subnets - name = "allow-kube-proxy" + name = "allow-kube-proxy-${each.key}" + resource_group_name = azurerm_resource_group.cluster.name network_security_group_name = azurerm_network_security_group.worker.name - priority = "2024" + priority = 2024 + (each.key == "ipv4" ? 0 : 1) access = "Allow" direction = "Inbound" protocol = "Tcp" source_port_range = "*" destination_port_range = "10249" - source_address_prefixes = azurerm_subnet.worker.address_prefixes - destination_address_prefixes = azurerm_subnet.worker.address_prefixes + source_address_prefixes = local.worker_subnets[each.key] + destination_address_prefixes = local.worker_subnets[each.key] } # Allow apiserver to access kubelet's for exec, log, port-forward resource "azurerm_network_security_rule" "worker-kubelet" { - resource_group_name = azurerm_resource_group.cluster.name + for_each = local.worker_subnets - name = "allow-kubelet" + name = "allow-kubelet-${each.key}" + resource_group_name = azurerm_resource_group.cluster.name network_security_group_name = azurerm_network_security_group.worker.name - priority = "2025" + priority = 2026 + (each.key == "ipv4" ? 0 : 1) access = "Allow" direction = "Inbound" protocol = "Tcp" source_port_range = "*" destination_port_range = "10250" - # allow Prometheus to scrape kubelet metrics too - source_address_prefixes = concat(azurerm_subnet.controller.address_prefixes, azurerm_subnet.worker.address_prefixes) - destination_address_prefixes = azurerm_subnet.worker.address_prefixes + source_address_prefixes = local.cluster_subnets[each.key] + destination_address_prefixes = local.worker_subnets[each.key] } # Override Azure AllowVNetInBound and AllowAzureLoadBalancerInBound diff --git a/azure/fedora-coreos/kubernetes/ssh.tf b/azure/fedora-coreos/kubernetes/ssh.tf index 9b1f3a8a..ad0baa67 100644 --- a/azure/fedora-coreos/kubernetes/ssh.tf +++ b/azure/fedora-coreos/kubernetes/ssh.tf @@ -18,7 +18,7 @@ resource "null_resource" "copy-controller-secrets" { connection { type = "ssh" - host = azurerm_public_ip.controllers.*.ip_address[count.index] + host = azurerm_public_ip.controllers-ipv4[count.index].ip_address user = "core" timeout = "15m" } @@ -45,7 +45,7 @@ resource "null_resource" "bootstrap" { connection { type = "ssh" - host = azurerm_public_ip.controllers.*.ip_address[0] + host = azurerm_public_ip.controllers-ipv4[0].ip_address user = "core" timeout = "15m" } diff --git a/azure/fedora-coreos/kubernetes/variables.tf b/azure/fedora-coreos/kubernetes/variables.tf index b323dd6a..a36af4b8 100644 --- a/azure/fedora-coreos/kubernetes/variables.tf +++ b/azure/fedora-coreos/kubernetes/variables.tf @@ -94,10 +94,15 @@ variable "networking" { default = "cilium" } -variable "host_cidr" { - type = string - description = "CIDR IPv4 range to assign to instances" - default = "10.0.0.0/16" +variable "network_cidr" { + type = object({ + ipv4 = list(string) + ipv6 = optional(list(string), ["fd9a:0d2f:b7dc::/48"]) + }) + description = "Virtual network CIDR ranges" + default = { + ipv4 = ["10.0.0.0/16"] + } } variable "pod_cidr" { diff --git a/azure/fedora-coreos/kubernetes/workers.tf b/azure/fedora-coreos/kubernetes/workers.tf index 7e9e5e37..9427fcd4 100644 --- a/azure/fedora-coreos/kubernetes/workers.tf +++ b/azure/fedora-coreos/kubernetes/workers.tf @@ -3,11 +3,11 @@ module "workers" { name = var.cluster_name # Azure - resource_group_name = azurerm_resource_group.cluster.name - region = azurerm_resource_group.cluster.location - subnet_id = azurerm_subnet.worker.id - security_group_id = azurerm_network_security_group.worker.id - backend_address_pool_id = azurerm_lb_backend_address_pool.worker.id + resource_group_name = azurerm_resource_group.cluster.name + region = azurerm_resource_group.cluster.location + subnet_id = azurerm_subnet.worker.id + security_group_id = azurerm_network_security_group.worker.id + backend_address_pool_ids = local.backend_address_pool_ids worker_count = var.worker_count vm_type = var.worker_type diff --git a/azure/fedora-coreos/kubernetes/workers/variables.tf b/azure/fedora-coreos/kubernetes/workers/variables.tf index a27b69f8..8144fb74 100644 --- a/azure/fedora-coreos/kubernetes/workers/variables.tf +++ b/azure/fedora-coreos/kubernetes/workers/variables.tf @@ -25,9 +25,12 @@ variable "security_group_id" { description = "Must be set to the `worker_security_group_id` output by cluster" } -variable "backend_address_pool_id" { - type = string - description = "Must be set to the `worker_backend_address_pool_id` output by cluster" +variable "backend_address_pool_ids" { + type = object({ + ipv4 = list(string) + ipv6 = list(string) + }) + description = "Must be set to the `backend_address_pool_ids` output by cluster" } # instances diff --git a/azure/fedora-coreos/kubernetes/workers/workers.tf b/azure/fedora-coreos/kubernetes/workers/workers.tf index 6f98376a..9efe78f3 100644 --- a/azure/fedora-coreos/kubernetes/workers/workers.tf +++ b/azure/fedora-coreos/kubernetes/workers/workers.tf @@ -4,16 +4,14 @@ locals { # Workers scale set resource "azurerm_linux_virtual_machine_scale_set" "workers" { + name = "${var.name}-worker" resource_group_name = var.resource_group_name - - name = "${var.name}-worker" - location = var.region - sku = var.vm_type - instances = var.worker_count + location = var.region + sku = var.vm_type + instances = var.worker_count # instance name prefix for instances in the set computer_name_prefix = "${var.name}-worker" single_placement_group = false - custom_data = base64encode(data.ct_config.worker.rendered) # storage source_image_id = var.os_image @@ -22,13 +20,6 @@ resource "azurerm_linux_virtual_machine_scale_set" "workers" { caching = "ReadWrite" } - # Azure requires setting admin_ssh_key, though Ignition custom_data handles it too - admin_username = "core" - admin_ssh_key { - username = "core" - public_key = var.azure_authorized_key - } - # network network_interface { name = "nic0" @@ -36,13 +27,33 @@ resource "azurerm_linux_virtual_machine_scale_set" "workers" { network_security_group_id = var.security_group_id ip_configuration { - name = "ip0" + name = "ipv4" + version = "IPv4" primary = true subnet_id = var.subnet_id - # backend address pool to which the NIC should be added - load_balancer_backend_address_pool_ids = [var.backend_address_pool_id] + load_balancer_backend_address_pool_ids = var.backend_address_pool_ids.ipv4 } + ip_configuration { + name = "ipv6" + version = "IPv6" + subnet_id = var.subnet_id + # backend address pool to which the NIC should be added + load_balancer_backend_address_pool_ids = var.backend_address_pool_ids.ipv6 + } + } + + # boot + custom_data = base64encode(data.ct_config.worker.rendered) + boot_diagnostics { + # defaults to a managed storage account + } + + # Azure requires an RSA admin_ssh_key + admin_username = "core" + admin_ssh_key { + username = "core" + public_key = local.azure_authorized_key } # lifecycle @@ -50,22 +61,22 @@ resource "azurerm_linux_virtual_machine_scale_set" "workers" { # eviction policy may only be set when priority is Spot priority = var.priority eviction_policy = var.priority == "Spot" ? "Delete" : null + termination_notification { + enabled = true + } } # Scale up or down to maintain desired number, tolerating deallocations. resource "azurerm_monitor_autoscale_setting" "workers" { + name = "${var.name}-maintain-desired" resource_group_name = var.resource_group_name - - name = "${var.name}-maintain-desired" - location = var.region - + location = var.region # autoscale enabled = true target_resource_id = azurerm_linux_virtual_machine_scale_set.workers.id profile { name = "default" - capacity { minimum = var.worker_count default = var.worker_count diff --git a/azure/flatcar-linux/kubernetes/controllers.tf b/azure/flatcar-linux/kubernetes/controllers.tf index b19a242e..e69b75a2 100644 --- a/azure/flatcar-linux/kubernetes/controllers.tf +++ b/azure/flatcar-linux/kubernetes/controllers.tf @@ -1,19 +1,3 @@ -# Discrete DNS records for each controller's private IPv4 for etcd usage -resource "azurerm_dns_a_record" "etcds" { - count = var.controller_count - resource_group_name = var.dns_zone_group - - # DNS Zone name where record should be created - zone_name = var.dns_zone - - # DNS record - name = format("%s-etcd%d", var.cluster_name, count.index) - ttl = 300 - - # private IPv4 address for etcd - records = [azurerm_network_interface.controllers.*.private_ip_address[count.index]] -} - locals { # Container Linux derivative # flatcar-stable -> Flatcar Linux Stable @@ -28,11 +12,26 @@ locals { azure_authorized_key = var.azure_authorized_key == "" ? var.ssh_authorized_key : var.azure_authorized_key } +# Discrete DNS records for each controller's private IPv4 for etcd usage +resource "azurerm_dns_a_record" "etcds" { + count = var.controller_count + resource_group_name = var.dns_zone_group + + # DNS Zone name where record should be created + zone_name = var.dns_zone + + # DNS record + name = format("%s-etcd%d", var.cluster_name, count.index) + ttl = 300 + + # private IPv4 address for etcd + records = [azurerm_network_interface.controllers[count.index].private_ip_address] +} + # Controller availability set to spread controllers resource "azurerm_availability_set" "controllers" { - resource_group_name = azurerm_resource_group.cluster.name - name = "${var.cluster_name}-controllers" + resource_group_name = azurerm_resource_group.cluster.name location = var.region platform_fault_domain_count = 2 platform_update_domain_count = 4 @@ -41,18 +40,13 @@ resource "azurerm_availability_set" "controllers" { # Controller instances resource "azurerm_linux_virtual_machine" "controllers" { - count = var.controller_count - resource_group_name = azurerm_resource_group.cluster.name + count = var.controller_count name = "${var.cluster_name}-controller-${count.index}" + resource_group_name = azurerm_resource_group.cluster.name location = var.region availability_set_id = azurerm_availability_set.controllers.id - - size = var.controller_type - custom_data = base64encode(data.ct_config.controllers.*.rendered[count.index]) - boot_diagnostics { - # defaults to a managed storage account - } + size = var.controller_type # storage os_disk { @@ -84,7 +78,13 @@ resource "azurerm_linux_virtual_machine" "controllers" { azurerm_network_interface.controllers[count.index].id ] - # Azure requires setting admin_ssh_key, though Ignition custom_data handles it too + # boot + custom_data = base64encode(data.ct_config.controllers[count.index].rendered) + boot_diagnostics { + # defaults to a managed storage account + } + + # Azure requires an RSA admin_ssh_key admin_username = "core" admin_ssh_key { username = "core" @@ -99,31 +99,52 @@ resource "azurerm_linux_virtual_machine" "controllers" { } } -# Controller public IPv4 addresses -resource "azurerm_public_ip" "controllers" { - count = var.controller_count - resource_group_name = azurerm_resource_group.cluster.name +# Controller node public IPv4 addresses +resource "azurerm_public_ip" "controllers-ipv4" { + count = var.controller_count - name = "${var.cluster_name}-controller-${count.index}" - location = azurerm_resource_group.cluster.location - sku = "Standard" - allocation_method = "Static" + name = "${var.cluster_name}-controller-${count.index}-ipv4" + resource_group_name = azurerm_resource_group.cluster.name + location = azurerm_resource_group.cluster.location + ip_version = "IPv4" + sku = "Standard" + allocation_method = "Static" } -# Controller NICs with public and private IPv4 -resource "azurerm_network_interface" "controllers" { - count = var.controller_count - resource_group_name = azurerm_resource_group.cluster.name +# Controller node public IPv6 addresses +resource "azurerm_public_ip" "controllers-ipv6" { + count = var.controller_count - name = "${var.cluster_name}-controller-${count.index}" - location = azurerm_resource_group.cluster.location + name = "${var.cluster_name}-controller-${count.index}-ipv6" + resource_group_name = azurerm_resource_group.cluster.name + location = azurerm_resource_group.cluster.location + ip_version = "IPv6" + sku = "Standard" + allocation_method = "Static" +} + +# Controllers' network interfaces +resource "azurerm_network_interface" "controllers" { + count = var.controller_count + + name = "${var.cluster_name}-controller-${count.index}" + resource_group_name = azurerm_resource_group.cluster.name + location = azurerm_resource_group.cluster.location ip_configuration { - name = "ip0" + name = "ipv4" + primary = true subnet_id = azurerm_subnet.controller.id private_ip_address_allocation = "Dynamic" - # instance public IPv4 - public_ip_address_id = azurerm_public_ip.controllers.*.id[count.index] + private_ip_address_version = "IPv4" + public_ip_address_id = azurerm_public_ip.controllers-ipv4[count.index].id + } + ip_configuration { + name = "ipv6" + subnet_id = azurerm_subnet.controller.id + private_ip_address_allocation = "Dynamic" + private_ip_address_version = "IPv6" + public_ip_address_id = azurerm_public_ip.controllers-ipv6[count.index].id } } @@ -140,7 +161,7 @@ resource "azurerm_network_interface_backend_address_pool_association" "controlle count = var.controller_count network_interface_id = azurerm_network_interface.controllers[count.index].id - ip_configuration_name = "ip0" + ip_configuration_name = "ipv4" backend_address_pool_id = azurerm_lb_backend_address_pool.controller.id } diff --git a/azure/flatcar-linux/kubernetes/lb.tf b/azure/flatcar-linux/kubernetes/lb.tf index 4e139471..04fc832e 100644 --- a/azure/flatcar-linux/kubernetes/lb.tf +++ b/azure/flatcar-linux/kubernetes/lb.tf @@ -15,31 +15,39 @@ resource "azurerm_dns_a_record" "apiserver" { # Static IPv4 address for the apiserver frontend resource "azurerm_public_ip" "apiserver-ipv4" { + name = "${var.cluster_name}-apiserver-ipv4" resource_group_name = azurerm_resource_group.cluster.name - - name = "${var.cluster_name}-apiserver-ipv4" - location = var.region - sku = "Standard" - allocation_method = "Static" + location = var.region + sku = "Standard" + allocation_method = "Static" } # Static IPv4 address for the ingress frontend resource "azurerm_public_ip" "ingress-ipv4" { + name = "${var.cluster_name}-ingress-ipv4" resource_group_name = azurerm_resource_group.cluster.name + location = var.region + ip_version = "IPv4" + sku = "Standard" + allocation_method = "Static" +} - name = "${var.cluster_name}-ingress-ipv4" - location = var.region - sku = "Standard" - allocation_method = "Static" +# Static IPv6 address for the ingress frontend +resource "azurerm_public_ip" "ingress-ipv6" { + name = "${var.cluster_name}-ingress-ipv6" + resource_group_name = azurerm_resource_group.cluster.name + location = var.region + ip_version = "IPv6" + sku = "Standard" + allocation_method = "Static" } # Network Load Balancer for apiservers and ingress resource "azurerm_lb" "cluster" { + name = var.cluster_name resource_group_name = azurerm_resource_group.cluster.name - - name = var.cluster_name - location = var.region - sku = "Standard" + location = var.region + sku = "Standard" frontend_ip_configuration { name = "apiserver" @@ -47,15 +55,21 @@ resource "azurerm_lb" "cluster" { } frontend_ip_configuration { - name = "ingress" + name = "ingress-ipv4" public_ip_address_id = azurerm_public_ip.ingress-ipv4.id } + + frontend_ip_configuration { + name = "ingress-ipv6" + public_ip_address_id = azurerm_public_ip.ingress-ipv6.id + } } resource "azurerm_lb_rule" "apiserver" { name = "apiserver" loadbalancer_id = azurerm_lb.cluster.id frontend_ip_configuration_name = "apiserver" + disable_outbound_snat = true protocol = "Tcp" frontend_port = 6443 @@ -64,53 +78,74 @@ resource "azurerm_lb_rule" "apiserver" { probe_id = azurerm_lb_probe.apiserver.id } -resource "azurerm_lb_rule" "ingress-http" { - name = "ingress-http" +resource "azurerm_lb_rule" "ingress-http-ipv4" { + name = "ingress-http-ipv4" loadbalancer_id = azurerm_lb.cluster.id - frontend_ip_configuration_name = "ingress" + frontend_ip_configuration_name = "ingress-ipv4" disable_outbound_snat = true protocol = "Tcp" frontend_port = 80 backend_port = 80 - backend_address_pool_ids = [azurerm_lb_backend_address_pool.worker.id] + backend_address_pool_ids = [azurerm_lb_backend_address_pool.worker-ipv4.id] probe_id = azurerm_lb_probe.ingress.id } -resource "azurerm_lb_rule" "ingress-https" { - name = "ingress-https" +resource "azurerm_lb_rule" "ingress-https-ipv4" { + name = "ingress-https-ipv4" loadbalancer_id = azurerm_lb.cluster.id - frontend_ip_configuration_name = "ingress" + frontend_ip_configuration_name = "ingress-ipv4" disable_outbound_snat = true protocol = "Tcp" frontend_port = 443 backend_port = 443 - backend_address_pool_ids = [azurerm_lb_backend_address_pool.worker.id] + backend_address_pool_ids = [azurerm_lb_backend_address_pool.worker-ipv4.id] probe_id = azurerm_lb_probe.ingress.id } -# Worker outbound TCP/UDP SNAT -resource "azurerm_lb_outbound_rule" "worker-outbound" { - name = "worker" - loadbalancer_id = azurerm_lb.cluster.id - frontend_ip_configuration { - name = "ingress" - } +resource "azurerm_lb_rule" "ingress-http-ipv6" { + name = "ingress-http-ipv6" + loadbalancer_id = azurerm_lb.cluster.id + frontend_ip_configuration_name = "ingress-ipv6" + disable_outbound_snat = true - protocol = "All" - backend_address_pool_id = azurerm_lb_backend_address_pool.worker.id + protocol = "Tcp" + frontend_port = 80 + backend_port = 80 + backend_address_pool_ids = [azurerm_lb_backend_address_pool.worker-ipv6.id] + probe_id = azurerm_lb_probe.ingress.id } +resource "azurerm_lb_rule" "ingress-https-ipv6" { + name = "ingress-https-ipv6" + loadbalancer_id = azurerm_lb.cluster.id + frontend_ip_configuration_name = "ingress-ipv6" + disable_outbound_snat = true + + protocol = "Tcp" + frontend_port = 443 + backend_port = 443 + backend_address_pool_ids = [azurerm_lb_backend_address_pool.worker-ipv6.id] + probe_id = azurerm_lb_probe.ingress.id +} + +# Backend Address Pools + # Address pool of controllers resource "azurerm_lb_backend_address_pool" "controller" { name = "controller" loadbalancer_id = azurerm_lb.cluster.id } -# Address pool of workers -resource "azurerm_lb_backend_address_pool" "worker" { - name = "worker" +# Address pools for workers +resource "azurerm_lb_backend_address_pool" "worker-ipv4" { + name = "worker-ipv4" + loadbalancer_id = azurerm_lb.cluster.id +} + +resource "azurerm_lb_backend_address_pool" "worker-ipv6" { + name = "worker-ipv6" loadbalancer_id = azurerm_lb.cluster.id } @@ -122,10 +157,8 @@ resource "azurerm_lb_probe" "apiserver" { loadbalancer_id = azurerm_lb.cluster.id protocol = "Tcp" port = 6443 - # unhealthy threshold - number_of_probes = 3 - + number_of_probes = 3 interval_in_seconds = 5 } @@ -136,10 +169,29 @@ resource "azurerm_lb_probe" "ingress" { protocol = "Http" port = 10254 request_path = "/healthz" - # unhealthy threshold - number_of_probes = 3 - + number_of_probes = 3 interval_in_seconds = 5 } +# Outbound SNAT + +resource "azurerm_lb_outbound_rule" "outbound-ipv4" { + name = "outbound-ipv4" + protocol = "All" + loadbalancer_id = azurerm_lb.cluster.id + backend_address_pool_id = azurerm_lb_backend_address_pool.worker-ipv4.id + frontend_ip_configuration { + name = "ingress-ipv4" + } +} + +resource "azurerm_lb_outbound_rule" "outbound-ipv6" { + name = "outbound-ipv6" + protocol = "All" + loadbalancer_id = azurerm_lb.cluster.id + backend_address_pool_id = azurerm_lb_backend_address_pool.worker-ipv6.id + frontend_ip_configuration { + name = "ingress-ipv6" + } +} diff --git a/azure/flatcar-linux/kubernetes/locals.tf b/azure/flatcar-linux/kubernetes/locals.tf new file mode 100644 index 00000000..0c840906 --- /dev/null +++ b/azure/flatcar-linux/kubernetes/locals.tf @@ -0,0 +1,6 @@ +locals { + backend_address_pool_ids = { + ipv4 = [azurerm_lb_backend_address_pool.worker-ipv4.id] + ipv6 = [azurerm_lb_backend_address_pool.worker-ipv6.id] + } +} diff --git a/azure/flatcar-linux/kubernetes/network.tf b/azure/flatcar-linux/kubernetes/network.tf index 0fcaa8b8..19118bec 100644 --- a/azure/flatcar-linux/kubernetes/network.tf +++ b/azure/flatcar-linux/kubernetes/network.tf @@ -1,3 +1,21 @@ +locals { + # Subdivide the virtual network into subnets + # - controllers use netnum 0 + # - workers use netnum 1 + controller_subnets = { + ipv4 = [for i, cidr in var.network_cidr.ipv4 : cidrsubnet(cidr, 1, 0)] + ipv6 = [for i, cidr in var.network_cidr.ipv6 : cidrsubnet(cidr, 16, 0)] + } + worker_subnets = { + ipv4 = [for i, cidr in var.network_cidr.ipv4 : cidrsubnet(cidr, 1, 1)] + ipv6 = [for i, cidr in var.network_cidr.ipv6 : cidrsubnet(cidr, 16, 1)] + } + cluster_subnets = { + ipv4 = concat(local.controller_subnets.ipv4, local.worker_subnets.ipv4) + ipv6 = concat(local.controller_subnets.ipv6, local.worker_subnets.ipv6) + } +} + # Organize cluster into a resource group resource "azurerm_resource_group" "cluster" { name = var.cluster_name @@ -5,23 +23,28 @@ resource "azurerm_resource_group" "cluster" { } resource "azurerm_virtual_network" "network" { + name = var.cluster_name resource_group_name = azurerm_resource_group.cluster.name - - name = var.cluster_name - location = azurerm_resource_group.cluster.location - address_space = [var.host_cidr] + location = azurerm_resource_group.cluster.location + address_space = concat( + var.network_cidr.ipv4, + var.network_cidr.ipv6 + ) } -# Subnets - separate subnets for controller and workers because Azure -# network security groups are based on IPv4 CIDR rather than instance -# tags like GCP or security group membership like AWS +# Subnets - separate subnets for controllers and workers because Azure +# network security groups are oriented around address prefixes rather +# than instance tags (GCP) or security group membership (AWS) resource "azurerm_subnet" "controller" { - resource_group_name = azurerm_resource_group.cluster.name - name = "controller" + resource_group_name = azurerm_resource_group.cluster.name virtual_network_name = azurerm_virtual_network.network.name - address_prefixes = [cidrsubnet(var.host_cidr, 1, 0)] + address_prefixes = concat( + local.controller_subnets.ipv4, + local.controller_subnets.ipv6, + ) + default_outbound_access_enabled = false } resource "azurerm_subnet_network_security_group_association" "controller" { @@ -30,11 +53,14 @@ resource "azurerm_subnet_network_security_group_association" "controller" { } resource "azurerm_subnet" "worker" { - resource_group_name = azurerm_resource_group.cluster.name - name = "worker" + resource_group_name = azurerm_resource_group.cluster.name virtual_network_name = azurerm_virtual_network.network.name - address_prefixes = [cidrsubnet(var.host_cidr, 1, 1)] + address_prefixes = concat( + local.worker_subnets.ipv4, + local.worker_subnets.ipv6, + ) + default_outbound_access_enabled = false } resource "azurerm_subnet_network_security_group_association" "worker" { diff --git a/azure/flatcar-linux/kubernetes/outputs.tf b/azure/flatcar-linux/kubernetes/outputs.tf index 5794caad..8b6f4897 100644 --- a/azure/flatcar-linux/kubernetes/outputs.tf +++ b/azure/flatcar-linux/kubernetes/outputs.tf @@ -10,6 +10,11 @@ output "ingress_static_ipv4" { description = "IPv4 address of the load balancer for distributing traffic to Ingress controllers" } +output "ingress_static_ipv6" { + value = azurerm_public_ip.ingress-ipv6.ip_address + description = "IPv6 address of the load balancer for distributing traffic to Ingress controllers" +} + # Outputs for worker pools output "region" { @@ -51,12 +56,12 @@ output "worker_security_group_name" { output "controller_address_prefixes" { description = "Controller network subnet CIDR addresses (for source/destination)" - value = azurerm_subnet.controller.address_prefixes + value = local.controller_subnets } output "worker_address_prefixes" { description = "Worker network subnet CIDR addresses (for source/destination)" - value = azurerm_subnet.worker.address_prefixes + value = local.worker_subnets } # Outputs for custom load balancing @@ -66,9 +71,12 @@ output "loadbalancer_id" { value = azurerm_lb.cluster.id } -output "backend_address_pool_id" { - description = "ID of the worker backend address pool" - value = azurerm_lb_backend_address_pool.worker.id +output "backend_address_pool_ids" { + description = "IDs of the worker backend address pools" + value = { + ipv4 = [azurerm_lb_backend_address_pool.worker-ipv4.id] + ipv6 = [azurerm_lb_backend_address_pool.worker-ipv6.id] + } } # Outputs for debug diff --git a/azure/flatcar-linux/kubernetes/security.tf b/azure/flatcar-linux/kubernetes/security.tf index 4d6110a0..f9a70273 100644 --- a/azure/flatcar-linux/kubernetes/security.tf +++ b/azure/flatcar-linux/kubernetes/security.tf @@ -1,214 +1,223 @@ # Controller security group resource "azurerm_network_security_group" "controller" { + name = "${var.cluster_name}-controller" resource_group_name = azurerm_resource_group.cluster.name - - name = "${var.cluster_name}-controller" - location = azurerm_resource_group.cluster.location + location = azurerm_resource_group.cluster.location } resource "azurerm_network_security_rule" "controller-icmp" { - resource_group_name = azurerm_resource_group.cluster.name + for_each = local.controller_subnets - name = "allow-icmp" + name = "allow-icmp-${each.key}" + resource_group_name = azurerm_resource_group.cluster.name network_security_group_name = azurerm_network_security_group.controller.name - priority = "1995" + priority = 1995 + (each.key == "ipv4" ? 0 : 1) access = "Allow" direction = "Inbound" protocol = "Icmp" source_port_range = "*" destination_port_range = "*" - source_address_prefixes = concat(azurerm_subnet.controller.address_prefixes, azurerm_subnet.worker.address_prefixes) - destination_address_prefixes = azurerm_subnet.controller.address_prefixes + source_address_prefixes = local.cluster_subnets[each.key] + destination_address_prefixes = local.controller_subnets[each.key] } resource "azurerm_network_security_rule" "controller-ssh" { - resource_group_name = azurerm_resource_group.cluster.name + for_each = local.controller_subnets - name = "allow-ssh" + name = "allow-ssh-${each.key}" + resource_group_name = azurerm_resource_group.cluster.name network_security_group_name = azurerm_network_security_group.controller.name - priority = "2000" + priority = 2000 + (each.key == "ipv4" ? 0 : 1) access = "Allow" direction = "Inbound" protocol = "Tcp" source_port_range = "*" destination_port_range = "22" source_address_prefix = "*" - destination_address_prefixes = azurerm_subnet.controller.address_prefixes + destination_address_prefixes = local.controller_subnets[each.key] } resource "azurerm_network_security_rule" "controller-etcd" { - resource_group_name = azurerm_resource_group.cluster.name + for_each = local.controller_subnets - name = "allow-etcd" + name = "allow-etcd-${each.key}" + resource_group_name = azurerm_resource_group.cluster.name network_security_group_name = azurerm_network_security_group.controller.name - priority = "2005" + priority = 2005 + (each.key == "ipv4" ? 0 : 1) access = "Allow" direction = "Inbound" protocol = "Tcp" source_port_range = "*" destination_port_range = "2379-2380" - source_address_prefixes = azurerm_subnet.controller.address_prefixes - destination_address_prefixes = azurerm_subnet.controller.address_prefixes + source_address_prefixes = local.controller_subnets[each.key] + destination_address_prefixes = local.controller_subnets[each.key] } # Allow Prometheus to scrape etcd metrics resource "azurerm_network_security_rule" "controller-etcd-metrics" { - resource_group_name = azurerm_resource_group.cluster.name + for_each = local.controller_subnets - name = "allow-etcd-metrics" + name = "allow-etcd-metrics-${each.key}" + resource_group_name = azurerm_resource_group.cluster.name network_security_group_name = azurerm_network_security_group.controller.name - priority = "2010" + priority = 2010 + (each.key == "ipv4" ? 0 : 1) access = "Allow" direction = "Inbound" protocol = "Tcp" source_port_range = "*" destination_port_range = "2381" - source_address_prefixes = azurerm_subnet.worker.address_prefixes - destination_address_prefixes = azurerm_subnet.controller.address_prefixes + source_address_prefixes = local.worker_subnets[each.key] + destination_address_prefixes = local.controller_subnets[each.key] } # Allow Prometheus to scrape kube-proxy metrics resource "azurerm_network_security_rule" "controller-kube-proxy" { - resource_group_name = azurerm_resource_group.cluster.name + for_each = local.controller_subnets - name = "allow-kube-proxy-metrics" + name = "allow-kube-proxy-metrics-${each.key}" + resource_group_name = azurerm_resource_group.cluster.name network_security_group_name = azurerm_network_security_group.controller.name - priority = "2011" + priority = 2012 + (each.key == "ipv4" ? 0 : 1) access = "Allow" direction = "Inbound" protocol = "Tcp" source_port_range = "*" destination_port_range = "10249" - source_address_prefixes = azurerm_subnet.worker.address_prefixes - destination_address_prefixes = azurerm_subnet.controller.address_prefixes + source_address_prefixes = local.worker_subnets[each.key] + destination_address_prefixes = local.controller_subnets[each.key] } # Allow Prometheus to scrape kube-scheduler and kube-controller-manager metrics resource "azurerm_network_security_rule" "controller-kube-metrics" { - resource_group_name = azurerm_resource_group.cluster.name + for_each = local.controller_subnets - name = "allow-kube-metrics" + name = "allow-kube-metrics-${each.key}" + resource_group_name = azurerm_resource_group.cluster.name network_security_group_name = azurerm_network_security_group.controller.name - priority = "2012" + priority = 2014 + (each.key == "ipv4" ? 0 : 1) access = "Allow" direction = "Inbound" protocol = "Tcp" source_port_range = "*" destination_port_range = "10257-10259" - source_address_prefixes = azurerm_subnet.worker.address_prefixes - destination_address_prefixes = azurerm_subnet.controller.address_prefixes + source_address_prefixes = local.worker_subnets[each.key] + destination_address_prefixes = local.controller_subnets[each.key] } resource "azurerm_network_security_rule" "controller-apiserver" { - resource_group_name = azurerm_resource_group.cluster.name + for_each = local.controller_subnets - name = "allow-apiserver" + name = "allow-apiserver-${each.key}" + resource_group_name = azurerm_resource_group.cluster.name network_security_group_name = azurerm_network_security_group.controller.name - priority = "2015" + priority = 2016 + (each.key == "ipv4" ? 0 : 1) access = "Allow" direction = "Inbound" protocol = "Tcp" source_port_range = "*" destination_port_range = "6443" source_address_prefix = "*" - destination_address_prefixes = azurerm_subnet.controller.address_prefixes + destination_address_prefixes = local.controller_subnets[each.key] } resource "azurerm_network_security_rule" "controller-cilium-health" { - resource_group_name = azurerm_resource_group.cluster.name - count = var.networking == "cilium" ? 1 : 0 + for_each = var.networking == "cilium" ? local.controller_subnets : {} - name = "allow-cilium-health" + name = "allow-cilium-health-${each.key}" + resource_group_name = azurerm_resource_group.cluster.name network_security_group_name = azurerm_network_security_group.controller.name - priority = "2018" + priority = 2018 + (each.key == "ipv4" ? 0 : 1) access = "Allow" direction = "Inbound" protocol = "Tcp" source_port_range = "*" destination_port_range = "4240" - source_address_prefixes = concat(azurerm_subnet.controller.address_prefixes, azurerm_subnet.worker.address_prefixes) - destination_address_prefixes = azurerm_subnet.controller.address_prefixes + source_address_prefixes = local.cluster_subnets[each.key] + destination_address_prefixes = local.controller_subnets[each.key] } resource "azurerm_network_security_rule" "controller-cilium-metrics" { - resource_group_name = azurerm_resource_group.cluster.name - count = var.networking == "cilium" ? 1 : 0 + for_each = var.networking == "cilium" ? local.controller_subnets : {} - name = "allow-cilium-metrics" + name = "allow-cilium-metrics-${each.key}" + resource_group_name = azurerm_resource_group.cluster.name network_security_group_name = azurerm_network_security_group.controller.name - priority = "2019" + priority = 2035 + (each.key == "ipv4" ? 0 : 1) access = "Allow" direction = "Inbound" protocol = "Tcp" source_port_range = "*" destination_port_range = "9962-9965" - source_address_prefixes = concat(azurerm_subnet.controller.address_prefixes, azurerm_subnet.worker.address_prefixes) - destination_address_prefixes = azurerm_subnet.controller.address_prefixes + source_address_prefixes = local.cluster_subnets[each.key] + destination_address_prefixes = local.controller_subnets[each.key] } resource "azurerm_network_security_rule" "controller-vxlan" { - resource_group_name = azurerm_resource_group.cluster.name + for_each = local.controller_subnets - name = "allow-vxlan" + name = "allow-vxlan-${each.key}" + resource_group_name = azurerm_resource_group.cluster.name network_security_group_name = azurerm_network_security_group.controller.name - priority = "2020" + priority = 2020 + (each.key == "ipv4" ? 0 : 1) access = "Allow" direction = "Inbound" protocol = "Udp" source_port_range = "*" destination_port_range = "4789" - source_address_prefixes = concat(azurerm_subnet.controller.address_prefixes, azurerm_subnet.worker.address_prefixes) - destination_address_prefixes = azurerm_subnet.controller.address_prefixes + source_address_prefixes = local.cluster_subnets[each.key] + destination_address_prefixes = local.controller_subnets[each.key] } resource "azurerm_network_security_rule" "controller-linux-vxlan" { - resource_group_name = azurerm_resource_group.cluster.name + for_each = local.controller_subnets - name = "allow-linux-vxlan" + name = "allow-linux-vxlan-${each.key}" + resource_group_name = azurerm_resource_group.cluster.name network_security_group_name = azurerm_network_security_group.controller.name - priority = "2021" + priority = 2022 + (each.key == "ipv4" ? 0 : 1) access = "Allow" direction = "Inbound" protocol = "Udp" source_port_range = "*" destination_port_range = "8472" - source_address_prefixes = concat(azurerm_subnet.controller.address_prefixes, azurerm_subnet.worker.address_prefixes) - destination_address_prefixes = azurerm_subnet.controller.address_prefixes + source_address_prefixes = local.cluster_subnets[each.key] + destination_address_prefixes = local.controller_subnets[each.key] } # Allow Prometheus to scrape node-exporter daemonset resource "azurerm_network_security_rule" "controller-node-exporter" { - resource_group_name = azurerm_resource_group.cluster.name + for_each = local.controller_subnets - name = "allow-node-exporter" + name = "allow-node-exporter-${each.key}" + resource_group_name = azurerm_resource_group.cluster.name network_security_group_name = azurerm_network_security_group.controller.name - priority = "2025" + priority = 2025 + (each.key == "ipv4" ? 0 : 1) access = "Allow" direction = "Inbound" protocol = "Tcp" source_port_range = "*" destination_port_range = "9100" - source_address_prefixes = azurerm_subnet.worker.address_prefixes - destination_address_prefixes = azurerm_subnet.controller.address_prefixes + source_address_prefixes = local.worker_subnets[each.key] + destination_address_prefixes = local.controller_subnets[each.key] } # Allow apiserver to access kubelet's for exec, log, port-forward resource "azurerm_network_security_rule" "controller-kubelet" { - resource_group_name = azurerm_resource_group.cluster.name + for_each = local.controller_subnets - name = "allow-kubelet" + name = "allow-kubelet-${each.key}" + resource_group_name = azurerm_resource_group.cluster.name network_security_group_name = azurerm_network_security_group.controller.name - priority = "2030" + priority = 2030 + (each.key == "ipv4" ? 0 : 1) access = "Allow" direction = "Inbound" protocol = "Tcp" source_port_range = "*" destination_port_range = "10250" - # allow Prometheus to scrape kubelet metrics too - source_address_prefixes = concat(azurerm_subnet.controller.address_prefixes, azurerm_subnet.worker.address_prefixes) - destination_address_prefixes = azurerm_subnet.controller.address_prefixes + source_address_prefixes = local.cluster_subnets[each.key] + destination_address_prefixes = local.controller_subnets[each.key] } # Override Azure AllowVNetInBound and AllowAzureLoadBalancerInBound @@ -247,182 +256,189 @@ resource "azurerm_network_security_rule" "controller-deny-all" { # Worker security group resource "azurerm_network_security_group" "worker" { + name = "${var.cluster_name}-worker" resource_group_name = azurerm_resource_group.cluster.name - - name = "${var.cluster_name}-worker" - location = azurerm_resource_group.cluster.location + location = azurerm_resource_group.cluster.location } resource "azurerm_network_security_rule" "worker-icmp" { - resource_group_name = azurerm_resource_group.cluster.name + for_each = local.worker_subnets - name = "allow-icmp" + name = "allow-icmp-${each.key}" + resource_group_name = azurerm_resource_group.cluster.name network_security_group_name = azurerm_network_security_group.worker.name - priority = "1995" + priority = 1995 + (each.key == "ipv4" ? 0 : 1) access = "Allow" direction = "Inbound" protocol = "Icmp" source_port_range = "*" destination_port_range = "*" - source_address_prefixes = concat(azurerm_subnet.controller.address_prefixes, azurerm_subnet.worker.address_prefixes) - destination_address_prefixes = azurerm_subnet.worker.address_prefixes + source_address_prefixes = local.cluster_subnets[each.key] + destination_address_prefixes = local.worker_subnets[each.key] } resource "azurerm_network_security_rule" "worker-ssh" { - resource_group_name = azurerm_resource_group.cluster.name + for_each = local.worker_subnets - name = "allow-ssh" + name = "allow-ssh-${each.key}" + resource_group_name = azurerm_resource_group.cluster.name network_security_group_name = azurerm_network_security_group.worker.name - priority = "2000" + priority = 2000 + (each.key == "ipv4" ? 0 : 1) access = "Allow" direction = "Inbound" protocol = "Tcp" source_port_range = "*" destination_port_range = "22" - source_address_prefixes = azurerm_subnet.controller.address_prefixes - destination_address_prefixes = azurerm_subnet.worker.address_prefixes + source_address_prefixes = local.controller_subnets[each.key] + destination_address_prefixes = local.worker_subnets[each.key] } resource "azurerm_network_security_rule" "worker-http" { - resource_group_name = azurerm_resource_group.cluster.name + for_each = local.worker_subnets - name = "allow-http" + name = "allow-http-${each.key}" + resource_group_name = azurerm_resource_group.cluster.name network_security_group_name = azurerm_network_security_group.worker.name - priority = "2005" + priority = 2005 + (each.key == "ipv4" ? 0 : 1) access = "Allow" direction = "Inbound" protocol = "Tcp" source_port_range = "*" destination_port_range = "80" source_address_prefix = "*" - destination_address_prefixes = azurerm_subnet.worker.address_prefixes + destination_address_prefixes = local.worker_subnets[each.key] } resource "azurerm_network_security_rule" "worker-https" { - resource_group_name = azurerm_resource_group.cluster.name + for_each = local.worker_subnets - name = "allow-https" + name = "allow-https-${each.key}" + resource_group_name = azurerm_resource_group.cluster.name network_security_group_name = azurerm_network_security_group.worker.name - priority = "2010" + priority = 2010 + (each.key == "ipv4" ? 0 : 1) access = "Allow" direction = "Inbound" protocol = "Tcp" source_port_range = "*" destination_port_range = "443" source_address_prefix = "*" - destination_address_prefixes = azurerm_subnet.worker.address_prefixes + destination_address_prefixes = local.worker_subnets[each.key] } resource "azurerm_network_security_rule" "worker-cilium-health" { - resource_group_name = azurerm_resource_group.cluster.name - count = var.networking == "cilium" ? 1 : 0 + for_each = var.networking == "cilium" ? local.worker_subnets : {} - name = "allow-cilium-health" + name = "allow-cilium-health-${each.key}" + resource_group_name = azurerm_resource_group.cluster.name network_security_group_name = azurerm_network_security_group.worker.name - priority = "2013" + priority = 2012 + (each.key == "ipv4" ? 0 : 1) access = "Allow" direction = "Inbound" protocol = "Tcp" source_port_range = "*" destination_port_range = "4240" - source_address_prefixes = concat(azurerm_subnet.controller.address_prefixes, azurerm_subnet.worker.address_prefixes) - destination_address_prefixes = azurerm_subnet.worker.address_prefixes + source_address_prefixes = local.cluster_subnets[each.key] + destination_address_prefixes = local.worker_subnets[each.key] } resource "azurerm_network_security_rule" "worker-cilium-metrics" { - resource_group_name = azurerm_resource_group.cluster.name - count = var.networking == "cilium" ? 1 : 0 + for_each = var.networking == "cilium" ? local.worker_subnets : {} - name = "allow-cilium-metrics" + name = "allow-cilium-metrics-${each.key}" + resource_group_name = azurerm_resource_group.cluster.name network_security_group_name = azurerm_network_security_group.worker.name - priority = "2014" + priority = 2014 + (each.key == "ipv4" ? 0 : 1) access = "Allow" direction = "Inbound" protocol = "Tcp" source_port_range = "*" destination_port_range = "9962-9965" - source_address_prefixes = concat(azurerm_subnet.controller.address_prefixes, azurerm_subnet.worker.address_prefixes) - destination_address_prefixes = azurerm_subnet.worker.address_prefixes + source_address_prefixes = local.cluster_subnets[each.key] + destination_address_prefixes = local.worker_subnets[each.key] } resource "azurerm_network_security_rule" "worker-vxlan" { - resource_group_name = azurerm_resource_group.cluster.name + for_each = local.worker_subnets - name = "allow-vxlan" + name = "allow-vxlan-${each.key}" + resource_group_name = azurerm_resource_group.cluster.name network_security_group_name = azurerm_network_security_group.worker.name - priority = "2015" + priority = 2016 + (each.key == "ipv4" ? 0 : 1) access = "Allow" direction = "Inbound" protocol = "Udp" source_port_range = "*" destination_port_range = "4789" - source_address_prefixes = concat(azurerm_subnet.controller.address_prefixes, azurerm_subnet.worker.address_prefixes) - destination_address_prefixes = azurerm_subnet.worker.address_prefixes + source_address_prefixes = local.cluster_subnets[each.key] + destination_address_prefixes = local.worker_subnets[each.key] } resource "azurerm_network_security_rule" "worker-linux-vxlan" { - resource_group_name = azurerm_resource_group.cluster.name + for_each = local.worker_subnets - name = "allow-linux-vxlan" + name = "allow-linux-vxlan-${each.key}" + resource_group_name = azurerm_resource_group.cluster.name network_security_group_name = azurerm_network_security_group.worker.name - priority = "2016" + priority = 2018 + (each.key == "ipv4" ? 0 : 1) access = "Allow" direction = "Inbound" protocol = "Udp" source_port_range = "*" destination_port_range = "8472" - source_address_prefixes = concat(azurerm_subnet.controller.address_prefixes, azurerm_subnet.worker.address_prefixes) - destination_address_prefixes = azurerm_subnet.worker.address_prefixes + source_address_prefixes = local.cluster_subnets[each.key] + destination_address_prefixes = local.worker_subnets[each.key] } # Allow Prometheus to scrape node-exporter daemonset resource "azurerm_network_security_rule" "worker-node-exporter" { - resource_group_name = azurerm_resource_group.cluster.name + for_each = local.worker_subnets - name = "allow-node-exporter" + name = "allow-node-exporter-${each.key}" + resource_group_name = azurerm_resource_group.cluster.name network_security_group_name = azurerm_network_security_group.worker.name - priority = "2020" + priority = 2020 + (each.key == "ipv4" ? 0 : 1) access = "Allow" direction = "Inbound" protocol = "Tcp" source_port_range = "*" destination_port_range = "9100" - source_address_prefixes = azurerm_subnet.worker.address_prefixes - destination_address_prefixes = azurerm_subnet.worker.address_prefixes + source_address_prefixes = local.worker_subnets[each.key] + destination_address_prefixes = local.worker_subnets[each.key] } # Allow Prometheus to scrape kube-proxy resource "azurerm_network_security_rule" "worker-kube-proxy" { - resource_group_name = azurerm_resource_group.cluster.name + for_each = local.worker_subnets - name = "allow-kube-proxy" + name = "allow-kube-proxy-${each.key}" + resource_group_name = azurerm_resource_group.cluster.name network_security_group_name = azurerm_network_security_group.worker.name - priority = "2024" + priority = 2024 + (each.key == "ipv4" ? 0 : 1) access = "Allow" direction = "Inbound" protocol = "Tcp" source_port_range = "*" destination_port_range = "10249" - source_address_prefixes = azurerm_subnet.worker.address_prefixes - destination_address_prefixes = azurerm_subnet.worker.address_prefixes + source_address_prefixes = local.worker_subnets[each.key] + destination_address_prefixes = local.worker_subnets[each.key] } # Allow apiserver to access kubelet's for exec, log, port-forward resource "azurerm_network_security_rule" "worker-kubelet" { - resource_group_name = azurerm_resource_group.cluster.name + for_each = local.worker_subnets - name = "allow-kubelet" + name = "allow-kubelet-${each.key}" + resource_group_name = azurerm_resource_group.cluster.name network_security_group_name = azurerm_network_security_group.worker.name - priority = "2025" + priority = 2026 + (each.key == "ipv4" ? 0 : 1) access = "Allow" direction = "Inbound" protocol = "Tcp" source_port_range = "*" destination_port_range = "10250" - # allow Prometheus to scrape kubelet metrics too - source_address_prefixes = concat(azurerm_subnet.controller.address_prefixes, azurerm_subnet.worker.address_prefixes) - destination_address_prefixes = azurerm_subnet.worker.address_prefixes + source_address_prefixes = local.cluster_subnets[each.key] + destination_address_prefixes = local.worker_subnets[each.key] } # Override Azure AllowVNetInBound and AllowAzureLoadBalancerInBound diff --git a/azure/flatcar-linux/kubernetes/ssh.tf b/azure/flatcar-linux/kubernetes/ssh.tf index 9b1f3a8a..ad0baa67 100644 --- a/azure/flatcar-linux/kubernetes/ssh.tf +++ b/azure/flatcar-linux/kubernetes/ssh.tf @@ -18,7 +18,7 @@ resource "null_resource" "copy-controller-secrets" { connection { type = "ssh" - host = azurerm_public_ip.controllers.*.ip_address[count.index] + host = azurerm_public_ip.controllers-ipv4[count.index].ip_address user = "core" timeout = "15m" } @@ -45,7 +45,7 @@ resource "null_resource" "bootstrap" { connection { type = "ssh" - host = azurerm_public_ip.controllers.*.ip_address[0] + host = azurerm_public_ip.controllers-ipv4[0].ip_address user = "core" timeout = "15m" } diff --git a/azure/flatcar-linux/kubernetes/variables.tf b/azure/flatcar-linux/kubernetes/variables.tf index 27159e97..476853ab 100644 --- a/azure/flatcar-linux/kubernetes/variables.tf +++ b/azure/flatcar-linux/kubernetes/variables.tf @@ -100,10 +100,15 @@ variable "networking" { default = "cilium" } -variable "host_cidr" { - type = string - description = "CIDR IPv4 range to assign to instances" - default = "10.0.0.0/16" +variable "network_cidr" { + type = object({ + ipv4 = list(string) + ipv6 = optional(list(string), ["fd9a:0d2f:b7dc::/48"]) + }) + description = "Virtual network CIDR ranges" + default = { + ipv4 = ["10.0.0.0/16"] + } } variable "pod_cidr" { diff --git a/azure/flatcar-linux/kubernetes/workers.tf b/azure/flatcar-linux/kubernetes/workers.tf index 082f2917..3b212128 100644 --- a/azure/flatcar-linux/kubernetes/workers.tf +++ b/azure/flatcar-linux/kubernetes/workers.tf @@ -3,11 +3,11 @@ module "workers" { name = var.cluster_name # Azure - resource_group_name = azurerm_resource_group.cluster.name - region = azurerm_resource_group.cluster.location - subnet_id = azurerm_subnet.worker.id - security_group_id = azurerm_network_security_group.worker.id - backend_address_pool_id = azurerm_lb_backend_address_pool.worker.id + resource_group_name = azurerm_resource_group.cluster.name + region = azurerm_resource_group.cluster.location + subnet_id = azurerm_subnet.worker.id + security_group_id = azurerm_network_security_group.worker.id + backend_address_pool_ids = local.backend_address_pool_ids worker_count = var.worker_count vm_type = var.worker_type diff --git a/azure/flatcar-linux/kubernetes/workers/variables.tf b/azure/flatcar-linux/kubernetes/workers/variables.tf index a2612d97..458b1e8f 100644 --- a/azure/flatcar-linux/kubernetes/workers/variables.tf +++ b/azure/flatcar-linux/kubernetes/workers/variables.tf @@ -25,9 +25,12 @@ variable "security_group_id" { description = "Must be set to the `worker_security_group_id` output by cluster" } -variable "backend_address_pool_id" { - type = string - description = "Must be set to the `worker_backend_address_pool_id` output by cluster" +variable "backend_address_pool_ids" { + type = object({ + ipv4 = list(string) + ipv6 = list(string) + }) + description = "Must be set to the `backend_address_pool_ids` output by cluster" } # instances diff --git a/azure/flatcar-linux/kubernetes/workers/workers.tf b/azure/flatcar-linux/kubernetes/workers/workers.tf index a0eaf066..da9994b2 100644 --- a/azure/flatcar-linux/kubernetes/workers/workers.tf +++ b/azure/flatcar-linux/kubernetes/workers/workers.tf @@ -9,19 +9,14 @@ locals { # Workers scale set resource "azurerm_linux_virtual_machine_scale_set" "workers" { + name = "${var.name}-worker" resource_group_name = var.resource_group_name - - name = "${var.name}-worker" - location = var.region - sku = var.vm_type - instances = var.worker_count + location = var.region + sku = var.vm_type + instances = var.worker_count # instance name prefix for instances in the set computer_name_prefix = "${var.name}-worker" single_placement_group = false - custom_data = base64encode(data.ct_config.worker.rendered) - boot_diagnostics { - # defaults to a managed storage account - } # storage os_disk { @@ -46,13 +41,6 @@ resource "azurerm_linux_virtual_machine_scale_set" "workers" { } } - # Azure requires setting admin_ssh_key, though Ignition custom_data handles it too - admin_username = "core" - admin_ssh_key { - username = "core" - public_key = local.azure_authorized_key - } - # network network_interface { name = "nic0" @@ -60,13 +48,33 @@ resource "azurerm_linux_virtual_machine_scale_set" "workers" { network_security_group_id = var.security_group_id ip_configuration { - name = "ip0" + name = "ipv4" + version = "IPv4" primary = true subnet_id = var.subnet_id - # backend address pool to which the NIC should be added - load_balancer_backend_address_pool_ids = [var.backend_address_pool_id] + load_balancer_backend_address_pool_ids = var.backend_address_pool_ids.ipv4 } + ip_configuration { + name = "ipv6" + version = "IPv6" + subnet_id = var.subnet_id + # backend address pool to which the NIC should be added + load_balancer_backend_address_pool_ids = var.backend_address_pool_ids.ipv6 + } + } + + # boot + custom_data = base64encode(data.ct_config.worker.rendered) + boot_diagnostics { + # defaults to a managed storage account + } + + # Azure requires an RSA admin_ssh_key + admin_username = "core" + admin_ssh_key { + username = "core" + public_key = local.azure_authorized_key } # lifecycle @@ -81,18 +89,15 @@ resource "azurerm_linux_virtual_machine_scale_set" "workers" { # Scale up or down to maintain desired number, tolerating deallocations. resource "azurerm_monitor_autoscale_setting" "workers" { + name = "${var.name}-maintain-desired" resource_group_name = var.resource_group_name - - name = "${var.name}-maintain-desired" - location = var.region - + location = var.region # autoscale enabled = true target_resource_id = azurerm_linux_virtual_machine_scale_set.workers.id profile { name = "default" - capacity { minimum = var.worker_count default = var.worker_count diff --git a/docs/addons/ingress.md b/docs/addons/ingress.md index 14689c37..f72e5128 100644 --- a/docs/addons/ingress.md +++ b/docs/addons/ingress.md @@ -37,7 +37,7 @@ resource "google_dns_record_set" "some-application" { ## Azure -On Azure, a load balancer distributes traffic across a backend address pool of worker nodes running an Ingress controller deployment. Security group rules allow traffic to ports 80 and 443. Health probes ensure only workers with a healthy Ingress controller receive traffic. +On Azure, an Azure Load Balancer distributes IPv4/IPv6 traffic across backend address pools of worker nodes running an Ingress controller deployment. Security group rules allow traffic to ports 80 and 443. Health probes ensure only workers with a healthy Ingress controller receive traffic. Create the Ingress controller deployment, service, RBAC roles, RBAC bindings, and namespace. @@ -53,10 +53,10 @@ app2.example.com -> 11.22.33.44 app3.example.com -> 11.22.33.44 ``` -Find the load balancer's IPv4 address with the Azure console or use the Typhoon module's output `ingress_static_ipv4`. For example, you might use Terraform to manage a Google Cloud DNS record: +Find the load balancer's addresses with the Azure console or use the Typhoon module's outputs `ingress_static_ipv4` or `ingress_static_ipv6`. For example, you might use Terraform to manage a Google Cloud DNS record: ```tf -resource "google_dns_record_set" "some-application" { +resource "google_dns_record_set" "app-record-a" { # DNS zone name managed_zone = "example-zone" @@ -66,6 +66,17 @@ resource "google_dns_record_set" "some-application" { ttl = 300 rrdatas = [module.ramius.ingress_static_ipv4] } + +resource "google_dns_record_set" "app-record-aaaa" { + # DNS zone name + managed_zone = "example-zone" + + # DNS record + name = "app.example.com." + type = "AAAA" + ttl = 300 + rrdatas = [module.ramius.ingress_static_ipv6] +} ``` ## Bare-Metal diff --git a/docs/advanced/worker-pools.md b/docs/advanced/worker-pools.md index ae325a1e..c1eb57d9 100644 --- a/docs/advanced/worker-pools.md +++ b/docs/advanced/worker-pools.md @@ -114,11 +114,11 @@ Create a cluster following the Azure [tutorial](../flatcar-linux/azure.md#cluste source = "git::https://github.com/poseidon/typhoon//azure/fedora-coreos/kubernetes/workers?ref=v1.30.2" # Azure - region = module.ramius.region - resource_group_name = module.ramius.resource_group_name - subnet_id = module.ramius.subnet_id - security_group_id = module.ramius.security_group_id - backend_address_pool_id = module.ramius.backend_address_pool_id + region = module.ramius.region + resource_group_name = module.ramius.resource_group_name + subnet_id = module.ramius.subnet_id + security_group_id = module.ramius.security_group_id + backend_address_pool_ids = module.ramius.backend_address_pool_ids # configuration name = "ramius-spot" @@ -127,7 +127,7 @@ Create a cluster following the Azure [tutorial](../flatcar-linux/azure.md#cluste # optional worker_count = 2 - vm_type = "Standard_F4" + vm_type = "Standard_D2as_v5" priority = "Spot" os_image = "/subscriptions/some/path/Microsoft.Compute/images/fedora-coreos-31.20200323.3.2" } @@ -140,11 +140,11 @@ Create a cluster following the Azure [tutorial](../flatcar-linux/azure.md#cluste source = "git::https://github.com/poseidon/typhoon//azure/flatcar-linux/kubernetes/workers?ref=v1.30.2" # Azure - region = module.ramius.region - resource_group_name = module.ramius.resource_group_name - subnet_id = module.ramius.subnet_id - security_group_id = module.ramius.security_group_id - backend_address_pool_id = module.ramius.backend_address_pool_id + region = module.ramius.region + resource_group_name = module.ramius.resource_group_name + subnet_id = module.ramius.subnet_id + security_group_id = module.ramius.security_group_id + backend_address_pool_ids = module.ramius.backend_address_pool_ids # configuration name = "ramius-spot" @@ -153,7 +153,7 @@ Create a cluster following the Azure [tutorial](../flatcar-linux/azure.md#cluste # optional worker_count = 2 - vm_type = "Standard_F4" + vm_type = "Standard_D2as_v5" priority = "Spot" os_image = "flatcar-beta" } @@ -180,7 +180,7 @@ The Azure internal `workers` module supports a number of [variables](https://git | resource_group_name | Must be set to `resource_group_name` output by cluster | module.cluster.resource_group_name | | subnet_id | Must be set to `subnet_id` output by cluster | module.cluster.subnet_id | | security_group_id | Must be set to `security_group_id` output by cluster | module.cluster.security_group_id | -| backend_address_pool_id | Must be set to `backend_address_pool_id` output by cluster | module.cluster.backend_address_pool_id | +| backend_address_pool_ids | Must be set to `backend_address_pool_ids` output by cluster | module.cluster.backend_address_pool_ids | | kubeconfig | Must be set to `kubeconfig` output by cluster | module.cluster.kubeconfig | | ssh_authorized_key | SSH public key for user 'core' | "ssh-ed25519 AAAAB3NZ..." | diff --git a/docs/architecture/azure.md b/docs/architecture/azure.md index 587e298d..5e76a14b 100644 --- a/docs/architecture/azure.md +++ b/docs/architecture/azure.md @@ -10,9 +10,9 @@ A load balancer distributes IPv4 TCP/6443 traffic across a backend address pool ### HTTP/HTTPS Ingress -A load balancer distributes IPv4 TCP/80 and TCP/443 traffic across a backend address pool of workers with a healthy Ingress controller. +An Azure Load Balancer distributes IPv4/IPv6 TCP/80 and TCP/443 traffic across backend address pools of workers with a healthy Ingress controller. -The Azure LB IPv4 address is output as `ingress_static_ipv4` for use in DNS A records. See [Ingress on Azure](/addons/ingress/#azure). +The load balancer addresses are output as `ingress_static_ipv4` and `ingress_static_ipv6` for use in DNS A and AAAA records. See [Ingress on Azure](/addons/ingress/#azure). ### TCP/UDP Services @@ -21,27 +21,25 @@ Load balance TCP/UDP applications by adding rules to the Azure LB (output). A ru ```tf # Forward traffic to the worker backend address pool resource "azurerm_lb_rule" "some-app-tcp" { - resource_group_name = module.ramius.resource_group_name - name = "some-app-tcp" + resource_group_name = module.ramius.resource_group_name loadbalancer_id = module.ramius.loadbalancer_id - frontend_ip_configuration_name = "ingress" + frontend_ip_configuration_name = "ingress-ipv4" - protocol = "Tcp" - frontend_port = 3333 - backend_port = 30333 - backend_address_pool_id = module.ramius.backend_address_pool_id - probe_id = azurerm_lb_probe.some-app.id + protocol = "Tcp" + frontend_port = 3333 + backend_port = 30333 + backend_address_pool_ids = module.ramius.backend_address_pool_ids.ipv4 + probe_id = azurerm_lb_probe.some-app.id } # Health check some-app resource "azurerm_lb_probe" "some-app" { + name = "some-app" resource_group_name = module.ramius.resource_group_name - - name = "some-app" - loadbalancer_id = module.ramius.loadbalancer_id - protocol = "Tcp" - port = 30333 + loadbalancer_id = module.ramius.loadbalancer_id + protocol = "Tcp" + port = 30333 } ``` @@ -51,9 +49,8 @@ Add firewall rules to the worker security group. ```tf resource "azurerm_network_security_rule" "some-app" { - resource_group_name = module.ramius.resource_group_name - name = "some-app" + resource_group_name = module.ramius.resource_group_name network_security_group_name = module.ramius.worker_security_group_name priority = "3001" access = "Allow" @@ -62,7 +59,7 @@ resource "azurerm_network_security_rule" "some-app" { source_port_range = "*" destination_port_range = "30333" source_address_prefix = "*" - destination_address_prefixes = module.ramius.worker_address_prefixes + destination_address_prefixes = module.ramius.worker_address_prefixes.ipv4 } ``` @@ -72,6 +69,6 @@ Azure does not provide public IPv6 addresses at the standard SKU. | IPv6 Feature | Supported | |-------------------------|-----------| -| Node IPv6 address | No | -| Node Outbound IPv6 | No | -| Kubernetes Ingress IPv6 | No | +| Node IPv6 address | Yes | +| Node Outbound IPv6 | Yes | +| Kubernetes Ingress IPv6 | Yes | diff --git a/docs/fedora-coreos/azure.md b/docs/fedora-coreos/azure.md index ccced47a..9cdae709 100644 --- a/docs/fedora-coreos/azure.md +++ b/docs/fedora-coreos/azure.md @@ -67,15 +67,15 @@ Fedora CoreOS publishes images for Azure, but does not yet upload them. Azure al [Download](https://getfedora.org/en/coreos/download?tab=cloud_operators&stream=stable) a Fedora CoreOS Azure VHD image, decompress it, and upload it to an Azure storage account container (i.e. bucket) via the UI (quite slow). ``` -xz -d fedora-coreos-36.20220716.3.1-azure.x86_64.vhd.xz +xz -d fedora-coreos-40.20240616.3.0-azure.x86_64.vhd.xz ``` Create an Azure disk (note disk ID) and create an Azure image from it (note image ID). ``` -az disk create --name fedora-coreos-36.20220716.3.1 -g GROUP --source https://BUCKET.blob.core.windows.net/fedora-coreos/fedora-coreos-36.20220716.3.1-azure.x86_64.vhd +az disk create --name fedora-coreos-40.20240616.3.0 -g GROUP --source https://BUCKET.blob.core.windows.net/images/fedora-coreos-40.20240616.3.0-azure.x86_64.vhd -az image create --name fedora-coreos-36.20220716.3.1 -g GROUP --os-type=linux --source /subscriptions/some/path/providers/Microsoft.Compute/disks/fedora-coreos-36.20220716.3.1 +az image create --name fedora-coreos-40.20240616.3.0 -g GROUP --os-type linux --source /subscriptions/some/path/Microsoft.Compute/disks/fedora-coreos-40.20240616.3.0 ``` Set the [os_image](#variables) in the next step. @@ -100,7 +100,9 @@ module "ramius" { # optional worker_count = 2 - host_cidr = "10.0.0.0/20" + network_cidr = { + ipv4 = ["10.0.0.0/20"] + } } ``` @@ -246,7 +248,7 @@ Reference the DNS zone with `azurerm_dns_zone.clusters.name` and its resource gr | controller_snippets | Controller Butane snippets | [] | [example](/advanced/customization/#usage) | | worker_snippets | Worker Butane snippets | [] | [example](/advanced/customization/#usage) | | networking | Choice of networking provider | "cilium" | "calico" or "cilium" or "flannel" | -| host_cidr | CIDR IPv4 range to assign to instances | "10.0.0.0/16" | "10.0.0.0/20" | +| network_cidr | Virtual network CIDR ranges | { ipv4 = ["10.0.0.0/16"], ipv6 = [ULA, ...] } | { ipv4 = ["10.0.0.0/20"] } | | pod_cidr | CIDR IPv4 range to assign to Kubernetes pods | "10.2.0.0/16" | "10.22.0.0/16" | | service_cidr | CIDR IPv4 range to assign to Kubernetes services | "10.3.0.0/16" | "10.3.0.0/24" | | worker_node_labels | List of initial worker node labels | [] | ["worker-pool=default"] | diff --git a/docs/flatcar-linux/azure.md b/docs/flatcar-linux/azure.md index 39ebb42f..8a7d4fa3 100644 --- a/docs/flatcar-linux/azure.md +++ b/docs/flatcar-linux/azure.md @@ -88,7 +88,9 @@ module "ramius" { # optional worker_count = 2 - host_cidr = "10.0.0.0/20" + network_cidr = { + ipv4 = ["10.0.0.0/20"] + } } ``` @@ -234,7 +236,7 @@ Reference the DNS zone with `azurerm_dns_zone.clusters.name` and its resource gr | controller_snippets | Controller Container Linux Config snippets | [] | [example](/advanced/customization/#usage) | | worker_snippets | Worker Container Linux Config snippets | [] | [example](/advanced/customization/#usage) | | networking | Choice of networking provider | "cilium" | "calico" or "cilium" or "flannel" | -| host_cidr | CIDR IPv4 range to assign to instances | "10.0.0.0/16" | "10.0.0.0/20" | +| network_cidr | Virtual network CIDR ranges | { ipv4 = ["10.0.0.0/16"], ipv6 = [ULA, ...] } | { ipv4 = ["10.0.0.0/20"] } | | pod_cidr | CIDR IPv4 range to assign to Kubernetes pods | "10.2.0.0/16" | "10.22.0.0/16" | | service_cidr | CIDR IPv4 range to assign to Kubernetes services | "10.3.0.0/16" | "10.3.0.0/24" | | worker_node_labels | List of initial worker node labels | [] | ["worker-pool=default"] | From 24b7f31c55d3dbae41e9a31e38bf9156abd5d0de Mon Sep 17 00:00:00 2001 From: Dalton Hubble Date: Mon, 8 Jul 2024 21:20:46 -0700 Subject: [PATCH 067/132] Rename Azure cluster region variable to location * Rename the region variable to location to align with Azure platform conventions, where resources are created within an Azure location, which are themselves part of broader geographical regions --- CHANGES.md | 3 +++ azure/fedora-coreos/kubernetes/controllers.tf | 4 ++-- azure/fedora-coreos/kubernetes/lb.tf | 8 ++++---- azure/fedora-coreos/kubernetes/network.tf | 2 +- azure/fedora-coreos/kubernetes/outputs.tf | 2 +- azure/fedora-coreos/kubernetes/variables.tf | 4 ++-- azure/fedora-coreos/kubernetes/workers.tf | 2 +- azure/fedora-coreos/kubernetes/workers/variables.tf | 4 ++-- azure/fedora-coreos/kubernetes/workers/workers.tf | 4 ++-- azure/flatcar-linux/kubernetes/controllers.tf | 4 ++-- azure/flatcar-linux/kubernetes/lb.tf | 8 ++++---- azure/flatcar-linux/kubernetes/network.tf | 2 +- azure/flatcar-linux/kubernetes/outputs.tf | 2 +- azure/flatcar-linux/kubernetes/variables.tf | 4 ++-- azure/flatcar-linux/kubernetes/workers.tf | 2 +- azure/flatcar-linux/kubernetes/workers/variables.tf | 4 ++-- azure/flatcar-linux/kubernetes/workers/workers.tf | 4 ++-- docs/advanced/arm64.md | 3 +-- docs/advanced/worker-pools.md | 4 ++-- docs/fedora-coreos/azure.md | 6 +++--- docs/flatcar-linux/azure.md | 6 +++--- 21 files changed, 42 insertions(+), 40 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index 45efc341..85f55597 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -6,6 +6,7 @@ Notable changes between versions. ### Azure +* Rename `region` variable to `location` to align with Azure platform conventions * Configure the virtual network and subnets with IPv6 private address space * Change `host_cidr` variable (string) to a `network_cidr` object with `ipv4` and `ipv6` fields that list CIDR strings. Leave the variable unset to use the defaults. (**breaking**) * Add support for dual-stack Kubernetes Ingress Load Balancing @@ -21,6 +22,8 @@ Notable changes between versions. ```diff module "cluster" { ... +- region = "centralus" ++ location = "centralus" # optional - host_cidr = "10.0.0.0/16" + network_cidr = { diff --git a/azure/fedora-coreos/kubernetes/controllers.tf b/azure/fedora-coreos/kubernetes/controllers.tf index 346d6584..7ee07f6f 100644 --- a/azure/fedora-coreos/kubernetes/controllers.tf +++ b/azure/fedora-coreos/kubernetes/controllers.tf @@ -26,7 +26,7 @@ resource "azurerm_dns_a_record" "etcds" { resource "azurerm_availability_set" "controllers" { name = "${var.cluster_name}-controllers" resource_group_name = azurerm_resource_group.cluster.name - location = var.region + location = var.location platform_fault_domain_count = 2 platform_update_domain_count = 4 managed = true @@ -38,7 +38,7 @@ resource "azurerm_linux_virtual_machine" "controllers" { name = "${var.cluster_name}-controller-${count.index}" resource_group_name = azurerm_resource_group.cluster.name - location = var.region + location = var.location availability_set_id = azurerm_availability_set.controllers.id size = var.controller_type diff --git a/azure/fedora-coreos/kubernetes/lb.tf b/azure/fedora-coreos/kubernetes/lb.tf index e9a7223f..5abd92b9 100644 --- a/azure/fedora-coreos/kubernetes/lb.tf +++ b/azure/fedora-coreos/kubernetes/lb.tf @@ -17,7 +17,7 @@ resource "azurerm_dns_a_record" "apiserver" { resource "azurerm_public_ip" "apiserver-ipv4" { name = "${var.cluster_name}-apiserver-ipv4" resource_group_name = azurerm_resource_group.cluster.name - location = var.region + location = var.location sku = "Standard" allocation_method = "Static" } @@ -26,7 +26,7 @@ resource "azurerm_public_ip" "apiserver-ipv4" { resource "azurerm_public_ip" "ingress-ipv4" { name = "${var.cluster_name}-ingress-ipv4" resource_group_name = azurerm_resource_group.cluster.name - location = var.region + location = var.location ip_version = "IPv4" sku = "Standard" allocation_method = "Static" @@ -36,7 +36,7 @@ resource "azurerm_public_ip" "ingress-ipv4" { resource "azurerm_public_ip" "ingress-ipv6" { name = "${var.cluster_name}-ingress-ipv6" resource_group_name = azurerm_resource_group.cluster.name - location = var.region + location = var.location ip_version = "IPv6" sku = "Standard" allocation_method = "Static" @@ -46,7 +46,7 @@ resource "azurerm_public_ip" "ingress-ipv6" { resource "azurerm_lb" "cluster" { name = var.cluster_name resource_group_name = azurerm_resource_group.cluster.name - location = var.region + location = var.location sku = "Standard" frontend_ip_configuration { diff --git a/azure/fedora-coreos/kubernetes/network.tf b/azure/fedora-coreos/kubernetes/network.tf index 1f1599fd..b2dce8d0 100644 --- a/azure/fedora-coreos/kubernetes/network.tf +++ b/azure/fedora-coreos/kubernetes/network.tf @@ -19,7 +19,7 @@ locals { # Organize cluster into a resource group resource "azurerm_resource_group" "cluster" { name = var.cluster_name - location = var.region + location = var.location } resource "azurerm_virtual_network" "network" { diff --git a/azure/fedora-coreos/kubernetes/outputs.tf b/azure/fedora-coreos/kubernetes/outputs.tf index 8b6f4897..0182bd56 100644 --- a/azure/fedora-coreos/kubernetes/outputs.tf +++ b/azure/fedora-coreos/kubernetes/outputs.tf @@ -17,7 +17,7 @@ output "ingress_static_ipv6" { # Outputs for worker pools -output "region" { +output "location" { value = azurerm_resource_group.cluster.location } diff --git a/azure/fedora-coreos/kubernetes/variables.tf b/azure/fedora-coreos/kubernetes/variables.tf index a36af4b8..a8dd877b 100644 --- a/azure/fedora-coreos/kubernetes/variables.tf +++ b/azure/fedora-coreos/kubernetes/variables.tf @@ -5,9 +5,9 @@ variable "cluster_name" { # Azure -variable "region" { +variable "location" { type = string - description = "Azure Region (e.g. centralus , see `az account list-locations --output table`)" + description = "Azure location (e.g. centralus , see `az account list-locations --output table`)" } variable "dns_zone" { diff --git a/azure/fedora-coreos/kubernetes/workers.tf b/azure/fedora-coreos/kubernetes/workers.tf index 9427fcd4..641ad226 100644 --- a/azure/fedora-coreos/kubernetes/workers.tf +++ b/azure/fedora-coreos/kubernetes/workers.tf @@ -4,7 +4,7 @@ module "workers" { # Azure resource_group_name = azurerm_resource_group.cluster.name - region = azurerm_resource_group.cluster.location + location = azurerm_resource_group.cluster.location subnet_id = azurerm_subnet.worker.id security_group_id = azurerm_network_security_group.worker.id backend_address_pool_ids = local.backend_address_pool_ids diff --git a/azure/fedora-coreos/kubernetes/workers/variables.tf b/azure/fedora-coreos/kubernetes/workers/variables.tf index 8144fb74..f009a8c8 100644 --- a/azure/fedora-coreos/kubernetes/workers/variables.tf +++ b/azure/fedora-coreos/kubernetes/workers/variables.tf @@ -5,9 +5,9 @@ variable "name" { # Azure -variable "region" { +variable "location" { type = string - description = "Must be set to the Azure Region of cluster" + description = "Must be set to the Azure location of cluster" } variable "resource_group_name" { diff --git a/azure/fedora-coreos/kubernetes/workers/workers.tf b/azure/fedora-coreos/kubernetes/workers/workers.tf index 9efe78f3..ae20c4ff 100644 --- a/azure/fedora-coreos/kubernetes/workers/workers.tf +++ b/azure/fedora-coreos/kubernetes/workers/workers.tf @@ -6,7 +6,7 @@ locals { resource "azurerm_linux_virtual_machine_scale_set" "workers" { name = "${var.name}-worker" resource_group_name = var.resource_group_name - location = var.region + location = var.location sku = var.vm_type instances = var.worker_count # instance name prefix for instances in the set @@ -70,7 +70,7 @@ resource "azurerm_linux_virtual_machine_scale_set" "workers" { resource "azurerm_monitor_autoscale_setting" "workers" { name = "${var.name}-maintain-desired" resource_group_name = var.resource_group_name - location = var.region + location = var.location # autoscale enabled = true target_resource_id = azurerm_linux_virtual_machine_scale_set.workers.id diff --git a/azure/flatcar-linux/kubernetes/controllers.tf b/azure/flatcar-linux/kubernetes/controllers.tf index e69b75a2..31ffd863 100644 --- a/azure/flatcar-linux/kubernetes/controllers.tf +++ b/azure/flatcar-linux/kubernetes/controllers.tf @@ -32,7 +32,7 @@ resource "azurerm_dns_a_record" "etcds" { resource "azurerm_availability_set" "controllers" { name = "${var.cluster_name}-controllers" resource_group_name = azurerm_resource_group.cluster.name - location = var.region + location = var.location platform_fault_domain_count = 2 platform_update_domain_count = 4 managed = true @@ -44,7 +44,7 @@ resource "azurerm_linux_virtual_machine" "controllers" { name = "${var.cluster_name}-controller-${count.index}" resource_group_name = azurerm_resource_group.cluster.name - location = var.region + location = var.location availability_set_id = azurerm_availability_set.controllers.id size = var.controller_type diff --git a/azure/flatcar-linux/kubernetes/lb.tf b/azure/flatcar-linux/kubernetes/lb.tf index 04fc832e..b3d6bc0c 100644 --- a/azure/flatcar-linux/kubernetes/lb.tf +++ b/azure/flatcar-linux/kubernetes/lb.tf @@ -17,7 +17,7 @@ resource "azurerm_dns_a_record" "apiserver" { resource "azurerm_public_ip" "apiserver-ipv4" { name = "${var.cluster_name}-apiserver-ipv4" resource_group_name = azurerm_resource_group.cluster.name - location = var.region + location = var.location sku = "Standard" allocation_method = "Static" } @@ -26,7 +26,7 @@ resource "azurerm_public_ip" "apiserver-ipv4" { resource "azurerm_public_ip" "ingress-ipv4" { name = "${var.cluster_name}-ingress-ipv4" resource_group_name = azurerm_resource_group.cluster.name - location = var.region + location = var.location ip_version = "IPv4" sku = "Standard" allocation_method = "Static" @@ -36,7 +36,7 @@ resource "azurerm_public_ip" "ingress-ipv4" { resource "azurerm_public_ip" "ingress-ipv6" { name = "${var.cluster_name}-ingress-ipv6" resource_group_name = azurerm_resource_group.cluster.name - location = var.region + location = var.location ip_version = "IPv6" sku = "Standard" allocation_method = "Static" @@ -46,7 +46,7 @@ resource "azurerm_public_ip" "ingress-ipv6" { resource "azurerm_lb" "cluster" { name = var.cluster_name resource_group_name = azurerm_resource_group.cluster.name - location = var.region + location = var.location sku = "Standard" frontend_ip_configuration { diff --git a/azure/flatcar-linux/kubernetes/network.tf b/azure/flatcar-linux/kubernetes/network.tf index 19118bec..5b690c0f 100644 --- a/azure/flatcar-linux/kubernetes/network.tf +++ b/azure/flatcar-linux/kubernetes/network.tf @@ -19,7 +19,7 @@ locals { # Organize cluster into a resource group resource "azurerm_resource_group" "cluster" { name = var.cluster_name - location = var.region + location = var.location } resource "azurerm_virtual_network" "network" { diff --git a/azure/flatcar-linux/kubernetes/outputs.tf b/azure/flatcar-linux/kubernetes/outputs.tf index 8b6f4897..0182bd56 100644 --- a/azure/flatcar-linux/kubernetes/outputs.tf +++ b/azure/flatcar-linux/kubernetes/outputs.tf @@ -17,7 +17,7 @@ output "ingress_static_ipv6" { # Outputs for worker pools -output "region" { +output "location" { value = azurerm_resource_group.cluster.location } diff --git a/azure/flatcar-linux/kubernetes/variables.tf b/azure/flatcar-linux/kubernetes/variables.tf index 476853ab..57a4e3d3 100644 --- a/azure/flatcar-linux/kubernetes/variables.tf +++ b/azure/flatcar-linux/kubernetes/variables.tf @@ -5,9 +5,9 @@ variable "cluster_name" { # Azure -variable "region" { +variable "location" { type = string - description = "Azure Region (e.g. centralus , see `az account list-locations --output table`)" + description = "Azure location (e.g. centralus , see `az account list-locations --output table`)" } variable "dns_zone" { diff --git a/azure/flatcar-linux/kubernetes/workers.tf b/azure/flatcar-linux/kubernetes/workers.tf index 3b212128..cd60d447 100644 --- a/azure/flatcar-linux/kubernetes/workers.tf +++ b/azure/flatcar-linux/kubernetes/workers.tf @@ -4,7 +4,7 @@ module "workers" { # Azure resource_group_name = azurerm_resource_group.cluster.name - region = azurerm_resource_group.cluster.location + location = azurerm_resource_group.cluster.location subnet_id = azurerm_subnet.worker.id security_group_id = azurerm_network_security_group.worker.id backend_address_pool_ids = local.backend_address_pool_ids diff --git a/azure/flatcar-linux/kubernetes/workers/variables.tf b/azure/flatcar-linux/kubernetes/workers/variables.tf index 458b1e8f..6fc2fab8 100644 --- a/azure/flatcar-linux/kubernetes/workers/variables.tf +++ b/azure/flatcar-linux/kubernetes/workers/variables.tf @@ -5,9 +5,9 @@ variable "name" { # Azure -variable "region" { +variable "location" { type = string - description = "Must be set to the Azure Region of cluster" + description = "Must be set to the Azure location of cluster" } variable "resource_group_name" { diff --git a/azure/flatcar-linux/kubernetes/workers/workers.tf b/azure/flatcar-linux/kubernetes/workers/workers.tf index da9994b2..fbd109fc 100644 --- a/azure/flatcar-linux/kubernetes/workers/workers.tf +++ b/azure/flatcar-linux/kubernetes/workers/workers.tf @@ -11,7 +11,7 @@ locals { resource "azurerm_linux_virtual_machine_scale_set" "workers" { name = "${var.name}-worker" resource_group_name = var.resource_group_name - location = var.region + location = var.location sku = var.vm_type instances = var.worker_count # instance name prefix for instances in the set @@ -91,7 +91,7 @@ resource "azurerm_linux_virtual_machine_scale_set" "workers" { resource "azurerm_monitor_autoscale_setting" "workers" { name = "${var.name}-maintain-desired" resource_group_name = var.resource_group_name - location = var.region + location = var.location # autoscale enabled = true target_resource_id = azurerm_linux_virtual_machine_scale_set.workers.id diff --git a/docs/advanced/arm64.md b/docs/advanced/arm64.md index 9cfcb715..c859d77b 100644 --- a/docs/advanced/arm64.md +++ b/docs/advanced/arm64.md @@ -190,7 +190,7 @@ module "ramius" { # Azure cluster_name = "ramius" - region = "centralus" + location = "centralus" dns_zone = "azure.example.com" dns_zone_group = "example-group" @@ -202,6 +202,5 @@ module "ramius" { controller_type = "Standard_D2pls_v5" worker_type = "Standard_D2pls_v5" worker_count = 2 - host_cidr = "10.0.0.0/20" } ``` diff --git a/docs/advanced/worker-pools.md b/docs/advanced/worker-pools.md index c1eb57d9..f03aebfb 100644 --- a/docs/advanced/worker-pools.md +++ b/docs/advanced/worker-pools.md @@ -114,7 +114,7 @@ Create a cluster following the Azure [tutorial](../flatcar-linux/azure.md#cluste source = "git::https://github.com/poseidon/typhoon//azure/fedora-coreos/kubernetes/workers?ref=v1.30.2" # Azure - region = module.ramius.region + location = module.ramius.location resource_group_name = module.ramius.resource_group_name subnet_id = module.ramius.subnet_id security_group_id = module.ramius.security_group_id @@ -140,7 +140,7 @@ Create a cluster following the Azure [tutorial](../flatcar-linux/azure.md#cluste source = "git::https://github.com/poseidon/typhoon//azure/flatcar-linux/kubernetes/workers?ref=v1.30.2" # Azure - region = module.ramius.region + location = module.ramius.location resource_group_name = module.ramius.resource_group_name subnet_id = module.ramius.subnet_id security_group_id = module.ramius.security_group_id diff --git a/docs/fedora-coreos/azure.md b/docs/fedora-coreos/azure.md index 9cdae709..089f03dd 100644 --- a/docs/fedora-coreos/azure.md +++ b/docs/fedora-coreos/azure.md @@ -90,7 +90,7 @@ module "ramius" { # Azure cluster_name = "ramius" - region = "centralus" + location = "centralus" dns_zone = "azure.example.com" dns_zone_group = "example-group" @@ -199,14 +199,14 @@ Check the [variables.tf](https://github.com/poseidon/typhoon/blob/master/azure/f | Name | Description | Example | |:-----|:------------|:--------| | cluster_name | Unique cluster name (prepended to dns_zone) | "ramius" | -| region | Azure region | "centralus" | +| location | Azure location | "centralus" | | dns_zone | Azure DNS zone | "azure.example.com" | | dns_zone_group | Resource group where the Azure DNS zone resides | "global" | | os_image | Fedora CoreOS image for instances | "/subscriptions/..../custom-image" | | ssh_authorized_key | SSH public key for user 'core' | "ssh-ed25519 AAAAB3NZ..." | !!! tip - Regions are shown in [docs](https://azure.microsoft.com/en-us/global-infrastructure/regions/) or with `az account list-locations --output table`. + Locations are shown in [docs](https://azure.microsoft.com/en-us/global-infrastructure/regions/) or with `az account list-locations --output table`. #### DNS Zone diff --git a/docs/flatcar-linux/azure.md b/docs/flatcar-linux/azure.md index 8a7d4fa3..c97169a4 100644 --- a/docs/flatcar-linux/azure.md +++ b/docs/flatcar-linux/azure.md @@ -79,7 +79,7 @@ module "ramius" { # Azure cluster_name = "ramius" - region = "centralus" + location = "centralus" dns_zone = "azure.example.com" dns_zone_group = "example-group" @@ -187,13 +187,13 @@ Check the [variables.tf](https://github.com/poseidon/typhoon/blob/master/azure/f | Name | Description | Example | |:-----|:------------|:--------| | cluster_name | Unique cluster name (prepended to dns_zone) | "ramius" | -| region | Azure region | "centralus" | +| location | Azure location | "centralus" | | dns_zone | Azure DNS zone | "azure.example.com" | | dns_zone_group | Resource group where the Azure DNS zone resides | "global" | | ssh_authorized_key | SSH public key for user 'core' | "ssh-rsa AAAAB3NZ..." | !!! tip - Regions are shown in [docs](https://azure.microsoft.com/en-us/global-infrastructure/regions/) or with `az account list-locations --output table`. + Locations are shown in [docs](https://azure.microsoft.com/en-us/global-infrastructure/regions/) or with `az account list-locations --output table`. #### DNS Zone From a4fab610663f5187916a311b520b2fddfa1e37f4 Mon Sep 17 00:00:00 2001 From: Dalton Hubble Date: Wed, 10 Jul 2024 21:49:41 -0700 Subject: [PATCH 068/132] Remove an IPv4 address from Azure clusters * Consolidate load balancer frontend IPs to just the minimal IPv4 and IPv6 addresses that are needed per load balancer. apiserver and ingress use separate ports, so there is not a true need for a separate public IPv4 address just for apiserver * Some might prefer a separate IP just because it slightly hides the apiserver, but these are public hosted endpoints that can be discovered * Reduce the cost of an Azure cluster since IPv4 public IPs are billed ($3.60/mo/cluster) --- CHANGES.md | 3 +- azure/fedora-coreos/kubernetes/controllers.tf | 20 ++-- azure/fedora-coreos/kubernetes/lb.tf | 95 +++++++++++-------- azure/fedora-coreos/kubernetes/outputs.tf | 4 +- azure/flatcar-linux/kubernetes/controllers.tf | 22 +++-- azure/flatcar-linux/kubernetes/lb.tf | 93 ++++++++++-------- azure/flatcar-linux/kubernetes/outputs.tf | 4 +- 7 files changed, 140 insertions(+), 101 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index 85f55597..e2a40194 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -6,7 +6,6 @@ Notable changes between versions. ### Azure -* Rename `region` variable to `location` to align with Azure platform conventions * Configure the virtual network and subnets with IPv6 private address space * Change `host_cidr` variable (string) to a `network_cidr` object with `ipv4` and `ipv6` fields that list CIDR strings. Leave the variable unset to use the defaults. (**breaking**) * Add support for dual-stack Kubernetes Ingress Load Balancing @@ -18,6 +17,8 @@ Notable changes between versions. * Configure controller nodes to have a public IPv6 address * Configure worker nodes to use outbound rules and the load balancer for SNAT * Extend network security rules to allow IPv6 traffic, analogous to IPv4 +* Rename `region` variable to `location` to align with Azure platform conventions ([#1469](https://github.com/poseidon/typhoon/pull/1469)) +* Reduce the number of public IPv4 addresses needed for the Azure load balancer ([#1470](https://github.com/poseidon/typhoon/pull/1470)) ```diff module "cluster" { diff --git a/azure/fedora-coreos/kubernetes/controllers.tf b/azure/fedora-coreos/kubernetes/controllers.tf index 7ee07f6f..dab74257 100644 --- a/azure/fedora-coreos/kubernetes/controllers.tf +++ b/azure/fedora-coreos/kubernetes/controllers.tf @@ -8,16 +8,14 @@ locals { # Discrete DNS records for each controller's private IPv4 for etcd usage resource "azurerm_dns_a_record" "etcds" { - count = var.controller_count - resource_group_name = var.dns_zone_group + count = var.controller_count # DNS Zone name where record should be created - zone_name = var.dns_zone - + zone_name = var.dns_zone + resource_group_name = var.dns_zone_group # DNS record name = format("%s-etcd%d", var.cluster_name, count.index) ttl = 300 - # private IPv4 address for etcd records = [azurerm_network_interface.controllers[count.index].private_ip_address] } @@ -135,12 +133,20 @@ resource "azurerm_network_interface_security_group_association" "controllers" { } # Associate controller network interface with controller backend address pool -resource "azurerm_network_interface_backend_address_pool_association" "controllers" { +resource "azurerm_network_interface_backend_address_pool_association" "controllers-ipv4" { count = var.controller_count network_interface_id = azurerm_network_interface.controllers[count.index].id ip_configuration_name = "ipv4" - backend_address_pool_id = azurerm_lb_backend_address_pool.controller.id + backend_address_pool_id = azurerm_lb_backend_address_pool.controller-ipv4.id +} + +resource "azurerm_network_interface_backend_address_pool_association" "controllers-ipv6" { + count = var.controller_count + + network_interface_id = azurerm_network_interface.controllers[count.index].id + ip_configuration_name = "ipv6" + backend_address_pool_id = azurerm_lb_backend_address_pool.controller-ipv6.id } # Fedora CoreOS controllers diff --git a/azure/fedora-coreos/kubernetes/lb.tf b/azure/fedora-coreos/kubernetes/lb.tf index 5abd92b9..cc706752 100644 --- a/azure/fedora-coreos/kubernetes/lb.tf +++ b/azure/fedora-coreos/kubernetes/lb.tf @@ -1,30 +1,30 @@ -# DNS record for the apiserver load balancer +# DNS A record for the apiserver load balancer resource "azurerm_dns_a_record" "apiserver" { - resource_group_name = var.dns_zone_group - # DNS Zone name where record should be created - zone_name = var.dns_zone - + zone_name = var.dns_zone + resource_group_name = var.dns_zone_group # DNS record name = var.cluster_name ttl = 300 - # IPv4 address of apiserver load balancer - records = [azurerm_public_ip.apiserver-ipv4.ip_address] + records = [azurerm_public_ip.frontend-ipv4.ip_address] } -# Static IPv4 address for the apiserver frontend -resource "azurerm_public_ip" "apiserver-ipv4" { - name = "${var.cluster_name}-apiserver-ipv4" - resource_group_name = azurerm_resource_group.cluster.name - location = var.location - sku = "Standard" - allocation_method = "Static" +# DNS AAAA record for the apiserver load balancer +resource "azurerm_dns_aaaa_record" "apiserver" { + # DNS Zone name where record should be created + zone_name = var.dns_zone + resource_group_name = var.dns_zone_group + # DNS record + name = var.cluster_name + ttl = 300 + # IPv4 address of apiserver load balancer + records = [azurerm_public_ip.frontend-ipv6.ip_address] } -# Static IPv4 address for the ingress frontend -resource "azurerm_public_ip" "ingress-ipv4" { - name = "${var.cluster_name}-ingress-ipv4" +# Static IPv4 address for the load balancer +resource "azurerm_public_ip" "frontend-ipv4" { + name = "${var.cluster_name}-frontend-ipv4" resource_group_name = azurerm_resource_group.cluster.name location = var.location ip_version = "IPv4" @@ -32,9 +32,9 @@ resource "azurerm_public_ip" "ingress-ipv4" { allocation_method = "Static" } -# Static IPv6 address for the ingress frontend -resource "azurerm_public_ip" "ingress-ipv6" { - name = "${var.cluster_name}-ingress-ipv6" +# Static IPv6 address for the load balancer +resource "azurerm_public_ip" "frontend-ipv6" { + name = "${var.cluster_name}-frontend-ipv6" resource_group_name = azurerm_resource_group.cluster.name location = var.location ip_version = "IPv6" @@ -50,38 +50,46 @@ resource "azurerm_lb" "cluster" { sku = "Standard" frontend_ip_configuration { - name = "apiserver" - public_ip_address_id = azurerm_public_ip.apiserver-ipv4.id + name = "frontend-ipv4" + public_ip_address_id = azurerm_public_ip.frontend-ipv4.id } frontend_ip_configuration { - name = "ingress-ipv4" - public_ip_address_id = azurerm_public_ip.ingress-ipv4.id - } - - frontend_ip_configuration { - name = "ingress-ipv6" - public_ip_address_id = azurerm_public_ip.ingress-ipv6.id + name = "frontend-ipv6" + public_ip_address_id = azurerm_public_ip.frontend-ipv6.id } } -resource "azurerm_lb_rule" "apiserver" { - name = "apiserver" +resource "azurerm_lb_rule" "apiserver-ipv4" { + name = "apiserver-ipv4" loadbalancer_id = azurerm_lb.cluster.id - frontend_ip_configuration_name = "apiserver" + frontend_ip_configuration_name = "frontend-ipv4" disable_outbound_snat = true protocol = "Tcp" frontend_port = 6443 backend_port = 6443 - backend_address_pool_ids = [azurerm_lb_backend_address_pool.controller.id] + backend_address_pool_ids = [azurerm_lb_backend_address_pool.controller-ipv4.id] + probe_id = azurerm_lb_probe.apiserver.id +} + +resource "azurerm_lb_rule" "apiserver-ipv6" { + name = "apiserver-ipv6" + loadbalancer_id = azurerm_lb.cluster.id + frontend_ip_configuration_name = "frontend-ipv6" + disable_outbound_snat = true + + protocol = "Tcp" + frontend_port = 6443 + backend_port = 6443 + backend_address_pool_ids = [azurerm_lb_backend_address_pool.controller-ipv6.id] probe_id = azurerm_lb_probe.apiserver.id } resource "azurerm_lb_rule" "ingress-http-ipv4" { name = "ingress-http-ipv4" loadbalancer_id = azurerm_lb.cluster.id - frontend_ip_configuration_name = "ingress-ipv4" + frontend_ip_configuration_name = "frontend-ipv4" disable_outbound_snat = true protocol = "Tcp" @@ -94,7 +102,7 @@ resource "azurerm_lb_rule" "ingress-http-ipv4" { resource "azurerm_lb_rule" "ingress-https-ipv4" { name = "ingress-https-ipv4" loadbalancer_id = azurerm_lb.cluster.id - frontend_ip_configuration_name = "ingress-ipv4" + frontend_ip_configuration_name = "frontend-ipv4" disable_outbound_snat = true protocol = "Tcp" @@ -107,7 +115,7 @@ resource "azurerm_lb_rule" "ingress-https-ipv4" { resource "azurerm_lb_rule" "ingress-http-ipv6" { name = "ingress-http-ipv6" loadbalancer_id = azurerm_lb.cluster.id - frontend_ip_configuration_name = "ingress-ipv6" + frontend_ip_configuration_name = "frontend-ipv6" disable_outbound_snat = true protocol = "Tcp" @@ -120,7 +128,7 @@ resource "azurerm_lb_rule" "ingress-http-ipv6" { resource "azurerm_lb_rule" "ingress-https-ipv6" { name = "ingress-https-ipv6" loadbalancer_id = azurerm_lb.cluster.id - frontend_ip_configuration_name = "ingress-ipv6" + frontend_ip_configuration_name = "frontend-ipv6" disable_outbound_snat = true protocol = "Tcp" @@ -133,8 +141,13 @@ resource "azurerm_lb_rule" "ingress-https-ipv6" { # Backend Address Pools # Address pool of controllers -resource "azurerm_lb_backend_address_pool" "controller" { - name = "controller" +resource "azurerm_lb_backend_address_pool" "controller-ipv4" { + name = "controller-ipv4" + loadbalancer_id = azurerm_lb.cluster.id +} + +resource "azurerm_lb_backend_address_pool" "controller-ipv6" { + name = "controller-ipv6" loadbalancer_id = azurerm_lb.cluster.id } @@ -182,7 +195,7 @@ resource "azurerm_lb_outbound_rule" "outbound-ipv4" { loadbalancer_id = azurerm_lb.cluster.id backend_address_pool_id = azurerm_lb_backend_address_pool.worker-ipv4.id frontend_ip_configuration { - name = "ingress-ipv4" + name = "frontend-ipv4" } } @@ -192,6 +205,6 @@ resource "azurerm_lb_outbound_rule" "outbound-ipv6" { loadbalancer_id = azurerm_lb.cluster.id backend_address_pool_id = azurerm_lb_backend_address_pool.worker-ipv6.id frontend_ip_configuration { - name = "ingress-ipv6" + name = "frontend-ipv6" } } diff --git a/azure/fedora-coreos/kubernetes/outputs.tf b/azure/fedora-coreos/kubernetes/outputs.tf index 0182bd56..7559b25e 100644 --- a/azure/fedora-coreos/kubernetes/outputs.tf +++ b/azure/fedora-coreos/kubernetes/outputs.tf @@ -6,12 +6,12 @@ output "kubeconfig-admin" { # Outputs for Kubernetes Ingress output "ingress_static_ipv4" { - value = azurerm_public_ip.ingress-ipv4.ip_address + value = azurerm_public_ip.frontend-ipv4.ip_address description = "IPv4 address of the load balancer for distributing traffic to Ingress controllers" } output "ingress_static_ipv6" { - value = azurerm_public_ip.ingress-ipv6.ip_address + value = azurerm_public_ip.frontend-ipv6.ip_address description = "IPv6 address of the load balancer for distributing traffic to Ingress controllers" } diff --git a/azure/flatcar-linux/kubernetes/controllers.tf b/azure/flatcar-linux/kubernetes/controllers.tf index 31ffd863..56a352ef 100644 --- a/azure/flatcar-linux/kubernetes/controllers.tf +++ b/azure/flatcar-linux/kubernetes/controllers.tf @@ -14,16 +14,14 @@ locals { # Discrete DNS records for each controller's private IPv4 for etcd usage resource "azurerm_dns_a_record" "etcds" { - count = var.controller_count - resource_group_name = var.dns_zone_group + count = var.controller_count # DNS Zone name where record should be created - zone_name = var.dns_zone - + zone_name = var.dns_zone + resource_group_name = var.dns_zone_group # DNS record name = format("%s-etcd%d", var.cluster_name, count.index) ttl = 300 - # private IPv4 address for etcd records = [azurerm_network_interface.controllers[count.index].private_ip_address] } @@ -156,13 +154,21 @@ resource "azurerm_network_interface_security_group_association" "controllers" { network_security_group_id = azurerm_network_security_group.controller.id } -# Associate controller network interface with controller backend address pool -resource "azurerm_network_interface_backend_address_pool_association" "controllers" { +# Associate controller network interface with controller backend address pools +resource "azurerm_network_interface_backend_address_pool_association" "controllers-ipv4" { count = var.controller_count network_interface_id = azurerm_network_interface.controllers[count.index].id ip_configuration_name = "ipv4" - backend_address_pool_id = azurerm_lb_backend_address_pool.controller.id + backend_address_pool_id = azurerm_lb_backend_address_pool.controller-ipv4.id +} + +resource "azurerm_network_interface_backend_address_pool_association" "controllers-ipv6" { + count = var.controller_count + + network_interface_id = azurerm_network_interface.controllers[count.index].id + ip_configuration_name = "ipv6" + backend_address_pool_id = azurerm_lb_backend_address_pool.controller-ipv6.id } # Flatcar Linux controllers diff --git a/azure/flatcar-linux/kubernetes/lb.tf b/azure/flatcar-linux/kubernetes/lb.tf index b3d6bc0c..d98e394f 100644 --- a/azure/flatcar-linux/kubernetes/lb.tf +++ b/azure/flatcar-linux/kubernetes/lb.tf @@ -1,30 +1,30 @@ -# DNS record for the apiserver load balancer +# DNS A record for the apiserver load balancer resource "azurerm_dns_a_record" "apiserver" { - resource_group_name = var.dns_zone_group - # DNS Zone name where record should be created - zone_name = var.dns_zone - + zone_name = var.dns_zone + resource_group_name = var.dns_zone_group # DNS record name = var.cluster_name ttl = 300 - # IPv4 address of apiserver load balancer - records = [azurerm_public_ip.apiserver-ipv4.ip_address] + records = [azurerm_public_ip.frontend-ipv4.ip_address] } -# Static IPv4 address for the apiserver frontend -resource "azurerm_public_ip" "apiserver-ipv4" { - name = "${var.cluster_name}-apiserver-ipv4" - resource_group_name = azurerm_resource_group.cluster.name - location = var.location - sku = "Standard" - allocation_method = "Static" +# DNS AAAA record for the apiserver load balancer +resource "azurerm_dns_aaaa_record" "apiserver" { + # DNS Zone name where record should be created + zone_name = var.dns_zone + resource_group_name = var.dns_zone_group + # DNS record + name = var.cluster_name + ttl = 300 + # IPv6 address of apiserver load balancer + records = [azurerm_public_ip.frontend-ipv6.ip_address] } -# Static IPv4 address for the ingress frontend -resource "azurerm_public_ip" "ingress-ipv4" { - name = "${var.cluster_name}-ingress-ipv4" +# Static IPv4 address for the load balancer +resource "azurerm_public_ip" "frontend-ipv4" { + name = "${var.cluster_name}-frontend-ipv4" resource_group_name = azurerm_resource_group.cluster.name location = var.location ip_version = "IPv4" @@ -32,8 +32,8 @@ resource "azurerm_public_ip" "ingress-ipv4" { allocation_method = "Static" } -# Static IPv6 address for the ingress frontend -resource "azurerm_public_ip" "ingress-ipv6" { +# Static IPv6 address for the load balancer +resource "azurerm_public_ip" "frontend-ipv6" { name = "${var.cluster_name}-ingress-ipv6" resource_group_name = azurerm_resource_group.cluster.name location = var.location @@ -50,38 +50,46 @@ resource "azurerm_lb" "cluster" { sku = "Standard" frontend_ip_configuration { - name = "apiserver" - public_ip_address_id = azurerm_public_ip.apiserver-ipv4.id + name = "frontend-ipv4" + public_ip_address_id = azurerm_public_ip.frontend-ipv4.id } frontend_ip_configuration { - name = "ingress-ipv4" - public_ip_address_id = azurerm_public_ip.ingress-ipv4.id - } - - frontend_ip_configuration { - name = "ingress-ipv6" - public_ip_address_id = azurerm_public_ip.ingress-ipv6.id + name = "frontend-ipv6" + public_ip_address_id = azurerm_public_ip.frontend-ipv6.id } } -resource "azurerm_lb_rule" "apiserver" { - name = "apiserver" +resource "azurerm_lb_rule" "apiserver-ipv4" { + name = "apiserver-ipv4" loadbalancer_id = azurerm_lb.cluster.id - frontend_ip_configuration_name = "apiserver" + frontend_ip_configuration_name = "frontend-ipv4" disable_outbound_snat = true protocol = "Tcp" frontend_port = 6443 backend_port = 6443 - backend_address_pool_ids = [azurerm_lb_backend_address_pool.controller.id] + backend_address_pool_ids = [azurerm_lb_backend_address_pool.controller-ipv4.id] + probe_id = azurerm_lb_probe.apiserver.id +} + +resource "azurerm_lb_rule" "apiserver-ipv6" { + name = "apiserver-ipv6" + loadbalancer_id = azurerm_lb.cluster.id + frontend_ip_configuration_name = "frontend-ipv6" + disable_outbound_snat = true + + protocol = "Tcp" + frontend_port = 6443 + backend_port = 6443 + backend_address_pool_ids = [azurerm_lb_backend_address_pool.controller-ipv6.id] probe_id = azurerm_lb_probe.apiserver.id } resource "azurerm_lb_rule" "ingress-http-ipv4" { name = "ingress-http-ipv4" loadbalancer_id = azurerm_lb.cluster.id - frontend_ip_configuration_name = "ingress-ipv4" + frontend_ip_configuration_name = "frontend-ipv4" disable_outbound_snat = true protocol = "Tcp" @@ -94,7 +102,7 @@ resource "azurerm_lb_rule" "ingress-http-ipv4" { resource "azurerm_lb_rule" "ingress-https-ipv4" { name = "ingress-https-ipv4" loadbalancer_id = azurerm_lb.cluster.id - frontend_ip_configuration_name = "ingress-ipv4" + frontend_ip_configuration_name = "frontend-ipv4" disable_outbound_snat = true protocol = "Tcp" @@ -107,7 +115,7 @@ resource "azurerm_lb_rule" "ingress-https-ipv4" { resource "azurerm_lb_rule" "ingress-http-ipv6" { name = "ingress-http-ipv6" loadbalancer_id = azurerm_lb.cluster.id - frontend_ip_configuration_name = "ingress-ipv6" + frontend_ip_configuration_name = "frontend-ipv6" disable_outbound_snat = true protocol = "Tcp" @@ -120,7 +128,7 @@ resource "azurerm_lb_rule" "ingress-http-ipv6" { resource "azurerm_lb_rule" "ingress-https-ipv6" { name = "ingress-https-ipv6" loadbalancer_id = azurerm_lb.cluster.id - frontend_ip_configuration_name = "ingress-ipv6" + frontend_ip_configuration_name = "frontend-ipv6" disable_outbound_snat = true protocol = "Tcp" @@ -133,8 +141,13 @@ resource "azurerm_lb_rule" "ingress-https-ipv6" { # Backend Address Pools # Address pool of controllers -resource "azurerm_lb_backend_address_pool" "controller" { - name = "controller" +resource "azurerm_lb_backend_address_pool" "controller-ipv4" { + name = "controller-ipv4" + loadbalancer_id = azurerm_lb.cluster.id +} + +resource "azurerm_lb_backend_address_pool" "controller-ipv6" { + name = "controller-ipv6" loadbalancer_id = azurerm_lb.cluster.id } @@ -182,7 +195,7 @@ resource "azurerm_lb_outbound_rule" "outbound-ipv4" { loadbalancer_id = azurerm_lb.cluster.id backend_address_pool_id = azurerm_lb_backend_address_pool.worker-ipv4.id frontend_ip_configuration { - name = "ingress-ipv4" + name = "frontend-ipv4" } } @@ -192,6 +205,6 @@ resource "azurerm_lb_outbound_rule" "outbound-ipv6" { loadbalancer_id = azurerm_lb.cluster.id backend_address_pool_id = azurerm_lb_backend_address_pool.worker-ipv6.id frontend_ip_configuration { - name = "ingress-ipv6" + name = "frontend-ipv6" } } diff --git a/azure/flatcar-linux/kubernetes/outputs.tf b/azure/flatcar-linux/kubernetes/outputs.tf index 0182bd56..7559b25e 100644 --- a/azure/flatcar-linux/kubernetes/outputs.tf +++ b/azure/flatcar-linux/kubernetes/outputs.tf @@ -6,12 +6,12 @@ output "kubeconfig-admin" { # Outputs for Kubernetes Ingress output "ingress_static_ipv4" { - value = azurerm_public_ip.ingress-ipv4.ip_address + value = azurerm_public_ip.frontend-ipv4.ip_address description = "IPv4 address of the load balancer for distributing traffic to Ingress controllers" } output "ingress_static_ipv6" { - value = azurerm_public_ip.ingress-ipv6.ip_address + value = azurerm_public_ip.frontend-ipv6.ip_address description = "IPv6 address of the load balancer for distributing traffic to Ingress controllers" } From 0d10d180f8c1157876fc8395435fa52cf61bf981 Mon Sep 17 00:00:00 2001 From: Dalton Hubble Date: Tue, 9 Jul 2024 07:53:41 -0700 Subject: [PATCH 069/132] Change worker node pools from uniform to flexible orchestration mode * Use flexible orchestration mode. Azure has started to recommend this mode because it allows interacting with VMSS instances like regular VMs via the CLI or via the Azure Portal * Add options to allow workers nodes to use ephemeral local disks * Add `controller_disk_type` and `controller_disk_size` variables * Add `worker_disk_type`, `worker_disk_size`, and `worker_ephemeral_disk` variables --- CHANGES.md | 8 ++ azure/fedora-coreos/kubernetes/controllers.tf | 4 +- azure/fedora-coreos/kubernetes/variables.tf | 45 ++++++++--- azure/fedora-coreos/kubernetes/workers.tf | 11 ++- .../kubernetes/workers/variables.tf | 18 +++++ .../kubernetes/workers/workers.tf | 67 +++++++-------- azure/flatcar-linux/kubernetes/controllers.tf | 4 +- azure/flatcar-linux/kubernetes/variables.tf | 76 ++++++++++++------ azure/flatcar-linux/kubernetes/workers.tf | 11 ++- .../kubernetes/workers/variables.tf | 18 +++++ .../kubernetes/workers/workers.tf | 65 +++++++-------- docs/img/typhoon-azure-load-balancing.png | Bin 39794 -> 83933 bytes 12 files changed, 206 insertions(+), 121 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index e2a40194..7d1e5129 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -18,6 +18,10 @@ Notable changes between versions. * Configure worker nodes to use outbound rules and the load balancer for SNAT * Extend network security rules to allow IPv6 traffic, analogous to IPv4 * Rename `region` variable to `location` to align with Azure platform conventions ([#1469](https://github.com/poseidon/typhoon/pull/1469)) +* Change worker pools from uniform to flexible orchestration mode ([#1473](https://github.com/poseidon/typhoon/pull/1473)) +* Add options to allow workers nodes to use ephemeral local disks ([#1473](https://github.com/poseidon/typhoon/pull/1473)) + * Add `controller_disk_type` and `controller_disk_size` variables + * Add `worker_disk_type`, `worker_disk_size`, and `worker_ephemeral_disk` variables * Reduce the number of public IPv4 addresses needed for the Azure load balancer ([#1470](https://github.com/poseidon/typhoon/pull/1470)) ```diff @@ -30,6 +34,10 @@ module "cluster" { + network_cidr = { + ipv4 = ["10.0.0.0/16"] + } + + # optional ++ controller_disk_type = "StandardSSD_LRS" ++ worker_ephemeral_disk = true } ``` diff --git a/azure/fedora-coreos/kubernetes/controllers.tf b/azure/fedora-coreos/kubernetes/controllers.tf index dab74257..5c4a0cfb 100644 --- a/azure/fedora-coreos/kubernetes/controllers.tf +++ b/azure/fedora-coreos/kubernetes/controllers.tf @@ -44,9 +44,9 @@ resource "azurerm_linux_virtual_machine" "controllers" { source_image_id = var.os_image os_disk { name = "${var.cluster_name}-controller-${count.index}" + storage_account_type = var.controller_disk_type + disk_size_gb = var.controller_disk_size caching = "None" - disk_size_gb = var.disk_size - storage_account_type = "Premium_LRS" } # network diff --git a/azure/fedora-coreos/kubernetes/variables.tf b/azure/fedora-coreos/kubernetes/variables.tf index a8dd877b..90323487 100644 --- a/azure/fedora-coreos/kubernetes/variables.tf +++ b/azure/fedora-coreos/kubernetes/variables.tf @@ -22,41 +22,66 @@ variable "dns_zone_group" { # instances +variable "os_image" { + type = string + description = "Fedora CoreOS image for instances" +} + + variable "controller_count" { type = number description = "Number of controllers (i.e. masters)" default = 1 } -variable "worker_count" { - type = number - description = "Number of workers" - default = 1 -} - variable "controller_type" { type = string description = "Machine type for controllers (see `az vm list-skus --location centralus`)" default = "Standard_B2s" } +variable "controller_disk_type" { + type = string + description = "Type of managed disk for controller node(s)" + default = "Premium_LRS" +} + +variable "controller_disk_size" { + type = number + description = "Size of the managed disk in GB for controller node(s)" + default = 30 +} + +variable "worker_count" { + type = number + description = "Number of workers" + default = 1 +} + variable "worker_type" { type = string description = "Machine type for workers (see `az vm list-skus --location centralus`)" default = "Standard_D2as_v5" } -variable "os_image" { +variable "worker_disk_type" { type = string - description = "Fedora CoreOS image for instances" + description = "Type of managed disk for worker nodes" + default = "Standard_LRS" } -variable "disk_size" { +variable "worker_disk_size" { type = number - description = "Size of the disk in GB" + description = "Size of the managed disk in GB for worker nodes" default = 30 } +variable "worker_ephemeral_disk" { + type = bool + description = "Use ephemeral local disk instead of managed disk (requires vm_type with local storage)" + default = false +} + variable "worker_priority" { type = string description = "Set worker priority to Spot to use reduced cost surplus capacity, with the tradeoff that instances can be deallocated at any time." diff --git a/azure/fedora-coreos/kubernetes/workers.tf b/azure/fedora-coreos/kubernetes/workers.tf index 641ad226..e61ca3da 100644 --- a/azure/fedora-coreos/kubernetes/workers.tf +++ b/azure/fedora-coreos/kubernetes/workers.tf @@ -9,10 +9,13 @@ module "workers" { security_group_id = azurerm_network_security_group.worker.id backend_address_pool_ids = local.backend_address_pool_ids - worker_count = var.worker_count - vm_type = var.worker_type - os_image = var.os_image - priority = var.worker_priority + worker_count = var.worker_count + vm_type = var.worker_type + os_image = var.os_image + disk_type = var.worker_disk_type + disk_size = var.worker_disk_size + ephemeral_disk = var.worker_ephemeral_disk + priority = var.worker_priority # configuration kubeconfig = module.bootstrap.kubeconfig-kubelet diff --git a/azure/fedora-coreos/kubernetes/workers/variables.tf b/azure/fedora-coreos/kubernetes/workers/variables.tf index f009a8c8..d1f2d791 100644 --- a/azure/fedora-coreos/kubernetes/workers/variables.tf +++ b/azure/fedora-coreos/kubernetes/workers/variables.tf @@ -52,6 +52,24 @@ variable "os_image" { description = "Fedora CoreOS image for instances" } +variable "disk_type" { + type = string + description = "Type of managed disk" + default = "Standard_LRS" +} + +variable "disk_size" { + type = number + description = "Size of the managed disk in GB" + default = 30 +} + +variable "ephemeral_disk" { + type = bool + description = "Use ephemeral local disk instead of managed disk (requires vm_type with local storage)" + default = false +} + variable "priority" { type = string description = "Set priority to Spot to use reduced cost surplus capacity, with the tradeoff that instances can be evicted at any time." diff --git a/azure/fedora-coreos/kubernetes/workers/workers.tf b/azure/fedora-coreos/kubernetes/workers/workers.tf index ae20c4ff..9cfa3058 100644 --- a/azure/fedora-coreos/kubernetes/workers/workers.tf +++ b/azure/fedora-coreos/kubernetes/workers/workers.tf @@ -3,21 +3,29 @@ locals { } # Workers scale set -resource "azurerm_linux_virtual_machine_scale_set" "workers" { - name = "${var.name}-worker" - resource_group_name = var.resource_group_name - location = var.location - sku = var.vm_type - instances = var.worker_count - # instance name prefix for instances in the set - computer_name_prefix = "${var.name}-worker" - single_placement_group = false +resource "azurerm_orchestrated_virtual_machine_scale_set" "workers" { + name = "${var.name}-worker" + resource_group_name = var.resource_group_name + location = var.location + platform_fault_domain_count = 1 + sku_name = var.vm_type + instances = var.worker_count # storage - source_image_id = var.os_image + encryption_at_host_enabled = true + source_image_id = var.os_image os_disk { - storage_account_type = "Standard_LRS" - caching = "ReadWrite" + storage_account_type = var.disk_type + disk_size_gb = var.disk_size + caching = "ReadOnly" + # Optionally, use the ephemeral disk of the instance type (support varies) + dynamic "diff_disk_settings" { + for_each = var.ephemeral_disk ? [1] : [] + content { + option = "Local" + placement = "ResourceDisk" + } + } } # network @@ -44,20 +52,24 @@ resource "azurerm_linux_virtual_machine_scale_set" "workers" { } # boot - custom_data = base64encode(data.ct_config.worker.rendered) + user_data_base64 = base64encode(data.ct_config.worker.rendered) boot_diagnostics { # defaults to a managed storage account } # Azure requires an RSA admin_ssh_key - admin_username = "core" - admin_ssh_key { - username = "core" - public_key = local.azure_authorized_key + os_profile { + linux_configuration { + admin_username = "core" + admin_ssh_key { + username = "core" + public_key = local.azure_authorized_key + } + computer_name_prefix = "${var.name}-worker" + } } # lifecycle - upgrade_mode = "Manual" # eviction policy may only be set when priority is Spot priority = var.priority eviction_policy = var.priority == "Spot" ? "Delete" : null @@ -66,25 +78,6 @@ resource "azurerm_linux_virtual_machine_scale_set" "workers" { } } -# Scale up or down to maintain desired number, tolerating deallocations. -resource "azurerm_monitor_autoscale_setting" "workers" { - name = "${var.name}-maintain-desired" - resource_group_name = var.resource_group_name - location = var.location - # autoscale - enabled = true - target_resource_id = azurerm_linux_virtual_machine_scale_set.workers.id - - profile { - name = "default" - capacity { - minimum = var.worker_count - default = var.worker_count - maximum = var.worker_count - } - } -} - # Fedora CoreOS worker data "ct_config" "worker" { content = templatefile("${path.module}/butane/worker.yaml", { diff --git a/azure/flatcar-linux/kubernetes/controllers.tf b/azure/flatcar-linux/kubernetes/controllers.tf index 56a352ef..a4e11729 100644 --- a/azure/flatcar-linux/kubernetes/controllers.tf +++ b/azure/flatcar-linux/kubernetes/controllers.tf @@ -49,9 +49,9 @@ resource "azurerm_linux_virtual_machine" "controllers" { # storage os_disk { name = "${var.cluster_name}-controller-${count.index}" + storage_account_type = var.controller_disk_type + disk_size_gb = var.controller_disk_size caching = "None" - disk_size_gb = var.disk_size - storage_account_type = "Premium_LRS" } # Flatcar Container Linux diff --git a/azure/flatcar-linux/kubernetes/variables.tf b/azure/flatcar-linux/kubernetes/variables.tf index 57a4e3d3..232331c4 100644 --- a/azure/flatcar-linux/kubernetes/variables.tf +++ b/azure/flatcar-linux/kubernetes/variables.tf @@ -22,30 +22,6 @@ variable "dns_zone_group" { # instances -variable "controller_count" { - type = number - description = "Number of controllers (i.e. masters)" - default = 1 -} - -variable "worker_count" { - type = number - description = "Number of workers" - default = 1 -} - -variable "controller_type" { - type = string - description = "Machine type for controllers (see `az vm list-skus --location centralus`)" - default = "Standard_B2s" -} - -variable "worker_type" { - type = string - description = "Machine type for workers (see `az vm list-skus --location centralus`)" - default = "Standard_D2as_v5" -} - variable "os_image" { type = string description = "Channel for a Container Linux derivative (flatcar-stable, flatcar-beta, flatcar-alpha)" @@ -57,12 +33,60 @@ variable "os_image" { } } -variable "disk_size" { +variable "controller_count" { type = number - description = "Size of the disk in GB" + description = "Number of controllers (i.e. masters)" + default = 1 +} + +variable "controller_type" { + type = string + description = "Machine type for controllers (see `az vm list-skus --location centralus`)" + default = "Standard_B2s" +} + +variable "controller_disk_type" { + type = string + description = "Type of managed disk for controller node(s)" + default = "Premium_LRS" +} + +variable "controller_disk_size" { + type = number + description = "Size of the managed disk in GB for controller node(s)" default = 30 } +variable "worker_count" { + type = number + description = "Number of workers" + default = 1 +} + +variable "worker_type" { + type = string + description = "Machine type for workers (see `az vm list-skus --location centralus`)" + default = "Standard_D2as_v5" +} + +variable "worker_disk_type" { + type = string + description = "Type of managed disk for worker nodes" + default = "Standard_LRS" +} + +variable "worker_disk_size" { + type = number + description = "Size of the managed disk in GB for worker nodes" + default = 30 +} + +variable "worker_ephemeral_disk" { + type = bool + description = "Use ephemeral local disk instead of managed disk (requires vm_type with local storage)" + default = false +} + variable "worker_priority" { type = string description = "Set worker priority to Spot to use reduced cost surplus capacity, with the tradeoff that instances can be deallocated at any time." diff --git a/azure/flatcar-linux/kubernetes/workers.tf b/azure/flatcar-linux/kubernetes/workers.tf index cd60d447..c9c492a1 100644 --- a/azure/flatcar-linux/kubernetes/workers.tf +++ b/azure/flatcar-linux/kubernetes/workers.tf @@ -9,10 +9,13 @@ module "workers" { security_group_id = azurerm_network_security_group.worker.id backend_address_pool_ids = local.backend_address_pool_ids - worker_count = var.worker_count - vm_type = var.worker_type - os_image = var.os_image - priority = var.worker_priority + worker_count = var.worker_count + vm_type = var.worker_type + os_image = var.os_image + disk_type = var.worker_disk_type + disk_size = var.worker_disk_size + ephemeral_disk = var.worker_ephemeral_disk + priority = var.worker_priority # configuration kubeconfig = module.bootstrap.kubeconfig-kubelet diff --git a/azure/flatcar-linux/kubernetes/workers/variables.tf b/azure/flatcar-linux/kubernetes/workers/variables.tf index 6fc2fab8..67a13d85 100644 --- a/azure/flatcar-linux/kubernetes/workers/variables.tf +++ b/azure/flatcar-linux/kubernetes/workers/variables.tf @@ -58,6 +58,24 @@ variable "os_image" { } } +variable "disk_type" { + type = string + description = "Type of managed disk" + default = "Standard_LRS" +} + +variable "disk_size" { + type = number + description = "Size of the managed disk in GB" + default = 30 +} + +variable "ephemeral_disk" { + type = bool + description = "Use ephemeral local disk instead of managed disk (requires vm_type with local storage)" + default = false +} + variable "priority" { type = string description = "Set priority to Spot to use reduced cost surplus capacity, with the tradeoff that instances can be evicted at any time." diff --git a/azure/flatcar-linux/kubernetes/workers/workers.tf b/azure/flatcar-linux/kubernetes/workers/workers.tf index fbd109fc..0d0d22e4 100644 --- a/azure/flatcar-linux/kubernetes/workers/workers.tf +++ b/azure/flatcar-linux/kubernetes/workers/workers.tf @@ -8,20 +8,28 @@ locals { } # Workers scale set -resource "azurerm_linux_virtual_machine_scale_set" "workers" { - name = "${var.name}-worker" - resource_group_name = var.resource_group_name - location = var.location - sku = var.vm_type - instances = var.worker_count - # instance name prefix for instances in the set - computer_name_prefix = "${var.name}-worker" - single_placement_group = false +resource "azurerm_orchestrated_virtual_machine_scale_set" "workers" { + name = "${var.name}-worker" + resource_group_name = var.resource_group_name + location = var.location + platform_fault_domain_count = 1 + sku_name = var.vm_type + instances = var.worker_count # storage + encryption_at_host_enabled = true os_disk { - storage_account_type = "Standard_LRS" - caching = "ReadWrite" + storage_account_type = var.disk_type + disk_size_gb = var.disk_size + caching = "ReadOnly" + # Optionally, use the ephemeral disk of the instance type (support varies) + dynamic "diff_disk_settings" { + for_each = var.ephemeral_disk ? [1] : [] + content { + option = "Local" + placement = "ResourceDisk" + } + } } # Flatcar Container Linux @@ -65,20 +73,24 @@ resource "azurerm_linux_virtual_machine_scale_set" "workers" { } # boot - custom_data = base64encode(data.ct_config.worker.rendered) + user_data_base64 = base64encode(data.ct_config.worker.rendered) boot_diagnostics { # defaults to a managed storage account } # Azure requires an RSA admin_ssh_key - admin_username = "core" - admin_ssh_key { - username = "core" - public_key = local.azure_authorized_key + os_profile { + linux_configuration { + admin_username = "core" + admin_ssh_key { + username = "core" + public_key = local.azure_authorized_key + } + computer_name_prefix = "${var.name}-worker" + } } # lifecycle - upgrade_mode = "Manual" # eviction policy may only be set when priority is Spot priority = var.priority eviction_policy = var.priority == "Spot" ? "Delete" : null @@ -87,25 +99,6 @@ resource "azurerm_linux_virtual_machine_scale_set" "workers" { } } -# Scale up or down to maintain desired number, tolerating deallocations. -resource "azurerm_monitor_autoscale_setting" "workers" { - name = "${var.name}-maintain-desired" - resource_group_name = var.resource_group_name - location = var.location - # autoscale - enabled = true - target_resource_id = azurerm_linux_virtual_machine_scale_set.workers.id - - profile { - name = "default" - capacity { - minimum = var.worker_count - default = var.worker_count - maximum = var.worker_count - } - } -} - # Flatcar Linux worker data "ct_config" "worker" { content = templatefile("${path.module}/butane/worker.yaml", { diff --git a/docs/img/typhoon-azure-load-balancing.png b/docs/img/typhoon-azure-load-balancing.png index 0d227f7a4311758104ba0265c7e9541903d77f62..beb532e1316837750ea9787f9eae99d2bd1e0565 100644 GIT binary patch literal 83933 zcmd?Rdpy(q|35ybNQFvq6_ZO{k(|27X%0~omqRG!uqnBUHD|J6NSacuqlFBKkyyIS zsTo45kz-coeAsBsY349Czt=ikhxhya`Fw8Q+wJ%L9s6T9ueLp(kLTn3cs?HYU2}G{ z-6Xw38UzAuI(GE13kW130s@I!ORWR`=VK?%tpe8Q<^}%|VxcFx&5kN2?P@SBV zNP>x#rSNai{~NzDp(Vb`t{605T^hxz2v#|5F*NHKK9?q)JU8|$lyOSmVO-0DakE18 z$Kio5xWzAolnyFo7w7Fs<{ZGiBV?g@!@$csS^v%hLF7%UyM){TDT=BN(aXd`puZ=@ zf<=~C#9FYJrGtCb@8^7}KTdzVQWonLaOg=d z$G?Sym|(B=UmD!zL|cFuc(aiLPg^OeuiIVK4Uj5${!S$0x^2I|N6a%TjlsobW>%Jf zHmHc7)TSn+O9GpTq9x-+H1^TdUW3K*3lcoj~L^~#>ZT} zV(Vw4h}?s|J`*eCn)!!dIZ;vJF7c{2c8HohoGUPs@IXJaDN387l|c?@J8s2z23SXQ z=l6E#KQPYgN;naq>diVZF4tZ$IvVOZ;&&^dAXO`9X9WRSq(!^Nu8QRw&{7V;9uaKC z7vg`Y;+aM{-CN02d8?*&hujaLp4G+8CXFu2{U_y4J#|la8uQcMMoJSaP4&C0B>L2m z9irFAA&*X2J7MYhW$#fpdYU=26O8xYL}THErm2i6Gs8E$%B8Fu_dhr zSZv3J&PSHChOz!M5E~g0dy!NXV(k{E$rDlID%~@PG z*xi%y5l=g7h#rL_)vz6m8`ps}@;^zm9t*u&rG?-SzzCG~3W@@|{>2@Xt&^yjSD$PkA zbH@X(2zlKV!&mz`Bo@x;`_uTZK&|Um?O$pO?rg%wyQ=38*)^%UEA=zrG>z`g(TJ@4 zrpXaq2ljHaUO3&)k)0lI@}Y-wjnH4N?dm^&!O)FbKdh{yN8%cuQr~UBZtEoy0EZKaJB;N~-(+UthUw zEhC-eqEj{al^dY&Js4$q>G6mkF$xs5LBdh{+k2pOhrc^9(8gP!Z-EJo0im(69R}d)ihsA@|{a`$>;CJ`(zjML&M!Juk)qS^rr7hk) zK_toQr=o9!%E^Ng9|wsEAL6%O7WMgU9`W^!U@K?Pjcb%mUmqN$q~rBED!v8Y^@l`s zf8ibc`i7CJI_UM`!Ea%Guee0r!wLG=H-@fcgA}*M?)>`j2-w8;+a{UIE6sDQ&7nuT zh^4=KE_Sm*#msj7xrRyDL%eyTrg(HwLmAX_G5jIVD==H~&t)yo%XFbcKA!O)7Dw~w z^JQOlY?kuz{^#5E{bx*q?1y{z5~5jdwh_dLH(P)2+cy!-GAT0}TW=}(=SkwJGoLrp^ zsghNpt}y9qkKQ*}_AAh=srhR)o92yL?Xf9t(?$MhW%9<}Tllp#l%S~j_jFrw8%^^D z$JsOwc_A7F#spi;97PX^DsK47or#t+DCKzLqb>!zaaZHDrOV`7mdmFMF&@>h1l(n7 z8vLhXW;1+1`XfYzZ=h503bL*LR((!lSpx?_#PoPpkd)_Zud65|nqsb`6FwW&b%kT4 z=MPjCWUkGw*7mmb<*Q6LBf-$NPDq)9zBlK>r>k{lOU4_0_J5Ug_OF=9No(@uCoUj$ z+Ld^{E1?ApRCQbZ$tSu_U7X~XzYS+zE+Ippk!_||8!PPY@TCdl1*A;QQfXip=gk?_=Mt#Er=Y*_b3J+05Ca9+nWy^>VGlV{=@#x$ z)aZK2`!H3(N#*_cj8_}Axcc;?w&CSSuUhgAX+>Wn50COwp;8YkGJERT=}w*pwP1mZ zcab2^A*N=0X}eJMg$l!Q*0^eaazk1G;REA%&=%S4BV4Y`gP#QncTP2`4WHdP5*hpQ zpp~{{FosD-^7SttXE$569~$a3Swba}5PJjNIkW0-6i=bf`GVI^bRLi$>gc-!x{>tN z%)%MEnHVRTinG~c?ONCZ&Sa6X_>Elp;WH2NO&dAt6u7mfjxQ9fa$5->WU55XVGJXy zRi^1-)X}+0p9`6r{Pd|05^oz;E3Ui!tGTwPHH3qA`QLx! zw5ca{1kP&;p4P4DrmFhHT!ci>)aJso0yUjEvc3~Uo7eumF3%ZtE$s2GM6>?kQwXF| z$t0x`?BS$k3(+!>Op}>$Gb~A*qWShOxL6Vp1qW9RuhRq^$ZD>7dh;-{w-eYoRON3w z&zo4zl`R!jn;RHhJ&8O#sM;Ok!(jD}!zLnbGjGGE(yydBWpW`gS~XGW&r`K-iFfk_ zMgDqZQ-~7>Wi;gKtwp#_vyNz091~D(c*6 z^KrL?yZNT4=D4%+S2cWGK@U`-r7BJs-ny>p)N(VCW>m{F~!OJ0!$3Kvj4xpg<&12=c4fEl(cK$oxdNM^ITmJNd@vS~r zlxCv-bVHzniE?sLkiUFs#vv&w2>5TGH~P&O`n{Ed{BLeu zZi|nBUN{g~#xGOG__jIDfiS?`2dl*lz4DmDL`f&jRcGrU*N&^-rz-$&^hv2yK2IGD zTVDsCQYmcnS&8x%n`-21aSs7+K1-JMI<-NPYMHcR`}x<8=1^L^X-J%XtT5PWj)*Dr zysAIoJS@1w+gOgJ84Nl04Z5fRMPc3brMe_i@bissm2pqZ6WOB?n<}?1R&+}O_WJy1 z^WZaDO8dpO{ny(`)bbbT7?rry*@mn*LE5y*D5~^Ax?PdWPFk7kD?#kepxQsciQpNs zRz4O|+4_Ilr^u58y+MulqV!T%z@V}9y;I%_^ z-xtoC8dw~ks|Z5TwQv5ipENwzAZzicmp6*Fn6p+WjT?MTpROWit3aj`{*@P@^?9m3 zC5tpzT

uRmW*~;E~79{AQM5x^_*V-%8kc9*IJ%?Q?dE-uIL^-UJ^&Pwk(unMKO_ z#7+ej$^x~L&k>=Rj818vl4d+R>7<%rJL7+DNVv*m^%_tynmZJ+D(_wDej2sg6~*=cS-J3rPWtWw!tC}hLHg6s{TG*T$p z5cQrOWEFIsFILC<7ajC+-oSW~hca)C)b=VO4d01gcJt9-8)9ySpvc7wTnm~2&SV?r z7!rAs@$}$-;oc#whg8OAznLwlkuHn`2tKhqs<28sQtY@s~#?+YL3uAlQzqKw1%5wmX~G%8KJ z8;e>piRQ(<_mV1zf1dy&muL5O>nA0m9`y#-R9bKlup(!|4o!Wx+0X-4GX_Fwo#sb4 z#O}eHsH{YT3tt{=4PtYvdh)1`Y0u#mt}L<#3vmbyo+S0rnP6CB-{YXlR@Z4DpRD^V zG|gvdOI=aPFw)}{+-HsZuE`JMy45l^h#cvPsC{Kpk(cNX`_=i#ne2RHDgD79Fjqm$ zdK-yU_9$Aud^0a}fedT#g1NuVji8m~-DY+A&619unBUX5$AkI7BWOb^-qr)>c{Ksw zmi}rE*m20_&mAQKkn^zp;0~9fOY1B26kb*Jd)Z2+gk144*9r_o>U-z9Xe(#_vGhG^<)Z$&GyEO|> zh?oKN?leChr1;HiQ9i(E0mBXuzd^Mt4k9&DaROMR|DIagMt; zkvNWU>m>}Rn0p&yKL-}Nx48lrv zUMX~=%BVlt!<^QNQ+hZGza6mCc*w=`w2&Xj%((~`k`f6a-{3MW%l}}q6uHsM^Yi^~ zye-3Tp`f#}rMhhq?$Jjq=8i0!O8GCTGQb#0KbEhYD7V}A;OC@6>0mKM%qhK#VRGXr zy_T>VMbUlpU3@)|ykuYqx}?bRO4T*al&<`Ut?`iMf;7xKR}A0)Trx!&-tqc`#q(8JDWNl@CGd`M;1=(4Jf?#;MEx9X&1RAWb8>3ORM~UI6XpJTwd~! zbhwiA)5bgA=0^^$J0hJor%@ukG!ml}P>9g6z1X1YJQ?2pO#b%xBn1zXDYGLCq(;pH z*`L9>94Pbq>7g%f9%yY)GlnO4+bf?&fsa6$tE+Ov++P3Uy-3gEdW0iz_R61x=|Yi; z+`NtC7ZY8$vHH%09#@v>rCAgtWbJ6|I(h|<)$0{?Pb@#m^w!6)U0VsJx+#1;n3E31 zgTh{E5^=j|yQZ1!8jXhqQs=@k>7{0C?T06486bTqMw_F44C7bK2`I+Vj*LXCj+kGg zA1#|Ma|*r9+#F$EgDiAx?c)?QvbNAZ<-i^dc<2Nb8C13k+X99SlG@MwxMG(Fmg3F8 z&e$)ViR~5bhYDm;BjVF#A4U%eLVA4L69M1T7c??)@Mb_*cHWjaE-m4~l)JZtbNY5d zQCy=O74b9>G7i+006Q;KsYEZ29C%Gnr9XAJl%2P{)O(fUjUpo{sNZhVK2blI5PMKa z?-pu4kAxUQ6g^%c#gbq(YaXm_FCLF&`H?dhrlHN*!zEMTp&45N8UwEa=^OR4q{Wz)Uu?1E{^rP7E-%P7P;Z$N9~3ADZWmRZqJ#^Vbb62-6U9_jwhng+=P1 zMQX#cw~)qBF@;^;;QglZoQTXAQ+&@j=sn@$a&I{FJjSJjIn+w{wCn+uUhA`&Oos)y zbCnM4vkW`REH~TXh()dm_>*fb2;OWMC)koHr}N%7@QS^b_`J!!GER({O3=NS-bV$F zUf_@!Li6}C_b`?36&x)sGJ0@r+;=&$T3ZfMF7k~ouel2BIB<&s>vEk@pc|9j0D;7N zaS}GDPfq!q7D=;Z9+6oJ1rfH06+n8mG4Z53i1aBrXO43wdE>IX+30~rAMG`h{E0Y+ zuGrZ~a>2`}<(mBzWm>GG%y^7veU=K58!G))YWbhQ+p_%f=V z9~B~aa|R|;9)Mu_&0xhET`!xV-Vgg~LBfnCkd^o#owsaWq`BEA>IC~P&PnNEwU)${ z-azS%oTE)-uvvSkg+kwemy}|P&8Eq+Lz(8M!k%sT#*MO`A)VAjurOs+2vezyw+}}? zeF|nC~6rbpg&ijA<$&wkIHr{zv7F~-Y(mB2}Bd3Gji8xkomzqNVM53XRmyp3_(n`g?N)h$I9EN`Ruo zE!H~2w)mcfjcP$$Y-%e%^{=E_>ui&ZFa`$5aqa%a_r0MxM;}ni_zmcqDqCMwLs5+BATjt%iSMuH#B1W;o z)&UQ5BICDCtg9H-~& zI%BUTr1sMEF=u$S;T|PmR^+yalW~|7ibaL;GJ2aNCXJah-fjXj!T!c|8$>kTevk0? z4q*FxMyGjNU53=+uTU=2f$X1~)KsBD-Am}@RL6MJrE4Qge(Gbk>kJNv1-U;^PKrMc z-xU>AGI*~C0rIhY8ExGVxwMSK-&5SWvV+zxGQXAq#ar}Wjn_IWm0XRt{oL;{p;=j@ zBnsWJdZd9;q7jv~VUX)*1s{SIv8b9YHNV^kyThGACvZWw0k#~xrxTR}N4Dh6K}vGQ z=loR4223}JyGR`vUj+Jl(~T?e!Mu9@Vs} z13IV?ImDp_c~Q#RDN1_D2EpSTD6QMjY~Sf4hg@XxAtMKSjz3he)*B@HPc81-apsFa zg`Q0B=o%f}-{#5w!0>*lRi(V`X3Q;iWh_ikehZxOfd zBiu1m`&s;=wbUsEo;2@33oD&?{ImT}jkjBHhk{iimCar!oLb$+RlML|{dpYbiN&cn z-^Mi@!oVq4C;P~wSi^BZ9Fe9nyGenRG3$%XtdhqEm0J7-`+%M&{8Mb&)x3^`K+S>3 ziKobyTKx;CmEM9`h5n{9F!H0zgDK>jfEQL+c#ALH6t8Sb0fDeXe=>3;yf^6EC4?ag7hJjmgwnSt#t2HTpw$xlJa>~6iwl`FUKf+dg?vF1W^W#uj6V59w7x;Ne z3w|~$kr(|Pk12@7>g%_72P6|24&UzS9JHBk-8M+PIc zGCz-1lT0X5L6o}ZqM9}SlMcG?i9PR?U=6!#*Y_-0k@H625Bv5VeVNyZd1|n{d`WP> zG5aI!)MHqG3UNbT=*$`jx*=8~_NS2ut*px)2i%$4fi3`a=BQ;qZn-xKcO^dWPQ3PV z_|Oimtkl8W1trGvoLp&?{u!ubzxK^%^9Q0&hrYqtuB)c>Xo9Jgv3wPx@<+|-d;WtT z*VWx>rRdc>pc5Z-?z}dw8JoK&&kzM;S{(`Uk{%eTfES;^M^%zlGBDG)rG`4M;~C50 zSBo_fEQ2I=A`sa0Y-^t_e~$RWc|K9Kc};}8{hRiC$g~~KD(0qjX06yqjD*KQp--7@ zguJ#QQZsL97Zt&1##z<5%%qa0JP~R-o|8-JE}1|Nf6RBg1GU+;y7;cxp^i1ZRW)%X z!0JAh<{Re23)xG*?BTsGnlCz$?@wtP6t@8gt@UTzcHo41E>m`BW#C?xZ%nh;I2N%D z>)g%H3o@&CR#r?KV-8+1^MU2shzw14QNzxayqR5#ZaZr>>7?@hUtxl?g#zJokQR5_{AeH%UcqSVF!|6;OhI1B3Sx0eS?XTz zES}y;G@>SW2U_&JT}|_f7$qAZ0tc4MZKtY~B{S2vTTJ5?5a5Ul_~uR)=JS24x=OQ} z{mYo+BYMZEb7+~e%DA7X(NCn$-ZY)lL5xQR ztmc>SkPl;SruqeX?`_*){%Ghyw}T<rA* zTjWP^l|j>pySf;$lmBo#5?#aLIejVUfL*L#1n@XF4$nif?!gM<2NhK&9JBd@o(|1p~VQ z2c5Q?d5^0@$+5D61G~4kSvW1iUqZ3Iice_1H78lr;!Zeu&|qeJAmPtW(}&}ysTzRf0iZN27Z28-TKSXeR~Jj<GFRwGg+AqSk>|dK z{Pvu3`=A&`whs8oM7f0*tF&5q@X4x(#X48>WS6S>oBHo^vSiT#lE)d#xSkW#AwO;9 zrSYLo$)BLiPXBFs^70ibwhyDOT+Lq*yT)qrFRh7k-df?`*8>k-`L1E&-LjX-Sx~$h zDRfcp`8j`qO#O)e>Fr`xD$cDnamg&E81)U2J!{}4NkJiqNge@)=ufV$MGA?;N<8>Z zn8VUIB4@D#K5&WrTlyuhUl3xLu(Uy6KKe8r8pgGw!{%0&%`TwZBx2Lpm^vl1O99iW zQLTJ7dBc>9&|_qvC!FbFL3T2q&MNmWNct=PHkNq9MM|A_TiLd*s+%%Q?WTNYis3q? zC@qrO=@mVDw(DS~QmDhnMVITeC39sa=6IjWac?MoUGUAF{v&ZV)J_B>E=jV3;m`0dUhVGbU3lis~@6SihA%qx-dPSlt8 z%dZV`+{&Q1m>h*#efV&jB8tdCt0S0sC=YXoHtJ-As`%kVcm9S8c}z#PnK-ekHuDnD zUEc{ZjqH+D4v3y|C=8#;rRN2Gabw!=+U~pG7_`id!gZ=wwXp73*F~XD z;%mjqJ!TJv)T}NQYfkg274$*j zd>;22na@Q}-MJkG6Gvs1l?=!(^Jnj(?yw45YT}5koJZ{$`2vai6IHI!vi0z(Af|Wl zC1K3zpSQ;J;-g*nCAln@H*WUVQuP^YW*q!gs>jGTM#z(~ivpHz391QO`GwN5&1TQh&&&ttLH1)7UrT>s@o?+PYSw@s&( z;;Ga$rIR&+`)xM;<P$h`@9{B>_fBX%BnQR04?2*v1x2tRNRcMU1*}J|~el_}S{lh_v zfITp~pHr~dgsfWe>%+J~&9l*Y!9)^%TrOB+b#C&H(w3yFv#}-f=5VM@@gMXqSZy;h zc4V@K!B!kp@njtV8m_)@Zs49TlJj}JwV-EIVWD30r-r?pPw-Z0R0c7Ef9tYSNsk5H zPPC4*SFxD4m3c8zf4p2Dr3NGDa1I^v_cnWMwb(4SPck&bEm1Z+#_q+ErS^L|&1BznsL#kl3!FUaL8$j#O|CrR3wx zy_#ja_sz!FOYW_PNou3W=3h)>y5=D&@S5Z*W~LKsn~FTpd79;i7?1FlhIGIajpJO@ z1W_hA#`J1xRdHuE?v;5+`$WV{!hOKwKPs;0JbEtq1>Vx(UyHsqQ8r}UjKUr;jKd~- zqAWV#&j;;O2P{0gQ{TeyO|AjkE~ZhkD=DxDUfGI3%r#*HC7?2whDEU#UKnE2$e>~uiUc90#5xSr>;PsJ-)c3)Yb zfqC{@&Na#N9?%b(%D)xhX-;wW)Xl8>GU)-p^yAN;LyW!FPUb4UqP$xANPEaZqfqE2 zg?Oe?mOXILwWV>#$%vDyCalGj)J5zbblkP+lo6f8GB4nw>FqESZl-g|zcFhNV<$4K z^Z^U=@%MZ%APcusV>S&x8!$YvmzZHEvnb$Xt&yL)J|!%WTaYW!l;zm9RQ+1!Ws1_` z&Um`8^%)%Wab3i$vDIX4_E2TWOjOt*zit;|o@1*gI9lUJ<)6#Yt$|pWo7NUh0O1unfB!+le1+k$x z@l`c^Fh%K&e_9!2mRefn+_{poeZZp-U%R_Irc9^o3y*$akhEL{bQT@>a&`3Y+)u1t zQp%Z!IS2O{{jEYYs9u+i-&s3mx)02wd^oTc)lc`5-`LcFfM1Cp*?biVMTUE%Hq@lM zm=)WC6Nry@P2Jrb1MiICl+%FR$IDfE(Jnw3?)>~I@C_Ur*x%)yXadDb4)Gr@XyIpf zH#huQmF}q)WM%Dy<*ft&d*;pTm9*TmgP*7C9I;K@|FDODc!q7;IMvY0TI2zfw&RsQ zMT_NH#AK}?U+z!3wK%jnK8$Y0L7(yvRH4!t?D^D=8$sW?TGKg1cpbj-n;ZNuHy`}X zsci%Qz|3H0tN}Slh1gx;nbxZnp(Hple*L2=RPWHJLqR9*51ss9`q~@H zLnvM$>&XgZh9dE=QwfV#5i>6~sf*p;--o$8Vk0(H|6{i|0}f7Y>-ja})1Lo20wL5i z9eVr$%eSv$)zt&_hrp|=_HD;*T#LPVRBdhbQG0To{eRx8jx{A0u+q`hwqWFVeJ5fQ zFNsX76`&r#Abod_(^#ATT89Se<{YAlle=37D&hyK{y9qlQ2nnf0i)uhr3ikFL{cy? zLE(vy39En-forkpFF##7UP?T}+va1TGS8~RRexI9-fsG>w?-}zxis?K7e@6fTOlk^ zyieffV`lKh(equKLeBl^dJ^iF-zC8}s z2aV}7SY1tVI=V3>c2gIi7TSPXz{$(88x$Y>b6iCzEAo^~PPvL1{~~tuNo9wJ`sy+; zp)tBnFau0?xHTLYJQ*xMj*@;D-dgjqtSOM|hOo_0O$zGeT2kP2fruP8tAV9lj`9$Rp8%K2ho zWh%T{o%=LD=hco)^cr1?0uld5VO|r}!W@x)a5n0GL$%AP?c*pJW_O8gtMNxy{&NT<>KmSNn|3ipk{=(U%RGK|EyjE1ttcTN@a{*DKeaBWb z0FTcSGj>>ffii81*VmzS&asFpz*x7=@WL-&L;wNQ7p&5Or~;VHTHTiFbjR+Ojct% ze9G;ljxBhcaVG&;qi+^E#5kU;#fs2sqq5XV%SdDmw3s^0en=17l|iUzAH{C~a?aO- z1RS$o0VsqTX~Ich?FsvVIA8*J!LRM(x;8o}wuo)(WI-P_(g-ZuBaK8Jbt&XDI)>t1#Pmnjgf2y{$D+IaTaj+Qh-FfnN4YJ2stXNI zl9Su;k+zZ#6FIp=V8)}B6-S3iN}zbk424hL)Lzkxo}d52?AE;z8_&7aJMqi&yLbzrQLgIjbf+%vR2Y?9)j#HEHk#qx~F*?oDsJ=C;mPWelH z@p)|B*usDn+f3mGHnt`R22`mcncHuK2qz~eHca>bD?>@FX$__M0-k27e>^p$X*75Z9_`?7~{nx90AuurR%}4LDzccl3$Ty80<`I z+EVVmySOf(+xi%p#bigXCoKxgWG;n&z>FQ2x#h;!(arxvfFSRb#PMa?1-M#^eEej& zl|G+%Q0ZtDzM&XW-HI@+oYN@QgM=xQrU4;i{J;ntjyi%(PZl$AaHV@3luVqRB`u7E zo0aPav~f;Vo1ZzkVeD~bjk0_IT1L;T*l)SXV&fKiO6|`vtru*9sOzKaClW{ zsCI)`HZXAAt}yU2t3rf#@-O$LC2wi$lR`_$*npek&gi4s>eE@qL$1eTF(>x{paSwb zpN(VW{UK>1*x&D`+I!LTiAJ&&m)J)wG4})20#hJX!HyRRC->t+mDXPSwNi}@%>oB2 zS8-P#ZcqJb)E72QtIa3Gu9*)esQwpXvA-bx(CQ%nCLw9xGnWfv&h7d;9Jpp4P9mpD z2)mqBb3YeOtSQ}J4p}Z8@pF;NUoP8^qrY=&Lrkub$)p9lF3%qLF|TQlYh_a*Dt>w6 zk216a+ZMx2bay-_E*_(;aVTp)_ha;aY_2)BD~kM=3jQq`uFSLN%LcjBI$n~`4Gb_H z3mD1tFOom~Eo2M}^dFbxJzHjxu|ICP*ZR7QbV%c3|2>OY!S;`hSoJFf0AN^MHy&r{Nc>(2C-t!bx`FXWt%j z^oZm5r2G|PH&sghNd2a%XHcJ*Je9wHT7JRbb4k*MYdA3QLU``ywVUM)cLdA+=)epp z+!S;PdM;SrxcU9eQ$~^<LNI`mt zIx}+HNZKnMT1R-2FNH1Fdg#&Tfa>0eV8UY*PeiuO39-~{y87{BNyB0OpviQVTs!+h zntng)$wCV@Wl#0?*{`wV*?hCS&eEm9+c?8d7QmXlSO^zF7%jDrJq?5F4O<~aqG z9r4jK938X0dcQ1imt?xAXu+3N?Tt6Ss}59EGUQFZ?z7jqLv|7R{q^25jQx_~6mMw} z?`Au-nZvoF2K@=X=olH1SX5AP)akj=-#DDf+I>9O@Ofwnys~xweii9|Xb^TftEhRSpm z0HH%qu7w&|Sh>mmUnK(0C|P61uAZot_09cmT<&iU#njZsJSAS%l7LIo10q5n;u0&p zrqkuxY2wc^WxO&j0lksO!IQk$<&dx#v-+6KdixIxxdbQm>pPRJkZ$!rap=49JF2&q z=QmWFx1#$^=Z9-nkUPmqw%r=LIkG`Z3P?WdB`;y)heE!QE#(&1tzq+KvXoB;WQD_u7=w;@rQP@zSUq|e|z&4Q)QukFm#^lyuF-U#$IVaxX`Wk1M=r}qY%=9zTlaY~YqCdwb# z_tAa13r5G~6ytmjQ|~z4q1XsdBHjmb(#_t)Kj$?KM2Vu>k1Ah{W4Pw!7Vz*ws3i}$ zf}WT>AFXt1y_0tKrdYqraAmpqAZ7a!?srR3;!uh^0oO7#d3_kF%70O%SZ&l&Juk8Q_&3o779=ewQ z4OPRqNq-A~36?+Hja}3gN;hB|S?my>J&-Cug&qiE57vBX28M+`>is3>9G!p4I4@49 z3rj%8;Qhlcg*1)uja=hD%zh<^m(N;5s-W*oHBf%YPMGU)(2q3gK7SKj>`El6H;(7$ zv+GCX6y`k);Y~rXD`Zkg4VsTYNw1Zy$*&XL{GF2yQbyv!syrcMlyTKE88nI@Zo?$+GPQblG3&2 zDK|KyA#Ydp1E7F2^W8~Cn>+Kg>-uM&hyk4DJ?V(+4cf7(a@(>)mQ@bIDc8P4P|}|umz~tanBBd)4m7?H_TlgG z4II%MYE<~x^(NPyifTRD(1A2{m~beK1D(qHSLt0GQ~+Xpr~hB8{x6~}{y`!;+R%)x z#_vA>Ff;YCaafH@hx*GrmdJJbOktIFHP}a~P=WsR8wA93$NGmz^GDlbw7)pb=Y6yQ zJ^MORC%mcuq1ff@dy{@Dv8hw^9p9uA7SG&#NxI*|NwQ>He^x_PFPhplipZQQTHChd z-wn*>S5=l#qJRV^4{d%I30y}B zj_<0BP};B1eYxsl3EsLYPen2f-mo~?eCTnf!75s?eBNT(v1JbZFF@DSq}rYRL@F5e3yz z=kTm?xaenFvzSaXzQuWMaW_k5oetE~84-~F>X4Zuq7vGdwOmd-QQ&%W+m5GE#y_bp zrB@7I8F(hB&Zlf~%Ea=`u-)DnjEV)G7l5VcfPW;>3nQS#-11!(*m;jBb{JOYY+#3B zAER)Qy%ne_N*Xt)1L5+80}KfCHWo6SiNFx8&5%#Y$?!E7v!qbz%^WQ1T$pP1h3YBy zQ_S*kT{e8(Q}vDA`jQEZmDXIrS)YQ(<*BJ**jERwVDIsZ@P{ncK4jTcdbxb4clCbC z_QLCwE0u@8A}s1VIY(KcRNZ#YY1dN%z#IRiT9ZH^hRs(f0JGUQEE7Dye1#O-vhL5` zuMjOs!GVUfj{37ost=t~GCaW!w1WHgw#+ZrzFx}-@fdbzYIwdIM}t1#zHQ2TbqMCO z6olTC(IuSn^>jvouLVY%X>YRE2}z+0AN(*IdE;-o1HQS+L3bqAK>;8O=*Bm1J@}aj zC(ZnVe=)uJRen5_5WP>`tz#|kIMm#)hmg#GiR&bJnHTG0E$73v?oFk@wj`$>0-6y` zobJ&BN$Jv0x>KihwCrz|KluD~6IN<}t1SR$aRHDE%S9zL+T6i?Y}aYotdb1dh>C8F zLNn}>NafR{Lcayh(KQ^S%Vm0dYy-kkICb#DtzX2Jh!n&=hKnwoHGW&OoQ({q8sVDp6(1;)k<~=c9jvAqJ^bsU z@v#1ww+Y6Sb%o`3#I#8dNbiAhewqes?+NO0x{cm`uAm)OoEX$xN6K?N#zvll{*K*u zllp8WrZ&Hc-|L|hh$U6F3dec=^oWQKB52LrjJ=g_672L(Xv+VsAds>kVA$__zhH)7gYNayE z=loyEd~Bqq(K%9$sR&lxulS$Y$M4OiUlI=f?=?PUQ0yxMZ{mJPy?i7nWi<+3=sL>0 zQ=X7`Zky!&kc5#94Qxn(VPZ6MC_M>SfYoboFI1w~^!FdJ6Loqa6KX(l74oAR;jJ zU#I>p>nIjfAH1}K;3RuftyJlwM)=$XoviB5yWra7Yf1rCjdBhQQEdf`eV}Ga7c;fU zkN%pqyT=Z~ukr)D(37%TT6FbWCEaTRku4QOljHW8&*Xn$9?xX>-BR1D1q~`C;l~i9 zbrr_!oquyq%EAnF)_kzz+CPyq|JPwh{voGCVIezvq?#!7R{u{zlKj&efh%Z|$~?8M z#)BW9ZD{U;mF!k~IlpUuhsjX)p+cEnt~=+3Tc6UCI~y%_-$MK{#*_ zo(OgwjaUd3dJ-s9f%Bpejo68#Kb=4$U~Kp4+8z@F97SLvw?JO?x=xKbW=5P&?_>PK zI!C|N2r86gi(J6b0dSb^mqwS*p7U@jo-VekiZXj1Rs5`zL@s|%1@kuWp7U598*hXj ze{aLr2$5(Hj;~Rr8c5;VZBW%W5X)XTxUxH0S`4BtpIVn=*7r=N6f!X0+ zMu=zh&Lh3$dVME4*p*lS?*_nl?VyZKPB95T?dke)9nin{(`41}Fp8t(@6}FfI$p4f6FRqeDcqJ^hZvKh zf1*)X-3I*x-7hL@OU?csjN?BePtQR{=2rAd2*|MxmE+)RTY`!%=%+Yoa1x%_;_jD3 zY@6n2_~%8i?o=#aiEd90;MaA!1B2W^4@LP$Uwp`s>ma!Po1%PzlBMqT3crQ&V(a1K8EhhgQE+*KZLz0 z0JW-S(ie^znKAe)i-fgbD<+%US{p<%t;t5%s?FLYxpr0osExyoAv?_Zhdnka!8KU5 z`UajZcVx|d2c^&yv<4k%5|^6~g8J~nT+2TE*tX2$IXW(}{@ZX3_M||sKY*V(*$Nb0 zn!IqzgaHNowiL1Aek#oxUu$Invz8@0-Y|9BY z8-(7abJ;P{L|g}bk4~16ZiJ_dK#Avnnj3|6Au}VM_GJ5^wJU3Y5##MQcXawEn#4Y5 zoKpBU$#J2$9=2c7?D?-@08P4y3eLdY&v=Objw5ua^M^4yX)a}8!)I`ia4&AKRJ7U2-2y2>xm}Nz+xcBnwdOf@fI4Sh2A!t z8-(kr=d@5=q~)UJ%2fh^M%#_N?NZ=r$>3-qu)=%mYE$S#-aX*jF?;jZ>iC`SL}D?~ zJ6AVYyqW3Z1hH~BGJN;dzHM1&>A)|5k)KLL?D#OuS$8yx|KjBz{Hi?WL zKzgc!TGS+(s9(wvfv}5di>7%gk7>Ur$q-{E-#Ctga32}`a21Y>#4 zl4HPsW=z_%UKn`%Zf6Lz?V{q_CD#MLbf+--wT4070IrZDX_&r&rsFr4f92;J$ET=u zD;)rSeyZ8+FFcF%$_SS=S4fn3Bi~(x7og@d8_0c;`9m(MdA&CYAM6ld4+{s5iB_vx zQBu6U#m1j!(=mdb%YwdCR>f-Y+tj7ytEnV1eu9ox95^l>r{o6lJ*A>4L2lOZz?_?f^J95O6^tL{+?IZ63L7Dy(xe3}TLfteN(n`TmcASI@`IL8UjoBVtx_ZDofuab%wJzS<$0*yr*6%i37!1np)W^H zg^w{){Dg|+U6j}26XE`PHTv(?jrCE;d zomOID@0oiu0KbFGqdLEclQmtf2E1WQmvjN09v7uEz09Yx$EwzwpPQK?aW@}n78sSY zYl?k8Tk2yM{cbq)Zx0Go?Mv&zP-Fkl-gM7nv66d3&k`Dj&5> z^WW_q93*sJ@(Tx^L9h_GOuvOWo(5khl#8O~R>b#swq`rm*6@xLE9&xdzUenyTyz9; zlyDdM9H9T{*wEf)r_-uFCahl(mz0W6r z%$ybXdW6jK`_->Qo?IMb{KSVGfY*=prl+T@Xq2j}^A`R9JYcb>-ZMKXOSO?$?5=k+ zC0RRNv2W=?EhJSn3C0K_1E{M>Hzf4OFz&%-8C80tX-M6r2jcdbG=)s#?$BDkMyeFq zx)A1gg6Atl=-Q^N``uLBd{RRe>)fypJI{SJ6+lRH`5tEb^pVp9n~{D3%&Y@Y1O%cY z8w~<1egfV`#-#0gERxtatM!%fpaF<+fChm)0XpiX;Rnwt&cCKk$9DeG6*aF_P%|#|-Md?LNVIr3e zCxDST@)IMoF4Fs~N~eO4b5iJ8=uwvwoy+(omESl`k8nCI&(v!|^_A-`&1rvSP~~qf z-Tg=e5u7A%%-mXi|NV(-l0Xo$2(uI7zqw%m(=D+ZIS%Z!-Iy5<;4P}s1H45QA5cZ_ z?<^7Gn%Iz_Uji5q`a6HN$W3iS#lD9YVAu{`3J6s4ELjMTUk2= z!}ma6mZuY;`A!{I-a!5<2&B(5zs|;YX2*fe@~R>FV3GULSN#{TsT*+hq(z2zta0W@)vH@Irs{y5`-0ib64%c>BxA=xSbGZo|km8RMcRv>z_5wfN@aDg=d-CbRI z{~dgBi72C`(q_866-JxW&dU)wTMvbPjFD$pJO9^UAPLek| zV`ni(qlce3nv%Ale1H878)1MGQEcjRTh}00>1-IRzLX|XXHXQTd#!Adn6uF7KDcum z>Fn8s2nWUk(%kO#6v z_4<1)8~{|Hx6dV(`-uO`^K%$k>|FNKD1tLC4TV$i#$KIk>Ir2IFG0#6D6`_F<@UaZ z>;>)wj{tRw?>7EYQVu)&1-IvJKynb}kT2a^GBHg(?@#W%ub%~!;ncY-Lhj&AetHil zadoENjyDW%X*#D^7O<&_4^v-zM4#EOO}_6uBBrCz{>Ba(`ch+|^6KDT5babZVLA#| zUNbfOqP(ushaSBu`7;sr>#DI!VumiBB}|<9I~BT;>$JJT{n0huaDm87SpO}6nBgs% znk-?|!wuVNhD zi*S`c{ym=bz22N;r6bsmWrd+~{4AjKTd@Ac(LuvAmRee~EnjIsh}IPrmqA(;t@0WNz6^;9_cD46YI> z!3mc}+zsx2o19#p`7EnBt%ehu$M>J+#VDrM&5l|R2u+jx>p01s^sZwIy5T=v@Osl< z6O1z|pLOJ7;W}?;1`<74b-2x%TnA=!W1zb8)bVa_Bg3FMTN%Dr8@Q0&?dWB~RaGRl z5BYp@wJP~yJ7OqtZ4P&F&y>)<7ABI--5|numy?MSN}{nh@K3!CfWh1bN#EngF_G^M zm)r5Pp!6FcPRvKuOnoVm;J772jtcmRsr(mzWv z0mwGRM{?R@*l#(9Mb^wlM*zqH;CCgzB=R6btg1AW2_(V4~{1 z*BwFXy8lEX4Az6n9B`9m)OVN9+106#f5*Awd$!H>5n++o%2QfxX59zTneyCAJUWynk> zw*9^`RXO_CE1mVkSZ>tT@Xanf7>#XGYvD}HmC40qnfHjMPM@|CKmeJ88dmrjaE@OM zARa2{Ax4n%>kFibRmV#`8g-Rkn0MA@bRB%zs8!36lauA}yCE~>pEpPEFrN1}y_uX? zWvq%Al$X77d$5MHv0yyPc1yq*%{bCVmi&G9R0#v0N(+s5C0JO?0ea-TKU>~7HvaI?>6^Yv5% zM|Lt6jvX-`HDQFS{5+m z=&yxOF2rwXS;TX`39Yi32wwG$#~di=+Jf(nua^%kzYl#0k8~Uv_HqB_bbK!gO>-ao zy?%;%TqhVPUyBJf=9A!lf2~ea_bQb?*$UKq7{K+k7WcEpR<;0BaiDTyN##bimV`QJ3 z-N+o?{J=U}7hbf6KXT-VZLM?3z{~wgs7rs`LU|NDkOu-y`8#;`GDACPd+4S=0&OD=*+6Ds?mB1^%T)rVeOjuoXE$CEV)+VHJYU%%G1}-V z#Ru;Z!JLt)F| zk7}w)73QRXN;?3u#0lK2me7bdppQgTVwU zYG{5pJX%))+3M8e2~eEBcw@FZoUd_3$6Vahx%ChKwefklvuTkrD^$BGFOd%Nw*H(g zRbhtq3EeS32jBR=3$1<11?2XUoSo^HSt>pRBv>&WAm0mkmEfEj@3EV z*A~~i+nclQDXboA=xO~}TvAY*%cjak)n3Pg&b~8}j>e$#%i)EB20>U>TD)?viF{U_ z5}_%@A~_AOuXumhJq?q0ajsEV zxKqG81cF*S=(ImaQ(U_LDdU=Nv|^(GNDIi7xk+QOd~ zip~sAY)^?8T>)z3+bxKWd|G(q)6g$|>V|Cb*m0I&7je529a@;0Z!+{;hOjjBJmDpf zXy%@FY+=EwrqcK5d`Bb2)9he%(*`W!C%yWrs)3g=EYi5oTBm<^SYcvhNT}|Xz7Pg7 zN}RWX9{=3KmDcq6(LslOoPCFL!nG_G;t6!Kni-VMtfV~re)TkV>||uh$y{Gnz+VP8iGIWZ6cdA2+tVLx;ZP zk33oa;9!SAF|N7FGe0K36j%r)SDgX2zO=mhdECcdV6pi}TBQLc%hY z+_o1;a}qHwhJs;IE9;o#hC(uhE^Pc2;*1Ly@MdNR3s*O@mjdLF)Xv~{3O;Ryz96g# z9+H|$C^~!HnJ=#%S6*ZqROQ(HSa`8hFJgWgUI?Nz22b@T-qFTJiLGs1CIfXyJ2YL6 z)sA#)R>nyeP+7@n-PSH=0~xyowQm z2@b2x2!4QlI3%9|n>?aQ8iuMBSC3#412e=1P6E1Nz=O}8e_oDP(j$vesM&8|67cKjH+`T-7H>y;ut~ zC67r;YxIpc$QCEt@&`(TPK0)CZe_j&J%JQ8d%{32BCU5}{O^d5*K`U6$srm=_a05X zBpZuZ&FB^;7cn0-Jbz5d_4;up;pJ|MPA=0m7k6E=*#nD>96$^tWL-Vt-0zBzd~a;J<1)Mw-^VGy$Y8C_nOi$u*$9R8!IS zVdY9Opz{g}mki&aKdYwn=f*GpX~XETHZ>XQ6X$yL(L4bxrBUn(*ou*#YBHA%2t`Y~ zj>)wG5FIqf@bcdek}yZqwY5t;$5+L;bR^QGxC*B69}RgQmELmo*6BH@!Gr-Wy>Qtu z=Y5Q~WlqNOS@)VvA*CN~17q*Pttp{G&umX@^^|+0eVEYZj{;ZdHq#_a4zM)}4~L7$ z&i;mnHTR?VKSGLC%L)Zq;d*mt10K+_iq5>!z8{3#zV2xxXs2LrJy;Co%R_kRY5KHK zqD42>ccgM$-f52Xht`QIWxU~7^RIS`DCSgJ0yHyFC->qwct3lm^DNCc)8pgv^Wf=( zNhoN>qj6i`TnRKJ{i!eaU~FJmk*hT`Hj014WT*hC*4q~9ebC4dzRN6sK7YOYz@Che z{>GWSH~$Z^Q87OAl4-`(gMM`#*-#M8qvs*`YCvFMpaJR~F2J z^3{$R6iDfpA)q_@ttx2$ZQP=`DD{){KaF(*&pHRz3^UKDs&=T>lDTzOppCg-NDmvA zb-cf|{ycI0({Ot49{V9^I9I@u^q%^pA(_cQLHmceiXcHQ4mJMW2V>`zmz^-%!aXKN2f)aRd4Aj`Fpfda9%vOt2?>S)A9VW+uB?fP#-*<|Cotr1esMpbn& zf!7nr#D6-!OWSr1yL>Tz>yNQf>i&@Vj!OW7NO=Ggu?6(GS>MOO@#j(!pZO0x9-DoJ zeRlpzdVApb`Fh#;I>Zg_71DyJSXfFjRajlWv=R`lgg8JEq{kTGTLUXxYLZy})f zz2$gpOtm7L6{M^8js`~*&kMEyYv8EAKGq^+F3ffFQMB+PZGM%Jvl{hStZMT^xy)vL z9lI1BdkmCcjIglv%Ka$x{5a!6(PVK`5@qfTU3E1&l3j+G!*LI4Ym7%;E_eDjPPmYv z;O?=cyXob2Lr&qR)XLHS_$KduR2YAWfkUmuB$PI%|8{&pWk-hH{l`yqZRy^@`%x*c z4{&YNhK8Lg;cD>opO)3P#!=5HD36V@t4MR$MS~4~+7F8IS=FBkOcynmdY*`)ZW^qG zuq#Rb&w`Bjrsb|u)6}*kw>l|4EKNPZsy$n}>`pafii?xH$J-Ba)kdr@ht?w37Uh!& z{3AP>5j$J!q_nfXiPUs{pl?8lr{G8896xs{_@DnnZEr~2M{cdD|N7tX@bKDT`x~(r zMuzw;MnK=;#lbwOlJf0A*|_&1|M>4snT651Iw6kh?I&WR2)tP^dPWracm4hAemeY8 zE&s#v!9_b~QYJMzF#R-71Z$pB8a|7)$TS~`ug2AeF$)H*EGZ8(^(}DjjLiz)QTGQVZ>Eo@4C0O zfQA4(Jw4I5w(Lnp5Kha7&0+S24~|W)B{`EuBb4iQp*x?iBs>M!H5JaaQ3Ea3i`?0g zfX&pH2vmsh6N>3~i7_fQXULzOTt!QoT%pM{Dt!N*`^A$81j>50_q$~~JZDvLTa&2KIS!uCCekNjQxm#wH=PIVtnZn%2}QZDHbh zzPwISqse$OwADR@OA8-lohQz%709sBwVyLKTKXRx zaL`he=%q{8K4Lv=yga8A!o6BTBnEa?ErWM46%ACUuEul4T^*FURcAN5=^92A`|NR; zO}1D_-Q+u+yR}VTZoyG4H2i}e3af>{6PVI5R3F^yam8esY6gt+Wpm4fTpN?ZZ*gH# z)O>1lFQ~7}bF{GIm@f{Yk2s{A{@5v^iSw@4H~T>hu)?fBs`F;Z4!3W7Oo=BIx#%q$ z-Nq5VRY`rCJa+~}5&4DvE zEu{D+*4eK^^re^gE{3S~FRzR!OH)J#CMkki6?tDty1cKHcE4n9RYTi%S@^B^d7XUb znCSJtVZ?b_EmG(WH3)+~09sM6}@ivNTHspu||TEXnm zquL}ko^B|t9J;YH?zv9FQ9B5_4g#E%303{aN8)^K(=rz(G1Zg;YC2}zhp7D|un@8> zV~w?d8Q>yOS(j&I<4{_UFro|LdC4(V``$mQ)}=Gk!zB{41F2_sH|h{|$`o(Rm}j_7 zNv6P8<8!N@X)5e#ImFMd9MOzZGj3`a&6LGnEtlZZ;jmVlswY{@B=nG{Xk%Z2_6rd* zPu9;#@~;kmG|x_VSZP8(f1KZQ9G3|TuP#eW1u#L$;gYlsx8!4gZP<3jPR*Zix=*G^ zgc;?g=#G0ej`_LuUk4&8UTWiMs&R^A*uA>D@$y*;#K3`EOG{424E?&Zqb(iE{7xEm z0|gzd5z?{pMJa3S@3>5C!g%H*=z5cFlGr_x`tox7Iog-V<(A#0uAMa~YOa_je~4cX z-v&7pnil%O~2@Kd-QvCL!>rlaP8W4w(C1P-#suD%qMYf z;5dC}_I1Hw-`1JbE3vg*S{>fKAWakCq**EH;yvP7chQZV*zSO{-;7x$ugJlwpKJw?wLeKNNzDf5Tk!9^R*sAE_(m%x@^eq>acx4k zyzC89($&}y_cfp4T36$n*WSuHPEJ0UK7}h;duAO zz@)>c5V&LkjUFcaprfyG`wD#MRA-|@xXS|vT}6RUt4)Fad3nF2r*Ju``@<37nSX*u zWOSd}DDPq?e!X7U_h59Fex7L-r08=$UW(fvenzPr?EE0=kJ`sefWzF@b;B^ceVxWd7@` zcVZgs``(C80VVMOaCLm*jmtBglLbpGSNnwOmg>0?cosBMe)jwMAuT_4um-s7*3OS# zUNEKh71}xLN38i-g{Y{qDAgedn}dq-W7*+acQ$3Yo`EIaSM=M>+nSKOwjWZu10Pyc z{2ayQ`u!-2w{r9JsaFC$;V&dO^ut$w{IOIrPPqH)&o;C+d zyzYmGk9!aI=uFxYLvE?$`21i~&hhS}fqBQgq;dV#B92UhNR%{I&Ns0m(*VqU0sY8M zf~(mU6&7_dvzyy^wNs{tK13eeKO_R4eMahBXE%N1sQ{#&k+8hi4w*S7nl z_&9y5mkG7t>G5P_Y4{>=pC>lL%nKG0Z!4*d|h9Z)&uDJiQa<--;V@uD#Mw~0DaU}XhbAcKC3c*p||8m zr}t*G{D=zP@e`^^r6Fj~&z*2gk9?a!(Ts~KRp79pSly-ZB2%ilbQMm<#@vrOUbK-L zJV#mPHb%|(kRQ&!*<3Yd`JrYs+2nHo>(9Rvk{~~3@3ALu15j(C_6$w*ef}*+NW#4f zym3Vm`?(%*f6y+P64}@u&~xN=2z7aoyuj23gtYw=FY&5i{;#9Y7AfWZTm|vC**ZY7 zYWp%54k=_fJ3kZ>c5i3}fz$H? z%Ztj(Q!0UO&y0hS)1U|q7N`6-TUm(->=$#yta`aA=jp$8F3pf{?Yt@QRANA!A}(JR zlpoUznL&EQE8#haE8NDtMK?$p8zl$5{%p@TEkC)3J=y$2|9&rQH?Q@2@I7Fp z2y=b0mKA>Hv>YuDn;M>P{n-{X>F4$DnA3+6VV~EBfO9AZ``*T-VwKx?Vq1`=Lf6uZ zYKcI;_58VQ#mycDkN7y%n?AA4r4DM9le_5zx3SGsd8gFm(EJSf2+-$koc+T8Ik_e< z`FX&>_Iq5^1lj|_WuGCYY}-6z*4op14>-zxj)Gsio?zw5554rFmB%FQ}D^hsx77` zN4Q)T5Y3EvlIOy1UfH3{8mWtn1n@?_Xz0P@sqy6vCQzt`ZR%U-Jorgg2>GWraeVa` zS;y~3d0e3}Hu9BM;!ZN_g$)j^VIemU8@-OnXE$(JXV6qtVMMJ&DGx#WG_-qILL_sx zZ(A+oQ2X-Y;L`Q1y!HIN+J14MCinWypF86D;n$8V-3M-@T;=@*38kO7jfu4u?q&*2 zPo@V2_XOG&VxP1rul1fPvGA779hcl)rjj;Y@sr7D8Y>mkctsSh+3#FLPfw03VxVT( zD<3l{T7A=+4T?RL^PO?`?LbX%K5vMCzo-6-d?5k?6)pc=PNy$c>*UfhBy@2==qDE5{}oSH~xIrIKxrw71J?cr?8=I0TzW{ajF;Xb?a zNm@r@la}pq8Dk4_+hl_v!*cV^{vkYi11F#h-B$h8z0fE%AxGw?@ z<9)0>5b8FWy+idc*dzHzWL$KL#_uNc4dhx))2M~LfN<-WLOy*zs`0T1s)iBl3p_hi z>sNF}sA8Dp6rB?^EUnW#zEm@XBM)!-LKf;kY_f_)*vp(`XrSj^!L!U`0(xqnEcV*g zV0C^=@GBJidJD;v{vxO+{nl4j7K^@jJ|}#wCY;qy`?_7SHj;f)e%@#Q;fSxBxW5hlYMys`+kQ5&I(Z8? z{m&$)SXHrO(#PfZ`)H>WiY9;yu$JcXH&J<)`T>_+oG0<4PKT-d+l51UuhlFYrFl|Y z(j2y%>MbuYB%vLiBC9{&UyjF6BHmIhw3#4ZeY7v&oJBs`s(-S3f(ZM_-fsTh0D7JM z@PQIrU;d6as`nWYfim#%1Z5tkzDk`hQo~W1ld-*bsh)g^aGTB8F^|PJcZam}NtNHZ zjot%fzSv!V+nj%*;n?4m)Y`Q&Z|TfipL{Azhr@k;18lrqUptiF!|GG?1qq;==FeyX zd%)_T>EtS`Nb$a(8}>muq_M9jv|=K1K{m0}B*LXtUSJnPsoXqtfQw7CR=-;lU|5vW zTd_k(r(zIgE_9bKa65bXc&saa0zv03ASJmHp)q+?X{w z0F3esl`-8ReobU@K&Jk>e=3cPodp70leKN6-0t3x#BiU)NA>8e@p}0*O=NvFVLZ6W zXMd_J@tQNm*bXM{o7CLI6x(wz2QD@Ah}QW6^YDG`B$_n2cG7g*c_xr{U<)h@6E{%% zzDtmTDHaTo4{z8D)w}(hy&5Y`i{0{B>%3mXD@2sAM+)I9bQJO(_{sg1=17qPC}hFY zV(~F0#S=uCyhZRVB@C>i%agCsZx&JWYFQsfH#6chGW#7`j{1&fS3AWyoJxkOhGi6p zS6g0kn}u8-U23HIMYnl~JDhkGTqp4rq3!Ri_&w0{{Py*0 z;(F*8=<2YHOnTU+s9I=BZanFs!EgG|0^ra%|#sNwCNrfkdFGWWa=P}IQ-+23pmItgfq}T`a%n7Wzvc9P+2xmPCd8Xnki%8DBD7V z+%zRtvA{_F$hhyxorH3x_EQHVvdK=m0cbR4SVpVXu22Im-WLu(garJTpUe0gY%I<_ ztA5@;g|)qtikWThyvpb;8#!L^r^B&=MCfo$=+cC}9ekt~sas`!MSv6Uh>On+QJc~! z-CEDwU4P?Rus{eadcBTFYbl!t;AJeu!CFY29S$Z#|2}Cgg`FwG*$hi|l7?bREP!j; zj~Z7i(QgEH(Bb)N@WW%+NF8lt%xKNFJ@ZTZoF%GsWmi+ki14ch{hD>d%j!BoNtheD zDD<;@3qW;qTseQv22mLqdPh6rYtKv81)o=^&kxaWk+~kK!>6WoQI(Lyj`cOhX(?^(wYWNDEncEOGuB0$@jsP5ny(ew?Obs<-u0O=kj8CKj(!gFOyN4) z7c!PdfVFS378b~t;37X}@Nw?L13H?ZZ^RmqQjP3u??wI2Rrl1o?V&oP##f;mOIs^; zaN?`f(asu{hkOtJu>1!JrHZnXeTuk2w_^5v@?xaYlE9oR+N=|HE2v2 z?5|#DE7}ezw&KD`Y^fe9W-UdI$5Cgl7OhPLp!-`k`xY46f;CK%zLR-+&E`AcSEl4)lI`6RL-{#)~108G$v@J_*_G8s76ar4#ax;5$`> zRJ|{`r(gpI?&J`TWx$w|o6wN4%3WfcB+WLmHYp2ZU{fxKvwp*N3e@v}czO$dA3^)& zNiD;c8eIX?k|thFD~O+~s@k{kOlYliG8mW<3(Q!v7WLbxvpL*DXzyo6;Del!lluPl z%H0}YG!j2Pk~pwjtnsyn%6m`iIVs!Sb{{8NR^V_csdN|g znKZ;zWTB|+?wN8*2ys zijrvg%>D?|Mu^jo+jJdmiIcw$rA1Cu&-hr1H-<=5Ufc-r_CNqAF%FKC_rai{=A|1g zP$9l+@i$dzemWleTM)j{^P)74!j)RvjuqH=TI2ifnrV}sm(80e%2ShIp7w8_STOw7 za>!LuODQ_Xpt$ah7jcE6nQ=|y2z!A(k+l=gdvvJlHjO0@QanXG>@*6ml*g;q^l$-O_JG3Re#qlfFX1WhpZ=TgPdWGlQ zUN3%nnQAis9Hh>35XZJ}dmjCLPB?N%?*}6gB09{_w=-?LZDi=;{-3^MZg*4W83y0? zTZmLk0k3amAfxf8|K_FbKh|&I1g{yzL>RVa>+UWc<>66e+l#rP|KP7RP?M<`yROnS zK2bG)R^eYSqO#XiZ}yY0L>Q&z1-#l$^@`eWIyv3LOrR5|7pi`o;n~_+XDqpjx;>gr zo_0Mf=^Q?A!TV5P!b^RX59K4CJv&_+y{msBBFmR;ZnK{)?ic>fuv>ud4~Zk2TJAG! zTX3}4n+)^=;!h*)7$4i~%ir(g<5LR({K#(;M?6CXMmCbOH^QLvDOvM?k2)#0gH+Jh zQ)1e+Y5;hE{y+kb+9fK0EXB(Nq4r99Kyj$o-L@9Il@n#jVZn4 z@gi4PMakmZ+nRt)`f(W|lQ`p>2?Ste=_gjK6>=v^ zEEuJgJJ8H6l%hA?l2oIg3OkokZn1fp(G6f61VcEc2_qQEo#*gMjfLG}v%m8i!*F7i z>@xot#cBnS+6p`T4;4ua%A&3L`vR1R62dw`fqZL#r{_uYJR%A2IiM_{>eIc`EP(dDaZPRt1XI9WXYGMdGQU8~Nv80uwgF zCaUO6&5_k?;gWKc@urUuae;6K|F;9?m<$$vt+sdqNTJAFeh@3ufw5ijPU6F7gxZWlBDvc45K?5LX`aL{i{FwqxjjEsI1$bWNpW;&iZwPY+?S~5u}2bR&yPNz=~ESaJT;)??@-|TN< z{!qpCzV^H7*;raO2b!~qlht|6Bnj>9+8mheU~!-9TC7dRIEa^5U--wy&^Q)O6s-*x zt!+YXy7qD0N!loH87HR;m)PD^s*+3yvCNh0c6}SSjzU=c#wptCzG1&%bR{9s^pmvD z#R3`}P{Q?{(OJ2HBm<**%0DEJh}D-n&k|c%0W9$N!o6DIy%l<(o;YaT1rW`|f>)M* z=xf7`xdu7Vk`1=^y7uTjRYqCqUHd7YR?yr{z8kNp`LMZ+sEp+K`s%*ra<+rYp6};% z_(9O;Gd7&Z96l|Z_=c+?P)7wTiX57>^vt`J%B9Z>1r1E?y@3?kS~S)zgCR-zdZCSR zP_Ee;hZV#jyrKHC2HwxY;$rgP2GhF-7McnFhwA^f*I>Zdb*xv;!YN8~P8IR#ko2z| zb{KV!DDo`2r_F0;A^5)Rsu`|7>ZOrJg0-bW!5bz?d9Pl?)xyThjE6$pUFC=yZl9i< zvSQs942d@xT~J%Ft|0#K^sa>KXZ};3ycz*l`owVo18PQ$n+&;B)OcvJKT2_aqR{1P zBW2la+!5u{GAwKzs4UMtyYUGEd6eKKm1^M&ObzHXvv%92LWN z^OXB9`hV#4SVznG=rLh~>!Gtq9@^pm_T40QyTEf%*x>5O@~ToQr95)A zXLl*qD0>AHK>>ubS7Wm=d%tw%9Q($;KtXP<$;Nm>4%z=JD&c4 zL9=qdfk6plYhHg6ShJM^_(jH&?%Q!1&<*h4Q=CCdbI2ay0g{NUHGd86y-^&lbta6< z4@g}u{-9xGnDy}&1Adh6=i-9jj{+{{g4>Z=8Zna}%)$&?ag@2zb@_zTys-rpV*k&t zolu6CmA_kSy-QReK%;CMi_PHS^e9uIf z-}X)AwhT{eqxzrMCE(b3!;YeKWq)ymwv+qX?y26KC9qSiP|ju)3pb2r`H0wa0Fs7- zArXwJw(r}g(W^ZJ$P0Wxu2!zcD%$vnmj33VTS$2N@bUt!n&q+o0lkSCkJkteG@W}`(9VOS$H5*;xWDP7pXwZ z^O3Pa-@{&}bwi?&nrN&pkOyXve}uo;rh{VK*QBKw>o{*KN%zqA9j(>d>sx?ZDiF`F zbx`(ju(7+)Lya<@ylzJ?Ub2E>B)tn~J*qWpVBz}T25u$f)4U(Uy}#;P$zkD%Eyh4X zF}C-_jBZkykEA%+PQ${C=62noJtZtPas;dSbJr9jztx}dk64}DoF5PMAC^n!wKx4h z8$1Byyd4#^d#KEL-J(&XSwSv9N%e)q*SnIj`jYeYCb+(Uc4j~;^;SXRJzZWOMSg7A z)efb-z5tHz%5GnYgu;{$5tJ;QkudJvU+Y(&19XQWNjh{4O^?HF4__Lz6|GC!Y%LPQ z??7`aj2W-2uy2E9Una#S)ihdn3=QQTXe5;~Azr^Y`J&FtB@Nj2?Bm>{k%)y*1-?pD zX~yjiytaH6cp~e7@!R3pp2?d7lZ)m(sf|a;@!46%RT5ktL|CD@fDA=hd#^tKvtj-& z2(GfW0P6}BXXt!lCdm&Acbtwx!CIuF5}f)6!bUD`ClpD^^iq)`FJRQ##JHN~M7U*rxXRpZrBmmQWfHze8 z`RAfZ5x_EQ$xi0}D9!OGj%sOg(-X2p45;`6eR*P0AueWu8B(J^;#?Z*^h4H*EmIjQ z-fr&Ts#?}l2jPB#3JG``<*0od&#q`>yz~B`1xfx7G+bbDtf+6Qc569;|4l|-)Wz)h z_=PsC|N2fu?Va@IrU|((;|VbY{S5Ryf;6N_?wzf)9|CqmdZYrDF)EDygMVUTXZcKJ z>28G|)!`-{uJ5@`aQ9Zc1HG8%@wuJ@OQgQuwyCn_EUY#y#bp@n}Vxd{$$%Rp>#guw|qh#u{x1z3t^B7ViK` z=6Vkys@ilfcCTC`THGx9-tS`!2#kfvkk)N*6S9B|ZIPJRs5Hy}llkh>OR{!|rZ_qr zbfcyBPa9#wMIMWalkU^FniqD~@H@`Do@(hy{&Iu|*c3U^?sM0$siAakn1pwL1Kd zX~-9w3LH@O<8%&e1W`S2;+a|ir_O86TbWFd$>c#6g_weEEP_LSQ@x48&kvt2o3xj1i=s^>x^3fUfzAwo(a+Fz3x0GI`VXLStERhDte1y1@E0 z&^&?E(XFFBKP<{{D;x~0V$xA7Z^Q}*5@;t9>2g#al zhFsNCt}gdI^;2X2OV7Mcj?{ti?@06QL|Ac?@Bb2_v;$o2)F+;gPr%V$aF}tkilsp#1+fJGMKG4I_v^*i3kuH43q56lDuUd2sP|6M32COaj*> z8<+7Nc*ZRNp1A>QsZ z+ySqwID?hoob928t?&te>&rrOHR6Dega_E?yHSl`$FoL;!{ci|?$t)HWRxgEos*{W z@`Jr0<{YMjgH;zp#u7pSOQqE7MgJU=PDZF*9K06d(gEgpvY*R{kJBFrzX_rE7cCH< zWRNGw2V<@uA3ZHR$DRn--ULC;_y*_md}|sMO6`bZ(GXNV=VP-brXmhV#cTVGM<{hs z020Yzc#)4!p68QHVh6i=tp6;1p2TfbEJRlA2R67!m1hf$qpAWTQiG%16JB&DRBxl^ z*y(n4s>KRCkDK?#psP1b8C#qjKr_1g!onfI{WuoBlRxBZM)Y+-h4Kx40!$6BIY*NG z*xNBxk7GPGe9WcEmOotqV?_r<9_?NPvgI-b$R(_W(M*BUZ4Q%7J*FWc0*Bk|CY_FV zmjLFP9@H+0;ir70e+k0S5qiitSwmiJMuchSF#qfhc25POb>R5brWbKh*93SdrVZ3Z zOYdtAn~%Ao=Hz(p3v*3?TJCJF+zR`Fp=DMNh2eb~@9z7xJTv*R(MaV;KzJjsDant0 zxYLo?qEG<0r~!;9kX>gk2Yqg+g2kEq2v!Fefkz>|5Dm5~hs8WvE7rEq6ffT5nuaynMea376#%<)@{LyJ8sKFiUt)9n%E2B+- z^YnJh+b|^sVIX4?`nUrq(Eaa?SOpL*lWz@6EFz-#g!tUS0I}Uas`^a;?0{mqi?#iA zeqPP1oGGC?HFo>-_S{fkJT25y#=l=?(cM11jwX)1?j+c=QF+YC{ZIx5lg->;6Ecl; zv5M65%Da^{g)uf%HKym>(h^u9gh~ap0)~+4H5oxh0RiA8OKSBL+j;P1N!bW@# zbb$vE<8b|?yq5D*cND(kv} zR1u^|6P9%q5flZageEG49(t%ML`A_$l#+lhM8HrK2t8mZYJ{MaAiW2O)BpiOc}~>b z)xGcg{k`A#5YGRUIWu!+uDNDd)Z1r?rt*UCrzL}U>w{0YenVVAV~Ztms@r0ohACVj z$EK6C2-=HP!|GKvVc{VbEsXaX-U{4{n?kdSggHbZnm~%pMduKq=k%3SeP_X|B7@_4 z3;@J~i{XWpT{%>mQ1IHYLsnA4mB_xkz~8bqt`%Rqc})p*#ity1*K$^~rnCCIluU(t zrb%r?fu4YsKXpVZts$lv4?)0WN~P$#usu&I)l%&x>=eY` zbL5SVO-sw|g=oZlx9Zqv^zm~bqMDRf!Sl@VtGTjMl*_2^MDpdW+hu}|v^+LX=S~(# zOZ`6cnw}g79aa}e*iR5yR9`y@h0nhJ6WEqP=kGR=q*EEybkLp#CFfl?#Aek5{+h9Aukq2tG z@?lL#o|)Z0tk*jMzgBZ%WNqR^1R|SM^X;*u3=$o5zyZ7)d#y~*Awa83&!O#|C9gcJ z##jyICu5y*B!rGv-WPIAv|zxpHCq=n(4kn70(Km$W^$d-FeqJXqf0@AIbjczlp%Zf z{dE<4Tpw$7sP;_*tjF$rhvz;T9K{oH6_H zu#{Py=XYE1Q+oL1G54~pp;q-Ol~vd^COAV zpf=*-<&e7`Q%0Kqbfk~Rvgz_^0?ZHvSN1@a?*5I({O!Z59%Hz^;&2`Rf!WYXPQRV~sXlLw<%Ctx08*TkAXcMKc615g_3?_ zFm}c717WlPxbbenb`e#R*bF=V@v-*g%&;rfecNoJ;XU`pB0t34ZQ-~wP*sdcInJ-h z`b%(~Pw{r?N8FW3@KteG*C-k$5_qkitW$zzsWmXZtq&8{-}9L`%z%2AXjR;gj&sK z99`Qs&N7fmR@E!SC~Lm#hykHEpA_6wJubncJS*%`{jaQpZlubOrMaQf=f=73qtA6y zfpwSx!H4E1+THl1pb3nDpqJQJz4kkAsAG*xfN||lU#>o|%O4HzdaBGy&X32OCP|4T z8^1oQHkP4`I-gR|)L|!j2}7KnKVyfw-(7kOyFGapD?AnyeXFR>{X|-6alzrQdV>n^ z-v(3NN71rE>NvAQrFXtMPy4v5R2(VHC_SKSAp)T%dF2mfB*;DJSBwbw<1yEBsZ$EY zA6a(fVQMJN9?*tRB6_t_gK#_*9U#5@Ibo4k9Cmgd1Ew5IT|Z*G^|`P&>>{@ z=(eX}TT=y{1N01Lm=pS|$*HWNC+isa8(93bt4QB0O}17X#2>E5P)!H!FqlE@Uj!5* z0p8!gZfFvzhWX*?_LN6g6$sr{p_;!I=AF^bUM*X~`iQ?^y4mf7dgs||jaw%jL6Tl*tn&)r=$|5-w;C0t z5P3T2A`9N&LA1S$uDF!vf-L&N!4!+M<6iF1z5V@bX|=5!j{W`eDD-&72UZ(Pg(oR1 z|J~VCUjQy?lZT9tv#t^0~0`aHfHYJu1SNWoOs^cR;T-29z|N4H;O6NoD7B^gb3+ z3oxtDqr5+6hv(mRGt2vq@*afZQ9=z_nZwaxV5wL5<)7Ba88_+YcW}UujXbu#A;;~I z#|}F51cG?^9nQM_O7k&yBOI;dA2wx~Hv32d|MU14S@z@=m;HSwNwJzD_o$I|YADm-3&jj;fu`3ZzuMD8B?6s=r#rW~nrs-RNN!1choH`i6SZ+|M zE`mA0auPSkGl~Eqqhq`GC%m-u?Z!yQv%tqq*WTrye>k{E_iMlPo!Mep++uLAGLj2)ApDBCjaRA+D_qHp1MAyFc!lXAGc23g%d1X=> zDUBV*MymTPX79GNt(A1@&xj>iW$d9hL<-T%+?`-JP#ay_+Jl?i2zNCza?rvexP2pmDKyg(O?@hk! z_?U8x%)u-i8QyCNukF@5)dsJUIpRK}o;EgAGLmO>hQZ)^eNwQFQ*LkJU1GUntw_Z0 z97Y0PA3-Z0i}ekDMQKEM008v`H>|M(|IPe905&fH9XWchS}1d|+Q(fa^5?^it2z?x zWiSJP;o!je_72-~D?=RLd3nK+=?A_2lXOy$KN$HiRdIL8OUVk^j8K`G z6#7#ZM`LohKkOU0Kgo{s5)9gR)go@>(^HTJ?U}dfBb6_sJ)~Mu6nV&Vxv##TQ%dO= zYGyff{o(Pnn=(RAYtN9S5Q48C+~p;J?FKNdgrjjjZk1frTa7fod^W&;1=bh2WEYFI z+h`b0PB7^~dcXF+a)#U!KkaAZ{3!a5kr;y?cU_rpD^O2ldwzo;@1C}`xzL)y_I9Dd za~8@>jnkR-*lxWw8Ktvd0Qs{#w;viCiOuW?ea9+bXQ1P~Z#c#}ZjS!B9k_}jkanT3 zPi%0DhONV=!SJOMFo(w;7HK;o}+0>lrCM7cf-wbcA z-fCoQ(!1LiN?jyfZJf~q*mlU&3V4r77#r~dKWHw?~pE0=yqsq&~WvbXvelGIotVoE(;qp8e@LDtyHN8QzCe{o2Z- z-`JKuI#iE=9LTeD{L;!p-$QQYG1KWwW*g1K^^tT$6RsX}<~Mi-$pH8b z_5%?p4ygWPlcr&`p6mXZTQ88@?+8xhq!3cCF?;hLUMsizu#y?hHzxA)I4b;NBxu@E z)~NV`Q6*x$hKW7M$EErHSVmY?d504}|9Opq%%!T|U1Uq1gT;+ao~S*5J)F7DuoQeg z^yB*GxO7FT9Iu+Z*}_)}{5+DRW?U=t|B1xk>!8X8S@?y83;R{YyRIhu=jbctmHMK5 zBb~u3cAI%K^GT{=_*AI@u27|K|9YW>z3p3;yPpsLYg$E?TA*Vu2n*F9d#4JlM^_|j z-6rik%zwh| z?CgL3kLO0nO}8PHH*UA2oWR5!74aTmO*$rQ0e-g&vYY*hJ0w{?)BRZ4GF@;;+YKL* z1P5&sD!7vbI0d5w28;ag#b360y$HGPYo4?I>;U8-TSil)IM3u)jxxAx*ajp6IB>@- zcwwm(vRmEyn;#yL>k2sZMDrhs0#rqrl>XwrEqg0PPfgzTIiR8-YMkJX*9p?f>L0}J z?|)Ee4gKL$*j?|iK}OO*p+g}1=CURi+V^X1_eKL%qrH;Q;Fye9F1qz4J;xX~mx<6U zo<{aW;R_ObN_eR!6WCg72TfvpunM3F#A8*>(ILPky2e>&wpN3*MLVcSe4$QoCHG%7 zn_-m~*Xa7dExVq(gHlo5Bs=pmYdiLZwAZGp@z4Nls+Kpxqe73zw?cJ5bfV_^p;o{0 zE4(WpGNmeO5b@?(L1R~BftnJ4F56#AL?`x?13ddAnH?eODYKri75=&dU7{_T@9V-q zkdwV~m06(O#9wS&95jfsJfXxS71k87V9G-Q)gKF!s7LqhK$1$+ z`s=JB_!pfMl~=t(dQ3mj32#B-L^^)5Aijb1TF2|`83-=MV#z^^qDqiQ*x2#hfWFsI zGI&m^%S^@_y~EFHM4U{Q@Vz#rdxLRA`|fR4t>Bov0ApS1m)t7@p?ku;{jr|mRLRN~ zKytrc>|id7o{XG~e0c2)D#9OIDOpI}uL>&glfOWdO5+d$2)}+Xt=qNeZ1UOGaW_A0 z>5`uSEyUK#N=G8gXinHu&YAy3`|DFASNI{+$)d3o65-=IKxfUMZuTo)xs~}a8C0b` z^$#l_&afcMSmBbWTJg@9%ltJ9QMm$&&8mb_#yVmU=h2vtfO0U@JNVQ(5fc*E92BIR zq{Km2;N~9c7Y$tMm+t~?0m#3Yohu&$FQ9x_O-9NhZngJbC7mDLO9si*XjxDFVu!=k zEpo{u{2@kL;n~7J{VYd%A9aw=%U{^h)YzUgzcxPU*|YOed{{;A1~sU!VI_wSI&kXy zCN#Ye8P!d@%?Q{*=~6yQy^u=yW~qKSnV0MJj(yR-5xAN;!7sr@cL**{yp9IjZ8GBEo}uc}x&%Oy+~A=X#s=pQNa{9q{Ju2wNP zfk67(H*}h4B-D1JUsz9mcdxxzuhEFe z5o&dD%&EU?QTO=j!4SFS;xkUthS&EccXenMIC+G696d=|2u!xuKIxHOZGr04nL$?1 z?%=3amDZ~;E1caoG5CT0yjERi$E;a(BAqBY+t#?l&nFH3_!1 zxR^SaZy!D4P=E*->l&9xrfny2+GwFoU6f|Bufxw+LbNze`h@!U5Wk2B`6@ zp`FkdB1R3kk9L@rlXB^>yqaqYCHJlLLu@ovkCU3(Cm&D=NAw7}c>*9yr9>9wJVS88 zBcSpK^pHdcD9Mi$+4~5g|xdj3kN!8 z6Q3JpMv^)>PY*qcXGI0^B@dTA%sxD@ixT^I3atFrxFpGx2M+6J7YOWq_0ca59u_K- zJ;o|21*nlI&O+)ZmRWR3L1X@_S^5G0CwwB(Z^qqIs5-Os6wtSMb*+qO2YFu?bp5+k zue_}V(F)06;k4;k&Z^!==SaoUd>Q$VN)1scTJTNxd;l4$a)z90{NcYq;-UuBcy<-` z#l_6jOx0R&WK?E$+GRL$c}GWyHhCC zJou(t&KL;Hh}V8Uy!(1KvWp3DaH*x?e#IhvHm8}HR&OmTtAFnogMVCD;4-rN!ej=? z9@2gNkHS<3)NM63d&|Ts1vp|6U&!S10{Y=-p~76SMXnptAChqam_%mAZsI4 z!-swZ6lh8PdT0#}Wxu#VjcC)ItYj1{cwqB$9&P&E1TH8k_5!r6 zvDM(h%dB+HccD_Ao=Z~D+=;RY@rl{?$m(pr7m$B_F;LcMnt^59kk-bi+G`bKpk$GQ zW7dd6d)q_(K|BCozqGsiPUadPLC?_~595C`yrx)hRjniUgm5O)!RwGtQxCy+mX<{< z5h^Uen6&8O={`l88I($Bt=0F(UR(p7?~(aLBtp-rG~ZWWI#|Id@66-uyKgyqEO~8r zyg2E=1hC+y)s9ZYa|~ybl&&uK=blo4ud(|re4xC?8+rnDMOw-socL&&Y^kqoLt-pc zCjtq2RhIaVYhyP6LhJ?uJr82XK+S>UK)9}hRl>`nc#tB+w}C7!Lm>{SUJ4suva~#c zHYRj6f9msZ3f{e3vF4%}4w^MLbtX7i>_=U*9}J>H^tOF3RCI=c;h#fDKL;kBZcizS zbvy^c=#Rs~BI_PDD%e^*A2-5_%-q3W2Kg{2Qx4~W@Kc##$WNFM*^t?w$2L2djerXJ zzQOifqA93>ew_5Zzz2cMS7biWdd>cQ1oqx|Hvhx{H;qlNm|mVYQFg69Tc%Zt858o8 z{{@sW130V69ft0hkjAY(x6(BO@xv3d-i@op&-T zGl0&E#7veXa4AP#b_KVASMy8yy1L6==GO4A@dK>~@7~A7$AD%+ zZ-@H3!eQ9635GnLSuur4Q%$JYE3yxb%Y;EZ`vo8YCbBAt$a6TrNzACYV!sbnW@Q(U z-#~NZ8C3XTiRcOrcr-u*ey*R7_*9X(bes7BA?CEr0+a^%@n!cK&j5mfJL6OWCYj!_ zx6LKpST7_9^9s}b`}B^WRq3gIy=11nvKOGb9Y9$&9m8)GpI$qvHR^DUlJoC-f&nih z77J8xXaOf6$gR^V_WreE2N8`1Yd^pSYD%XWDT!_ibF-gIw^!&@%;`WRym#o`9}a)5 z%lV^JElE{u%+8Li`KHTuANmddR%Cl_{?+{@+)5=^5sHHzSV30 zsNI*=d;4bKCA__ge_=Zzr%2!H!0@U9V)MRWkWTtWb@8J%PV@zr1y4l+OyU>NDSwQ| z4=07P+bSt6_~|cRjUO!oeGc#ity>EH55s~t0c9w!FhW%z5d2>!AG8h%I%xWa|3GB_ zWqRmyQGiAdY4YDEr%ME+N!VzFu4jmA>#BSSMH-z8B$UF&*GmmU^3*}Dy-k-@}u13$Z^3DQJk zI_JQ1Z#l3Z&>Jznn+rVzXo`*fNf6Q6|2@cBQDq--ZHE%bUj5I>AVMmmJAM|jm7uEr zuWylA%pN^XTgdPWot^IuJ&VD6i0D9Me}_Tjxp{kHwf5(Y5*n5&^-eAaU+2-yw2GwVL(-D!nC9&0QMVP@n_%w(9Rry)kK8700p^~Bgg_qbF+Ew>L38T zFqh(u)#5GzPob3y&@-;R;y}Ha)UaM+3SYjQ8DR^fY16WV;-1Osa<>wJ)^3}DB=&u5K zCkoHer3ofIn#DxVbJ1^u(m+-UV&n$ILpCnDn-KkGUre0e2Imz4ESxQ{&Hj$6rug^8 z5!-C`L*KQ(qyR#?et^6`D`tBKA=D+tnQYwn2l;$iGI~Vion7=J;cclBIPbQ_uuTvR zD?LW;EVDC`2s`SDKUe|<8>hv1S)A{G;Sg^}u^k$5J=1MPPajhRNb=@5q78_F1lBSO zoF(sfXDLNpIxBKpA;wC<|E?J6K()=@EPp<(!-NO~day>Qm26Wjwb*eb3e&hhgb-AV z6Q(!1gUF|^OG z#9h8zD5_Zi{FT&e1;3Ae+q~|@D`W(`5hH1ZIGq=o5Q58>1;BrM)GMLVrrlu`n!VJ4 zL`C?-iP?{pFJbKuG`6Y(E~)db5xnm#(H@L-jg7A9=gMSOdy}*Lbv-RvEELiz1tbLk z%|6?2yIQOBuRVSndk)Z$4Q0fa!*iWdr@~W;02qTco+B^Swt!$>pd8MBaMeH{$pw@A zq_U-A$14+p6sPX(_vFPR4Jse@+a;|#-|Y@=PaYeB9WXY6)Rxb4M9Z)p@HMy$htl`g zJ&_*n0WFY9D>rqTlnIfTu{_zvPLAd`SQ#6AP~Tmqppnpb(M@}@(C-Q+1ohJd8H%4oncFN}MYeUwIU>$H>G>@b7@+H~v7;Z0D=0ZEgTog=fnnT1Y(Ha2Fz{|}dq zP}>*g=sA?$*kJjtF6|_LNh6@RhBDdJO}@DFj5+B=-;?KAgKH*a{p*M%ztI!-C5% zXzoo$EvCv#u5crBtclTwmkU*hbP4lRv?Ns(b)&?6tTVQ#sxS%?(+EDK2kGB)>Vy`=+sq5&YhmTtcg@F)T{0+6?FmWDx$$yLz8YddljnmsB zPW#`6Z7d8c^U=@Q<2$YJqYZWH%tUtK!cVICo&JCPCPbPgLLYMA`b$bBjg7o8l(xVb zPKZP;&-%+R)p@*w{C{1MohAv6BF^O3<$RDU{6IL^?(V9I3`ZKrU(1n+^Rid1O^!qC zhO~+s45F9dA(e(i%D$MxgMVEHSPN+E7WXBPixQMgj4n#^%Lm^BrXzr@?kGUr4J!Th zMPLBqh5U~B_E+i5SZp)|L|`zO3P_A7IIT3`yBO}~<^0z+?f98nPY{d4;Zz_Q+ahXJ zn*_J50t4RyfVBGLt50Z2-DlEmWioj>xwX04mND zs>tL;bt!|2#LX01mahLEm{YS!4{mtrhMb#OM6WKy2mzLw$Q&btar^!Hom?OssG=T~ zCo@y*`<}qyWp>;LdE4P21qw(}gA()!^^B_FLO{t5=g7FKE093n3yTNVtKN^YG^|!_ zZTo!5_a4)P2XX}pL}CR*Y0%*UKddH^-u*MmJ=^H?u_vzyUAYzo8~ykh*DD8nOeaL6 zpcAfd#8LDDQbU)fcIVBZ%+Nh{C|k;`vdYn5xX%+x+sGc^@$rG7E$N2K`#T$Tc)rsE z-uLX66dbJb^s236#%GH8T6+&t`r@TI$9+n2^M;@R1|t?0nzN&*JjfY8Dx{`r(lfk@ z++(+u%vDzy{l&;e?TJ#Kqks+h{a+iRGiY^V9Lar9C@=%32E1e0+@f>5&xbQqsPh|; zjs(XoJYs@l6NwMo+D~0?WZCjU}DuO_gVk;;>PVa(yN~of0k-(FpHMf7&8Js}V;Ab_+U0gImbO46Cy^Zx6cUBJ!t zyQMj;1)91)lI49W%%#puvr^EvG^xu_?dhi!pw_{ zx>q){!tIBaq#%$~wo@A=E>k)*Fuqe##Db4qeK)8PcJ%B_B?R%pgZPQC+x^f=Wilc; z(}VIPO1TP~9VrGWB(>#Oc;A`uH4txo;4UOqaNQ}TB*JeZozirPP z2%28g_TP3eBH~ZC?bBURkkcjE6v39P!q9$;wwfJ~F7{jN8Bc7e;A?Sh#U#xPJHZx%qpEdy3sy9NHZz28P<`*TZ3k<}4M6Gy4%o zp^!++EH{~=Giha_?8ggPmAJkz_9fiOK}|3vowIv1?*A_0WN0*HWIDvJ-WmGWH;E;- zdb2nW&>Pf?{nA@a7;<6d93RvltS>Q=ODiRxV(;O?ij&JyWfqkTsA?H%|r#9jpLT6eVem9006~c8mb+oTp}YmaM$> zvv5P5VMhhDcYizFGwZ4RN;m&Gx3*OPJOt9)coSZC4&YzR!lWTnw1+wFz-&$RsJ~dQ z85>$H3E!LynmPa6<D3Nj55F=_SZb z15`?l#ux5JeKvRFti24z32rd;)8jB52hj-mDy+7^|C-;%5k0R;WSDxP->@CPvc2cP zAbS-6zkpPkwT1x-QNmOfOezQ}FNm@k#KEGA%4oywYyGL;9rf{bA2w1eO z`-FA}10|4J>U3EuMUpdlDu;$?R0x!`N^R=8X3CzLj1!Av9{_j9u{dQGmL>fTev`g^ zo7EYX$uI~+65M-_U{YJD)!tCmW%_NC5@(gvTpHP{>2*oBUN1t`iBBnu`2}y{1m9ds zM{boc{u*a~6=cU-V;*F;t*hyI5kUOt$c+3cWBteE#wneLso~mhy7cr;3-a7N$(%zn zXVQ~4d`ZJ_)UDNxPQ7+BKc(kYHvKTJ(+$g9eg_Q}r* z4B1Cb6(k_X%V9MKGGwNPSf3}EhulD!rY=v^eE-!HT)cu*dteHR-oQLeT(0H|$|*87 z*-dyLbG4~zV|&^ywr+`t0z+#I{yC`uY@oir$Zt^NpY{CIY!oF7&s$`s8P~5{CV44w ziwICdSi}q7ED}VWmtE>r)%Zql4L6szR*ZF2 zOn5mM+V7%R4<`&_B$#5LNassA``=o#fd*=vLhqBL`LeP`Hzq#FqENfcH>yA+>3fB_ zvJO6IAvFb2{?*uM3DRDMM5-5pLc`q#1|JVy3ufz^VFmyo=mAKo)GoOU3yrP2$9p;0 zA;o`GIeWWf4qT6U?Dh+HuYkpYl<<>t)n7t?|C$ZJ^yvI&tFNVKZ;K` znZ4GZ1dj^<`S&f+mpLHN2C8<-r<%*mEl@iyv6ai0a~ymtY*ITkd425pb2M2&-_!0| ztQ6Y6e^g#t2eJPMG0-;FBBh=mrjzBPfeenV*+E~ zi#@Z(a}@^HPhOyK%gPRg*6ICoEEha^SB4uBA|aw=I<c_Fs6Gff+P-XiAlYz>VQ46k zy_QcOv0^ZE2@%kSNd|m3-U)*>q%W`@GeX@i(XWCnuo*K=`NLLXE=eki#-7XIjGtXw^V`q+K&zU#fhzhxpOcSGr%Px&Q z?+!U{82<^DsOoec8L>VQBG6XWsjF$wSzTk$*$4fg8!EXX6CS-mjRwqf*nJpmRBj^G zijg|yO`F`%GHnobN&5i`%xQq`)8g(SEcsqgq|(Dm^F5n%i}sh07fO zQNO*iC|#o+#Qk5#MSr?V_H?r<%5mJUl~s<; zyQ`u~wwr1%lP*zHFF3yb8Gv&FSG9xsa_$=ViV<7d#+dt1#lsXs3K{DJ-RL#>ROd|| zd#C?g`TN}!l-oPLm%9q^MXrgyY!Fs;2^36OZ|Gk@hf&FOrkg)IrK&_9N~*g)`z*QV z?pNXOsB$a7WJTOVgW|RWTw9Oh2OfMC{4^)(R2a5xPF|KPOgDk$^$%BE&KIt@9)LCQ z&}ZXFvMCv5y*bOFm1{vYcVf`fW--#3wGsoKMSvR(ds6P51({EN9bD(Zc2t4NjbVX! zg$^LS_vLl^6Y)W8Q2cCrO$JSs0kDxpkBD!m*$jB}B&K4KP)~P;S>xrU9J)8E!SVO3 zM@rPVS1^ZE9{w{$$Af^NyuiPF)aWFu^z}ifrv>V`FVu0+1q4!AP!)gN1Mn9H2sVA4 zpfdMueevpkJ_y3%SWfk2jLl|M@?q+vHRY?scLw@=gO1 zp|B`uQL!O1+_27?6!Cr{WLwz0dI+0SR1`+6|L(sgz5Y ze!5eN(`4OVVdO#9Wf8)OG&Egx4EvL(*+Kh{Zt3AlT(w7lK^fcxW(f-Jk0hT{Fnpm+ zy;+d{#svlyTF)9lH;={a(g9zmz8Rf05XNqBciWbYLxYhD~x$CA=!3dL$vC!XNBF@K`E=s0#9 zzZzO@kPj}@s9Wg~hv|8}4xeTMVABihD~9DixK<}@G3!^LVd#rnU;PDOdFV2;k8&$8 z)N@I1F}*b|so^i|*;}67kCm;l(3okv-@gT)W+^i|Ry3oux)U*S88!S9zZoXyAj3V@ zZS^A+_DIgEDy)6{Gu+DQkCRpWkCIVBO8CwFpsfTDqh`S7;p7w%q_mPLQO>+i3`O>L zgUKwdkJ*vT+8PFH8E3RJ*EWSQCMZBDiq^dB=!+NP+?@BXUPO3DNyrR5c#^dUdAL!w zf6l6)+Je3MY%1T~D#J@dCViZ85|$gB7Kq!3JjKsgY>O>}(bQCz zAD(&ZR0D5oa67m?T4i4NodmVy&h?lXbM)2c|-JQymhN1ZFJ^$T7L!lV(l% zr&WeNGVHlzW#?l)0anK^Q}!^!%7#PIJKfRoZW~eJDn#sZH?uEi??bR2c_Iky- zy0;%itooJ~5H58KE|upEN1ly#S`2R)c!0kdO;wE*@ZtJ8A~nNNQ9BTF>GM?(HwrO-F{2x}~$o)KT|o85I5U=+Z(U?D)oQ>7Vrs ztAlwbmTB%oDLy+nlTXiVY%?2i1G%JDL$m5_`u)8-au&1d(PFDIm#x~Zo6Q)D)u=|} zn^_%14dCFa#Klw&4JD<$>w5cIxPFl0ZSC2}}4MeM=#dUsI%30q*#O?G0 zUgx{erO%rxmTb4jcu#Gt-kbf2My(uLfxXw&I-CxSiJlEZ=P_+pg1qxvS}^8#dpGpM zsw)O-EY+sto0FKlhbuoPDA&Ug$6oB2)JP=ORzry=IBO}f=U3vEzvJ-2l8kMXuQbNv zQ`VSAcUOMjh*}agU^tvQ8vMufk>k0vX<1ro&v+>-WLva!kRbzp4t4#-S@8bkMhu{*yQ)3LH(tUP^>Qwu$n#Kxlv~C9gBMUg!_TEoRd4 zy51?;2fuB?eCY=Zfdn~PulIw2XiC#D7YDR>&G_UmzO)rg!}JSg`_j3~ zT6%al%;nMG`b2)ruTg{#D`mY(j{(MQl*acIJo^;Uile!7br(V8(rqqy?6lN zk;|k#>kr@~2l#cp7Sw62dXK*LXq-^I#wPG;2k++Sv=P~1d-zYA0R^U5z51s?3qM&U zYy?6QSHU~(z4f9kL52(|G_N)^4A?tNJydnSO9iD=j(*re8ZNg5wZf6z}e%5j3a7zi(XM>_90gemEp2r)PC$A zJ+|I&s?tlMDw_rn`hpb3ZP1crc2{K+6{=F*tYOeeW+<2R1q}x?S@(Kw!ENn$Ct4{% zpnqqEnc%@Uj8=LC(Wo!seUM}OVZYN9fsT&ALxGFtgJw)Kd%F!b=h@U*-U-8S!e&zP zW^JxO)}X}!AwZk4a3Y4>?k=&P<-sAv058%f_=zGP{bUa3)bQx2QKR|-Mwo3rZP1h! zu;v(R1|^>az0LG2X+8&aWdr{Z**ekp5!!sf0Yx_7PL{z68aTGovb=V zQbKtNtDfixeUyCn?eJXR$ZQeHu2d3}Y@;}{+WGSIe*9kxasdmH7xl$j<%*3>e};H_ zIxYl)6LK>RawsS^cl5nonsBSk`zaP?b0?{qxe$Tq*u2@t+(s|+_FN5vysdb%yYD3$w7UEtl_;mJ1NBqhG>uf z$9;?aBg(sE=xKC|Zp>MKK_!b<$OvhQsT=Q~{XP;$MAa`y&8$9pE!iU=7&H$1c)=d$ z)uL;v%uwyvV}Ci$S%M(hNH_IIHui@WkzxvJ_aLK#lL~OjHuTJiA%Dz%s6(H%Q{SlK z?FGNLjAn22+0e65}pKK~Ujc9{ojt zSgL_10C)-|AfON=2SNjpn|B=#uT=gSncDeB^x;LVysY+_=3JttgyC|C0>y0XoN`-} zduMlFYH3opRnO`1X`N-Q2=o7bY$(%J_4EF!>L?e?CFY8qVWfe0ScQ0dN%6BqyWk{J zN22)0vE`X~+#EhA{bgTk>1kyK=n+5j1ijkZL;Gaa^Si6`9YuTsso^7Qq%<)uv~oyo z^gTm(Af!+uax}dE*O`XNA?QybNu>Q0Lb2mwiqKqgvM}e=#r`3ODq^~^iU2txS}%!e z@u6y|o5N)s$Dh|;v!ZQ#TX68kFqf{Bwo1;X=1xvnVn5Z);5@>+xZmD>3s_Rao2!DX z{V(>fBrH$c@7pr>Q1Ex^yj&EHVa=u_z~G_lFJ#yNS8b0~FQ#FF>s!F;N}sp*Qvx47 zDO0o7!YZW0m0|JO9csHN$Adal1mG8NFM`s8lZZ*p#H_@Xw3=drLvK7k9q~tw z2c41LxXqkfW<40_(N-!YlNGn!Sj#!$5jm`$4dCG>e-IoQZ<)(vM$q$|u^Aaux&8%= zC^aBK$dUtddhPsTCGus?#11n6;%pc>C&hV7HhG9Ac4Eg>PO-QIAsj- zTPpQ#N~KQIZwqJ(hPkJ+CW9h8H;V796S_&KNYapsd_q<{wk_VCu`FAf^PNREDOvAc zmFZ(7fSDAk9W5pM# zv$DIqk&oCAw+7+bdhZ7W98ne6m7Amx5-Gq{`oluR1s^FIIncbPmmG9PjaKV-GUxKs z(C|A+u9EIz@nL0A$u;}fx`V*WVP<+@eogqn9l)Job`j$8Kp8sL;aYhW&BC ze$`?W^gtKU87>#fjvOwd!oY4((fCb?nh{jQ;E!vt`{l z@|MH?v+0c6F|tN8l|&2ZS<=#Kd3Am=hdCTQzA9^x>Hs9(Jx(Ws>*_vyasxvD$^#YV>654XvWD2I zSDF3``v$uy)0IlXv!*Ab7cKB+lhvBaW<72%Olp0!BUDd%E1Y2kljf`RBl}?z*}`L` zO#{#R-0Dh}_&GMR4ADhGwam?&`IV38eUZofEOd8Ao)EWB)_%OlK6`BG@y9$Mf=b-C z8)BU|GbDnVg@mYMmL$2W*AfeS=^cp=gg7hS3rv=Ztediex^5LMeW=OucZ*FyR_eS5 zw6Q|1TSf``YcGMrafo}-u;nCqei4y$N4!3#3=M-C!mDOLA`%~I)#D>jHT}6(L=*qbsCsnYVd9hYUA8ek^+9!{%* zTdXb38Tcyk(tdk^&8Hh{UJYGqp@uDlQt`vPFRs4IC>}^PIm`^Sxk@Q#TDYS8bxK_;Ey-vr%1w zxBqAEz?Cf3nfaH&(R-HBm#9l(krTP8_45O5o@MA~6|nfJdexQ9m;GmP z*`l0lACKds`9*pkbWOKZordmPtR(%xlR(Xm92?jw*u-tTlr?MC=Z^jm)mQ536=}y= z`9id%A@YKIZb&+5)^>RR+ttGd-ZhQrEEtMszYZ;-G*u+Pn%p{@LT<)a5=JEAminK5 zdry!#q%<7I;$eyu6B@|}~CT7*;5C%5# zEP|+}8ln_)1#sP)@DN*uF2c4V3e@~9r;dc$YcE>e&Di_PvS`)zX~nH>>^hF+&M%mW zxoX&#@X@04T>~?>w_;Xb?)wXK>(^Q((!$a5c3eI=^Yel-yR1lb0& z5m`Vtyh)dS_sIee%iO5&1rx1zj<~&y;IRvn#VYcwocVl0uT)C*aF(-0b~xu$P*r5? zI5i+GEXA&j7VX;JtyOv&KIDDmKgHLWH#G0#@I!KJ0&{yWK%e*-0YHRPZ;4dgwVMgo%6nnNmg@K_nL~?=01@MrvxDL*I=0WZZO_73q6>*qD;?1+Z^`QcNp()e z15o=zr3N#RxcSwt!#oIRe#;kzXxVFijG|%6j*c^|fTUxBzLP=X9tQLM>2`$mPa3}t z%+xOI->eyM>CY~q+|iu>uQyGUQxx>Z1-%rBi=E-4=FOC)1@w$4Y}wZK!`b7YO0nj) zx)W3h%B|5NXUwnZ85>Ir!q@JNi;33i4Ve?0CcL#ig->E0-tF{-PFmVhF%2;o?87T> z04?@~*BtaYo>qV)t*Q5gs@6q(F0t$>NrcTf%rrco9-6Z>L{JQw{O3L#X{UEF)R@0G z>?$A?n(KGso75p*yFemqMi7KUCe0Fw6H1PNXXI&-kfr|1-@ncm`DS8=A9SbPI4wr$ zbODwRve?kWdK#5YtSe3*c4ZM&W(TBX zFlzXLCB};lKQ3#=p8wpJCr?_qA93E&lm` zD<+%P(SoDA$}Dg5&;hj->iUZ)H}|(+_ZJ-ItxoZXMbn$tacXWVJqLVDYZI8@C7CT> znRus{I83i|VY_Q&_!;W&pFM@ldXEZMN5_f_0uB7ACSIzw)%oi=g zaFQo%ZdNWuJMjBE(nk|=-9qkU1?F+r%QxHZpv&l}sJwDIj;SB~HGU0yb$k&XEz14X z%pPAii&0mCm?~Q6= zpSScgAEh3(YV*LHSnhd$(Xo^nBJR^n0)5q+qXZ0uUQ++$bOLG)BLxYuYm>fYEMM{e z){BXNU6o{~u<&0sgO80>^uNi(Dudi0-sK=iQY2NK?{*GVab_&v@97N5V`hNQ!$6>1 zvMVw0V(v|8rvS(ion#ZJ2lXZJ#{fh`h{h`Q#1#C0o6r?kPRUQ`jMY`2%DuIBZ&&GF z?2a>gAAP&B<(=Rm$wlo6C1~i!dd;#kL=m7+)DHM9%W=>zfr|pT{L^oavr%tTo3x&5 zay+y@?)~#Iy|F{~d2HUtX49(_8>Lr6NLRLHKzcaY(9cJYKNc7A6P6To!S^TR7!{!i z%xm6=ZCWfrD<%c?=6|CZ51@2U1_)qzPWA~m3r`;rV=V*_lL6>PU44i^UZ3^v z7_|NM(*ot59QX6@ylrcch$|&idqU0rpNDejFMXzhs0s1s(Dhs1vmlN^lMo}~J02M^ z(;KCcs)rcQUvifsVKPRN7=NkpOEI>OqPYFFrz;l^Z@c;3wc7MlNzqbaOOREs{vo5gduc;Z*wZGN8UsM+|Ev`qpHW}(09B!o52QZ=3 zyTYoz<@n*y3S{Atmy&-h(KeS=VALC10zT4yJ#xUQ1ul1&Vj;DY3B`xX7q-WrDp_qb- z$G}a*p;gP@e?AYBu}FG~^GQ34B{3d3$J5-8gnqcdWMVK7^VZc=K<)!pYQDu4!FYZD zkONd7qB?MAF4Li6bD>2yy`bH(02Ca)@?HvA9W|8ThENgm{a-tnByof-VsLo@b+$^!Vf-;KBE` z1a~l6#P>k05oI;dnJ=^=X8|UTbWa9zVO_MM6&OhFWL00{1@~=foL>H4rw^Ls+ zr6MZZY;PgLX9=~y{>K*|kW3K2ftv?ms(Sm@6ykYQ@2WvZv+GE}iE?fvP5KG4E1z0@ zZ~dY8hBrLbhyI#3fHoNQ$E$C|nDdM`_6(Kxoslp7sNIPl>plHOmdwrIYLIg2U-ME0 zc=l7j<+_0=Y4S!MaIwL$g6D*GmW^p%NKJByQpUAiB55SapDqSJ%|6bo~mNpI;(Tr zZ{j+z0OTtnk{ZQ|u*l%4Q7NbVx}#dMAm($MYW%f+LJ%96R- z7FPomuq6S%@XZ6&Mj#!?V~Z_)cJqh{hcp8OE#?w31VofA4-FjY|9!C~8jhR*@hX0Q zHZHyI?6bv~&v4nlAg3=^z4B9BuG+V8{n>i*GPC5~h(vUS#phvi{Y-|RyTdxFFskc} zAKX0-n?E+&7q~XmG)WERgJqYtEoS`XZoEo-8FU3yPhJ^dy-oIdse{Ahg!m8_d&}As z_R$hQPR29IAFd&iGGFw;ZUw-gi5`BLbD2`raEPz|uVX&SYa#!5>7`YT`vzChj45I6 z%hjJ@j6b!bE_XiK0XVIeZhFc%{1!#-ABQq+F4{hH4^Q@D88s7oTXrKpC{%1Cwi0)5 zowU5$HO82E)K~wXFBfWI=Ju&Vs64_wud(L1;K7*)W{=tnG0rp zoD6ZO%{}Oi*Ur5Mpn*A8a7L$ga$?}9qgX@zz{^NAg2OvWVjVIAh`NAhNa2G`9O+tS z!t7ZG#)V!RSJiO6K-0}D!zqz%Z_=As>fU%k&v)Q4oG(fcqCrNqYV}Koj~S|Magby5 zRSK7Bo)+)@0jrk-f)U+&R4}^Q7r#onw{siJ_^QZ@n=zUd*p0_AF)u1#r{|!*Fm$s; z7qxZc=Dawg`@&H6bEuol8fdzAa0Q z6k;zyEUU1kTctm;NGVv#ZO}d+{45~x?2H~h_+7^ywYQ(d8Zkwmz|KO{nTMszTP_q! z2@O7O>%;p|6#jLGK&{CW7`Tw%Y8SLgR7ktPPrz<`pY5PI5O>2}na7*T+UgrV4Ol72 z)Yk-@IP{ZOJP)pTu-RYKH#eLOF9zifNYy9(9fowuRPzaN zxWrxN7sswfI6gEipv~f3&O+A3Nfo}humfcs^)&ZyNnl~#|GhAS7m9Hr6MNb-TC|*1 z|NE9b4Tv<~;Ul`9E1y!U-5qC$MNPO>hW2R+v)|3^?hDr^O1cjZ-=!A@r{+-KST)^p z!C{97A}3GYM6wl?Ons)3Yy@9^oBP7hBotJzj`?Jj7qY6#9%}vBfOV{s3Id@a?kkr~ zdu;}B$$r0vCDw#d<=n)r{hGZ1fTJ@CfMmw?_Fp_dx`o(%_40$CD@Auv&f3l`OhNW) z6>7WUi8$<|WK|`V7<(Mqm>im@vo;@^w0CFHi1q#{OiC`Wps-JZfeEPx7>H}14w&9# z7GX{o>#ZZ=^S!bD;VbyBHGBTxJeQg3%$uI`Tp3I;JW{YkR7zpK)pu7Mo7Ji-dL%E`yZU}7 z>ri~ifmt4De2cD_W77B;Z%Yyxp0o4`2@ZW87I7m|jTnFR z{2xe!e+i!IcM9<2nKyLZ%XZaKH@jAGXDwN)>+i~Emzw2z0QeUurP!ACIQ)4HIPyCO z_t-$ydA0bq7?@Y%v2|AQFmw18zJC>xTQ$A(pfRF|mDr>WBn*f%L+eYOBw&4oOMam` zZfkn+JodlVenfeQd_Zb^y|sAQ40D{@uu&LYxg$+jVX@WAJe=?2l=H;!Hz1uuAP)4$ zdj+pu`m*v}Y*gXBeF6}2RpWVnk9w~l*53u*t$^eK0RI1&+c2t^M=N-6$y{jt>JO-O zRqn45_?H`JzI#$F?R4w5J|Eh?qu5PSWLVAOHH6yXig@<+zJz91h-?o{UAbd?~&>o|&iyN-gS_$l}zbSJbc%V)1pqJ0( zG`fUa8^eCMeNdVP*!K|hCxF-&&Yi!J!*gY9$0fJDzPkYb)UHq2!(9vFA3<#|Veuav zEe!-kDS#RURRcP@APWfMJTw1J7a?A-hv5N*3Nx&iZ(Hu)=4ibBJ2_@njg%a`iemc+p7v^}dVW$-0Man&VM=WcsM5IT3B4}W53dF<*L)Z{QCQe|U^I-AkF zM9q`qJs(5G}!wqF>)gt#qYbOY_$*i6%#d2ncY2jEE{L zcUnDGZLU9V86|fT~Xz0Q#$6@w!zOB_7msltCF^)AuD3P!VZGpLC zZO6^#S{a`i&xbws`9-u{NBHMI!WVv_$&o-1y?8^@y9r%WQ7VkMlQ89nEJk@P6Q1tl zKD&&$t{~DKqr;h|)RIDY<;M{q7qIc751zzwQJXnOb7u^CW8Py4+z@8A-&;>P-g&va zhe*7e9Z9!+AcZ97T)g8j^yin~zl`;u{e|y&bKHn>WZP{Z4RZ!_`h5oT^_<6k z%*v2jn&sA!XW0Q&?hab$>($~DF`n55u;PO|Ybg!FrM}Me5~Yq-U9sn3+WT{Uw~rmk zr@od?qvb56jtmT^(uc1ddD5y2{l<8HQfFS7Wq-dmIn&&%71dKsf^T#`YpT&m@93Me zscM54R&@luGWGD!d=1MXBcXom+oH{h9-f0LGeN{vZ<^K5&s zZlUqlJQR}y_pjWuN1Z=OXioCQ2>v(h2a<(z`Sm+!&>h8V^q8}gP{CtAC#i4O-m^ae zEa$DewW+BKa-A7Sk1pSPDJ;cgXIpnZNDD=M*LIE@xT5fUPg85SnJ&9!59X2IKB4BT zb~g5BtLt#lrwXyui zE)sre;-RfWEFBB0o+$sL^bpDBrUX^HxVYRl!(`G>T1d-Pp~0h&lZ_8S)0X{0m*317 z@5fBeqV%>{+UA)B*wxb)pe?h*MN)d=mlXCYIU$uIQ+-Ep5l=DnFt_z_Ios5n(w zGzxE%?GM0Ckjqs_q+$MnmtDt7O}lgQbW)qrf(!X%Wx#^^qR2wRh~%Iv(;;q>rFnm| zs?Fux!FAMIKvpJ)13v(Pl;QgU?%JhqK^X>~2n891T|7mZTUxyU7qi|#Kx@Y)#gd(U z!e)rnpu6g&g`y8a?WBYp?YAsEAm|wj;u6J;3;;D}?Rj63D8CM4<06&VOTfV7_{+fb z8?a1n-5a}vO&i6=!s2o&fR6@Aj=x+6TA&Og2iYEwsef|-N7CI0)EXaLsOR$i_FwyP z?LP=faSrJk=ET$^4vyMC?55|y|8=&;6Bf9y1h>0jPmq&Tcwzl*4y?}q-0~*gP~L2tm){6KkT^n zzAxJkRJc?InT$19MC8(NsO#fJ2;|)T3#SdO>H$K_Y%Wic1gPxsPO)L=$j0ap3jJ|l?5-{PmmsF1zu-T zae!cN-`pLx%T^4FBuEz8EcggP54Y~Qy%uAS6+j3A=xtEh)FlHoMU2{rl!hQ_mso!& zH`EL_Jk#tO;gtE&9XkxjgswoPlpI<)A&5iZz-%JcLm&mwK$}u)N8bD_C$d}Y+b*sE zBFGJj3IiCYk=<54TbSFcoTQmub8)FWE=9Xe4qbz@nQ64tD8|(zc4%ah1|7jUtb6H*+-*(xOZZt5ZImhbA7X!i)8=1@;=>Ke9R3iU z=iKO6Y}HopJsyc33|nk*l;{ywUucV)d$l#frCfREkzwB})0xu%mUYvWul(5iN+#KQ zV}&{kD(!IwNZE-rDIqyB^4`-O#T|D(p6UVW2Y=|4AHKPe<=+o5m?azAd&_inNgcx^ z5FMC-1c2JOI7P46NpTsNG9W0_O}tTHQjB%c)$gU)G2GD}KE{n6zR~k`|J-w^qa= zABb_Nbr(v<;?=G!uZgaV`Q?g#yJpD>e>!PbZu1O-ni_`P%AO}_2i~t4@@PPi1DNFC z-pHDhn_fTzgy8%&6CTE{{n?GJAbsg168A}AFbuNqp zo?V_kFQPj#srk!&?U=}29UeulI1`n{89YSd1$_Vd2bSx8`TfN!CzB@dHM0BxgcmcG zEYYtDr@slaKGy=U8Q*wYJ9?PHop~sawdgkYlxTyw(12p{-o3AG!YwDO&$%4%+By-A zX4UKoh2bYr7dg@{UQXkpKQ(p3XO_uQQ6mjN6pe5IO8>(;u8~C@~YU zW3XFJZCQu@uda;QPvXtEI{Kd2r?APp>Y^M51390dl`PES7x}ykMlIB6!c{RG@av^v zEMm65Dl-T{Th1pU`=-ulUH=ui-iT!?D#h(PugabQULO6x&3I(aR!;abAXtaM^h;U<&5)jAPdGkqya;;P!r#i7-ZGeNFq zhM2oc!FxFL(L#Yy_{G3F#}n{{;_nDXX%r~Adl{f+6D)-d3S0ASi%H?j^KSYVpmoV&D2h%!t6_?-3ugM zo5|*7PFdjR32{^f;Q*(#A~y};G6i<26|H*m>a)3%s(0(-iisD=3&%9feEO6V=THMd zh}$LUWn0MxT?#MbHY6>Yh)xCOzilLhXVh*UU-8q3uGt1!&{*;WqR&X>U8@=|T zHtC;O+D!wGYLpNr49NFePh&sv2We@wy%B4vV5i46d6#`2fRl`&^?R|mf!>fVUlK@d^jW+QkDm=q5Oc#+m<>l=sh`+g|b>Cv#-=PEwoH@ zU8yz(9rkpbZ!beTFy64}Bl~;nDDiG)!Mz1cUa(UfP5l?QykBpYU@OwOJe?3OZNM1` z#bmVJnN;Ahv7!QCwTtIkodbmR*Ko$lAg>KzYVZB?Dff~1x$FY?l$}7k1-^E&p|!o^ zkRm6EaTY-hDy|Hm0YvS9MB*YY>9!;0F%DG0D}yody_#iE{=bOjrvG_noFdOZ`9MkT zje3EM^!;mOVC6GMiiFsl#>R}r^^_S*i~B!FLSSR*@avaBlFRDVPAes$@1jPZq}&8w zhmXB7ZC6lfnqxDR|C9O`e%ITvxKoPn)i`lf#^+T7fY)Yz`8*lm1LH4gs2_h>2m68bI0pZpT5{7Uy@VASPq59a$%o&2Cg+vYvEJc z5nXymrw^bI(Bg2j_fplSn((5$x?{dKHFa72mfz{C-S~xN=`)I!WrYWUsPgtph+yyAE(LyV7r0OYq_=0DM&|yQVssT5olip5FZ=HXw zVTlf(2dpBU4ovZzXq8w%#4=1g!gQ2k0!bTb(F!bpvyCWnhbP3Awe5RMb2xxQwYP)5 zTcXcOrjEZs5VZN9EIr!7*>>H;+4gFxpIy{aW6ONI<)Q{Bo2v`c3KLiR(HTu36`sX!*kT2HeY0KhKIu3R&It@ zr|FQ?wBJp9s+R`14}Gk$mY&6F;huVC+qA0Qnb0Y@kDL*pV`xzWReU|ts@qJKSe?Es zv?Z{5kZjX#XO*jFk9}i*43Nn|3U>V7pcxw{)GR z+S{cd(AJ7J%Z6c~#TCN8Z8EC@N`n!_Qh`#BeYC9brmWI4aQnM;ZQbfp2j#c&oE*6K z%ARC~d8Y(wLt*FY)bm>1)C_tyUXWuVgq*w?B>P+q5!8=|G-ES+-%vXX-PTb02FCS= zc|Qu2_Fc+hBJ$``uAiDPlgjHsvVF+xym`8fz~lD|5DF zO%HPPO2=#lEQ@7HJ3T0Wf?eUdRN;Ayt z%Qim4X-2sX^veH0FOXZu;88OJ(ovGCA!I$Lg#%0;0ZyZGo_|0%_~`LP2(DI7igt{R z5wS0pRscctb=Vp#e_9$j!QiXXjiH6KiaS@6rR+ZTElK=Fln*jslBIb97Ew zikphB9A?4$ySB)&#a>1cuBGJ%=~=RJYWwb$;=8PAMJKI&+*d9B14+@98-kmvmtbo< z35C0*;_1bhc+U7BQ=bQc!PD5AYIWD}>22a>k$WH<7#<{cOz+*BpkmBowbAS;c3Ez^ ziAM=Y!U8#b$v@bk$k5A|R*N&zwJ|f>9SPL5_sdXFVB)peUZKg4AiugbFiH=B%YT8I zck9fajKyEe#caMK{f!f3QPsOhjDqgHPm|wjdLCbVZ@Ci-Fvf_&$pFk?&Z|5!)!2Z~ zJPfyg#ILYzuDM={h6CPhoZwp9!rqi&^}?9aFLJ0Zh3EH~#-@e18bdLn8d7*ZV5)RV zq1qOJyZEFbhd!-M*qe=6n;9dn7i3_Ol+C?xKC^((!+O6;-$e6<{~OJlU>*_UfGf(e zQQP+C>ovg{E9R32-x#^(stYN)p8%8sxdEo{A=?kMinK6$s?${;17-*(IbW$YV!dss ziFWRNx2jFKI%{?AP0{yyj=c*~!o8vv3)AelgmDsVb{EZ2_|uCaMT}INUjr`eb=iQ%)bY)^+1<@jcfVWPHRfvy{b~=4bcMv$@UUXKr6Bty0X`CZ zpKQp;t6jxO5)sQpYt47^HEM|(c<$EY?sVU`atYJ=CGz`twkXT1XrO3 zTKz(G-Qp}96GreYCg8Lm%%h$!!$f=e(_$yt1}=^hYxw$rpbOI)ZtL(IRVeAYk1=Px zD1sB@C#pSmrw+QO@8<5f$9>AF^i-`d;V+iS06^3LRfDb0kJNj*?%T0TqtWZD>`hTM zCc&bdYOi)r_IXZWdli8L#lt48iB^xfNc$mLhAW_pxM)G{3Sk)z{r-WtF))W#C_4v9 zI3tv2V#bdX{Qj|(4g+xCRQuvu=tM0r*E@{_sAVQY<&M|A*6z6l%jpH$^t)Z6Us-}fky5y1)FdonlU*sj-gr?S=sFqLRFQ|d zapZx&`S1hx0{QN}m{38=d=&uwUMr#$68;JL-M+`XIO5AYtaiIc3+>$G{mBK(crlZ4 z7GkX(p#fr)%x0s_P7h>^k30|DUfr-QZ5&>P2;YmjhvZqPl(fyvz~-xOo;oyf4f`qk zfX9sqQya!F-0uKm1OD)epPbF0S&q-p0V=yl!sWF^brG*<3jx~~$chF zI@!q74BCsJc*()Wu`fSBbdISTJ83CY2V z=Kc?o<8J44?(lY#eV!X3^bxpmsa?^`E^t~d6yi{Sjts(HVE=gc8@>WFiJvyTl|i-U z>Qoo%1BpP(MsTtgC86adtWZNg`)Z zZOLkP%V<_rwc~Cn)Qv|((c<@;h&tX3nvbUB!um>3xv6k9Fld~dM=q;#hUt9G20RaC z{hJKEtbG#S8-?sV*L}`gj5MZ)K6+6Z=L7#`m2PwpR$JoS6%YTLZWgF+Y>pN|F> z>`h}o#98$3C#EcB5--123zk@+x@=-iUQosr#UTSpIsG?|QDNAM!l)%>B*PyRj1MFrbV0X=ULbBL>t%+zamjJoKyH@&MDv#4k((M4T)tY8BQuSO-d~>? zT#;URdf#S)g67>kyZav{mnMQ7J^sjYr^;`^d06VW9@-nPdS&xPhbR%=0V40@CWpo^ z&=+z?U1VU{z4wHa+AaO=Vih(|Ao?s!@I2bX?t@;DR8V9|?7a^fyByvumOSbiII`JK z$w`<1Xi&-0lVaxKU-Y73Ol!Q|oDhTBxtfYDS4`?}$y5N256KI@b_$TTHPc5J<-fq8tL$9(-U*R}pLfLkIxZ!K z)Sc(ia^)R*MX0q;y;0+aWu*|)$#^zbTeRWka!|H8fliVKTUN?%AA?R(=d43>@La_Y zZ^Me~?5Ud^338%5(12UHL5}Umca0QibH)Wk3T#}N_>zm-zcrCvReyp8-{ltk_#$3Y z({3BY-1Nv^fz-+X3q(QMMoHNdo3P3NSiWvgMYc6=s=GzeEX3O_34f~W-PhK12m9f% zMwPg^(#)~-`^ya!|$E@?Daz^f4 zLC1<$l1(}Dxjl?S*n3{9_}3)<$GN`A8^9|5w^^LSS_8Rkc*IThvc2Q7&vTO<$td{$ z+sgcpME|pZt{m&_LEqV!!c*5c$3kDjcDStgnuJn8TOvTMC|vTtzPah@tqNS*Oa2I8 z`^C5d8M{)V-(GtCHy~98abg&^u1Qb;&u(Wgd$8vb$n&ubC64M+W`O;s(`i*)t8yoG zvz2pf2b$L|KRLpYBVOax&ENm9`3QUFAnpF^qP&!o;p*`8l(tROa++f3C^}Tx_L|kS zR!01?)u2xu6@LJ6FsFe#P?P;ys<_wRfguOrtQq){P4g9`JI~&L+w+W@bfVc8>&reB zg_oa?!P3Nh{kN_+4l8&<@q#wwO{Hs9NukQ=+yF zO^#IQJJ{AK?zF%NY9FR-eg{F_L3jS{G?EYZJql?Xra0sTEwm=I)BN(WI$Jzo4}i$= zXgkp8VyEnYM@b@`{$p;S5Ua3gUiLuUfcjz_k*iF(s4Nm7)`5RozQSDFO98uWg-%!N z=gap``E_@&X8>eg!uYN&2Ic!FW3$OJXmV9VoQWwLj&Nj*1=&u2`6Wacd{5@t?fHzm zI8<6U#s#_Gw{$o{cOkNkD6(~<@0ChEaIO+v04xFcAhEny&mieU_NmqXa2~Cab~G>T zWpC8cRg0%cky>$ZQl7($Gg>!2A`tW;hn?q3Oe?#s*#K=LALinqdaI{PuP7*3?YtMy z)Rv|O`NK;^=KaaMGS129MHdcGlNbC7-!ge}WlH3DIVTmEBdiQ=PkxVBAFNRm4WGOk zv(2HaE@-Tnik}w|-E4qC?OMb&0a<6Mb5|lSUs8J?|eQz6O zI+A}5`JM^P(C2dyst7Euaw_mO^Z+2ycb0qqs+8`}j=sFv^`#+mZVIbVm$&V42uRLA>KcL`HAK z$o6|{f&Boh`KVtCBu%Zmgt{}E+%|2ykTOv2dj9PT5p&|k)uxk4y=E0oFo9h2Hp4ul z77zIETSIpPm3@J}+$rHmH8C>islVisY^(+C9~5VoIT(XlPE9lu!+w?0t=roQLW;8b zCpfOvS%7z_JC0@y&w^4EYQP!U*dFITmvSoO(ZEsP_d$g+yjDKs&J{Bvmrwg!uU!BW zZY}5(s$2dy&KjUwMYwV2xVotgT0i0%S?*_s@E03~K*z zWo>e{RE!|wgdThPlpL?sgB1EOE*3z;>h9Ri6|_<5!(5u4R(~Mpzmj|!Du*TYY_6Ra zXU?ykRsD&e7-gsb(?WV?eFSUenWoQzA+AQhNl8!6u4W__oeC#oKj^WAKDv2>z0eB= zni1Op`_8@7q9Psk`T(x$B_?;1V2KoGt_Qd)<)0%vwLb^=P+Ev9FJ8;MK1qyi+Qk)d zNio(o#}767wdIAd=U&70crl!61a0%=`*Nb-z`j~QfzPr$ z4|dyQ&ezO<@BUK`A&{jjFbZ;7QxDuhS2krJ3zwia4_F-0lkieR-MdDPjoZ>2?gJwK zLV`UJADfSblM3u=0?J31L4rG!3pOCz*s9HI)hPkA3V!>7JpO022#*=5doU#O*ygk* z!D+Vy#fD#lV#EG+*!YH;A%9=G@6lfQX5q!$7_@gH;u-f@l^f#yTto%{f|J7dMB1HG6`F8o&D+;l2S!miK(I!793WUU2MBiBG88|& zM2aMcn0Ko-w6fLa1NUQE0|mIiQwn9Q;>HbSfO{~$TBz*B>Q%tG+4ct-eXT|V*vA!%dY8;kcI;&foV?Ap7D$8wXjoYcI zyJ)wX1ii{aAQ%1hR?CG#Qo#z)7kc9Q>KAQ{d=%_o@&RsL2W4gyR z?}wO4ebhtNPwk$lv%!hkwUd8MwlN%YCIB*Qp`3f%I;{$&Oz;Zz>WbBQ$d8@^T3@6p z*qey}^XwM^e_1xgBo~ATj9j^v9f$pOj5Ywdaxf^`2nK55goy*-&Yg&EK z)$i9tvY*L%q|~0`4P4t#P%AsGR)5CJirBKDG znEzrL`Sr?9%GJBrr$1$y+0TDKNjRO$2X=4`9cy0*-FFu5?Y2K@?|9OOn$I+Iu92zN zHxGnK&41Cyro+-AY5D9chb-X!6U9m@xoN(XO5q|ZFPeOr@;FjFM3DOrx%(2I>vZ9nQc4rlMSHCy?vRe6lC!wVPz>CyEbS zOBoaJI>aRyAZePLL03IJ_w(PVpk5vE%H6~08OS{Z-{?G5()O%nu5J6v@p+-)WCSE2SC(;Q#$g;#>e1q0$i*R zz4bk2bZ)k|d00=e+eC*ZU@V%N;@rvHRpNxl$_-7jk80%oIz`Qr=aB{cy$Z6=jT@3- z*mhDf{K1<838*@Sy{+3rNE01gj(RhV#MM>OM@rL%lg(Y-$*Gwj5WLuMh+xWE)f;8E zL=`~Q$ePPgw*CC$R4#zEkSPj@j6f~uqn1If=FO1g_vH^_MbzQ4{p0~lx`xBBm#@mq zc>HUJFJM&N-|PfNdtE>YJi;TjgVxT;(JJkXecZ|Sx}MNZ`twt!D z_w1^h{QPO-`vUTlnwY)*`p_=tM3L$6aVQ(O2Xq%lM&Kp|ti?)L+Cgr2hj}42>I;B| zpjMQq7;+`!3{A7eVQC#U<6N=vy@D3pGuFSZOp1EnAPZWP|GaxIP%P;)l3Es@xjosTI zA@@Y4Q;gJEf2~x8k*b0C!jUY<)sbt<&l7GJZ3ZB$uU6<=vdK#4kH`4#Umt0BwiZ6W zlCkz9BjP}^TS~1P33v+$-#G3F2VB=82vShTV02RdD23H0Oez8xUBAC_!`u(FB{STt z5j8|luj3ym#vnylQ&R6IENY`dvxmp$F>DUtk~;|k`E~GqjOpOUVI@z+wHvL_*1*9b zk(-SdlIa;dFD-;MUC<@a6m34RlQQ-xbn1 z>g>z5tMl@$x_Yoo34W<(za4k^aWLzvKDq%+9Sq3px4C8a((OcdW}2}<(%w7T=i`WT zx@Ivq9vK@no!a(La7j1H5B(ISf`t2}n{@Y<-*0*69mh?!JLlrEbN@lbk=}dki*;Qa zbBK)yFYLxAX3w;5WXXXCVJnXJnz*cIy}ZC(7SEHTT=o@>erFf>;;C_N$75y86~cy< z2Z=EJs;AsKw!%ED zxa4hIy{ZZKetC@>BI~>x#Z>rHiFGwVASdG$bI`oe5J%7URrV)#MmG&))m{Mmm+OYp zI7+!c>5u9u+Fzy#Drzd%B{ND#roU(YIo3i)WxGz6Z4CC!_FXk`sNhYnSx(EFZ}J4U z|BS`-%U-voW6h6xrknFG8a{{|f!Q|*Q&V2}euFmE=6b=4MotmBSJ8>~5pG@#(U_aP z$*S6t4JY6XQItrnpDVN8J6Ely^}2gjtcOF#2!mx_7yE!0-@}?LW%z ztx7u4N$eiXF3KKkE*5=tcO>hcoFBsY-xU&D~Vcn|v|>+BsRq~eN-P?$^U zwwYVa`A~-fvZsYMwlQh7sWVh;OTlMHi;s;?V9kTXQeiCs{j5Gq8bL-I& z3ceE;u+bW7Z`+Q44`=G}C09TdNvoagiGVLywYmi)&UL`mJ3lOP>CG5QT$P_>MIl_n zcAX_T-7^_e+|s#96GePe)%t>(p!}iQ^It&$pii)C5&MeA9fUfLH>iH z%Z~;tOeTX)U8Q|AQ%?x;@1zGQ7j6(ugtxud;t!!uMgm3rG>Z6DF5Fd6uIADGgEtIC7#bwXV#2pVZ zY416HBZp4^7Q_{Eyj9=22l@%E`RWz8VcyXq)0y|f8GSFGp$pSV4g)qM>gVcJQ-NeJ zjjO(*uL%C04)zfODa&(ELj>)5Y5V+8u<3_|lyI}P2y|yY!|UAPQZ?l~9Y%TThyykC zq@wb-xqS0C!XiFTMSRsT;AKhZ)d|!d^&k(Xg69;3)X4f>JK~n zo#0|$yik@kVbZuS{n?OW%EiC5_V-|2-xM2FIZ}%Z9mn%M+-Xxl^yAA)Kb96e{$n54 zqL~qeD7l;a`cFhUGv+4fLx%UKxtG9aUD{BjyxsL6NrO`C#ILTl4g3l@dkK_s8vZTp;YW+5 z`7z6=@$@v{yp|KEq!7sYCCYWcYyR4k0CZDg+Uso$Yv| zFEVLe>a4#b&Jt&fL2y71-rR82)iu*EEGWM8|_Go5AE zv)N1!4}j619hvn|T9dXGrXTvc`d+OmBLIt{N@(iir3p^8yQ!i0jDV!gv**$E5UrR-zvmrTa5?O1+nGsEHREr-3cw^HU5!-makjb-EUQ5yQ0Jk z0&K>gJ$AJ?t4ML@Aqr0HR*yfsuOs5+yUbR{Qs*uPmlhv8 zwz;9}!Hh@rmioDTN)fRvJJ>x+S}VD-DR0hIgZ_}_fXpglII5e(!#FKfgC_R_rcOt2roKW{wLq0HH zU86}pOX{4<$Y;>)EqG7Ok$%Q->iCZ~W_jDCZ%{MY{`S1Sw@DA92y06>r0cHW$k~Cx*G7~_&1zJ;rf_d4 zxub~e5>rI5={wTt*&eq2uxnoWey^wfp`iL)(0JdurMw@>8k>0}PEH_y$Xsy+2=8!d z?hzl84=;nerqU!I@1AsUvkc)25W8rD3dj=6%K5#FZ8`Zeq4XU?;!;dFYa(Ys`ge8* z$<9@^gb`H}tU}t)qV~=?mi%~i`GK_$io7=GPIWJ6E|KT0)?q!Xof}yx4gynxlw^T| zl9mgXU7D<(+Lsl#XS61-o03;z(UZtK5j_#7@=)XU>|I<+A3f_GMX(WKya|yR7SyBG zyQ@nri@^pzOE_o=!UDb!Mp6`vDEXG;$&hD0jE&)d4xV>HGN6MA#v^0O=((QB7awqU zBE0&ON|SHnAI&i;U$xOXqA&O#ht8@)m$LW zS1wvapnlgY?yeiHHpcU?eb_zMdOnMA!_&v3qgK~64V`;;a$?mc7%j#W!O)Q$<{$6A zE{UaBcODmf9-K618GM=j;F#tc?+l6Pwi8_y&iP$E8ob{Kgn=t2(6@C({CiG7dBMTkOUHjq?B~9e_YlKMV}~90RbGoFE?l`-*k@~bi-vmUfrkqo(?nW; zU7uR{f*8hbGRTrdaH_J>Q&S(vAL`h>eAqYtdBLv7jlXesM1W---v5@!UHCnsk?>a3 z^Pm#%H;r~tT3zR`<^-YXWryBH=+Z%t`5UEWx5g|^wVUOfH5242HpyADk^U0syv4I+ zi)4B43;HfULKg@}0J3M#mbX9YBOPwuU+7WZ*63IgR3I{KUbP-eyi*}IxFE-FOU!k2 z#~&2av0u3?5UR0zv0VqP5O$Qqj(qUop!_T^#R^8Fs{vf9@Z|H0m9W1o; zf#3f?zX}p$T>ITJxhs!;TqkECp1atxi>^7*UJ-UF3?Alf$$kqvr5!S!GA@x7f&ZPi z`$EooX{I`db}pdp3!cfi$nMpEKaX&JIcuG^eF; zKBX>w#lj)mIXAEWrs5NG(c!@CjgZi+H&cj?jrzIINc2+g?k(c;19x5=VPMz$2I7}p z-|kwTz21-8%Bc$zdmwP3{H(rD=^7j3jrdLm)X>l5d4JkRkbf-nASxqN)((Jv%fq;L z7hTR->(D_z73wbL>1?UnYAG|&b$B{I2(pJap@YkFYzVZaH0*ic>vfD(w(OO|tM>ix zhN(Y?rQ2`JSv+tW{kxgUvB|P!j~pJRi8O~Fd*je|JRSr=^gT(e_5vO)_U{jHdP3k2 z-MU=csr}T3(qg@+a*v09|Aw8yHl~L<2WcgbDJr&Sw+tGgidnHTsjFE zLov6-md^Q-$`m%{vM#Qh;e=sh`@TP%>iquvJ-+{Z{k6y2_I^L#uf1N+y zpM~rCTuUJIr~!Edd=cgVBoF`Mby}p)>x`wZ$>S+dn!#s-c7JcH5|(!QDs`o?Pgpmm zd`UA!0+GnT6YIr|ut)=&&|18pB$T^vf(b@t*4b`k39nQOg6TE`xG2#9FvK8sCYS_j zGRmb{)|vA%vv}u!3=gB`A3fP}8S{CFy8NV1SXr)cS@H9b$rYd=6rdpJHwBQF^HsvG zZT*)>0t;gN&n%Q&Rgn!O{SETYhl=3@1<9KdRe1i7nvBd;o=Ale{ipc2vCcGnm6C zPDnhs&q-H}5E-x;r7uwE`j#7QRcNKi%@r{=hS7w%bvf0LrRO?uCd{a zRXO@k72_RJ-ldnnFwkyn$l}YvnLsx1(c!qI+>b&*znsoc+G$M>=1n!DDZc3A2r`~` z-y#b~*#rdzBBknGZ%x+NE(c^2`pn>yx8i`8jhD${VvBit3Ubv_;PEc>7Z)on^z*l# z0R0g!d+yh~`>b3AHY%Xci$^F7w&Q2OLHgN-ZmogczA5i555ivxC&So6KK&$yxsaa5 zFcMIAY;aROXdU!Ghr7)jzWn#sJx^KJ`vt>U#nJZe2yjQHS-Cf}g<5Li=xh{f2OAX! zfcVP;>R(0^?pHM~sNN%(Ib`>Z?8fDy3iwraJ>aMR0|V!Ctwynn?A}@XfM?&9^`T7n z9`ZsKZhbX9ua-0of}aC0<09o<*q3|xYWqQ(g_$f!=Q{=}yV z`b$fP&(SJ9a84QBuTgfG>G}S$)Hd8O_Jn?|e}LoqY?j=W+#QKTg%zF|Qhjj~D6j{8 zfhw@=L0pyaC?5fG+_WT>&;7>d=zF~%UJAk2lYFpz+AT0j>w8OE`Rt2yVE!kM&+h@B z@>8;9JbRfKM=AQiTfYsvW3rg{uyb$WTx{P^67lZ){xBfQhi04EZ7ruKN))O|>y9y= zEEcW?O)&-uL@+}Y@Ynr|uQdz}L?GIWUM8ZkINhoj&D*-jvEG~0W2q)aH}((osb4?=-t)mLCM zs+l{lkPHyLuQcoUoBGKCyv5{Rjh?$q5S29^Q4rYV1 zJp$0I8hvol-wMg;s(8 zm`MljH16r&Yc$wg;_^v(eN&+;xGS?vn`w#f&Bjq9RP!87Jsaq&ppGT`GU~0jmmGL9 z;&1sHwT97GqSX?Hr>PIoE-G!0|D|Gl6$N1VZiqxD5CH&49Y*Yb%RD8>ftl#MCG4_g zIIU1rCdHv#&|~Ot5p1)SuP-<%zZj6uv{Qy7ps6*=1~2N? zimnp^QkZUT28Y*tDCo4V1DEJVUo>|wO~*^)A`?)SqOcHMzlx#?!}$~zw=BA(0_{lc zt2}myx&n%iDD$R|F@#Tig006ECHbKqYOo+ph9aFnm)gaUK7(e{s={V3$=_DlQ`B5{ z^euQ8e7e>uPB=N0z5Hqc1o}f-cdE*2Jv5~vHeC|o<8UMskC+?5N-`5LYjh{A{r%jv zr<@^QPoD3aq|0vo8+jh$Qk#OZCSkpW5tE!+%4a?*l$p&usN=_yU7lH}er`dm6Mpxb z?>v+ugG>Qa&rZ!R^D~z9)_u~x0QW;|2=Y$6yhTS10V~#3DGM;%fVN|KNWM2yS4Q)CJbL|Jvaq$~+j zx@Z)$Sz4Aqh#FbC5ewCbfvBhdEm`SJEaI|9m4`tBa(puacE;Y5oML*R++w3`ZL7Py z*SnuIhI^uh6}v(n_-R#)s??hVil>XejW1GO;5~`mUNl9W5}X;~a^jckr0Kzb zNk1Mo<+9+z{nhr6>%r27FK;gI*~D3P4$tf)E5Xt27~9I6{R1wVQy``iI-Xz##%Z*B z5YO!3i&Uz3Q|u8mRZv&NtKheJTIZ( z7pJ95Q)l&_0R@A8lNOz?)h3hC?2pKqo?8hTi9~%ws7G&4lHY0EZu_!RRp)nCDR+h_ zMrb{u^0G_$WaGybbjQT&_+C$u009$*)cklJo5!YSKgdT?MPVm5)uQjI(|KOi4;wQ7uY{*9?d70zR<^b z^(CRr&De*{G7j;YMf_K_>58%-jXroXj-bh=E5y_^zuQBO4}<)FqMIr#bR9VXtI*_X z;8PY}cHYdmkgFQhbD<$!v2N6sae+Cp?oVrYa>#)(Du%Vsgi@dSysagg7iJS#={Z)C z2ft=+xu@?K%johR)6OtEFu-0h^`BOGk0l15H|s{yh9xW@R%lYwLBk%`3D za>?ewA0X+H4R(bL5aOZ1wNuhG}gNlD@g{hxd07Magu4yyCuj9c|^$AS0b@88Nm;!2jNU zpFrGpM`4oVi$XaSK|`i0>6lp6w}pawIND?FPrg(l~^Ry+!m zj=acPSeOCldXjX@nC*Q9A4G9X>|_e(Vt@PW#r_a}o*^dQ8#sXw-kYE_w&Az~R5t-n zyu$>pT}X&}L05j(J$>2txn#N(T`9xWQ-e2x)v{;;$8k@o#esg08QM%*~i(ctU9*{@)+&MxXD|?cV~DxRx}e% z&av8nLh#5JqjjJg5=);MwHey!7Xr}i_=-s?J zN@tCyxTFI``n26|WRdHyigVp$yY;*b`wI4_bsC5b?469gT2E59^n_aW;6UC@tl@mr z`iy+GxD>6Cn2pSAX|O&>;qJybmj>s$x?RcQJU3y2gxl&y?&RCbtM?VSW_Fk#gga$t z-~r+JWyFpp!(KE*-!JYKy5)cH0$u9Q4mWf3yBda0)0&FHE0jUOilyd*N_B*it@eN(H5~;?k+DdsB+bSPP|T=zPT&2AeFS<-Irz?9>p?LZlYz)TI8P z_EpLs$&!ZJtMA?K#(s^Ro6pPnTcFrPqTBChoW};t;N{_!S_-|HiVq)$8R&-0kCo_l zw~yBl@XaA%6M;KSQtF%NWJ{cT>9^s?LIg+y z60fgdCq2YH(Q$OaESVcWwe{Gli!ty37>vS2Nl0{Lz1!K)y@5SPIa;S;bYTNIhMhm<~D(94XKiyn|Blj6m$A^_HxYN zxoO-YSbO^6F8B>Mfv~uxK_4OPXtFQD_c@+#^|7Q9-uqPPtuo2##1HQo`8y{@ZAoF> zIEA@vrZ~rQt~I$|uH1fNY_hB((6cAVaq1CW2==`3odv8-+r%zE+<@ zW<~j}7i#=r3`M7Y{byJ~&C$tjtF>Z2q^MMtDy7S=A-szj1ai1WMGBOLbwtN?xU1LP zB*$wZIMfB!5W1z25F+rgMDEyd3jrHl5?JuUe%hN$N;BR`&4O>EQgbMU)!J9r-UFT$M97D_-?ns)G}qlFo9_UhSK{!nCro6%FR zklhPj%#tkei)QOXR@BDS(zx6^xbJ4KaK4Im1N2sWB@6;OIhsG&$x zLQz^Ep(6wcA@l&DyjSpkp8J2+yUvGqowLqbhYzf)?Y(Euo;@>r<~Mn1WT4A-oc}l- z9Ua@9+c%Br=#FyJ(a~dBn1Cm{>Yc%KbYXONZeBO>$1RSk#tNFRU!0S9#H!^e!S0l! z%2XXTn^acC@LM3`*J4;$g4U0u(_hcX(EVoWO8Bj#`bDmhjxBky;a83tpP=yNIDh{D zu_+xhGgFOv4i*zrmpU=At5fC_S$$xv|Ns9rifnYIFzb%ur zxc;_lW{f^-#0b3Oyp41yQokMA7yTQ`%izV38Ms2;hW&}p}KBg z5jx%fe(v{PYvng$RD`P3IM4OBeRmW6cIdlV{|ClJMKQAHrN@CGrc1Dso@UNsS~3J%VHJ$vV*e#IAJddbI`DO%s-^W>N(?uj5eR=xz zhjYPp340Y11pSMTs8u3UWd0i($-}V(@v5MD5m*jcyD`o=xhJ>SexiLI;?|njrSWom z*VB2wFxA!I;G1Pz%5&$s@dkw4xB9N5|K*DOJ>v71@+G*Fpg}ESfZW)$!4^-tfnCH8 zal_3l%UTWcM`x^-w_6B~^yAl(Tk-`xNe#~&H!O10T;3?SqNK=|I$p3C$7*L+Ai*F7 ztR!s-8{NLyTP1uCsz3QoU+%iien?*or7B>rbscK@M=-tnUc>Cqb!hyoZTXm@9C6RZ zMfIxJZk1gw__nz=x`s{qqjP=g&gA^7dFshH%kL|0

    ~jDMfRG%`*u@%CQ{ny6U3 z>py6go%XTO{hHC@QEO$g+YXBVv8R872svkMtirCr{6ru5;|4;$T!ZY2`dk@nxfft% zQHgS2>#YyE7Gg)*b{y92TZh)ZjQXFH56d4hExtK!^HAR0cdP4O80FisX0y_?uQ<&hc4o$V}4Soy{O z2(X|28{fWTx!`+y?-0egh|D2Bg;l2=g|ETB7`jClmyp@Jps@mvHQ2+Dt7=d^!+Hx# zY<3AbAX#?_b1{t+jCkeTIILQ!wGyYfzqO9{YzWyQ7B?6;gdle2bEUCuZ+(lj>&`UW zN(&tB7X(g5@-EqVgD|>}^k7)Al^bn$tACJSn{3DQqBvz`%+O9%{AGscW^v*3$Hghz zNYhL^#q0Qy9kq;MX7VQSemk;W#4Xn8ffkO(H^|kM*X&8(%mm&*W+MU&X_-dP+ z8!Z8PWWQG_UGx-a8+FZ0B8~_kwkD$tJ;&=$gO1ZS{yviU?EbbDNodA|u3Ky}FmDUJfqoEZf{Yr|a6d^cBo1oHBF{yhFOkpZhmLHhE)kd-%35fEvD4@?xl!E@Ycx-v%Z8kCll#!9kL*~ zti`(6m5_4M*g5DanPNZsxw~S6%+ptyy%8unIlZ?#p6IMDY(q|RO?VVz1gi{H$EyVo zFhb)x%F;O&BMKsS>m{bQI~7{WG!mfx{RM=sYj)58#So~7kJN26>FPv*ZD1zv_0i&n z{hj$lJH+-nAtThU{UtW^V2>g_-NI=aPsuEP?f>EF^y7*-ak~@Rc2SuZQ*MS zpqadVGn=SB(+A(&g)|{|ezNk*d2~AWi=uL2+Cmp8`km#Gaogaf;v^lKlJ*K=jP^Pr zC2!RE=8E1a9i@amol7;`WJB@Wn3F*dP8B&DomqR~?T{{;vFGark0r+AvJWjK%77K!nFcS=ey{`=@7+?o}KV|8SWtY z4I8bM&*XnUx+u+jS3O=!qAht-d@*oZzjE$_`0Q{bM2y&ff;&iEm+)8~)ai^hevAC$ zV4YVI?N*k!z-r}~vAGGqmyyk#YjEr~ZQ&a?hV>7gy;QBG@5YKVMWdGsCHKs8_=vJv>fOy@3wMxE#h;52#fsmkQy8(f&aGD9hSwxfMjlspL-Enb9Y5(8i>6n4 zHsZFiqI!0-h;-|mLn}4WY2%YQbfVd3$Ah`V%sTe0gsNP!O1Oh3qAyabw6fdsV_5>D zpk;3M~#^E zUH4MMw`X3;VCx&+-`qD6e7iUK#DWEEa~0?c`Uc!v^+*U;0wZN`90MOc zG_$S~y{gWZ$H`YYA^2mR#v$?`4EQ~MlQCB;-l#Lc(=r$Q^1EM+1j!;dg^9iu9Q0m( zsIwcEV_-VF*q99?pFcFURjdSl5K8?5;f+wL)6Y7Vp>vF{L>bDh7Nqbyufim9dNvOh zi1JCVww>G0KbW_fd85GnS;bo_*Gy8_mNr1J=AbvM#!bd(k<`rU1lM%^l|0?z15bU+ z`QXsI@AL0edc-02iZ+Qt42n|UMM(%&mtRu+hSCNBO7+RtL(;-Z!7tAb6o zl9P%x2Bfl}zFT)X{r>4U$#rSkioY~gj?~;zqyPTzdR$Gl&g5+Z7dtsv-zbF=i%GYt zp>Wx!<*2(pb;8914<%+rj#&9Ayfe+^uq22B!es4dkVwR)z+l^Y_;=YHi7gefV>Gn@8}F&J<+0pdtHYxIm*HHK#cZUtwKoC36n5H_e5Fau$q)gA(#LD6)ery}su z>jQIV?J8wF)H8jSX3nm5>Qk|Hp_26(eFuQ*V=jIo<%m)9sfG|k4G@4bHPqZ&?Ye%>fPTM~! zKJU6;Ks;4Ev)QK7GJgM)&q>htTef5p?N}7M8n(?D?(oAn40(CEf}`#nsPkQv{4eXg z)sYj^D8C!V*o#=tB6Rz2E!n|P_q(83i1I-}P8vze#SJsUQ4Ov(ki8j})bywS*$c~F zpUdHoMh&@)W)a<_SS;N3DqR{NBKQ9l5e<{fr0W)JQ#r;vQVb$oZ2`KG^B-dw- zX!l=`w9-G<_;y}D?!HROcdtaNx2yaKCi*$Oz(&SHUnJwL_1s-15~-4U7f@>*ZgNhA z;Zs)gKi^PIGFcMg|CQib?W57dNA5Dh&|0OD!ASR|Yo~l#A@`$;3x(Bs`R+=O6xfei zeN~WLUrjZA0l9;bxX!ByxhSnqBl@Ypl=$<8QC9sLfZe4*A3lLQM3aji2Sbv zahwLZTtXMr;7@SNabt|1einLu(?4-7!zD0g$+zt!=4WrHtkV!`P#M#IDJu!eIY@%& z9dxnrfoA=q7745#a4?ds_3b<|izV^N|AlJHonj`N2N#z+9$wK~(HFQ;li0)bW zA0Ji1&7oqldM8n)nFJMsd1SK^R=IOTiSMqIZ}-)%#~tsoz_n?7gUGcQ?*;#A81yV3 zk)L>ay8Cq>3~Q4)wA6>XT%pA!MfkUC>T&LJexHP|DK2^AsN&}=m=1=O22pb}V%nxq zVt-zjY}f7fb9|{?@$@kP23G*mPoUKZn}etmazVM44DEWeA zyKSiNN&8*CFSlDYUThD5KOK$sQvO$J#(XoCx*nVKCVaI%&JFoi|Ls_H*?Dl&%+q zN;6L31o!0bzgn*D3X(Dcivo{Yc9+2Yi_ERFB{6&9a-Vi8}zNbo|4zB z1*FF?#?RGD_2JWh0tvf8)SQH+m<+LLkI_hf^_Pw9_T@?Q5kUFWOg4O;SdBZjG81JQDQzq7X}Y3sX9S(Npk^BJKbj& zy61ae)WV}j9G0lXWzR(WhAvV>V(G>+m@Ii5K_z{Z4{7w;;5ZYtv(}^8zzC5A zG_BGf7h;{s!YFJyBs>=#xNo=wlE!t8is8-s__V8Xz6lkbC0x2?-(rg>W zHR(NjSMBNZ!+CHog=iIbpS3h2kQ(Z?r_J~Ry(dt7;=g44j%dvqNEQo=9{+sanr$C; z3giN^!0Rr?`*{#fXW0PSt{|UyI{OH5)!{|2FWep+%VTdD`#`(juXaJD-A7KQ(+yth z?jKO#KFRg94N*MlR0I+JYy++ZetuvaAme3#sT1yst z>FE!Y%CZT4`ELVL+{wU85lw~ocySP(R8wfv;|GQlGpI#u7TCdtB|wY&;Ixc0UpW5l z^C_)QFSl>nZ?zd(aVxq|LWvoH1o*uMK);b7?@Do_PNQ-xViH=Jk8<_DEf5W@8onZw zgqcIKDYG#akcde2j_kdEnQ#{78zfbri2qnHBc*G*|IbW*e(P%wlg}71bmFLy{ zmoN!4Eq=}q18@6I7CcomzgmKIaV-2)CvQ}zZ~c<~mLP){J3Sp8&*nq#+ZWHu+FDidMaL*%O zoZwf8Bq;F=wmpWE?#=GQuvhdfisFY-i4wU&(kQoY@RTd;+?sr>%&cB_urvn06Omwl zJ8A#H=9SSUz4fm6b1@STT+~y(qEtUUT=nR=}$Dp`%lqI|lf_^tYZJuXk;%=Afe! zUO#k$fq!&i%<7z=^rmW4)uo>Xk+3U)Te0uTA?hLRs|)_0`-DD`s^%>4mra({n<-`M zYTbK~x=;mP*1+N?qq0hxoIv1lWvZvJTDn362#oZ3HthKsc`nG>c8Vd2o+ta({hmj8 znAaAJ9eS}q)I|M}^>cuT*h@X(TXnH9SgM5XDPEe&T`rrQJw=Y|bp5m2Tup8odni*? zRK3KTD#8N9RsHS59U_^PZ=U4}cVK!&ISm?XC499V>_xQ&-2moJ;0Emj+V=pF@cHIL zHb&hA<6c99$s%y0;_9MH6 z^pbr-%)`Lu zA05}19WpKtP~8DCs?$Jk}7tDTYTAU zuth674plKt+u;J|fR(wIS#_;{*$a|66#0bfUOyH~-&#-;aJx3LFA|(Cx2u-j3#h8_ zsRS)qJ*s~8<&{UrTHUg82?|MS=Z#`EeynLQU<9u++Ty|E5miOu#E-;Rz~K(|LMzkX zfvWnwLSlwn+vIvoNfz6A6c9E+u|s~gBInDV^+PpuNh+Ht`KK)pE+>PGxIw~JGs<`A zTsEeVo5u)&0ZZ}s>hv=$RHKsx7^8(HXzXXhCPI`sQbnpBhHI@j(6=HNnjzs1DC8hh z1T^!lc>E`m-rJc;=uYACXH#>in(a+>cx<>shmqH}i!;>$f3`Qi=!<7SE_XhoPCYO9IKmXcC)oWw5Ez3=fa|simr0w7 z#B)yiTZ(O1eo$M0Z107+UbV8zK6qBG;(jltNO-tIdeHsn{DgXDgqLme#;we`U9HSV zGA!K15=I5$tkV=0DRvEE4>uu>CzMD>S_w`hv+uzTCYGmsp0jW-2 zoDV3xxSs9o9F)s-cF^dm9-AvZdZRA=jEeJ51z~uNl{_`I`wl^)y{4$Oy6;M1(CwGI zg{!IRN23ZbS>h?WiN1HKgkL?sL*&IuXXMB=v-QWq&ozoO&(XKCDgJrj7AK?KO5=ib z?#q=m(T871t+*WPv>vOJDBAQ0f*`<$KL7ghS0B84AG$k!L6dW8Hx^!&{#lP;7a2WV zzV>DBCdZh0u&uR9lx~oFLz`AIY#?D&+$wsK)a~Cd3GJLN4)g2e6s!Kf{B-7 zu=UDzK^hZM8-c*Dl!;}JZI`18s!!hcPH$Dl#-3`>z4XIhI%3ZP!6pnx2a3OP!1+rL zZfM+fJjSg&0|der2~V7Za|cWIik@b|*}2O;lmuZHU;ZkEt2isQKgJpQsmr z|Sq=)MU#QaHA7z7W7--B4L1VNm&Sw-d_he4#bH-=2 zoW6ThWOV^=f_rem>x)K@$De6&HSz#QovfzHBN z1({a?uBXJ2A^l^)4gvC+odE+bY(8I!Jp z*{2_In_klQ^3xKKY3H8@OQxLvF~8t1Z?yRQrEdUN5|TKg;3*?d+L-Z|U&J`K>^h_l zErFv9^sWkG-UTW5p#F@^mFcwS<1O?eQPi)nprz0Ll5ws@PYOJ3DQ~@L+wZ39p2Q5Q zMWvl8uT<0?_*m_q6{ycV8qIQggf{}75yZ}&o7{a3w@}2Tp!2d}C(uv9ETVRC{cFeN zT1$r#K#$1C0`@${sFtc!rE&fEEaQvD*iQ7B^QH{EI_z!@K}1Qn;XzV${i^~tsn z&J)Tjx_kw6+y7aVu>VQ~UARMWo;#BYa^1SHCKdg)61Z=fGFCDtV6FFie_bI}odKbm zW*(i5pR^s_6vS;_&`m@-rv>7b%HmdsTukS{L9gWnZ3SHQWP~s<)#;zUu|39DH0?@7 z{`bM)=fWMnn!YMOKh|$T?s9L028DbU=Z3s&Rv8CpRx1=|W92wKu=z~S^{%!=Z@4kE zju`TNij{(3Q~{Fz~Kq3)f>hG06e9{0WhzO?K-(57dD-v3WiGjyx$wn-I@h__5%1x%{{ONB| z^nrwN@b!#GnMsN$h$(m}2uzu`!CHTvXxpmqQXiTgAv|ViotqO=?R_D-4^!>?dc>~o zjJ*LAUL2bu6o2#VhXF8NVGjqnh3FXsN5c1IVMW#kJZqR09fnrcb{|CPUiFe5RYK2R z%5)kQ)F@2bh;aN6Ubnhf?$7JICS`+2FRrs~vfX>?SG!B;TSv^%(^h)tV`Kk^4p?z& z)%Qg)pEvRM>e1vV*5EK4;mt_*ryH@_V<%{E2!J*tS>C$4^2<+r)7~6Yi&vnQN!Ihn zAjkL6VG@M**DZ?m8@~0OT6qNIWh$VGE~jU+LlTbI;;-umWyr*zO#O`E7xIJ&If}G; zyHR|1ZS}l2V{L=(>9i^9WbzURir|PboPnzjpcjsFbAjl$o}K}nGvQq+E9j$IN4|o^ zG(}JbG?raGYtZ&ZH?8iS66X}N!FZQhz8QPWrL>vXtMf(y%XiOHqqMF%bg`=o;>PC- zhEF4j*L>poil}pdMzpqWAHjNi;9`vyN-=v$1F0N*u1oN1y<(3&(-QL@#KkBE2HRk1 zVT&V0Ko)o>z<(vcKlpOE!$?INB;Y;1_P3|r=0HH}`u%~6`$UZ=?|Bt-Wx+9k7AAjo zz$JN_Fh|c%YvQ2uPyNvFv_aJ8eS%t$TucB3HiborVns!I9YPN9p;XUu4g+*Z8nM!u z56&UzdIp4W|K5tF!dqXjFs)erfQv_tHHRX)*W}XB0h`|=Hm%-fG*}guQ6`cJCc%+w zYq%n9jfu88A4~W_<{Ub4;2L4Dp^`QH9A%=Ze!9t*Gy&hVK#CvEqpA-G2!hD4?Fnz9 zmMnhp=jOYz8a?UTUyHF|f!vUR_=1j;1JB&U-V9_ryvUTuR~ztqpYTVe?J-j2KI0i* zzP@_fFCG^`?XTQ?fK>Tcwk%iaxCgoXX0`0f2Ug-0W-A>5`-Fqt3|BlP4-Jd-2>oWO zlZJv3O!BgAEix^l;vy!e2F7`@-AoJ0zfj5Y@p+ybb+0qz8)5k~Gs<%=WwPbF=QK^;u-DYPrGEv@HrQCasl$hH3wlsM(%2Zh znAiu?^;E}sm#Js-hqd*v%9m9**+vcRFpXFS>xsCiT5YV^MpW$#zwU8U@4=;8!$0mQ!?YW1!21#B`VE8viAH){s3Xo~ zLFmCTks@LUL_w-;M^bmw$8{l@-3=xiabqveG6ut zaJDl5N&UiOHLE7)Z)>e%{j_4V`xM)0jnS25mz`Y4L|s@6mE@-yICM{6Jlch*8XoVBkkw^^nCVF4;@5S4gF zk!`r>VIlwU32uB|EA&pIpQ^k3?=8N*N>aD;rS@v*j}Vzk@>R7$VgmjR=G$7Hc5Edo z<_a+VZ?`zcGV1;O-l$)z%=o>d{K&Jd{IPw4l}ElB!Bx8Fz18tbHX(eEx0!19nmjfO zz5k~=VGYW#p_Ukk`LR}I%OoseAY)Ybp6u^six)h1oV&*eK|TQ-iRlsrfwSZF?IHyqEiDL6sVs3 zRJC_*IKKhf#b9=}Qr<|AbWFWX`Ahrb@N;2WD;klCeUf)UZQ4&FEs$S&M-m?;fUT}% z4JEL2YCY5|?nb})QuuBpL8oH_hRu}}Qo{E6+8(ePmzkL0&8AYb1>OWp&;EvBiweJo z{J1KmX4Gk{W++Y4B(=YR3Ze*BOpgKb_X?1cwgMm&2IJ+4O9T~Q6Xp3zD6`i2*D6UW zQt>gu=$~gm{M}Ce({ilZSfl{ zlXaBk57ET?`0K^R?Pb$sex+E(XypvtykloMh4nNAjGWMhs@CsMBh5kDnJkSTwe_5l z&^95P8?p^&%T??Pchs;b`-Hm-z8%I$(s7r$UuL(unc}cGt)BwX{O|gm2}Godi)RRK zqezhrI%Js-8x+Xie5IM6III8Dcqnl#Ccv4a4xLi!hpW2u%~Y?apkoc%^Zd78TakuQ zK{f+q8O*S~3IByy!qb&PwM!9$_|R)Db?#p+v7*iG{12s`$8ThCq6K!wO1quc1K+hp zv?7Ds;VK6cFNwBb=`|54?1*f?x()VI`RBRyxlzgPhEe%5VO1nov_jVdRrXHmKCZ&Z zuf?nxsV41?Uz9}*-tKU7tlR17w1B0XZwP~$Ygkv^*)lEs3c2Dbmx03{y5T3C9659$ z#2l)p9y!DuaPWb8KBo|=K6v~JV5+J}%{tUD@8vG7;>Tcw=pdbJ!<%XJ?ke}{@RZo#x)fQ%#-T(4-f16#XZIAa6V^$T@g zi%l3ZXC5TllQM3hGqy$OdYrBrz}{9BKuSt^lE44?vxY}SxTDnP1jf0ex&9?p31oi* zqKFz{NErXz2FuRIb2M52NfIPLkaEbnI8Sm=Inyl-=6*sn*!AtU;V-cMa}_As^@nri zQF`|~-`~O&D$DnDJ@#_lt*f$N+Qny#>q2AFzX01?SV0FDrP|TeXyZGMTDK3D9n3qj za;v64(jnGbWHm7l$gk<nA!gx)G=Chmau%9eaPdLa$6;Cw{}xT(+r zs!09XpRT_CdCqAIj8dQ0%IN;=!HV`6Z$>SD9u{6%pMKpD!9;Y`gl!UE`wQ$0^pLOh zu@h}nU#%!FjoS3gAAJUOYY9|OR_Qvobq|;_itNw+IU?#+eG&8+FkR-cClaUGlOQ{f zitc>cv`Ni(0}vtjpvdYAuY7h{m9gE!BauVh62Y9>ObO8Tm+(oqk;GPVyF{Uc5#w@6 z>Bf=iiIi{@zX3H+z^8S5J8aAVzb`Z$yPH^8naX9EZBNR{VS0|9=_EziR94MfK(qp2 zJJ|tPiZ11Wr$*&B72l_dJccm7bAiiC!ELLNm6YN9BY|j3a!C4Y_q+$7wLcn|5r?mm zH}{Y|+r3wHdgM9AY&xE(Mg6?|j=uF(L(#2E6Ck!-olO5!BIY)ATyOebc0gA34G#EG z{=jetRp=hGyXP=mNC8FgpmKDAMV}$z=)vxeWq4sif)-a;cGPPRktGF18DWK3BcGnG zN`Yy}mDi4T%9ItM(7dvrae}k^rEjw%r>>(zWO_~xtpu7$rf!Nyt!9WKKlnvP%OcVg z+Ip-wH!@^=hvC^7K=cd8c<*`6JaE+9`^IP79m8|NS_cJRmB*7~o2rBy@uF5<=O zFj}%b#eTz3=64W+$6(DPJ7gp0Z#6CY}2f=s-mfa5u6 zC$@nF`8fi2Ub|4rGR5RaY*Z&v*}s2wbfB%steIB#b!P9`=g*}Aiz3y zD>I33*LqY1>joPpDW?!7tX_VX>^TQdGXv0PoS)Rfz;PusdZvK*5lO8-^K3*DuG&gr z{>^lM4*Tl$dOv=7-@9}(ySQ%NSrz}U+50}j!%e0MWgWdbq%y+ym#94y>Y8bhHS_=l z$cK9>(j=S6PYDP~z8i-LFzA1yeo!>sQk{}9y;)~*g1em5n$4*>@a_c?yMc7BBzTZ( zPW3stz6w~P(6`p?AsJUke1Vv9SQOhxuqsbubsQ1L1obSEm%uDbFf>*F$|5;sk-msV zgum@IkT01#iXd$b+mBc&y~Y1ZxX@|*z|!GTE<{gehA4mD+jcsuNO~op^JE#4+pAc+ z$uD)MC*n8Y!7dE5PmWZOG{toiM^7*T4u?tx_}i49df6}S#oQ#rdl}S46rlt_&Tt4+ zZTm@u!87vfi@K0c%nE&%fBBWY5goTtD&+>D`nn}+6SVk`U38Bp&4;lII|T6Q{84DH z0b5ti)%dAk6FqXTY2a5ZQ;FQAv3&?I;qLGzxW_mW?PnO|uq%n_R=A7b9@uW#xcu}x zxHcEP@k7DV5oZ(U_*f8tL^d`v!RpgaOpNGeR-FV%y?#K!hHUcU%~k|SvI_Li{R@R~ zmwVv))h+&|n(kHp`dOcVaODZWlNw>2n8jDqb%zw~)+k`ZZ!r3E^$sX-6FmpiAS3Tz^L{$^3p+O!+kRoY7`FqI$8G%M1aElxM@eYCPd(SDpT*gdTbjlLC zh`$5D8wmoglAOB=WbKNx?4yvcE<2tqigM{W)H2#wd56T13G$@00+KI$jz}_J&qTCm|rkfg(^;L!#JM76tq+8^|%5`ylho3de;wvZSb)i zs~KmYhQ+?Az%Xcy7NTCb!~T00Oc~*6lS;((agHWI?NwQj<`#+9y&AzTzdnRp7uy!^oK2gSj_)iq-CnKx zxeSrIjd71qK2X-1-Uz(W)!Puo=q8(C#kTy**s!$7QbkS}CpWkFJoSDrsI7pwhbjnA=+tu<5Wt?of;F30t&Dd~`&)!H=FrW@X)zM(d%zy3!WQ++de-5am+pq!}p zRuBTe{;XbQ^{D4As@L9O*qsC(&beGs<=6fVD!l&PKYyeyJO%VlGIDYq43a^!iw_|Xi0k)!B-Y82C6*3w%{q=$TRhvf7Db>Rvlx|1kxt;K(ef{ zt5N7^G#|IiizItJe7a?Ei;<+giJo~iu%89576CKdM*)gRi?Dnbzo!(M!n-`ci-M*TTrx6>Ah3Q6q zz6+WP7qP+G*a1-e373f@46VV^&56NPp3Sc$N=-%n;1>XJD&c!65L>CL{BRopV2Irm z_@{E+?k3UfZGE@HussKYP>Oq2)!?(!e+kpw)9mX-1CrcAP zE^G+T0~*1rK&up+GXaE+vdqn-VG$L|$dA4;Jfb#r3E@_36=fZvlGS)s4xM&L&#;;% zHZXDQ^3#Fci%q@tU(p&~51X1^=L!Oc{=jKuO)DhGfZR`+v9=4igDR#zWLrV=IDGk>iTNa_GS4L{2D^oW09 zx;7fcrP~H!XpqQGnwE_3BtqA0SOnH$_dX6pCC;W~IpUS??rVz{9}9RrzkwR9JyZA^ z3$u>Nz-GH;sp}IogtwY}yEcvj5D^$ttRN^hVKq8xga4XS=39;xd8Z!+=N-PHkwwoH zXnR5o06z6}Y{=o6OrqAKZLr@+VP7Lj_oqq{ENoN&7FZuwlG{x=(R*&IAUn?SQS&db zF9Eq$f$|-y)p2^+G-BsV^{HJG;W=0lIgq_JW^9o}4b^L09H9tt{40U#jM1X_E0~20 zB=-Y0@!3fHGi6x)(P*d_k~_!QcWO6ASj?y(;~+1R_?gf&=g)V1^X`K4iw2}nEB^71 zlYwcn10ll2J@G8isDo9zeatU^*@mGp@W!m8pf#bM?9ch--=P3uM>-Al&u>)g#=9O0 z+Z*wrGAC=cK%pP=m!3!(?%mw_4HOIpWuDcYo_1#CR|5S>? z&$8*z|12o7r34AT&kloEP-e&c`7%)hrG&t&Cri_RrCe!QElGe5NQeQMLi}5z=^i&o zg=guCQB046b%*qR_gU|cZtuxJHc&#YdELUmcHfHm5|FtQ)nhcsK9#*2q-Th|gms%a34G~!;Ccz8{nV5;DIhKR&k~vm@8eOwSCOcl*^iHMJ&KOc_HNOZ&e{n% z@w>;5NpB@+Q_aSCU=oii=gBhr@Z!~sv+3kp_@i}zKxw>6r

    ?Y0WRVeTM?hm&r*dF(#}9LeM%g3UUFe6>;!rxinlETRvycf%1l?q*Qg%_ zKaxuQn+ZJ8%|J7)In6ZFdYC`mI7&DI$eLH*BrThsi?EgBWmQS@3Xui+V9WEL~8(rMSt;8bPtnc7*ZpEc680p_$CDZ78V@>sRZ$BJz+`_-D#u2 z-t7nTLL)q*1L(n`;WnPM8QM|P;*g3)C@;z;vL|We)=zHE0#2{4t-;M zFcu;_MvejvYK?V%Qn| za;XQdsXWeUz+p-jI+PAOo^>3KD^^${ zsO2b9x79?duz}ag_oX+B8W986hl;yjOPOta#FU2=(A~YKmXH+*=ju2OXLYA{T7K360N`=Jq z#ya%urbDwr7vE^k+wHiR2bF}J#eBoQ$|FNR>fPcFdQoZ%g7`$|WM4Fx6lIvUx0|Od zOvdacEFs69jD;$~V>Fi9J;{^c?t&oLTGu{-Sk~|i$ot9BU}fC!@G0UdZh9X7>%swI zyz`3QD|NS7Fq`G2ojC=x|Q@TPT0>!JJAR zS;F(l1dWiC?z-}>CY}=+DJrD3ZdnX8u;PH~SZ-*?J_12fx9=xEVN=VvhTn3Vl^d(= z2^t>GEw;Tt$9V{T+H#jN^2jG5JlgWJIk2;6Ys)CsFc`Z<9GH&s)pEA|+qec;ApNyR z-`6pP*PWrz)QfU>8_Mu!Hmb{)M8fFzm1L$(_@3bUtZ8Ctg_I@zRqX~=Xog}&d}7x) z5Fl(%!)n&tqdVJ42MF%+fK6tV0=RI@3f~dbpX_1|enkN)&CL1=*M`c3Yv&=zIb}l? zj9b)bBy{1B>BXXTR?-De)~v?F-J`GsVgpHUDOt z(l!r;dxjR1Qv5;(Lk1w@Ue}Cl@VNl0tB5ME=TmPHfPTUOoGSiyK5+)fU1lsD!0?I% z;(r#dDTAd;qQmBG2^#=PS=DAZ9($DzgW3#COKR~MTf}a!L_*zP!}@;g>S9Il2oF6o z6p1c&F$H{jmC}d3Jm_n^Kve81b6>W^Ld-YUOk&&H=kc4z?bya3Gy4dvM1IKL%6D}e z{Gd~;*ndcP*eD9%No4ts-+FZVIu-+zv3U<$wsozCR3-Mc^*re!#^pBSe1dIfx4n1x zc?Z15?%744tTy}}rv&Pt=0k;&05M%hDIXw^-s2TiIqbG=GP!nkqaCPSIWYDC@ZtGxcu6Fs{L z_Xp>MHXH+byR-#CCvoy#~t+l$dY=1L&}oVzF}|$T^RnaJ_V4f z|F?=5fV9f|pXl_5gP(hvy9kpr&!O1&J=JvWYh{VL=O%G9+G~A)FbT*!4@0|;V#(e_%^@r{ zOcg!v$!*}Cq5N#j8_v$Fgkjp345>q=Lw zM^8%fd>*#zT2HPgL)()pK!-rB>R;P55$?Hz*DCcbpUkp{TEguuK8yrahBinJQxKX3 zU7u~oN4bQbCbW%87U(_8;A_#4Dt2~j(M==utYk9Ld zQC-rULd)1nvLy+(UyXTG}0Qm2rkQ;#3EEIPyVc(D^y8bLG*Njqgip8&#UtW7Z z4?yz3Zxnjd9XyjawpxMuwiz`N5E%f91<9LR4HDG4!m|35`h>EA?7PGo&E$H?>|`R< zVOj}LM~7J8Pl|iFCqXV@rp?W)d>QQBpNq&#EF9M>k8#WS2aQ=)Dm)Vyuyzq{@OZWA zHk^obBD}gfhS^*8-mw}D#CA$!*ESHgPn>shsSV?g6V_@3+eZ;2Pr9z^v>o{?17Xbd z^9{*-IIVBKBH>do7xk+pf&HD+)899PQ-w8*f;B?yW|Y+cy5f28f|Izurj2&)NZJ3Lo@Cw5 z&W)ET+4SGd3|aXi5<2+%hH z71Qr|$phEM?e#p96&c!#L(t|6C6x_8-r~%}tasqG5Rn8OUQ0cl*cgU?JeiAueW913 zpzcEK``2qq@e16P9UF*h83WJc&*4+;$xt`El+6k5Cvw`>9WwhcJqO{d>?50MOoybr z1q1@93St>zN>iLk0Ml*_Gq| z0?_}Y>_1@T7SZ2})zO)ywcoT55}kja98h@F5A7Ta0E*WV+NoIytRsb;WM8=u7*Hp= z?7w5B57hM9g4tt%8O+93H$6-OV3reO!gYqSM!_l@s!V*z?U&305b7cLV;KFlv&-(z zJ7ZUM8Cowo2k_C?r`D6}oMDK#j~gM1K$&e08K2;Rj}qi#hQSLbed2)rXqDq$95AyR z#RMvaaJLQp5oP)Se1ZyQ>%54aUpcbok1SJH)WxM=6hP&sEdjoku2gYuDT*Nold6h< z7n48EIA3bL7?Bax?z}fm=u4jFA*1ne6bF~R!M1Ru*UKxavyBv+QviOx_N2Y7bj2$_ zA1ZPBP3?%8K1%b`M9y^?_DZpz0XiHgzxa%#M-Y z)D$u-4WKOBfBBRCRy^(R5OaaLQ;5GMeC;Jgceb4Sg($6zFHDs!aWRspIy)j|v^$e% zSHCN){edO*?pdXp0+l%4DKZU+Iv%jMM;ZTHCQFy5pM_p zy^md%q3@>QLR0bv?(?5KY$Pc7mqE&~Ox`25OL*ia2R7k!xKo`7^y-*`QA|L~I2WjG z6{rSS&bIPX4Lv+5lwA7Dad@qkEPc)5ePz9aTSk>;qt%rKpj*5R?VMz1)#&@Two%~@ z1=a=T)?La8T!*Verv&<^W$OQihfHN>;dWHd2^pAYm4N@?d<+dbtfSOY{HMjp<(~WW zGWk5kNJAwo243tm1-L7?`<)|a0q`S$18=3C=Qa(XX2{R3h4E%f4Gw*>&| z*9m&rckd9l2&5l?C5iYhUOTxHtK81PEtZPW^8SWf`wK>V@VL9OqtWXl0JW-|`+DQ` zVLf9k|Nmf5 z;h!M1wPAh!S8PzeA5N0v{0?z}+X%K@_n;T|qh;yaaZ6J+nY@@EMzTSE=@l73WDOt@ z{~uX99d66$57$muhP1!xMGSxIc%+rMHs@RaE}P}^O$SwjUE%Dr(`X4aFQ&N3vB><& zpk&T#ii0g7LDJ~4KCP!Lub;50dPji6z(H+d;{U5V#7kNod_KG0Mf=i2HZEQHyO?&L zfQpw5y{{l6n@s?z99)?ZSbU5|TiEbl+Pa-1?P--UM$0$^)Bk*@6kw>yA+5m?7w6k4 z{hPKi<|~2v7z$9o0zNFLN&F=dN!x>dJ3#UG3 zJ}EQyYJQr+%g*O2#fmYGEL|K6Y#HxKSEpWu!3@brzk^l<Tm+eV*A(|-9Yk&UA@65__u&_Ij)7J(D04nIYF?14l z_kc1uTv3{o-dbywtbT2A&dIONcUt-B+j>4=etJo@b-Cr+7}RNA?Y_->2Gi*cSO4TR zYfO+wV;6QEGMp~;)Y#IrB3+e+aC%R(4bV9yBg#A@>Y`Zt?neM^9bVNR@U#CIP=W1s z0XRAB>9{q5@z2pEC6Y*s*D-P@BM02X7(FUI0eEwQPN#9|-_8tZo!!n<;+F#30_YWI zi}qK`(1j0GK$abfP!3`Akd0GuLQb>(DLe02CoF#c^ZLVD7-YI7@YbCU6(_frR9GQ} z08|2wAT-Xe|DF8y+H$Z}`=nGP3y+=Q!Q;hMa#_(OBO89{@Acolovbr?SDI#Lb}9B` z7&J3Uo5_=lRcF442KgS}P~<_a&(E-O24zw4Zg65pnY7 zZ=WoRQtUeo)EFvv^!fu4O17!8Ka;rKs}p!!&O^p1J{^NJ;}7s@CxJNMA8xrJL2m)) zgK*b>b8!19uxk5+b;J1yU8(ytB^&al)lDR-&@>&-xw5@3&t3gdtCZ*62AGUIW)V@B zy}gmAgO!odyV%yVxSnm^s(e>Gmc~aRRii~@)(}cLAUu33RI(v7b$@=B_S-8-jL`%i zK>*tgeX%uK#uz;wmxxx>4ND}6#CA$EG^A=oN^~WOGnJor+*C>vXOrvfY``8u&Y*Gz zRQG#v*Q@7UNT zXnF7CT(f6%;X9`j6g{lE`eV23nnUCZ<(pe(+Km=E$YlWriGrVf&Kt_2Uk(t zA#}u%=_Q{O*uj^OY+(6Gs8z9RrD|Jk(FO$!!Rh4P(VoQvf*s>(upShTzTAuqgi$Ft zBG)_TxSxEWK@=Au2ZA?=ISF7Ts=eLsG-|ic>-PyXPy%6ko}pd7t0(ck->y$-N%z#w zXPmv?E_q1zh43k5!6;Vl&mGPt%_F0JmcctY$Gu3et5I40FV*=xk6}@M3h<_IhroJG z4q}xG4A3B2Z(4r}MU4_Bf66Ad0>3IzmiC>6r(C^BkK}(d(?4HJ_STCn?_Tc{zyMDr ziYAm;xLt3wvh=v;iXmG*0rhi3S<`2LcZ`-ct=^oV@80ySU;gu8{qO-pYemZA5y0St zoqcsejU6axNzsy>uR01ex_*YoR}iS41wf|%89{35e=+yw@ldw^`><@Ov?yh#xQoiJ z>{|(yY}vDgkY%jdw@4czC6qlO`##n|7$ajzmccL+GJ`QRw!v7Qb9CR`pYQW}zQ5=9 zdp+wv_bukS=DN=HeID=QINsnJCPQiAnSb9Ub;nZ{4QNufyc}b^A5_4;ItNtNJ2h;0 zc06?@Ti%+LwB4evU=J<#Hm2i#>!=<3(nC0=$i8NEjoeGm!Lswc;gNeIg(}w$8x<>u z4K&pdfY#c#rXe<8wEgSkaGS<6E2Yyjf$e?Vd6sz;)&o<9v?$INW1kG1tVBD37OviK>+jBy zt(^AIH%doA1)r2M5%|v*o}c9(N2-cxF*sz7Fg`Tvl0aBrdYP1EarA0-q_qN;TP(C= z+xErX(7Gmbcs-)g`C*-UWOAJ{jQDl4BNVKW4=3D-O{_wq|1@1MPS!#@GxlmN$y9{zqTA}m~ z+m_aSA>SC2>Xv%z5~k=ZPWk-ZZEsbMnE;vJ%Lc25HHKa8_n25K=_diYTqxpL`+mjp zUa!S{8IYtaGB?hMeJp{K`Mz#fV$je$b~33h1R!1GO{au<|9MKCt^KF`G7h-^*;%HM zUL1oW?|5VM#L%Z>GB`TnRUEA|Ui_I0KE4$`F#K(9DDh6o(*%xI2TEKWta{MK4Lwd8 zIr-x-Yx6$?FZHKq?FUuQlD{SZDG(y6@p_m*|LaD}q0lj6yT8k6XtjJ!Iz;h0a zzAOu`R+kmO$9I*>KbZ4r`tD}%?2~s|N7Waw#(&t#?IQ-ymk--K-j zZWpCx39s?P41Fk28>wMn{7>A++8^|Iy$X znm(xiV(Z}QU+A|=qc|Y0gN&B=njtX8;UB32X*JQN=`%L*KrG0*Z(;Gc@Gxuk!4W3X z$Acpa#nKVb;H4&7c!U30_oR1dPS^+zimUBcD+0?b6D?f9r<|we;V`|h=M_01!#O@Um_11WX^W5kH6*{ zQuiGPgj%W$V!RndxPS=9tbbG%6Za+>mgynN-c7Qt7oJN-zVt-p7OuqIm%4pSCnstd zUE?0dDfEmQh$1PZzi)<(j-Ibor`m0hwQIuwjhl&8CHhCnGglx0VWz2+_i0MZn!1zFx0Fe;)M&@W4{H%%|x^@ju~bEfP;J!e-CK8}Rat(_)4`d3RB(D2 z2VgjbG}zhCGaGd0#r`HT{6yY;>;2^i045ugz5sI?T6GV#-TS@u(`Tq&B@;4}yWn9w zjKC59QK}l_O9O+Ge=E&~;e`HkT{kn?r?qo#OrNuUNR*FtD^%@&B~g1WOx$tQ6MQp$ z)MARq9%!1{c_7kdS{pk{jpL5YdIbmoZDL5x=5=!rW>zgg3ROv%M0;^|+;bOSU!EGO ze32^I1gDVN0#(oAtzY-RLL{;-Z=e5h%e#>`ttf^*Y81Kpu&)lEKcHo4NZ&g~=r~je^6BR>y6cJda2iG|OC6`UeE8_SiUphfonKb|ZxHf|x zTzliz7v{rK-AJ9gx$mvgr*~4JM|m~DIx%DKcrp7+rmFtuNV`6D`O#Q&XfOgnHV+o7 zZVP$DoS3tx`{f+r4aIpbBdW%1_#!bwO+}MD6oX8Bt(EED6mA>ZJM7Fn$(Hw5^xHFt2xnFBQ005#(xk%8ws+n!k9X zbL(5yC(5nImw{A2+C^)r!_$sa=CFiiu;&b$-FBMHiOtaM7|$sU{%6qn zNpj2TDQP8DNcrmYRGi%UcFQ9udYd7aif%X0WqRG+0)!+dqXVqoG54>%UTzGiXIYkb4(2p>1+zQq_S z*>tI%Cm=-O=T-)BkgtIin8K)LcD_F;G&R!p`t5A(%xl&1kjJsl*Xqs+@v;jDcU|(* zI*#QKhWkTkz8&edO-*%g=q|c9a+!FhbjZneoE^ve47iJMb(*&}Fbhv*DbPi(^Syg6 z>;h>V?=THr91x)hpSz4PH+4MTdnaBJ%w08? z#uAZHKE=p_Eay8ZsLSDiuFOJR@DRKm3%LguYG>HPZ52BmGEMn}2n3%ODBNw*V3zXD znsBr3hLG8~=lxWr+1fQ}{Askl7H2h(n(?i?40(;@i8m6khI>S{AY~7f4szM1QF#OB0@URB#J519_FJ`9edTV6 zH$>+zyb+p!Bsq^HAzy6T3o=7gYcBAuSFY;yR*JloqH2lerH9{S5tR$j=@g;DbHjIy zs(ETRLLQ{5(ZcV2EHoLC#FT#VR2t5nKEzros8_UC^pFl#=i9aN;T`_=jxZjtTyo0g zi@*78$-P?@hWurT-+IEX53Y}+zefZt+UI}eeBA59X}0&}?%uU>V3optd*UA~rJQJ|F+~kN(Z)Yu#Owt4s?F$2o2S ztuG`Md zy`+`%%D16W9=(+%2C2F%Zo~J>)^98MrMb|-8`rCl-H>}OrLbKAM~DJ0amZ>90BzJw zgkLXmdTh)S`BoB>t4DgRD#3fUa;JD9Soleam8OH7m0}r=&PjQ^PidjXd9E^l;KDtT zY6DbpiM8?u9t*ix&v~!+oz>XMo7KqT^Qr#_LOMo9nDm%N$0+9=$FlepvoT!#tNs2F z(_47QyqNYJk~u;VRNqd^S_2B^Bo6$|)XUYEJa)Pre$`6%jWIeiOIRj8=yn1L6yu>1 zd?*CrabuxvBsST4BG$@ja$SDFsu{p|f4@nC#F(cRnsItjln#z*b5mv?{_b8q@1=OZ z;~UT^<`)S;Eg@*MpM9EnNi>{>hu246>%W|X7 z9tU7V8CD=yXV>c`*@Q~cC;+dwIP}fxVKY>Cf2!|K4>w}&W~{ky+Ck`^#EyY82}279 zLn)EwgF^u`l(_aP5h#+65rTulabt~%R(-!RElW9BMZcc7Je+rw)mz2>g*;WWSOtQ< zqsJ-|oJ6zPd}Ct3YBdi*-~HN_+y``ZZ~`-HrFVibq;_!F5eEIacJX?9Q3;yS*Ck`R zk$3&4;>x|(=Qk2@@29JJ?i7LMI5}WmN++=Q*Q`-?L2Y78|EaYmT>FGMoV3gJg!wtC#vMm6xbJLO@S>+@h=BWPKkCbgeusJMoop+ zKsT31A)K0LuNYJX6*6aKCsOwL+I0#| z6BMjWIB0oIoR_s@XG)ev%-eGo^ang+yu;#Ryo*#N$VN-G!zW+vk9sN4sR2pKVUU)0 z8EevKxi+~`VWRDLDTVwlZyCI~*0Ofa1HVShv)E0)?i#BwZ@E$ZyIexUE)Kr(1}QlY z(amXv4m<;c$KK5=j$u+NVZ(LyL$SGIVcQ@qrH>+uHWeL%&;c(YT6I~0JtTfo#TdX# z8121B%U)Hg#-k>Pmi9lKH4$%e9KBTapmjTB2+GRaPFo56}=dz zF(_B%;g!2L-yE3uP8Uc#YmWq?;S_Vkf&_E|Me++tUgBw3PyQ|CYafE=tbCC3yfP7DFoOcBH;6zs6|2WQq*%t>(v0c6BkOJMVU8ESJvNiPre*~ zW}uz!L1On;Jr}onel&vYc*4Pm(?wK3!DC=DZLCHpD#ZR@JB^!($E^G$9 zXIL|!`7UC+6~MO2XRBoj&2laWi7teA;?z`&C4D<(Y1Ok%#wwW*NYBJQB@9<})oPQ1 zKI8!ib>P0^E$XTU#xURKOKLk2FQztGy6x3)2Kl~2g|V-v;a6araDTJ3i-jgA=@(w9 z`360g(8^s-c{(h6@t*Wi*UxhYm5dSSzyNRq!{42JMVE}9M|d4u+-GC~`-)qcvhSW@ z)TDQ^>*FAAG7a@o-6v|`}LfI1nkxJBcob&?x7GPe6oo`NavdElG&;aB@}0+m4WF=b#%{hwK;?=1!q0#Y3pgA0+ylxPFnWP_%L4E|McRZ(Y#*;o z4JMctO=8BjD@>}Hj@xbebY2=Zlb6(z>>z-%tjK5y`k!Weq=G`x8fL zI!GVYLgpo^#UxQ^ep<@;r5|Cnk=0YYa-(qz3`iQF?Evd)qz#}>CMsH_STnvMuDVFd zrmp9(1m&F21TR>B2y`5mddo&wDDSR&I6w2mz&H~lHADtymfm&D_~n3F>1L~6rfn_4 zY3wSM14);Hd}4h$G&|%f_i#r*^Gr?-et+qn>ke?6^Xp2uJJeDd%jU+MqU z65Si{scWT+e5Hg1Am-sya7JJ}5*fuZrmpa8baxWqtrKkvJ95ubm9<1Q5aI@Np7KF& zV@VaOlYiQ(iYQoOgbWUK!;+FjBO>NvKFHR!s+KEZk5RQZwHo^?N)oG(h8~-BF9$6E za!F%=Xq&@QX@ckGXD>Q;zq`)4PsFKrr;&#Gl`uOULtc{f0S#-h`W zq-$$Op*DD$jkXQM7Y~gs?fHv5+dAF`(l>?2H~NEbK|{Dzrk60=(`yeU&!@=EJ!K&E z^;o#UG+&auIrJ6yaRx3o1|gr3pO@e#R$k0h6FT)5odPF6s`g)P{rw(|e~}nciL4!L zj-dw-NtgF`7hC?%rY-`WSMRV2t=k86^wZx8k?jjHQ@9z8ovz*xe4tq5I3Vb$qK~#K z;c2!Pdc6eiTSzE=#vsvLd)z7MJ+kvPKO&zjELZ9}bv`Mcz_s#%7<~?v{fvcsC;dVj z96_s&VnQ+PPYqf%_{QBHv5Ad0e%>PB6wM?!4~Mkf2%lP}b6A>G(AxU6kRWpVoPE!; zjl2hm^idg`x?RFMZ&yBixOd{JaPpDEQ%!#@>5qLl<1=0#6Dam}dI+_=i?$?~yNj9%}Ke<;K~IRjZQCV$m`7<6~wgg$k7%Our4gz3_CA6-Sj{H}5HbcJgYK zsXPv1`b|^-dLFOx&iPdwVGj*?&<=-vieDwV?V$94AczU@jcUE~+#GX7}h&lV@ zN${_@Z)fSAE)@MRwYheb87Q40RYGa3OVw)TX`UrABMS>zj0ZmiP|+?+ff5quWavq1 z@DBnZi-Lz@<-V=Uo_wOu1k=Px(>JNlY^Ip3Npm8{+ga!h2O=^~YGD0VEQvF_C+OJv&jO&6uL?)Vlj|4a6(&$A6s-Yh*XH7*b;^%PY z0OB~#)6mzZed@2K_q$Fi<#>|v&22vORxq9_f=%7|>MLJWvx5@phN}Pb^6aEthgR#1PLmBr(0?>Rn81Kk&OdI7@zaN6K2$O_x3gj;*1N zSJTm(($=}8^BFS7k^-Nc*K03-{$%KwiC69D!59}S*Q2Kxq6pa00PcCeu*Bi_>pWuJ zJ8hDDUDHdvLC{29+Q*l{qtfxlr5P~;%^O#9GB^EE*_L|d{iYR)$+8>I%(u-j0+B-73i{TR6 zw=(#M%`|s*}d*?oj+Ci z#V-6K_@4Aa>9PNM1xmFXT577rJ&ZwL-=65r4$%ghxz=*LGcgy!Q?e0zkb3st-&nkv zShFA5Y^U>74)Tuh-z++R#$^asw8%Z3cW($#iud>5H1wm|DFtAK^!L82tEA`poQWno z!3J$$?pyKZoSm^>Z-9dlUTDY^eUEj2x2@wmK0Fyk{gVBQ{6}hmabw9*_%JnPtsV5z ztXl2~!qrj2DlP#3`aCZc9M+J*QbP#Qjwimg`{?KXBl1cE(Ks{9F^!AuMT@Br;o&zg zwA5mzaTM3Yz6S0oOEyvW~s`!XOWY=QT?I4dw9@b5G5C z>;s|urpbz~sQ?KZN+Gn_K`!fO`o9n7|M9HR^9@hQZ?KS_ECz(DvBI}cYLuC1vEp3% zrKisH8{6J7Y5RJ<|2;Ct$mfhu1lRKA#&arj$4sap4y#ZEg$+DG?dJYp20WMlwDov1 zjsHkX4{&@Qf34D3Ip+cQQ>0GGAG-|u8a43Kv+c=+Tq(joe*prVUuEGbU@!L*8oLS` zglbQ`#&(VR)>h0Y0AIH5FTyh$G)aVhOA1taiT76 z%B0=S;6z#p`lz72upqx80rdgQkw#itEv{1aS}z=p+kM@eH|CiZTTYH?wM@|pZ=U|* z$MCvQg5}Mrw`uKXS)3>BMhS+cRQnUppMkr$2W;HB2hRzr1K zdLWnnF8iLxQ=_ewQgrh?Bgk-qa0eLd!JqDUeVV#^qSnwvk*^d*zMi@@K88nU2q?xp zUitb~5S82B{_tk3sGj0w&06YLtE2!c>3=TH-{H?hHd)s1P2RO+x!FPR)a^)NjMCTG z<_@iUMYR1EhfZfR zO?$eM?qM_~a)q$qtOHeV7<1~?*K`Fp*%motVdJw~6w0@E>pyM+1Rb&Kmxm0e`dOmv z9ddxT+W2|B7~h1RK`NC9dE(KWKTs=lHH?OB3rJy^p(_CR|sfVPWWWD}tA z4kUfwIh1D{u=wgu0nF;=PSL#!rjLZHpm)@#yMn5iii2zAv~^>k}yX22WYO}`|t zlx8Z{;q_KkVlm0|f`$;z0geaQsUsYGS5w$LebiniHE*`Amg!Fq@=4wtLcQ8S>6Zoa z_-ih!JJwY*Gb3+gCKswBSe=czs9$w;vve8o{`07r?2+T)Q(Yi;aKbwW9~~W?Mu?j0 zCEcTc;UmOh-?0+l4)+();7xq0Znn%Dx7ifv?Cbv5CsopYTJ<9(Wzw*@-twKelD}^g zP9J4p-l$xk*`=MQjVJj0Fu@*|(2&shVT$$hyrdT+FKO8QE-jiO$QzjX@XP7p*$ju? zS7C)g;Mv_WR7vUT_t_3$1``Fg$98P1tVIhXIltL+z~ClctTr(>UCA#I5{D(Nkp0p6 zVLXZs4fpz?{_c%uAZZ2Wnf|5WA3@JoVjkhgclF8OhU3cN{M$|8Q)XZw6V_$yL)ACK zP*jdejcz7Wvo-bmW8o@^o2sO}c|e_dj26_3#0u(F{Wy%kVUfX^?C8DkRAxtw7Wla4 z{>OX1Q|~@#^!INOJk+MNtG+TJSF`v1&u=+|(oY{L@fg?0Rlu*y)Pr2#k9B~9)>0en zS3^kHE7!fx4d51Tdl3u0^R(+H!Ce>@*A>8UZ-JvMhpK%uRKl9%V`bbi+lgOHxXDYw z+Xp%KKeVgxs%>p}DZFp5v+tI`Ob20UN1lcT;X(3Y4WB}lT8jaXTVF7d4~9=gn3P)W zeAk8HN93sQG>-M-d`^I0FdTb6pgo#bzd5VCH=wkQSsqcCt<6TivZ%jf5#6WE`x39K^532;<) z4_}{PjS*@LEcC=nC!+KFu9}sLD8oQ+|rn2YQi_DE3=pl&7ptF|= z4@rXM4poy_Z|75x;}0 z46zD@?ftr`qVjo*@Zd-4BT0SKXsc(MA;L;}FLa>_c8qmp>3JSpn33j3tZ37`Ixhw* zZlTx}B;?R?=A0?L3vkoiW?5GZ-QKwOI4S&|Yq>SO3rpr&S2W5C%S^Cp4&BM#7E-W| z^CDavT~n^JR%C;)PdHu#YYPg}EsdfKqMNsoz~|oL*~@@!-E_se^}rB|(WQo}O|ZEh zDFJ=vNmN>0#>+Z}UPLX)QL4t4)a!OtT;|PhB`gyXI4_1h$QZcvt)XZ>2utrG5Hb+DE2yn9gt&V_8C_%4 zps}^tc#&Kow|LR|gYO{3Ns}$KXuTK-OMMum9E#Ztk+SEb0Y*xsv=d9 z*UpsADJ9LoJ?;14p&aZ`gi%~)%$DX@iT^XE{O-30e3T(CkVD7GV(RIa{sm(K~k z-eZxON(_}-*<9VqLiM?)l!-m*IhfK%-f5AWi_>XAQBr<dTcd8{}Mwl@oPMIU(fL5I(ipy`+_D?#+stQyulm^uHIHmL52K zC{1H5UZo~`nD-rFz)Z#Xi%n@ro;kNcU#G;Y1eJ=uuiaq{ODRq4b1Ca9Dk*Y_Drc_O z#pN{LU8WRdR2Gp>`E;kf?M=bHth|(56xKJk13kp5s}Qo&??g)@8>#Af#X=FJYiXY!W_!}1+?5b0iLfA)R2MeKv_knB`wZ+r+pdpG5DN8&XbrI`Rx)d^`m zS2pLbAyT#6PAl=hccHU-4**yH$(EhUX(E?gZe5wnT(U-&^%&k2muzi}koqoTFnNy`i45<{yON<^n$c`XoPYW@XPY}M zK<<|rj;S-y^IhO2G7{(Kctvk}O7RfQ0%gjD4~=vM{moQCPclH`*lAG|r+MZZ#&&H>$+Crwg_SCe~44 zM^I(0lLgt!>y3U2YAxX!cPb7)#<-2f=6e)8qOG<1wg%l?WS0Z-C+b{r%BZsowPFDC zM2fuWPT7oE^;Wu0+Kj~m>I?qG7qU?b#yGAyfgo@eaNBEo-_o>j(!qTrhx8ev0{EK2 zsL)^VzYtZDFC)w)>xU&1S7y*t6{(xxF!uM?{lXZ66=Is4x)7P zcu!!#d|r195ndzD4~WphbGC9dbkdKdzx6VlayoTKIm6!yEaOG3Py;ICu<^=(RICWd z%RPYM(LuCOf#XSCE_oWLwHr(v*{inE2*^m%z*Fxl*zd{$WPta14ybz0^F{@@lDyHl zz^oL3!>k!>T@;4=k}yax>bJba>(z`))bTZ0!ZB zxL{OjJOBlOMi$T`kFtbq(&7AoQ!&26%=E8_3Z^CC`?tj#QMcv&EGCCjB3Xb#;Bhp$ zy|dLqJSQzwsisex4lX1`*Y(h4ctF{tl#_=THT^jQ86PjlS?=Zyaz+9cGk}m^v8PI^ zI-Km~GgYa5b2VqH;ezH{*yo50F{4Z$<4}y<67tTst0+uhHEyM6z5LJ#YiY{hkpLLB z%5OC}5Ns`Iy;-zc_WB;y@SpYA4;1L_vgl4 zJRW3#fOze5*Z22ZX?;TmpV1!W=@_1KwxvD9P7UhW%IAq{`GWM!X7H4ITAp_2z%!LT zg)pwPt9=>oh`Cm%Yi5a?jZTPw&AQr~A$#)&&3Okpv0(;?D|dH6!V0nNX@LEj7$Q|O zqO%w_CYOkDOvz?Zk+yGi-`f0iiodByIpciT9s0*hDc`*3E&RS85(nwHmM;uZ=*SnE zY(g4860-?`D!N1zrc!*SvxT`2hcQXw5m>`5=CLouWlBKvD>T;UV0ow}%u0YTY}Z*+ z2v^?jO&r9fK+ULU$k5AmdL4s(T78Zl>kqTGD|OBeCz3M{7eXPLqg9jrEkNA0Ih2wV zoA3BD8G13S>Zs!rV(NU#z)R_jBv4zf2JxNZO7Im~Te)S>H|~gTS}HPFpKD)%NkbtS z3b9gohiL9&CG}$Vq$pF*!X9(0XVw-neH|N07O;rc4@XFLxv?1(YV5hupYyo9?MDv+ zdz#*^(mffn2I!f})I}~bUCe!nykER+N;FhEaao#O1;E{u?KlF%TGGFi;FoA^XHToG zVv3?3iCxJ`*<2t5j9s{X9FRYin;jp4qBZ zLmExrEMReJlYy102hsMAPSI7GaQ=mrAPpJtNAA(5m~)$3YlNXFq=5N?Ic0TjU?{4G z8Y{?`j0hSF$Ko{!FUVmaFw-Dne41UuimvdW3r$KxohTtu>o*zzL9}cjw7(SS2^$(~ zYiqZHr?49VNxJ~vuW$PEbUcBX$wW}bL7=@r)S}cXY~$BtTn52|u!8S1>4Otsfws|S zy#~ok*s#cC?;W`sYv@JjNFHYC1fag|YHT^UH7`svX%YGyFGijgYTf$xwTtcN=f+>u zRvaqeZ;$#>a%^6*w(GuVTSLBnL|vF=Zz{Wysq}#v3lLBv%S6VEYjPIYYt`i>Xv;+1 zO(Y`3$GCUQ9cbZTEBp2eKUG;U(?on|5YEqy`qPpyz=>hGF+(sga1`i{VhNMG?J25P zMAyX*kvTd3PFpWA>j#vg?!hr>F7_F{CKVO>^@rs32HC{^$5p38*zE0vWKRqA650CT zeGm`!zIP&;k%w7rLjLWGVQwJ@|I;?Z(%Iy$JDJG>hmxpX-~2_;C@u=C=oLejM1q&4J%SG0UksPDwi)ugb?avt1HMll88|t&co?(s= z^g^|O`Zt8lKLe-+r&{i}^aaogmg;o*UPQdvT*09)D@hDQQ_kTo zA+-?62FczxrVaIE>#YSpH#k2rN}t^Lx6gRmnBeRTwIFlvR=4E=<6j*&oET|t60=#t zybz#Nhg-+q?cTv@{922(zhv>MBD>k^1IeO}!*$&lQSzji6DnMpWJv?q(?-^UtU7S`h zk+P_0;y!33E$|n?7f))ZOarIQzCG?ScTwSPJZ9EkCRA{Wutp0>7W&6KnFw52OfTEjs(9K7QY#llWOK_H_d%+6( zhf;zl_TpnYmA!p#P9N%2S%!E1eRm=_zS|QYwrt2fX_xejYgRkNs#Yb2<{YRYOpiJ+ z5Z0|?YUTjnGgzapz&lvfGgvOrD`~%%xBk4L->lcxuQyCH^O=`;5mngr^awfl26PF{ zHuI{=+qt><-3Qb`1YiXr% zLxomr1?1Ryuxlk*w;!BWnh(?+EX151B*f9L9cEoykr*PlbBCGdqvX_J^G2nCRLR@; zrLge>`;GDVi2Lux@R&UMhVS6iB%Q07I!$fL8Cct25Xv!E{d8i=f zL6AnI{)@wdh5|qvGpbnV@zs5n$}uYTPXh{F0N^*0ZeJ8>N=J=;CRITqlZIv(Y^Y#! z2E_q>UxIlB3U643?rv`)e7Wp{ced7s$H<_nTp=i4JT5?0F1BzovAW}WQe;fnTC~pD zETYg>u)wRVlD+Rpzb4xXy?l>yR8qAV!1x;UpvzgkMxeU5-t5nfCZI}786vWMhU_26 z#qp`^>JNjBks2GA{<-lII7*Qz;68EUV!YT-B}|;tYko_Z9e+1x=SP&__lHFLO>;##m1*l~_$HwFH*8;yw_x2OM$R-K(% zU4;g;z|;<76o6~n4BjQpcU>G@V}e)MWhQ6yWGDuB8Cl2Z#UMx)gP?@-I%pqi(*iOz zs5P2^yf0eAOw=GmwUk*AlWCBIy&1&#$H!4W0pWpY~kMvfzYuN zDWcZm-&l2h1*j>_G|;gXYMJcB7YK>KiesR2@Fs0MgDSkYwmYyH|rSOm3UKT;-DA`2INqpL4jRHE!mbw13HjHAa~4uWfIg5 z0D&3rzLfEQKcoRy>wk3?{I{1(*=(&7(KGnIj8ZB=ycray_&pUx?4{R5U`=!CDbMn&?wwdenMZHK0s5<(XM~QE|SAHqv z7mC=ATgwZZ&^bu(ufMqDngy}mt%pInlD&qV97{2PggYHuq&aL7gs>$M)g#JanryBSP;N8;N^C#^8I$F!1#n80lj{<%eHo0@ zKrm8kCzEEs8$S;?UhujAIF;xl5WTzhr>2J1L_%+rm2$ZnU1Xl@q=ew#>*SV=!v8Uf#`WindH8`{qyTvmuu$AN%q?_ zVqu&1&4Klvjfs<%P8vrv#FJ;JxFMq1$0I50zM^%_<*xKo1F4m1n;1oms}`^O;y@E` z$jLrObj9(YtUOhgnQn56WCQ|^nCds>Ql4h5p3xzMG(OGc#c8wTJ|m zZym7SvRm0gUJ@=$^SfSICpMpF6i`i0x$m}$3>DQAmLe9ZA#=!$vx5>wi^yJ=NuvRFvfNbX7j{suZVRK1Inej0*};k;zd)uYGhj5xb-0(j}Mj@Knp`@F^dT z*r6;7_bb-<5pB}`F*K#eW+i`>1+LH2&~S;|x^d0Wh45JoDJ(_X1K_M{jy#8P2?XW^ z$!&u6TT!}f)*z4$@&`4Ioq9GcpjYD>lrE4TEHFk%r$7SfXx6!f*00wN&$S12-C!SL ze0^NHZ>JmqVojzDx6$Fcxwg8#BuU@C_P3Wl^@Pr9^Msi*0P~;e6&;TNGlmMH5-XqK zQgNO`Gy6kS63%a0y-qoeQn506fQgmu%!RK`Fp_&opvCiOjtceJDHP9g%}kaZqMa>qika=_&=Gf%kB18FHnu#A`z(VkyLH zD|Nx6jrd0&cYNN9U7&>rCd}QcQ@*$2G>{>d;?;a*(jDDfzpc6J4T=*^M_05zY~I2= zXA#A{Xk=alrnjPzlBd6|MbtC16DXIU=PY&JrXN}N%EZC{c51B@bJCU-C7;&9WNZ@jRniZ$dUvgi?=WdDz4ITq*k=H&5>9$MN9Iyb z@<&h?X%&Yc1RXWv#qB*kgic=lMsOUiW)cjJ`NNiOhn@xUO zi^Zp$W8dcCCOBHSuvF_;Ox2XMUN`0Ju>H*H!pQuO%A>!gVEwqdx$g!C?hl)jZ&|tr zVZUN%Wf~ZPnwq*o*YF9Y8(Y_-h3oYXI@Kv%+KCV4@P{P}*%e@t6zHR1kE>9_m6EsNw)-~ys!Nqdyw1Lv0ro6M`v!`tX!T{a0pA-qt-Xr}XyHWTfY?ki zTIh)6XQX&(Q=e_j;g}X-O_AXPV?YKT_h{kiTNve}LmH{6zIR+OPY16oF$IvR)NA;0 z!==00OR*VJ8>xjgRx@(BmYT3pNBha9I9hdTG~vf3l=wa4<9MKcNvU#U58K-2jZH1` z4CT8M`7X>I=^I@UBYSZrn|<%$Ja@7CqIZ6tApT}2hIO{SRJnKX-MJZrNZih~O^y$- zca9zmHK2uWW{TDL4&j-;^4~;K&LnDQ8ta+^S%dfKpWiv)s3WY|y-bP(bvyoA7qrom zfpp;=G3`D#x}op%@AUf&VWY#`S!M?_03(Lq6)*{DY93tF>%Lgxj@%A8Lr~X%ZhlO! z&$|z!xkb4L``igC=$)`K&KjK!()gM1W94N_@loaGJFDb?I^OiyarCm&obIg*5KAa8 zR^nizC2w^s!GC&|+UDAqI=%Pg4k&@gz1YIC+9MMAhO!n>>5mV7diCTq)v9uQr;t>&1JV1XEpQvQGiPo9bBtqWB*&p7n={HO^RmWpUC)2Gax> zcNl9bqv`bp1kk+iG6e8CXXcA*-iAx3PIy_z4u@3CAqRMrlN$Y|$Aj`>$^9*!sbW22<{6NlFi#`PttTO%zq<>_XUd3cO_0~%kxuueaUP_eM$W|Box$Q@o@ir{_sEn0Kt=^8-B({&q7rh zgbrgXAf(wPr86-T9*bhUJv~X&bsIIuP6P9=%!@Uj1;~2Ya%Ux|@Fn_4JHIS*x;z-^TrQ}Awx1Ctb5ONIfS5-mOJ+% zO@Kh~vPO&jFQYgR5*4_%7CbcIiB$K0zvT3!Q&Q@qc4LncWQ|CSMrLxx+;_w2?Nl%N>AOlC3pxz%z=0GL zKcXH;Wmi?pyYFmHoYyN_Dy=0X;F&kQK23f%MEed}T9Pf4)~?LgH8l`}E@;#dr)0bZ z#58jiQ5iPR615D9q+WD;;pbmgEPKB{dFi%xz*u*4l(T>cM;b-1mVVwwUJ!e)Q*$vIDSsX?J43O(pN1`e!L>sfFT zF0zlD>KsH%%U;qJXFF%oC@ncw{;0LU!m=JDQ|iBI>AYLi4v3ZXLdFMZWeWk#SI~~+ z=^|Xz_d4qkETT^TMb5o`c@sT1LT9F@6KBwHh7Ss1PBvkLdqV)`bm{jA{k{lUFZD$9wJP&ISB+V0^@__`40bfnd_+ZftUNnB6B^ z#yb-AqIm~VS!0$5qlk~D9vWEsg^0CEZ>JOrs#WCY57wL(8jkK-`0fZYziU-^j8G@j zDXHM%Jav$wd0uaT04T*1;9UsL=ugy+vr5T!>y;alZxr#Nvga0og)Uu7y(Nd&JMCX6 z9lrEJN2j0D5QeD!W^~cV5H3J`G7}qngV5hoyjmSlkj_0cva1Xd1Xus=cPua=)MEKd zMC2RG0sR=AnEpT(c6IjC2du;%B7+#*Dqm~4bFPVAvy8OrFY$L5y>n7vFE`dbKV7!T zA0~5Kf+9NKpqrgxqZ^#tui_I1C#@A8a)B&Rs44TH;yqG3xd_Z7wi8X$^+08%|4XpF-dIY`i=VmnC~B`>z}{< zpF&;#A6)bQHyG|uBmV>UJq}vI?rr-eNv9CqWE^>Ce^0P*4}=3)_QQVz0oNG0TXqkz z+JNE}|0`JBe;EaS(?B<$1c*?(UB`Rd%+nLyCL8Fy#Uj~Qvz0SJwpt? z?%qtMtU&?e>FCoKZ+k_strnzOs&xn-{7)1QfNe3~#CQ?wAWh~H{^Oyg4~JRrG$Jl6 zVQq)v2l#d@!+&lJ&@c23)r?G_I~pOAe>tMVe`lh>PbEF&1LuUYwZlF|$`T?m!wI0T z_3NOL;db(y8C|xfH$Qte;LQpr|Vu($Eb=p&rZ4Imv|3X@BfT}kmnG6uNhW>hf z@gkF;*fKHNmfGWXjaItaq6&;r5|R>7>7T++$U#6A@Go?>2rgXqLY@%k6)XOxSkvX5 z*bmKKI3c8=Fy$GOUi1VxBFXHd0%EL%@INo4FjE&QLfaTGIcAhDm9W6@#{M~Av#2J% z|Kau19|*FJ{XsqVR3-A*lb*(h8Q4FdVb4CONefTzumBBZ5g@OrxGsI960A+f|MTN? zO%-M0NDB^@UARlRE(rGLF)twZN6=y>(Xp>9?F)b**7~0gp@5{LVhn?kR}Mb8tI@?W z0Na+lYwQcJs(&uv5p#dkxw(iSdb5p8~J{=Sx#w{wTIOn=>J~oq~3M#OawR zQ5_cZ*TOrFI4~eXs%H}BM+6sPrqAPvkLI>u5`mJfw+sNW`Cp{=zYOXBIYjz@?h=1l zz^3-y++4vIhM|UW09T`cw6ll7KZq(Xl|5)-c?Z$#;^G|%7`T(q{%LweZk8@})tX!n z9l+>~GzUoBK0>@7U2_9z$!~x!40GhyP@##*0W;SO<&gSqFlWRla2PEX7UZ`H0CFUt z^cDUO@HJF}wau`?P)Uw{JTZhTFP$3iRxbnjZm4yY6fa_zRuh0de{jR)OS0WZMwx!v zA~OhjBoHf`^eKVK=bW)26B@ew^K124(F~;I?s8J|c7=6RnTQqgTiF$m`1~P?4A|Zv z#f5>;_IgKflbcBbjKI{kzRAQ?xhtf?>lm^Yy4f^aIG(qN#)go9*+uu?3zjO$@eh>6 z{T@KH_nyU&EEppsyh@L;A}_Fahe(+gYHr)VC*5<`PZX+jjp!5-T<^=2#J(lQ;H8S9 z!=z@TGnb`7v1qwinYeRk6k2TSBIU2KWa93G<|U9E{40Fhy4&OfQ!B|m(u3vk(4?)-;XTXnQ1PFlMbwhd1dWj_AGsZ*g19T9I)I6*ka^>Y`T>G?a95AB^ie8p zB}`lVs?j1(>Y2OdDZ(9}8<{%1SOFqfQKwqYyJ;dn`Cw`HiJ4<#X^9m1D^S4b#`qWI z$~kihT_eD=QN0|LDHp?+)qFlg~3TELm^da+y~hHTwAOU<>>&;Z)v z_SIQrvE`avYZ+6wr0eCBA4TcVMphx5Ga^UoUMV2Sq_O-Mitf0fih>qm@?4GITYX5k zM5O@po|(_c?{{k4+PeJv29;PVW8_clOaQ4Dn5%$bP9N2bp_7Pcs(Y&E)oi7DW+^4G zIMjWq=>;i0$4hgp*~P;oDFZUMrWO;}9Un&|L9ab%Y`StAB;CQ~WnkXBQ9={!ZO(B} zw?ObKQ;FY4ZSZ4@_<#9ve?bMV`};?I;CXjvU)%x4jLmO^3HVQ*0-6u%P416?h*+SI z20@^D9nL5LN++PXZY>Yw=_X;D!!nBULUaNBen|=DJBSAUJ7EbVAT0Pwh5 z2?eY^6M^W!`T8j(AM3SP7v~18{toCa*ci8EpMk8M50-6*r4$iLEZ0(+L7K-LF5oke`m&w(yZ~TOBU9JRht>X0nY1w~3O7;uyM+oC|(^)cS*SYKB4VeTxFYClmRZ zzXzCy8sel7Gz;CCfcNh!F-Wg$;&!UNG6d!EF+nMr=qkMm6z%+dqFviLJ593Ki@Osb zYVM`lX}>F<=e56z z9Jzc#Gv$BV@}}*zz%vX!l)SsKEq2P%Gk3&`^cdzuJ>7Y4S=ePU(6|J{ohD#^eL2&n zIh%F?hs_-mt(`WS9E_PFy}tL3{03l$mg7Xym6&S#!xvlQidL26pDLa*F}m+ew3I9G ztil_wr?0F#E4s9J|F3=h#ft^Jw=ODOx8TmTiH^zd_f6Qlz~c3~{_XG9|M~O$7Wi~k zh8?WHC6I0pg432Q`Np(;DRBG!t9+FfU=hDPa>^2&o?WM_HLe9OUj9mQrq~|vApYK~ z-#vP^U1yAKY5ExX)ZQK1e*E!fu%|S8-D72 z$!lJ(d+&Oqt-knciier$)L+|x699oTV}IoUEBJZe?ntvrCMLD5|GMSH&Z<`d<*y{b zZ4Ub};CZ9=hDv(k?=#%Lp1u2BU;OEeS#fiKgGk46 zQ*3v)WDDvXtNwiBk;QT`g~(OveTKi6i=TRWNd3F!?TuSboVrqLy14$;zplqGYs-|s zrbO<&-}`6pjiqxT#YoY9;69Q(un!KrBC6<{0p21949vseE%rc$#5BhCvuV3`pPdQ1 o+9X03+>ZqX_s|Co_s{%i{u9~asea+nEs%FSUHx3vIVCg!0E8$29smFU From d4514db00c59dba5f4e71bbcb8170998f4ccbe76 Mon Sep 17 00:00:00 2001 From: "dghubble-renovate[bot]" <119624128+dghubble-renovate[bot]@users.noreply.github.com> Date: Thu, 11 Jul 2024 17:21:07 +0000 Subject: [PATCH 070/132] Bump quay.io/cilium/operator-generic image from v1.15.6 to v1.15.7 --- addons/cilium/deployment.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/addons/cilium/deployment.tf b/addons/cilium/deployment.tf index 92117890..e066a0e0 100644 --- a/addons/cilium/deployment.tf +++ b/addons/cilium/deployment.tf @@ -58,7 +58,7 @@ resource "kubernetes_deployment" "operator" { enable_service_links = false container { name = "cilium-operator" - image = "quay.io/cilium/operator-generic:v1.15.6" + image = "quay.io/cilium/operator-generic:v1.15.7" command = ["cilium-operator-generic"] args = [ "--config-dir=/tmp/cilium/config-map", From ca1f897b35d1f873649cd7f23b75f3219328df38 Mon Sep 17 00:00:00 2001 From: "dghubble-renovate[bot]" <119624128+dghubble-renovate[bot]@users.noreply.github.com> Date: Thu, 11 Jul 2024 17:21:03 +0000 Subject: [PATCH 071/132] Bump quay.io/cilium/cilium image from v1.15.6 to v1.15.7 --- addons/cilium/daemonset.tf | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/addons/cilium/daemonset.tf b/addons/cilium/daemonset.tf index be36204c..b85275b4 100644 --- a/addons/cilium/daemonset.tf +++ b/addons/cilium/daemonset.tf @@ -61,7 +61,7 @@ resource "kubernetes_daemonset" "cilium" { # https://github.com/cilium/cilium/pull/24075 init_container { name = "install-cni" - image = "quay.io/cilium/cilium:v1.15.6" + image = "quay.io/cilium/cilium:v1.15.7" command = ["/install-plugin.sh"] security_context { allow_privilege_escalation = true @@ -80,7 +80,7 @@ resource "kubernetes_daemonset" "cilium" { # We use nsenter command with host's cgroup and mount namespaces enabled. init_container { name = "mount-cgroup" - image = "quay.io/cilium/cilium:v1.15.6" + image = "quay.io/cilium/cilium:v1.15.7" command = [ "sh", "-ec", @@ -115,7 +115,7 @@ resource "kubernetes_daemonset" "cilium" { init_container { name = "clean-cilium-state" - image = "quay.io/cilium/cilium:v1.15.6" + image = "quay.io/cilium/cilium:v1.15.7" command = ["/init-container.sh"] security_context { allow_privilege_escalation = true @@ -139,7 +139,7 @@ resource "kubernetes_daemonset" "cilium" { container { name = "cilium-agent" - image = "quay.io/cilium/cilium:v1.15.6" + image = "quay.io/cilium/cilium:v1.15.7" command = ["cilium-agent"] args = [ "--config-dir=/tmp/cilium/config-map" From 6a61afcd3b4d5f8005b3fb7fa1bf602980f2ba34 Mon Sep 17 00:00:00 2001 From: "dghubble-renovate[bot]" <119624128+dghubble-renovate[bot]@users.noreply.github.com> Date: Wed, 17 Jul 2024 16:00:47 +0000 Subject: [PATCH 072/132] Bump docker.io/flannel/flannel image from v0.25.4 to v0.25.5 --- addons/flannel/daemonset.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/addons/flannel/daemonset.tf b/addons/flannel/daemonset.tf index aa6adb51..30324073 100644 --- a/addons/flannel/daemonset.tf +++ b/addons/flannel/daemonset.tf @@ -73,7 +73,7 @@ resource "kubernetes_daemonset" "flannel" { container { name = "flannel" - image = "docker.io/flannel/flannel:v0.25.4" + image = "docker.io/flannel/flannel:v0.25.5" command = [ "/opt/bin/flanneld", "--ip-masq", From be0e5169742accb216ef902ef7768ab3859d20a8 Mon Sep 17 00:00:00 2001 From: "dghubble-renovate[bot]" <119624128+dghubble-renovate[bot]@users.noreply.github.com> Date: Mon, 15 Jul 2024 00:01:17 +0000 Subject: [PATCH 073/132] Bump mkdocs-material from 9.5.28 to v9.5.29 --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 069770b0..fcbaea79 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,4 +1,4 @@ mkdocs==1.6.0 -mkdocs-material==9.5.28 +mkdocs-material==9.5.29 pygments==2.18.0 pymdown-extensions==10.8.1 From 672bbad10b4026ba0a5a13bb8fc6a6b2ff244bc9 Mon Sep 17 00:00:00 2001 From: Dalton Hubble Date: Sun, 14 Jul 2024 13:48:55 -0700 Subject: [PATCH 074/132] Generate Azure Virtual Network IPv6 ULA space at random * Private IPv6 address space should be assigned randomly within an organization per https://datatracker.ietf.org/doc/html/rfc4193 --- azure/fedora-coreos/kubernetes/network.tf | 26 +++++++++++++++------ azure/fedora-coreos/kubernetes/variables.tf | 2 +- azure/flatcar-linux/kubernetes/network.tf | 25 +++++++++++++++----- azure/flatcar-linux/kubernetes/variables.tf | 2 +- 4 files changed, 40 insertions(+), 15 deletions(-) diff --git a/azure/fedora-coreos/kubernetes/network.tf b/azure/fedora-coreos/kubernetes/network.tf index b2dce8d0..c0bde6c6 100644 --- a/azure/fedora-coreos/kubernetes/network.tf +++ b/azure/fedora-coreos/kubernetes/network.tf @@ -1,14 +1,27 @@ +# Choose an IPv6 ULA subnet at random +# https://datatracker.ietf.org/doc/html/rfc4193 +resource "random_id" "ula-netnum" { + byte_length = 5 # 40 bits +} + locals { + # fd00::/8 -> shift 40 -> 2^40 possible /48 subnets + ula-range = cidrsubnet("fd00::/8", 40, random_id.ula-netnum.dec) + network_cidr = { + ipv4 = var.network_cidr.ipv4 + ipv6 = length(var.network_cidr.ipv6) > 0 ? var.network_cidr.ipv6 : [local.ula-range] + } + # Subdivide the virtual network into subnets # - controllers use netnum 0 # - workers use netnum 1 controller_subnets = { - ipv4 = [for i, cidr in var.network_cidr.ipv4 : cidrsubnet(cidr, 1, 0)] - ipv6 = [for i, cidr in var.network_cidr.ipv6 : cidrsubnet(cidr, 16, 0)] + ipv4 = [for i, cidr in local.network_cidr.ipv4 : cidrsubnet(cidr, 1, 0)] + ipv6 = [for i, cidr in local.network_cidr.ipv6 : cidrsubnet(cidr, 16, 0)] } worker_subnets = { - ipv4 = [for i, cidr in var.network_cidr.ipv4 : cidrsubnet(cidr, 1, 1)] - ipv6 = [for i, cidr in var.network_cidr.ipv6 : cidrsubnet(cidr, 16, 1)] + ipv4 = [for i, cidr in local.network_cidr.ipv4 : cidrsubnet(cidr, 1, 1)] + ipv6 = [for i, cidr in local.network_cidr.ipv6 : cidrsubnet(cidr, 16, 1)] } cluster_subnets = { ipv4 = concat(local.controller_subnets.ipv4, local.worker_subnets.ipv4) @@ -27,10 +40,9 @@ resource "azurerm_virtual_network" "network" { resource_group_name = azurerm_resource_group.cluster.name location = azurerm_resource_group.cluster.location address_space = concat( - var.network_cidr.ipv4, - var.network_cidr.ipv6 + local.network_cidr.ipv4, + local.network_cidr.ipv6 ) - } # Subnets - separate subnets for controllers and workers because Azure diff --git a/azure/fedora-coreos/kubernetes/variables.tf b/azure/fedora-coreos/kubernetes/variables.tf index 90323487..fb3706e1 100644 --- a/azure/fedora-coreos/kubernetes/variables.tf +++ b/azure/fedora-coreos/kubernetes/variables.tf @@ -122,7 +122,7 @@ variable "networking" { variable "network_cidr" { type = object({ ipv4 = list(string) - ipv6 = optional(list(string), ["fd9a:0d2f:b7dc::/48"]) + ipv6 = optional(list(string), []) }) description = "Virtual network CIDR ranges" default = { diff --git a/azure/flatcar-linux/kubernetes/network.tf b/azure/flatcar-linux/kubernetes/network.tf index 5b690c0f..e28e51e6 100644 --- a/azure/flatcar-linux/kubernetes/network.tf +++ b/azure/flatcar-linux/kubernetes/network.tf @@ -1,14 +1,27 @@ +# Choose an IPv6 ULA subnet at random +# https://datatracker.ietf.org/doc/html/rfc4193 +resource "random_id" "ula-netnum" { + byte_length = 5 # 40 bits +} + locals { + # fd00::/8 -> shift 40 -> 2^40 possible /48 subnets + ula-range = cidrsubnet("fd00::/8", 40, random_id.ula-netnum.dec) + network_cidr = { + ipv4 = var.network_cidr.ipv4 + ipv6 = length(var.network_cidr.ipv6) > 0 ? var.network_cidr.ipv6 : [local.ula-range] + } + # Subdivide the virtual network into subnets # - controllers use netnum 0 # - workers use netnum 1 controller_subnets = { - ipv4 = [for i, cidr in var.network_cidr.ipv4 : cidrsubnet(cidr, 1, 0)] - ipv6 = [for i, cidr in var.network_cidr.ipv6 : cidrsubnet(cidr, 16, 0)] + ipv4 = [for i, cidr in local.network_cidr.ipv4 : cidrsubnet(cidr, 1, 0)] + ipv6 = [for i, cidr in local.network_cidr.ipv6 : cidrsubnet(cidr, 16, 0)] } worker_subnets = { - ipv4 = [for i, cidr in var.network_cidr.ipv4 : cidrsubnet(cidr, 1, 1)] - ipv6 = [for i, cidr in var.network_cidr.ipv6 : cidrsubnet(cidr, 16, 1)] + ipv4 = [for i, cidr in local.network_cidr.ipv4 : cidrsubnet(cidr, 1, 1)] + ipv6 = [for i, cidr in local.network_cidr.ipv6 : cidrsubnet(cidr, 16, 1)] } cluster_subnets = { ipv4 = concat(local.controller_subnets.ipv4, local.worker_subnets.ipv4) @@ -27,8 +40,8 @@ resource "azurerm_virtual_network" "network" { resource_group_name = azurerm_resource_group.cluster.name location = azurerm_resource_group.cluster.location address_space = concat( - var.network_cidr.ipv4, - var.network_cidr.ipv6 + local.network_cidr.ipv4, + local.network_cidr.ipv6 ) } diff --git a/azure/flatcar-linux/kubernetes/variables.tf b/azure/flatcar-linux/kubernetes/variables.tf index 232331c4..a15bdcfe 100644 --- a/azure/flatcar-linux/kubernetes/variables.tf +++ b/azure/flatcar-linux/kubernetes/variables.tf @@ -127,7 +127,7 @@ variable "networking" { variable "network_cidr" { type = object({ ipv4 = list(string) - ipv6 = optional(list(string), ["fd9a:0d2f:b7dc::/48"]) + ipv6 = optional(list(string), []) }) description = "Virtual network CIDR ranges" default = { From 0669d44026867b3a63f7c8d58367361aba889ad0 Mon Sep 17 00:00:00 2001 From: Dalton Hubble Date: Sat, 20 Jul 2024 11:04:32 -0700 Subject: [PATCH 075/132] Update Kubernetes from v1.30.2 to v1.30.3 * Update builtin Cilium manifests from v1.15.6 to v1.15.7 * Update builtin flannel manifests from v0.25.4 to v0.25.5 --- CHANGES.md | 6 ++++ README.md | 10 +++---- aws/fedora-coreos/kubernetes/README.md | 2 +- aws/fedora-coreos/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/workers/butane/worker.yaml | 2 +- aws/flatcar-linux/kubernetes/README.md | 2 +- aws/flatcar-linux/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/workers/butane/worker.yaml | 2 +- azure/fedora-coreos/kubernetes/README.md | 2 +- azure/fedora-coreos/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/workers/butane/worker.yaml | 2 +- azure/flatcar-linux/kubernetes/README.md | 2 +- azure/flatcar-linux/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/workers/butane/worker.yaml | 2 +- bare-metal/fedora-coreos/kubernetes/README.md | 2 +- .../fedora-coreos/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/worker/butane/worker.yaml | 2 +- bare-metal/flatcar-linux/kubernetes/README.md | 2 +- .../flatcar-linux/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/worker/butane/worker.yaml | 2 +- .../fedora-coreos/kubernetes/README.md | 2 +- .../fedora-coreos/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/butane/worker.yaml | 2 +- .../flatcar-linux/kubernetes/README.md | 2 +- .../flatcar-linux/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/butane/worker.yaml | 2 +- docs/advanced/arm64.md | 28 +++++++++---------- docs/advanced/nodes.md | 8 +++--- docs/advanced/worker-pools.md | 22 +++++++-------- docs/fedora-coreos/aws.md | 10 +++---- docs/fedora-coreos/azure.md | 10 +++---- docs/fedora-coreos/bare-metal.md | 12 ++++---- docs/fedora-coreos/digitalocean.md | 10 +++---- docs/fedora-coreos/google-cloud.md | 10 +++---- docs/flatcar-linux/aws.md | 10 +++---- docs/flatcar-linux/azure.md | 10 +++---- docs/flatcar-linux/bare-metal.md | 12 ++++---- docs/flatcar-linux/digitalocean.md | 10 +++---- docs/flatcar-linux/google-cloud.md | 10 +++---- docs/index.md | 10 +++---- docs/topics/maintenance.md | 8 +++--- .../fedora-coreos/kubernetes/README.md | 2 +- .../fedora-coreos/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/workers/butane/worker.yaml | 2 +- .../flatcar-linux/kubernetes/README.md | 2 +- .../flatcar-linux/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/workers/butane/worker.yaml | 2 +- 57 files changed, 151 insertions(+), 145 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index 7d1e5129..22433214 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -4,6 +4,12 @@ Notable changes between versions. ## Latest +## v1.30.3 + +* Kubernetes [v1.30.3](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.30.md#v1303) +* Update Cilium from v1.15.6 to [v1.15.7](https://github.com/cilium/cilium/releases/tag/v1.15.7) +* Update flannel from v0.25.4 to [v0.25.5](https://github.com/flannel-io/flannel/releases/tag/v0.25.5) + ### Azure * Configure the virtual network and subnets with IPv6 private address space diff --git a/README.md b/README.md index 2ce903ad..956e8c9f 100644 --- a/README.md +++ b/README.md @@ -18,7 +18,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.30.2 (upstream) +* Kubernetes v1.30.3 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/), SELinux enforcing * Advanced features like [worker pools](https://typhoon.psdn.io/advanced/worker-pools/), [preemptible](https://typhoon.psdn.io/flatcar-linux/google-cloud/#preemption) workers, and [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization @@ -78,7 +78,7 @@ Define a Kubernetes cluster by using the Terraform module for your chosen platfo ```tf module "yavin" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.30.2" + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.30.3" # Google Cloud cluster_name = "yavin" @@ -117,9 +117,9 @@ In 4-8 minutes (varies by platform), the cluster will be ready. This Google Clou $ export KUBECONFIG=/home/user/.kube/configs/yavin-config $ kubectl get nodes NAME ROLES STATUS AGE VERSION -yavin-controller-0.c.example-com.internal Ready 6m v1.30.2 -yavin-worker-jrbf.c.example-com.internal Ready 5m v1.30.2 -yavin-worker-mzdm.c.example-com.internal Ready 5m v1.30.2 +yavin-controller-0.c.example-com.internal Ready 6m v1.30.3 +yavin-worker-jrbf.c.example-com.internal Ready 5m v1.30.3 +yavin-worker-mzdm.c.example-com.internal Ready 5m v1.30.3 ``` List the pods. diff --git a/aws/fedora-coreos/kubernetes/README.md b/aws/fedora-coreos/kubernetes/README.md index f5babf51..722cf068 100644 --- a/aws/fedora-coreos/kubernetes/README.md +++ b/aws/fedora-coreos/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.30.2 (upstream) +* Kubernetes v1.30.3 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/), SELinux enforcing * Advanced features like [worker pools](https://typhoon.psdn.io/advanced/worker-pools/), [spot](https://typhoon.psdn.io/fedora-coreos/aws/#spot) workers, and [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/aws/fedora-coreos/kubernetes/bootstrap.tf b/aws/fedora-coreos/kubernetes/bootstrap.tf index db40a086..541ec83d 100644 --- a/aws/fedora-coreos/kubernetes/bootstrap.tf +++ b/aws/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=886f501bf7b624fc12acac83449b81d0dc8b8849" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=ca1f897b35d1f873649cd7f23b75f3219328df38" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/aws/fedora-coreos/kubernetes/butane/controller.yaml b/aws/fedora-coreos/kubernetes/butane/controller.yaml index 87163553..940435c8 100644 --- a/aws/fedora-coreos/kubernetes/butane/controller.yaml +++ b/aws/fedora-coreos/kubernetes/butane/controller.yaml @@ -57,7 +57,7 @@ systemd: After=afterburn.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.2 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.3 EnvironmentFile=/run/metadata/afterburn ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests @@ -116,7 +116,7 @@ systemd: --volume /opt/bootstrap/assets:/assets:ro,Z \ --volume /opt/bootstrap/apply:/apply:ro,Z \ --entrypoint=/apply \ - quay.io/poseidon/kubelet:v1.30.2 + quay.io/poseidon/kubelet:v1.30.3 ExecStartPost=/bin/touch /opt/bootstrap/bootstrap.done ExecStartPost=-/usr/bin/podman stop bootstrap storage: diff --git a/aws/fedora-coreos/kubernetes/workers/butane/worker.yaml b/aws/fedora-coreos/kubernetes/workers/butane/worker.yaml index e72e4cca..3888a4bc 100644 --- a/aws/fedora-coreos/kubernetes/workers/butane/worker.yaml +++ b/aws/fedora-coreos/kubernetes/workers/butane/worker.yaml @@ -29,7 +29,7 @@ systemd: After=afterburn.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.2 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.3 EnvironmentFile=/run/metadata/afterburn ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests diff --git a/aws/flatcar-linux/kubernetes/README.md b/aws/flatcar-linux/kubernetes/README.md index 41ce325b..9ddd76ff 100644 --- a/aws/flatcar-linux/kubernetes/README.md +++ b/aws/flatcar-linux/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.30.2 (upstream) +* Kubernetes v1.30.3 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/) * Advanced features like [worker pools](https://typhoon.psdn.io/advanced/worker-pools/), [spot](https://typhoon.psdn.io/flatcar-linux/aws/#spot) workers, and [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/aws/flatcar-linux/kubernetes/bootstrap.tf b/aws/flatcar-linux/kubernetes/bootstrap.tf index db40a086..541ec83d 100644 --- a/aws/flatcar-linux/kubernetes/bootstrap.tf +++ b/aws/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=886f501bf7b624fc12acac83449b81d0dc8b8849" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=ca1f897b35d1f873649cd7f23b75f3219328df38" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/aws/flatcar-linux/kubernetes/butane/controller.yaml b/aws/flatcar-linux/kubernetes/butane/controller.yaml index 94e197c7..b591b785 100644 --- a/aws/flatcar-linux/kubernetes/butane/controller.yaml +++ b/aws/flatcar-linux/kubernetes/butane/controller.yaml @@ -58,7 +58,7 @@ systemd: After=coreos-metadata.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.2 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.3 EnvironmentFile=/run/metadata/coreos ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests @@ -109,7 +109,7 @@ systemd: Type=oneshot RemainAfterExit=true WorkingDirectory=/opt/bootstrap - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.2 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.3 ExecStart=/usr/bin/docker run \ -v /etc/kubernetes/pki:/etc/kubernetes/pki:ro \ -v /opt/bootstrap/assets:/assets:ro \ diff --git a/aws/flatcar-linux/kubernetes/workers/butane/worker.yaml b/aws/flatcar-linux/kubernetes/workers/butane/worker.yaml index a8fbaf71..33d212f0 100644 --- a/aws/flatcar-linux/kubernetes/workers/butane/worker.yaml +++ b/aws/flatcar-linux/kubernetes/workers/butane/worker.yaml @@ -30,7 +30,7 @@ systemd: After=coreos-metadata.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.2 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.3 EnvironmentFile=/run/metadata/coreos ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests diff --git a/azure/fedora-coreos/kubernetes/README.md b/azure/fedora-coreos/kubernetes/README.md index 6034f4ed..1aa101c8 100644 --- a/azure/fedora-coreos/kubernetes/README.md +++ b/azure/fedora-coreos/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.30.2 (upstream) +* Kubernetes v1.30.3 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/), SELinux enforcing * Advanced features like [worker pools](https://typhoon.psdn.io/advanced/worker-pools/), [spot priority](https://typhoon.psdn.io/fedora-coreos/azure/#low-priority) workers, and [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/azure/fedora-coreos/kubernetes/bootstrap.tf b/azure/fedora-coreos/kubernetes/bootstrap.tf index 62396439..1aac7b66 100644 --- a/azure/fedora-coreos/kubernetes/bootstrap.tf +++ b/azure/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=886f501bf7b624fc12acac83449b81d0dc8b8849" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=ca1f897b35d1f873649cd7f23b75f3219328df38" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/azure/fedora-coreos/kubernetes/butane/controller.yaml b/azure/fedora-coreos/kubernetes/butane/controller.yaml index 209583e3..9124e2c9 100644 --- a/azure/fedora-coreos/kubernetes/butane/controller.yaml +++ b/azure/fedora-coreos/kubernetes/butane/controller.yaml @@ -54,7 +54,7 @@ systemd: Description=Kubelet (System Container) Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.2 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.3 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin @@ -111,7 +111,7 @@ systemd: --volume /opt/bootstrap/assets:/assets:ro,Z \ --volume /opt/bootstrap/apply:/apply:ro,Z \ --entrypoint=/apply \ - quay.io/poseidon/kubelet:v1.30.2 + quay.io/poseidon/kubelet:v1.30.3 ExecStartPost=/bin/touch /opt/bootstrap/bootstrap.done ExecStartPost=-/usr/bin/podman stop bootstrap storage: diff --git a/azure/fedora-coreos/kubernetes/workers/butane/worker.yaml b/azure/fedora-coreos/kubernetes/workers/butane/worker.yaml index c0e94cd4..b30fe1da 100644 --- a/azure/fedora-coreos/kubernetes/workers/butane/worker.yaml +++ b/azure/fedora-coreos/kubernetes/workers/butane/worker.yaml @@ -26,7 +26,7 @@ systemd: Description=Kubelet (System Container) Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.2 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.3 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin diff --git a/azure/flatcar-linux/kubernetes/README.md b/azure/flatcar-linux/kubernetes/README.md index 2214251c..a6656866 100644 --- a/azure/flatcar-linux/kubernetes/README.md +++ b/azure/flatcar-linux/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.30.2 (upstream) +* Kubernetes v1.30.3 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/) * Advanced features like [worker pools](https://typhoon.psdn.io/advanced/worker-pools/), [low-priority](https://typhoon.psdn.io/flatcar-linux/azure/#low-priority) workers, and [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/azure/flatcar-linux/kubernetes/bootstrap.tf b/azure/flatcar-linux/kubernetes/bootstrap.tf index 62396439..1aac7b66 100644 --- a/azure/flatcar-linux/kubernetes/bootstrap.tf +++ b/azure/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=886f501bf7b624fc12acac83449b81d0dc8b8849" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=ca1f897b35d1f873649cd7f23b75f3219328df38" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/azure/flatcar-linux/kubernetes/butane/controller.yaml b/azure/flatcar-linux/kubernetes/butane/controller.yaml index eced4bf7..5974197d 100644 --- a/azure/flatcar-linux/kubernetes/butane/controller.yaml +++ b/azure/flatcar-linux/kubernetes/butane/controller.yaml @@ -56,7 +56,7 @@ systemd: After=docker.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.2 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.3 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin @@ -105,7 +105,7 @@ systemd: Type=oneshot RemainAfterExit=true WorkingDirectory=/opt/bootstrap - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.2 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.3 ExecStart=/usr/bin/docker run \ -v /etc/kubernetes/pki:/etc/kubernetes/pki:ro \ -v /opt/bootstrap/assets:/assets:ro \ diff --git a/azure/flatcar-linux/kubernetes/workers/butane/worker.yaml b/azure/flatcar-linux/kubernetes/workers/butane/worker.yaml index d18b0f0f..cc0efb01 100644 --- a/azure/flatcar-linux/kubernetes/workers/butane/worker.yaml +++ b/azure/flatcar-linux/kubernetes/workers/butane/worker.yaml @@ -28,7 +28,7 @@ systemd: After=docker.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.2 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.3 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin diff --git a/bare-metal/fedora-coreos/kubernetes/README.md b/bare-metal/fedora-coreos/kubernetes/README.md index 306c15d7..9b68579d 100644 --- a/bare-metal/fedora-coreos/kubernetes/README.md +++ b/bare-metal/fedora-coreos/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.30.2 (upstream) +* Kubernetes v1.30.3 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/), SELinux enforcing * Advanced features like [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/bare-metal/fedora-coreos/kubernetes/bootstrap.tf b/bare-metal/fedora-coreos/kubernetes/bootstrap.tf index e0c7e557..999544f2 100644 --- a/bare-metal/fedora-coreos/kubernetes/bootstrap.tf +++ b/bare-metal/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=886f501bf7b624fc12acac83449b81d0dc8b8849" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=ca1f897b35d1f873649cd7f23b75f3219328df38" cluster_name = var.cluster_name api_servers = [var.k8s_domain_name] diff --git a/bare-metal/fedora-coreos/kubernetes/butane/controller.yaml b/bare-metal/fedora-coreos/kubernetes/butane/controller.yaml index 943c7c9f..7a248322 100644 --- a/bare-metal/fedora-coreos/kubernetes/butane/controller.yaml +++ b/bare-metal/fedora-coreos/kubernetes/butane/controller.yaml @@ -53,7 +53,7 @@ systemd: Description=Kubelet (System Container) Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.2 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.3 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin @@ -113,7 +113,7 @@ systemd: Type=oneshot RemainAfterExit=true WorkingDirectory=/opt/bootstrap - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.2 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.3 ExecStartPre=-/usr/bin/podman rm bootstrap ExecStart=/usr/bin/podman run --name bootstrap \ --network host \ diff --git a/bare-metal/fedora-coreos/kubernetes/worker/butane/worker.yaml b/bare-metal/fedora-coreos/kubernetes/worker/butane/worker.yaml index cd5e8ef9..653c25c6 100644 --- a/bare-metal/fedora-coreos/kubernetes/worker/butane/worker.yaml +++ b/bare-metal/fedora-coreos/kubernetes/worker/butane/worker.yaml @@ -25,7 +25,7 @@ systemd: Description=Kubelet (System Container) Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.2 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.3 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin diff --git a/bare-metal/flatcar-linux/kubernetes/README.md b/bare-metal/flatcar-linux/kubernetes/README.md index c20ed609..c125ddce 100644 --- a/bare-metal/flatcar-linux/kubernetes/README.md +++ b/bare-metal/flatcar-linux/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.30.2 (upstream) +* Kubernetes v1.30.3 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/) * Advanced features like [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/bare-metal/flatcar-linux/kubernetes/bootstrap.tf b/bare-metal/flatcar-linux/kubernetes/bootstrap.tf index 71026dc0..64c4a120 100644 --- a/bare-metal/flatcar-linux/kubernetes/bootstrap.tf +++ b/bare-metal/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=886f501bf7b624fc12acac83449b81d0dc8b8849" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=ca1f897b35d1f873649cd7f23b75f3219328df38" cluster_name = var.cluster_name api_servers = [var.k8s_domain_name] diff --git a/bare-metal/flatcar-linux/kubernetes/butane/controller.yaml b/bare-metal/flatcar-linux/kubernetes/butane/controller.yaml index 4885c5c0..042cf3c9 100644 --- a/bare-metal/flatcar-linux/kubernetes/butane/controller.yaml +++ b/bare-metal/flatcar-linux/kubernetes/butane/controller.yaml @@ -64,7 +64,7 @@ systemd: After=docker.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.2 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.3 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin @@ -114,7 +114,7 @@ systemd: Type=oneshot RemainAfterExit=true WorkingDirectory=/opt/bootstrap - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.2 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.3 ExecStart=/usr/bin/docker run \ -v /etc/kubernetes/pki:/etc/kubernetes/pki:ro \ -v /opt/bootstrap/assets:/assets:ro \ diff --git a/bare-metal/flatcar-linux/kubernetes/worker/butane/worker.yaml b/bare-metal/flatcar-linux/kubernetes/worker/butane/worker.yaml index 476e4f99..1b3908ec 100644 --- a/bare-metal/flatcar-linux/kubernetes/worker/butane/worker.yaml +++ b/bare-metal/flatcar-linux/kubernetes/worker/butane/worker.yaml @@ -36,7 +36,7 @@ systemd: After=docker.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.2 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.3 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin diff --git a/digital-ocean/fedora-coreos/kubernetes/README.md b/digital-ocean/fedora-coreos/kubernetes/README.md index 1f36ac97..53e8ac25 100644 --- a/digital-ocean/fedora-coreos/kubernetes/README.md +++ b/digital-ocean/fedora-coreos/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.30.2 (upstream) +* Kubernetes v1.30.3 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/), SELinux enforcing * Advanced features like [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/digital-ocean/fedora-coreos/kubernetes/bootstrap.tf b/digital-ocean/fedora-coreos/kubernetes/bootstrap.tf index 70b7863e..5c8f30d1 100644 --- a/digital-ocean/fedora-coreos/kubernetes/bootstrap.tf +++ b/digital-ocean/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=886f501bf7b624fc12acac83449b81d0dc8b8849" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=ca1f897b35d1f873649cd7f23b75f3219328df38" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/digital-ocean/fedora-coreos/kubernetes/butane/controller.yaml b/digital-ocean/fedora-coreos/kubernetes/butane/controller.yaml index 36414db8..041099b6 100644 --- a/digital-ocean/fedora-coreos/kubernetes/butane/controller.yaml +++ b/digital-ocean/fedora-coreos/kubernetes/butane/controller.yaml @@ -55,7 +55,7 @@ systemd: After=afterburn.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.2 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.3 EnvironmentFile=/run/metadata/afterburn ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests @@ -123,7 +123,7 @@ systemd: --volume /opt/bootstrap/assets:/assets:ro,Z \ --volume /opt/bootstrap/apply:/apply:ro,Z \ --entrypoint=/apply \ - quay.io/poseidon/kubelet:v1.30.2 + quay.io/poseidon/kubelet:v1.30.3 ExecStartPost=/bin/touch /opt/bootstrap/bootstrap.done ExecStartPost=-/usr/bin/podman stop bootstrap storage: diff --git a/digital-ocean/fedora-coreos/kubernetes/butane/worker.yaml b/digital-ocean/fedora-coreos/kubernetes/butane/worker.yaml index 72edfcc0..2bf20e68 100644 --- a/digital-ocean/fedora-coreos/kubernetes/butane/worker.yaml +++ b/digital-ocean/fedora-coreos/kubernetes/butane/worker.yaml @@ -28,7 +28,7 @@ systemd: After=afterburn.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.2 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.3 EnvironmentFile=/run/metadata/afterburn ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests diff --git a/digital-ocean/flatcar-linux/kubernetes/README.md b/digital-ocean/flatcar-linux/kubernetes/README.md index 01f81adb..f0c092ba 100644 --- a/digital-ocean/flatcar-linux/kubernetes/README.md +++ b/digital-ocean/flatcar-linux/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.30.2 (upstream) +* Kubernetes v1.30.3 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/) * Advanced features like [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/digital-ocean/flatcar-linux/kubernetes/bootstrap.tf b/digital-ocean/flatcar-linux/kubernetes/bootstrap.tf index 70b7863e..5c8f30d1 100644 --- a/digital-ocean/flatcar-linux/kubernetes/bootstrap.tf +++ b/digital-ocean/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=886f501bf7b624fc12acac83449b81d0dc8b8849" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=ca1f897b35d1f873649cd7f23b75f3219328df38" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/digital-ocean/flatcar-linux/kubernetes/butane/controller.yaml b/digital-ocean/flatcar-linux/kubernetes/butane/controller.yaml index 33fad42e..a1dd93f9 100644 --- a/digital-ocean/flatcar-linux/kubernetes/butane/controller.yaml +++ b/digital-ocean/flatcar-linux/kubernetes/butane/controller.yaml @@ -66,7 +66,7 @@ systemd: After=coreos-metadata.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.2 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.3 EnvironmentFile=/run/metadata/coreos ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests @@ -117,7 +117,7 @@ systemd: Type=oneshot RemainAfterExit=true WorkingDirectory=/opt/bootstrap - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.2 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.3 ExecStart=/usr/bin/docker run \ -v /etc/kubernetes/pki:/etc/kubernetes/pki:ro \ -v /opt/bootstrap/assets:/assets:ro \ diff --git a/digital-ocean/flatcar-linux/kubernetes/butane/worker.yaml b/digital-ocean/flatcar-linux/kubernetes/butane/worker.yaml index a3d6fb8f..bee5f7a0 100644 --- a/digital-ocean/flatcar-linux/kubernetes/butane/worker.yaml +++ b/digital-ocean/flatcar-linux/kubernetes/butane/worker.yaml @@ -38,7 +38,7 @@ systemd: After=coreos-metadata.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.2 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.3 EnvironmentFile=/run/metadata/coreos ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests diff --git a/docs/advanced/arm64.md b/docs/advanced/arm64.md index c859d77b..fa6a72f4 100644 --- a/docs/advanced/arm64.md +++ b/docs/advanced/arm64.md @@ -15,7 +15,7 @@ Create a cluster on AWS with ARM64 controller and worker nodes. Container worklo ```tf module "gravitas" { - source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes?ref=v1.30.2" + source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes?ref=v1.30.3" # AWS cluster_name = "gravitas" @@ -40,7 +40,7 @@ Create a cluster on AWS with ARM64 controller and worker nodes. Container worklo ```tf module "gravitas" { - source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes?ref=v1.30.2" + source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes?ref=v1.30.3" # AWS cluster_name = "gravitas" @@ -66,9 +66,9 @@ Verify the cluster has only arm64 (`aarch64`) nodes. For Flatcar Linux, describe ``` $ kubectl get nodes -o wide NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME -ip-10-0-21-119 Ready 77s v1.30.2 10.0.21.119 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.aarch64 containerd://1.5.8 -ip-10-0-32-166 Ready 80s v1.30.2 10.0.32.166 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.aarch64 containerd://1.5.8 -ip-10-0-5-79 Ready 77s v1.30.2 10.0.5.79 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.aarch64 containerd://1.5.8 +ip-10-0-21-119 Ready 77s v1.30.3 10.0.21.119 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.aarch64 containerd://1.5.8 +ip-10-0-32-166 Ready 80s v1.30.3 10.0.32.166 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.aarch64 containerd://1.5.8 +ip-10-0-5-79 Ready 77s v1.30.3 10.0.5.79 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.aarch64 containerd://1.5.8 ``` ## Hybrid @@ -79,7 +79,7 @@ Create a hybrid/mixed arch cluster by defining an AWS cluster. Then define a [wo ```tf module "gravitas" { - source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes?ref=v1.30.2" + source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes?ref=v1.30.3" # AWS cluster_name = "gravitas" @@ -102,7 +102,7 @@ Create a hybrid/mixed arch cluster by defining an AWS cluster. Then define a [wo ```tf module "gravitas" { - source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes?ref=v1.30.2" + source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes?ref=v1.30.3" # AWS cluster_name = "gravitas" @@ -125,7 +125,7 @@ Create a hybrid/mixed arch cluster by defining an AWS cluster. Then define a [wo ```tf module "gravitas-arm64" { - source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes/workers?ref=v1.30.2" + source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes/workers?ref=v1.30.3" # AWS vpc_id = module.gravitas.vpc_id @@ -149,7 +149,7 @@ Create a hybrid/mixed arch cluster by defining an AWS cluster. Then define a [wo ```tf module "gravitas-arm64" { - source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes/workers?ref=v1.30.2" + source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes/workers?ref=v1.30.3" # AWS vpc_id = module.gravitas.vpc_id @@ -174,10 +174,10 @@ Verify amd64 (x86_64) and arm64 (aarch64) nodes are present. ``` $ kubectl get nodes -o wide NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME -ip-10-0-1-73 Ready 111m v1.30.2 10.0.1.73 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.x86_64 containerd://1.5.8 -ip-10-0-22-79... Ready 111m v1.30.2 10.0.22.79 Flatcar Container Linux by Kinvolk 3033.2.0 (Oklo) 5.10.84-flatcar containerd://1.5.8 -ip-10-0-24-130 Ready 111m v1.30.2 10.0.24.130 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.x86_64 containerd://1.5.8 -ip-10-0-39-19 Ready 111m v1.30.2 10.0.39.19 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.x86_64 containerd://1.5.8 +ip-10-0-1-73 Ready 111m v1.30.3 10.0.1.73 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.x86_64 containerd://1.5.8 +ip-10-0-22-79... Ready 111m v1.30.3 10.0.22.79 Flatcar Container Linux by Kinvolk 3033.2.0 (Oklo) 5.10.84-flatcar containerd://1.5.8 +ip-10-0-24-130 Ready 111m v1.30.3 10.0.24.130 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.x86_64 containerd://1.5.8 +ip-10-0-39-19 Ready 111m v1.30.3 10.0.39.19 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.x86_64 containerd://1.5.8 ``` ## Azure @@ -186,7 +186,7 @@ Create a cluster on Azure with ARM64 controller and worker nodes. Container work ```tf module "ramius" { - source = "git::https://github.com/poseidon/typhoon//azure/flatcar-linux/kubernetes?ref=v1.30.2" + source = "git::https://github.com/poseidon/typhoon//azure/flatcar-linux/kubernetes?ref=v1.30.3" # Azure cluster_name = "ramius" diff --git a/docs/advanced/nodes.md b/docs/advanced/nodes.md index 8ec984dd..8f94a34b 100644 --- a/docs/advanced/nodes.md +++ b/docs/advanced/nodes.md @@ -36,7 +36,7 @@ Add custom initial worker node labels to default workers or worker pool nodes to ```tf module "yavin" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.30.2" + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.30.3" # Google Cloud cluster_name = "yavin" @@ -57,7 +57,7 @@ Add custom initial worker node labels to default workers or worker pool nodes to ```tf module "yavin-pool" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes/workers?ref=v1.30.2" + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes/workers?ref=v1.30.3" # Google Cloud cluster_name = "yavin" @@ -89,7 +89,7 @@ Add custom initial taints on worker pool nodes to indicate a node is unique and ```tf module "yavin" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.30.2" + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.30.3" # Google Cloud cluster_name = "yavin" @@ -110,7 +110,7 @@ Add custom initial taints on worker pool nodes to indicate a node is unique and ```tf module "yavin-pool" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes/workers?ref=v1.30.2" + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes/workers?ref=v1.30.3" # Google Cloud cluster_name = "yavin" diff --git a/docs/advanced/worker-pools.md b/docs/advanced/worker-pools.md index f03aebfb..4ef1eb51 100644 --- a/docs/advanced/worker-pools.md +++ b/docs/advanced/worker-pools.md @@ -19,7 +19,7 @@ Create a cluster following the AWS [tutorial](../flatcar-linux/aws.md#cluster). ```tf module "tempest-worker-pool" { - source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes/workers?ref=v1.30.2" + source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes/workers?ref=v1.30.3" # AWS vpc_id = module.tempest.vpc_id @@ -42,7 +42,7 @@ Create a cluster following the AWS [tutorial](../flatcar-linux/aws.md#cluster). ```tf module "tempest-worker-pool" { - source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes/workers?ref=v1.30.2" + source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes/workers?ref=v1.30.3" # AWS vpc_id = module.tempest.vpc_id @@ -111,7 +111,7 @@ Create a cluster following the Azure [tutorial](../flatcar-linux/azure.md#cluste ```tf module "ramius-worker-pool" { - source = "git::https://github.com/poseidon/typhoon//azure/fedora-coreos/kubernetes/workers?ref=v1.30.2" + source = "git::https://github.com/poseidon/typhoon//azure/fedora-coreos/kubernetes/workers?ref=v1.30.3" # Azure location = module.ramius.location @@ -137,7 +137,7 @@ Create a cluster following the Azure [tutorial](../flatcar-linux/azure.md#cluste ```tf module "ramius-worker-pool" { - source = "git::https://github.com/poseidon/typhoon//azure/flatcar-linux/kubernetes/workers?ref=v1.30.2" + source = "git::https://github.com/poseidon/typhoon//azure/flatcar-linux/kubernetes/workers?ref=v1.30.3" # Azure location = module.ramius.location @@ -207,7 +207,7 @@ Create a cluster following the Google Cloud [tutorial](../flatcar-linux/google-c ```tf module "yavin-worker-pool" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes/workers?ref=v1.30.2" + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes/workers?ref=v1.30.3" # Google Cloud region = "europe-west2" @@ -231,7 +231,7 @@ Create a cluster following the Google Cloud [tutorial](../flatcar-linux/google-c ```tf module "yavin-worker-pool" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/flatcar-linux/kubernetes/workers?ref=v1.30.2" + source = "git::https://github.com/poseidon/typhoon//google-cloud/flatcar-linux/kubernetes/workers?ref=v1.30.3" # Google Cloud region = "europe-west2" @@ -262,11 +262,11 @@ Verify a managed instance group of workers joins the cluster within a few minute ``` $ kubectl get nodes NAME STATUS AGE VERSION -yavin-controller-0.c.example-com.internal Ready 6m v1.30.2 -yavin-worker-jrbf.c.example-com.internal Ready 5m v1.30.2 -yavin-worker-mzdm.c.example-com.internal Ready 5m v1.30.2 -yavin-16x-worker-jrbf.c.example-com.internal Ready 3m v1.30.2 -yavin-16x-worker-mzdm.c.example-com.internal Ready 3m v1.30.2 +yavin-controller-0.c.example-com.internal Ready 6m v1.30.3 +yavin-worker-jrbf.c.example-com.internal Ready 5m v1.30.3 +yavin-worker-mzdm.c.example-com.internal Ready 5m v1.30.3 +yavin-16x-worker-jrbf.c.example-com.internal Ready 3m v1.30.3 +yavin-16x-worker-mzdm.c.example-com.internal Ready 3m v1.30.3 ``` ### Variables diff --git a/docs/fedora-coreos/aws.md b/docs/fedora-coreos/aws.md index 4f9f80a9..ac20b777 100644 --- a/docs/fedora-coreos/aws.md +++ b/docs/fedora-coreos/aws.md @@ -1,6 +1,6 @@ # AWS -In this tutorial, we'll create a Kubernetes v1.30.2 cluster on AWS with Fedora CoreOS. +In this tutorial, we'll create a Kubernetes v1.30.3 cluster on AWS with Fedora CoreOS. We'll declare a Kubernetes cluster using the Typhoon Terraform module. Then apply the changes to create a VPC, gateway, subnets, security groups, controller instances, worker auto-scaling group, network load balancer, and TLS assets. @@ -72,7 +72,7 @@ Define a Kubernetes cluster using the module `aws/fedora-coreos/kubernetes`. ```tf module "tempest" { - source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes?ref=v1.30.2" + source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes?ref=v1.30.3" # AWS cluster_name = "tempest" @@ -145,9 +145,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/tempest-config $ kubectl get nodes NAME STATUS ROLES AGE VERSION -ip-10-0-3-155 Ready 10m v1.30.2 -ip-10-0-26-65 Ready 10m v1.30.2 -ip-10-0-41-21 Ready 10m v1.30.2 +ip-10-0-3-155 Ready 10m v1.30.3 +ip-10-0-26-65 Ready 10m v1.30.3 +ip-10-0-41-21 Ready 10m v1.30.3 ``` List the pods. diff --git a/docs/fedora-coreos/azure.md b/docs/fedora-coreos/azure.md index 089f03dd..397157bc 100644 --- a/docs/fedora-coreos/azure.md +++ b/docs/fedora-coreos/azure.md @@ -1,6 +1,6 @@ # Azure -In this tutorial, we'll create a Kubernetes v1.30.2 cluster on Azure with Fedora CoreOS. +In this tutorial, we'll create a Kubernetes v1.30.3 cluster on Azure with Fedora CoreOS. We'll declare a Kubernetes cluster using the Typhoon Terraform module. Then apply the changes to create a resource group, virtual network, subnets, security groups, controller availability set, worker scale set, load balancer, and TLS assets. @@ -86,7 +86,7 @@ Define a Kubernetes cluster using the module `azure/fedora-coreos/kubernetes`. ```tf module "ramius" { - source = "git::https://github.com/poseidon/typhoon//azure/fedora-coreos/kubernetes?ref=v1.30.2" + source = "git::https://github.com/poseidon/typhoon//azure/fedora-coreos/kubernetes?ref=v1.30.3" # Azure cluster_name = "ramius" @@ -163,9 +163,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/ramius-config $ kubectl get nodes NAME STATUS ROLES AGE VERSION -ramius-controller-0 Ready 24m v1.30.2 -ramius-worker-000001 Ready 25m v1.30.2 -ramius-worker-000002 Ready 24m v1.30.2 +ramius-controller-0 Ready 24m v1.30.3 +ramius-worker-000001 Ready 25m v1.30.3 +ramius-worker-000002 Ready 24m v1.30.3 ``` List the pods. diff --git a/docs/fedora-coreos/bare-metal.md b/docs/fedora-coreos/bare-metal.md index fed08a2e..86baa3d2 100644 --- a/docs/fedora-coreos/bare-metal.md +++ b/docs/fedora-coreos/bare-metal.md @@ -1,6 +1,6 @@ # Bare-Metal -In this tutorial, we'll network boot and provision a Kubernetes v1.30.2 cluster on bare-metal with Fedora CoreOS. +In this tutorial, we'll network boot and provision a Kubernetes v1.30.3 cluster on bare-metal with Fedora CoreOS. First, we'll deploy a [Matchbox](https://github.com/poseidon/matchbox) service and setup a network boot environment. Then, we'll declare a Kubernetes cluster using the Typhoon Terraform module and power on machines. On PXE boot, machines will install Fedora CoreOS to disk, reboot into the disk install, and provision themselves as Kubernetes controllers or workers via Ignition. @@ -154,7 +154,7 @@ Define a Kubernetes cluster using the module `bare-metal/fedora-coreos/kubernete ```tf module "mercury" { - source = "git::https://github.com/poseidon/typhoon//bare-metal/fedora-coreos/kubernetes?ref=v1.30.2" + source = "git::https://github.com/poseidon/typhoon//bare-metal/fedora-coreos/kubernetes?ref=v1.30.3" # bare-metal cluster_name = "mercury" @@ -191,7 +191,7 @@ Workers with similar features can be defined inline using the `workers` field as ```tf module "mercury-node1" { - source = "git::https://github.com/poseidon/typhoon//bare-metal/fedora-coreos/kubernetes/worker?ref=v1.30.2" + source = "git::https://github.com/poseidon/typhoon//bare-metal/fedora-coreos/kubernetes/worker?ref=v1.30.3" # bare-metal cluster_name = "mercury" @@ -313,9 +313,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/mercury-config $ kubectl get nodes NAME STATUS ROLES AGE VERSION -node1.example.com Ready 10m v1.30.2 -node2.example.com Ready 10m v1.30.2 -node3.example.com Ready 10m v1.30.2 +node1.example.com Ready 10m v1.30.3 +node2.example.com Ready 10m v1.30.3 +node3.example.com Ready 10m v1.30.3 ``` List the pods. diff --git a/docs/fedora-coreos/digitalocean.md b/docs/fedora-coreos/digitalocean.md index 56995967..b16825ff 100644 --- a/docs/fedora-coreos/digitalocean.md +++ b/docs/fedora-coreos/digitalocean.md @@ -1,6 +1,6 @@ # DigitalOcean -In this tutorial, we'll create a Kubernetes v1.30.2 cluster on DigitalOcean with Fedora CoreOS. +In this tutorial, we'll create a Kubernetes v1.30.3 cluster on DigitalOcean with Fedora CoreOS. We'll declare a Kubernetes cluster using the Typhoon Terraform module. Then apply the changes to create controller droplets, worker droplets, DNS records, tags, and TLS assets. @@ -81,7 +81,7 @@ Define a Kubernetes cluster using the module `digital-ocean/fedora-coreos/kubern ```tf module "nemo" { - source = "git::https://github.com/poseidon/typhoon//digital-ocean/fedora-coreos/kubernetes?ref=v1.30.2" + source = "git::https://github.com/poseidon/typhoon//digital-ocean/fedora-coreos/kubernetes?ref=v1.30.3" # Digital Ocean cluster_name = "nemo" @@ -155,9 +155,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/nemo-config $ kubectl get nodes NAME STATUS ROLES AGE VERSION -10.132.110.130 Ready 10m v1.30.2 -10.132.115.81 Ready 10m v1.30.2 -10.132.124.107 Ready 10m v1.30.2 +10.132.110.130 Ready 10m v1.30.3 +10.132.115.81 Ready 10m v1.30.3 +10.132.124.107 Ready 10m v1.30.3 ``` List the pods. diff --git a/docs/fedora-coreos/google-cloud.md b/docs/fedora-coreos/google-cloud.md index 68ef6768..306bd1f6 100644 --- a/docs/fedora-coreos/google-cloud.md +++ b/docs/fedora-coreos/google-cloud.md @@ -1,6 +1,6 @@ # Google Cloud -In this tutorial, we'll create a Kubernetes v1.30.2 cluster on Google Compute Engine with Fedora CoreOS. +In this tutorial, we'll create a Kubernetes v1.30.3 cluster on Google Compute Engine with Fedora CoreOS. We'll declare a Kubernetes cluster using the Typhoon Terraform module. Then apply the changes to create a network, firewall rules, health checks, controller instances, worker managed instance group, load balancers, and TLS assets. @@ -73,7 +73,7 @@ Define a Kubernetes cluster using the module `google-cloud/fedora-coreos/kuberne ```tf module "yavin" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.30.2" + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.30.3" # Google Cloud cluster_name = "yavin" @@ -147,9 +147,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/yavin-config $ kubectl get nodes NAME ROLES STATUS AGE VERSION -yavin-controller-0.c.example-com.internal Ready 6m v1.30.2 -yavin-worker-jrbf.c.example-com.internal Ready 5m v1.30.2 -yavin-worker-mzdm.c.example-com.internal Ready 5m v1.30.2 +yavin-controller-0.c.example-com.internal Ready 6m v1.30.3 +yavin-worker-jrbf.c.example-com.internal Ready 5m v1.30.3 +yavin-worker-mzdm.c.example-com.internal Ready 5m v1.30.3 ``` List the pods. diff --git a/docs/flatcar-linux/aws.md b/docs/flatcar-linux/aws.md index 8bbfe156..57ed0a7d 100644 --- a/docs/flatcar-linux/aws.md +++ b/docs/flatcar-linux/aws.md @@ -1,6 +1,6 @@ # AWS -In this tutorial, we'll create a Kubernetes v1.30.2 cluster on AWS with Flatcar Linux. +In this tutorial, we'll create a Kubernetes v1.30.3 cluster on AWS with Flatcar Linux. We'll declare a Kubernetes cluster using the Typhoon Terraform module. Then apply the changes to create a VPC, gateway, subnets, security groups, controller instances, worker auto-scaling group, network load balancer, and TLS assets. @@ -72,7 +72,7 @@ Define a Kubernetes cluster using the module `aws/flatcar-linux/kubernetes`. ```tf module "tempest" { - source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes?ref=v1.30.2" + source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes?ref=v1.30.3" # AWS cluster_name = "tempest" @@ -145,9 +145,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/tempest-config $ kubectl get nodes NAME STATUS ROLES AGE VERSION -ip-10-0-3-155 Ready 10m v1.30.2 -ip-10-0-26-65 Ready 10m v1.30.2 -ip-10-0-41-21 Ready 10m v1.30.2 +ip-10-0-3-155 Ready 10m v1.30.3 +ip-10-0-26-65 Ready 10m v1.30.3 +ip-10-0-41-21 Ready 10m v1.30.3 ``` List the pods. diff --git a/docs/flatcar-linux/azure.md b/docs/flatcar-linux/azure.md index c97169a4..8298f6ce 100644 --- a/docs/flatcar-linux/azure.md +++ b/docs/flatcar-linux/azure.md @@ -1,6 +1,6 @@ # Azure -In this tutorial, we'll create a Kubernetes v1.30.2 cluster on Azure with Flatcar Linux. +In this tutorial, we'll create a Kubernetes v1.30.3 cluster on Azure with Flatcar Linux. We'll declare a Kubernetes cluster using the Typhoon Terraform module. Then apply the changes to create a resource group, virtual network, subnets, security groups, controller availability set, worker scale set, load balancer, and TLS assets. @@ -75,7 +75,7 @@ Define a Kubernetes cluster using the module `azure/flatcar-linux/kubernetes`. ```tf module "ramius" { - source = "git::https://github.com/poseidon/typhoon//azure/flatcar-linux/kubernetes?ref=v1.30.2" + source = "git::https://github.com/poseidon/typhoon//azure/flatcar-linux/kubernetes?ref=v1.30.3" # Azure cluster_name = "ramius" @@ -151,9 +151,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/ramius-config $ kubectl get nodes NAME STATUS ROLES AGE VERSION -ramius-controller-0 Ready 24m v1.30.2 -ramius-worker-000001 Ready 25m v1.30.2 -ramius-worker-000002 Ready 24m v1.30.2 +ramius-controller-0 Ready 24m v1.30.3 +ramius-worker-000001 Ready 25m v1.30.3 +ramius-worker-000002 Ready 24m v1.30.3 ``` List the pods. diff --git a/docs/flatcar-linux/bare-metal.md b/docs/flatcar-linux/bare-metal.md index 9930fd84..b21ee90e 100644 --- a/docs/flatcar-linux/bare-metal.md +++ b/docs/flatcar-linux/bare-metal.md @@ -1,6 +1,6 @@ # Bare-Metal -In this tutorial, we'll network boot and provision a Kubernetes v1.30.2 cluster on bare-metal with Flatcar Linux. +In this tutorial, we'll network boot and provision a Kubernetes v1.30.3 cluster on bare-metal with Flatcar Linux. First, we'll deploy a [Matchbox](https://github.com/poseidon/matchbox) service and setup a network boot environment. Then, we'll declare a Kubernetes cluster using the Typhoon Terraform module and power on machines. On PXE boot, machines will install Container Linux to disk, reboot into the disk install, and provision themselves as Kubernetes controllers or workers via Ignition. @@ -154,7 +154,7 @@ Define a Kubernetes cluster using the module `bare-metal/flatcar-linux/kubernete ```tf module "mercury" { - source = "git::https://github.com/poseidon/typhoon//bare-metal/flatcar-linux/kubernetes?ref=v1.30.2" + source = "git::https://github.com/poseidon/typhoon//bare-metal/flatcar-linux/kubernetes?ref=v1.30.3" # bare-metal cluster_name = "mercury" @@ -194,7 +194,7 @@ Workers with similar features can be defined inline using the `workers` field as ```tf module "mercury-node1" { - source = "git::https://github.com/poseidon/typhoon//bare-metal/fedora-coreos/kubernetes/worker?ref=v1.30.2" + source = "git::https://github.com/poseidon/typhoon//bare-metal/fedora-coreos/kubernetes/worker?ref=v1.30.3" # bare-metal cluster_name = "mercury" @@ -323,9 +323,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/mercury-config $ kubectl get nodes NAME STATUS ROLES AGE VERSION -node1.example.com Ready 10m v1.30.2 -node2.example.com Ready 10m v1.30.2 -node3.example.com Ready 10m v1.30.2 +node1.example.com Ready 10m v1.30.3 +node2.example.com Ready 10m v1.30.3 +node3.example.com Ready 10m v1.30.3 ``` List the pods. diff --git a/docs/flatcar-linux/digitalocean.md b/docs/flatcar-linux/digitalocean.md index 9e0f8dbf..510bb7da 100644 --- a/docs/flatcar-linux/digitalocean.md +++ b/docs/flatcar-linux/digitalocean.md @@ -1,6 +1,6 @@ # DigitalOcean -In this tutorial, we'll create a Kubernetes v1.30.2 cluster on DigitalOcean with Flatcar Linux. +In this tutorial, we'll create a Kubernetes v1.30.3 cluster on DigitalOcean with Flatcar Linux. We'll declare a Kubernetes cluster using the Typhoon Terraform module. Then apply the changes to create controller droplets, worker droplets, DNS records, tags, and TLS assets. @@ -81,7 +81,7 @@ Define a Kubernetes cluster using the module `digital-ocean/flatcar-linux/kubern ```tf module "nemo" { - source = "git::https://github.com/poseidon/typhoon//digital-ocean/flatcar-linux/kubernetes?ref=v1.30.2" + source = "git::https://github.com/poseidon/typhoon//digital-ocean/flatcar-linux/kubernetes?ref=v1.30.3" # Digital Ocean cluster_name = "nemo" @@ -155,9 +155,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/nemo-config $ kubectl get nodes NAME STATUS ROLES AGE VERSION -10.132.110.130 Ready 10m v1.30.2 -10.132.115.81 Ready 10m v1.30.2 -10.132.124.107 Ready 10m v1.30.2 +10.132.110.130 Ready 10m v1.30.3 +10.132.115.81 Ready 10m v1.30.3 +10.132.124.107 Ready 10m v1.30.3 ``` List the pods. diff --git a/docs/flatcar-linux/google-cloud.md b/docs/flatcar-linux/google-cloud.md index 11dc3541..8ed758dc 100644 --- a/docs/flatcar-linux/google-cloud.md +++ b/docs/flatcar-linux/google-cloud.md @@ -1,6 +1,6 @@ # Google Cloud -In this tutorial, we'll create a Kubernetes v1.30.2 cluster on Google Compute Engine with Flatcar Linux. +In this tutorial, we'll create a Kubernetes v1.30.3 cluster on Google Compute Engine with Flatcar Linux. We'll declare a Kubernetes cluster using the Typhoon Terraform module. Then apply the changes to create a network, firewall rules, health checks, controller instances, worker managed instance group, load balancers, and TLS assets. @@ -73,7 +73,7 @@ Define a Kubernetes cluster using the module `google-cloud/flatcar-linux/kuberne ```tf module "yavin" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/flatcar-linux/kubernetes?ref=v1.30.2" + source = "git::https://github.com/poseidon/typhoon//google-cloud/flatcar-linux/kubernetes?ref=v1.30.3" # Google Cloud cluster_name = "yavin" @@ -147,9 +147,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/yavin-config $ kubectl get nodes NAME ROLES STATUS AGE VERSION -yavin-controller-0.c.example-com.internal Ready 6m v1.30.2 -yavin-worker-jrbf.c.example-com.internal Ready 5m v1.30.2 -yavin-worker-mzdm.c.example-com.internal Ready 5m v1.30.2 +yavin-controller-0.c.example-com.internal Ready 6m v1.30.3 +yavin-worker-jrbf.c.example-com.internal Ready 5m v1.30.3 +yavin-worker-mzdm.c.example-com.internal Ready 5m v1.30.3 ``` List the pods. diff --git a/docs/index.md b/docs/index.md index 5971ebf4..c18f0021 100644 --- a/docs/index.md +++ b/docs/index.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.30.2 (upstream) +* Kubernetes v1.30.3 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/), SELinux enforcing * Advanced features like [worker pools](advanced/worker-pools/), [preemptible](fedora-coreos/google-cloud/#preemption) workers, and [snippets](advanced/customization/#hosts) customization @@ -70,7 +70,7 @@ Define a Kubernetes cluster by using the Terraform module for your chosen platfo ```tf module "yavin" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.30.2" + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.30.3" # Google Cloud cluster_name = "yavin" @@ -108,9 +108,9 @@ In 4-8 minutes (varies by platform), the cluster will be ready. This Google Clou $ export KUBECONFIG=/home/user/.kube/configs/yavin-config $ kubectl get nodes NAME ROLES STATUS AGE VERSION -yavin-controller-0.c.example-com.internal Ready 6m v1.30.2 -yavin-worker-jrbf.c.example-com.internal Ready 5m v1.30.2 -yavin-worker-mzdm.c.example-com.internal Ready 5m v1.30.2 +yavin-controller-0.c.example-com.internal Ready 6m v1.30.3 +yavin-worker-jrbf.c.example-com.internal Ready 5m v1.30.3 +yavin-worker-mzdm.c.example-com.internal Ready 5m v1.30.3 ``` List the pods. diff --git a/docs/topics/maintenance.md b/docs/topics/maintenance.md index 55bffdbc..c7fc3b23 100644 --- a/docs/topics/maintenance.md +++ b/docs/topics/maintenance.md @@ -13,12 +13,12 @@ Typhoon provides tagged releases to allow clusters to be versioned using ordinar ``` module "yavin" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.30.2" + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.30.3" ... } module "mercury" { - source = "git::https://github.com/poseidon/typhoon//bare-metal/flatcar-linux/kubernetes?ref=v1.30.2" + source = "git::https://github.com/poseidon/typhoon//bare-metal/flatcar-linux/kubernetes?ref=v1.30.3" ... } ``` @@ -192,7 +192,7 @@ Applying edits to most worker fields will start an instance refresh: However, changing `os_stream`/`os_channel` or new AMIs becoming available will NOT change the launch configuration or trigger an Instance Refresh. This allows Fedora CoreOS or Flatcar Linux to auto-update themselves via reboots and avoids unexpected terraform diffs for new AMIs. !!! note - Before Typhoon v1.30.2, worker nodes only used new launch configurations when replaced manually (or due to failure). If you must change node configuration manually, it's still possible. Create a new [worker pool](../advanced/worker-pools.md), then scale down the old worker pool as desired. + Before Typhoon v1.30.3, worker nodes only used new launch configurations when replaced manually (or due to failure). If you must change node configuration manually, it's still possible. Create a new [worker pool](../advanced/worker-pools.md), then scale down the old worker pool as desired. ### Google Cloud @@ -233,7 +233,7 @@ Applying edits to most worker fields will start an instance refresh: However, changing `os_stream`/`os_channel` or new compute images becoming available will NOT change the launch template or update instances. This allows Fedora CoreOS or Flatcar Linux to auto-update themselves via reboots and avoids unexpected terraform diffs for new AMIs. !!! note - Before Typhoon v1.30.2, worker nodes only used new launch templates when replaced manually (or due to failure). If you must change node configuration manually, it's still possible. Create a new [worker pool](../advanced/worker-pools.md), then scale down the old worker pool as desired. + Before Typhoon v1.30.3, worker nodes only used new launch templates when replaced manually (or due to failure). If you must change node configuration manually, it's still possible. Create a new [worker pool](../advanced/worker-pools.md), then scale down the old worker pool as desired. ## Upgrade poseidon/ct diff --git a/google-cloud/fedora-coreos/kubernetes/README.md b/google-cloud/fedora-coreos/kubernetes/README.md index f647131d..4dff7178 100644 --- a/google-cloud/fedora-coreos/kubernetes/README.md +++ b/google-cloud/fedora-coreos/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.30.2 (upstream) +* Kubernetes v1.30.3 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/), SELinux enforcing * Advanced features like [worker pools](https://typhoon.psdn.io/advanced/worker-pools/), [preemptible](https://typhoon.psdn.io/fedora-coreos/google-cloud/#preemption) workers, and [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/google-cloud/fedora-coreos/kubernetes/bootstrap.tf b/google-cloud/fedora-coreos/kubernetes/bootstrap.tf index 64db6409..75131d3e 100644 --- a/google-cloud/fedora-coreos/kubernetes/bootstrap.tf +++ b/google-cloud/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=886f501bf7b624fc12acac83449b81d0dc8b8849" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=ca1f897b35d1f873649cd7f23b75f3219328df38" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/google-cloud/fedora-coreos/kubernetes/butane/controller.yaml b/google-cloud/fedora-coreos/kubernetes/butane/controller.yaml index 4cbe0aef..36990dd8 100644 --- a/google-cloud/fedora-coreos/kubernetes/butane/controller.yaml +++ b/google-cloud/fedora-coreos/kubernetes/butane/controller.yaml @@ -54,7 +54,7 @@ systemd: Description=Kubelet (System Container) Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.2 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.3 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin @@ -111,7 +111,7 @@ systemd: --volume /opt/bootstrap/assets:/assets:ro,Z \ --volume /opt/bootstrap/apply:/apply:ro,Z \ --entrypoint=/apply \ - quay.io/poseidon/kubelet:v1.30.2 + quay.io/poseidon/kubelet:v1.30.3 ExecStartPost=/bin/touch /opt/bootstrap/bootstrap.done ExecStartPost=-/usr/bin/podman stop bootstrap storage: diff --git a/google-cloud/fedora-coreos/kubernetes/workers/butane/worker.yaml b/google-cloud/fedora-coreos/kubernetes/workers/butane/worker.yaml index ad5d7247..53ce9bcc 100644 --- a/google-cloud/fedora-coreos/kubernetes/workers/butane/worker.yaml +++ b/google-cloud/fedora-coreos/kubernetes/workers/butane/worker.yaml @@ -26,7 +26,7 @@ systemd: Description=Kubelet (System Container) Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.2 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.3 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin diff --git a/google-cloud/flatcar-linux/kubernetes/README.md b/google-cloud/flatcar-linux/kubernetes/README.md index dc3fde50..485ba132 100644 --- a/google-cloud/flatcar-linux/kubernetes/README.md +++ b/google-cloud/flatcar-linux/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.30.2 (upstream) +* Kubernetes v1.30.3 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/) * Advanced features like [worker pools](https://typhoon.psdn.io/advanced/worker-pools/), [preemptible](https://typhoon.psdn.io/flatcar-linux/google-cloud/#preemption) workers, and [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/google-cloud/flatcar-linux/kubernetes/bootstrap.tf b/google-cloud/flatcar-linux/kubernetes/bootstrap.tf index 64db6409..75131d3e 100644 --- a/google-cloud/flatcar-linux/kubernetes/bootstrap.tf +++ b/google-cloud/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=886f501bf7b624fc12acac83449b81d0dc8b8849" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=ca1f897b35d1f873649cd7f23b75f3219328df38" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/google-cloud/flatcar-linux/kubernetes/butane/controller.yaml b/google-cloud/flatcar-linux/kubernetes/butane/controller.yaml index 4184fd1a..be6479f2 100644 --- a/google-cloud/flatcar-linux/kubernetes/butane/controller.yaml +++ b/google-cloud/flatcar-linux/kubernetes/butane/controller.yaml @@ -56,7 +56,7 @@ systemd: After=docker.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.2 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.3 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin @@ -105,7 +105,7 @@ systemd: Type=oneshot RemainAfterExit=true WorkingDirectory=/opt/bootstrap - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.2 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.3 ExecStart=/usr/bin/docker run \ -v /etc/kubernetes/pki:/etc/kubernetes/pki:ro \ -v /opt/bootstrap/assets:/assets:ro \ diff --git a/google-cloud/flatcar-linux/kubernetes/workers/butane/worker.yaml b/google-cloud/flatcar-linux/kubernetes/workers/butane/worker.yaml index 066ba52c..f1a60972 100644 --- a/google-cloud/flatcar-linux/kubernetes/workers/butane/worker.yaml +++ b/google-cloud/flatcar-linux/kubernetes/workers/butane/worker.yaml @@ -28,7 +28,7 @@ systemd: After=docker.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.2 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.3 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin From d04602651192f896778c432fbc68bb320e03e73d Mon Sep 17 00:00:00 2001 From: Dalton Hubble Date: Thu, 25 Jul 2024 21:41:54 -0700 Subject: [PATCH 076/132] Fix incorrect terraform-render-bootstrap SHA --- aws/fedora-coreos/kubernetes/bootstrap.tf | 2 +- aws/flatcar-linux/kubernetes/bootstrap.tf | 2 +- azure/fedora-coreos/kubernetes/bootstrap.tf | 2 +- azure/flatcar-linux/kubernetes/bootstrap.tf | 2 +- bare-metal/fedora-coreos/kubernetes/bootstrap.tf | 2 +- bare-metal/flatcar-linux/kubernetes/bootstrap.tf | 2 +- digital-ocean/fedora-coreos/kubernetes/bootstrap.tf | 2 +- digital-ocean/flatcar-linux/kubernetes/bootstrap.tf | 2 +- google-cloud/fedora-coreos/kubernetes/bootstrap.tf | 2 +- google-cloud/flatcar-linux/kubernetes/bootstrap.tf | 2 +- 10 files changed, 10 insertions(+), 10 deletions(-) diff --git a/aws/fedora-coreos/kubernetes/bootstrap.tf b/aws/fedora-coreos/kubernetes/bootstrap.tf index 541ec83d..f1240f6b 100644 --- a/aws/fedora-coreos/kubernetes/bootstrap.tf +++ b/aws/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=ca1f897b35d1f873649cd7f23b75f3219328df38" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=1609060f4f138f3b3aef74a9e5494e0fe831c423" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/aws/flatcar-linux/kubernetes/bootstrap.tf b/aws/flatcar-linux/kubernetes/bootstrap.tf index 541ec83d..f1240f6b 100644 --- a/aws/flatcar-linux/kubernetes/bootstrap.tf +++ b/aws/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=ca1f897b35d1f873649cd7f23b75f3219328df38" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=1609060f4f138f3b3aef74a9e5494e0fe831c423" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/azure/fedora-coreos/kubernetes/bootstrap.tf b/azure/fedora-coreos/kubernetes/bootstrap.tf index 1aac7b66..b721b646 100644 --- a/azure/fedora-coreos/kubernetes/bootstrap.tf +++ b/azure/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=ca1f897b35d1f873649cd7f23b75f3219328df38" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=1609060f4f138f3b3aef74a9e5494e0fe831c423" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/azure/flatcar-linux/kubernetes/bootstrap.tf b/azure/flatcar-linux/kubernetes/bootstrap.tf index 1aac7b66..b721b646 100644 --- a/azure/flatcar-linux/kubernetes/bootstrap.tf +++ b/azure/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=ca1f897b35d1f873649cd7f23b75f3219328df38" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=1609060f4f138f3b3aef74a9e5494e0fe831c423" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/bare-metal/fedora-coreos/kubernetes/bootstrap.tf b/bare-metal/fedora-coreos/kubernetes/bootstrap.tf index 999544f2..49efd12b 100644 --- a/bare-metal/fedora-coreos/kubernetes/bootstrap.tf +++ b/bare-metal/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=ca1f897b35d1f873649cd7f23b75f3219328df38" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=1609060f4f138f3b3aef74a9e5494e0fe831c423" cluster_name = var.cluster_name api_servers = [var.k8s_domain_name] diff --git a/bare-metal/flatcar-linux/kubernetes/bootstrap.tf b/bare-metal/flatcar-linux/kubernetes/bootstrap.tf index 64c4a120..f88cdfad 100644 --- a/bare-metal/flatcar-linux/kubernetes/bootstrap.tf +++ b/bare-metal/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=ca1f897b35d1f873649cd7f23b75f3219328df38" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=1609060f4f138f3b3aef74a9e5494e0fe831c423" cluster_name = var.cluster_name api_servers = [var.k8s_domain_name] diff --git a/digital-ocean/fedora-coreos/kubernetes/bootstrap.tf b/digital-ocean/fedora-coreos/kubernetes/bootstrap.tf index 5c8f30d1..ee8b1d80 100644 --- a/digital-ocean/fedora-coreos/kubernetes/bootstrap.tf +++ b/digital-ocean/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=ca1f897b35d1f873649cd7f23b75f3219328df38" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=1609060f4f138f3b3aef74a9e5494e0fe831c423" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/digital-ocean/flatcar-linux/kubernetes/bootstrap.tf b/digital-ocean/flatcar-linux/kubernetes/bootstrap.tf index 5c8f30d1..ee8b1d80 100644 --- a/digital-ocean/flatcar-linux/kubernetes/bootstrap.tf +++ b/digital-ocean/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=ca1f897b35d1f873649cd7f23b75f3219328df38" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=1609060f4f138f3b3aef74a9e5494e0fe831c423" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/google-cloud/fedora-coreos/kubernetes/bootstrap.tf b/google-cloud/fedora-coreos/kubernetes/bootstrap.tf index 75131d3e..b135c65f 100644 --- a/google-cloud/fedora-coreos/kubernetes/bootstrap.tf +++ b/google-cloud/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=ca1f897b35d1f873649cd7f23b75f3219328df38" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=1609060f4f138f3b3aef74a9e5494e0fe831c423" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/google-cloud/flatcar-linux/kubernetes/bootstrap.tf b/google-cloud/flatcar-linux/kubernetes/bootstrap.tf index 75131d3e..b135c65f 100644 --- a/google-cloud/flatcar-linux/kubernetes/bootstrap.tf +++ b/google-cloud/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=ca1f897b35d1f873649cd7f23b75f3219328df38" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=1609060f4f138f3b3aef74a9e5494e0fe831c423" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] From 329987187bc96c3d1ddd6bfefa34011551cd4dc2 Mon Sep 17 00:00:00 2001 From: "dghubble-renovate[bot]" <119624128+dghubble-renovate[bot]@users.noreply.github.com> Date: Tue, 23 Jul 2024 19:20:55 +0000 Subject: [PATCH 077/132] Bump mkdocs-material from 9.5.29 to v9.5.30 --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index fcbaea79..fc2853ad 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,4 +1,4 @@ mkdocs==1.6.0 -mkdocs-material==9.5.29 +mkdocs-material==9.5.30 pygments==2.18.0 pymdown-extensions==10.8.1 From 4251ca937a47eb7023496dd0b760e49d8c1e8b45 Mon Sep 17 00:00:00 2001 From: "dghubble-renovate[bot]" <119624128+dghubble-renovate[bot]@users.noreply.github.com> Date: Sun, 28 Jul 2024 07:21:11 +0000 Subject: [PATCH 078/132] Bump pymdown-extensions from 10.8.1 to v10.9 --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index fc2853ad..723137e9 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,4 +1,4 @@ mkdocs==1.6.0 mkdocs-material==9.5.30 pygments==2.18.0 -pymdown-extensions==10.8.1 +pymdown-extensions==10.9 From 8cea37cdd95e4fcb1f35243a6fb430206f151675 Mon Sep 17 00:00:00 2001 From: "dghubble-renovate[bot]" <119624128+dghubble-renovate[bot]@users.noreply.github.com> Date: Wed, 24 Jul 2024 14:41:14 +0000 Subject: [PATCH 079/132] Bump quay.io/cilium/operator-generic image from v1.15.7 to v1.16.0 --- addons/cilium/deployment.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/addons/cilium/deployment.tf b/addons/cilium/deployment.tf index e066a0e0..484b2a08 100644 --- a/addons/cilium/deployment.tf +++ b/addons/cilium/deployment.tf @@ -58,7 +58,7 @@ resource "kubernetes_deployment" "operator" { enable_service_links = false container { name = "cilium-operator" - image = "quay.io/cilium/operator-generic:v1.15.7" + image = "quay.io/cilium/operator-generic:v1.16.0" command = ["cilium-operator-generic"] args = [ "--config-dir=/tmp/cilium/config-map", From 858d665d9bff05668944c278ba802b77d426ec8c Mon Sep 17 00:00:00 2001 From: "dghubble-renovate[bot]" <119624128+dghubble-renovate[bot]@users.noreply.github.com> Date: Sat, 27 Jul 2024 06:39:26 +0000 Subject: [PATCH 080/132] Bump quay.io/cilium/cilium image from v1.15.7 to v1.16.0 --- addons/cilium/daemonset.tf | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/addons/cilium/daemonset.tf b/addons/cilium/daemonset.tf index b85275b4..7e75bf8b 100644 --- a/addons/cilium/daemonset.tf +++ b/addons/cilium/daemonset.tf @@ -61,7 +61,7 @@ resource "kubernetes_daemonset" "cilium" { # https://github.com/cilium/cilium/pull/24075 init_container { name = "install-cni" - image = "quay.io/cilium/cilium:v1.15.7" + image = "quay.io/cilium/cilium:v1.16.0" command = ["/install-plugin.sh"] security_context { allow_privilege_escalation = true @@ -80,7 +80,7 @@ resource "kubernetes_daemonset" "cilium" { # We use nsenter command with host's cgroup and mount namespaces enabled. init_container { name = "mount-cgroup" - image = "quay.io/cilium/cilium:v1.15.7" + image = "quay.io/cilium/cilium:v1.16.0" command = [ "sh", "-ec", @@ -115,7 +115,7 @@ resource "kubernetes_daemonset" "cilium" { init_container { name = "clean-cilium-state" - image = "quay.io/cilium/cilium:v1.15.7" + image = "quay.io/cilium/cilium:v1.16.0" command = ["/init-container.sh"] security_context { allow_privilege_escalation = true @@ -139,7 +139,7 @@ resource "kubernetes_daemonset" "cilium" { container { name = "cilium-agent" - image = "quay.io/cilium/cilium:v1.15.7" + image = "quay.io/cilium/cilium:v1.16.0" command = ["cilium-agent"] args = [ "--config-dir=/tmp/cilium/config-map" From 39b5079bc37c9771ea9225f8d4d4fd2e330a6f98 Mon Sep 17 00:00:00 2001 From: "dghubble-renovate[bot]" <119624128+dghubble-renovate[bot]@users.noreply.github.com> Date: Mon, 29 Jul 2024 19:40:35 +0000 Subject: [PATCH 081/132] Bump registry.k8s.io/coredns/coredns image from v1.11.1 to v1.11.3 --- addons/coredns/deployment.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/addons/coredns/deployment.tf b/addons/coredns/deployment.tf index f52bc6c7..f8b6e792 100644 --- a/addons/coredns/deployment.tf +++ b/addons/coredns/deployment.tf @@ -77,7 +77,7 @@ resource "kubernetes_deployment" "coredns" { } container { name = "coredns" - image = "registry.k8s.io/coredns/coredns:v1.11.1" + image = "registry.k8s.io/coredns/coredns:v1.11.3" args = ["-conf", "/etc/coredns/Corefile"] port { name = "dns" From 1104b4bf2852e3a307f87221e2dc9583e95edfe3 Mon Sep 17 00:00:00 2001 From: Dalton Hubble Date: Fri, 26 Jul 2024 22:22:34 -0700 Subject: [PATCH 082/132] AWS: Add CPU pricing mode and controller/worker disk variables * Add `controller_disk_type`, `controller_disk_size`, and `controller_disk_iops` variables * Add `worker_disk_type`, `worker_disk_size`, and `worker_disk_iops` variables and fix propagation to worker nodes * Remove `disk_type`, `disk_size`, and `disk_iops` variables * Add `controller_cpu_credits` and `worker_cpu_credits` variables to set CPU pricing mode for burstable instance types --- CHANGES.md | 7 ++ aws/fedora-coreos/kubernetes/controllers.tf | 10 ++- aws/fedora-coreos/kubernetes/variables.tf | 84 +++++++++++++------ aws/fedora-coreos/kubernetes/workers.tf | 5 +- .../kubernetes/workers/variables.tf | 6 ++ .../kubernetes/workers/workers.tf | 4 + aws/flatcar-linux/kubernetes/controllers.tf | 10 ++- aws/flatcar-linux/kubernetes/variables.tf | 84 +++++++++++++------ aws/flatcar-linux/kubernetes/workers.tf | 4 +- .../kubernetes/workers/variables.tf | 6 ++ .../kubernetes/workers/workers.tf | 4 + 11 files changed, 162 insertions(+), 62 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index 22433214..d89e141a 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -10,6 +10,13 @@ Notable changes between versions. * Update Cilium from v1.15.6 to [v1.15.7](https://github.com/cilium/cilium/releases/tag/v1.15.7) * Update flannel from v0.25.4 to [v0.25.5](https://github.com/flannel-io/flannel/releases/tag/v0.25.5) +### AWS + +* Add `controller_disk_type`, `controller_disk_size`, and `controller_disk_iops` variables +* Add `worker_disk_type`, `worker_disk_size`, and `worker_disk_iops` variables and fix propagation to worker nodes +* Remove `disk_type`, `disk_size`, and `disk_iops` variables +* Add `controller_cpu_credits` and `worker_cpu_credits` variables to set CPU pricing mode for burstable instance types + ### Azure * Configure the virtual network and subnets with IPv6 private address space diff --git a/aws/fedora-coreos/kubernetes/controllers.tf b/aws/fedora-coreos/kubernetes/controllers.tf index ad4d8c84..8269a661 100644 --- a/aws/fedora-coreos/kubernetes/controllers.tf +++ b/aws/fedora-coreos/kubernetes/controllers.tf @@ -27,9 +27,9 @@ resource "aws_instance" "controllers" { # storage root_block_device { - volume_type = var.disk_type - volume_size = var.disk_size - iops = var.disk_iops + volume_type = var.controller_disk_type + volume_size = var.controller_disk_size + iops = var.controller_disk_iops encrypted = true tags = {} } @@ -39,6 +39,10 @@ resource "aws_instance" "controllers" { subnet_id = element(aws_subnet.public.*.id, count.index) vpc_security_group_ids = [aws_security_group.controller.id] + credit_specification { + cpu_credits = var.controller_cpu_credits + } + lifecycle { ignore_changes = [ ami, diff --git a/aws/fedora-coreos/kubernetes/variables.tf b/aws/fedora-coreos/kubernetes/variables.tf index 09524e62..013fe916 100644 --- a/aws/fedora-coreos/kubernetes/variables.tf +++ b/aws/fedora-coreos/kubernetes/variables.tf @@ -17,30 +17,6 @@ variable "dns_zone_id" { # instances -variable "controller_count" { - type = number - description = "Number of controllers (i.e. masters)" - default = 1 -} - -variable "worker_count" { - type = number - description = "Number of workers" - default = 1 -} - -variable "controller_type" { - type = string - description = "EC2 instance type for controllers" - default = "t3.small" -} - -variable "worker_type" { - type = string - description = "EC2 instance type for workers" - default = "t3.small" -} - variable "os_stream" { type = string description = "Fedora CoreOS image stream for instances (e.g. stable, testing, next)" @@ -52,24 +28,78 @@ variable "os_stream" { } } -variable "disk_size" { +variable "controller_count" { + type = number + description = "Number of controllers (i.e. masters)" + default = 1 +} + +variable "controller_type" { + type = string + description = "EC2 instance type for controllers" + default = "t3.small" +} + +variable "controller_disk_size" { type = number description = "Size of the EBS volume in GB" default = 30 } -variable "disk_type" { +variable "controller_disk_type" { type = string description = "Type of the EBS volume (e.g. standard, gp2, gp3, io1)" default = "gp3" } -variable "disk_iops" { +variable "controller_disk_iops" { type = number description = "IOPS of the EBS volume (e.g. 3000)" default = 3000 } +variable "controller_cpu_credits" { + type = string + description = "CPU credits mode (if using a burstable instance type)" + default = null +} + +variable "worker_count" { + type = number + description = "Number of workers" + default = 1 +} + +variable "worker_type" { + type = string + description = "EC2 instance type for workers" + default = "t3.small" +} + +variable "worker_disk_size" { + type = number + description = "Size of the EBS volume in GB" + default = 30 +} + +variable "worker_disk_type" { + type = string + description = "Type of the EBS volume (e.g. standard, gp2, gp3, io1)" + default = "gp3" +} + +variable "worker_disk_iops" { + type = number + description = "IOPS of the EBS volume (e.g. 3000)" + default = 3000 +} + +variable "worker_cpu_credits" { + type = string + description = "CPU credits mode (if using a burstable instance type)" + default = null +} + variable "worker_price" { type = number description = "Spot price in USD for worker instances or 0 to use on-demand instances" diff --git a/aws/fedora-coreos/kubernetes/workers.tf b/aws/fedora-coreos/kubernetes/workers.tf index 0ec9cdb6..fb06c335 100644 --- a/aws/fedora-coreos/kubernetes/workers.tf +++ b/aws/fedora-coreos/kubernetes/workers.tf @@ -10,7 +10,10 @@ module "workers" { instance_type = var.worker_type os_stream = var.os_stream arch = var.arch - disk_size = var.disk_size + disk_type = var.worker_disk_type + disk_size = var.worker_disk_size + disk_iops = var.worker_disk_iops + cpu_credits = var.worker_cpu_credits spot_price = var.worker_price target_groups = var.worker_target_groups diff --git a/aws/fedora-coreos/kubernetes/workers/variables.tf b/aws/fedora-coreos/kubernetes/workers/variables.tf index 4bb8b714..3f859e70 100644 --- a/aws/fedora-coreos/kubernetes/workers/variables.tf +++ b/aws/fedora-coreos/kubernetes/workers/variables.tf @@ -69,6 +69,12 @@ variable "spot_price" { default = 0 } +variable "cpu_credits" { + type = string + description = "CPU burst credits mode (if applicable)" + default = null +} + variable "target_groups" { type = list(string) description = "Additional target group ARNs to which instances should be added" diff --git a/aws/fedora-coreos/kubernetes/workers/workers.tf b/aws/fedora-coreos/kubernetes/workers/workers.tf index 9f0b0be0..d3038305 100644 --- a/aws/fedora-coreos/kubernetes/workers/workers.tf +++ b/aws/fedora-coreos/kubernetes/workers/workers.tf @@ -94,6 +94,10 @@ resource "aws_launch_template" "worker" { } } + credit_specification { + cpu_credits = var.cpu_credits + } + lifecycle { // Override the default destroy and replace update behavior create_before_destroy = true diff --git a/aws/flatcar-linux/kubernetes/controllers.tf b/aws/flatcar-linux/kubernetes/controllers.tf index 82d92ce8..b48aa770 100644 --- a/aws/flatcar-linux/kubernetes/controllers.tf +++ b/aws/flatcar-linux/kubernetes/controllers.tf @@ -28,9 +28,9 @@ resource "aws_instance" "controllers" { # storage root_block_device { - volume_type = var.disk_type - volume_size = var.disk_size - iops = var.disk_iops + volume_type = var.controller_disk_type + volume_size = var.controller_disk_size + iops = var.controller_disk_iops encrypted = true tags = {} } @@ -40,6 +40,10 @@ resource "aws_instance" "controllers" { subnet_id = element(aws_subnet.public.*.id, count.index) vpc_security_group_ids = [aws_security_group.controller.id] + credit_specification { + cpu_credits = var.controller_cpu_credits + } + lifecycle { ignore_changes = [ ami, diff --git a/aws/flatcar-linux/kubernetes/variables.tf b/aws/flatcar-linux/kubernetes/variables.tf index cc86d5ec..2331db4d 100644 --- a/aws/flatcar-linux/kubernetes/variables.tf +++ b/aws/flatcar-linux/kubernetes/variables.tf @@ -17,30 +17,6 @@ variable "dns_zone_id" { # instances -variable "controller_count" { - type = number - description = "Number of controllers (i.e. masters)" - default = 1 -} - -variable "worker_count" { - type = number - description = "Number of workers" - default = 1 -} - -variable "controller_type" { - type = string - description = "EC2 instance type for controllers" - default = "t3.small" -} - -variable "worker_type" { - type = string - description = "EC2 instance type for workers" - default = "t3.small" -} - variable "os_image" { type = string description = "AMI channel for a Container Linux derivative (flatcar-stable, flatcar-beta, flatcar-alpha)" @@ -52,24 +28,78 @@ variable "os_image" { } } -variable "disk_size" { +variable "controller_count" { + type = number + description = "Number of controllers (i.e. masters)" + default = 1 +} + +variable "controller_type" { + type = string + description = "EC2 instance type for controllers" + default = "t3.small" +} + +variable "controller_disk_size" { type = number description = "Size of the EBS volume in GB" default = 30 } -variable "disk_type" { +variable "controller_disk_type" { type = string description = "Type of the EBS volume (e.g. standard, gp2, gp3, io1)" default = "gp3" } -variable "disk_iops" { +variable "controller_disk_iops" { type = number description = "IOPS of the EBS volume (e.g. 3000)" default = 3000 } +variable "controller_cpu_credits" { + type = string + description = "CPU credits mode (if using a burstable instance type)" + default = null +} + +variable "worker_count" { + type = number + description = "Number of workers" + default = 1 +} + +variable "worker_type" { + type = string + description = "EC2 instance type for workers" + default = "t3.small" +} + +variable "worker_disk_size" { + type = number + description = "Size of the EBS volume in GB" + default = 30 +} + +variable "worker_disk_type" { + type = string + description = "Type of the EBS volume (e.g. standard, gp2, gp3, io1)" + default = "gp3" +} + +variable "worker_disk_iops" { + type = number + description = "IOPS of the EBS volume (e.g. 3000)" + default = 3000 +} + +variable "worker_cpu_credits" { + type = string + description = "CPU credits mode (if using a burstable instance type)" + default = null +} + variable "worker_price" { type = number description = "Spot price in USD for worker instances or 0 to use on-demand instances" diff --git a/aws/flatcar-linux/kubernetes/workers.tf b/aws/flatcar-linux/kubernetes/workers.tf index 64a46cab..7397c99a 100644 --- a/aws/flatcar-linux/kubernetes/workers.tf +++ b/aws/flatcar-linux/kubernetes/workers.tf @@ -10,7 +10,9 @@ module "workers" { instance_type = var.worker_type os_image = var.os_image arch = var.arch - disk_size = var.disk_size + disk_type = var.worker_disk_type + disk_size = var.worker_disk_size + disk_iops = var.worker_disk_iops spot_price = var.worker_price target_groups = var.worker_target_groups diff --git a/aws/flatcar-linux/kubernetes/workers/variables.tf b/aws/flatcar-linux/kubernetes/workers/variables.tf index 26bd2c1d..60f3b689 100644 --- a/aws/flatcar-linux/kubernetes/workers/variables.tf +++ b/aws/flatcar-linux/kubernetes/workers/variables.tf @@ -69,6 +69,12 @@ variable "spot_price" { default = 0 } +variable "cpu_credits" { + type = string + description = "CPU burst credits mode (if applicable)" + default = null +} + variable "target_groups" { type = list(string) description = "Additional target group ARNs to which instances should be added" diff --git a/aws/flatcar-linux/kubernetes/workers/workers.tf b/aws/flatcar-linux/kubernetes/workers/workers.tf index cf7ab00f..3aef08ed 100644 --- a/aws/flatcar-linux/kubernetes/workers/workers.tf +++ b/aws/flatcar-linux/kubernetes/workers/workers.tf @@ -94,6 +94,10 @@ resource "aws_launch_template" "worker" { } } + credit_specification { + cpu_credits = var.cpu_credits + } + lifecycle { // Override the default destroy and replace update behavior create_before_destroy = true From 516786d7bbcaf88a6e93d38256f110097a1f2cb7 Mon Sep 17 00:00:00 2001 From: Dalton Hubble Date: Fri, 2 Aug 2024 10:08:32 -0700 Subject: [PATCH 083/132] google: Configure controller and worker disk sizes * Add `controller_disk_size` and `worker_disk_size` variables * Remove `disk_size` variable --- CHANGES.md | 31 ++++++++-- .../fedora-coreos/kubernetes/controllers.tf | 2 +- .../fedora-coreos/kubernetes/variables.tf | 56 ++++++++++--------- .../fedora-coreos/kubernetes/workers.tf | 2 +- .../flatcar-linux/kubernetes/controllers.tf | 2 +- .../flatcar-linux/kubernetes/variables.tf | 56 ++++++++++--------- .../flatcar-linux/kubernetes/workers.tf | 2 +- 7 files changed, 93 insertions(+), 58 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index d89e141a..da1cc435 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -12,10 +12,27 @@ Notable changes between versions. ### AWS -* Add `controller_disk_type`, `controller_disk_size`, and `controller_disk_iops` variables -* Add `worker_disk_type`, `worker_disk_size`, and `worker_disk_iops` variables and fix propagation to worker nodes -* Remove `disk_type`, `disk_size`, and `disk_iops` variables -* Add `controller_cpu_credits` and `worker_cpu_credits` variables to set CPU pricing mode for burstable instance types +* Allow configuring controller and worker disks ([#1482](https://github.com/poseidon/typhoon/pull/1482)) + * Add `controller_disk_type`, `controller_disk_size`, and `controller_disk_iops` variables + * Add `worker_disk_type`, `worker_disk_size`, and `worker_disk_iops` variables + * Remove `disk_type`, `disk_size`, and `disk_iops` variables + * Fix propagating settings to worker disks, previously ignored +* Allow configuring CPU pricing model for burstable instance types ([#1482](https://github.com/poseidon/typhoon/pull/1482)) + * Add `controller_cpu_credits` and `worker_cpu_credits` variables (`standard` or `unlimited`) + +```diff +module "cluster" { + ... +- disk_type = "gp3" +- disk_size = 30 +- disk_iops = 3000 + ++ controller_disk_size = 15 ++ worker_disk_size = 22 ++ controller_cpu_credits = "standard" ++ worker_cpu_credits = "unlimited" +} +``` ### Azure @@ -54,6 +71,12 @@ module "cluster" { } ``` +### Google Cloud + +* Allow configuring controller and worker disks ([#1486](https://github.com/poseidon/typhoon/pull/1486)) + * Add `controller_disk_size` and `worker_disk_size` variables + * Remove `disk_size` variable + ## v1.30.2 * Kubernetes [v1.30.2](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.30.md#v1302) diff --git a/google-cloud/fedora-coreos/kubernetes/controllers.tf b/google-cloud/fedora-coreos/kubernetes/controllers.tf index bf06dc9d..cfba3c34 100644 --- a/google-cloud/fedora-coreos/kubernetes/controllers.tf +++ b/google-cloud/fedora-coreos/kubernetes/controllers.tf @@ -43,7 +43,7 @@ resource "google_compute_instance" "controllers" { initialize_params { image = data.google_compute_image.fedora-coreos.self_link - size = var.disk_size + size = var.controller_disk_size } } diff --git a/google-cloud/fedora-coreos/kubernetes/variables.tf b/google-cloud/fedora-coreos/kubernetes/variables.tf index 8c23aec1..77f2a213 100644 --- a/google-cloud/fedora-coreos/kubernetes/variables.tf +++ b/google-cloud/fedora-coreos/kubernetes/variables.tf @@ -22,30 +22,6 @@ variable "dns_zone_name" { # instances -variable "controller_count" { - type = number - description = "Number of controllers (i.e. masters)" - default = 1 -} - -variable "worker_count" { - type = number - description = "Number of workers" - default = 1 -} - -variable "controller_type" { - type = string - description = "Machine type for controllers (see `gcloud compute machine-types list`)" - default = "n1-standard-1" -} - -variable "worker_type" { - type = string - description = "Machine type for controllers (see `gcloud compute machine-types list`)" - default = "n1-standard-1" -} - variable "os_stream" { type = string description = "Fedora CoreOS stream for compute instances (e.g. stable, testing, next)" @@ -57,7 +33,37 @@ variable "os_stream" { } } -variable "disk_size" { +variable "controller_count" { + type = number + description = "Number of controllers (i.e. masters)" + default = 1 +} + +variable "controller_type" { + type = string + description = "Machine type for controllers (see `gcloud compute machine-types list`)" + default = "n1-standard-1" +} + +variable "controller_disk_size" { + type = number + description = "Size of the disk in GB" + default = 30 +} + +variable "worker_count" { + type = number + description = "Number of workers" + default = 1 +} + +variable "worker_type" { + type = string + description = "Machine type for controllers (see `gcloud compute machine-types list`)" + default = "n1-standard-1" +} + +variable "worker_disk_size" { type = number description = "Size of the disk in GB" default = 30 diff --git a/google-cloud/fedora-coreos/kubernetes/workers.tf b/google-cloud/fedora-coreos/kubernetes/workers.tf index d35db25f..244901d0 100644 --- a/google-cloud/fedora-coreos/kubernetes/workers.tf +++ b/google-cloud/fedora-coreos/kubernetes/workers.tf @@ -9,7 +9,7 @@ module "workers" { worker_count = var.worker_count machine_type = var.worker_type os_stream = var.os_stream - disk_size = var.disk_size + disk_size = var.worker_disk_size preemptible = var.worker_preemptible # configuration diff --git a/google-cloud/flatcar-linux/kubernetes/controllers.tf b/google-cloud/flatcar-linux/kubernetes/controllers.tf index c2591e1b..40d3d3c1 100644 --- a/google-cloud/flatcar-linux/kubernetes/controllers.tf +++ b/google-cloud/flatcar-linux/kubernetes/controllers.tf @@ -44,7 +44,7 @@ resource "google_compute_instance" "controllers" { initialize_params { image = data.google_compute_image.flatcar-linux.self_link - size = var.disk_size + size = var.controller_disk_size } } diff --git a/google-cloud/flatcar-linux/kubernetes/variables.tf b/google-cloud/flatcar-linux/kubernetes/variables.tf index fc2796ad..2fdd9c64 100644 --- a/google-cloud/flatcar-linux/kubernetes/variables.tf +++ b/google-cloud/flatcar-linux/kubernetes/variables.tf @@ -22,30 +22,6 @@ variable "dns_zone_name" { # instances -variable "controller_count" { - type = number - description = "Number of controllers (i.e. masters)" - default = 1 -} - -variable "worker_count" { - type = number - description = "Number of workers" - default = 1 -} - -variable "controller_type" { - type = string - description = "Machine type for controllers (see `gcloud compute machine-types list`)" - default = "n1-standard-1" -} - -variable "worker_type" { - type = string - description = "Machine type for controllers (see `gcloud compute machine-types list`)" - default = "n1-standard-1" -} - variable "os_image" { type = string description = "Flatcar Linux image for compute instances (flatcar-stable, flatcar-beta, flatcar-alpha)" @@ -57,7 +33,37 @@ variable "os_image" { } } -variable "disk_size" { +variable "controller_count" { + type = number + description = "Number of controllers (i.e. masters)" + default = 1 +} + +variable "controller_type" { + type = string + description = "Machine type for controllers (see `gcloud compute machine-types list`)" + default = "n1-standard-1" +} + +variable "controller_disk_size" { + type = number + description = "Size of the disk in GB" + default = 30 +} + +variable "worker_count" { + type = number + description = "Number of workers" + default = 1 +} + +variable "worker_type" { + type = string + description = "Machine type for controllers (see `gcloud compute machine-types list`)" + default = "n1-standard-1" +} + +variable "worker_disk_size" { type = number description = "Size of the disk in GB" default = 30 diff --git a/google-cloud/flatcar-linux/kubernetes/workers.tf b/google-cloud/flatcar-linux/kubernetes/workers.tf index 91a32bd0..30273817 100644 --- a/google-cloud/flatcar-linux/kubernetes/workers.tf +++ b/google-cloud/flatcar-linux/kubernetes/workers.tf @@ -9,7 +9,7 @@ module "workers" { worker_count = var.worker_count machine_type = var.worker_type os_image = var.os_image - disk_size = var.disk_size + disk_size = var.worker_disk_size preemptible = var.worker_preemptible # configuration From af27661432d4d84b8914b0d34897291c2bc9bee8 Mon Sep 17 00:00:00 2001 From: Dalton Hubble Date: Wed, 31 Jul 2024 15:05:57 -0700 Subject: [PATCH 084/132] Configure controller and worker node architecture separately * On platforms that support ARM64 instances, configure controller and worker node host architectures separately * For example, you can run arm64 controllers and amd64 workers * Add `controller_arch` and `worker_arch` variables * Remove `arch` variable --- CHANGES.md | 19 +++++++++++++-- aws/fedora-coreos/kubernetes/ami.tf | 2 +- aws/fedora-coreos/kubernetes/controllers.tf | 2 +- aws/fedora-coreos/kubernetes/variables.tf | 23 ++++++++++++++----- aws/fedora-coreos/kubernetes/workers.tf | 2 +- aws/flatcar-linux/kubernetes/ami.tf | 4 ++-- aws/flatcar-linux/kubernetes/variables.tf | 20 ++++++++++++---- aws/flatcar-linux/kubernetes/workers.tf | 2 +- azure/flatcar-linux/kubernetes/controllers.tf | 6 ++--- azure/flatcar-linux/kubernetes/variables.tf | 23 ++++++++++++++----- azure/flatcar-linux/kubernetes/workers.tf | 2 +- 11 files changed, 76 insertions(+), 29 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index da1cc435..f97af512 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -4,6 +4,12 @@ Notable changes between versions. ## Latest +### Azure + +* Allow controller and worker nodes to use different CPU architectures + * Add `controller_arch` and `worker_arch` variables + * Remove the `arch` variable + ## v1.30.3 * Kubernetes [v1.30.3](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.30.md#v1303) @@ -19,17 +25,23 @@ Notable changes between versions. * Fix propagating settings to worker disks, previously ignored * Allow configuring CPU pricing model for burstable instance types ([#1482](https://github.com/poseidon/typhoon/pull/1482)) * Add `controller_cpu_credits` and `worker_cpu_credits` variables (`standard` or `unlimited`) +* Configure controller or worker instance architecture ([#1485](https://github.com/poseidon/typhoon/pull/1485)) + * Add `controller_arch` and `worker_arch` variables (`amd64` or `arm64`) + * Remove `arch` variable ```diff module "cluster" { ... +- arch = "amd64" - disk_type = "gp3" - disk_size = 30 - disk_iops = 3000 ++ controller_arch = "amd64" + controller_disk_size = 15 -+ worker_disk_size = 22 + controller_cpu_credits = "standard" ++ worker_arch = "amd64" ++ worker_disk_size = 22 + worker_cpu_credits = "unlimited" } ``` @@ -53,6 +65,9 @@ module "cluster" { * Add `controller_disk_type` and `controller_disk_size` variables * Add `worker_disk_type`, `worker_disk_size`, and `worker_ephemeral_disk` variables * Reduce the number of public IPv4 addresses needed for the Azure load balancer ([#1470](https://github.com/poseidon/typhoon/pull/1470)) +* Configure controller or worker instance architecture for Flatcar Linux ([#1485](https://github.com/poseidon/typhoon/pull/1485)) + * Add `controller_arch` and `worker_arch` variables (`amd64` or `arm64`) + * Remove `arch` variable ```diff module "cluster" { @@ -65,7 +80,7 @@ module "cluster" { + ipv4 = ["10.0.0.0/16"] + } - # optional + # instances + controller_disk_type = "StandardSSD_LRS" + worker_ephemeral_disk = true } diff --git a/aws/fedora-coreos/kubernetes/ami.tf b/aws/fedora-coreos/kubernetes/ami.tf index 93d2556e..caac6121 100644 --- a/aws/fedora-coreos/kubernetes/ami.tf +++ b/aws/fedora-coreos/kubernetes/ami.tf @@ -19,7 +19,7 @@ data "aws_ami" "fedora-coreos" { } data "aws_ami" "fedora-coreos-arm" { - count = var.arch == "arm64" ? 1 : 0 + count = var.controller_arch == "arm64" ? 1 : 0 most_recent = true owners = ["125523088429"] diff --git a/aws/fedora-coreos/kubernetes/controllers.tf b/aws/fedora-coreos/kubernetes/controllers.tf index 8269a661..3a113650 100644 --- a/aws/fedora-coreos/kubernetes/controllers.tf +++ b/aws/fedora-coreos/kubernetes/controllers.tf @@ -22,7 +22,7 @@ resource "aws_instance" "controllers" { } instance_type = var.controller_type - ami = var.arch == "arm64" ? data.aws_ami.fedora-coreos-arm[0].image_id : data.aws_ami.fedora-coreos.image_id + ami = var.controller_arch == "arm64" ? data.aws_ami.fedora-coreos-arm[0].image_id : data.aws_ami.fedora-coreos.image_id user_data = data.ct_config.controllers.*.rendered[count.index] # storage diff --git a/aws/fedora-coreos/kubernetes/variables.tf b/aws/fedora-coreos/kubernetes/variables.tf index 013fe916..b2468413 100644 --- a/aws/fedora-coreos/kubernetes/variables.tf +++ b/aws/fedora-coreos/kubernetes/variables.tf @@ -190,14 +190,25 @@ variable "cluster_domain_suffix" { default = "cluster.local" } -variable "arch" { - type = string - description = "Container architecture (amd64 or arm64)" - default = "amd64" +# advanced +variable "controller_arch" { + type = string + description = "Controller node(s) architecture (amd64 or arm64)" + default = "amd64" validation { - condition = var.arch == "amd64" || var.arch == "arm64" - error_message = "The arch must be amd64 or arm64." + condition = contains(["amd64", "arm64"], var.controller_arch) + error_message = "The controller_arch must be amd64 or arm64." + } +} + +variable "worker_arch" { + type = string + description = "Worker node(s) architecture (amd64 or arm64)" + default = "amd64" + validation { + condition = contains(["amd64", "arm64"], var.worker_arch) + error_message = "The worker_arch must be amd64 or arm64." } } diff --git a/aws/fedora-coreos/kubernetes/workers.tf b/aws/fedora-coreos/kubernetes/workers.tf index fb06c335..4ccd0ca9 100644 --- a/aws/fedora-coreos/kubernetes/workers.tf +++ b/aws/fedora-coreos/kubernetes/workers.tf @@ -9,7 +9,7 @@ module "workers" { worker_count = var.worker_count instance_type = var.worker_type os_stream = var.os_stream - arch = var.arch + arch = var.worker_arch disk_type = var.worker_disk_type disk_size = var.worker_disk_size disk_iops = var.worker_disk_iops diff --git a/aws/flatcar-linux/kubernetes/ami.tf b/aws/flatcar-linux/kubernetes/ami.tf index 43eb9f59..5b35ec06 100644 --- a/aws/flatcar-linux/kubernetes/ami.tf +++ b/aws/flatcar-linux/kubernetes/ami.tf @@ -1,7 +1,7 @@ locals { # Pick a Flatcar Linux AMI # flatcar-stable -> Flatcar Linux AMI - ami_id = var.arch == "arm64" ? data.aws_ami.flatcar-arm64[0].image_id : data.aws_ami.flatcar.image_id + ami_id = var.controller_arch == "arm64" ? data.aws_ami.flatcar-arm64[0].image_id : data.aws_ami.flatcar.image_id channel = split("-", var.os_image)[1] } @@ -26,7 +26,7 @@ data "aws_ami" "flatcar" { } data "aws_ami" "flatcar-arm64" { - count = var.arch == "arm64" ? 1 : 0 + count = var.controller_arch == "arm64" ? 1 : 0 most_recent = true owners = ["075585003325"] diff --git a/aws/flatcar-linux/kubernetes/variables.tf b/aws/flatcar-linux/kubernetes/variables.tf index 2331db4d..714f4123 100644 --- a/aws/flatcar-linux/kubernetes/variables.tf +++ b/aws/flatcar-linux/kubernetes/variables.tf @@ -190,17 +190,27 @@ variable "cluster_domain_suffix" { default = "cluster.local" } -variable "arch" { +variable "controller_arch" { type = string - description = "Container architecture (amd64 or arm64)" + description = "Controller node(s) architecture (amd64 or arm64)" default = "amd64" - validation { - condition = var.arch == "amd64" || var.arch == "arm64" - error_message = "The arch must be amd64 or arm64." + condition = contains(["amd64", "arm64"], var.controller_arch) + error_message = "The controller_arch must be amd64 or arm64." } } +variable "worker_arch" { + type = string + description = "Worker node(s) architecture (amd64 or arm64)" + default = "amd64" + validation { + condition = contains(["amd64", "arm64"], var.worker_arch) + error_message = "The worker_arch must be amd64 or arm64." + } +} + + variable "daemonset_tolerations" { type = list(string) description = "List of additional taint keys kube-system DaemonSets should tolerate (e.g. ['custom-role', 'gpu-role'])" diff --git a/aws/flatcar-linux/kubernetes/workers.tf b/aws/flatcar-linux/kubernetes/workers.tf index 7397c99a..22d08b1f 100644 --- a/aws/flatcar-linux/kubernetes/workers.tf +++ b/aws/flatcar-linux/kubernetes/workers.tf @@ -9,7 +9,7 @@ module "workers" { worker_count = var.worker_count instance_type = var.worker_type os_image = var.os_image - arch = var.arch + arch = var.worker_arch disk_type = var.worker_disk_type disk_size = var.worker_disk_size disk_iops = var.worker_disk_iops diff --git a/azure/flatcar-linux/kubernetes/controllers.tf b/azure/flatcar-linux/kubernetes/controllers.tf index a4e11729..e56d55ed 100644 --- a/azure/flatcar-linux/kubernetes/controllers.tf +++ b/azure/flatcar-linux/kubernetes/controllers.tf @@ -2,8 +2,8 @@ locals { # Container Linux derivative # flatcar-stable -> Flatcar Linux Stable channel = split("-", var.os_image)[1] - offer_suffix = var.arch == "arm64" ? "corevm" : "free" - urn = var.arch == "arm64" ? local.channel : "${local.channel}-gen2" + offer_suffix = var.controller_arch == "arm64" ? "corevm" : "free" + urn = var.controller_arch == "arm64" ? local.channel : "${local.channel}-gen2" # Typhoon ssh_authorized_key supports RSA or a newer formats (e.g. ed25519). # However, Azure requires an older RSA key to pass validations. To use a @@ -63,7 +63,7 @@ resource "azurerm_linux_virtual_machine" "controllers" { } dynamic "plan" { - for_each = var.arch == "arm64" ? [] : [1] + for_each = var.controller_arch == "arm64" ? [] : [1] content { publisher = "kinvolk" product = "flatcar-container-linux-${local.offer_suffix}" diff --git a/azure/flatcar-linux/kubernetes/variables.tf b/azure/flatcar-linux/kubernetes/variables.tf index a15bdcfe..9ba88cf5 100644 --- a/azure/flatcar-linux/kubernetes/variables.tf +++ b/azure/flatcar-linux/kubernetes/variables.tf @@ -168,14 +168,25 @@ variable "worker_node_labels" { default = [] } -variable "arch" { - type = string - description = "Container architecture (amd64 or arm64)" - default = "amd64" +# advanced +variable "controller_arch" { + type = string + description = "Controller node(s) architecture (amd64 or arm64)" + default = "amd64" validation { - condition = var.arch == "amd64" || var.arch == "arm64" - error_message = "The arch must be amd64 or arm64." + condition = contains(["amd64", "arm64"], var.controller_arch) + error_message = "The controller_arch must be amd64 or arm64." + } +} + +variable "worker_arch" { + type = string + description = "Worker node(s) architecture (amd64 or arm64)" + default = "amd64" + validation { + condition = contains(["amd64", "arm64"], var.worker_arch) + error_message = "The worker_arch must be amd64 or arm64." } } diff --git a/azure/flatcar-linux/kubernetes/workers.tf b/azure/flatcar-linux/kubernetes/workers.tf index c9c492a1..4a3d6488 100644 --- a/azure/flatcar-linux/kubernetes/workers.tf +++ b/azure/flatcar-linux/kubernetes/workers.tf @@ -25,5 +25,5 @@ module "workers" { cluster_domain_suffix = var.cluster_domain_suffix snippets = var.worker_snippets node_labels = var.worker_node_labels - arch = var.arch + arch = var.worker_arch } From 0120b9f38d4269fb6d68c4fcdb99c41804f86262 Mon Sep 17 00:00:00 2001 From: Dalton Hubble Date: Fri, 2 Aug 2024 15:01:48 -0700 Subject: [PATCH 085/132] Remove the cluster_domain_suffix variable * Drop support for `cluster_domain_suffix` customization and always use `cluster.local`. Many components in the Kubernetes ecosystem assume this default suffix and its very rare to be setting a special value here these days * Cleanup a few variables that are seldom used --- CHANGES.md | 6 +--- README.md | 7 ++-- aws/fedora-coreos/kubernetes/bootstrap.tf | 1 - .../kubernetes/butane/controller.yaml | 2 +- aws/fedora-coreos/kubernetes/controllers.tf | 1 - aws/fedora-coreos/kubernetes/variables.tf | 24 +++++-------- aws/fedora-coreos/kubernetes/workers.tf | 33 ++++++++--------- .../kubernetes/workers/butane/worker.yaml | 2 +- .../kubernetes/workers/variables.tf | 11 ++---- .../kubernetes/workers/workers.tf | 1 - aws/flatcar-linux/kubernetes/bootstrap.tf | 1 - .../kubernetes/butane/controller.yaml | 2 +- aws/flatcar-linux/kubernetes/controllers.tf | 1 - aws/flatcar-linux/kubernetes/variables.tf | 23 +++++------- aws/flatcar-linux/kubernetes/workers.tf | 31 ++++++++-------- .../kubernetes/workers/butane/worker.yaml | 2 +- .../kubernetes/workers/variables.tf | 8 +---- .../kubernetes/workers/workers.tf | 1 - azure/fedora-coreos/kubernetes/bootstrap.tf | 1 - .../kubernetes/butane/controller.yaml | 2 +- azure/fedora-coreos/kubernetes/controllers.tf | 1 - azure/fedora-coreos/kubernetes/variables.tf | 23 +++++------- azure/fedora-coreos/kubernetes/workers.tf | 16 ++++----- .../kubernetes/workers/butane/worker.yaml | 2 +- .../kubernetes/workers/variables.tf | 9 ----- .../kubernetes/workers/workers.tf | 1 - azure/flatcar-linux/kubernetes/bootstrap.tf | 1 - .../kubernetes/butane/controller.yaml | 2 +- azure/flatcar-linux/kubernetes/controllers.tf | 1 - azure/flatcar-linux/kubernetes/variables.tf | 8 ----- azure/flatcar-linux/kubernetes/workers.tf | 15 ++++---- .../kubernetes/workers/butane/worker.yaml | 2 +- .../kubernetes/workers/variables.tf | 9 ----- .../kubernetes/workers/workers.tf | 1 - .../fedora-coreos/kubernetes/bootstrap.tf | 1 - .../kubernetes/butane/controller.yaml | 2 +- .../fedora-coreos/kubernetes/profiles.tf | 1 - .../fedora-coreos/kubernetes/variables.tf | 8 +---- .../kubernetes/worker/butane/worker.yaml | 2 +- .../kubernetes/worker/matchbox.tf | 1 - .../kubernetes/worker/variables.tf | 6 ---- .../fedora-coreos/kubernetes/workers.tf | 13 ++++--- .../flatcar-linux/kubernetes/bootstrap.tf | 1 - .../kubernetes/butane/controller.yaml | 2 +- .../flatcar-linux/kubernetes/profiles.tf | 1 - .../flatcar-linux/kubernetes/variables.tf | 8 +---- .../kubernetes/worker/butane/worker.yaml | 2 +- .../kubernetes/worker/matchbox.tf | 1 - .../kubernetes/worker/variables.tf | 10 ------ .../flatcar-linux/kubernetes/workers.tf | 13 ++++--- .../fedora-coreos/kubernetes/bootstrap.tf | 11 +++--- .../kubernetes/butane/controller.yaml | 2 +- .../kubernetes/butane/worker.yaml | 2 +- .../fedora-coreos/kubernetes/controllers.tf | 1 - .../fedora-coreos/kubernetes/variables.tf | 8 +---- .../fedora-coreos/kubernetes/workers.tf | 1 - .../flatcar-linux/kubernetes/bootstrap.tf | 11 +++--- .../kubernetes/butane/controller.yaml | 2 +- .../kubernetes/butane/worker.yaml | 2 +- .../flatcar-linux/kubernetes/controllers.tf | 1 - .../flatcar-linux/kubernetes/variables.tf | 8 +---- .../flatcar-linux/kubernetes/workers.tf | 1 - docs/fedora-coreos/aws.md | 33 +++++++++-------- docs/fedora-coreos/azure.md | 33 ++++++++--------- docs/fedora-coreos/bare-metal.md | 7 ++-- docs/fedora-coreos/digitalocean.md | 16 ++++----- docs/fedora-coreos/google-cloud.md | 23 ++++++------ docs/flatcar-linux/aws.md | 35 ++++++++++--------- docs/flatcar-linux/azure.md | 35 ++++++++++--------- docs/flatcar-linux/bare-metal.md | 7 ++-- docs/flatcar-linux/digitalocean.md | 16 ++++----- docs/flatcar-linux/google-cloud.md | 23 ++++++------ .../fedora-coreos/kubernetes/bootstrap.tf | 1 - .../kubernetes/butane/controller.yaml | 2 +- .../fedora-coreos/kubernetes/controllers.tf | 1 - .../fedora-coreos/kubernetes/variables.tf | 8 +---- .../fedora-coreos/kubernetes/workers.tf | 11 +++--- .../kubernetes/workers/butane/worker.yaml | 2 +- .../kubernetes/workers/variables.tf | 8 +---- .../kubernetes/workers/workers.tf | 1 - .../flatcar-linux/kubernetes/bootstrap.tf | 1 - .../kubernetes/butane/controller.yaml | 2 +- .../flatcar-linux/kubernetes/controllers.tf | 1 - .../flatcar-linux/kubernetes/variables.tf | 9 +---- .../flatcar-linux/kubernetes/workers.tf | 11 +++--- .../kubernetes/workers/butane/worker.yaml | 2 +- .../kubernetes/workers/variables.tf | 8 +---- .../kubernetes/workers/workers.tf | 1 - 88 files changed, 261 insertions(+), 409 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index f97af512..36712fea 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -4,11 +4,7 @@ Notable changes between versions. ## Latest -### Azure - -* Allow controller and worker nodes to use different CPU architectures - * Add `controller_arch` and `worker_arch` variables - * Remove the `arch` variable +* Remove `cluster_domain_suffix` variable, always use "cluster.local" ## v1.30.3 diff --git a/README.md b/README.md index 956e8c9f..e6c04e64 100644 --- a/README.md +++ b/README.md @@ -127,9 +127,10 @@ List the pods. ``` $ kubectl get pods --all-namespaces NAMESPACE NAME READY STATUS RESTARTS AGE -kube-system calico-node-1cs8z 2/2 Running 0 6m -kube-system calico-node-d1l5b 2/2 Running 0 6m -kube-system calico-node-sp9ps 2/2 Running 0 6m +kube-system cilium-1cs8z 1/1 Running 0 6m +kube-system cilium-d1l5b 1/1 Running 0 6m +kube-system cilium-sp9ps 1/1 Running 0 6m +kube-system cilium-operator-68d778b448-g744f 1/1 Running 0 6m kube-system coredns-1187388186-zj5dl 1/1 Running 0 6m kube-system coredns-1187388186-dkh3o 1/1 Running 0 6m kube-system kube-apiserver-controller-0 1/1 Running 0 6m diff --git a/aws/fedora-coreos/kubernetes/bootstrap.tf b/aws/fedora-coreos/kubernetes/bootstrap.tf index f1240f6b..a018652c 100644 --- a/aws/fedora-coreos/kubernetes/bootstrap.tf +++ b/aws/fedora-coreos/kubernetes/bootstrap.tf @@ -9,7 +9,6 @@ module "bootstrap" { network_mtu = var.network_mtu pod_cidr = var.pod_cidr service_cidr = var.service_cidr - cluster_domain_suffix = var.cluster_domain_suffix enable_reporting = var.enable_reporting enable_aggregation = var.enable_aggregation daemonset_tolerations = var.daemonset_tolerations diff --git a/aws/fedora-coreos/kubernetes/butane/controller.yaml b/aws/fedora-coreos/kubernetes/butane/controller.yaml index 940435c8..7023d509 100644 --- a/aws/fedora-coreos/kubernetes/butane/controller.yaml +++ b/aws/fedora-coreos/kubernetes/butane/controller.yaml @@ -149,7 +149,7 @@ storage: cgroupDriver: systemd clusterDNS: - ${cluster_dns_service_ip} - clusterDomain: ${cluster_domain_suffix} + clusterDomain: cluster.local healthzPort: 0 rotateCertificates: true shutdownGracePeriod: 45s diff --git a/aws/fedora-coreos/kubernetes/controllers.tf b/aws/fedora-coreos/kubernetes/controllers.tf index 3a113650..a66acd88 100644 --- a/aws/fedora-coreos/kubernetes/controllers.tf +++ b/aws/fedora-coreos/kubernetes/controllers.tf @@ -65,7 +65,6 @@ data "ct_config" "controllers" { kubeconfig = indent(10, module.bootstrap.kubeconfig-kubelet) ssh_authorized_key = var.ssh_authorized_key cluster_dns_service_ip = cidrhost(var.service_cidr, 10) - cluster_domain_suffix = var.cluster_domain_suffix }) strict = true snippets = var.controller_snippets diff --git a/aws/fedora-coreos/kubernetes/variables.tf b/aws/fedora-coreos/kubernetes/variables.tf index b2468413..3b8a10ac 100644 --- a/aws/fedora-coreos/kubernetes/variables.tf +++ b/aws/fedora-coreos/kubernetes/variables.tf @@ -164,6 +164,14 @@ EOD default = "10.3.0.0/16" } +variable "worker_node_labels" { + type = list(string) + description = "List of initial worker node labels" + default = [] +} + +# advanced + variable "enable_reporting" { type = bool description = "Enable usage or analytics reporting to upstreams (Calico)" @@ -176,22 +184,6 @@ variable "enable_aggregation" { default = true } -variable "worker_node_labels" { - type = list(string) - description = "List of initial worker node labels" - default = [] -} - -# unofficial, undocumented, unsupported - -variable "cluster_domain_suffix" { - type = string - description = "Queries for domains with the suffix will be answered by CoreDNS. Default is cluster.local (e.g. foo.default.svc.cluster.local)" - default = "cluster.local" -} - -# advanced - variable "controller_arch" { type = string description = "Controller node(s) architecture (amd64 or arm64)" diff --git a/aws/fedora-coreos/kubernetes/workers.tf b/aws/fedora-coreos/kubernetes/workers.tf index 4ccd0ca9..debe57a6 100644 --- a/aws/fedora-coreos/kubernetes/workers.tf +++ b/aws/fedora-coreos/kubernetes/workers.tf @@ -6,23 +6,24 @@ module "workers" { vpc_id = aws_vpc.network.id subnet_ids = aws_subnet.public.*.id security_groups = [aws_security_group.worker.id] - worker_count = var.worker_count - instance_type = var.worker_type - os_stream = var.os_stream - arch = var.worker_arch - disk_type = var.worker_disk_type - disk_size = var.worker_disk_size - disk_iops = var.worker_disk_iops - cpu_credits = var.worker_cpu_credits - spot_price = var.worker_price - target_groups = var.worker_target_groups + + # instances + os_stream = var.os_stream + worker_count = var.worker_count + instance_type = var.worker_type + arch = var.worker_arch + disk_type = var.worker_disk_type + disk_size = var.worker_disk_size + disk_iops = var.worker_disk_iops + cpu_credits = var.worker_cpu_credits + spot_price = var.worker_price + target_groups = var.worker_target_groups # configuration - kubeconfig = module.bootstrap.kubeconfig-kubelet - ssh_authorized_key = var.ssh_authorized_key - service_cidr = var.service_cidr - cluster_domain_suffix = var.cluster_domain_suffix - snippets = var.worker_snippets - node_labels = var.worker_node_labels + kubeconfig = module.bootstrap.kubeconfig-kubelet + ssh_authorized_key = var.ssh_authorized_key + service_cidr = var.service_cidr + snippets = var.worker_snippets + node_labels = var.worker_node_labels } diff --git a/aws/fedora-coreos/kubernetes/workers/butane/worker.yaml b/aws/fedora-coreos/kubernetes/workers/butane/worker.yaml index 3888a4bc..0e7f418f 100644 --- a/aws/fedora-coreos/kubernetes/workers/butane/worker.yaml +++ b/aws/fedora-coreos/kubernetes/workers/butane/worker.yaml @@ -104,7 +104,7 @@ storage: cgroupDriver: systemd clusterDNS: - ${cluster_dns_service_ip} - clusterDomain: ${cluster_domain_suffix} + clusterDomain: cluster.local healthzPort: 0 rotateCertificates: true shutdownGracePeriod: 45s diff --git a/aws/fedora-coreos/kubernetes/workers/variables.tf b/aws/fedora-coreos/kubernetes/workers/variables.tf index 3f859e70..4b743368 100644 --- a/aws/fedora-coreos/kubernetes/workers/variables.tf +++ b/aws/fedora-coreos/kubernetes/workers/variables.tf @@ -108,12 +108,6 @@ EOD default = "10.3.0.0/16" } -variable "cluster_domain_suffix" { - type = string - description = "Queries for domains with the suffix will be answered by coredns. Default is cluster.local (e.g. foo.default.svc.cluster.local) " - default = "cluster.local" -} - variable "node_labels" { type = list(string) description = "List of initial node labels" @@ -126,15 +120,14 @@ variable "node_taints" { default = [] } -# unofficial, undocumented, unsupported +# advanced variable "arch" { type = string description = "Container architecture (amd64 or arm64)" default = "amd64" - validation { - condition = var.arch == "amd64" || var.arch == "arm64" + condition = contains(["amd64", "arm64"], var.arch) error_message = "The arch must be amd64 or arm64." } } diff --git a/aws/fedora-coreos/kubernetes/workers/workers.tf b/aws/fedora-coreos/kubernetes/workers/workers.tf index d3038305..71729515 100644 --- a/aws/fedora-coreos/kubernetes/workers/workers.tf +++ b/aws/fedora-coreos/kubernetes/workers/workers.tf @@ -111,7 +111,6 @@ data "ct_config" "worker" { kubeconfig = indent(10, var.kubeconfig) ssh_authorized_key = var.ssh_authorized_key cluster_dns_service_ip = cidrhost(var.service_cidr, 10) - cluster_domain_suffix = var.cluster_domain_suffix node_labels = join(",", var.node_labels) node_taints = join(",", var.node_taints) }) diff --git a/aws/flatcar-linux/kubernetes/bootstrap.tf b/aws/flatcar-linux/kubernetes/bootstrap.tf index f1240f6b..a018652c 100644 --- a/aws/flatcar-linux/kubernetes/bootstrap.tf +++ b/aws/flatcar-linux/kubernetes/bootstrap.tf @@ -9,7 +9,6 @@ module "bootstrap" { network_mtu = var.network_mtu pod_cidr = var.pod_cidr service_cidr = var.service_cidr - cluster_domain_suffix = var.cluster_domain_suffix enable_reporting = var.enable_reporting enable_aggregation = var.enable_aggregation daemonset_tolerations = var.daemonset_tolerations diff --git a/aws/flatcar-linux/kubernetes/butane/controller.yaml b/aws/flatcar-linux/kubernetes/butane/controller.yaml index b591b785..69c6294d 100644 --- a/aws/flatcar-linux/kubernetes/butane/controller.yaml +++ b/aws/flatcar-linux/kubernetes/butane/controller.yaml @@ -148,7 +148,7 @@ storage: cgroupDriver: systemd clusterDNS: - ${cluster_dns_service_ip} - clusterDomain: ${cluster_domain_suffix} + clusterDomain: cluster.local healthzPort: 0 rotateCertificates: true shutdownGracePeriod: 45s diff --git a/aws/flatcar-linux/kubernetes/controllers.tf b/aws/flatcar-linux/kubernetes/controllers.tf index b48aa770..a186d04a 100644 --- a/aws/flatcar-linux/kubernetes/controllers.tf +++ b/aws/flatcar-linux/kubernetes/controllers.tf @@ -66,7 +66,6 @@ data "ct_config" "controllers" { kubeconfig = indent(10, module.bootstrap.kubeconfig-kubelet) ssh_authorized_key = var.ssh_authorized_key cluster_dns_service_ip = cidrhost(var.service_cidr, 10) - cluster_domain_suffix = var.cluster_domain_suffix }) strict = true snippets = var.controller_snippets diff --git a/aws/flatcar-linux/kubernetes/variables.tf b/aws/flatcar-linux/kubernetes/variables.tf index 714f4123..fcf55277 100644 --- a/aws/flatcar-linux/kubernetes/variables.tf +++ b/aws/flatcar-linux/kubernetes/variables.tf @@ -164,6 +164,14 @@ EOD default = "10.3.0.0/16" } +variable "worker_node_labels" { + type = list(string) + description = "List of initial worker node labels" + default = [] +} + +# advanced + variable "enable_reporting" { type = bool description = "Enable usage or analytics reporting to upstreams (Calico)" @@ -176,20 +184,6 @@ variable "enable_aggregation" { default = true } -variable "worker_node_labels" { - type = list(string) - description = "List of initial worker node labels" - default = [] -} - -# unofficial, undocumented, unsupported - -variable "cluster_domain_suffix" { - type = string - description = "Queries for domains with the suffix will be answered by CoreDNS. Default is cluster.local (e.g. foo.default.svc.cluster.local)" - default = "cluster.local" -} - variable "controller_arch" { type = string description = "Controller node(s) architecture (amd64 or arm64)" @@ -210,7 +204,6 @@ variable "worker_arch" { } } - variable "daemonset_tolerations" { type = list(string) description = "List of additional taint keys kube-system DaemonSets should tolerate (e.g. ['custom-role', 'gpu-role'])" diff --git a/aws/flatcar-linux/kubernetes/workers.tf b/aws/flatcar-linux/kubernetes/workers.tf index 22d08b1f..9e5de509 100644 --- a/aws/flatcar-linux/kubernetes/workers.tf +++ b/aws/flatcar-linux/kubernetes/workers.tf @@ -6,22 +6,23 @@ module "workers" { vpc_id = aws_vpc.network.id subnet_ids = aws_subnet.public.*.id security_groups = [aws_security_group.worker.id] - worker_count = var.worker_count - instance_type = var.worker_type - os_image = var.os_image - arch = var.worker_arch - disk_type = var.worker_disk_type - disk_size = var.worker_disk_size - disk_iops = var.worker_disk_iops - spot_price = var.worker_price - target_groups = var.worker_target_groups + + # instances + os_image = var.os_image + worker_count = var.worker_count + instance_type = var.worker_type + arch = var.worker_arch + disk_type = var.worker_disk_type + disk_size = var.worker_disk_size + disk_iops = var.worker_disk_iops + spot_price = var.worker_price + target_groups = var.worker_target_groups # configuration - kubeconfig = module.bootstrap.kubeconfig-kubelet - ssh_authorized_key = var.ssh_authorized_key - service_cidr = var.service_cidr - cluster_domain_suffix = var.cluster_domain_suffix - snippets = var.worker_snippets - node_labels = var.worker_node_labels + kubeconfig = module.bootstrap.kubeconfig-kubelet + ssh_authorized_key = var.ssh_authorized_key + service_cidr = var.service_cidr + snippets = var.worker_snippets + node_labels = var.worker_node_labels } diff --git a/aws/flatcar-linux/kubernetes/workers/butane/worker.yaml b/aws/flatcar-linux/kubernetes/workers/butane/worker.yaml index 33d212f0..8a789b88 100644 --- a/aws/flatcar-linux/kubernetes/workers/butane/worker.yaml +++ b/aws/flatcar-linux/kubernetes/workers/butane/worker.yaml @@ -103,7 +103,7 @@ storage: cgroupDriver: systemd clusterDNS: - ${cluster_dns_service_ip} - clusterDomain: ${cluster_domain_suffix} + clusterDomain: cluster.local healthzPort: 0 rotateCertificates: true shutdownGracePeriod: 45s diff --git a/aws/flatcar-linux/kubernetes/workers/variables.tf b/aws/flatcar-linux/kubernetes/workers/variables.tf index 60f3b689..13a203ed 100644 --- a/aws/flatcar-linux/kubernetes/workers/variables.tf +++ b/aws/flatcar-linux/kubernetes/workers/variables.tf @@ -108,12 +108,6 @@ EOD default = "10.3.0.0/16" } -variable "cluster_domain_suffix" { - type = string - description = "Queries for domains with the suffix will be answered by coredns. Default is cluster.local (e.g. foo.default.svc.cluster.local) " - default = "cluster.local" -} - variable "node_labels" { type = list(string) description = "List of initial node labels" @@ -134,7 +128,7 @@ variable "arch" { default = "amd64" validation { - condition = var.arch == "amd64" || var.arch == "arm64" + condition = contains(["amd64", "arm64"], var.arch) error_message = "The arch must be amd64 or arm64." } } diff --git a/aws/flatcar-linux/kubernetes/workers/workers.tf b/aws/flatcar-linux/kubernetes/workers/workers.tf index 3aef08ed..a20681f9 100644 --- a/aws/flatcar-linux/kubernetes/workers/workers.tf +++ b/aws/flatcar-linux/kubernetes/workers/workers.tf @@ -111,7 +111,6 @@ data "ct_config" "worker" { kubeconfig = indent(10, var.kubeconfig) ssh_authorized_key = var.ssh_authorized_key cluster_dns_service_ip = cidrhost(var.service_cidr, 10) - cluster_domain_suffix = var.cluster_domain_suffix node_labels = join(",", var.node_labels) node_taints = join(",", var.node_taints) }) diff --git a/azure/fedora-coreos/kubernetes/bootstrap.tf b/azure/fedora-coreos/kubernetes/bootstrap.tf index b721b646..285ced2f 100644 --- a/azure/fedora-coreos/kubernetes/bootstrap.tf +++ b/azure/fedora-coreos/kubernetes/bootstrap.tf @@ -14,7 +14,6 @@ module "bootstrap" { pod_cidr = var.pod_cidr service_cidr = var.service_cidr - cluster_domain_suffix = var.cluster_domain_suffix enable_reporting = var.enable_reporting enable_aggregation = var.enable_aggregation daemonset_tolerations = var.daemonset_tolerations diff --git a/azure/fedora-coreos/kubernetes/butane/controller.yaml b/azure/fedora-coreos/kubernetes/butane/controller.yaml index 9124e2c9..6a1ce854 100644 --- a/azure/fedora-coreos/kubernetes/butane/controller.yaml +++ b/azure/fedora-coreos/kubernetes/butane/controller.yaml @@ -144,7 +144,7 @@ storage: cgroupDriver: systemd clusterDNS: - ${cluster_dns_service_ip} - clusterDomain: ${cluster_domain_suffix} + clusterDomain: cluster.local healthzPort: 0 rotateCertificates: true shutdownGracePeriod: 45s diff --git a/azure/fedora-coreos/kubernetes/controllers.tf b/azure/fedora-coreos/kubernetes/controllers.tf index 5c4a0cfb..504c6904 100644 --- a/azure/fedora-coreos/kubernetes/controllers.tf +++ b/azure/fedora-coreos/kubernetes/controllers.tf @@ -163,7 +163,6 @@ data "ct_config" "controllers" { kubeconfig = indent(10, module.bootstrap.kubeconfig-kubelet) ssh_authorized_key = var.ssh_authorized_key cluster_dns_service_ip = cidrhost(var.service_cidr, 10) - cluster_domain_suffix = var.cluster_domain_suffix }) strict = true snippets = var.controller_snippets diff --git a/azure/fedora-coreos/kubernetes/variables.tf b/azure/fedora-coreos/kubernetes/variables.tf index fb3706e1..d0240c06 100644 --- a/azure/fedora-coreos/kubernetes/variables.tf +++ b/azure/fedora-coreos/kubernetes/variables.tf @@ -27,7 +27,6 @@ variable "os_image" { description = "Fedora CoreOS image for instances" } - variable "controller_count" { type = number description = "Number of controllers (i.e. masters)" @@ -145,6 +144,14 @@ EOD default = "10.3.0.0/16" } +variable "worker_node_labels" { + type = list(string) + description = "List of initial worker node labels" + default = [] +} + +# advanced + variable "enable_reporting" { type = bool description = "Enable usage or analytics reporting to upstreams (Calico)" @@ -157,20 +164,6 @@ variable "enable_aggregation" { default = true } -variable "worker_node_labels" { - type = list(string) - description = "List of initial worker node labels" - default = [] -} - -# unofficial, undocumented, unsupported - -variable "cluster_domain_suffix" { - type = string - description = "Queries for domains with the suffix will be answered by coredns. Default is cluster.local (e.g. foo.default.svc.cluster.local) " - default = "cluster.local" -} - variable "daemonset_tolerations" { type = list(string) description = "List of additional taint keys kube-system DaemonSets should tolerate (e.g. ['custom-role', 'gpu-role'])" diff --git a/azure/fedora-coreos/kubernetes/workers.tf b/azure/fedora-coreos/kubernetes/workers.tf index e61ca3da..9ffc86f3 100644 --- a/azure/fedora-coreos/kubernetes/workers.tf +++ b/azure/fedora-coreos/kubernetes/workers.tf @@ -9,20 +9,20 @@ module "workers" { security_group_id = azurerm_network_security_group.worker.id backend_address_pool_ids = local.backend_address_pool_ids + # instances + os_image = var.os_image worker_count = var.worker_count vm_type = var.worker_type - os_image = var.os_image disk_type = var.worker_disk_type disk_size = var.worker_disk_size ephemeral_disk = var.worker_ephemeral_disk priority = var.worker_priority # configuration - kubeconfig = module.bootstrap.kubeconfig-kubelet - ssh_authorized_key = var.ssh_authorized_key - azure_authorized_key = var.azure_authorized_key - service_cidr = var.service_cidr - cluster_domain_suffix = var.cluster_domain_suffix - snippets = var.worker_snippets - node_labels = var.worker_node_labels + kubeconfig = module.bootstrap.kubeconfig-kubelet + ssh_authorized_key = var.ssh_authorized_key + azure_authorized_key = var.azure_authorized_key + service_cidr = var.service_cidr + snippets = var.worker_snippets + node_labels = var.worker_node_labels } diff --git a/azure/fedora-coreos/kubernetes/workers/butane/worker.yaml b/azure/fedora-coreos/kubernetes/workers/butane/worker.yaml index b30fe1da..7eaf9474 100644 --- a/azure/fedora-coreos/kubernetes/workers/butane/worker.yaml +++ b/azure/fedora-coreos/kubernetes/workers/butane/worker.yaml @@ -99,7 +99,7 @@ storage: cgroupDriver: systemd clusterDNS: - ${cluster_dns_service_ip} - clusterDomain: ${cluster_domain_suffix} + clusterDomain: cluster.local healthzPort: 0 rotateCertificates: true shutdownGracePeriod: 45s diff --git a/azure/fedora-coreos/kubernetes/workers/variables.tf b/azure/fedora-coreos/kubernetes/workers/variables.tf index d1f2d791..3a28d72a 100644 --- a/azure/fedora-coreos/kubernetes/workers/variables.tf +++ b/azure/fedora-coreos/kubernetes/workers/variables.tf @@ -120,12 +120,3 @@ variable "node_taints" { description = "List of initial node taints" default = [] } - -# unofficial, undocumented, unsupported - -variable "cluster_domain_suffix" { - description = "Queries for domains with the suffix will be answered by coredns. Default is cluster.local (e.g. foo.default.svc.cluster.local) " - type = string - default = "cluster.local" -} - diff --git a/azure/fedora-coreos/kubernetes/workers/workers.tf b/azure/fedora-coreos/kubernetes/workers/workers.tf index 9cfa3058..cd0a52a2 100644 --- a/azure/fedora-coreos/kubernetes/workers/workers.tf +++ b/azure/fedora-coreos/kubernetes/workers/workers.tf @@ -84,7 +84,6 @@ data "ct_config" "worker" { kubeconfig = indent(10, var.kubeconfig) ssh_authorized_key = var.ssh_authorized_key cluster_dns_service_ip = cidrhost(var.service_cidr, 10) - cluster_domain_suffix = var.cluster_domain_suffix node_labels = join(",", var.node_labels) node_taints = join(",", var.node_taints) }) diff --git a/azure/flatcar-linux/kubernetes/bootstrap.tf b/azure/flatcar-linux/kubernetes/bootstrap.tf index b721b646..285ced2f 100644 --- a/azure/flatcar-linux/kubernetes/bootstrap.tf +++ b/azure/flatcar-linux/kubernetes/bootstrap.tf @@ -14,7 +14,6 @@ module "bootstrap" { pod_cidr = var.pod_cidr service_cidr = var.service_cidr - cluster_domain_suffix = var.cluster_domain_suffix enable_reporting = var.enable_reporting enable_aggregation = var.enable_aggregation daemonset_tolerations = var.daemonset_tolerations diff --git a/azure/flatcar-linux/kubernetes/butane/controller.yaml b/azure/flatcar-linux/kubernetes/butane/controller.yaml index 5974197d..9ffcb74b 100644 --- a/azure/flatcar-linux/kubernetes/butane/controller.yaml +++ b/azure/flatcar-linux/kubernetes/butane/controller.yaml @@ -144,7 +144,7 @@ storage: cgroupDriver: systemd clusterDNS: - ${cluster_dns_service_ip} - clusterDomain: ${cluster_domain_suffix} + clusterDomain: cluster.local healthzPort: 0 rotateCertificates: true shutdownGracePeriod: 45s diff --git a/azure/flatcar-linux/kubernetes/controllers.tf b/azure/flatcar-linux/kubernetes/controllers.tf index e56d55ed..35d79405 100644 --- a/azure/flatcar-linux/kubernetes/controllers.tf +++ b/azure/flatcar-linux/kubernetes/controllers.tf @@ -185,7 +185,6 @@ data "ct_config" "controllers" { kubeconfig = indent(10, module.bootstrap.kubeconfig-kubelet) ssh_authorized_key = var.ssh_authorized_key cluster_dns_service_ip = cidrhost(var.service_cidr, 10) - cluster_domain_suffix = var.cluster_domain_suffix }) strict = true snippets = var.controller_snippets diff --git a/azure/flatcar-linux/kubernetes/variables.tf b/azure/flatcar-linux/kubernetes/variables.tf index 9ba88cf5..69350813 100644 --- a/azure/flatcar-linux/kubernetes/variables.tf +++ b/azure/flatcar-linux/kubernetes/variables.tf @@ -196,14 +196,6 @@ variable "daemonset_tolerations" { default = [] } -# unofficial, undocumented, unsupported - -variable "cluster_domain_suffix" { - type = string - description = "Queries for domains with the suffix will be answered by coredns. Default is cluster.local (e.g. foo.default.svc.cluster.local) " - default = "cluster.local" -} - variable "components" { description = "Configure pre-installed cluster components" # Component configs are passed through to terraform-render-bootstrap, diff --git a/azure/flatcar-linux/kubernetes/workers.tf b/azure/flatcar-linux/kubernetes/workers.tf index 4a3d6488..cdfb1d33 100644 --- a/azure/flatcar-linux/kubernetes/workers.tf +++ b/azure/flatcar-linux/kubernetes/workers.tf @@ -18,12 +18,11 @@ module "workers" { priority = var.worker_priority # configuration - kubeconfig = module.bootstrap.kubeconfig-kubelet - ssh_authorized_key = var.ssh_authorized_key - azure_authorized_key = var.azure_authorized_key - service_cidr = var.service_cidr - cluster_domain_suffix = var.cluster_domain_suffix - snippets = var.worker_snippets - node_labels = var.worker_node_labels - arch = var.worker_arch + kubeconfig = module.bootstrap.kubeconfig-kubelet + ssh_authorized_key = var.ssh_authorized_key + azure_authorized_key = var.azure_authorized_key + service_cidr = var.service_cidr + snippets = var.worker_snippets + node_labels = var.worker_node_labels + arch = var.worker_arch } diff --git a/azure/flatcar-linux/kubernetes/workers/butane/worker.yaml b/azure/flatcar-linux/kubernetes/workers/butane/worker.yaml index cc0efb01..ff427647 100644 --- a/azure/flatcar-linux/kubernetes/workers/butane/worker.yaml +++ b/azure/flatcar-linux/kubernetes/workers/butane/worker.yaml @@ -99,7 +99,7 @@ storage: cgroupDriver: systemd clusterDNS: - ${cluster_dns_service_ip} - clusterDomain: ${cluster_domain_suffix} + clusterDomain: cluster.local healthzPort: 0 rotateCertificates: true shutdownGracePeriod: 45s diff --git a/azure/flatcar-linux/kubernetes/workers/variables.tf b/azure/flatcar-linux/kubernetes/workers/variables.tf index 67a13d85..684619aa 100644 --- a/azure/flatcar-linux/kubernetes/workers/variables.tf +++ b/azure/flatcar-linux/kubernetes/workers/variables.tf @@ -137,12 +137,3 @@ variable "arch" { error_message = "The arch must be amd64 or arm64." } } - -# unofficial, undocumented, unsupported - -variable "cluster_domain_suffix" { - description = "Queries for domains with the suffix will be answered by coredns. Default is cluster.local (e.g. foo.default.svc.cluster.local) " - type = string - default = "cluster.local" -} - diff --git a/azure/flatcar-linux/kubernetes/workers/workers.tf b/azure/flatcar-linux/kubernetes/workers/workers.tf index 0d0d22e4..f132bf7f 100644 --- a/azure/flatcar-linux/kubernetes/workers/workers.tf +++ b/azure/flatcar-linux/kubernetes/workers/workers.tf @@ -105,7 +105,6 @@ data "ct_config" "worker" { kubeconfig = indent(10, var.kubeconfig) ssh_authorized_key = var.ssh_authorized_key cluster_dns_service_ip = cidrhost(var.service_cidr, 10) - cluster_domain_suffix = var.cluster_domain_suffix node_labels = join(",", var.node_labels) node_taints = join(",", var.node_taints) }) diff --git a/bare-metal/fedora-coreos/kubernetes/bootstrap.tf b/bare-metal/fedora-coreos/kubernetes/bootstrap.tf index 49efd12b..c18b903e 100644 --- a/bare-metal/fedora-coreos/kubernetes/bootstrap.tf +++ b/bare-metal/fedora-coreos/kubernetes/bootstrap.tf @@ -10,7 +10,6 @@ module "bootstrap" { network_ip_autodetection_method = var.network_ip_autodetection_method pod_cidr = var.pod_cidr service_cidr = var.service_cidr - cluster_domain_suffix = var.cluster_domain_suffix enable_reporting = var.enable_reporting enable_aggregation = var.enable_aggregation components = var.components diff --git a/bare-metal/fedora-coreos/kubernetes/butane/controller.yaml b/bare-metal/fedora-coreos/kubernetes/butane/controller.yaml index 7a248322..e21abf1b 100644 --- a/bare-metal/fedora-coreos/kubernetes/butane/controller.yaml +++ b/bare-metal/fedora-coreos/kubernetes/butane/controller.yaml @@ -154,7 +154,7 @@ storage: cgroupDriver: systemd clusterDNS: - ${cluster_dns_service_ip} - clusterDomain: ${cluster_domain_suffix} + clusterDomain: cluster.local healthzPort: 0 rotateCertificates: true shutdownGracePeriod: 45s diff --git a/bare-metal/fedora-coreos/kubernetes/profiles.tf b/bare-metal/fedora-coreos/kubernetes/profiles.tf index c5b8c650..d1ec077f 100644 --- a/bare-metal/fedora-coreos/kubernetes/profiles.tf +++ b/bare-metal/fedora-coreos/kubernetes/profiles.tf @@ -59,7 +59,6 @@ data "ct_config" "controllers" { etcd_name = var.controllers.*.name[count.index] etcd_initial_cluster = join(",", formatlist("%s=https://%s:2380", var.controllers.*.name, var.controllers.*.domain)) cluster_dns_service_ip = module.bootstrap.cluster_dns_service_ip - cluster_domain_suffix = var.cluster_domain_suffix ssh_authorized_key = var.ssh_authorized_key }) strict = true diff --git a/bare-metal/fedora-coreos/kubernetes/variables.tf b/bare-metal/fedora-coreos/kubernetes/variables.tf index 2a1c08e2..80d1d8e8 100644 --- a/bare-metal/fedora-coreos/kubernetes/variables.tf +++ b/bare-metal/fedora-coreos/kubernetes/variables.tf @@ -151,13 +151,7 @@ variable "enable_aggregation" { default = true } -# unofficial, undocumented, unsupported - -variable "cluster_domain_suffix" { - description = "Queries for domains with the suffix will be answered by coredns. Default is cluster.local (e.g. foo.default.svc.cluster.local) " - type = string - default = "cluster.local" -} +# advanced variable "components" { description = "Configure pre-installed cluster components" diff --git a/bare-metal/fedora-coreos/kubernetes/worker/butane/worker.yaml b/bare-metal/fedora-coreos/kubernetes/worker/butane/worker.yaml index 653c25c6..cb098fec 100644 --- a/bare-metal/fedora-coreos/kubernetes/worker/butane/worker.yaml +++ b/bare-metal/fedora-coreos/kubernetes/worker/butane/worker.yaml @@ -108,7 +108,7 @@ storage: cgroupDriver: systemd clusterDNS: - ${cluster_dns_service_ip} - clusterDomain: ${cluster_domain_suffix} + clusterDomain: cluster.local healthzPort: 0 rotateCertificates: true shutdownGracePeriod: 45s diff --git a/bare-metal/fedora-coreos/kubernetes/worker/matchbox.tf b/bare-metal/fedora-coreos/kubernetes/worker/matchbox.tf index 7fd0bdf9..3f7a7658 100644 --- a/bare-metal/fedora-coreos/kubernetes/worker/matchbox.tf +++ b/bare-metal/fedora-coreos/kubernetes/worker/matchbox.tf @@ -53,7 +53,6 @@ data "ct_config" "worker" { domain_name = var.domain ssh_authorized_key = var.ssh_authorized_key cluster_dns_service_ip = cidrhost(var.service_cidr, 10) - cluster_domain_suffix = var.cluster_domain_suffix node_labels = join(",", var.node_labels) node_taints = join(",", var.node_taints) }) diff --git a/bare-metal/fedora-coreos/kubernetes/worker/variables.tf b/bare-metal/fedora-coreos/kubernetes/worker/variables.tf index fe89f21b..e2fd056c 100644 --- a/bare-metal/fedora-coreos/kubernetes/worker/variables.tf +++ b/bare-metal/fedora-coreos/kubernetes/worker/variables.tf @@ -103,9 +103,3 @@ The 1st IP will be reserved for kube_apiserver, the 10th IP will be reserved for EOD default = "10.3.0.0/16" } - -variable "cluster_domain_suffix" { - description = "Queries for domains with the suffix will be answered by coredns. Default is cluster.local (e.g. foo.default.svc.cluster.local) " - type = string - default = "cluster.local" -} diff --git a/bare-metal/fedora-coreos/kubernetes/workers.tf b/bare-metal/fedora-coreos/kubernetes/workers.tf index 38a599ac..c7f4186b 100644 --- a/bare-metal/fedora-coreos/kubernetes/workers.tf +++ b/bare-metal/fedora-coreos/kubernetes/workers.tf @@ -15,13 +15,12 @@ module "workers" { domain = var.workers[count.index].domain # configuration - kubeconfig = module.bootstrap.kubeconfig-kubelet - ssh_authorized_key = var.ssh_authorized_key - service_cidr = var.service_cidr - cluster_domain_suffix = var.cluster_domain_suffix - node_labels = lookup(var.worker_node_labels, var.workers[count.index].name, []) - node_taints = lookup(var.worker_node_taints, var.workers[count.index].name, []) - snippets = lookup(var.snippets, var.workers[count.index].name, []) + kubeconfig = module.bootstrap.kubeconfig-kubelet + ssh_authorized_key = var.ssh_authorized_key + service_cidr = var.service_cidr + node_labels = lookup(var.worker_node_labels, var.workers[count.index].name, []) + node_taints = lookup(var.worker_node_taints, var.workers[count.index].name, []) + snippets = lookup(var.snippets, var.workers[count.index].name, []) # optional cached_install = var.cached_install diff --git a/bare-metal/flatcar-linux/kubernetes/bootstrap.tf b/bare-metal/flatcar-linux/kubernetes/bootstrap.tf index f88cdfad..994d3721 100644 --- a/bare-metal/flatcar-linux/kubernetes/bootstrap.tf +++ b/bare-metal/flatcar-linux/kubernetes/bootstrap.tf @@ -10,7 +10,6 @@ module "bootstrap" { network_ip_autodetection_method = var.network_ip_autodetection_method pod_cidr = var.pod_cidr service_cidr = var.service_cidr - cluster_domain_suffix = var.cluster_domain_suffix enable_reporting = var.enable_reporting enable_aggregation = var.enable_aggregation components = var.components diff --git a/bare-metal/flatcar-linux/kubernetes/butane/controller.yaml b/bare-metal/flatcar-linux/kubernetes/butane/controller.yaml index 042cf3c9..a77ad94f 100644 --- a/bare-metal/flatcar-linux/kubernetes/butane/controller.yaml +++ b/bare-metal/flatcar-linux/kubernetes/butane/controller.yaml @@ -155,7 +155,7 @@ storage: cgroupDriver: systemd clusterDNS: - ${cluster_dns_service_ip} - clusterDomain: ${cluster_domain_suffix} + clusterDomain: cluster.local healthzPort: 0 rotateCertificates: true shutdownGracePeriod: 45s diff --git a/bare-metal/flatcar-linux/kubernetes/profiles.tf b/bare-metal/flatcar-linux/kubernetes/profiles.tf index 1537a408..6e8f2aca 100644 --- a/bare-metal/flatcar-linux/kubernetes/profiles.tf +++ b/bare-metal/flatcar-linux/kubernetes/profiles.tf @@ -88,7 +88,6 @@ data "ct_config" "controllers" { etcd_name = var.controllers.*.name[count.index] etcd_initial_cluster = join(",", formatlist("%s=https://%s:2380", var.controllers.*.name, var.controllers.*.domain)) cluster_dns_service_ip = module.bootstrap.cluster_dns_service_ip - cluster_domain_suffix = var.cluster_domain_suffix ssh_authorized_key = var.ssh_authorized_key }) strict = true diff --git a/bare-metal/flatcar-linux/kubernetes/variables.tf b/bare-metal/flatcar-linux/kubernetes/variables.tf index e486b409..48a65054 100644 --- a/bare-metal/flatcar-linux/kubernetes/variables.tf +++ b/bare-metal/flatcar-linux/kubernetes/variables.tf @@ -167,13 +167,7 @@ EOD default = "" } -# unofficial, undocumented, unsupported - -variable "cluster_domain_suffix" { - type = string - description = "Queries for domains with the suffix will be answered by coredns. Default is cluster.local (e.g. foo.default.svc.cluster.local) " - default = "cluster.local" -} +# advanced variable "components" { description = "Configure pre-installed cluster components" diff --git a/bare-metal/flatcar-linux/kubernetes/worker/butane/worker.yaml b/bare-metal/flatcar-linux/kubernetes/worker/butane/worker.yaml index 1b3908ec..6f38f008 100644 --- a/bare-metal/flatcar-linux/kubernetes/worker/butane/worker.yaml +++ b/bare-metal/flatcar-linux/kubernetes/worker/butane/worker.yaml @@ -113,7 +113,7 @@ storage: cgroupDriver: systemd clusterDNS: - ${cluster_dns_service_ip} - clusterDomain: ${cluster_domain_suffix} + clusterDomain: cluster.local healthzPort: 0 rotateCertificates: true shutdownGracePeriod: 45s diff --git a/bare-metal/flatcar-linux/kubernetes/worker/matchbox.tf b/bare-metal/flatcar-linux/kubernetes/worker/matchbox.tf index f0800fe9..ad98eaf4 100644 --- a/bare-metal/flatcar-linux/kubernetes/worker/matchbox.tf +++ b/bare-metal/flatcar-linux/kubernetes/worker/matchbox.tf @@ -79,7 +79,6 @@ data "ct_config" "worker" { domain_name = var.domain ssh_authorized_key = var.ssh_authorized_key cluster_dns_service_ip = cidrhost(var.service_cidr, 10) - cluster_domain_suffix = var.cluster_domain_suffix node_labels = join(",", var.node_labels) node_taints = join(",", var.node_taints) }) diff --git a/bare-metal/flatcar-linux/kubernetes/worker/variables.tf b/bare-metal/flatcar-linux/kubernetes/worker/variables.tf index 98d3534d..77bae99b 100644 --- a/bare-metal/flatcar-linux/kubernetes/worker/variables.tf +++ b/bare-metal/flatcar-linux/kubernetes/worker/variables.tf @@ -114,13 +114,3 @@ The 1st IP will be reserved for kube_apiserver, the 10th IP will be reserved for EOD default = "10.3.0.0/16" } - - - -variable "cluster_domain_suffix" { - type = string - description = "Queries for domains with the suffix will be answered by coredns. Default is cluster.local (e.g. foo.default.svc.cluster.local) " - default = "cluster.local" -} - - diff --git a/bare-metal/flatcar-linux/kubernetes/workers.tf b/bare-metal/flatcar-linux/kubernetes/workers.tf index e558aec7..24e046b0 100644 --- a/bare-metal/flatcar-linux/kubernetes/workers.tf +++ b/bare-metal/flatcar-linux/kubernetes/workers.tf @@ -15,13 +15,12 @@ module "workers" { domain = var.workers[count.index].domain # configuration - kubeconfig = module.bootstrap.kubeconfig-kubelet - ssh_authorized_key = var.ssh_authorized_key - service_cidr = var.service_cidr - cluster_domain_suffix = var.cluster_domain_suffix - node_labels = lookup(var.worker_node_labels, var.workers[count.index].name, []) - node_taints = lookup(var.worker_node_taints, var.workers[count.index].name, []) - snippets = lookup(var.snippets, var.workers[count.index].name, []) + kubeconfig = module.bootstrap.kubeconfig-kubelet + ssh_authorized_key = var.ssh_authorized_key + service_cidr = var.service_cidr + node_labels = lookup(var.worker_node_labels, var.workers[count.index].name, []) + node_taints = lookup(var.worker_node_taints, var.workers[count.index].name, []) + snippets = lookup(var.snippets, var.workers[count.index].name, []) # optional download_protocol = var.download_protocol diff --git a/digital-ocean/fedora-coreos/kubernetes/bootstrap.tf b/digital-ocean/fedora-coreos/kubernetes/bootstrap.tf index ee8b1d80..4a319b82 100644 --- a/digital-ocean/fedora-coreos/kubernetes/bootstrap.tf +++ b/digital-ocean/fedora-coreos/kubernetes/bootstrap.tf @@ -11,11 +11,10 @@ module "bootstrap" { network_encapsulation = "vxlan" network_mtu = "1450" - pod_cidr = var.pod_cidr - service_cidr = var.service_cidr - cluster_domain_suffix = var.cluster_domain_suffix - enable_reporting = var.enable_reporting - enable_aggregation = var.enable_aggregation - components = var.components + pod_cidr = var.pod_cidr + service_cidr = var.service_cidr + enable_reporting = var.enable_reporting + enable_aggregation = var.enable_aggregation + components = var.components } diff --git a/digital-ocean/fedora-coreos/kubernetes/butane/controller.yaml b/digital-ocean/fedora-coreos/kubernetes/butane/controller.yaml index 041099b6..d7a02eb7 100644 --- a/digital-ocean/fedora-coreos/kubernetes/butane/controller.yaml +++ b/digital-ocean/fedora-coreos/kubernetes/butane/controller.yaml @@ -151,7 +151,7 @@ storage: cgroupDriver: systemd clusterDNS: - ${cluster_dns_service_ip} - clusterDomain: ${cluster_domain_suffix} + clusterDomain: cluster.local healthzPort: 0 rotateCertificates: true shutdownGracePeriod: 45s diff --git a/digital-ocean/fedora-coreos/kubernetes/butane/worker.yaml b/digital-ocean/fedora-coreos/kubernetes/butane/worker.yaml index 2bf20e68..f025418b 100644 --- a/digital-ocean/fedora-coreos/kubernetes/butane/worker.yaml +++ b/digital-ocean/fedora-coreos/kubernetes/butane/worker.yaml @@ -104,7 +104,7 @@ storage: cgroupDriver: systemd clusterDNS: - ${cluster_dns_service_ip} - clusterDomain: ${cluster_domain_suffix} + clusterDomain: cluster.local healthzPort: 0 rotateCertificates: true shutdownGracePeriod: 45s diff --git a/digital-ocean/fedora-coreos/kubernetes/controllers.tf b/digital-ocean/fedora-coreos/kubernetes/controllers.tf index 32568036..871c7252 100644 --- a/digital-ocean/fedora-coreos/kubernetes/controllers.tf +++ b/digital-ocean/fedora-coreos/kubernetes/controllers.tf @@ -74,7 +74,6 @@ data "ct_config" "controllers" { for i in range(var.controller_count) : "etcd${i}=https://${var.cluster_name}-etcd${i}.${var.dns_zone}:2380" ]) cluster_dns_service_ip = cidrhost(var.service_cidr, 10) - cluster_domain_suffix = var.cluster_domain_suffix }) strict = true snippets = var.controller_snippets diff --git a/digital-ocean/fedora-coreos/kubernetes/variables.tf b/digital-ocean/fedora-coreos/kubernetes/variables.tf index 0f577899..9e77c4c1 100644 --- a/digital-ocean/fedora-coreos/kubernetes/variables.tf +++ b/digital-ocean/fedora-coreos/kubernetes/variables.tf @@ -98,13 +98,7 @@ variable "enable_aggregation" { default = true } -# unofficial, undocumented, unsupported - -variable "cluster_domain_suffix" { - type = string - description = "Queries for domains with the suffix will be answered by coredns. Default is cluster.local (e.g. foo.default.svc.cluster.local) " - default = "cluster.local" -} +# advanced variable "components" { description = "Configure pre-installed cluster components" diff --git a/digital-ocean/fedora-coreos/kubernetes/workers.tf b/digital-ocean/fedora-coreos/kubernetes/workers.tf index 2dd48572..1c4637b2 100644 --- a/digital-ocean/fedora-coreos/kubernetes/workers.tf +++ b/digital-ocean/fedora-coreos/kubernetes/workers.tf @@ -62,7 +62,6 @@ resource "digitalocean_tag" "workers" { data "ct_config" "worker" { content = templatefile("${path.module}/butane/worker.yaml", { cluster_dns_service_ip = cidrhost(var.service_cidr, 10) - cluster_domain_suffix = var.cluster_domain_suffix }) strict = true snippets = var.worker_snippets diff --git a/digital-ocean/flatcar-linux/kubernetes/bootstrap.tf b/digital-ocean/flatcar-linux/kubernetes/bootstrap.tf index ee8b1d80..4a319b82 100644 --- a/digital-ocean/flatcar-linux/kubernetes/bootstrap.tf +++ b/digital-ocean/flatcar-linux/kubernetes/bootstrap.tf @@ -11,11 +11,10 @@ module "bootstrap" { network_encapsulation = "vxlan" network_mtu = "1450" - pod_cidr = var.pod_cidr - service_cidr = var.service_cidr - cluster_domain_suffix = var.cluster_domain_suffix - enable_reporting = var.enable_reporting - enable_aggregation = var.enable_aggregation - components = var.components + pod_cidr = var.pod_cidr + service_cidr = var.service_cidr + enable_reporting = var.enable_reporting + enable_aggregation = var.enable_aggregation + components = var.components } diff --git a/digital-ocean/flatcar-linux/kubernetes/butane/controller.yaml b/digital-ocean/flatcar-linux/kubernetes/butane/controller.yaml index a1dd93f9..7cf9db86 100644 --- a/digital-ocean/flatcar-linux/kubernetes/butane/controller.yaml +++ b/digital-ocean/flatcar-linux/kubernetes/butane/controller.yaml @@ -153,7 +153,7 @@ storage: cgroupDriver: systemd clusterDNS: - ${cluster_dns_service_ip} - clusterDomain: ${cluster_domain_suffix} + clusterDomain: cluster.local healthzPort: 0 rotateCertificates: true shutdownGracePeriod: 45s diff --git a/digital-ocean/flatcar-linux/kubernetes/butane/worker.yaml b/digital-ocean/flatcar-linux/kubernetes/butane/worker.yaml index bee5f7a0..fb9ac59b 100644 --- a/digital-ocean/flatcar-linux/kubernetes/butane/worker.yaml +++ b/digital-ocean/flatcar-linux/kubernetes/butane/worker.yaml @@ -103,7 +103,7 @@ storage: cgroupDriver: systemd clusterDNS: - ${cluster_dns_service_ip} - clusterDomain: ${cluster_domain_suffix} + clusterDomain: cluster.local healthzPort: 0 rotateCertificates: true shutdownGracePeriod: 45s diff --git a/digital-ocean/flatcar-linux/kubernetes/controllers.tf b/digital-ocean/flatcar-linux/kubernetes/controllers.tf index 8432ff74..928c544a 100644 --- a/digital-ocean/flatcar-linux/kubernetes/controllers.tf +++ b/digital-ocean/flatcar-linux/kubernetes/controllers.tf @@ -79,7 +79,6 @@ data "ct_config" "controllers" { for i in range(var.controller_count) : "etcd${i}=https://${var.cluster_name}-etcd${i}.${var.dns_zone}:2380" ]) cluster_dns_service_ip = cidrhost(var.service_cidr, 10) - cluster_domain_suffix = var.cluster_domain_suffix }) strict = true snippets = var.controller_snippets diff --git a/digital-ocean/flatcar-linux/kubernetes/variables.tf b/digital-ocean/flatcar-linux/kubernetes/variables.tf index 7426f38a..3b84f1e4 100644 --- a/digital-ocean/flatcar-linux/kubernetes/variables.tf +++ b/digital-ocean/flatcar-linux/kubernetes/variables.tf @@ -98,13 +98,7 @@ variable "enable_aggregation" { default = true } -# unofficial, undocumented, unsupported - -variable "cluster_domain_suffix" { - type = string - description = "Queries for domains with the suffix will be answered by coredns. Default is cluster.local (e.g. foo.default.svc.cluster.local) " - default = "cluster.local" -} +# advanced variable "components" { description = "Configure pre-installed cluster components" diff --git a/digital-ocean/flatcar-linux/kubernetes/workers.tf b/digital-ocean/flatcar-linux/kubernetes/workers.tf index 863248a0..8484f505 100644 --- a/digital-ocean/flatcar-linux/kubernetes/workers.tf +++ b/digital-ocean/flatcar-linux/kubernetes/workers.tf @@ -60,7 +60,6 @@ resource "digitalocean_tag" "workers" { data "ct_config" "worker" { content = templatefile("${path.module}/butane/worker.yaml", { cluster_dns_service_ip = cidrhost(var.service_cidr, 10) - cluster_domain_suffix = var.cluster_domain_suffix }) strict = true snippets = var.worker_snippets diff --git a/docs/fedora-coreos/aws.md b/docs/fedora-coreos/aws.md index ac20b777..b38902c2 100644 --- a/docs/fedora-coreos/aws.md +++ b/docs/fedora-coreos/aws.md @@ -79,12 +79,12 @@ module "tempest" { dns_zone = "aws.example.com" dns_zone_id = "Z3PAABBCFAKEC0" - # configuration - ssh_authorized_key = "ssh-ed25519 AAAAB3Nz..." - - # optional + # instances worker_count = 2 worker_type = "t3.small" + + # configuration + ssh_authorized_key = "ssh-ed25519 AAAAB3Nz..." } ``` @@ -155,9 +155,9 @@ List the pods. ``` $ kubectl get pods --all-namespaces NAMESPACE NAME READY STATUS RESTARTS AGE -kube-system calico-node-1m5bf 2/2 Running 0 34m -kube-system calico-node-7jmr1 2/2 Running 0 34m -kube-system calico-node-bknc8 2/2 Running 0 34m +kube-system cilium-1m5bf 1/1 Running 0 34m +kube-system cilium-7jmr1 1/1 Running 0 34m +kube-system cilium-bknc8 1/1 Running 0 34m kube-system coredns-1187388186-wx1lg 1/1 Running 0 34m kube-system coredns-1187388186-qjnvp 1/1 Running 0 34m kube-system kube-apiserver-ip-10-0-3-155 1/1 Running 0 34m @@ -206,16 +206,21 @@ Reference the DNS zone id with `aws_route53_zone.zone-for-clusters.zone_id`. | Name | Description | Default | Example | |:-----|:------------|:--------|:--------| +| os_stream | Fedora CoreOS stream for instances | "stable" | "testing", "next" | | controller_count | Number of controllers (i.e. masters) | 1 | 1 | -| worker_count | Number of workers | 1 | 3 | | controller_type | EC2 instance type for controllers | "t3.small" | See below | +| controller_disk_size | Size of EBS volume in GB | 30 | 100 | +| controller_disk_type | Type of EBS volume | gp3 | io1 | +| controller_disk_iops | IOPS of EBS volume | 3000 | 4000 | +| controller_cpu_credits | Burstable CPU pricing model | null (i.e. auto) | standard, unlimited | +| worker_count | Number of workers | 1 | 3 | | worker_type | EC2 instance type for workers | "t3.small" | See below | -| os_stream | Fedora CoreOS stream for compute instances | "stable" | "testing", "next" | -| disk_size | Size of the EBS volume in GB | 30 | 100 | -| disk_type | Type of the EBS volume | "gp3" | standard, gp2, gp3, io1 | -| disk_iops | IOPS of the EBS volume | 0 (i.e. auto) | 400 | -| worker_target_groups | Target group ARNs to which worker instances should be added | [] | [aws_lb_target_group.app.id] | +| worker_disk_size | Size of EBS volume in GB | 30 | 100 | +| worker_disk_type | Type of EBS volume | gp3 | io1 | +| worker_disk_iops | IOPS of EBS volume | 3000 | 4000 | +| worker_cpu_credits | Burstable CPU pricing model | null (i.e. auto) | standard, unlimited | | worker_price | Spot price in USD for worker instances or 0 to use on-demand instances | 0 | 0.10 | +| worker_target_groups | Target group ARNs to which worker instances should be added | [] | [aws_lb_target_group.app.id] | | controller_snippets | Controller Butane snippets | [] | [examples](/advanced/customization/) | | worker_snippets | Worker Butane snippets | [] | [examples](/advanced/customization/) | | networking | Choice of networking provider | "cilium" | "calico" or "cilium" or "flannel" | @@ -228,7 +233,7 @@ Reference the DNS zone id with `aws_route53_zone.zone-for-clusters.zone_id`. Check the list of valid [instance types](https://aws.amazon.com/ec2/instance-types/). !!! warning - Do not choose a `controller_type` smaller than `t2.small`. Smaller instances are not sufficient for running a controller. + Do not choose a `controller_type` smaller than `t3.small`. Smaller instances are not sufficient for running a controller. !!! tip "MTU" If your EC2 instance type supports [Jumbo frames](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/network_mtu.html#jumbo_frame_instances) (most do), we recommend you change the `network_mtu` to 8981! You will get better pod-to-pod bandwidth. diff --git a/docs/fedora-coreos/azure.md b/docs/fedora-coreos/azure.md index 397157bc..8ddf0bd4 100644 --- a/docs/fedora-coreos/azure.md +++ b/docs/fedora-coreos/azure.md @@ -93,16 +93,16 @@ module "ramius" { location = "centralus" dns_zone = "azure.example.com" dns_zone_group = "example-group" - - # configuration - os_image = "/subscriptions/some/path/Microsoft.Compute/images/fedora-coreos-36.20220716.3.1" - ssh_authorized_key = "ssh-ed25519 AAAAB3Nz..." - - # optional - worker_count = 2 - network_cidr = { + network_cidr = { ipv4 = ["10.0.0.0/20"] } + + # instances + os_image = "/subscriptions/some/path/Microsoft.Compute/images/fedora-coreos-36.20220716.3.1" + worker_count = 2 + + # configuration + ssh_authorized_key = "ssh-ed25519 AAAAB3Nz..." } ``` @@ -175,9 +175,9 @@ $ kubectl get pods --all-namespaces NAMESPACE NAME READY STATUS RESTARTS AGE kube-system coredns-7c6fbb4f4b-b6qzx 1/1 Running 0 26m kube-system coredns-7c6fbb4f4b-j2k3d 1/1 Running 0 26m -kube-system calico-node-1m5bf 2/2 Running 0 26m -kube-system calico-node-7jmr1 2/2 Running 0 26m -kube-system calico-node-bknc8 2/2 Running 0 26m +kube-system cilium-1m5bf 1/1 Running 0 26m +kube-system cilium-7jmr1 1/1 Running 0 26m +kube-system cilium-bknc8 1/1 Running 0 26m kube-system kube-apiserver-ramius-controller-0 1/1 Running 0 26m kube-system kube-controller-manager-ramius-controller-0 1/1 Running 0 26m kube-system kube-proxy-j4vpq 1/1 Running 0 26m @@ -240,10 +240,14 @@ Reference the DNS zone with `azurerm_dns_zone.clusters.name` and its resource gr | Name | Description | Default | Example | |:-----|:------------|:--------|:--------| | controller_count | Number of controllers (i.e. masters) | 1 | 1 | -| worker_count | Number of workers | 1 | 3 | | controller_type | Machine type for controllers | "Standard_B2s" | See below | +| controller_disk_type | Managed disk for controllers | Premium_LRS | Standard_LRS | +| controller_disk_size | Managed disk size in GB | 30 | 50 | +| worker_count | Number of workers | 1 | 3 | | worker_type | Machine type for workers | "Standard_D2as_v5" | See below | -| disk_size | Size of the disk in GB | 30 | 100 | +| worker_disk_type | Managed disk for workers | Standard_LRS | Premium_LRS | +| worker_disk_size | Size of the disk in GB | 30 | 100 | +| worker_ephemeral_disk | Use ephemeral local disk instead of managed disk | false | true | | worker_priority | Set priority to Spot to use reduced cost surplus capacity, with the tradeoff that instances can be deallocated at any time | Regular | Spot | | controller_snippets | Controller Butane snippets | [] | [example](/advanced/customization/#usage) | | worker_snippets | Worker Butane snippets | [] | [example](/advanced/customization/#usage) | @@ -255,9 +259,6 @@ Reference the DNS zone with `azurerm_dns_zone.clusters.name` and its resource gr Check the list of valid [machine types](https://azure.microsoft.com/en-us/pricing/details/virtual-machines/linux/) and their [specs](https://docs.microsoft.com/en-us/azure/virtual-machines/linux/sizes-general). Use `az vm list-skus` to get the identifier. -!!! warning - Unlike AWS and GCP, Azure requires its *virtual* networks to have non-overlapping IPv4 CIDRs (yeah, go figure). Instead of each cluster just using `10.0.0.0/16` for instances, each Azure cluster's `host_cidr` must be non-overlapping (e.g. 10.0.0.0/20 for the 1st cluster, 10.0.16.0/20 for the 2nd cluster, etc). - !!! warning Do not choose a `controller_type` smaller than `Standard_B2s`. Smaller instances are not sufficient for running a controller. diff --git a/docs/fedora-coreos/bare-metal.md b/docs/fedora-coreos/bare-metal.md index 86baa3d2..0d70b94b 100644 --- a/docs/fedora-coreos/bare-metal.md +++ b/docs/fedora-coreos/bare-metal.md @@ -323,9 +323,10 @@ List the pods. ``` $ kubectl get pods --all-namespaces NAMESPACE NAME READY STATUS RESTARTS AGE -kube-system calico-node-6qp7f 2/2 Running 1 11m -kube-system calico-node-gnjrm 2/2 Running 0 11m -kube-system calico-node-llbgt 2/2 Running 0 11m +kube-system cilium-6qp7f 1/1 Running 1 11m +kube-system cilium-gnjrm 1/1 Running 0 11m +kube-system cilium-llbgt 1/1 Running 0 11m +kube-system cilium-operator-68d778b448-g744f 1/1 Running 0 11m kube-system coredns-1187388186-dj3pd 1/1 Running 0 11m kube-system coredns-1187388186-mx9rt 1/1 Running 0 11m kube-system kube-apiserver-node1.example.com 1/1 Running 0 11m diff --git a/docs/fedora-coreos/digitalocean.md b/docs/fedora-coreos/digitalocean.md index b16825ff..3605c925 100644 --- a/docs/fedora-coreos/digitalocean.md +++ b/docs/fedora-coreos/digitalocean.md @@ -88,12 +88,12 @@ module "nemo" { region = "nyc3" dns_zone = "digital-ocean.example.com" - # configuration - os_image = data.digitalocean_image.fedora-coreos-31-20200323-3-2.id - ssh_fingerprints = ["d7:9d:79:ae:56:32:73:79:95:88:e3:a2:ab:5d:45:e7"] - - # optional + # instances + os_image = data.digitalocean_image.fedora-coreos-31-20200323-3-2.id worker_count = 2 + + # configuration + ssh_fingerprints = ["d7:9d:79:ae:56:32:73:79:95:88:e3:a2:ab:5d:45:e7"] } ``` @@ -166,9 +166,9 @@ List the pods. NAMESPACE NAME READY STATUS RESTARTS AGE kube-system coredns-1187388186-ld1j7 1/1 Running 0 11m kube-system coredns-1187388186-rdhf7 1/1 Running 0 11m -kube-system calico-node-1m5bf 2/2 Running 0 11m -kube-system calico-node-7jmr1 2/2 Running 0 11m -kube-system calico-node-bknc8 2/2 Running 0 11m +kube-system cilium-1m5bf 1/1 Running 0 11m +kube-system cilium-7jmr1 1/1 Running 0 11m +kube-system cilium-bknc8 1/1 Running 0 11m kube-system kube-apiserver-ip-10.132.115.81 1/1 Running 0 11m kube-system kube-controller-manager-ip-10.132.115.81 1/1 Running 0 11m kube-system kube-proxy-6kxjf 1/1 Running 0 11m diff --git a/docs/fedora-coreos/google-cloud.md b/docs/fedora-coreos/google-cloud.md index 306bd1f6..17b0dd81 100644 --- a/docs/fedora-coreos/google-cloud.md +++ b/docs/fedora-coreos/google-cloud.md @@ -81,11 +81,11 @@ module "yavin" { dns_zone = "example.com" dns_zone_name = "example-zone" + # instances + worker_count = 2 + # configuration ssh_authorized_key = "ssh-ed25519 AAAAB3Nz..." - - # optional - worker_count = 2 } ``` @@ -157,9 +157,9 @@ List the pods. ``` $ kubectl get pods --all-namespaces NAMESPACE NAME READY STATUS RESTARTS AGE -kube-system calico-node-1cs8z 2/2 Running 0 6m -kube-system calico-node-d1l5b 2/2 Running 0 6m -kube-system calico-node-sp9ps 2/2 Running 0 6m +kube-system cilium-1cs8z 1/1 Running 0 6m +kube-system cilium-d1l5b 1/1 Running 0 6m +kube-system cilium-sp9ps 1/1 Running 0 6m kube-system coredns-1187388186-dkh3o 1/1 Running 0 6m kube-system coredns-1187388186-zj5dl 1/1 Running 0 6m kube-system kube-apiserver-controller-0 1/1 Running 0 6m @@ -211,12 +211,13 @@ resource "google_dns_managed_zone" "zone-for-clusters" { | Name | Description | Default | Example | |:-----|:------------|:--------|:--------| -| controller_count | Number of controllers (i.e. masters) | 1 | 3 | -| worker_count | Number of workers | 1 | 3 | -| controller_type | Machine type for controllers | "n1-standard-1" | See below | -| worker_type | Machine type for workers | "n1-standard-1" | See below | | os_stream | Fedora CoreOS stream for compute instances | "stable" | "stable", "testing", "next" | -| disk_size | Size of the disk in GB | 30 | 100 | +| controller_count | Number of controllers (i.e. masters) | 1 | 3 | +| controller_type | Machine type for controllers | "n1-standard-1" | See below | +| controller_disk_type | Controller disk size in GB | 30 | 20 | +| worker_count | Number of workers | 1 | 3 | +| worker_type | Machine type for workers | "n1-standard-1" | See below | +| worker_disk_size | Worker disk size in GB | 30 | 100 | | worker_preemptible | If enabled, Compute Engine will terminate workers randomly within 24 hours | false | true | | controller_snippets | Controller Butane snippets | [] | [examples](/advanced/customization/) | | worker_snippets | Worker Butane snippets | [] | [examples](/advanced/customization/) | diff --git a/docs/flatcar-linux/aws.md b/docs/flatcar-linux/aws.md index 57ed0a7d..f62594da 100644 --- a/docs/flatcar-linux/aws.md +++ b/docs/flatcar-linux/aws.md @@ -79,12 +79,12 @@ module "tempest" { dns_zone = "aws.example.com" dns_zone_id = "Z3PAABBCFAKEC0" - # configuration - ssh_authorized_key = "ssh-rsa AAAAB3Nz..." - - # optional + # instances worker_count = 2 worker_type = "t3.small" + + # configuration + ssh_authorized_key = "ssh-rsa AAAAB3Nz..." } ``` @@ -155,9 +155,9 @@ List the pods. ``` $ kubectl get pods --all-namespaces NAMESPACE NAME READY STATUS RESTARTS AGE -kube-system calico-node-1m5bf 2/2 Running 0 34m -kube-system calico-node-7jmr1 2/2 Running 0 34m -kube-system calico-node-bknc8 2/2 Running 0 34m +kube-system cilium-1m5bf 1/1 Running 0 34m +kube-system cilium-7jmr1 1/1 Running 0 34m +kube-system cilium-bknc8 1/1 Running 0 34m kube-system coredns-1187388186-wx1lg 1/1 Running 0 34m kube-system coredns-1187388186-qjnvp 1/1 Running 0 34m kube-system kube-apiserver-ip-10-0-3-155 1/1 Running 0 34m @@ -206,16 +206,19 @@ Reference the DNS zone id with `aws_route53_zone.zone-for-clusters.zone_id`. | Name | Description | Default | Example | |:-----|:------------|:--------|:--------| -| controller_count | Number of controllers (i.e. masters) | 1 | 1 | -| worker_count | Number of workers | 1 | 3 | -| controller_type | EC2 instance type for controllers | "t3.small" | See below | -| worker_type | EC2 instance type for workers | "t3.small" | See below | | os_image | AMI channel for a Container Linux derivative | "flatcar-stable" | flatcar-stable, flatcar-beta, flatcar-alpha | -| disk_size | Size of the EBS volume in GB | 30 | 100 | -| disk_type | Type of the EBS volume | "gp3" | standard, gp2, gp3, io1 | -| disk_iops | IOPS of the EBS volume | 0 (i.e. auto) | 400 | -| worker_target_groups | Target group ARNs to which worker instances should be added | [] | [aws_lb_target_group.app.id] | +| controller_count | Number of controllers (i.e. masters) | 1 | 1 | +| controller_type | EC2 instance type for controllers | "t3.small" | See below | +| controller_disk_size | Size of EBS volume in GB | 30 | 100 | +| controller_disk_type | Type of EBS volume | gp3 | io1 | +| controller_disk_iops | IOPS of EBS volume | 3000 | 4000 | +| controller_cpu_credits | Burstable CPU pricing model | null (i.e. auto) | standard, unlimited | +| worker_disk_size | Size of EBS volume in GB | 30 | 100 | +| worker_disk_type | Type of EBS volume | gp3 | io1 | +| worker_disk_iops | IOPS of EBS volume | 3000 | 4000 | +| worker_cpu_credits | Burstable CPU pricing model | null (i.e. auto) | standard, unlimited | | worker_price | Spot price in USD for worker instances or 0 to use on-demand instances | 0/null | 0.10 | +| worker_target_groups | Target group ARNs to which worker instances should be added | [] | [aws_lb_target_group.app.id] | | controller_snippets | Controller Container Linux Config snippets | [] | [example](/advanced/customization/) | | worker_snippets | Worker Container Linux Config snippets | [] | [example](/advanced/customization/) | | networking | Choice of networking provider | "cilium" | "calico" or "cilium" or "flannel" | @@ -228,7 +231,7 @@ Reference the DNS zone id with `aws_route53_zone.zone-for-clusters.zone_id`. Check the list of valid [instance types](https://aws.amazon.com/ec2/instance-types/). !!! warning - Do not choose a `controller_type` smaller than `t2.small`. Smaller instances are not sufficient for running a controller. + Do not choose a `controller_type` smaller than `t3.small`. Smaller instances are not sufficient for running a controller. !!! tip "MTU" If your EC2 instance type supports [Jumbo frames](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/network_mtu.html#jumbo_frame_instances) (most do), we recommend you change the `network_mtu` to 8981! You will get better pod-to-pod bandwidth. diff --git a/docs/flatcar-linux/azure.md b/docs/flatcar-linux/azure.md index 8298f6ce..85f519ff 100644 --- a/docs/flatcar-linux/azure.md +++ b/docs/flatcar-linux/azure.md @@ -82,15 +82,15 @@ module "ramius" { location = "centralus" dns_zone = "azure.example.com" dns_zone_group = "example-group" + network_cidr = { + ipv4 = ["10.0.0.0/20"] + } + + # instances + worker_count = 2 # configuration ssh_authorized_key = "ssh-rsa AAAAB3Nz..." - - # optional - worker_count = 2 - network_cidr = { - ipv4 = ["10.0.0.0/20"] - } } ``` @@ -163,9 +163,9 @@ $ kubectl get pods --all-namespaces NAMESPACE NAME READY STATUS RESTARTS AGE kube-system coredns-7c6fbb4f4b-b6qzx 1/1 Running 0 26m kube-system coredns-7c6fbb4f4b-j2k3d 1/1 Running 0 26m -kube-system calico-node-1m5bf 2/2 Running 0 26m -kube-system calico-node-7jmr1 2/2 Running 0 26m -kube-system calico-node-bknc8 2/2 Running 0 26m +kube-system cilium-1m5bf 1/1 Running 0 26m +kube-system cilium-7jmr1 1/1 Running 0 26m +kube-system cilium-bknc8 1/1 Running 0 26m kube-system kube-apiserver-ramius-controller-0 1/1 Running 0 26m kube-system kube-controller-manager-ramius-controller-0 1/1 Running 0 26m kube-system kube-proxy-j4vpq 1/1 Running 0 26m @@ -226,12 +226,16 @@ Reference the DNS zone with `azurerm_dns_zone.clusters.name` and its resource gr | Name | Description | Default | Example | |:-----|:------------|:--------|:--------| -| controller_count | Number of controllers (i.e. masters) | 1 | 1 | -| worker_count | Number of workers | 1 | 3 | -| controller_type | Machine type for controllers | "Standard_B2s" | See below | -| worker_type | Machine type for workers | "Standard_D2as_v5" | See below | | os_image | Channel for a Container Linux derivative | "flatcar-stable" | flatcar-stable, flatcar-beta, flatcar-alpha | -| disk_size | Size of the disk in GB | 30 | 100 | +| controller_count | Number of controllers (i.e. masters) | 1 | 1 | +| controller_type | Machine type for controllers | "Standard_B2s" | See below | +| controller_disk_type | Managed disk for controllers | Premium_LRS | Standard_LRS | +| controller_disk_size | Managed disk size in GB | 30 | 50 | +| worker_count | Number of workers | 1 | 3 | +| worker_type | Machine type for workers | "Standard_D2as_v5" | See below | +| worker_disk_type | Managed disk for workers | Standard_LRS | Premium_LRS | +| worker_disk_size | Size of the disk in GB | 30 | 100 | +| worker_ephemeral_disk | Use ephemeral local disk instead of managed disk | false | true | | worker_priority | Set priority to Spot to use reduced cost surplus capacity, with the tradeoff that instances can be deallocated at any time | Regular | Spot | | controller_snippets | Controller Container Linux Config snippets | [] | [example](/advanced/customization/#usage) | | worker_snippets | Worker Container Linux Config snippets | [] | [example](/advanced/customization/#usage) | @@ -243,9 +247,6 @@ Reference the DNS zone with `azurerm_dns_zone.clusters.name` and its resource gr Check the list of valid [machine types](https://azure.microsoft.com/en-us/pricing/details/virtual-machines/linux/) and their [specs](https://docs.microsoft.com/en-us/azure/virtual-machines/linux/sizes-general). Use `az vm list-skus` to get the identifier. -!!! warning - Unlike AWS and GCP, Azure requires its *virtual* networks to have non-overlapping IPv4 CIDRs (yeah, go figure). Instead of each cluster just using `10.0.0.0/16` for instances, each Azure cluster's `host_cidr` must be non-overlapping (e.g. 10.0.0.0/20 for the 1st cluster, 10.0.16.0/20 for the 2nd cluster, etc). - !!! warning Do not choose a `controller_type` smaller than `Standard_B2s`. Smaller instances are not sufficient for running a controller. diff --git a/docs/flatcar-linux/bare-metal.md b/docs/flatcar-linux/bare-metal.md index b21ee90e..470d655c 100644 --- a/docs/flatcar-linux/bare-metal.md +++ b/docs/flatcar-linux/bare-metal.md @@ -333,9 +333,10 @@ List the pods. ``` $ kubectl get pods --all-namespaces NAMESPACE NAME READY STATUS RESTARTS AGE -kube-system calico-node-6qp7f 2/2 Running 1 11m -kube-system calico-node-gnjrm 2/2 Running 0 11m -kube-system calico-node-llbgt 2/2 Running 0 11m +kube-system cilium-6qp7f 1/1 Running 1 11m +kube-system cilium-gnjrm 1/1 Running 0 11m +kube-system cilium-llbgt 1/1 Running 0 11m +kube-system cilium-operator-68d778b448-g744f 1/1 Running 0 11m kube-system coredns-1187388186-dj3pd 1/1 Running 0 11m kube-system coredns-1187388186-mx9rt 1/1 Running 0 11m kube-system kube-apiserver-node1.example.com 1/1 Running 0 11m diff --git a/docs/flatcar-linux/digitalocean.md b/docs/flatcar-linux/digitalocean.md index 510bb7da..7d969e5a 100644 --- a/docs/flatcar-linux/digitalocean.md +++ b/docs/flatcar-linux/digitalocean.md @@ -88,12 +88,12 @@ module "nemo" { region = "nyc3" dns_zone = "digital-ocean.example.com" - # configuration - os_image = data.digitalocean_image.flatcar-stable-2303-4-0.id - ssh_fingerprints = ["d7:9d:79:ae:56:32:73:79:95:88:e3:a2:ab:5d:45:e7"] - - # optional + # instances + os_image = data.digitalocean_image.flatcar-stable-2303-4-0.id worker_count = 2 + + # configuration + ssh_fingerprints = ["d7:9d:79:ae:56:32:73:79:95:88:e3:a2:ab:5d:45:e7"] } ``` @@ -166,9 +166,9 @@ List the pods. NAMESPACE NAME READY STATUS RESTARTS AGE kube-system coredns-1187388186-ld1j7 1/1 Running 0 11m kube-system coredns-1187388186-rdhf7 1/1 Running 0 11m -kube-system calico-node-1m5bf 2/2 Running 0 11m -kube-system calico-node-7jmr1 2/2 Running 0 11m -kube-system calico-node-bknc8 2/2 Running 0 11m +kube-system cilium-1m5bf 1/1 Running 0 11m +kube-system cilium-7jmr1 1/1 Running 0 11m +kube-system cilium-bknc8 1/1 Running 0 11m kube-system kube-apiserver-ip-10.132.115.81 1/1 Running 0 11m kube-system kube-controller-manager-ip-10.132.115.81 1/1 Running 0 11m kube-system kube-proxy-6kxjf 1/1 Running 0 11m diff --git a/docs/flatcar-linux/google-cloud.md b/docs/flatcar-linux/google-cloud.md index 8ed758dc..3e7379b7 100644 --- a/docs/flatcar-linux/google-cloud.md +++ b/docs/flatcar-linux/google-cloud.md @@ -81,11 +81,11 @@ module "yavin" { dns_zone = "example.com" dns_zone_name = "example-zone" + # instances + worker_count = 2 + # configuration ssh_authorized_key = "ssh-rsa AAAAB3Nz..." - - # optional - worker_count = 2 } ``` @@ -157,9 +157,9 @@ List the pods. ``` $ kubectl get pods --all-namespaces NAMESPACE NAME READY STATUS RESTARTS AGE -kube-system calico-node-1cs8z 2/2 Running 0 6m -kube-system calico-node-d1l5b 2/2 Running 0 6m -kube-system calico-node-sp9ps 2/2 Running 0 6m +kube-system cilium-1cs8z 1/1 Running 0 6m +kube-system cilium-d1l5b 1/1 Running 0 6m +kube-system cilium-sp9ps 1/1 Running 0 6m kube-system coredns-1187388186-dkh3o 1/1 Running 0 6m kube-system coredns-1187388186-zj5dl 1/1 Running 0 6m kube-system kube-apiserver-controller-0 1/1 Running 0 6m @@ -211,12 +211,13 @@ resource "google_dns_managed_zone" "zone-for-clusters" { | Name | Description | Default | Example | |:-----|:------------|:--------|:--------| -| controller_count | Number of controllers (i.e. masters) | 1 | 3 | -| worker_count | Number of workers | 1 | 3 | -| controller_type | Machine type for controllers | "n1-standard-1" | See below | -| worker_type | Machine type for workers | "n1-standard-1" | See below | | os_image | Flatcar Linux image for compute instances | "flatcar-stable" | flatcar-stable, flatcar-beta, flatcar-alpha | -| disk_size | Size of the disk in GB | 30 | 100 | +| controller_count | Number of controllers (i.e. masters) | 1 | 3 | +| controller_type | Machine type for controllers | "n1-standard-1" | See below | +| controller_disk_type | Controller disk size in GB | 30 | 20 | +| worker_count | Number of workers | 1 | 3 | +| worker_type | Machine type for workers | "n1-standard-1" | See below | +| worker_disk_size | Worker disk size in GB | 30 | 100 | | worker_preemptible | If enabled, Compute Engine will terminate workers randomly within 24 hours | false | true | | controller_snippets | Controller Container Linux Config snippets | [] | [example](/advanced/customization/) | | worker_snippets | Worker Container Linux Config snippets | [] | [example](/advanced/customization/) | diff --git a/google-cloud/fedora-coreos/kubernetes/bootstrap.tf b/google-cloud/fedora-coreos/kubernetes/bootstrap.tf index b135c65f..ba20a057 100644 --- a/google-cloud/fedora-coreos/kubernetes/bootstrap.tf +++ b/google-cloud/fedora-coreos/kubernetes/bootstrap.tf @@ -9,7 +9,6 @@ module "bootstrap" { network_mtu = 1440 pod_cidr = var.pod_cidr service_cidr = var.service_cidr - cluster_domain_suffix = var.cluster_domain_suffix enable_reporting = var.enable_reporting enable_aggregation = var.enable_aggregation daemonset_tolerations = var.daemonset_tolerations diff --git a/google-cloud/fedora-coreos/kubernetes/butane/controller.yaml b/google-cloud/fedora-coreos/kubernetes/butane/controller.yaml index 36990dd8..db632f53 100644 --- a/google-cloud/fedora-coreos/kubernetes/butane/controller.yaml +++ b/google-cloud/fedora-coreos/kubernetes/butane/controller.yaml @@ -143,7 +143,7 @@ storage: cgroupDriver: systemd clusterDNS: - ${cluster_dns_service_ip} - clusterDomain: ${cluster_domain_suffix} + clusterDomain: cluster.local healthzPort: 0 rotateCertificates: true shutdownGracePeriod: 45s diff --git a/google-cloud/fedora-coreos/kubernetes/controllers.tf b/google-cloud/fedora-coreos/kubernetes/controllers.tf index cfba3c34..92261935 100644 --- a/google-cloud/fedora-coreos/kubernetes/controllers.tf +++ b/google-cloud/fedora-coreos/kubernetes/controllers.tf @@ -81,7 +81,6 @@ data "ct_config" "controllers" { kubeconfig = indent(10, module.bootstrap.kubeconfig-kubelet) ssh_authorized_key = var.ssh_authorized_key cluster_dns_service_ip = cidrhost(var.service_cidr, 10) - cluster_domain_suffix = var.cluster_domain_suffix }) strict = true snippets = var.controller_snippets diff --git a/google-cloud/fedora-coreos/kubernetes/variables.tf b/google-cloud/fedora-coreos/kubernetes/variables.tf index 77f2a213..b433f8ce 100644 --- a/google-cloud/fedora-coreos/kubernetes/variables.tf +++ b/google-cloud/fedora-coreos/kubernetes/variables.tf @@ -134,13 +134,7 @@ variable "worker_node_labels" { default = [] } -# unofficial, undocumented, unsupported - -variable "cluster_domain_suffix" { - type = string - description = "Queries for domains with the suffix will be answered by coredns. Default is cluster.local (e.g. foo.default.svc.cluster.local) " - default = "cluster.local" -} +# advanced variable "daemonset_tolerations" { type = list(string) diff --git a/google-cloud/fedora-coreos/kubernetes/workers.tf b/google-cloud/fedora-coreos/kubernetes/workers.tf index 244901d0..a20a1e7f 100644 --- a/google-cloud/fedora-coreos/kubernetes/workers.tf +++ b/google-cloud/fedora-coreos/kubernetes/workers.tf @@ -13,11 +13,10 @@ module "workers" { preemptible = var.worker_preemptible # configuration - kubeconfig = module.bootstrap.kubeconfig-kubelet - ssh_authorized_key = var.ssh_authorized_key - service_cidr = var.service_cidr - cluster_domain_suffix = var.cluster_domain_suffix - snippets = var.worker_snippets - node_labels = var.worker_node_labels + kubeconfig = module.bootstrap.kubeconfig-kubelet + ssh_authorized_key = var.ssh_authorized_key + service_cidr = var.service_cidr + snippets = var.worker_snippets + node_labels = var.worker_node_labels } diff --git a/google-cloud/fedora-coreos/kubernetes/workers/butane/worker.yaml b/google-cloud/fedora-coreos/kubernetes/workers/butane/worker.yaml index 53ce9bcc..82c2bb58 100644 --- a/google-cloud/fedora-coreos/kubernetes/workers/butane/worker.yaml +++ b/google-cloud/fedora-coreos/kubernetes/workers/butane/worker.yaml @@ -98,7 +98,7 @@ storage: cgroupDriver: systemd clusterDNS: - ${cluster_dns_service_ip} - clusterDomain: ${cluster_domain_suffix} + clusterDomain: cluster.local healthzPort: 0 rotateCertificates: true shutdownGracePeriod: 45s diff --git a/google-cloud/fedora-coreos/kubernetes/workers/variables.tf b/google-cloud/fedora-coreos/kubernetes/workers/variables.tf index 8fed0043..704c6bbc 100644 --- a/google-cloud/fedora-coreos/kubernetes/workers/variables.tf +++ b/google-cloud/fedora-coreos/kubernetes/workers/variables.tf @@ -96,13 +96,7 @@ variable "node_taints" { default = [] } -# unofficial, undocumented, unsupported, temporary - -variable "cluster_domain_suffix" { - type = string - description = "Queries for domains with the suffix will be answered by coredns. Default is cluster.local (e.g. foo.default.svc.cluster.local) " - default = "cluster.local" -} +# advanced variable "accelerator_type" { type = string diff --git a/google-cloud/fedora-coreos/kubernetes/workers/workers.tf b/google-cloud/fedora-coreos/kubernetes/workers/workers.tf index b9daf2ec..e9bbe6b1 100644 --- a/google-cloud/fedora-coreos/kubernetes/workers/workers.tf +++ b/google-cloud/fedora-coreos/kubernetes/workers/workers.tf @@ -111,7 +111,6 @@ data "ct_config" "worker" { kubeconfig = indent(10, var.kubeconfig) ssh_authorized_key = var.ssh_authorized_key cluster_dns_service_ip = cidrhost(var.service_cidr, 10) - cluster_domain_suffix = var.cluster_domain_suffix node_labels = join(",", var.node_labels) node_taints = join(",", var.node_taints) }) diff --git a/google-cloud/flatcar-linux/kubernetes/bootstrap.tf b/google-cloud/flatcar-linux/kubernetes/bootstrap.tf index b135c65f..ba20a057 100644 --- a/google-cloud/flatcar-linux/kubernetes/bootstrap.tf +++ b/google-cloud/flatcar-linux/kubernetes/bootstrap.tf @@ -9,7 +9,6 @@ module "bootstrap" { network_mtu = 1440 pod_cidr = var.pod_cidr service_cidr = var.service_cidr - cluster_domain_suffix = var.cluster_domain_suffix enable_reporting = var.enable_reporting enable_aggregation = var.enable_aggregation daemonset_tolerations = var.daemonset_tolerations diff --git a/google-cloud/flatcar-linux/kubernetes/butane/controller.yaml b/google-cloud/flatcar-linux/kubernetes/butane/controller.yaml index be6479f2..3cc96f16 100644 --- a/google-cloud/flatcar-linux/kubernetes/butane/controller.yaml +++ b/google-cloud/flatcar-linux/kubernetes/butane/controller.yaml @@ -143,7 +143,7 @@ storage: cgroupDriver: systemd clusterDNS: - ${cluster_dns_service_ip} - clusterDomain: ${cluster_domain_suffix} + clusterDomain: cluster.local healthzPort: 0 rotateCertificates: true shutdownGracePeriod: 45s diff --git a/google-cloud/flatcar-linux/kubernetes/controllers.tf b/google-cloud/flatcar-linux/kubernetes/controllers.tf index 40d3d3c1..b05dc375 100644 --- a/google-cloud/flatcar-linux/kubernetes/controllers.tf +++ b/google-cloud/flatcar-linux/kubernetes/controllers.tf @@ -81,7 +81,6 @@ data "ct_config" "controllers" { kubeconfig = indent(10, module.bootstrap.kubeconfig-kubelet) ssh_authorized_key = var.ssh_authorized_key cluster_dns_service_ip = cidrhost(var.service_cidr, 10) - cluster_domain_suffix = var.cluster_domain_suffix }) strict = true snippets = var.controller_snippets diff --git a/google-cloud/flatcar-linux/kubernetes/variables.tf b/google-cloud/flatcar-linux/kubernetes/variables.tf index 2fdd9c64..79990a80 100644 --- a/google-cloud/flatcar-linux/kubernetes/variables.tf +++ b/google-cloud/flatcar-linux/kubernetes/variables.tf @@ -115,7 +115,6 @@ EOD default = "10.3.0.0/16" } - variable "enable_reporting" { type = bool description = "Enable usage or analytics reporting to upstreams (Calico)" @@ -134,13 +133,7 @@ variable "worker_node_labels" { default = [] } -# unofficial, undocumented, unsupported - -variable "cluster_domain_suffix" { - type = string - description = "Queries for domains with the suffix will be answered by coredns. Default is cluster.local (e.g. foo.default.svc.cluster.local) " - default = "cluster.local" -} +# advanced variable "daemonset_tolerations" { type = list(string) diff --git a/google-cloud/flatcar-linux/kubernetes/workers.tf b/google-cloud/flatcar-linux/kubernetes/workers.tf index 30273817..b3a6ce12 100644 --- a/google-cloud/flatcar-linux/kubernetes/workers.tf +++ b/google-cloud/flatcar-linux/kubernetes/workers.tf @@ -13,11 +13,10 @@ module "workers" { preemptible = var.worker_preemptible # configuration - kubeconfig = module.bootstrap.kubeconfig-kubelet - ssh_authorized_key = var.ssh_authorized_key - service_cidr = var.service_cidr - cluster_domain_suffix = var.cluster_domain_suffix - snippets = var.worker_snippets - node_labels = var.worker_node_labels + kubeconfig = module.bootstrap.kubeconfig-kubelet + ssh_authorized_key = var.ssh_authorized_key + service_cidr = var.service_cidr + snippets = var.worker_snippets + node_labels = var.worker_node_labels } diff --git a/google-cloud/flatcar-linux/kubernetes/workers/butane/worker.yaml b/google-cloud/flatcar-linux/kubernetes/workers/butane/worker.yaml index f1a60972..9eefbcf3 100644 --- a/google-cloud/flatcar-linux/kubernetes/workers/butane/worker.yaml +++ b/google-cloud/flatcar-linux/kubernetes/workers/butane/worker.yaml @@ -98,7 +98,7 @@ storage: cgroupDriver: systemd clusterDNS: - ${cluster_dns_service_ip} - clusterDomain: ${cluster_domain_suffix} + clusterDomain: cluster.local healthzPort: 0 rotateCertificates: true shutdownGracePeriod: 45s diff --git a/google-cloud/flatcar-linux/kubernetes/workers/variables.tf b/google-cloud/flatcar-linux/kubernetes/workers/variables.tf index 1d4f9487..165bf25f 100644 --- a/google-cloud/flatcar-linux/kubernetes/workers/variables.tf +++ b/google-cloud/flatcar-linux/kubernetes/workers/variables.tf @@ -96,13 +96,7 @@ variable "node_taints" { default = [] } -# unofficial, undocumented, unsupported, temporary - -variable "cluster_domain_suffix" { - type = string - description = "Queries for domains with the suffix will be answered by coredns. Default is cluster.local (e.g. foo.default.svc.cluster.local) " - default = "cluster.local" -} +# advanced variable "accelerator_type" { type = string diff --git a/google-cloud/flatcar-linux/kubernetes/workers/workers.tf b/google-cloud/flatcar-linux/kubernetes/workers/workers.tf index b3a87b0c..ada00224 100644 --- a/google-cloud/flatcar-linux/kubernetes/workers/workers.tf +++ b/google-cloud/flatcar-linux/kubernetes/workers/workers.tf @@ -111,7 +111,6 @@ data "ct_config" "worker" { kubeconfig = indent(10, var.kubeconfig) ssh_authorized_key = var.ssh_authorized_key cluster_dns_service_ip = cidrhost(var.service_cidr, 10) - cluster_domain_suffix = var.cluster_domain_suffix node_labels = join(",", var.node_labels) node_taints = join(",", var.node_taints) }) From 67e5ecf6f2a784d733f77c65d44eeb15221790e0 Mon Sep 17 00:00:00 2001 From: "dghubble-renovate[bot]" <119624128+dghubble-renovate[bot]@users.noreply.github.com> Date: Fri, 2 Aug 2024 21:40:46 +0000 Subject: [PATCH 086/132] Bump mkdocs-material from 9.5.30 to v9.5.31 --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 723137e9..1f75ecb7 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,4 +1,4 @@ mkdocs==1.6.0 -mkdocs-material==9.5.30 +mkdocs-material==9.5.31 pygments==2.18.0 pymdown-extensions==10.9 From 83f1bd237383f09852138b1ddbfdb02719b616f4 Mon Sep 17 00:00:00 2001 From: Dalton Hubble Date: Fri, 2 Aug 2024 20:34:23 -0700 Subject: [PATCH 087/132] Update ARM64 cluster and hybrid cluster docs * Typhoon now supports arbitrary combinations of controller, worker, and worker pool architectures so we can drop the specific details of full-cluster vs hybrid cluster. Just pick the architecture for each group of nodes accordingly. * However, if a custom node taint is set, continue to configure the cluster's daemonsets accordingly with `daemonset_tolerations` --- CHANGES.md | 4 +- docs/advanced/arm64.md | 276 +++++++++++++++++++++-------------------- 2 files changed, 141 insertions(+), 139 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index 36712fea..aa3e607c 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -14,12 +14,12 @@ Notable changes between versions. ### AWS -* Allow configuring controller and worker disks ([#1482](https://github.com/poseidon/typhoon/pull/1482)) +* Configure controller and worker disks ([#1482](https://github.com/poseidon/typhoon/pull/1482)) * Add `controller_disk_type`, `controller_disk_size`, and `controller_disk_iops` variables * Add `worker_disk_type`, `worker_disk_size`, and `worker_disk_iops` variables * Remove `disk_type`, `disk_size`, and `disk_iops` variables * Fix propagating settings to worker disks, previously ignored -* Allow configuring CPU pricing model for burstable instance types ([#1482](https://github.com/poseidon/typhoon/pull/1482)) +* Configure CPU pricing model for burstable instance types ([#1482](https://github.com/poseidon/typhoon/pull/1482)) * Add `controller_cpu_credits` and `worker_cpu_credits` variables (`standard` or `unlimited`) * Configure controller or worker instance architecture ([#1485](https://github.com/poseidon/typhoon/pull/1485)) * Add `controller_arch` and `worker_arch` variables (`amd64` or `arm64`) diff --git a/docs/advanced/arm64.md b/docs/advanced/arm64.md index fa6a72f4..5f3b123a 100644 --- a/docs/advanced/arm64.md +++ b/docs/advanced/arm64.md @@ -1,13 +1,11 @@ # ARM64 -Typhoon supports ARM64 Kubernetes clusters with ARM64 controller and worker nodes (full-cluster) or adding worker pools of ARM64 nodes to clusters with an x86/amd64 control plane for a hybdrid (mixed-arch) cluster. - -Typhoon ARM64 clusters (full-cluster or mixed-arch) are available on: +Typhoon supports Kubernetes clusters with ARM64 controller or worker nodes on several platforms: * AWS with Fedora CoreOS or Flatcar Linux * Azure with Flatcar Linux -## Cluster +## AWS Create a cluster on AWS with ARM64 controller and worker nodes. Container workloads must be `arm64` compatible and use `arm64` (or multi-arch) container images. @@ -22,17 +20,16 @@ Create a cluster on AWS with ARM64 controller and worker nodes. Container worklo dns_zone = "aws.example.com" dns_zone_id = "Z3PAABBCFAKEC0" + # instances + controller_type = "t4g.small" + controller_arch = "arm64" + worker_count = 2 + worker_type = "t4g.small" + worker_arch = "arm64" + worker_price = "0.0168" + # configuration ssh_authorized_key = "ssh-ed25519 AAAAB3Nz..." - - # optional - arch = "arm64" - networking = "cilium" - worker_count = 2 - worker_price = "0.0168" - - controller_type = "t4g.small" - worker_type = "t4g.small" } ``` @@ -47,17 +44,16 @@ Create a cluster on AWS with ARM64 controller and worker nodes. Container worklo dns_zone = "aws.example.com" dns_zone_id = "Z3PAABBCFAKEC0" + # instances + controller_type = "t4g.small" + controller_arch = "arm64" + worker_count = 2 + worker_type = "t4g.small" + worker_arch = "arm64" + worker_price = "0.0168" + # configuration ssh_authorized_key = "ssh-ed25519 AAAAB3Nz..." - - # optional - arch = "arm64" - networking = "cilium" - worker_count = 2 - worker_price = "0.0168" - - controller_type = "t4g.small" - worker_type = "t4g.small" } ``` @@ -71,115 +67,6 @@ ip-10-0-32-166 Ready 80s v1.30.3 10.0.32.166 F ip-10-0-5-79 Ready 77s v1.30.3 10.0.5.79 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.aarch64 containerd://1.5.8 ``` -## Hybrid - -Create a hybrid/mixed arch cluster by defining an AWS cluster. Then define a [worker pool](worker-pools.md#aws) with ARM64 workers. Optional taints are added to aid in scheduling. - -=== "FCOS Cluster" - - ```tf - module "gravitas" { - source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes?ref=v1.30.3" - - # AWS - cluster_name = "gravitas" - dns_zone = "aws.example.com" - dns_zone_id = "Z3PAABBCFAKEC0" - - # configuration - ssh_authorized_key = "ssh-ed25519 AAAAB3Nz..." - - # optional - networking = "cilium" - worker_count = 2 - worker_price = "0.021" - - daemonset_tolerations = ["arch"] # important - } - ``` - -=== "Flatcar Cluster" - - ```tf - module "gravitas" { - source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes?ref=v1.30.3" - - # AWS - cluster_name = "gravitas" - dns_zone = "aws.example.com" - dns_zone_id = "Z3PAABBCFAKEC0" - - # configuration - ssh_authorized_key = "ssh-ed25519 AAAAB3Nz..." - - # optional - networking = "cilium" - worker_count = 2 - worker_price = "0.021" - - daemonset_tolerations = ["arch"] # important - } - ``` - -=== "FCOS ARM64 Workers" - - ```tf - module "gravitas-arm64" { - source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes/workers?ref=v1.30.3" - - # AWS - vpc_id = module.gravitas.vpc_id - subnet_ids = module.gravitas.subnet_ids - security_groups = module.gravitas.worker_security_groups - - # configuration - name = "gravitas-arm64" - kubeconfig = module.gravitas.kubeconfig - ssh_authorized_key = var.ssh_authorized_key - - # optional - arch = "arm64" - instance_type = "t4g.small" - spot_price = "0.0168" - node_taints = ["arch=arm64:NoSchedule"] - } - ``` - -=== "Flatcar ARM64 Workers" - - ```tf - module "gravitas-arm64" { - source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes/workers?ref=v1.30.3" - - # AWS - vpc_id = module.gravitas.vpc_id - subnet_ids = module.gravitas.subnet_ids - security_groups = module.gravitas.worker_security_groups - - # configuration - name = "gravitas-arm64" - kubeconfig = module.gravitas.kubeconfig - ssh_authorized_key = var.ssh_authorized_key - - # optional - arch = "arm64" - instance_type = "t4g.small" - spot_price = "0.0168" - node_taints = ["arch=arm64:NoSchedule"] - } - ``` - -Verify amd64 (x86_64) and arm64 (aarch64) nodes are present. - -``` -$ kubectl get nodes -o wide -NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME -ip-10-0-1-73 Ready 111m v1.30.3 10.0.1.73 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.x86_64 containerd://1.5.8 -ip-10-0-22-79... Ready 111m v1.30.3 10.0.22.79 Flatcar Container Linux by Kinvolk 3033.2.0 (Oklo) 5.10.84-flatcar containerd://1.5.8 -ip-10-0-24-130 Ready 111m v1.30.3 10.0.24.130 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.x86_64 containerd://1.5.8 -ip-10-0-39-19 Ready 111m v1.30.3 10.0.39.19 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.x86_64 containerd://1.5.8 -``` - ## Azure Create a cluster on Azure with ARM64 controller and worker nodes. Container workloads must be `arm64` compatible and use `arm64` (or multi-arch) container images. @@ -194,13 +81,128 @@ module "ramius" { dns_zone = "azure.example.com" dns_zone_group = "example-group" + # instances + controller_arch = "arm64" + controller_type = "Standard_B2pls_v5" + worker_count = 2 + controller_arch = "arm64" + worker_type = "Standard_D2pls_v5" + # configuration ssh_authorized_key = "ssh-rsa AAAAB3Nz..." - - # optional - arch = "arm64" - controller_type = "Standard_D2pls_v5" - worker_type = "Standard_D2pls_v5" - worker_count = 2 } ``` + +## Hybrid + +Create a hybrid/mixed arch cluster by defining a cluster where [worker pool(s)](worker-pools.md#aws) have a different instance type architecture than controllers or other workers. Taints are added to aid in scheduling. + +Here's an AWS example, + +=== "FCOS Cluster" + + ```tf + module "gravitas" { + source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes?ref=v1.30.3" + + # AWS + cluster_name = "gravitas" + dns_zone = "aws.example.com" + dns_zone_id = "Z3PAABBCFAKEC0" + + # instances + worker_count = 2 + worker_arch = "arm64" + worker_type = "t4g.medium" + worker_price = "0.021" + + # configuration + daemonset_tolerations = ["arch"] # important + networking = "cilium" + ssh_authorized_key = "ssh-ed25519 AAAAB3Nz..." + } + ``` + +=== "Flatcar Cluster" + + ```tf + module "gravitas" { + source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes?ref=v1.30.3" + + # AWS + cluster_name = "gravitas" + dns_zone = "aws.example.com" + dns_zone_id = "Z3PAABBCFAKEC0" + + # instances + worker_count = 2 + worker_arch = "arm64" + worker_type = "t4g.medium" + worker_price = "0.021" + + # configuration + daemonset_tolerations = ["arch"] # important + networking = "cilium" + ssh_authorized_key = "ssh-ed25519 AAAAB3Nz..." + } + ``` + +=== "FCOS ARM64 Workers" + + ```tf + module "gravitas-arm64" { + source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes/workers?ref=v1.30.3" + + # AWS + vpc_id = module.gravitas.vpc_id + subnet_ids = module.gravitas.subnet_ids + security_groups = module.gravitas.worker_security_groups + + # instances + arch = "arm64" + instance_type = "t4g.small" + spot_price = "0.0168" + + # configuration + name = "gravitas-arm64" + kubeconfig = module.gravitas.kubeconfig + node_taints = ["arch=arm64:NoSchedule"] + ssh_authorized_key = var.ssh_authorized_key + } + ``` + +=== "Flatcar ARM64 Workers" + + ```tf + module "gravitas-arm64" { + source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes/workers?ref=v1.30.3" + + # AWS + vpc_id = module.gravitas.vpc_id + subnet_ids = module.gravitas.subnet_ids + security_groups = module.gravitas.worker_security_groups + + # instances + arch = "arm64" + instance_type = "t4g.small" + spot_price = "0.0168" + + # configuration + name = "gravitas-arm64" + kubeconfig = module.gravitas.kubeconfig + node_taints = ["arch=arm64:NoSchedule"] + ssh_authorized_key = var.ssh_authorized_key + } + ``` + +Verify amd64 (x86_64) and arm64 (aarch64) nodes are present. + +``` +$ kubectl get nodes -o wide +NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME +ip-10-0-1-73 Ready 111m v1.30.3 10.0.1.73 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.x86_64 containerd://1.5.8 +ip-10-0-22-79... Ready 111m v1.30.3 10.0.22.79 Flatcar Container Linux by Kinvolk 3033.2.0 (Oklo) 5.10.84-flatcar containerd://1.5.8 +ip-10-0-24-130 Ready 111m v1.30.3 10.0.24.130 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.x86_64 containerd://1.5.8 +ip-10-0-39-19 Ready 111m v1.30.3 10.0.39.19 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.x86_64 containerd://1.5.8 +``` + From 6e2daded02b5d20dd7c889de330c20af9867b1a7 Mon Sep 17 00:00:00 2001 From: Dalton Hubble Date: Fri, 2 Aug 2024 20:45:37 -0700 Subject: [PATCH 088/132] Remove some seldom used variables and set reasonable * Set reasonable values and remove some variable clutter * enable_reporting is only used with Calico and we can just default to false, I doubt anyone uses Calico and cares much about reporting metrics to upstream Calico --- CHANGES.md | 2 ++ aws/fedora-coreos/kubernetes/bootstrap.tf | 2 -- aws/fedora-coreos/kubernetes/variables.tf | 12 ------------ aws/flatcar-linux/kubernetes/bootstrap.tf | 2 -- aws/flatcar-linux/kubernetes/variables.tf | 12 ------------ azure/fedora-coreos/kubernetes/bootstrap.tf | 2 -- azure/fedora-coreos/kubernetes/variables.tf | 12 ------------ azure/flatcar-linux/kubernetes/bootstrap.tf | 2 -- azure/flatcar-linux/kubernetes/variables.tf | 12 ------------ bare-metal/fedora-coreos/kubernetes/bootstrap.tf | 2 -- bare-metal/fedora-coreos/kubernetes/variables.tf | 12 ------------ bare-metal/flatcar-linux/kubernetes/bootstrap.tf | 2 -- bare-metal/flatcar-linux/kubernetes/variables.tf | 12 ------------ digital-ocean/fedora-coreos/kubernetes/bootstrap.tf | 8 +++----- digital-ocean/fedora-coreos/kubernetes/variables.tf | 12 ------------ digital-ocean/flatcar-linux/kubernetes/bootstrap.tf | 8 +++----- digital-ocean/flatcar-linux/kubernetes/variables.tf | 12 ------------ google-cloud/fedora-coreos/kubernetes/bootstrap.tf | 2 -- google-cloud/fedora-coreos/kubernetes/variables.tf | 13 ------------- google-cloud/flatcar-linux/kubernetes/bootstrap.tf | 2 -- google-cloud/flatcar-linux/kubernetes/variables.tf | 12 ------------ 21 files changed, 8 insertions(+), 147 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index aa3e607c..25cd17f0 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -4,7 +4,9 @@ Notable changes between versions. ## Latest +* Remove `enable_aggregation` variable for Kubernetes Aggregation Layer, always set to true * Remove `cluster_domain_suffix` variable, always use "cluster.local" +* Remove `enable_reporting` variable for analytics, always set to false ## v1.30.3 diff --git a/aws/fedora-coreos/kubernetes/bootstrap.tf b/aws/fedora-coreos/kubernetes/bootstrap.tf index a018652c..ca307ca6 100644 --- a/aws/fedora-coreos/kubernetes/bootstrap.tf +++ b/aws/fedora-coreos/kubernetes/bootstrap.tf @@ -9,8 +9,6 @@ module "bootstrap" { network_mtu = var.network_mtu pod_cidr = var.pod_cidr service_cidr = var.service_cidr - enable_reporting = var.enable_reporting - enable_aggregation = var.enable_aggregation daemonset_tolerations = var.daemonset_tolerations components = var.components } diff --git a/aws/fedora-coreos/kubernetes/variables.tf b/aws/fedora-coreos/kubernetes/variables.tf index 3b8a10ac..f54506b5 100644 --- a/aws/fedora-coreos/kubernetes/variables.tf +++ b/aws/fedora-coreos/kubernetes/variables.tf @@ -172,18 +172,6 @@ variable "worker_node_labels" { # advanced -variable "enable_reporting" { - type = bool - description = "Enable usage or analytics reporting to upstreams (Calico)" - default = false -} - -variable "enable_aggregation" { - type = bool - description = "Enable the Kubernetes Aggregation Layer" - default = true -} - variable "controller_arch" { type = string description = "Controller node(s) architecture (amd64 or arm64)" diff --git a/aws/flatcar-linux/kubernetes/bootstrap.tf b/aws/flatcar-linux/kubernetes/bootstrap.tf index a018652c..ca307ca6 100644 --- a/aws/flatcar-linux/kubernetes/bootstrap.tf +++ b/aws/flatcar-linux/kubernetes/bootstrap.tf @@ -9,8 +9,6 @@ module "bootstrap" { network_mtu = var.network_mtu pod_cidr = var.pod_cidr service_cidr = var.service_cidr - enable_reporting = var.enable_reporting - enable_aggregation = var.enable_aggregation daemonset_tolerations = var.daemonset_tolerations components = var.components } diff --git a/aws/flatcar-linux/kubernetes/variables.tf b/aws/flatcar-linux/kubernetes/variables.tf index fcf55277..9c267385 100644 --- a/aws/flatcar-linux/kubernetes/variables.tf +++ b/aws/flatcar-linux/kubernetes/variables.tf @@ -172,18 +172,6 @@ variable "worker_node_labels" { # advanced -variable "enable_reporting" { - type = bool - description = "Enable usage or analytics reporting to upstreams (Calico)" - default = false -} - -variable "enable_aggregation" { - type = bool - description = "Enable the Kubernetes Aggregation Layer" - default = true -} - variable "controller_arch" { type = string description = "Controller node(s) architecture (amd64 or arm64)" diff --git a/azure/fedora-coreos/kubernetes/bootstrap.tf b/azure/fedora-coreos/kubernetes/bootstrap.tf index 285ced2f..bbd2b854 100644 --- a/azure/fedora-coreos/kubernetes/bootstrap.tf +++ b/azure/fedora-coreos/kubernetes/bootstrap.tf @@ -14,8 +14,6 @@ module "bootstrap" { pod_cidr = var.pod_cidr service_cidr = var.service_cidr - enable_reporting = var.enable_reporting - enable_aggregation = var.enable_aggregation daemonset_tolerations = var.daemonset_tolerations components = var.components } diff --git a/azure/fedora-coreos/kubernetes/variables.tf b/azure/fedora-coreos/kubernetes/variables.tf index d0240c06..decf59b8 100644 --- a/azure/fedora-coreos/kubernetes/variables.tf +++ b/azure/fedora-coreos/kubernetes/variables.tf @@ -152,18 +152,6 @@ variable "worker_node_labels" { # advanced -variable "enable_reporting" { - type = bool - description = "Enable usage or analytics reporting to upstreams (Calico)" - default = false -} - -variable "enable_aggregation" { - type = bool - description = "Enable the Kubernetes Aggregation Layer" - default = true -} - variable "daemonset_tolerations" { type = list(string) description = "List of additional taint keys kube-system DaemonSets should tolerate (e.g. ['custom-role', 'gpu-role'])" diff --git a/azure/flatcar-linux/kubernetes/bootstrap.tf b/azure/flatcar-linux/kubernetes/bootstrap.tf index 285ced2f..bbd2b854 100644 --- a/azure/flatcar-linux/kubernetes/bootstrap.tf +++ b/azure/flatcar-linux/kubernetes/bootstrap.tf @@ -14,8 +14,6 @@ module "bootstrap" { pod_cidr = var.pod_cidr service_cidr = var.service_cidr - enable_reporting = var.enable_reporting - enable_aggregation = var.enable_aggregation daemonset_tolerations = var.daemonset_tolerations components = var.components } diff --git a/azure/flatcar-linux/kubernetes/variables.tf b/azure/flatcar-linux/kubernetes/variables.tf index 69350813..dd8d6b30 100644 --- a/azure/flatcar-linux/kubernetes/variables.tf +++ b/azure/flatcar-linux/kubernetes/variables.tf @@ -150,18 +150,6 @@ EOD default = "10.3.0.0/16" } -variable "enable_reporting" { - type = bool - description = "Enable usage or analytics reporting to upstreams (Calico)" - default = false -} - -variable "enable_aggregation" { - type = bool - description = "Enable the Kubernetes Aggregation Layer" - default = true -} - variable "worker_node_labels" { type = list(string) description = "List of initial worker node labels" diff --git a/bare-metal/fedora-coreos/kubernetes/bootstrap.tf b/bare-metal/fedora-coreos/kubernetes/bootstrap.tf index c18b903e..ee558f8b 100644 --- a/bare-metal/fedora-coreos/kubernetes/bootstrap.tf +++ b/bare-metal/fedora-coreos/kubernetes/bootstrap.tf @@ -10,8 +10,6 @@ module "bootstrap" { network_ip_autodetection_method = var.network_ip_autodetection_method pod_cidr = var.pod_cidr service_cidr = var.service_cidr - enable_reporting = var.enable_reporting - enable_aggregation = var.enable_aggregation components = var.components } diff --git a/bare-metal/fedora-coreos/kubernetes/variables.tf b/bare-metal/fedora-coreos/kubernetes/variables.tf index 80d1d8e8..335e8ca4 100644 --- a/bare-metal/fedora-coreos/kubernetes/variables.tf +++ b/bare-metal/fedora-coreos/kubernetes/variables.tf @@ -139,18 +139,6 @@ variable "kernel_args" { default = [] } -variable "enable_reporting" { - type = bool - description = "Enable usage or analytics reporting to upstreams (Calico)" - default = false -} - -variable "enable_aggregation" { - type = bool - description = "Enable the Kubernetes Aggregation Layer" - default = true -} - # advanced variable "components" { diff --git a/bare-metal/flatcar-linux/kubernetes/bootstrap.tf b/bare-metal/flatcar-linux/kubernetes/bootstrap.tf index 994d3721..65555ab3 100644 --- a/bare-metal/flatcar-linux/kubernetes/bootstrap.tf +++ b/bare-metal/flatcar-linux/kubernetes/bootstrap.tf @@ -10,8 +10,6 @@ module "bootstrap" { network_ip_autodetection_method = var.network_ip_autodetection_method pod_cidr = var.pod_cidr service_cidr = var.service_cidr - enable_reporting = var.enable_reporting - enable_aggregation = var.enable_aggregation components = var.components } diff --git a/bare-metal/flatcar-linux/kubernetes/variables.tf b/bare-metal/flatcar-linux/kubernetes/variables.tf index 48a65054..7e7a6f55 100644 --- a/bare-metal/flatcar-linux/kubernetes/variables.tf +++ b/bare-metal/flatcar-linux/kubernetes/variables.tf @@ -144,18 +144,6 @@ variable "kernel_args" { default = [] } -variable "enable_reporting" { - type = bool - description = "Enable usage or analytics reporting to upstreams (Calico)" - default = false -} - -variable "enable_aggregation" { - type = bool - description = "Enable the Kubernetes Aggregation Layer" - default = true -} - variable "oem_type" { type = string description = < Date: Mon, 5 Aug 2024 08:47:06 -0700 Subject: [PATCH 089/132] Update default Cilium and CoreDNS components * Update the CoreDNS and Cilium versons used by default when folks aren't managing the components themselves --- CHANGES.md | 2 ++ aws/fedora-coreos/kubernetes/bootstrap.tf | 2 +- aws/flatcar-linux/kubernetes/bootstrap.tf | 2 +- azure/fedora-coreos/kubernetes/bootstrap.tf | 2 +- azure/flatcar-linux/kubernetes/bootstrap.tf | 2 +- bare-metal/fedora-coreos/kubernetes/bootstrap.tf | 2 +- bare-metal/flatcar-linux/kubernetes/bootstrap.tf | 2 +- digital-ocean/fedora-coreos/kubernetes/bootstrap.tf | 2 +- digital-ocean/flatcar-linux/kubernetes/bootstrap.tf | 2 +- google-cloud/fedora-coreos/kubernetes/bootstrap.tf | 2 +- google-cloud/flatcar-linux/kubernetes/bootstrap.tf | 2 +- 11 files changed, 12 insertions(+), 10 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index 25cd17f0..3c30e409 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -4,6 +4,8 @@ Notable changes between versions. ## Latest +* Update Cilium from v1.15.7 to [v1.16.0](https://github.com/cilium/cilium/releases/tag/v1.16.0) +* Update CoreDNS from v1.11.1 to v1.11.3 * Remove `enable_aggregation` variable for Kubernetes Aggregation Layer, always set to true * Remove `cluster_domain_suffix` variable, always use "cluster.local" * Remove `enable_reporting` variable for analytics, always set to false diff --git a/aws/fedora-coreos/kubernetes/bootstrap.tf b/aws/fedora-coreos/kubernetes/bootstrap.tf index ca307ca6..40013b94 100644 --- a/aws/fedora-coreos/kubernetes/bootstrap.tf +++ b/aws/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=1609060f4f138f3b3aef74a9e5494e0fe831c423" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=66d8fe3a4dab14c9459ca9e1f3ebc6f047d86277" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/aws/flatcar-linux/kubernetes/bootstrap.tf b/aws/flatcar-linux/kubernetes/bootstrap.tf index ca307ca6..40013b94 100644 --- a/aws/flatcar-linux/kubernetes/bootstrap.tf +++ b/aws/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=1609060f4f138f3b3aef74a9e5494e0fe831c423" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=66d8fe3a4dab14c9459ca9e1f3ebc6f047d86277" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/azure/fedora-coreos/kubernetes/bootstrap.tf b/azure/fedora-coreos/kubernetes/bootstrap.tf index bbd2b854..50ce6fd9 100644 --- a/azure/fedora-coreos/kubernetes/bootstrap.tf +++ b/azure/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=1609060f4f138f3b3aef74a9e5494e0fe831c423" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=66d8fe3a4dab14c9459ca9e1f3ebc6f047d86277" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/azure/flatcar-linux/kubernetes/bootstrap.tf b/azure/flatcar-linux/kubernetes/bootstrap.tf index bbd2b854..50ce6fd9 100644 --- a/azure/flatcar-linux/kubernetes/bootstrap.tf +++ b/azure/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=1609060f4f138f3b3aef74a9e5494e0fe831c423" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=66d8fe3a4dab14c9459ca9e1f3ebc6f047d86277" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/bare-metal/fedora-coreos/kubernetes/bootstrap.tf b/bare-metal/fedora-coreos/kubernetes/bootstrap.tf index ee558f8b..bef9e9db 100644 --- a/bare-metal/fedora-coreos/kubernetes/bootstrap.tf +++ b/bare-metal/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=1609060f4f138f3b3aef74a9e5494e0fe831c423" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=66d8fe3a4dab14c9459ca9e1f3ebc6f047d86277" cluster_name = var.cluster_name api_servers = [var.k8s_domain_name] diff --git a/bare-metal/flatcar-linux/kubernetes/bootstrap.tf b/bare-metal/flatcar-linux/kubernetes/bootstrap.tf index 65555ab3..64d4631d 100644 --- a/bare-metal/flatcar-linux/kubernetes/bootstrap.tf +++ b/bare-metal/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=1609060f4f138f3b3aef74a9e5494e0fe831c423" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=66d8fe3a4dab14c9459ca9e1f3ebc6f047d86277" cluster_name = var.cluster_name api_servers = [var.k8s_domain_name] diff --git a/digital-ocean/fedora-coreos/kubernetes/bootstrap.tf b/digital-ocean/fedora-coreos/kubernetes/bootstrap.tf index 68b1962f..02c98b8f 100644 --- a/digital-ocean/fedora-coreos/kubernetes/bootstrap.tf +++ b/digital-ocean/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=1609060f4f138f3b3aef74a9e5494e0fe831c423" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=66d8fe3a4dab14c9459ca9e1f3ebc6f047d86277" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/digital-ocean/flatcar-linux/kubernetes/bootstrap.tf b/digital-ocean/flatcar-linux/kubernetes/bootstrap.tf index 68b1962f..02c98b8f 100644 --- a/digital-ocean/flatcar-linux/kubernetes/bootstrap.tf +++ b/digital-ocean/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=1609060f4f138f3b3aef74a9e5494e0fe831c423" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=66d8fe3a4dab14c9459ca9e1f3ebc6f047d86277" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/google-cloud/fedora-coreos/kubernetes/bootstrap.tf b/google-cloud/fedora-coreos/kubernetes/bootstrap.tf index 3dc78b6f..e1fbfb63 100644 --- a/google-cloud/fedora-coreos/kubernetes/bootstrap.tf +++ b/google-cloud/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=1609060f4f138f3b3aef74a9e5494e0fe831c423" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=66d8fe3a4dab14c9459ca9e1f3ebc6f047d86277" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/google-cloud/flatcar-linux/kubernetes/bootstrap.tf b/google-cloud/flatcar-linux/kubernetes/bootstrap.tf index 3dc78b6f..e1fbfb63 100644 --- a/google-cloud/flatcar-linux/kubernetes/bootstrap.tf +++ b/google-cloud/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=1609060f4f138f3b3aef74a9e5494e0fe831c423" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=66d8fe3a4dab14c9459ca9e1f3ebc6f047d86277" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] From 320d76c934ce473c3918446d6e2dd2ff4743c2a9 Mon Sep 17 00:00:00 2001 From: Dalton Hubble Date: Fri, 16 Aug 2024 08:25:48 -0700 Subject: [PATCH 090/132] Update Kubernetes from v1.30.3 to v1.30.4 * Update Cilium from v1.16.0 to v1.16.1 --- CHANGES.md | 5 +++- README.md | 10 +++---- aws/fedora-coreos/kubernetes/README.md | 2 +- aws/fedora-coreos/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/workers/butane/worker.yaml | 2 +- aws/flatcar-linux/kubernetes/README.md | 2 +- aws/flatcar-linux/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/workers/butane/worker.yaml | 2 +- azure/fedora-coreos/kubernetes/README.md | 2 +- azure/fedora-coreos/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/workers/butane/worker.yaml | 2 +- azure/flatcar-linux/kubernetes/README.md | 2 +- azure/flatcar-linux/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/workers/butane/worker.yaml | 2 +- bare-metal/fedora-coreos/kubernetes/README.md | 2 +- .../fedora-coreos/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/worker/butane/worker.yaml | 2 +- bare-metal/flatcar-linux/kubernetes/README.md | 2 +- .../flatcar-linux/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/worker/butane/worker.yaml | 2 +- .../fedora-coreos/kubernetes/README.md | 2 +- .../fedora-coreos/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/butane/worker.yaml | 2 +- .../flatcar-linux/kubernetes/README.md | 2 +- .../flatcar-linux/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/butane/worker.yaml | 2 +- docs/advanced/arm64.md | 28 +++++++++---------- docs/advanced/nodes.md | 8 +++--- docs/advanced/worker-pools.md | 22 +++++++-------- docs/fedora-coreos/aws.md | 10 +++---- docs/fedora-coreos/azure.md | 10 +++---- docs/fedora-coreos/bare-metal.md | 12 ++++---- docs/fedora-coreos/digitalocean.md | 10 +++---- docs/fedora-coreos/google-cloud.md | 10 +++---- docs/flatcar-linux/aws.md | 10 +++---- docs/flatcar-linux/azure.md | 10 +++---- docs/flatcar-linux/bare-metal.md | 12 ++++---- docs/flatcar-linux/digitalocean.md | 10 +++---- docs/flatcar-linux/google-cloud.md | 10 +++---- docs/index.md | 10 +++---- docs/topics/maintenance.md | 8 +++--- .../fedora-coreos/kubernetes/README.md | 2 +- .../fedora-coreos/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/workers/butane/worker.yaml | 2 +- .../flatcar-linux/kubernetes/README.md | 2 +- .../flatcar-linux/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/workers/butane/worker.yaml | 2 +- 57 files changed, 149 insertions(+), 146 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index 3c30e409..8e2d9745 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -4,7 +4,10 @@ Notable changes between versions. ## Latest -* Update Cilium from v1.15.7 to [v1.16.0](https://github.com/cilium/cilium/releases/tag/v1.16.0) +## v1.30.4 + +* Kubernetes [v1.30.4](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.30.md#v1304) +* Update Cilium from v1.15.7 to [v1.16.1](https://github.com/cilium/cilium/releases/tag/v1.16.1) * Update CoreDNS from v1.11.1 to v1.11.3 * Remove `enable_aggregation` variable for Kubernetes Aggregation Layer, always set to true * Remove `cluster_domain_suffix` variable, always use "cluster.local" diff --git a/README.md b/README.md index e6c04e64..5f997307 100644 --- a/README.md +++ b/README.md @@ -18,7 +18,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.30.3 (upstream) +* Kubernetes v1.30.4 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/), SELinux enforcing * Advanced features like [worker pools](https://typhoon.psdn.io/advanced/worker-pools/), [preemptible](https://typhoon.psdn.io/flatcar-linux/google-cloud/#preemption) workers, and [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization @@ -78,7 +78,7 @@ Define a Kubernetes cluster by using the Terraform module for your chosen platfo ```tf module "yavin" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.30.3" + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.30.4" # Google Cloud cluster_name = "yavin" @@ -117,9 +117,9 @@ In 4-8 minutes (varies by platform), the cluster will be ready. This Google Clou $ export KUBECONFIG=/home/user/.kube/configs/yavin-config $ kubectl get nodes NAME ROLES STATUS AGE VERSION -yavin-controller-0.c.example-com.internal Ready 6m v1.30.3 -yavin-worker-jrbf.c.example-com.internal Ready 5m v1.30.3 -yavin-worker-mzdm.c.example-com.internal Ready 5m v1.30.3 +yavin-controller-0.c.example-com.internal Ready 6m v1.30.4 +yavin-worker-jrbf.c.example-com.internal Ready 5m v1.30.4 +yavin-worker-mzdm.c.example-com.internal Ready 5m v1.30.4 ``` List the pods. diff --git a/aws/fedora-coreos/kubernetes/README.md b/aws/fedora-coreos/kubernetes/README.md index 722cf068..462713bf 100644 --- a/aws/fedora-coreos/kubernetes/README.md +++ b/aws/fedora-coreos/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.30.3 (upstream) +* Kubernetes v1.30.4 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/), SELinux enforcing * Advanced features like [worker pools](https://typhoon.psdn.io/advanced/worker-pools/), [spot](https://typhoon.psdn.io/fedora-coreos/aws/#spot) workers, and [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/aws/fedora-coreos/kubernetes/bootstrap.tf b/aws/fedora-coreos/kubernetes/bootstrap.tf index 40013b94..ff4635ae 100644 --- a/aws/fedora-coreos/kubernetes/bootstrap.tf +++ b/aws/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=66d8fe3a4dab14c9459ca9e1f3ebc6f047d86277" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=8b6a3a4c0dacdc4c2eee22aa302ba5d49fc688ac" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/aws/fedora-coreos/kubernetes/butane/controller.yaml b/aws/fedora-coreos/kubernetes/butane/controller.yaml index 7023d509..a3cf5a9b 100644 --- a/aws/fedora-coreos/kubernetes/butane/controller.yaml +++ b/aws/fedora-coreos/kubernetes/butane/controller.yaml @@ -57,7 +57,7 @@ systemd: After=afterburn.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.3 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.4 EnvironmentFile=/run/metadata/afterburn ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests @@ -116,7 +116,7 @@ systemd: --volume /opt/bootstrap/assets:/assets:ro,Z \ --volume /opt/bootstrap/apply:/apply:ro,Z \ --entrypoint=/apply \ - quay.io/poseidon/kubelet:v1.30.3 + quay.io/poseidon/kubelet:v1.30.4 ExecStartPost=/bin/touch /opt/bootstrap/bootstrap.done ExecStartPost=-/usr/bin/podman stop bootstrap storage: diff --git a/aws/fedora-coreos/kubernetes/workers/butane/worker.yaml b/aws/fedora-coreos/kubernetes/workers/butane/worker.yaml index 0e7f418f..36705461 100644 --- a/aws/fedora-coreos/kubernetes/workers/butane/worker.yaml +++ b/aws/fedora-coreos/kubernetes/workers/butane/worker.yaml @@ -29,7 +29,7 @@ systemd: After=afterburn.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.3 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.4 EnvironmentFile=/run/metadata/afterburn ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests diff --git a/aws/flatcar-linux/kubernetes/README.md b/aws/flatcar-linux/kubernetes/README.md index 9ddd76ff..974d0f39 100644 --- a/aws/flatcar-linux/kubernetes/README.md +++ b/aws/flatcar-linux/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.30.3 (upstream) +* Kubernetes v1.30.4 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/) * Advanced features like [worker pools](https://typhoon.psdn.io/advanced/worker-pools/), [spot](https://typhoon.psdn.io/flatcar-linux/aws/#spot) workers, and [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/aws/flatcar-linux/kubernetes/bootstrap.tf b/aws/flatcar-linux/kubernetes/bootstrap.tf index 40013b94..ff4635ae 100644 --- a/aws/flatcar-linux/kubernetes/bootstrap.tf +++ b/aws/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=66d8fe3a4dab14c9459ca9e1f3ebc6f047d86277" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=8b6a3a4c0dacdc4c2eee22aa302ba5d49fc688ac" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/aws/flatcar-linux/kubernetes/butane/controller.yaml b/aws/flatcar-linux/kubernetes/butane/controller.yaml index 69c6294d..24219559 100644 --- a/aws/flatcar-linux/kubernetes/butane/controller.yaml +++ b/aws/flatcar-linux/kubernetes/butane/controller.yaml @@ -58,7 +58,7 @@ systemd: After=coreos-metadata.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.3 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.4 EnvironmentFile=/run/metadata/coreos ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests @@ -109,7 +109,7 @@ systemd: Type=oneshot RemainAfterExit=true WorkingDirectory=/opt/bootstrap - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.3 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.4 ExecStart=/usr/bin/docker run \ -v /etc/kubernetes/pki:/etc/kubernetes/pki:ro \ -v /opt/bootstrap/assets:/assets:ro \ diff --git a/aws/flatcar-linux/kubernetes/workers/butane/worker.yaml b/aws/flatcar-linux/kubernetes/workers/butane/worker.yaml index 8a789b88..91a9f19d 100644 --- a/aws/flatcar-linux/kubernetes/workers/butane/worker.yaml +++ b/aws/flatcar-linux/kubernetes/workers/butane/worker.yaml @@ -30,7 +30,7 @@ systemd: After=coreos-metadata.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.3 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.4 EnvironmentFile=/run/metadata/coreos ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests diff --git a/azure/fedora-coreos/kubernetes/README.md b/azure/fedora-coreos/kubernetes/README.md index 1aa101c8..ededacf8 100644 --- a/azure/fedora-coreos/kubernetes/README.md +++ b/azure/fedora-coreos/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.30.3 (upstream) +* Kubernetes v1.30.4 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/), SELinux enforcing * Advanced features like [worker pools](https://typhoon.psdn.io/advanced/worker-pools/), [spot priority](https://typhoon.psdn.io/fedora-coreos/azure/#low-priority) workers, and [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/azure/fedora-coreos/kubernetes/bootstrap.tf b/azure/fedora-coreos/kubernetes/bootstrap.tf index 50ce6fd9..94e3234e 100644 --- a/azure/fedora-coreos/kubernetes/bootstrap.tf +++ b/azure/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=66d8fe3a4dab14c9459ca9e1f3ebc6f047d86277" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=8b6a3a4c0dacdc4c2eee22aa302ba5d49fc688ac" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/azure/fedora-coreos/kubernetes/butane/controller.yaml b/azure/fedora-coreos/kubernetes/butane/controller.yaml index 6a1ce854..b961e03f 100644 --- a/azure/fedora-coreos/kubernetes/butane/controller.yaml +++ b/azure/fedora-coreos/kubernetes/butane/controller.yaml @@ -54,7 +54,7 @@ systemd: Description=Kubelet (System Container) Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.3 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.4 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin @@ -111,7 +111,7 @@ systemd: --volume /opt/bootstrap/assets:/assets:ro,Z \ --volume /opt/bootstrap/apply:/apply:ro,Z \ --entrypoint=/apply \ - quay.io/poseidon/kubelet:v1.30.3 + quay.io/poseidon/kubelet:v1.30.4 ExecStartPost=/bin/touch /opt/bootstrap/bootstrap.done ExecStartPost=-/usr/bin/podman stop bootstrap storage: diff --git a/azure/fedora-coreos/kubernetes/workers/butane/worker.yaml b/azure/fedora-coreos/kubernetes/workers/butane/worker.yaml index 7eaf9474..8236e15c 100644 --- a/azure/fedora-coreos/kubernetes/workers/butane/worker.yaml +++ b/azure/fedora-coreos/kubernetes/workers/butane/worker.yaml @@ -26,7 +26,7 @@ systemd: Description=Kubelet (System Container) Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.3 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.4 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin diff --git a/azure/flatcar-linux/kubernetes/README.md b/azure/flatcar-linux/kubernetes/README.md index a6656866..48967751 100644 --- a/azure/flatcar-linux/kubernetes/README.md +++ b/azure/flatcar-linux/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.30.3 (upstream) +* Kubernetes v1.30.4 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/) * Advanced features like [worker pools](https://typhoon.psdn.io/advanced/worker-pools/), [low-priority](https://typhoon.psdn.io/flatcar-linux/azure/#low-priority) workers, and [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/azure/flatcar-linux/kubernetes/bootstrap.tf b/azure/flatcar-linux/kubernetes/bootstrap.tf index 50ce6fd9..94e3234e 100644 --- a/azure/flatcar-linux/kubernetes/bootstrap.tf +++ b/azure/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=66d8fe3a4dab14c9459ca9e1f3ebc6f047d86277" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=8b6a3a4c0dacdc4c2eee22aa302ba5d49fc688ac" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/azure/flatcar-linux/kubernetes/butane/controller.yaml b/azure/flatcar-linux/kubernetes/butane/controller.yaml index 9ffcb74b..555c844e 100644 --- a/azure/flatcar-linux/kubernetes/butane/controller.yaml +++ b/azure/flatcar-linux/kubernetes/butane/controller.yaml @@ -56,7 +56,7 @@ systemd: After=docker.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.3 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.4 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin @@ -105,7 +105,7 @@ systemd: Type=oneshot RemainAfterExit=true WorkingDirectory=/opt/bootstrap - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.3 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.4 ExecStart=/usr/bin/docker run \ -v /etc/kubernetes/pki:/etc/kubernetes/pki:ro \ -v /opt/bootstrap/assets:/assets:ro \ diff --git a/azure/flatcar-linux/kubernetes/workers/butane/worker.yaml b/azure/flatcar-linux/kubernetes/workers/butane/worker.yaml index ff427647..31411ab0 100644 --- a/azure/flatcar-linux/kubernetes/workers/butane/worker.yaml +++ b/azure/flatcar-linux/kubernetes/workers/butane/worker.yaml @@ -28,7 +28,7 @@ systemd: After=docker.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.3 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.4 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin diff --git a/bare-metal/fedora-coreos/kubernetes/README.md b/bare-metal/fedora-coreos/kubernetes/README.md index 9b68579d..6f005343 100644 --- a/bare-metal/fedora-coreos/kubernetes/README.md +++ b/bare-metal/fedora-coreos/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.30.3 (upstream) +* Kubernetes v1.30.4 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/), SELinux enforcing * Advanced features like [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/bare-metal/fedora-coreos/kubernetes/bootstrap.tf b/bare-metal/fedora-coreos/kubernetes/bootstrap.tf index bef9e9db..ce660b6c 100644 --- a/bare-metal/fedora-coreos/kubernetes/bootstrap.tf +++ b/bare-metal/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=66d8fe3a4dab14c9459ca9e1f3ebc6f047d86277" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=8b6a3a4c0dacdc4c2eee22aa302ba5d49fc688ac" cluster_name = var.cluster_name api_servers = [var.k8s_domain_name] diff --git a/bare-metal/fedora-coreos/kubernetes/butane/controller.yaml b/bare-metal/fedora-coreos/kubernetes/butane/controller.yaml index e21abf1b..8eab4332 100644 --- a/bare-metal/fedora-coreos/kubernetes/butane/controller.yaml +++ b/bare-metal/fedora-coreos/kubernetes/butane/controller.yaml @@ -53,7 +53,7 @@ systemd: Description=Kubelet (System Container) Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.3 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.4 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin @@ -113,7 +113,7 @@ systemd: Type=oneshot RemainAfterExit=true WorkingDirectory=/opt/bootstrap - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.3 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.4 ExecStartPre=-/usr/bin/podman rm bootstrap ExecStart=/usr/bin/podman run --name bootstrap \ --network host \ diff --git a/bare-metal/fedora-coreos/kubernetes/worker/butane/worker.yaml b/bare-metal/fedora-coreos/kubernetes/worker/butane/worker.yaml index cb098fec..b3bef7d5 100644 --- a/bare-metal/fedora-coreos/kubernetes/worker/butane/worker.yaml +++ b/bare-metal/fedora-coreos/kubernetes/worker/butane/worker.yaml @@ -25,7 +25,7 @@ systemd: Description=Kubelet (System Container) Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.3 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.4 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin diff --git a/bare-metal/flatcar-linux/kubernetes/README.md b/bare-metal/flatcar-linux/kubernetes/README.md index c125ddce..ccc9d9b0 100644 --- a/bare-metal/flatcar-linux/kubernetes/README.md +++ b/bare-metal/flatcar-linux/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.30.3 (upstream) +* Kubernetes v1.30.4 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/) * Advanced features like [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/bare-metal/flatcar-linux/kubernetes/bootstrap.tf b/bare-metal/flatcar-linux/kubernetes/bootstrap.tf index 64d4631d..6489671b 100644 --- a/bare-metal/flatcar-linux/kubernetes/bootstrap.tf +++ b/bare-metal/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=66d8fe3a4dab14c9459ca9e1f3ebc6f047d86277" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=8b6a3a4c0dacdc4c2eee22aa302ba5d49fc688ac" cluster_name = var.cluster_name api_servers = [var.k8s_domain_name] diff --git a/bare-metal/flatcar-linux/kubernetes/butane/controller.yaml b/bare-metal/flatcar-linux/kubernetes/butane/controller.yaml index a77ad94f..f9ca6ef4 100644 --- a/bare-metal/flatcar-linux/kubernetes/butane/controller.yaml +++ b/bare-metal/flatcar-linux/kubernetes/butane/controller.yaml @@ -64,7 +64,7 @@ systemd: After=docker.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.3 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.4 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin @@ -114,7 +114,7 @@ systemd: Type=oneshot RemainAfterExit=true WorkingDirectory=/opt/bootstrap - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.3 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.4 ExecStart=/usr/bin/docker run \ -v /etc/kubernetes/pki:/etc/kubernetes/pki:ro \ -v /opt/bootstrap/assets:/assets:ro \ diff --git a/bare-metal/flatcar-linux/kubernetes/worker/butane/worker.yaml b/bare-metal/flatcar-linux/kubernetes/worker/butane/worker.yaml index 6f38f008..2dc8546e 100644 --- a/bare-metal/flatcar-linux/kubernetes/worker/butane/worker.yaml +++ b/bare-metal/flatcar-linux/kubernetes/worker/butane/worker.yaml @@ -36,7 +36,7 @@ systemd: After=docker.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.3 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.4 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin diff --git a/digital-ocean/fedora-coreos/kubernetes/README.md b/digital-ocean/fedora-coreos/kubernetes/README.md index 53e8ac25..96a93023 100644 --- a/digital-ocean/fedora-coreos/kubernetes/README.md +++ b/digital-ocean/fedora-coreos/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.30.3 (upstream) +* Kubernetes v1.30.4 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/), SELinux enforcing * Advanced features like [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/digital-ocean/fedora-coreos/kubernetes/bootstrap.tf b/digital-ocean/fedora-coreos/kubernetes/bootstrap.tf index 02c98b8f..90fddf75 100644 --- a/digital-ocean/fedora-coreos/kubernetes/bootstrap.tf +++ b/digital-ocean/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=66d8fe3a4dab14c9459ca9e1f3ebc6f047d86277" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=8b6a3a4c0dacdc4c2eee22aa302ba5d49fc688ac" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/digital-ocean/fedora-coreos/kubernetes/butane/controller.yaml b/digital-ocean/fedora-coreos/kubernetes/butane/controller.yaml index d7a02eb7..920e300b 100644 --- a/digital-ocean/fedora-coreos/kubernetes/butane/controller.yaml +++ b/digital-ocean/fedora-coreos/kubernetes/butane/controller.yaml @@ -55,7 +55,7 @@ systemd: After=afterburn.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.3 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.4 EnvironmentFile=/run/metadata/afterburn ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests @@ -123,7 +123,7 @@ systemd: --volume /opt/bootstrap/assets:/assets:ro,Z \ --volume /opt/bootstrap/apply:/apply:ro,Z \ --entrypoint=/apply \ - quay.io/poseidon/kubelet:v1.30.3 + quay.io/poseidon/kubelet:v1.30.4 ExecStartPost=/bin/touch /opt/bootstrap/bootstrap.done ExecStartPost=-/usr/bin/podman stop bootstrap storage: diff --git a/digital-ocean/fedora-coreos/kubernetes/butane/worker.yaml b/digital-ocean/fedora-coreos/kubernetes/butane/worker.yaml index f025418b..83e93976 100644 --- a/digital-ocean/fedora-coreos/kubernetes/butane/worker.yaml +++ b/digital-ocean/fedora-coreos/kubernetes/butane/worker.yaml @@ -28,7 +28,7 @@ systemd: After=afterburn.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.3 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.4 EnvironmentFile=/run/metadata/afterburn ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests diff --git a/digital-ocean/flatcar-linux/kubernetes/README.md b/digital-ocean/flatcar-linux/kubernetes/README.md index f0c092ba..cb9363fb 100644 --- a/digital-ocean/flatcar-linux/kubernetes/README.md +++ b/digital-ocean/flatcar-linux/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.30.3 (upstream) +* Kubernetes v1.30.4 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/) * Advanced features like [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/digital-ocean/flatcar-linux/kubernetes/bootstrap.tf b/digital-ocean/flatcar-linux/kubernetes/bootstrap.tf index 02c98b8f..90fddf75 100644 --- a/digital-ocean/flatcar-linux/kubernetes/bootstrap.tf +++ b/digital-ocean/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=66d8fe3a4dab14c9459ca9e1f3ebc6f047d86277" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=8b6a3a4c0dacdc4c2eee22aa302ba5d49fc688ac" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/digital-ocean/flatcar-linux/kubernetes/butane/controller.yaml b/digital-ocean/flatcar-linux/kubernetes/butane/controller.yaml index 7cf9db86..4e3f60b7 100644 --- a/digital-ocean/flatcar-linux/kubernetes/butane/controller.yaml +++ b/digital-ocean/flatcar-linux/kubernetes/butane/controller.yaml @@ -66,7 +66,7 @@ systemd: After=coreos-metadata.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.3 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.4 EnvironmentFile=/run/metadata/coreos ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests @@ -117,7 +117,7 @@ systemd: Type=oneshot RemainAfterExit=true WorkingDirectory=/opt/bootstrap - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.3 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.4 ExecStart=/usr/bin/docker run \ -v /etc/kubernetes/pki:/etc/kubernetes/pki:ro \ -v /opt/bootstrap/assets:/assets:ro \ diff --git a/digital-ocean/flatcar-linux/kubernetes/butane/worker.yaml b/digital-ocean/flatcar-linux/kubernetes/butane/worker.yaml index fb9ac59b..fb4c965e 100644 --- a/digital-ocean/flatcar-linux/kubernetes/butane/worker.yaml +++ b/digital-ocean/flatcar-linux/kubernetes/butane/worker.yaml @@ -38,7 +38,7 @@ systemd: After=coreos-metadata.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.3 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.4 EnvironmentFile=/run/metadata/coreos ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests diff --git a/docs/advanced/arm64.md b/docs/advanced/arm64.md index 5f3b123a..3e829758 100644 --- a/docs/advanced/arm64.md +++ b/docs/advanced/arm64.md @@ -13,7 +13,7 @@ Create a cluster on AWS with ARM64 controller and worker nodes. Container worklo ```tf module "gravitas" { - source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes?ref=v1.30.3" + source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes?ref=v1.30.4" # AWS cluster_name = "gravitas" @@ -37,7 +37,7 @@ Create a cluster on AWS with ARM64 controller and worker nodes. Container worklo ```tf module "gravitas" { - source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes?ref=v1.30.3" + source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes?ref=v1.30.4" # AWS cluster_name = "gravitas" @@ -62,9 +62,9 @@ Verify the cluster has only arm64 (`aarch64`) nodes. For Flatcar Linux, describe ``` $ kubectl get nodes -o wide NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME -ip-10-0-21-119 Ready 77s v1.30.3 10.0.21.119 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.aarch64 containerd://1.5.8 -ip-10-0-32-166 Ready 80s v1.30.3 10.0.32.166 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.aarch64 containerd://1.5.8 -ip-10-0-5-79 Ready 77s v1.30.3 10.0.5.79 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.aarch64 containerd://1.5.8 +ip-10-0-21-119 Ready 77s v1.30.4 10.0.21.119 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.aarch64 containerd://1.5.8 +ip-10-0-32-166 Ready 80s v1.30.4 10.0.32.166 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.aarch64 containerd://1.5.8 +ip-10-0-5-79 Ready 77s v1.30.4 10.0.5.79 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.aarch64 containerd://1.5.8 ``` ## Azure @@ -73,7 +73,7 @@ Create a cluster on Azure with ARM64 controller and worker nodes. Container work ```tf module "ramius" { - source = "git::https://github.com/poseidon/typhoon//azure/flatcar-linux/kubernetes?ref=v1.30.3" + source = "git::https://github.com/poseidon/typhoon//azure/flatcar-linux/kubernetes?ref=v1.30.4" # Azure cluster_name = "ramius" @@ -103,7 +103,7 @@ Here's an AWS example, ```tf module "gravitas" { - source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes?ref=v1.30.3" + source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes?ref=v1.30.4" # AWS cluster_name = "gravitas" @@ -127,7 +127,7 @@ Here's an AWS example, ```tf module "gravitas" { - source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes?ref=v1.30.3" + source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes?ref=v1.30.4" # AWS cluster_name = "gravitas" @@ -151,7 +151,7 @@ Here's an AWS example, ```tf module "gravitas-arm64" { - source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes/workers?ref=v1.30.3" + source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes/workers?ref=v1.30.4" # AWS vpc_id = module.gravitas.vpc_id @@ -175,7 +175,7 @@ Here's an AWS example, ```tf module "gravitas-arm64" { - source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes/workers?ref=v1.30.3" + source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes/workers?ref=v1.30.4" # AWS vpc_id = module.gravitas.vpc_id @@ -200,9 +200,9 @@ Verify amd64 (x86_64) and arm64 (aarch64) nodes are present. ``` $ kubectl get nodes -o wide NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME -ip-10-0-1-73 Ready 111m v1.30.3 10.0.1.73 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.x86_64 containerd://1.5.8 -ip-10-0-22-79... Ready 111m v1.30.3 10.0.22.79 Flatcar Container Linux by Kinvolk 3033.2.0 (Oklo) 5.10.84-flatcar containerd://1.5.8 -ip-10-0-24-130 Ready 111m v1.30.3 10.0.24.130 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.x86_64 containerd://1.5.8 -ip-10-0-39-19 Ready 111m v1.30.3 10.0.39.19 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.x86_64 containerd://1.5.8 +ip-10-0-1-73 Ready 111m v1.30.4 10.0.1.73 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.x86_64 containerd://1.5.8 +ip-10-0-22-79... Ready 111m v1.30.4 10.0.22.79 Flatcar Container Linux by Kinvolk 3033.2.0 (Oklo) 5.10.84-flatcar containerd://1.5.8 +ip-10-0-24-130 Ready 111m v1.30.4 10.0.24.130 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.x86_64 containerd://1.5.8 +ip-10-0-39-19 Ready 111m v1.30.4 10.0.39.19 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.x86_64 containerd://1.5.8 ``` diff --git a/docs/advanced/nodes.md b/docs/advanced/nodes.md index 8f94a34b..0a9d7738 100644 --- a/docs/advanced/nodes.md +++ b/docs/advanced/nodes.md @@ -36,7 +36,7 @@ Add custom initial worker node labels to default workers or worker pool nodes to ```tf module "yavin" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.30.3" + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.30.4" # Google Cloud cluster_name = "yavin" @@ -57,7 +57,7 @@ Add custom initial worker node labels to default workers or worker pool nodes to ```tf module "yavin-pool" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes/workers?ref=v1.30.3" + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes/workers?ref=v1.30.4" # Google Cloud cluster_name = "yavin" @@ -89,7 +89,7 @@ Add custom initial taints on worker pool nodes to indicate a node is unique and ```tf module "yavin" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.30.3" + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.30.4" # Google Cloud cluster_name = "yavin" @@ -110,7 +110,7 @@ Add custom initial taints on worker pool nodes to indicate a node is unique and ```tf module "yavin-pool" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes/workers?ref=v1.30.3" + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes/workers?ref=v1.30.4" # Google Cloud cluster_name = "yavin" diff --git a/docs/advanced/worker-pools.md b/docs/advanced/worker-pools.md index 4ef1eb51..6bf3a3e4 100644 --- a/docs/advanced/worker-pools.md +++ b/docs/advanced/worker-pools.md @@ -19,7 +19,7 @@ Create a cluster following the AWS [tutorial](../flatcar-linux/aws.md#cluster). ```tf module "tempest-worker-pool" { - source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes/workers?ref=v1.30.3" + source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes/workers?ref=v1.30.4" # AWS vpc_id = module.tempest.vpc_id @@ -42,7 +42,7 @@ Create a cluster following the AWS [tutorial](../flatcar-linux/aws.md#cluster). ```tf module "tempest-worker-pool" { - source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes/workers?ref=v1.30.3" + source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes/workers?ref=v1.30.4" # AWS vpc_id = module.tempest.vpc_id @@ -111,7 +111,7 @@ Create a cluster following the Azure [tutorial](../flatcar-linux/azure.md#cluste ```tf module "ramius-worker-pool" { - source = "git::https://github.com/poseidon/typhoon//azure/fedora-coreos/kubernetes/workers?ref=v1.30.3" + source = "git::https://github.com/poseidon/typhoon//azure/fedora-coreos/kubernetes/workers?ref=v1.30.4" # Azure location = module.ramius.location @@ -137,7 +137,7 @@ Create a cluster following the Azure [tutorial](../flatcar-linux/azure.md#cluste ```tf module "ramius-worker-pool" { - source = "git::https://github.com/poseidon/typhoon//azure/flatcar-linux/kubernetes/workers?ref=v1.30.3" + source = "git::https://github.com/poseidon/typhoon//azure/flatcar-linux/kubernetes/workers?ref=v1.30.4" # Azure location = module.ramius.location @@ -207,7 +207,7 @@ Create a cluster following the Google Cloud [tutorial](../flatcar-linux/google-c ```tf module "yavin-worker-pool" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes/workers?ref=v1.30.3" + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes/workers?ref=v1.30.4" # Google Cloud region = "europe-west2" @@ -231,7 +231,7 @@ Create a cluster following the Google Cloud [tutorial](../flatcar-linux/google-c ```tf module "yavin-worker-pool" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/flatcar-linux/kubernetes/workers?ref=v1.30.3" + source = "git::https://github.com/poseidon/typhoon//google-cloud/flatcar-linux/kubernetes/workers?ref=v1.30.4" # Google Cloud region = "europe-west2" @@ -262,11 +262,11 @@ Verify a managed instance group of workers joins the cluster within a few minute ``` $ kubectl get nodes NAME STATUS AGE VERSION -yavin-controller-0.c.example-com.internal Ready 6m v1.30.3 -yavin-worker-jrbf.c.example-com.internal Ready 5m v1.30.3 -yavin-worker-mzdm.c.example-com.internal Ready 5m v1.30.3 -yavin-16x-worker-jrbf.c.example-com.internal Ready 3m v1.30.3 -yavin-16x-worker-mzdm.c.example-com.internal Ready 3m v1.30.3 +yavin-controller-0.c.example-com.internal Ready 6m v1.30.4 +yavin-worker-jrbf.c.example-com.internal Ready 5m v1.30.4 +yavin-worker-mzdm.c.example-com.internal Ready 5m v1.30.4 +yavin-16x-worker-jrbf.c.example-com.internal Ready 3m v1.30.4 +yavin-16x-worker-mzdm.c.example-com.internal Ready 3m v1.30.4 ``` ### Variables diff --git a/docs/fedora-coreos/aws.md b/docs/fedora-coreos/aws.md index b38902c2..e2375fea 100644 --- a/docs/fedora-coreos/aws.md +++ b/docs/fedora-coreos/aws.md @@ -1,6 +1,6 @@ # AWS -In this tutorial, we'll create a Kubernetes v1.30.3 cluster on AWS with Fedora CoreOS. +In this tutorial, we'll create a Kubernetes v1.30.4 cluster on AWS with Fedora CoreOS. We'll declare a Kubernetes cluster using the Typhoon Terraform module. Then apply the changes to create a VPC, gateway, subnets, security groups, controller instances, worker auto-scaling group, network load balancer, and TLS assets. @@ -72,7 +72,7 @@ Define a Kubernetes cluster using the module `aws/fedora-coreos/kubernetes`. ```tf module "tempest" { - source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes?ref=v1.30.3" + source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes?ref=v1.30.4" # AWS cluster_name = "tempest" @@ -145,9 +145,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/tempest-config $ kubectl get nodes NAME STATUS ROLES AGE VERSION -ip-10-0-3-155 Ready 10m v1.30.3 -ip-10-0-26-65 Ready 10m v1.30.3 -ip-10-0-41-21 Ready 10m v1.30.3 +ip-10-0-3-155 Ready 10m v1.30.4 +ip-10-0-26-65 Ready 10m v1.30.4 +ip-10-0-41-21 Ready 10m v1.30.4 ``` List the pods. diff --git a/docs/fedora-coreos/azure.md b/docs/fedora-coreos/azure.md index 8ddf0bd4..4c29585c 100644 --- a/docs/fedora-coreos/azure.md +++ b/docs/fedora-coreos/azure.md @@ -1,6 +1,6 @@ # Azure -In this tutorial, we'll create a Kubernetes v1.30.3 cluster on Azure with Fedora CoreOS. +In this tutorial, we'll create a Kubernetes v1.30.4 cluster on Azure with Fedora CoreOS. We'll declare a Kubernetes cluster using the Typhoon Terraform module. Then apply the changes to create a resource group, virtual network, subnets, security groups, controller availability set, worker scale set, load balancer, and TLS assets. @@ -86,7 +86,7 @@ Define a Kubernetes cluster using the module `azure/fedora-coreos/kubernetes`. ```tf module "ramius" { - source = "git::https://github.com/poseidon/typhoon//azure/fedora-coreos/kubernetes?ref=v1.30.3" + source = "git::https://github.com/poseidon/typhoon//azure/fedora-coreos/kubernetes?ref=v1.30.4" # Azure cluster_name = "ramius" @@ -163,9 +163,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/ramius-config $ kubectl get nodes NAME STATUS ROLES AGE VERSION -ramius-controller-0 Ready 24m v1.30.3 -ramius-worker-000001 Ready 25m v1.30.3 -ramius-worker-000002 Ready 24m v1.30.3 +ramius-controller-0 Ready 24m v1.30.4 +ramius-worker-000001 Ready 25m v1.30.4 +ramius-worker-000002 Ready 24m v1.30.4 ``` List the pods. diff --git a/docs/fedora-coreos/bare-metal.md b/docs/fedora-coreos/bare-metal.md index 0d70b94b..688fcc11 100644 --- a/docs/fedora-coreos/bare-metal.md +++ b/docs/fedora-coreos/bare-metal.md @@ -1,6 +1,6 @@ # Bare-Metal -In this tutorial, we'll network boot and provision a Kubernetes v1.30.3 cluster on bare-metal with Fedora CoreOS. +In this tutorial, we'll network boot and provision a Kubernetes v1.30.4 cluster on bare-metal with Fedora CoreOS. First, we'll deploy a [Matchbox](https://github.com/poseidon/matchbox) service and setup a network boot environment. Then, we'll declare a Kubernetes cluster using the Typhoon Terraform module and power on machines. On PXE boot, machines will install Fedora CoreOS to disk, reboot into the disk install, and provision themselves as Kubernetes controllers or workers via Ignition. @@ -154,7 +154,7 @@ Define a Kubernetes cluster using the module `bare-metal/fedora-coreos/kubernete ```tf module "mercury" { - source = "git::https://github.com/poseidon/typhoon//bare-metal/fedora-coreos/kubernetes?ref=v1.30.3" + source = "git::https://github.com/poseidon/typhoon//bare-metal/fedora-coreos/kubernetes?ref=v1.30.4" # bare-metal cluster_name = "mercury" @@ -191,7 +191,7 @@ Workers with similar features can be defined inline using the `workers` field as ```tf module "mercury-node1" { - source = "git::https://github.com/poseidon/typhoon//bare-metal/fedora-coreos/kubernetes/worker?ref=v1.30.3" + source = "git::https://github.com/poseidon/typhoon//bare-metal/fedora-coreos/kubernetes/worker?ref=v1.30.4" # bare-metal cluster_name = "mercury" @@ -313,9 +313,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/mercury-config $ kubectl get nodes NAME STATUS ROLES AGE VERSION -node1.example.com Ready 10m v1.30.3 -node2.example.com Ready 10m v1.30.3 -node3.example.com Ready 10m v1.30.3 +node1.example.com Ready 10m v1.30.4 +node2.example.com Ready 10m v1.30.4 +node3.example.com Ready 10m v1.30.4 ``` List the pods. diff --git a/docs/fedora-coreos/digitalocean.md b/docs/fedora-coreos/digitalocean.md index 3605c925..d186a6bf 100644 --- a/docs/fedora-coreos/digitalocean.md +++ b/docs/fedora-coreos/digitalocean.md @@ -1,6 +1,6 @@ # DigitalOcean -In this tutorial, we'll create a Kubernetes v1.30.3 cluster on DigitalOcean with Fedora CoreOS. +In this tutorial, we'll create a Kubernetes v1.30.4 cluster on DigitalOcean with Fedora CoreOS. We'll declare a Kubernetes cluster using the Typhoon Terraform module. Then apply the changes to create controller droplets, worker droplets, DNS records, tags, and TLS assets. @@ -81,7 +81,7 @@ Define a Kubernetes cluster using the module `digital-ocean/fedora-coreos/kubern ```tf module "nemo" { - source = "git::https://github.com/poseidon/typhoon//digital-ocean/fedora-coreos/kubernetes?ref=v1.30.3" + source = "git::https://github.com/poseidon/typhoon//digital-ocean/fedora-coreos/kubernetes?ref=v1.30.4" # Digital Ocean cluster_name = "nemo" @@ -155,9 +155,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/nemo-config $ kubectl get nodes NAME STATUS ROLES AGE VERSION -10.132.110.130 Ready 10m v1.30.3 -10.132.115.81 Ready 10m v1.30.3 -10.132.124.107 Ready 10m v1.30.3 +10.132.110.130 Ready 10m v1.30.4 +10.132.115.81 Ready 10m v1.30.4 +10.132.124.107 Ready 10m v1.30.4 ``` List the pods. diff --git a/docs/fedora-coreos/google-cloud.md b/docs/fedora-coreos/google-cloud.md index 17b0dd81..2dabe4b8 100644 --- a/docs/fedora-coreos/google-cloud.md +++ b/docs/fedora-coreos/google-cloud.md @@ -1,6 +1,6 @@ # Google Cloud -In this tutorial, we'll create a Kubernetes v1.30.3 cluster on Google Compute Engine with Fedora CoreOS. +In this tutorial, we'll create a Kubernetes v1.30.4 cluster on Google Compute Engine with Fedora CoreOS. We'll declare a Kubernetes cluster using the Typhoon Terraform module. Then apply the changes to create a network, firewall rules, health checks, controller instances, worker managed instance group, load balancers, and TLS assets. @@ -73,7 +73,7 @@ Define a Kubernetes cluster using the module `google-cloud/fedora-coreos/kuberne ```tf module "yavin" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.30.3" + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.30.4" # Google Cloud cluster_name = "yavin" @@ -147,9 +147,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/yavin-config $ kubectl get nodes NAME ROLES STATUS AGE VERSION -yavin-controller-0.c.example-com.internal Ready 6m v1.30.3 -yavin-worker-jrbf.c.example-com.internal Ready 5m v1.30.3 -yavin-worker-mzdm.c.example-com.internal Ready 5m v1.30.3 +yavin-controller-0.c.example-com.internal Ready 6m v1.30.4 +yavin-worker-jrbf.c.example-com.internal Ready 5m v1.30.4 +yavin-worker-mzdm.c.example-com.internal Ready 5m v1.30.4 ``` List the pods. diff --git a/docs/flatcar-linux/aws.md b/docs/flatcar-linux/aws.md index f62594da..a8fc73cc 100644 --- a/docs/flatcar-linux/aws.md +++ b/docs/flatcar-linux/aws.md @@ -1,6 +1,6 @@ # AWS -In this tutorial, we'll create a Kubernetes v1.30.3 cluster on AWS with Flatcar Linux. +In this tutorial, we'll create a Kubernetes v1.30.4 cluster on AWS with Flatcar Linux. We'll declare a Kubernetes cluster using the Typhoon Terraform module. Then apply the changes to create a VPC, gateway, subnets, security groups, controller instances, worker auto-scaling group, network load balancer, and TLS assets. @@ -72,7 +72,7 @@ Define a Kubernetes cluster using the module `aws/flatcar-linux/kubernetes`. ```tf module "tempest" { - source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes?ref=v1.30.3" + source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes?ref=v1.30.4" # AWS cluster_name = "tempest" @@ -145,9 +145,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/tempest-config $ kubectl get nodes NAME STATUS ROLES AGE VERSION -ip-10-0-3-155 Ready 10m v1.30.3 -ip-10-0-26-65 Ready 10m v1.30.3 -ip-10-0-41-21 Ready 10m v1.30.3 +ip-10-0-3-155 Ready 10m v1.30.4 +ip-10-0-26-65 Ready 10m v1.30.4 +ip-10-0-41-21 Ready 10m v1.30.4 ``` List the pods. diff --git a/docs/flatcar-linux/azure.md b/docs/flatcar-linux/azure.md index 85f519ff..dbf4ffdc 100644 --- a/docs/flatcar-linux/azure.md +++ b/docs/flatcar-linux/azure.md @@ -1,6 +1,6 @@ # Azure -In this tutorial, we'll create a Kubernetes v1.30.3 cluster on Azure with Flatcar Linux. +In this tutorial, we'll create a Kubernetes v1.30.4 cluster on Azure with Flatcar Linux. We'll declare a Kubernetes cluster using the Typhoon Terraform module. Then apply the changes to create a resource group, virtual network, subnets, security groups, controller availability set, worker scale set, load balancer, and TLS assets. @@ -75,7 +75,7 @@ Define a Kubernetes cluster using the module `azure/flatcar-linux/kubernetes`. ```tf module "ramius" { - source = "git::https://github.com/poseidon/typhoon//azure/flatcar-linux/kubernetes?ref=v1.30.3" + source = "git::https://github.com/poseidon/typhoon//azure/flatcar-linux/kubernetes?ref=v1.30.4" # Azure cluster_name = "ramius" @@ -151,9 +151,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/ramius-config $ kubectl get nodes NAME STATUS ROLES AGE VERSION -ramius-controller-0 Ready 24m v1.30.3 -ramius-worker-000001 Ready 25m v1.30.3 -ramius-worker-000002 Ready 24m v1.30.3 +ramius-controller-0 Ready 24m v1.30.4 +ramius-worker-000001 Ready 25m v1.30.4 +ramius-worker-000002 Ready 24m v1.30.4 ``` List the pods. diff --git a/docs/flatcar-linux/bare-metal.md b/docs/flatcar-linux/bare-metal.md index 470d655c..c9b40377 100644 --- a/docs/flatcar-linux/bare-metal.md +++ b/docs/flatcar-linux/bare-metal.md @@ -1,6 +1,6 @@ # Bare-Metal -In this tutorial, we'll network boot and provision a Kubernetes v1.30.3 cluster on bare-metal with Flatcar Linux. +In this tutorial, we'll network boot and provision a Kubernetes v1.30.4 cluster on bare-metal with Flatcar Linux. First, we'll deploy a [Matchbox](https://github.com/poseidon/matchbox) service and setup a network boot environment. Then, we'll declare a Kubernetes cluster using the Typhoon Terraform module and power on machines. On PXE boot, machines will install Container Linux to disk, reboot into the disk install, and provision themselves as Kubernetes controllers or workers via Ignition. @@ -154,7 +154,7 @@ Define a Kubernetes cluster using the module `bare-metal/flatcar-linux/kubernete ```tf module "mercury" { - source = "git::https://github.com/poseidon/typhoon//bare-metal/flatcar-linux/kubernetes?ref=v1.30.3" + source = "git::https://github.com/poseidon/typhoon//bare-metal/flatcar-linux/kubernetes?ref=v1.30.4" # bare-metal cluster_name = "mercury" @@ -194,7 +194,7 @@ Workers with similar features can be defined inline using the `workers` field as ```tf module "mercury-node1" { - source = "git::https://github.com/poseidon/typhoon//bare-metal/fedora-coreos/kubernetes/worker?ref=v1.30.3" + source = "git::https://github.com/poseidon/typhoon//bare-metal/fedora-coreos/kubernetes/worker?ref=v1.30.4" # bare-metal cluster_name = "mercury" @@ -323,9 +323,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/mercury-config $ kubectl get nodes NAME STATUS ROLES AGE VERSION -node1.example.com Ready 10m v1.30.3 -node2.example.com Ready 10m v1.30.3 -node3.example.com Ready 10m v1.30.3 +node1.example.com Ready 10m v1.30.4 +node2.example.com Ready 10m v1.30.4 +node3.example.com Ready 10m v1.30.4 ``` List the pods. diff --git a/docs/flatcar-linux/digitalocean.md b/docs/flatcar-linux/digitalocean.md index 7d969e5a..81049be7 100644 --- a/docs/flatcar-linux/digitalocean.md +++ b/docs/flatcar-linux/digitalocean.md @@ -1,6 +1,6 @@ # DigitalOcean -In this tutorial, we'll create a Kubernetes v1.30.3 cluster on DigitalOcean with Flatcar Linux. +In this tutorial, we'll create a Kubernetes v1.30.4 cluster on DigitalOcean with Flatcar Linux. We'll declare a Kubernetes cluster using the Typhoon Terraform module. Then apply the changes to create controller droplets, worker droplets, DNS records, tags, and TLS assets. @@ -81,7 +81,7 @@ Define a Kubernetes cluster using the module `digital-ocean/flatcar-linux/kubern ```tf module "nemo" { - source = "git::https://github.com/poseidon/typhoon//digital-ocean/flatcar-linux/kubernetes?ref=v1.30.3" + source = "git::https://github.com/poseidon/typhoon//digital-ocean/flatcar-linux/kubernetes?ref=v1.30.4" # Digital Ocean cluster_name = "nemo" @@ -155,9 +155,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/nemo-config $ kubectl get nodes NAME STATUS ROLES AGE VERSION -10.132.110.130 Ready 10m v1.30.3 -10.132.115.81 Ready 10m v1.30.3 -10.132.124.107 Ready 10m v1.30.3 +10.132.110.130 Ready 10m v1.30.4 +10.132.115.81 Ready 10m v1.30.4 +10.132.124.107 Ready 10m v1.30.4 ``` List the pods. diff --git a/docs/flatcar-linux/google-cloud.md b/docs/flatcar-linux/google-cloud.md index 3e7379b7..bb337b82 100644 --- a/docs/flatcar-linux/google-cloud.md +++ b/docs/flatcar-linux/google-cloud.md @@ -1,6 +1,6 @@ # Google Cloud -In this tutorial, we'll create a Kubernetes v1.30.3 cluster on Google Compute Engine with Flatcar Linux. +In this tutorial, we'll create a Kubernetes v1.30.4 cluster on Google Compute Engine with Flatcar Linux. We'll declare a Kubernetes cluster using the Typhoon Terraform module. Then apply the changes to create a network, firewall rules, health checks, controller instances, worker managed instance group, load balancers, and TLS assets. @@ -73,7 +73,7 @@ Define a Kubernetes cluster using the module `google-cloud/flatcar-linux/kuberne ```tf module "yavin" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/flatcar-linux/kubernetes?ref=v1.30.3" + source = "git::https://github.com/poseidon/typhoon//google-cloud/flatcar-linux/kubernetes?ref=v1.30.4" # Google Cloud cluster_name = "yavin" @@ -147,9 +147,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/yavin-config $ kubectl get nodes NAME ROLES STATUS AGE VERSION -yavin-controller-0.c.example-com.internal Ready 6m v1.30.3 -yavin-worker-jrbf.c.example-com.internal Ready 5m v1.30.3 -yavin-worker-mzdm.c.example-com.internal Ready 5m v1.30.3 +yavin-controller-0.c.example-com.internal Ready 6m v1.30.4 +yavin-worker-jrbf.c.example-com.internal Ready 5m v1.30.4 +yavin-worker-mzdm.c.example-com.internal Ready 5m v1.30.4 ``` List the pods. diff --git a/docs/index.md b/docs/index.md index c18f0021..2e041e9d 100644 --- a/docs/index.md +++ b/docs/index.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.30.3 (upstream) +* Kubernetes v1.30.4 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/), SELinux enforcing * Advanced features like [worker pools](advanced/worker-pools/), [preemptible](fedora-coreos/google-cloud/#preemption) workers, and [snippets](advanced/customization/#hosts) customization @@ -70,7 +70,7 @@ Define a Kubernetes cluster by using the Terraform module for your chosen platfo ```tf module "yavin" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.30.3" + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.30.4" # Google Cloud cluster_name = "yavin" @@ -108,9 +108,9 @@ In 4-8 minutes (varies by platform), the cluster will be ready. This Google Clou $ export KUBECONFIG=/home/user/.kube/configs/yavin-config $ kubectl get nodes NAME ROLES STATUS AGE VERSION -yavin-controller-0.c.example-com.internal Ready 6m v1.30.3 -yavin-worker-jrbf.c.example-com.internal Ready 5m v1.30.3 -yavin-worker-mzdm.c.example-com.internal Ready 5m v1.30.3 +yavin-controller-0.c.example-com.internal Ready 6m v1.30.4 +yavin-worker-jrbf.c.example-com.internal Ready 5m v1.30.4 +yavin-worker-mzdm.c.example-com.internal Ready 5m v1.30.4 ``` List the pods. diff --git a/docs/topics/maintenance.md b/docs/topics/maintenance.md index c7fc3b23..0a298ef0 100644 --- a/docs/topics/maintenance.md +++ b/docs/topics/maintenance.md @@ -13,12 +13,12 @@ Typhoon provides tagged releases to allow clusters to be versioned using ordinar ``` module "yavin" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.30.3" + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.30.4" ... } module "mercury" { - source = "git::https://github.com/poseidon/typhoon//bare-metal/flatcar-linux/kubernetes?ref=v1.30.3" + source = "git::https://github.com/poseidon/typhoon//bare-metal/flatcar-linux/kubernetes?ref=v1.30.4" ... } ``` @@ -192,7 +192,7 @@ Applying edits to most worker fields will start an instance refresh: However, changing `os_stream`/`os_channel` or new AMIs becoming available will NOT change the launch configuration or trigger an Instance Refresh. This allows Fedora CoreOS or Flatcar Linux to auto-update themselves via reboots and avoids unexpected terraform diffs for new AMIs. !!! note - Before Typhoon v1.30.3, worker nodes only used new launch configurations when replaced manually (or due to failure). If you must change node configuration manually, it's still possible. Create a new [worker pool](../advanced/worker-pools.md), then scale down the old worker pool as desired. + Before Typhoon v1.30.4, worker nodes only used new launch configurations when replaced manually (or due to failure). If you must change node configuration manually, it's still possible. Create a new [worker pool](../advanced/worker-pools.md), then scale down the old worker pool as desired. ### Google Cloud @@ -233,7 +233,7 @@ Applying edits to most worker fields will start an instance refresh: However, changing `os_stream`/`os_channel` or new compute images becoming available will NOT change the launch template or update instances. This allows Fedora CoreOS or Flatcar Linux to auto-update themselves via reboots and avoids unexpected terraform diffs for new AMIs. !!! note - Before Typhoon v1.30.3, worker nodes only used new launch templates when replaced manually (or due to failure). If you must change node configuration manually, it's still possible. Create a new [worker pool](../advanced/worker-pools.md), then scale down the old worker pool as desired. + Before Typhoon v1.30.4, worker nodes only used new launch templates when replaced manually (or due to failure). If you must change node configuration manually, it's still possible. Create a new [worker pool](../advanced/worker-pools.md), then scale down the old worker pool as desired. ## Upgrade poseidon/ct diff --git a/google-cloud/fedora-coreos/kubernetes/README.md b/google-cloud/fedora-coreos/kubernetes/README.md index 4dff7178..32eb1cc0 100644 --- a/google-cloud/fedora-coreos/kubernetes/README.md +++ b/google-cloud/fedora-coreos/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.30.3 (upstream) +* Kubernetes v1.30.4 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/), SELinux enforcing * Advanced features like [worker pools](https://typhoon.psdn.io/advanced/worker-pools/), [preemptible](https://typhoon.psdn.io/fedora-coreos/google-cloud/#preemption) workers, and [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/google-cloud/fedora-coreos/kubernetes/bootstrap.tf b/google-cloud/fedora-coreos/kubernetes/bootstrap.tf index e1fbfb63..76df75d9 100644 --- a/google-cloud/fedora-coreos/kubernetes/bootstrap.tf +++ b/google-cloud/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=66d8fe3a4dab14c9459ca9e1f3ebc6f047d86277" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=8b6a3a4c0dacdc4c2eee22aa302ba5d49fc688ac" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/google-cloud/fedora-coreos/kubernetes/butane/controller.yaml b/google-cloud/fedora-coreos/kubernetes/butane/controller.yaml index db632f53..eeb8dfa1 100644 --- a/google-cloud/fedora-coreos/kubernetes/butane/controller.yaml +++ b/google-cloud/fedora-coreos/kubernetes/butane/controller.yaml @@ -54,7 +54,7 @@ systemd: Description=Kubelet (System Container) Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.3 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.4 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin @@ -111,7 +111,7 @@ systemd: --volume /opt/bootstrap/assets:/assets:ro,Z \ --volume /opt/bootstrap/apply:/apply:ro,Z \ --entrypoint=/apply \ - quay.io/poseidon/kubelet:v1.30.3 + quay.io/poseidon/kubelet:v1.30.4 ExecStartPost=/bin/touch /opt/bootstrap/bootstrap.done ExecStartPost=-/usr/bin/podman stop bootstrap storage: diff --git a/google-cloud/fedora-coreos/kubernetes/workers/butane/worker.yaml b/google-cloud/fedora-coreos/kubernetes/workers/butane/worker.yaml index 82c2bb58..7eb2f714 100644 --- a/google-cloud/fedora-coreos/kubernetes/workers/butane/worker.yaml +++ b/google-cloud/fedora-coreos/kubernetes/workers/butane/worker.yaml @@ -26,7 +26,7 @@ systemd: Description=Kubelet (System Container) Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.3 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.4 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin diff --git a/google-cloud/flatcar-linux/kubernetes/README.md b/google-cloud/flatcar-linux/kubernetes/README.md index 485ba132..ab1a2d26 100644 --- a/google-cloud/flatcar-linux/kubernetes/README.md +++ b/google-cloud/flatcar-linux/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.30.3 (upstream) +* Kubernetes v1.30.4 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/) * Advanced features like [worker pools](https://typhoon.psdn.io/advanced/worker-pools/), [preemptible](https://typhoon.psdn.io/flatcar-linux/google-cloud/#preemption) workers, and [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/google-cloud/flatcar-linux/kubernetes/bootstrap.tf b/google-cloud/flatcar-linux/kubernetes/bootstrap.tf index e1fbfb63..76df75d9 100644 --- a/google-cloud/flatcar-linux/kubernetes/bootstrap.tf +++ b/google-cloud/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=66d8fe3a4dab14c9459ca9e1f3ebc6f047d86277" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=8b6a3a4c0dacdc4c2eee22aa302ba5d49fc688ac" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/google-cloud/flatcar-linux/kubernetes/butane/controller.yaml b/google-cloud/flatcar-linux/kubernetes/butane/controller.yaml index 3cc96f16..b242f4b2 100644 --- a/google-cloud/flatcar-linux/kubernetes/butane/controller.yaml +++ b/google-cloud/flatcar-linux/kubernetes/butane/controller.yaml @@ -56,7 +56,7 @@ systemd: After=docker.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.3 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.4 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin @@ -105,7 +105,7 @@ systemd: Type=oneshot RemainAfterExit=true WorkingDirectory=/opt/bootstrap - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.3 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.4 ExecStart=/usr/bin/docker run \ -v /etc/kubernetes/pki:/etc/kubernetes/pki:ro \ -v /opt/bootstrap/assets:/assets:ro \ diff --git a/google-cloud/flatcar-linux/kubernetes/workers/butane/worker.yaml b/google-cloud/flatcar-linux/kubernetes/workers/butane/worker.yaml index 9eefbcf3..315e3250 100644 --- a/google-cloud/flatcar-linux/kubernetes/workers/butane/worker.yaml +++ b/google-cloud/flatcar-linux/kubernetes/workers/butane/worker.yaml @@ -28,7 +28,7 @@ systemd: After=docker.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.3 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.4 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin From d79f94f4f52fea373d9b06e321208838271db83d Mon Sep 17 00:00:00 2001 From: "dghubble-renovate[bot]" <119624128+dghubble-renovate[bot]@users.noreply.github.com> Date: Wed, 14 Aug 2024 10:20:44 +0000 Subject: [PATCH 091/132] Bump quay.io/cilium/operator-generic image from v1.16.0 to v1.16.1 --- addons/cilium/deployment.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/addons/cilium/deployment.tf b/addons/cilium/deployment.tf index 484b2a08..364931f5 100644 --- a/addons/cilium/deployment.tf +++ b/addons/cilium/deployment.tf @@ -58,7 +58,7 @@ resource "kubernetes_deployment" "operator" { enable_service_links = false container { name = "cilium-operator" - image = "quay.io/cilium/operator-generic:v1.16.0" + image = "quay.io/cilium/operator-generic:v1.16.1" command = ["cilium-operator-generic"] args = [ "--config-dir=/tmp/cilium/config-map", From 1cb49e12671a1eb626438d36e2a51c2fd4635bc8 Mon Sep 17 00:00:00 2001 From: "dghubble-renovate[bot]" <119624128+dghubble-renovate[bot]@users.noreply.github.com> Date: Wed, 14 Aug 2024 10:20:40 +0000 Subject: [PATCH 092/132] Bump quay.io/cilium/cilium image from v1.16.0 to v1.16.1 --- addons/cilium/daemonset.tf | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/addons/cilium/daemonset.tf b/addons/cilium/daemonset.tf index 7e75bf8b..1d5ec15f 100644 --- a/addons/cilium/daemonset.tf +++ b/addons/cilium/daemonset.tf @@ -61,7 +61,7 @@ resource "kubernetes_daemonset" "cilium" { # https://github.com/cilium/cilium/pull/24075 init_container { name = "install-cni" - image = "quay.io/cilium/cilium:v1.16.0" + image = "quay.io/cilium/cilium:v1.16.1" command = ["/install-plugin.sh"] security_context { allow_privilege_escalation = true @@ -80,7 +80,7 @@ resource "kubernetes_daemonset" "cilium" { # We use nsenter command with host's cgroup and mount namespaces enabled. init_container { name = "mount-cgroup" - image = "quay.io/cilium/cilium:v1.16.0" + image = "quay.io/cilium/cilium:v1.16.1" command = [ "sh", "-ec", @@ -115,7 +115,7 @@ resource "kubernetes_daemonset" "cilium" { init_container { name = "clean-cilium-state" - image = "quay.io/cilium/cilium:v1.16.0" + image = "quay.io/cilium/cilium:v1.16.1" command = ["/init-container.sh"] security_context { allow_privilege_escalation = true @@ -139,7 +139,7 @@ resource "kubernetes_daemonset" "cilium" { container { name = "cilium-agent" - image = "quay.io/cilium/cilium:v1.16.0" + image = "quay.io/cilium/cilium:v1.16.1" command = ["cilium-agent"] args = [ "--config-dir=/tmp/cilium/config-map" From 10be34daa2463b59f179e95c8d2226b05796c275 Mon Sep 17 00:00:00 2001 From: Dalton Hubble Date: Sat, 17 Aug 2024 08:05:54 -0700 Subject: [PATCH 093/132] Update Kubernetes from v1.30.4 to v1.31.0 * https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.31.md#v1310 --- CHANGES.md | 4 +++ README.md | 10 +++---- aws/fedora-coreos/kubernetes/README.md | 2 +- aws/fedora-coreos/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/workers/butane/worker.yaml | 2 +- aws/flatcar-linux/kubernetes/README.md | 2 +- aws/flatcar-linux/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/workers/butane/worker.yaml | 2 +- azure/fedora-coreos/kubernetes/README.md | 2 +- azure/fedora-coreos/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/workers/butane/worker.yaml | 2 +- azure/flatcar-linux/kubernetes/README.md | 2 +- azure/flatcar-linux/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/workers/butane/worker.yaml | 2 +- bare-metal/fedora-coreos/kubernetes/README.md | 2 +- .../fedora-coreos/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/worker/butane/worker.yaml | 2 +- bare-metal/flatcar-linux/kubernetes/README.md | 2 +- .../flatcar-linux/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/worker/butane/worker.yaml | 2 +- .../fedora-coreos/kubernetes/README.md | 2 +- .../fedora-coreos/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/butane/worker.yaml | 2 +- .../flatcar-linux/kubernetes/README.md | 2 +- .../flatcar-linux/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/butane/worker.yaml | 2 +- docs/advanced/arm64.md | 28 +++++++++---------- docs/advanced/nodes.md | 8 +++--- docs/advanced/worker-pools.md | 22 +++++++-------- docs/fedora-coreos/aws.md | 10 +++---- docs/fedora-coreos/azure.md | 10 +++---- docs/fedora-coreos/bare-metal.md | 12 ++++---- docs/fedora-coreos/digitalocean.md | 10 +++---- docs/fedora-coreos/google-cloud.md | 10 +++---- docs/flatcar-linux/aws.md | 10 +++---- docs/flatcar-linux/azure.md | 10 +++---- docs/flatcar-linux/bare-metal.md | 12 ++++---- docs/flatcar-linux/digitalocean.md | 10 +++---- docs/flatcar-linux/google-cloud.md | 10 +++---- docs/index.md | 10 +++---- docs/topics/maintenance.md | 8 +++--- .../fedora-coreos/kubernetes/README.md | 2 +- .../fedora-coreos/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/workers/butane/worker.yaml | 2 +- .../flatcar-linux/kubernetes/README.md | 2 +- .../flatcar-linux/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/workers/butane/worker.yaml | 2 +- 57 files changed, 149 insertions(+), 145 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index 8e2d9745..8e0ce5bb 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -4,6 +4,10 @@ Notable changes between versions. ## Latest +## v1.31.0 + +* Kubernetes [v1.31.0](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.31.md#v1310) + ## v1.30.4 * Kubernetes [v1.30.4](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.30.md#v1304) diff --git a/README.md b/README.md index 5f997307..5712aff1 100644 --- a/README.md +++ b/README.md @@ -18,7 +18,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.30.4 (upstream) +* Kubernetes v1.31.0 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/), SELinux enforcing * Advanced features like [worker pools](https://typhoon.psdn.io/advanced/worker-pools/), [preemptible](https://typhoon.psdn.io/flatcar-linux/google-cloud/#preemption) workers, and [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization @@ -78,7 +78,7 @@ Define a Kubernetes cluster by using the Terraform module for your chosen platfo ```tf module "yavin" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.30.4" + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.31.0" # Google Cloud cluster_name = "yavin" @@ -117,9 +117,9 @@ In 4-8 minutes (varies by platform), the cluster will be ready. This Google Clou $ export KUBECONFIG=/home/user/.kube/configs/yavin-config $ kubectl get nodes NAME ROLES STATUS AGE VERSION -yavin-controller-0.c.example-com.internal Ready 6m v1.30.4 -yavin-worker-jrbf.c.example-com.internal Ready 5m v1.30.4 -yavin-worker-mzdm.c.example-com.internal Ready 5m v1.30.4 +yavin-controller-0.c.example-com.internal Ready 6m v1.31.0 +yavin-worker-jrbf.c.example-com.internal Ready 5m v1.31.0 +yavin-worker-mzdm.c.example-com.internal Ready 5m v1.31.0 ``` List the pods. diff --git a/aws/fedora-coreos/kubernetes/README.md b/aws/fedora-coreos/kubernetes/README.md index 462713bf..3426cfb7 100644 --- a/aws/fedora-coreos/kubernetes/README.md +++ b/aws/fedora-coreos/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.30.4 (upstream) +* Kubernetes v1.31.0 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/), SELinux enforcing * Advanced features like [worker pools](https://typhoon.psdn.io/advanced/worker-pools/), [spot](https://typhoon.psdn.io/fedora-coreos/aws/#spot) workers, and [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/aws/fedora-coreos/kubernetes/bootstrap.tf b/aws/fedora-coreos/kubernetes/bootstrap.tf index ff4635ae..de2ab58a 100644 --- a/aws/fedora-coreos/kubernetes/bootstrap.tf +++ b/aws/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=8b6a3a4c0dacdc4c2eee22aa302ba5d49fc688ac" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=7e8551750c774e8715a02f3902be26a30042cdfd" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/aws/fedora-coreos/kubernetes/butane/controller.yaml b/aws/fedora-coreos/kubernetes/butane/controller.yaml index a3cf5a9b..9b24ebda 100644 --- a/aws/fedora-coreos/kubernetes/butane/controller.yaml +++ b/aws/fedora-coreos/kubernetes/butane/controller.yaml @@ -57,7 +57,7 @@ systemd: After=afterburn.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.4 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.0 EnvironmentFile=/run/metadata/afterburn ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests @@ -116,7 +116,7 @@ systemd: --volume /opt/bootstrap/assets:/assets:ro,Z \ --volume /opt/bootstrap/apply:/apply:ro,Z \ --entrypoint=/apply \ - quay.io/poseidon/kubelet:v1.30.4 + quay.io/poseidon/kubelet:v1.31.0 ExecStartPost=/bin/touch /opt/bootstrap/bootstrap.done ExecStartPost=-/usr/bin/podman stop bootstrap storage: diff --git a/aws/fedora-coreos/kubernetes/workers/butane/worker.yaml b/aws/fedora-coreos/kubernetes/workers/butane/worker.yaml index 36705461..d4952cd9 100644 --- a/aws/fedora-coreos/kubernetes/workers/butane/worker.yaml +++ b/aws/fedora-coreos/kubernetes/workers/butane/worker.yaml @@ -29,7 +29,7 @@ systemd: After=afterburn.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.4 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.0 EnvironmentFile=/run/metadata/afterburn ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests diff --git a/aws/flatcar-linux/kubernetes/README.md b/aws/flatcar-linux/kubernetes/README.md index 974d0f39..0485610c 100644 --- a/aws/flatcar-linux/kubernetes/README.md +++ b/aws/flatcar-linux/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.30.4 (upstream) +* Kubernetes v1.31.0 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/) * Advanced features like [worker pools](https://typhoon.psdn.io/advanced/worker-pools/), [spot](https://typhoon.psdn.io/flatcar-linux/aws/#spot) workers, and [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/aws/flatcar-linux/kubernetes/bootstrap.tf b/aws/flatcar-linux/kubernetes/bootstrap.tf index ff4635ae..de2ab58a 100644 --- a/aws/flatcar-linux/kubernetes/bootstrap.tf +++ b/aws/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=8b6a3a4c0dacdc4c2eee22aa302ba5d49fc688ac" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=7e8551750c774e8715a02f3902be26a30042cdfd" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/aws/flatcar-linux/kubernetes/butane/controller.yaml b/aws/flatcar-linux/kubernetes/butane/controller.yaml index 24219559..758fe9ff 100644 --- a/aws/flatcar-linux/kubernetes/butane/controller.yaml +++ b/aws/flatcar-linux/kubernetes/butane/controller.yaml @@ -58,7 +58,7 @@ systemd: After=coreos-metadata.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.4 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.0 EnvironmentFile=/run/metadata/coreos ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests @@ -109,7 +109,7 @@ systemd: Type=oneshot RemainAfterExit=true WorkingDirectory=/opt/bootstrap - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.4 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.0 ExecStart=/usr/bin/docker run \ -v /etc/kubernetes/pki:/etc/kubernetes/pki:ro \ -v /opt/bootstrap/assets:/assets:ro \ diff --git a/aws/flatcar-linux/kubernetes/workers/butane/worker.yaml b/aws/flatcar-linux/kubernetes/workers/butane/worker.yaml index 91a9f19d..00e65d1f 100644 --- a/aws/flatcar-linux/kubernetes/workers/butane/worker.yaml +++ b/aws/flatcar-linux/kubernetes/workers/butane/worker.yaml @@ -30,7 +30,7 @@ systemd: After=coreos-metadata.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.4 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.0 EnvironmentFile=/run/metadata/coreos ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests diff --git a/azure/fedora-coreos/kubernetes/README.md b/azure/fedora-coreos/kubernetes/README.md index ededacf8..52351dfd 100644 --- a/azure/fedora-coreos/kubernetes/README.md +++ b/azure/fedora-coreos/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.30.4 (upstream) +* Kubernetes v1.31.0 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/), SELinux enforcing * Advanced features like [worker pools](https://typhoon.psdn.io/advanced/worker-pools/), [spot priority](https://typhoon.psdn.io/fedora-coreos/azure/#low-priority) workers, and [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/azure/fedora-coreos/kubernetes/bootstrap.tf b/azure/fedora-coreos/kubernetes/bootstrap.tf index 94e3234e..5cd768c6 100644 --- a/azure/fedora-coreos/kubernetes/bootstrap.tf +++ b/azure/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=8b6a3a4c0dacdc4c2eee22aa302ba5d49fc688ac" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=7e8551750c774e8715a02f3902be26a30042cdfd" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/azure/fedora-coreos/kubernetes/butane/controller.yaml b/azure/fedora-coreos/kubernetes/butane/controller.yaml index b961e03f..6b754ba9 100644 --- a/azure/fedora-coreos/kubernetes/butane/controller.yaml +++ b/azure/fedora-coreos/kubernetes/butane/controller.yaml @@ -54,7 +54,7 @@ systemd: Description=Kubelet (System Container) Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.4 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.0 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin @@ -111,7 +111,7 @@ systemd: --volume /opt/bootstrap/assets:/assets:ro,Z \ --volume /opt/bootstrap/apply:/apply:ro,Z \ --entrypoint=/apply \ - quay.io/poseidon/kubelet:v1.30.4 + quay.io/poseidon/kubelet:v1.31.0 ExecStartPost=/bin/touch /opt/bootstrap/bootstrap.done ExecStartPost=-/usr/bin/podman stop bootstrap storage: diff --git a/azure/fedora-coreos/kubernetes/workers/butane/worker.yaml b/azure/fedora-coreos/kubernetes/workers/butane/worker.yaml index 8236e15c..0164c2a8 100644 --- a/azure/fedora-coreos/kubernetes/workers/butane/worker.yaml +++ b/azure/fedora-coreos/kubernetes/workers/butane/worker.yaml @@ -26,7 +26,7 @@ systemd: Description=Kubelet (System Container) Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.4 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.0 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin diff --git a/azure/flatcar-linux/kubernetes/README.md b/azure/flatcar-linux/kubernetes/README.md index 48967751..d4ef3c5c 100644 --- a/azure/flatcar-linux/kubernetes/README.md +++ b/azure/flatcar-linux/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.30.4 (upstream) +* Kubernetes v1.31.0 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/) * Advanced features like [worker pools](https://typhoon.psdn.io/advanced/worker-pools/), [low-priority](https://typhoon.psdn.io/flatcar-linux/azure/#low-priority) workers, and [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/azure/flatcar-linux/kubernetes/bootstrap.tf b/azure/flatcar-linux/kubernetes/bootstrap.tf index 94e3234e..5cd768c6 100644 --- a/azure/flatcar-linux/kubernetes/bootstrap.tf +++ b/azure/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=8b6a3a4c0dacdc4c2eee22aa302ba5d49fc688ac" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=7e8551750c774e8715a02f3902be26a30042cdfd" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/azure/flatcar-linux/kubernetes/butane/controller.yaml b/azure/flatcar-linux/kubernetes/butane/controller.yaml index 555c844e..676337db 100644 --- a/azure/flatcar-linux/kubernetes/butane/controller.yaml +++ b/azure/flatcar-linux/kubernetes/butane/controller.yaml @@ -56,7 +56,7 @@ systemd: After=docker.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.4 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.0 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin @@ -105,7 +105,7 @@ systemd: Type=oneshot RemainAfterExit=true WorkingDirectory=/opt/bootstrap - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.4 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.0 ExecStart=/usr/bin/docker run \ -v /etc/kubernetes/pki:/etc/kubernetes/pki:ro \ -v /opt/bootstrap/assets:/assets:ro \ diff --git a/azure/flatcar-linux/kubernetes/workers/butane/worker.yaml b/azure/flatcar-linux/kubernetes/workers/butane/worker.yaml index 31411ab0..e701240b 100644 --- a/azure/flatcar-linux/kubernetes/workers/butane/worker.yaml +++ b/azure/flatcar-linux/kubernetes/workers/butane/worker.yaml @@ -28,7 +28,7 @@ systemd: After=docker.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.4 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.0 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin diff --git a/bare-metal/fedora-coreos/kubernetes/README.md b/bare-metal/fedora-coreos/kubernetes/README.md index 6f005343..25590992 100644 --- a/bare-metal/fedora-coreos/kubernetes/README.md +++ b/bare-metal/fedora-coreos/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.30.4 (upstream) +* Kubernetes v1.31.0 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/), SELinux enforcing * Advanced features like [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/bare-metal/fedora-coreos/kubernetes/bootstrap.tf b/bare-metal/fedora-coreos/kubernetes/bootstrap.tf index ce660b6c..9cea8417 100644 --- a/bare-metal/fedora-coreos/kubernetes/bootstrap.tf +++ b/bare-metal/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=8b6a3a4c0dacdc4c2eee22aa302ba5d49fc688ac" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=7e8551750c774e8715a02f3902be26a30042cdfd" cluster_name = var.cluster_name api_servers = [var.k8s_domain_name] diff --git a/bare-metal/fedora-coreos/kubernetes/butane/controller.yaml b/bare-metal/fedora-coreos/kubernetes/butane/controller.yaml index 8eab4332..ddb21b39 100644 --- a/bare-metal/fedora-coreos/kubernetes/butane/controller.yaml +++ b/bare-metal/fedora-coreos/kubernetes/butane/controller.yaml @@ -53,7 +53,7 @@ systemd: Description=Kubelet (System Container) Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.4 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.0 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin @@ -113,7 +113,7 @@ systemd: Type=oneshot RemainAfterExit=true WorkingDirectory=/opt/bootstrap - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.4 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.0 ExecStartPre=-/usr/bin/podman rm bootstrap ExecStart=/usr/bin/podman run --name bootstrap \ --network host \ diff --git a/bare-metal/fedora-coreos/kubernetes/worker/butane/worker.yaml b/bare-metal/fedora-coreos/kubernetes/worker/butane/worker.yaml index b3bef7d5..105d8da9 100644 --- a/bare-metal/fedora-coreos/kubernetes/worker/butane/worker.yaml +++ b/bare-metal/fedora-coreos/kubernetes/worker/butane/worker.yaml @@ -25,7 +25,7 @@ systemd: Description=Kubelet (System Container) Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.4 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.0 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin diff --git a/bare-metal/flatcar-linux/kubernetes/README.md b/bare-metal/flatcar-linux/kubernetes/README.md index ccc9d9b0..4b178b22 100644 --- a/bare-metal/flatcar-linux/kubernetes/README.md +++ b/bare-metal/flatcar-linux/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.30.4 (upstream) +* Kubernetes v1.31.0 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/) * Advanced features like [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/bare-metal/flatcar-linux/kubernetes/bootstrap.tf b/bare-metal/flatcar-linux/kubernetes/bootstrap.tf index 6489671b..7e36f1d4 100644 --- a/bare-metal/flatcar-linux/kubernetes/bootstrap.tf +++ b/bare-metal/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=8b6a3a4c0dacdc4c2eee22aa302ba5d49fc688ac" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=7e8551750c774e8715a02f3902be26a30042cdfd" cluster_name = var.cluster_name api_servers = [var.k8s_domain_name] diff --git a/bare-metal/flatcar-linux/kubernetes/butane/controller.yaml b/bare-metal/flatcar-linux/kubernetes/butane/controller.yaml index f9ca6ef4..4801e11a 100644 --- a/bare-metal/flatcar-linux/kubernetes/butane/controller.yaml +++ b/bare-metal/flatcar-linux/kubernetes/butane/controller.yaml @@ -64,7 +64,7 @@ systemd: After=docker.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.4 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.0 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin @@ -114,7 +114,7 @@ systemd: Type=oneshot RemainAfterExit=true WorkingDirectory=/opt/bootstrap - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.4 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.0 ExecStart=/usr/bin/docker run \ -v /etc/kubernetes/pki:/etc/kubernetes/pki:ro \ -v /opt/bootstrap/assets:/assets:ro \ diff --git a/bare-metal/flatcar-linux/kubernetes/worker/butane/worker.yaml b/bare-metal/flatcar-linux/kubernetes/worker/butane/worker.yaml index 2dc8546e..1ae30dce 100644 --- a/bare-metal/flatcar-linux/kubernetes/worker/butane/worker.yaml +++ b/bare-metal/flatcar-linux/kubernetes/worker/butane/worker.yaml @@ -36,7 +36,7 @@ systemd: After=docker.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.4 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.0 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin diff --git a/digital-ocean/fedora-coreos/kubernetes/README.md b/digital-ocean/fedora-coreos/kubernetes/README.md index 96a93023..e10b5ae3 100644 --- a/digital-ocean/fedora-coreos/kubernetes/README.md +++ b/digital-ocean/fedora-coreos/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.30.4 (upstream) +* Kubernetes v1.31.0 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/), SELinux enforcing * Advanced features like [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/digital-ocean/fedora-coreos/kubernetes/bootstrap.tf b/digital-ocean/fedora-coreos/kubernetes/bootstrap.tf index 90fddf75..0b6ec91d 100644 --- a/digital-ocean/fedora-coreos/kubernetes/bootstrap.tf +++ b/digital-ocean/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=8b6a3a4c0dacdc4c2eee22aa302ba5d49fc688ac" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=7e8551750c774e8715a02f3902be26a30042cdfd" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/digital-ocean/fedora-coreos/kubernetes/butane/controller.yaml b/digital-ocean/fedora-coreos/kubernetes/butane/controller.yaml index 920e300b..6794618b 100644 --- a/digital-ocean/fedora-coreos/kubernetes/butane/controller.yaml +++ b/digital-ocean/fedora-coreos/kubernetes/butane/controller.yaml @@ -55,7 +55,7 @@ systemd: After=afterburn.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.4 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.0 EnvironmentFile=/run/metadata/afterburn ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests @@ -123,7 +123,7 @@ systemd: --volume /opt/bootstrap/assets:/assets:ro,Z \ --volume /opt/bootstrap/apply:/apply:ro,Z \ --entrypoint=/apply \ - quay.io/poseidon/kubelet:v1.30.4 + quay.io/poseidon/kubelet:v1.31.0 ExecStartPost=/bin/touch /opt/bootstrap/bootstrap.done ExecStartPost=-/usr/bin/podman stop bootstrap storage: diff --git a/digital-ocean/fedora-coreos/kubernetes/butane/worker.yaml b/digital-ocean/fedora-coreos/kubernetes/butane/worker.yaml index 83e93976..d233f86b 100644 --- a/digital-ocean/fedora-coreos/kubernetes/butane/worker.yaml +++ b/digital-ocean/fedora-coreos/kubernetes/butane/worker.yaml @@ -28,7 +28,7 @@ systemd: After=afterburn.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.4 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.0 EnvironmentFile=/run/metadata/afterburn ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests diff --git a/digital-ocean/flatcar-linux/kubernetes/README.md b/digital-ocean/flatcar-linux/kubernetes/README.md index cb9363fb..ea43fd7b 100644 --- a/digital-ocean/flatcar-linux/kubernetes/README.md +++ b/digital-ocean/flatcar-linux/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.30.4 (upstream) +* Kubernetes v1.31.0 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/) * Advanced features like [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/digital-ocean/flatcar-linux/kubernetes/bootstrap.tf b/digital-ocean/flatcar-linux/kubernetes/bootstrap.tf index 90fddf75..0b6ec91d 100644 --- a/digital-ocean/flatcar-linux/kubernetes/bootstrap.tf +++ b/digital-ocean/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=8b6a3a4c0dacdc4c2eee22aa302ba5d49fc688ac" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=7e8551750c774e8715a02f3902be26a30042cdfd" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/digital-ocean/flatcar-linux/kubernetes/butane/controller.yaml b/digital-ocean/flatcar-linux/kubernetes/butane/controller.yaml index 4e3f60b7..585fc230 100644 --- a/digital-ocean/flatcar-linux/kubernetes/butane/controller.yaml +++ b/digital-ocean/flatcar-linux/kubernetes/butane/controller.yaml @@ -66,7 +66,7 @@ systemd: After=coreos-metadata.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.4 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.0 EnvironmentFile=/run/metadata/coreos ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests @@ -117,7 +117,7 @@ systemd: Type=oneshot RemainAfterExit=true WorkingDirectory=/opt/bootstrap - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.4 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.0 ExecStart=/usr/bin/docker run \ -v /etc/kubernetes/pki:/etc/kubernetes/pki:ro \ -v /opt/bootstrap/assets:/assets:ro \ diff --git a/digital-ocean/flatcar-linux/kubernetes/butane/worker.yaml b/digital-ocean/flatcar-linux/kubernetes/butane/worker.yaml index fb4c965e..6fe75f38 100644 --- a/digital-ocean/flatcar-linux/kubernetes/butane/worker.yaml +++ b/digital-ocean/flatcar-linux/kubernetes/butane/worker.yaml @@ -38,7 +38,7 @@ systemd: After=coreos-metadata.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.4 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.0 EnvironmentFile=/run/metadata/coreos ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests diff --git a/docs/advanced/arm64.md b/docs/advanced/arm64.md index 3e829758..13ad3a5c 100644 --- a/docs/advanced/arm64.md +++ b/docs/advanced/arm64.md @@ -13,7 +13,7 @@ Create a cluster on AWS with ARM64 controller and worker nodes. Container worklo ```tf module "gravitas" { - source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes?ref=v1.30.4" + source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes?ref=v1.31.0" # AWS cluster_name = "gravitas" @@ -37,7 +37,7 @@ Create a cluster on AWS with ARM64 controller and worker nodes. Container worklo ```tf module "gravitas" { - source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes?ref=v1.30.4" + source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes?ref=v1.31.0" # AWS cluster_name = "gravitas" @@ -62,9 +62,9 @@ Verify the cluster has only arm64 (`aarch64`) nodes. For Flatcar Linux, describe ``` $ kubectl get nodes -o wide NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME -ip-10-0-21-119 Ready 77s v1.30.4 10.0.21.119 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.aarch64 containerd://1.5.8 -ip-10-0-32-166 Ready 80s v1.30.4 10.0.32.166 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.aarch64 containerd://1.5.8 -ip-10-0-5-79 Ready 77s v1.30.4 10.0.5.79 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.aarch64 containerd://1.5.8 +ip-10-0-21-119 Ready 77s v1.31.0 10.0.21.119 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.aarch64 containerd://1.5.8 +ip-10-0-32-166 Ready 80s v1.31.0 10.0.32.166 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.aarch64 containerd://1.5.8 +ip-10-0-5-79 Ready 77s v1.31.0 10.0.5.79 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.aarch64 containerd://1.5.8 ``` ## Azure @@ -73,7 +73,7 @@ Create a cluster on Azure with ARM64 controller and worker nodes. Container work ```tf module "ramius" { - source = "git::https://github.com/poseidon/typhoon//azure/flatcar-linux/kubernetes?ref=v1.30.4" + source = "git::https://github.com/poseidon/typhoon//azure/flatcar-linux/kubernetes?ref=v1.31.0" # Azure cluster_name = "ramius" @@ -103,7 +103,7 @@ Here's an AWS example, ```tf module "gravitas" { - source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes?ref=v1.30.4" + source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes?ref=v1.31.0" # AWS cluster_name = "gravitas" @@ -127,7 +127,7 @@ Here's an AWS example, ```tf module "gravitas" { - source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes?ref=v1.30.4" + source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes?ref=v1.31.0" # AWS cluster_name = "gravitas" @@ -151,7 +151,7 @@ Here's an AWS example, ```tf module "gravitas-arm64" { - source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes/workers?ref=v1.30.4" + source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes/workers?ref=v1.31.0" # AWS vpc_id = module.gravitas.vpc_id @@ -175,7 +175,7 @@ Here's an AWS example, ```tf module "gravitas-arm64" { - source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes/workers?ref=v1.30.4" + source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes/workers?ref=v1.31.0" # AWS vpc_id = module.gravitas.vpc_id @@ -200,9 +200,9 @@ Verify amd64 (x86_64) and arm64 (aarch64) nodes are present. ``` $ kubectl get nodes -o wide NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME -ip-10-0-1-73 Ready 111m v1.30.4 10.0.1.73 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.x86_64 containerd://1.5.8 -ip-10-0-22-79... Ready 111m v1.30.4 10.0.22.79 Flatcar Container Linux by Kinvolk 3033.2.0 (Oklo) 5.10.84-flatcar containerd://1.5.8 -ip-10-0-24-130 Ready 111m v1.30.4 10.0.24.130 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.x86_64 containerd://1.5.8 -ip-10-0-39-19 Ready 111m v1.30.4 10.0.39.19 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.x86_64 containerd://1.5.8 +ip-10-0-1-73 Ready 111m v1.31.0 10.0.1.73 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.x86_64 containerd://1.5.8 +ip-10-0-22-79... Ready 111m v1.31.0 10.0.22.79 Flatcar Container Linux by Kinvolk 3033.2.0 (Oklo) 5.10.84-flatcar containerd://1.5.8 +ip-10-0-24-130 Ready 111m v1.31.0 10.0.24.130 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.x86_64 containerd://1.5.8 +ip-10-0-39-19 Ready 111m v1.31.0 10.0.39.19 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.x86_64 containerd://1.5.8 ``` diff --git a/docs/advanced/nodes.md b/docs/advanced/nodes.md index 0a9d7738..834ad1eb 100644 --- a/docs/advanced/nodes.md +++ b/docs/advanced/nodes.md @@ -36,7 +36,7 @@ Add custom initial worker node labels to default workers or worker pool nodes to ```tf module "yavin" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.30.4" + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.31.0" # Google Cloud cluster_name = "yavin" @@ -57,7 +57,7 @@ Add custom initial worker node labels to default workers or worker pool nodes to ```tf module "yavin-pool" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes/workers?ref=v1.30.4" + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes/workers?ref=v1.31.0" # Google Cloud cluster_name = "yavin" @@ -89,7 +89,7 @@ Add custom initial taints on worker pool nodes to indicate a node is unique and ```tf module "yavin" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.30.4" + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.31.0" # Google Cloud cluster_name = "yavin" @@ -110,7 +110,7 @@ Add custom initial taints on worker pool nodes to indicate a node is unique and ```tf module "yavin-pool" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes/workers?ref=v1.30.4" + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes/workers?ref=v1.31.0" # Google Cloud cluster_name = "yavin" diff --git a/docs/advanced/worker-pools.md b/docs/advanced/worker-pools.md index 6bf3a3e4..04141c79 100644 --- a/docs/advanced/worker-pools.md +++ b/docs/advanced/worker-pools.md @@ -19,7 +19,7 @@ Create a cluster following the AWS [tutorial](../flatcar-linux/aws.md#cluster). ```tf module "tempest-worker-pool" { - source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes/workers?ref=v1.30.4" + source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes/workers?ref=v1.31.0" # AWS vpc_id = module.tempest.vpc_id @@ -42,7 +42,7 @@ Create a cluster following the AWS [tutorial](../flatcar-linux/aws.md#cluster). ```tf module "tempest-worker-pool" { - source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes/workers?ref=v1.30.4" + source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes/workers?ref=v1.31.0" # AWS vpc_id = module.tempest.vpc_id @@ -111,7 +111,7 @@ Create a cluster following the Azure [tutorial](../flatcar-linux/azure.md#cluste ```tf module "ramius-worker-pool" { - source = "git::https://github.com/poseidon/typhoon//azure/fedora-coreos/kubernetes/workers?ref=v1.30.4" + source = "git::https://github.com/poseidon/typhoon//azure/fedora-coreos/kubernetes/workers?ref=v1.31.0" # Azure location = module.ramius.location @@ -137,7 +137,7 @@ Create a cluster following the Azure [tutorial](../flatcar-linux/azure.md#cluste ```tf module "ramius-worker-pool" { - source = "git::https://github.com/poseidon/typhoon//azure/flatcar-linux/kubernetes/workers?ref=v1.30.4" + source = "git::https://github.com/poseidon/typhoon//azure/flatcar-linux/kubernetes/workers?ref=v1.31.0" # Azure location = module.ramius.location @@ -207,7 +207,7 @@ Create a cluster following the Google Cloud [tutorial](../flatcar-linux/google-c ```tf module "yavin-worker-pool" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes/workers?ref=v1.30.4" + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes/workers?ref=v1.31.0" # Google Cloud region = "europe-west2" @@ -231,7 +231,7 @@ Create a cluster following the Google Cloud [tutorial](../flatcar-linux/google-c ```tf module "yavin-worker-pool" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/flatcar-linux/kubernetes/workers?ref=v1.30.4" + source = "git::https://github.com/poseidon/typhoon//google-cloud/flatcar-linux/kubernetes/workers?ref=v1.31.0" # Google Cloud region = "europe-west2" @@ -262,11 +262,11 @@ Verify a managed instance group of workers joins the cluster within a few minute ``` $ kubectl get nodes NAME STATUS AGE VERSION -yavin-controller-0.c.example-com.internal Ready 6m v1.30.4 -yavin-worker-jrbf.c.example-com.internal Ready 5m v1.30.4 -yavin-worker-mzdm.c.example-com.internal Ready 5m v1.30.4 -yavin-16x-worker-jrbf.c.example-com.internal Ready 3m v1.30.4 -yavin-16x-worker-mzdm.c.example-com.internal Ready 3m v1.30.4 +yavin-controller-0.c.example-com.internal Ready 6m v1.31.0 +yavin-worker-jrbf.c.example-com.internal Ready 5m v1.31.0 +yavin-worker-mzdm.c.example-com.internal Ready 5m v1.31.0 +yavin-16x-worker-jrbf.c.example-com.internal Ready 3m v1.31.0 +yavin-16x-worker-mzdm.c.example-com.internal Ready 3m v1.31.0 ``` ### Variables diff --git a/docs/fedora-coreos/aws.md b/docs/fedora-coreos/aws.md index e2375fea..8cb2fd25 100644 --- a/docs/fedora-coreos/aws.md +++ b/docs/fedora-coreos/aws.md @@ -1,6 +1,6 @@ # AWS -In this tutorial, we'll create a Kubernetes v1.30.4 cluster on AWS with Fedora CoreOS. +In this tutorial, we'll create a Kubernetes v1.31.0 cluster on AWS with Fedora CoreOS. We'll declare a Kubernetes cluster using the Typhoon Terraform module. Then apply the changes to create a VPC, gateway, subnets, security groups, controller instances, worker auto-scaling group, network load balancer, and TLS assets. @@ -72,7 +72,7 @@ Define a Kubernetes cluster using the module `aws/fedora-coreos/kubernetes`. ```tf module "tempest" { - source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes?ref=v1.30.4" + source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes?ref=v1.31.0" # AWS cluster_name = "tempest" @@ -145,9 +145,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/tempest-config $ kubectl get nodes NAME STATUS ROLES AGE VERSION -ip-10-0-3-155 Ready 10m v1.30.4 -ip-10-0-26-65 Ready 10m v1.30.4 -ip-10-0-41-21 Ready 10m v1.30.4 +ip-10-0-3-155 Ready 10m v1.31.0 +ip-10-0-26-65 Ready 10m v1.31.0 +ip-10-0-41-21 Ready 10m v1.31.0 ``` List the pods. diff --git a/docs/fedora-coreos/azure.md b/docs/fedora-coreos/azure.md index 4c29585c..4c376331 100644 --- a/docs/fedora-coreos/azure.md +++ b/docs/fedora-coreos/azure.md @@ -1,6 +1,6 @@ # Azure -In this tutorial, we'll create a Kubernetes v1.30.4 cluster on Azure with Fedora CoreOS. +In this tutorial, we'll create a Kubernetes v1.31.0 cluster on Azure with Fedora CoreOS. We'll declare a Kubernetes cluster using the Typhoon Terraform module. Then apply the changes to create a resource group, virtual network, subnets, security groups, controller availability set, worker scale set, load balancer, and TLS assets. @@ -86,7 +86,7 @@ Define a Kubernetes cluster using the module `azure/fedora-coreos/kubernetes`. ```tf module "ramius" { - source = "git::https://github.com/poseidon/typhoon//azure/fedora-coreos/kubernetes?ref=v1.30.4" + source = "git::https://github.com/poseidon/typhoon//azure/fedora-coreos/kubernetes?ref=v1.31.0" # Azure cluster_name = "ramius" @@ -163,9 +163,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/ramius-config $ kubectl get nodes NAME STATUS ROLES AGE VERSION -ramius-controller-0 Ready 24m v1.30.4 -ramius-worker-000001 Ready 25m v1.30.4 -ramius-worker-000002 Ready 24m v1.30.4 +ramius-controller-0 Ready 24m v1.31.0 +ramius-worker-000001 Ready 25m v1.31.0 +ramius-worker-000002 Ready 24m v1.31.0 ``` List the pods. diff --git a/docs/fedora-coreos/bare-metal.md b/docs/fedora-coreos/bare-metal.md index 688fcc11..2cf303d0 100644 --- a/docs/fedora-coreos/bare-metal.md +++ b/docs/fedora-coreos/bare-metal.md @@ -1,6 +1,6 @@ # Bare-Metal -In this tutorial, we'll network boot and provision a Kubernetes v1.30.4 cluster on bare-metal with Fedora CoreOS. +In this tutorial, we'll network boot and provision a Kubernetes v1.31.0 cluster on bare-metal with Fedora CoreOS. First, we'll deploy a [Matchbox](https://github.com/poseidon/matchbox) service and setup a network boot environment. Then, we'll declare a Kubernetes cluster using the Typhoon Terraform module and power on machines. On PXE boot, machines will install Fedora CoreOS to disk, reboot into the disk install, and provision themselves as Kubernetes controllers or workers via Ignition. @@ -154,7 +154,7 @@ Define a Kubernetes cluster using the module `bare-metal/fedora-coreos/kubernete ```tf module "mercury" { - source = "git::https://github.com/poseidon/typhoon//bare-metal/fedora-coreos/kubernetes?ref=v1.30.4" + source = "git::https://github.com/poseidon/typhoon//bare-metal/fedora-coreos/kubernetes?ref=v1.31.0" # bare-metal cluster_name = "mercury" @@ -191,7 +191,7 @@ Workers with similar features can be defined inline using the `workers` field as ```tf module "mercury-node1" { - source = "git::https://github.com/poseidon/typhoon//bare-metal/fedora-coreos/kubernetes/worker?ref=v1.30.4" + source = "git::https://github.com/poseidon/typhoon//bare-metal/fedora-coreos/kubernetes/worker?ref=v1.31.0" # bare-metal cluster_name = "mercury" @@ -313,9 +313,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/mercury-config $ kubectl get nodes NAME STATUS ROLES AGE VERSION -node1.example.com Ready 10m v1.30.4 -node2.example.com Ready 10m v1.30.4 -node3.example.com Ready 10m v1.30.4 +node1.example.com Ready 10m v1.31.0 +node2.example.com Ready 10m v1.31.0 +node3.example.com Ready 10m v1.31.0 ``` List the pods. diff --git a/docs/fedora-coreos/digitalocean.md b/docs/fedora-coreos/digitalocean.md index d186a6bf..7c3d62df 100644 --- a/docs/fedora-coreos/digitalocean.md +++ b/docs/fedora-coreos/digitalocean.md @@ -1,6 +1,6 @@ # DigitalOcean -In this tutorial, we'll create a Kubernetes v1.30.4 cluster on DigitalOcean with Fedora CoreOS. +In this tutorial, we'll create a Kubernetes v1.31.0 cluster on DigitalOcean with Fedora CoreOS. We'll declare a Kubernetes cluster using the Typhoon Terraform module. Then apply the changes to create controller droplets, worker droplets, DNS records, tags, and TLS assets. @@ -81,7 +81,7 @@ Define a Kubernetes cluster using the module `digital-ocean/fedora-coreos/kubern ```tf module "nemo" { - source = "git::https://github.com/poseidon/typhoon//digital-ocean/fedora-coreos/kubernetes?ref=v1.30.4" + source = "git::https://github.com/poseidon/typhoon//digital-ocean/fedora-coreos/kubernetes?ref=v1.31.0" # Digital Ocean cluster_name = "nemo" @@ -155,9 +155,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/nemo-config $ kubectl get nodes NAME STATUS ROLES AGE VERSION -10.132.110.130 Ready 10m v1.30.4 -10.132.115.81 Ready 10m v1.30.4 -10.132.124.107 Ready 10m v1.30.4 +10.132.110.130 Ready 10m v1.31.0 +10.132.115.81 Ready 10m v1.31.0 +10.132.124.107 Ready 10m v1.31.0 ``` List the pods. diff --git a/docs/fedora-coreos/google-cloud.md b/docs/fedora-coreos/google-cloud.md index 2dabe4b8..3a383129 100644 --- a/docs/fedora-coreos/google-cloud.md +++ b/docs/fedora-coreos/google-cloud.md @@ -1,6 +1,6 @@ # Google Cloud -In this tutorial, we'll create a Kubernetes v1.30.4 cluster on Google Compute Engine with Fedora CoreOS. +In this tutorial, we'll create a Kubernetes v1.31.0 cluster on Google Compute Engine with Fedora CoreOS. We'll declare a Kubernetes cluster using the Typhoon Terraform module. Then apply the changes to create a network, firewall rules, health checks, controller instances, worker managed instance group, load balancers, and TLS assets. @@ -73,7 +73,7 @@ Define a Kubernetes cluster using the module `google-cloud/fedora-coreos/kuberne ```tf module "yavin" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.30.4" + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.31.0" # Google Cloud cluster_name = "yavin" @@ -147,9 +147,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/yavin-config $ kubectl get nodes NAME ROLES STATUS AGE VERSION -yavin-controller-0.c.example-com.internal Ready 6m v1.30.4 -yavin-worker-jrbf.c.example-com.internal Ready 5m v1.30.4 -yavin-worker-mzdm.c.example-com.internal Ready 5m v1.30.4 +yavin-controller-0.c.example-com.internal Ready 6m v1.31.0 +yavin-worker-jrbf.c.example-com.internal Ready 5m v1.31.0 +yavin-worker-mzdm.c.example-com.internal Ready 5m v1.31.0 ``` List the pods. diff --git a/docs/flatcar-linux/aws.md b/docs/flatcar-linux/aws.md index a8fc73cc..61096663 100644 --- a/docs/flatcar-linux/aws.md +++ b/docs/flatcar-linux/aws.md @@ -1,6 +1,6 @@ # AWS -In this tutorial, we'll create a Kubernetes v1.30.4 cluster on AWS with Flatcar Linux. +In this tutorial, we'll create a Kubernetes v1.31.0 cluster on AWS with Flatcar Linux. We'll declare a Kubernetes cluster using the Typhoon Terraform module. Then apply the changes to create a VPC, gateway, subnets, security groups, controller instances, worker auto-scaling group, network load balancer, and TLS assets. @@ -72,7 +72,7 @@ Define a Kubernetes cluster using the module `aws/flatcar-linux/kubernetes`. ```tf module "tempest" { - source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes?ref=v1.30.4" + source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes?ref=v1.31.0" # AWS cluster_name = "tempest" @@ -145,9 +145,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/tempest-config $ kubectl get nodes NAME STATUS ROLES AGE VERSION -ip-10-0-3-155 Ready 10m v1.30.4 -ip-10-0-26-65 Ready 10m v1.30.4 -ip-10-0-41-21 Ready 10m v1.30.4 +ip-10-0-3-155 Ready 10m v1.31.0 +ip-10-0-26-65 Ready 10m v1.31.0 +ip-10-0-41-21 Ready 10m v1.31.0 ``` List the pods. diff --git a/docs/flatcar-linux/azure.md b/docs/flatcar-linux/azure.md index dbf4ffdc..39bbdec7 100644 --- a/docs/flatcar-linux/azure.md +++ b/docs/flatcar-linux/azure.md @@ -1,6 +1,6 @@ # Azure -In this tutorial, we'll create a Kubernetes v1.30.4 cluster on Azure with Flatcar Linux. +In this tutorial, we'll create a Kubernetes v1.31.0 cluster on Azure with Flatcar Linux. We'll declare a Kubernetes cluster using the Typhoon Terraform module. Then apply the changes to create a resource group, virtual network, subnets, security groups, controller availability set, worker scale set, load balancer, and TLS assets. @@ -75,7 +75,7 @@ Define a Kubernetes cluster using the module `azure/flatcar-linux/kubernetes`. ```tf module "ramius" { - source = "git::https://github.com/poseidon/typhoon//azure/flatcar-linux/kubernetes?ref=v1.30.4" + source = "git::https://github.com/poseidon/typhoon//azure/flatcar-linux/kubernetes?ref=v1.31.0" # Azure cluster_name = "ramius" @@ -151,9 +151,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/ramius-config $ kubectl get nodes NAME STATUS ROLES AGE VERSION -ramius-controller-0 Ready 24m v1.30.4 -ramius-worker-000001 Ready 25m v1.30.4 -ramius-worker-000002 Ready 24m v1.30.4 +ramius-controller-0 Ready 24m v1.31.0 +ramius-worker-000001 Ready 25m v1.31.0 +ramius-worker-000002 Ready 24m v1.31.0 ``` List the pods. diff --git a/docs/flatcar-linux/bare-metal.md b/docs/flatcar-linux/bare-metal.md index c9b40377..90aff6e0 100644 --- a/docs/flatcar-linux/bare-metal.md +++ b/docs/flatcar-linux/bare-metal.md @@ -1,6 +1,6 @@ # Bare-Metal -In this tutorial, we'll network boot and provision a Kubernetes v1.30.4 cluster on bare-metal with Flatcar Linux. +In this tutorial, we'll network boot and provision a Kubernetes v1.31.0 cluster on bare-metal with Flatcar Linux. First, we'll deploy a [Matchbox](https://github.com/poseidon/matchbox) service and setup a network boot environment. Then, we'll declare a Kubernetes cluster using the Typhoon Terraform module and power on machines. On PXE boot, machines will install Container Linux to disk, reboot into the disk install, and provision themselves as Kubernetes controllers or workers via Ignition. @@ -154,7 +154,7 @@ Define a Kubernetes cluster using the module `bare-metal/flatcar-linux/kubernete ```tf module "mercury" { - source = "git::https://github.com/poseidon/typhoon//bare-metal/flatcar-linux/kubernetes?ref=v1.30.4" + source = "git::https://github.com/poseidon/typhoon//bare-metal/flatcar-linux/kubernetes?ref=v1.31.0" # bare-metal cluster_name = "mercury" @@ -194,7 +194,7 @@ Workers with similar features can be defined inline using the `workers` field as ```tf module "mercury-node1" { - source = "git::https://github.com/poseidon/typhoon//bare-metal/fedora-coreos/kubernetes/worker?ref=v1.30.4" + source = "git::https://github.com/poseidon/typhoon//bare-metal/fedora-coreos/kubernetes/worker?ref=v1.31.0" # bare-metal cluster_name = "mercury" @@ -323,9 +323,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/mercury-config $ kubectl get nodes NAME STATUS ROLES AGE VERSION -node1.example.com Ready 10m v1.30.4 -node2.example.com Ready 10m v1.30.4 -node3.example.com Ready 10m v1.30.4 +node1.example.com Ready 10m v1.31.0 +node2.example.com Ready 10m v1.31.0 +node3.example.com Ready 10m v1.31.0 ``` List the pods. diff --git a/docs/flatcar-linux/digitalocean.md b/docs/flatcar-linux/digitalocean.md index 81049be7..6050a96d 100644 --- a/docs/flatcar-linux/digitalocean.md +++ b/docs/flatcar-linux/digitalocean.md @@ -1,6 +1,6 @@ # DigitalOcean -In this tutorial, we'll create a Kubernetes v1.30.4 cluster on DigitalOcean with Flatcar Linux. +In this tutorial, we'll create a Kubernetes v1.31.0 cluster on DigitalOcean with Flatcar Linux. We'll declare a Kubernetes cluster using the Typhoon Terraform module. Then apply the changes to create controller droplets, worker droplets, DNS records, tags, and TLS assets. @@ -81,7 +81,7 @@ Define a Kubernetes cluster using the module `digital-ocean/flatcar-linux/kubern ```tf module "nemo" { - source = "git::https://github.com/poseidon/typhoon//digital-ocean/flatcar-linux/kubernetes?ref=v1.30.4" + source = "git::https://github.com/poseidon/typhoon//digital-ocean/flatcar-linux/kubernetes?ref=v1.31.0" # Digital Ocean cluster_name = "nemo" @@ -155,9 +155,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/nemo-config $ kubectl get nodes NAME STATUS ROLES AGE VERSION -10.132.110.130 Ready 10m v1.30.4 -10.132.115.81 Ready 10m v1.30.4 -10.132.124.107 Ready 10m v1.30.4 +10.132.110.130 Ready 10m v1.31.0 +10.132.115.81 Ready 10m v1.31.0 +10.132.124.107 Ready 10m v1.31.0 ``` List the pods. diff --git a/docs/flatcar-linux/google-cloud.md b/docs/flatcar-linux/google-cloud.md index bb337b82..b522e0fa 100644 --- a/docs/flatcar-linux/google-cloud.md +++ b/docs/flatcar-linux/google-cloud.md @@ -1,6 +1,6 @@ # Google Cloud -In this tutorial, we'll create a Kubernetes v1.30.4 cluster on Google Compute Engine with Flatcar Linux. +In this tutorial, we'll create a Kubernetes v1.31.0 cluster on Google Compute Engine with Flatcar Linux. We'll declare a Kubernetes cluster using the Typhoon Terraform module. Then apply the changes to create a network, firewall rules, health checks, controller instances, worker managed instance group, load balancers, and TLS assets. @@ -73,7 +73,7 @@ Define a Kubernetes cluster using the module `google-cloud/flatcar-linux/kuberne ```tf module "yavin" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/flatcar-linux/kubernetes?ref=v1.30.4" + source = "git::https://github.com/poseidon/typhoon//google-cloud/flatcar-linux/kubernetes?ref=v1.31.0" # Google Cloud cluster_name = "yavin" @@ -147,9 +147,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/yavin-config $ kubectl get nodes NAME ROLES STATUS AGE VERSION -yavin-controller-0.c.example-com.internal Ready 6m v1.30.4 -yavin-worker-jrbf.c.example-com.internal Ready 5m v1.30.4 -yavin-worker-mzdm.c.example-com.internal Ready 5m v1.30.4 +yavin-controller-0.c.example-com.internal Ready 6m v1.31.0 +yavin-worker-jrbf.c.example-com.internal Ready 5m v1.31.0 +yavin-worker-mzdm.c.example-com.internal Ready 5m v1.31.0 ``` List the pods. diff --git a/docs/index.md b/docs/index.md index 2e041e9d..40942e29 100644 --- a/docs/index.md +++ b/docs/index.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.30.4 (upstream) +* Kubernetes v1.31.0 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/), SELinux enforcing * Advanced features like [worker pools](advanced/worker-pools/), [preemptible](fedora-coreos/google-cloud/#preemption) workers, and [snippets](advanced/customization/#hosts) customization @@ -70,7 +70,7 @@ Define a Kubernetes cluster by using the Terraform module for your chosen platfo ```tf module "yavin" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.30.4" + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.31.0" # Google Cloud cluster_name = "yavin" @@ -108,9 +108,9 @@ In 4-8 minutes (varies by platform), the cluster will be ready. This Google Clou $ export KUBECONFIG=/home/user/.kube/configs/yavin-config $ kubectl get nodes NAME ROLES STATUS AGE VERSION -yavin-controller-0.c.example-com.internal Ready 6m v1.30.4 -yavin-worker-jrbf.c.example-com.internal Ready 5m v1.30.4 -yavin-worker-mzdm.c.example-com.internal Ready 5m v1.30.4 +yavin-controller-0.c.example-com.internal Ready 6m v1.31.0 +yavin-worker-jrbf.c.example-com.internal Ready 5m v1.31.0 +yavin-worker-mzdm.c.example-com.internal Ready 5m v1.31.0 ``` List the pods. diff --git a/docs/topics/maintenance.md b/docs/topics/maintenance.md index 0a298ef0..e8cd54c9 100644 --- a/docs/topics/maintenance.md +++ b/docs/topics/maintenance.md @@ -13,12 +13,12 @@ Typhoon provides tagged releases to allow clusters to be versioned using ordinar ``` module "yavin" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.30.4" + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.31.0" ... } module "mercury" { - source = "git::https://github.com/poseidon/typhoon//bare-metal/flatcar-linux/kubernetes?ref=v1.30.4" + source = "git::https://github.com/poseidon/typhoon//bare-metal/flatcar-linux/kubernetes?ref=v1.31.0" ... } ``` @@ -192,7 +192,7 @@ Applying edits to most worker fields will start an instance refresh: However, changing `os_stream`/`os_channel` or new AMIs becoming available will NOT change the launch configuration or trigger an Instance Refresh. This allows Fedora CoreOS or Flatcar Linux to auto-update themselves via reboots and avoids unexpected terraform diffs for new AMIs. !!! note - Before Typhoon v1.30.4, worker nodes only used new launch configurations when replaced manually (or due to failure). If you must change node configuration manually, it's still possible. Create a new [worker pool](../advanced/worker-pools.md), then scale down the old worker pool as desired. + Before Typhoon v1.31.0, worker nodes only used new launch configurations when replaced manually (or due to failure). If you must change node configuration manually, it's still possible. Create a new [worker pool](../advanced/worker-pools.md), then scale down the old worker pool as desired. ### Google Cloud @@ -233,7 +233,7 @@ Applying edits to most worker fields will start an instance refresh: However, changing `os_stream`/`os_channel` or new compute images becoming available will NOT change the launch template or update instances. This allows Fedora CoreOS or Flatcar Linux to auto-update themselves via reboots and avoids unexpected terraform diffs for new AMIs. !!! note - Before Typhoon v1.30.4, worker nodes only used new launch templates when replaced manually (or due to failure). If you must change node configuration manually, it's still possible. Create a new [worker pool](../advanced/worker-pools.md), then scale down the old worker pool as desired. + Before Typhoon v1.31.0, worker nodes only used new launch templates when replaced manually (or due to failure). If you must change node configuration manually, it's still possible. Create a new [worker pool](../advanced/worker-pools.md), then scale down the old worker pool as desired. ## Upgrade poseidon/ct diff --git a/google-cloud/fedora-coreos/kubernetes/README.md b/google-cloud/fedora-coreos/kubernetes/README.md index 32eb1cc0..19c8e880 100644 --- a/google-cloud/fedora-coreos/kubernetes/README.md +++ b/google-cloud/fedora-coreos/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.30.4 (upstream) +* Kubernetes v1.31.0 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/), SELinux enforcing * Advanced features like [worker pools](https://typhoon.psdn.io/advanced/worker-pools/), [preemptible](https://typhoon.psdn.io/fedora-coreos/google-cloud/#preemption) workers, and [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/google-cloud/fedora-coreos/kubernetes/bootstrap.tf b/google-cloud/fedora-coreos/kubernetes/bootstrap.tf index 76df75d9..d80ae575 100644 --- a/google-cloud/fedora-coreos/kubernetes/bootstrap.tf +++ b/google-cloud/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=8b6a3a4c0dacdc4c2eee22aa302ba5d49fc688ac" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=7e8551750c774e8715a02f3902be26a30042cdfd" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/google-cloud/fedora-coreos/kubernetes/butane/controller.yaml b/google-cloud/fedora-coreos/kubernetes/butane/controller.yaml index eeb8dfa1..b55e3775 100644 --- a/google-cloud/fedora-coreos/kubernetes/butane/controller.yaml +++ b/google-cloud/fedora-coreos/kubernetes/butane/controller.yaml @@ -54,7 +54,7 @@ systemd: Description=Kubelet (System Container) Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.4 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.0 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin @@ -111,7 +111,7 @@ systemd: --volume /opt/bootstrap/assets:/assets:ro,Z \ --volume /opt/bootstrap/apply:/apply:ro,Z \ --entrypoint=/apply \ - quay.io/poseidon/kubelet:v1.30.4 + quay.io/poseidon/kubelet:v1.31.0 ExecStartPost=/bin/touch /opt/bootstrap/bootstrap.done ExecStartPost=-/usr/bin/podman stop bootstrap storage: diff --git a/google-cloud/fedora-coreos/kubernetes/workers/butane/worker.yaml b/google-cloud/fedora-coreos/kubernetes/workers/butane/worker.yaml index 7eb2f714..a863b230 100644 --- a/google-cloud/fedora-coreos/kubernetes/workers/butane/worker.yaml +++ b/google-cloud/fedora-coreos/kubernetes/workers/butane/worker.yaml @@ -26,7 +26,7 @@ systemd: Description=Kubelet (System Container) Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.4 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.0 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin diff --git a/google-cloud/flatcar-linux/kubernetes/README.md b/google-cloud/flatcar-linux/kubernetes/README.md index ab1a2d26..2495c17e 100644 --- a/google-cloud/flatcar-linux/kubernetes/README.md +++ b/google-cloud/flatcar-linux/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.30.4 (upstream) +* Kubernetes v1.31.0 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/) * Advanced features like [worker pools](https://typhoon.psdn.io/advanced/worker-pools/), [preemptible](https://typhoon.psdn.io/flatcar-linux/google-cloud/#preemption) workers, and [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/google-cloud/flatcar-linux/kubernetes/bootstrap.tf b/google-cloud/flatcar-linux/kubernetes/bootstrap.tf index 76df75d9..d80ae575 100644 --- a/google-cloud/flatcar-linux/kubernetes/bootstrap.tf +++ b/google-cloud/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=8b6a3a4c0dacdc4c2eee22aa302ba5d49fc688ac" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=7e8551750c774e8715a02f3902be26a30042cdfd" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/google-cloud/flatcar-linux/kubernetes/butane/controller.yaml b/google-cloud/flatcar-linux/kubernetes/butane/controller.yaml index b242f4b2..83e3fb2d 100644 --- a/google-cloud/flatcar-linux/kubernetes/butane/controller.yaml +++ b/google-cloud/flatcar-linux/kubernetes/butane/controller.yaml @@ -56,7 +56,7 @@ systemd: After=docker.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.4 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.0 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin @@ -105,7 +105,7 @@ systemd: Type=oneshot RemainAfterExit=true WorkingDirectory=/opt/bootstrap - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.4 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.0 ExecStart=/usr/bin/docker run \ -v /etc/kubernetes/pki:/etc/kubernetes/pki:ro \ -v /opt/bootstrap/assets:/assets:ro \ diff --git a/google-cloud/flatcar-linux/kubernetes/workers/butane/worker.yaml b/google-cloud/flatcar-linux/kubernetes/workers/butane/worker.yaml index 315e3250..ea4d8fd6 100644 --- a/google-cloud/flatcar-linux/kubernetes/workers/butane/worker.yaml +++ b/google-cloud/flatcar-linux/kubernetes/workers/butane/worker.yaml @@ -28,7 +28,7 @@ systemd: After=docker.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.30.4 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.0 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin From b8645f3ec2b465beb13d85532c168d6fc628188f Mon Sep 17 00:00:00 2001 From: "dghubble-renovate[bot]" <119624128+dghubble-renovate[bot]@users.noreply.github.com> Date: Mon, 19 Aug 2024 23:40:47 +0000 Subject: [PATCH 094/132] Bump mkdocs-material from 9.5.31 to v9.5.32 --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 1f75ecb7..b4ed4c85 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,4 +1,4 @@ mkdocs==1.6.0 -mkdocs-material==9.5.31 +mkdocs-material==9.5.32 pygments==2.18.0 pymdown-extensions==10.9 From effa13c141b7c772020570cb94a077f197e8a914 Mon Sep 17 00:00:00 2001 From: Dalton Hubble Date: Thu, 22 Aug 2024 19:26:19 -0700 Subject: [PATCH 095/132] Fix flannel-cni container image * Close #1496 --- CHANGES.md | 1 + aws/fedora-coreos/kubernetes/bootstrap.tf | 2 +- aws/flatcar-linux/kubernetes/bootstrap.tf | 2 +- azure/fedora-coreos/kubernetes/bootstrap.tf | 2 +- azure/flatcar-linux/kubernetes/bootstrap.tf | 2 +- bare-metal/fedora-coreos/kubernetes/bootstrap.tf | 2 +- bare-metal/flatcar-linux/kubernetes/bootstrap.tf | 2 +- digital-ocean/fedora-coreos/kubernetes/bootstrap.tf | 2 +- digital-ocean/flatcar-linux/kubernetes/bootstrap.tf | 2 +- google-cloud/fedora-coreos/kubernetes/bootstrap.tf | 2 +- google-cloud/flatcar-linux/kubernetes/bootstrap.tf | 2 +- 11 files changed, 11 insertions(+), 10 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index 8e0ce5bb..a3321034 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -7,6 +7,7 @@ Notable changes between versions. ## v1.31.0 * Kubernetes [v1.31.0](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.31.md#v1310) +* Fix invalid flannel-cni container image for those using flannel networking ## v1.30.4 diff --git a/aws/fedora-coreos/kubernetes/bootstrap.tf b/aws/fedora-coreos/kubernetes/bootstrap.tf index de2ab58a..83818da6 100644 --- a/aws/fedora-coreos/kubernetes/bootstrap.tf +++ b/aws/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=7e8551750c774e8715a02f3902be26a30042cdfd" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=0b78c87997ff96547773e878458ec95485c8b91f" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/aws/flatcar-linux/kubernetes/bootstrap.tf b/aws/flatcar-linux/kubernetes/bootstrap.tf index de2ab58a..83818da6 100644 --- a/aws/flatcar-linux/kubernetes/bootstrap.tf +++ b/aws/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=7e8551750c774e8715a02f3902be26a30042cdfd" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=0b78c87997ff96547773e878458ec95485c8b91f" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/azure/fedora-coreos/kubernetes/bootstrap.tf b/azure/fedora-coreos/kubernetes/bootstrap.tf index 5cd768c6..f2ad34ff 100644 --- a/azure/fedora-coreos/kubernetes/bootstrap.tf +++ b/azure/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=7e8551750c774e8715a02f3902be26a30042cdfd" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=0b78c87997ff96547773e878458ec95485c8b91f" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/azure/flatcar-linux/kubernetes/bootstrap.tf b/azure/flatcar-linux/kubernetes/bootstrap.tf index 5cd768c6..f2ad34ff 100644 --- a/azure/flatcar-linux/kubernetes/bootstrap.tf +++ b/azure/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=7e8551750c774e8715a02f3902be26a30042cdfd" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=0b78c87997ff96547773e878458ec95485c8b91f" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/bare-metal/fedora-coreos/kubernetes/bootstrap.tf b/bare-metal/fedora-coreos/kubernetes/bootstrap.tf index 9cea8417..a6f44fc3 100644 --- a/bare-metal/fedora-coreos/kubernetes/bootstrap.tf +++ b/bare-metal/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=7e8551750c774e8715a02f3902be26a30042cdfd" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=0b78c87997ff96547773e878458ec95485c8b91f" cluster_name = var.cluster_name api_servers = [var.k8s_domain_name] diff --git a/bare-metal/flatcar-linux/kubernetes/bootstrap.tf b/bare-metal/flatcar-linux/kubernetes/bootstrap.tf index 7e36f1d4..c782311c 100644 --- a/bare-metal/flatcar-linux/kubernetes/bootstrap.tf +++ b/bare-metal/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=7e8551750c774e8715a02f3902be26a30042cdfd" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=0b78c87997ff96547773e878458ec95485c8b91f" cluster_name = var.cluster_name api_servers = [var.k8s_domain_name] diff --git a/digital-ocean/fedora-coreos/kubernetes/bootstrap.tf b/digital-ocean/fedora-coreos/kubernetes/bootstrap.tf index 0b6ec91d..e31ca917 100644 --- a/digital-ocean/fedora-coreos/kubernetes/bootstrap.tf +++ b/digital-ocean/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=7e8551750c774e8715a02f3902be26a30042cdfd" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=0b78c87997ff96547773e878458ec95485c8b91f" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/digital-ocean/flatcar-linux/kubernetes/bootstrap.tf b/digital-ocean/flatcar-linux/kubernetes/bootstrap.tf index 0b6ec91d..e31ca917 100644 --- a/digital-ocean/flatcar-linux/kubernetes/bootstrap.tf +++ b/digital-ocean/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=7e8551750c774e8715a02f3902be26a30042cdfd" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=0b78c87997ff96547773e878458ec95485c8b91f" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/google-cloud/fedora-coreos/kubernetes/bootstrap.tf b/google-cloud/fedora-coreos/kubernetes/bootstrap.tf index d80ae575..10698f85 100644 --- a/google-cloud/fedora-coreos/kubernetes/bootstrap.tf +++ b/google-cloud/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=7e8551750c774e8715a02f3902be26a30042cdfd" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=0b78c87997ff96547773e878458ec95485c8b91f" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/google-cloud/flatcar-linux/kubernetes/bootstrap.tf b/google-cloud/flatcar-linux/kubernetes/bootstrap.tf index d80ae575..10698f85 100644 --- a/google-cloud/flatcar-linux/kubernetes/bootstrap.tf +++ b/google-cloud/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=7e8551750c774e8715a02f3902be26a30042cdfd" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=0b78c87997ff96547773e878458ec95485c8b91f" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] From 808b8a948f24c3e386c4e7454e07cf5fe32221f9 Mon Sep 17 00:00:00 2001 From: Dalton Hubble Date: Thu, 22 Aug 2024 20:02:53 -0700 Subject: [PATCH 096/132] aws: Switch EC2 instances to use resource-based hostnames * Use EC2 resource-based hostnames instead of IP-based hostnames. The Amazon DNS server can resolve A and AAAA queries to IPv4 and IPv6 node addresses * For example, nodes used to be named like `ip-10-11-12-13.us-east-1.compute.internal` but going forward use the instance id `i-0123456789abcdef.us-east-1.compute.internal` * Tag controller node EBS volumes with a name based on the controller node name --- CHANGES.md | 5 +++ aws/fedora-coreos/kubernetes/controllers.tf | 10 +++-- aws/fedora-coreos/kubernetes/network.tf | 24 +++++++---- .../kubernetes/workers/workers.tf | 40 +++++++++++-------- aws/flatcar-linux/kubernetes/controllers.tf | 13 +++--- aws/flatcar-linux/kubernetes/network.tf | 24 +++++++---- .../kubernetes/workers/workers.tf | 24 ++++++----- 7 files changed, 90 insertions(+), 50 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index a3321034..5cb88a2b 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -9,6 +9,11 @@ Notable changes between versions. * Kubernetes [v1.31.0](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.31.md#v1310) * Fix invalid flannel-cni container image for those using flannel networking +### AWS + +* Use EC2 resource-based hostnames instead of IP-based hostnames. The Amazon DNS server can resolve A and AAAA queries to IPv4 and IPv6 node addresses +* Tag controller node EBS volumes with a name based on the controller node name + ## v1.30.4 * Kubernetes [v1.30.4](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.30.md#v1304) diff --git a/aws/fedora-coreos/kubernetes/controllers.tf b/aws/fedora-coreos/kubernetes/controllers.tf index a66acd88..4e8db88b 100644 --- a/aws/fedora-coreos/kubernetes/controllers.tf +++ b/aws/fedora-coreos/kubernetes/controllers.tf @@ -20,10 +20,8 @@ resource "aws_instance" "controllers" { tags = { Name = "${var.cluster_name}-controller-${count.index}" } - instance_type = var.controller_type ami = var.controller_arch == "arm64" ? data.aws_ami.fedora-coreos-arm[0].image_id : data.aws_ami.fedora-coreos.image_id - user_data = data.ct_config.controllers.*.rendered[count.index] # storage root_block_device { @@ -31,7 +29,9 @@ resource "aws_instance" "controllers" { volume_size = var.controller_disk_size iops = var.controller_disk_iops encrypted = true - tags = {} + tags = { + Name = "${var.cluster_name}-controller-${count.index}" + } } # network @@ -39,6 +39,10 @@ resource "aws_instance" "controllers" { subnet_id = element(aws_subnet.public.*.id, count.index) vpc_security_group_ids = [aws_security_group.controller.id] + # boot + user_data = data.ct_config.controllers.*.rendered[count.index] + + # cost credit_specification { cpu_credits = var.controller_cpu_credits } diff --git a/aws/fedora-coreos/kubernetes/network.tf b/aws/fedora-coreos/kubernetes/network.tf index bdb4bff1..98ac9bba 100644 --- a/aws/fedora-coreos/kubernetes/network.tf +++ b/aws/fedora-coreos/kubernetes/network.tf @@ -47,17 +47,25 @@ resource "aws_route" "egress-ipv6" { resource "aws_subnet" "public" { count = length(data.aws_availability_zones.all.names) - vpc_id = aws_vpc.network.id - availability_zone = data.aws_availability_zones.all.names[count.index] - - cidr_block = cidrsubnet(var.host_cidr, 4, count.index) - ipv6_cidr_block = cidrsubnet(aws_vpc.network.ipv6_cidr_block, 8, count.index) - map_public_ip_on_launch = true - assign_ipv6_address_on_creation = true - tags = { "Name" = "${var.cluster_name}-public-${count.index}" } + vpc_id = aws_vpc.network.id + availability_zone = data.aws_availability_zones.all.names[count.index] + + # IPv4 and IPv6 CIDR blocks + cidr_block = cidrsubnet(var.host_cidr, 4, count.index) + ipv6_cidr_block = cidrsubnet(aws_vpc.network.ipv6_cidr_block, 8, count.index) + + # Assign IPv4 and IPv6 addresses to instances + map_public_ip_on_launch = true + assign_ipv6_address_on_creation = true + + # Hostnames assigned to instances + # resource-name: .region.compute.internal + private_dns_hostname_type_on_launch = "resource-name" + enable_resource_name_dns_a_record_on_launch = true + enable_resource_name_dns_aaaa_record_on_launch = true } resource "aws_route_table_association" "public" { diff --git a/aws/fedora-coreos/kubernetes/workers/workers.tf b/aws/fedora-coreos/kubernetes/workers/workers.tf index 71729515..2d07d8b4 100644 --- a/aws/fedora-coreos/kubernetes/workers/workers.tf +++ b/aws/fedora-coreos/kubernetes/workers/workers.tf @@ -3,16 +3,14 @@ resource "aws_autoscaling_group" "workers" { name = "${var.name}-worker" # count - desired_capacity = var.worker_count - min_size = var.worker_count - max_size = var.worker_count + 2 - default_cooldown = 30 - health_check_grace_period = 30 + desired_capacity = var.worker_count + min_size = var.worker_count + max_size = var.worker_count + 2 # network vpc_zone_identifier = var.subnet_ids - # template + # instance template launch_template { id = aws_launch_template.worker.id version = aws_launch_template.worker.latest_version @@ -32,6 +30,11 @@ resource "aws_autoscaling_group" "workers" { min_healthy_percentage = 90 } } + # Grace period before checking new instance's health + health_check_grace_period = 30 + # Cooldown period between scaling activities + default_cooldown = 30 + lifecycle { # override the default destroy and replace update behavior @@ -56,11 +59,6 @@ resource "aws_launch_template" "worker" { name_prefix = "${var.name}-worker" image_id = local.ami_id instance_type = var.instance_type - monitoring { - enabled = false - } - - user_data = sensitive(base64encode(data.ct_config.worker.rendered)) # storage ebs_optimized = true @@ -76,14 +74,26 @@ resource "aws_launch_template" "worker" { } # network - vpc_security_group_ids = var.security_groups + network_interfaces { + associate_public_ip_address = true + security_groups = var.security_groups + } + + # boot + user_data = sensitive(base64encode(data.ct_config.worker.rendered)) # metadata metadata_options { http_tokens = "optional" } + monitoring { + enabled = false + } - # spot + # cost + credit_specification { + cpu_credits = var.cpu_credits + } dynamic "instance_market_options" { for_each = var.spot_price > 0 ? [1] : [] content { @@ -94,10 +104,6 @@ resource "aws_launch_template" "worker" { } } - credit_specification { - cpu_credits = var.cpu_credits - } - lifecycle { // Override the default destroy and replace update behavior create_before_destroy = true diff --git a/aws/flatcar-linux/kubernetes/controllers.tf b/aws/flatcar-linux/kubernetes/controllers.tf index a186d04a..90442cde 100644 --- a/aws/flatcar-linux/kubernetes/controllers.tf +++ b/aws/flatcar-linux/kubernetes/controllers.tf @@ -20,11 +20,8 @@ resource "aws_instance" "controllers" { tags = { Name = "${var.cluster_name}-controller-${count.index}" } - instance_type = var.controller_type - - ami = local.ami_id - user_data = data.ct_config.controllers.*.rendered[count.index] + ami = local.ami_id # storage root_block_device { @@ -32,7 +29,9 @@ resource "aws_instance" "controllers" { volume_size = var.controller_disk_size iops = var.controller_disk_iops encrypted = true - tags = {} + tags = { + Name = "${var.cluster_name}-controller-${count.index}" + } } # network @@ -40,6 +39,10 @@ resource "aws_instance" "controllers" { subnet_id = element(aws_subnet.public.*.id, count.index) vpc_security_group_ids = [aws_security_group.controller.id] + # boot + user_data = data.ct_config.controllers.*.rendered[count.index] + + # cost credit_specification { cpu_credits = var.controller_cpu_credits } diff --git a/aws/flatcar-linux/kubernetes/network.tf b/aws/flatcar-linux/kubernetes/network.tf index bdb4bff1..98ac9bba 100644 --- a/aws/flatcar-linux/kubernetes/network.tf +++ b/aws/flatcar-linux/kubernetes/network.tf @@ -47,17 +47,25 @@ resource "aws_route" "egress-ipv6" { resource "aws_subnet" "public" { count = length(data.aws_availability_zones.all.names) - vpc_id = aws_vpc.network.id - availability_zone = data.aws_availability_zones.all.names[count.index] - - cidr_block = cidrsubnet(var.host_cidr, 4, count.index) - ipv6_cidr_block = cidrsubnet(aws_vpc.network.ipv6_cidr_block, 8, count.index) - map_public_ip_on_launch = true - assign_ipv6_address_on_creation = true - tags = { "Name" = "${var.cluster_name}-public-${count.index}" } + vpc_id = aws_vpc.network.id + availability_zone = data.aws_availability_zones.all.names[count.index] + + # IPv4 and IPv6 CIDR blocks + cidr_block = cidrsubnet(var.host_cidr, 4, count.index) + ipv6_cidr_block = cidrsubnet(aws_vpc.network.ipv6_cidr_block, 8, count.index) + + # Assign IPv4 and IPv6 addresses to instances + map_public_ip_on_launch = true + assign_ipv6_address_on_creation = true + + # Hostnames assigned to instances + # resource-name: .region.compute.internal + private_dns_hostname_type_on_launch = "resource-name" + enable_resource_name_dns_a_record_on_launch = true + enable_resource_name_dns_aaaa_record_on_launch = true } resource "aws_route_table_association" "public" { diff --git a/aws/flatcar-linux/kubernetes/workers/workers.tf b/aws/flatcar-linux/kubernetes/workers/workers.tf index a20681f9..7f09f824 100644 --- a/aws/flatcar-linux/kubernetes/workers/workers.tf +++ b/aws/flatcar-linux/kubernetes/workers/workers.tf @@ -3,16 +3,14 @@ resource "aws_autoscaling_group" "workers" { name = "${var.name}-worker" # count - desired_capacity = var.worker_count - min_size = var.worker_count - max_size = var.worker_count + 2 - default_cooldown = 30 - health_check_grace_period = 30 + desired_capacity = var.worker_count + min_size = var.worker_count + max_size = var.worker_count + 2 # network vpc_zone_identifier = var.subnet_ids - # template + # instance template launch_template { id = aws_launch_template.worker.id version = aws_launch_template.worker.latest_version @@ -32,6 +30,10 @@ resource "aws_autoscaling_group" "workers" { min_healthy_percentage = 90 } } + # Grace period before checking new instance's health + health_check_grace_period = 30 + # Cooldown period between scaling activities + default_cooldown = 30 lifecycle { # override the default destroy and replace update behavior @@ -60,8 +62,6 @@ resource "aws_launch_template" "worker" { enabled = false } - user_data = sensitive(base64encode(data.ct_config.worker.rendered)) - # storage ebs_optimized = true block_device_mappings { @@ -76,7 +76,13 @@ resource "aws_launch_template" "worker" { } # network - vpc_security_group_ids = var.security_groups + network_interfaces { + associate_public_ip_address = true + security_groups = var.security_groups + } + + # boot + user_data = sensitive(base64encode(data.ct_config.worker.rendered)) # metadata metadata_options { From 3412060c3c6cd8e9aec038fdfc57b54e039d2c0a Mon Sep 17 00:00:00 2001 From: Dalton Hubble Date: Fri, 23 Aug 2024 07:18:42 -0700 Subject: [PATCH 097/132] Use Cilium kube-proxy replacement when Cilium CNI is used * When using the Cilium component, disable bootstrapping the kube-proxy DaemonSet. Instead, configure Cilium to provide its kube-proxy replacement with BPF * Update the self-managed Cilium component to use kube-proxy replacement as well --- CHANGES.md | 6 ++++-- addons/cilium/config.tf | 4 ++-- aws/fedora-coreos/kubernetes/bootstrap.tf | 2 +- aws/flatcar-linux/kubernetes/bootstrap.tf | 2 +- aws/flatcar-linux/kubernetes/workers/workers.tf | 15 +++++++-------- azure/fedora-coreos/kubernetes/bootstrap.tf | 2 +- azure/flatcar-linux/kubernetes/bootstrap.tf | 2 +- bare-metal/fedora-coreos/kubernetes/bootstrap.tf | 2 +- bare-metal/flatcar-linux/kubernetes/bootstrap.tf | 2 +- .../fedora-coreos/kubernetes/bootstrap.tf | 2 +- .../flatcar-linux/kubernetes/bootstrap.tf | 2 +- .../fedora-coreos/kubernetes/bootstrap.tf | 2 +- .../flatcar-linux/kubernetes/bootstrap.tf | 2 +- 13 files changed, 23 insertions(+), 22 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index 5cb88a2b..025ac6f7 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -7,11 +7,13 @@ Notable changes between versions. ## v1.31.0 * Kubernetes [v1.31.0](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.31.md#v1310) -* Fix invalid flannel-cni container image for those using flannel networking +* Use Cilium kube-proxy replacement mode when `cilium` networking is chosen ([#1501](https://github.com/poseidon/typhoon/pull/1501)) +* Fix invalid flannel-cni container image for those using `flannel` networking ([#1497](https://github.com/poseidon/typhoon/pull/1497)) ### AWS -* Use EC2 resource-based hostnames instead of IP-based hostnames. The Amazon DNS server can resolve A and AAAA queries to IPv4 and IPv6 node addresses +* Use EC2 resource-based hostnames instead of IP-based hostnames ([#1499](https://github.com/poseidon/typhoon/pull/1499)) + * The Amazon DNS server can resolve A and AAAA queries to IPv4 and IPv6 node addresses * Tag controller node EBS volumes with a name based on the controller node name ## v1.30.4 diff --git a/addons/cilium/config.tf b/addons/cilium/config.tf index 799428af..60cc03f1 100644 --- a/addons/cilium/config.tf +++ b/addons/cilium/config.tf @@ -128,8 +128,8 @@ resource "kubernetes_config_map" "cilium" { enable-bpf-masquerade = "true" # kube-proxy - kube-proxy-replacement = "false" - kube-proxy-replacement-healthz-bind-address = "" + kube-proxy-replacement = "true" + kube-proxy-replacement-healthz-bind-address = ":10256" enable-session-affinity = "true" # ClusterIPs from host namespace diff --git a/aws/fedora-coreos/kubernetes/bootstrap.tf b/aws/fedora-coreos/kubernetes/bootstrap.tf index 83818da6..1d3e4704 100644 --- a/aws/fedora-coreos/kubernetes/bootstrap.tf +++ b/aws/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=0b78c87997ff96547773e878458ec95485c8b91f" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=1ddecb1cef65c9715ed66b6c335634bc51f59613" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/aws/flatcar-linux/kubernetes/bootstrap.tf b/aws/flatcar-linux/kubernetes/bootstrap.tf index 83818da6..1d3e4704 100644 --- a/aws/flatcar-linux/kubernetes/bootstrap.tf +++ b/aws/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=0b78c87997ff96547773e878458ec95485c8b91f" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=1ddecb1cef65c9715ed66b6c335634bc51f59613" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/aws/flatcar-linux/kubernetes/workers/workers.tf b/aws/flatcar-linux/kubernetes/workers/workers.tf index 7f09f824..268650c7 100644 --- a/aws/flatcar-linux/kubernetes/workers/workers.tf +++ b/aws/flatcar-linux/kubernetes/workers/workers.tf @@ -58,9 +58,6 @@ resource "aws_launch_template" "worker" { name_prefix = "${var.name}-worker" image_id = local.ami_id instance_type = var.instance_type - monitoring { - enabled = false - } # storage ebs_optimized = true @@ -88,8 +85,14 @@ resource "aws_launch_template" "worker" { metadata_options { http_tokens = "optional" } + monitoring { + enabled = false + } - # spot + # cost + credit_specification { + cpu_credits = var.cpu_credits + } dynamic "instance_market_options" { for_each = var.spot_price > 0 ? [1] : [] content { @@ -100,10 +103,6 @@ resource "aws_launch_template" "worker" { } } - credit_specification { - cpu_credits = var.cpu_credits - } - lifecycle { // Override the default destroy and replace update behavior create_before_destroy = true diff --git a/azure/fedora-coreos/kubernetes/bootstrap.tf b/azure/fedora-coreos/kubernetes/bootstrap.tf index f2ad34ff..1535d8c9 100644 --- a/azure/fedora-coreos/kubernetes/bootstrap.tf +++ b/azure/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=0b78c87997ff96547773e878458ec95485c8b91f" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=1ddecb1cef65c9715ed66b6c335634bc51f59613" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/azure/flatcar-linux/kubernetes/bootstrap.tf b/azure/flatcar-linux/kubernetes/bootstrap.tf index f2ad34ff..1535d8c9 100644 --- a/azure/flatcar-linux/kubernetes/bootstrap.tf +++ b/azure/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=0b78c87997ff96547773e878458ec95485c8b91f" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=1ddecb1cef65c9715ed66b6c335634bc51f59613" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/bare-metal/fedora-coreos/kubernetes/bootstrap.tf b/bare-metal/fedora-coreos/kubernetes/bootstrap.tf index a6f44fc3..e2f48de3 100644 --- a/bare-metal/fedora-coreos/kubernetes/bootstrap.tf +++ b/bare-metal/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=0b78c87997ff96547773e878458ec95485c8b91f" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=1ddecb1cef65c9715ed66b6c335634bc51f59613" cluster_name = var.cluster_name api_servers = [var.k8s_domain_name] diff --git a/bare-metal/flatcar-linux/kubernetes/bootstrap.tf b/bare-metal/flatcar-linux/kubernetes/bootstrap.tf index c782311c..5253309f 100644 --- a/bare-metal/flatcar-linux/kubernetes/bootstrap.tf +++ b/bare-metal/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=0b78c87997ff96547773e878458ec95485c8b91f" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=1ddecb1cef65c9715ed66b6c335634bc51f59613" cluster_name = var.cluster_name api_servers = [var.k8s_domain_name] diff --git a/digital-ocean/fedora-coreos/kubernetes/bootstrap.tf b/digital-ocean/fedora-coreos/kubernetes/bootstrap.tf index e31ca917..d4b07299 100644 --- a/digital-ocean/fedora-coreos/kubernetes/bootstrap.tf +++ b/digital-ocean/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=0b78c87997ff96547773e878458ec95485c8b91f" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=1ddecb1cef65c9715ed66b6c335634bc51f59613" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/digital-ocean/flatcar-linux/kubernetes/bootstrap.tf b/digital-ocean/flatcar-linux/kubernetes/bootstrap.tf index e31ca917..d4b07299 100644 --- a/digital-ocean/flatcar-linux/kubernetes/bootstrap.tf +++ b/digital-ocean/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=0b78c87997ff96547773e878458ec95485c8b91f" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=1ddecb1cef65c9715ed66b6c335634bc51f59613" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/google-cloud/fedora-coreos/kubernetes/bootstrap.tf b/google-cloud/fedora-coreos/kubernetes/bootstrap.tf index 10698f85..bc06a1fb 100644 --- a/google-cloud/fedora-coreos/kubernetes/bootstrap.tf +++ b/google-cloud/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=0b78c87997ff96547773e878458ec95485c8b91f" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=1ddecb1cef65c9715ed66b6c335634bc51f59613" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/google-cloud/flatcar-linux/kubernetes/bootstrap.tf b/google-cloud/flatcar-linux/kubernetes/bootstrap.tf index 10698f85..bc06a1fb 100644 --- a/google-cloud/flatcar-linux/kubernetes/bootstrap.tf +++ b/google-cloud/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=0b78c87997ff96547773e878458ec95485c8b91f" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=1ddecb1cef65c9715ed66b6c335634bc51f59613" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] From 9a2448f7112a057b432507b326a8b9214f213c42 Mon Sep 17 00:00:00 2001 From: Dalton Hubble Date: Fri, 23 Aug 2024 13:06:47 -0700 Subject: [PATCH 098/132] Remove upper bound on azurerm provider version * Allow folks to start upgrading to azurerm provider v4.0.0, don't set an upper bound on versions going forward --- azure/fedora-coreos/kubernetes/versions.tf | 2 +- azure/fedora-coreos/kubernetes/workers/versions.tf | 2 +- azure/flatcar-linux/kubernetes/versions.tf | 2 +- azure/flatcar-linux/kubernetes/workers/versions.tf | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/azure/fedora-coreos/kubernetes/versions.tf b/azure/fedora-coreos/kubernetes/versions.tf index 2cc5ec75..c928a28b 100644 --- a/azure/fedora-coreos/kubernetes/versions.tf +++ b/azure/fedora-coreos/kubernetes/versions.tf @@ -3,7 +3,7 @@ terraform { required_version = ">= 0.13.0, < 2.0.0" required_providers { - azurerm = ">= 2.8, < 4.0" + azurerm = ">= 2.8" null = ">= 2.1" ct = { source = "poseidon/ct" diff --git a/azure/fedora-coreos/kubernetes/workers/versions.tf b/azure/fedora-coreos/kubernetes/workers/versions.tf index 4ca84265..7e40fee1 100644 --- a/azure/fedora-coreos/kubernetes/workers/versions.tf +++ b/azure/fedora-coreos/kubernetes/workers/versions.tf @@ -3,7 +3,7 @@ terraform { required_version = ">= 0.13.0, < 2.0.0" required_providers { - azurerm = ">= 2.8, < 4.0" + azurerm = ">= 2.8" ct = { source = "poseidon/ct" version = "~> 0.13" diff --git a/azure/flatcar-linux/kubernetes/versions.tf b/azure/flatcar-linux/kubernetes/versions.tf index 2cc5ec75..c928a28b 100644 --- a/azure/flatcar-linux/kubernetes/versions.tf +++ b/azure/flatcar-linux/kubernetes/versions.tf @@ -3,7 +3,7 @@ terraform { required_version = ">= 0.13.0, < 2.0.0" required_providers { - azurerm = ">= 2.8, < 4.0" + azurerm = ">= 2.8" null = ">= 2.1" ct = { source = "poseidon/ct" diff --git a/azure/flatcar-linux/kubernetes/workers/versions.tf b/azure/flatcar-linux/kubernetes/workers/versions.tf index 4ca84265..7e40fee1 100644 --- a/azure/flatcar-linux/kubernetes/workers/versions.tf +++ b/azure/flatcar-linux/kubernetes/workers/versions.tf @@ -3,7 +3,7 @@ terraform { required_version = ">= 0.13.0, < 2.0.0" required_providers { - azurerm = ">= 2.8, < 4.0" + azurerm = ">= 2.8" ct = { source = "poseidon/ct" version = "~> 0.13" From be9ba51269a7967996b4035e7b29780bbcff314e Mon Sep 17 00:00:00 2001 From: "dghubble-renovate[bot]" <119624128+dghubble-renovate[bot]@users.noreply.github.com> Date: Fri, 23 Aug 2024 22:00:56 +0000 Subject: [PATCH 099/132] Bump mkdocs-material from 9.5.32 to v9.5.33 --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index b4ed4c85..cbf07b98 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,4 +1,4 @@ mkdocs==1.6.0 -mkdocs-material==9.5.32 +mkdocs-material==9.5.33 pygments==2.18.0 pymdown-extensions==10.9 From 7d2d8e16e519cf48596b4d60116dcd226a79c51a Mon Sep 17 00:00:00 2001 From: Dalton Hubble Date: Tue, 27 Aug 2024 21:30:55 -0700 Subject: [PATCH 100/132] google: Use regional instance templates for workers * Use regional instance templates for the worker node regional managed instance groups. Regional instance templates are kept in the associated region, whereas the older "global" instance templates were kept in a particular region (regardless of where the MIG region) so outages in a region X could affect clusters in a region Y which is undesired --- CHANGES.md | 5 +++++ google-cloud/fedora-coreos/kubernetes/workers/workers.tf | 4 ++-- google-cloud/flatcar-linux/kubernetes/workers/workers.tf | 4 ++-- 3 files changed, 9 insertions(+), 4 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index 025ac6f7..32cda585 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -16,6 +16,11 @@ Notable changes between versions. * The Amazon DNS server can resolve A and AAAA queries to IPv4 and IPv6 node addresses * Tag controller node EBS volumes with a name based on the controller node name +### Google + +* Use `google_compute_region_instance_template` instead of `google_compute_instance_template` + * Google's regional instance template metadata is kept in the associated region for greater resiliency. The "global" instance templates were kept in a single region + ## v1.30.4 * Kubernetes [v1.30.4](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.30.md#v1304) diff --git a/google-cloud/fedora-coreos/kubernetes/workers/workers.tf b/google-cloud/fedora-coreos/kubernetes/workers/workers.tf index e9bbe6b1..85227587 100644 --- a/google-cloud/fedora-coreos/kubernetes/workers/workers.tf +++ b/google-cloud/fedora-coreos/kubernetes/workers/workers.tf @@ -8,7 +8,7 @@ resource "google_compute_region_instance_group_manager" "workers" { region = var.region version { name = "default" - instance_template = google_compute_instance_template.worker.self_link + instance_template = google_compute_region_instance_template.worker.self_link } # Roll out MIG instance template changes by replacing instances. @@ -58,7 +58,7 @@ resource "google_compute_health_check" "worker" { } # Worker instance template -resource "google_compute_instance_template" "worker" { +resource "google_compute_region_instance_template" "worker" { name_prefix = "${var.name}-worker-" description = "${var.name} worker instance template" machine_type = var.machine_type diff --git a/google-cloud/flatcar-linux/kubernetes/workers/workers.tf b/google-cloud/flatcar-linux/kubernetes/workers/workers.tf index ada00224..0ca0a8b1 100644 --- a/google-cloud/flatcar-linux/kubernetes/workers/workers.tf +++ b/google-cloud/flatcar-linux/kubernetes/workers/workers.tf @@ -8,7 +8,7 @@ resource "google_compute_region_instance_group_manager" "workers" { region = var.region version { name = "default" - instance_template = google_compute_instance_template.worker.self_link + instance_template = google_compute_region_instance_template.worker.self_link } # Roll out MIG instance template changes by replacing instances. @@ -58,7 +58,7 @@ resource "google_compute_health_check" "worker" { } # Worker instance template -resource "google_compute_instance_template" "worker" { +resource "google_compute_region_instance_template" "worker" { name_prefix = "${var.name}-worker-" description = "Worker Instance template" machine_type = var.machine_type From c72e99834cfee6dcdb55332a868b8bc03fcc3375 Mon Sep 17 00:00:00 2001 From: "dghubble-renovate[bot]" <119624128+dghubble-renovate[bot]@users.noreply.github.com> Date: Wed, 28 Aug 2024 06:01:05 +0000 Subject: [PATCH 101/132] Bump docker.io/flannel/flannel image from v0.25.5 to v0.25.6 --- addons/flannel/daemonset.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/addons/flannel/daemonset.tf b/addons/flannel/daemonset.tf index 30324073..6fe7b90c 100644 --- a/addons/flannel/daemonset.tf +++ b/addons/flannel/daemonset.tf @@ -73,7 +73,7 @@ resource "kubernetes_daemonset" "flannel" { container { name = "flannel" - image = "docker.io/flannel/flannel:v0.25.5" + image = "docker.io/flannel/flannel:v0.25.6" command = [ "/opt/bin/flanneld", "--ip-masq", From 6878fa9fe6cf2e9835d06c62e342d4aa160cfb51 Mon Sep 17 00:00:00 2001 From: "dghubble-renovate[bot]" <119624128+dghubble-renovate[bot]@users.noreply.github.com> Date: Sun, 1 Sep 2024 05:40:52 +0000 Subject: [PATCH 102/132] Bump mkdocs-material from 9.5.33 to v9.5.34 --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index cbf07b98..aab8b2ef 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,4 +1,4 @@ mkdocs==1.6.0 -mkdocs-material==9.5.33 +mkdocs-material==9.5.34 pygments==2.18.0 pymdown-extensions==10.9 From 3ae8794c6c557c1a2000fa8a594d6347c48250be Mon Sep 17 00:00:00 2001 From: "dghubble-renovate[bot]" <119624128+dghubble-renovate[bot]@users.noreply.github.com> Date: Wed, 18 Sep 2024 19:41:12 +0000 Subject: [PATCH 103/132] Bump mkdocs-material from 9.5.34 to v9.5.35 --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index aab8b2ef..61e75f1c 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,4 +1,4 @@ mkdocs==1.6.0 -mkdocs-material==9.5.34 +mkdocs-material==9.5.35 pygments==2.18.0 pymdown-extensions==10.9 From b2fad7771f358123dd3f799f8c9a9f7886138dd0 Mon Sep 17 00:00:00 2001 From: "dghubble-renovate[bot]" <119624128+dghubble-renovate[bot]@users.noreply.github.com> Date: Fri, 20 Sep 2024 20:21:26 +0000 Subject: [PATCH 104/132] Bump mkdocs from 1.6.0 to v1.6.1 --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 61e75f1c..21ff9535 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,4 +1,4 @@ -mkdocs==1.6.0 +mkdocs==1.6.1 mkdocs-material==9.5.35 pygments==2.18.0 pymdown-extensions==10.9 From 3f844e3c57051470b5930a81c254ad24f8590588 Mon Sep 17 00:00:00 2001 From: Jordan Pittier Date: Fri, 20 Sep 2024 23:31:17 +0200 Subject: [PATCH 105/132] google: Add controller_disk_type and worker_disk_type variables (#1513) * Add controller_disk_type and worker_disk_type variables * Properly pass disk_type to worker nodes --- CHANGES.md | 4 +++ docs/fedora-coreos/google-cloud.md | 35 ++++++++++--------- docs/flatcar-linux/google-cloud.md | 33 +++++++++-------- .../fedora-coreos/kubernetes/controllers.tf | 1 + .../fedora-coreos/kubernetes/variables.tf | 20 +++++++++++ .../fedora-coreos/kubernetes/workers.tf | 2 +- .../kubernetes/workers/variables.tf | 11 +++++- .../kubernetes/workers/workers.tf | 1 + .../flatcar-linux/kubernetes/controllers.tf | 1 + .../flatcar-linux/kubernetes/variables.tf | 20 +++++++++++ .../flatcar-linux/kubernetes/workers.tf | 2 +- .../kubernetes/workers/variables.tf | 11 +++++- .../kubernetes/workers/workers.tf | 1 + 13 files changed, 104 insertions(+), 38 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index 32cda585..576ef618 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -4,6 +4,10 @@ Notable changes between versions. ## Latest +### Google + +* Add `controller_disk_type` and `worker_disk_type` variables + ## v1.31.0 * Kubernetes [v1.31.0](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.31.md#v1310) diff --git a/docs/fedora-coreos/google-cloud.md b/docs/fedora-coreos/google-cloud.md index 3a383129..20f5c718 100644 --- a/docs/fedora-coreos/google-cloud.md +++ b/docs/fedora-coreos/google-cloud.md @@ -209,26 +209,27 @@ resource "google_dns_managed_zone" "zone-for-clusters" { ### Optional -| Name | Description | Default | Example | -|:-----|:------------|:--------|:--------| -| os_stream | Fedora CoreOS stream for compute instances | "stable" | "stable", "testing", "next" | -| controller_count | Number of controllers (i.e. masters) | 1 | 3 | -| controller_type | Machine type for controllers | "n1-standard-1" | See below | -| controller_disk_type | Controller disk size in GB | 30 | 20 | -| worker_count | Number of workers | 1 | 3 | -| worker_type | Machine type for workers | "n1-standard-1" | See below | -| worker_disk_size | Worker disk size in GB | 30 | 100 | -| worker_preemptible | If enabled, Compute Engine will terminate workers randomly within 24 hours | false | true | -| controller_snippets | Controller Butane snippets | [] | [examples](/advanced/customization/) | -| worker_snippets | Worker Butane snippets | [] | [examples](/advanced/customization/) | -| networking | Choice of networking provider | "cilium" | "calico" or "cilium" or "flannel" | -| pod_cidr | CIDR IPv4 range to assign to Kubernetes pods | "10.2.0.0/16" | "10.22.0.0/16" | -| service_cidr | CIDR IPv4 range to assign to Kubernetes services | "10.3.0.0/16" | "10.3.0.0/24" | -| worker_node_labels | List of initial worker node labels | [] | ["worker-pool=default"] | +| Name | Description | Default | Example | +|:---------------------|:---------------------------------------------------------------------------|:----------------|:-------------------------------------| +| os_stream | Fedora CoreOS stream for compute instances | "stable" | "stable", "testing", "next" | +| controller_count | Number of controllers (i.e. masters) | 1 | 3 | +| controller_type | Machine type for controllers | "n1-standard-1" | See below | +| controller_disk_size | Controller disk size in GB | 30 | 20 | +| controller_disk_type | Controller disk type | "pd-standard" | "pd-ssd" | +| worker_count | Number of workers | 1 | 3 | +| worker_type | Machine type for workers | "n1-standard-1" | See below | +| worker_disk_size | Worker disk size in GB | 30 | 100 | +| worker_disk_type | Worker disk type | "pd-standard" | "pd-ssd" | +| worker_preemptible | If enabled, Compute Engine will terminate workers randomly within 24 hours | false | true | +| controller_snippets | Controller Butane snippets | [] | [examples](/advanced/customization/) | +| worker_snippets | Worker Butane snippets | [] | [examples](/advanced/customization/) | +| networking | Choice of networking provider | "cilium" | "calico" or "cilium" or "flannel" | +| pod_cidr | CIDR IPv4 range to assign to Kubernetes pods | "10.2.0.0/16" | "10.22.0.0/16" | +| service_cidr | CIDR IPv4 range to assign to Kubernetes services | "10.3.0.0/16" | "10.3.0.0/24" | +| worker_node_labels | List of initial worker node labels | [] | ["worker-pool=default"] | Check the list of valid [machine types](https://cloud.google.com/compute/docs/machine-types). #### Preemption Add `worker_preemptible = "true"` to allow worker nodes to be [preempted](https://cloud.google.com/compute/docs/instances/preemptible) at random, but pay [significantly](https://cloud.google.com/compute/pricing) less. Clusters tolerate stopping instances fairly well (reschedules pods, but cannot drain) and preemption provides a nice reward for running fault-tolerant cluster systems.` - diff --git a/docs/flatcar-linux/google-cloud.md b/docs/flatcar-linux/google-cloud.md index b522e0fa..a404e4be 100644 --- a/docs/flatcar-linux/google-cloud.md +++ b/docs/flatcar-linux/google-cloud.md @@ -209,26 +209,25 @@ resource "google_dns_managed_zone" "zone-for-clusters" { ### Optional -| Name | Description | Default | Example | -|:-----|:------------|:--------|:--------| -| os_image | Flatcar Linux image for compute instances | "flatcar-stable" | flatcar-stable, flatcar-beta, flatcar-alpha | -| controller_count | Number of controllers (i.e. masters) | 1 | 3 | -| controller_type | Machine type for controllers | "n1-standard-1" | See below | -| controller_disk_type | Controller disk size in GB | 30 | 20 | -| worker_count | Number of workers | 1 | 3 | -| worker_type | Machine type for workers | "n1-standard-1" | See below | -| worker_disk_size | Worker disk size in GB | 30 | 100 | -| worker_preemptible | If enabled, Compute Engine will terminate workers randomly within 24 hours | false | true | -| controller_snippets | Controller Container Linux Config snippets | [] | [example](/advanced/customization/) | -| worker_snippets | Worker Container Linux Config snippets | [] | [example](/advanced/customization/) | -| networking | Choice of networking provider | "cilium" | "calico" or "cilium" or "flannel" | -| pod_cidr | CIDR IPv4 range to assign to Kubernetes pods | "10.2.0.0/16" | "10.22.0.0/16" | -| service_cidr | CIDR IPv4 range to assign to Kubernetes services | "10.3.0.0/16" | "10.3.0.0/24" | -| worker_node_labels | List of initial worker node labels | [] | ["worker-pool=default"] | +| Name | Description | Default | Example | +|:---------------------|:---------------------------------------------------------------------------|:-----------------|:--------------------------------------------| +| os_image | Flatcar Linux image for compute instances | "flatcar-stable" | flatcar-stable, flatcar-beta, flatcar-alpha | +| controller_count | Number of controllers (i.e. masters) | 1 | 3 | +| controller_type | Machine type for controllers | "n1-standard-1" | See below | +| controller_disk_size | Controller disk size in GB | 30 | 20 | +| worker_count | Number of workers | 1 | 3 | +| worker_type | Machine type for workers | "n1-standard-1" | See below | +| worker_disk_size | Worker disk size in GB | 30 | 100 | +| worker_preemptible | If enabled, Compute Engine will terminate workers randomly within 24 hours | false | true | +| controller_snippets | Controller Container Linux Config snippets | [] | [example](/advanced/customization/) | +| worker_snippets | Worker Container Linux Config snippets | [] | [example](/advanced/customization/) | +| networking | Choice of networking provider | "cilium" | "calico" or "cilium" or "flannel" | +| pod_cidr | CIDR IPv4 range to assign to Kubernetes pods | "10.2.0.0/16" | "10.22.0.0/16" | +| service_cidr | CIDR IPv4 range to assign to Kubernetes services | "10.3.0.0/16" | "10.3.0.0/24" | +| worker_node_labels | List of initial worker node labels | [] | ["worker-pool=default"] | Check the list of valid [machine types](https://cloud.google.com/compute/docs/machine-types). #### Preemption Add `worker_preemptible = "true"` to allow worker nodes to be [preempted](https://cloud.google.com/compute/docs/instances/preemptible) at random, but pay [significantly](https://cloud.google.com/compute/pricing) less. Clusters tolerate stopping instances fairly well (reschedules pods, but cannot drain) and preemption provides a nice reward for running fault-tolerant cluster systems.` - diff --git a/google-cloud/fedora-coreos/kubernetes/controllers.tf b/google-cloud/fedora-coreos/kubernetes/controllers.tf index 92261935..14e60963 100644 --- a/google-cloud/fedora-coreos/kubernetes/controllers.tf +++ b/google-cloud/fedora-coreos/kubernetes/controllers.tf @@ -44,6 +44,7 @@ resource "google_compute_instance" "controllers" { initialize_params { image = data.google_compute_image.fedora-coreos.self_link size = var.controller_disk_size + type = var.controller_disk_type } } diff --git a/google-cloud/fedora-coreos/kubernetes/variables.tf b/google-cloud/fedora-coreos/kubernetes/variables.tf index 39a83227..84d63179 100644 --- a/google-cloud/fedora-coreos/kubernetes/variables.tf +++ b/google-cloud/fedora-coreos/kubernetes/variables.tf @@ -51,6 +51,16 @@ variable "controller_disk_size" { default = 30 } +variable "controller_disk_type" { + type = string + description = "Type of managed disk for controller node(s)" + default = "pd-standard" + validation { + condition = contains(["pd-standard", "pd-ssd", "pd-balanced"], var.controller_disk_type) + error_message = "The controller_disk_type must be pd-standard, pd-ssd or pd-balanced." + } +} + variable "worker_count" { type = number description = "Number of workers" @@ -69,6 +79,16 @@ variable "worker_disk_size" { default = 30 } +variable "worker_disk_type" { + type = string + description = "Type of managed disk for worker nodes" + default = "pd-standard" + validation { + condition = contains(["pd-standard", "pd-ssd", "pd-balanced"], var.worker_disk_type) + error_message = "The worker_disk_type must be pd-standard, pd-ssd or pd-balanced." + } +} + variable "worker_preemptible" { type = bool description = "If enabled, Compute Engine will terminate workers randomly within 24 hours" diff --git a/google-cloud/fedora-coreos/kubernetes/workers.tf b/google-cloud/fedora-coreos/kubernetes/workers.tf index a20a1e7f..18d01fbc 100644 --- a/google-cloud/fedora-coreos/kubernetes/workers.tf +++ b/google-cloud/fedora-coreos/kubernetes/workers.tf @@ -10,6 +10,7 @@ module "workers" { machine_type = var.worker_type os_stream = var.os_stream disk_size = var.worker_disk_size + disk_type = var.worker_disk_type preemptible = var.worker_preemptible # configuration @@ -19,4 +20,3 @@ module "workers" { snippets = var.worker_snippets node_labels = var.worker_node_labels } - diff --git a/google-cloud/fedora-coreos/kubernetes/workers/variables.tf b/google-cloud/fedora-coreos/kubernetes/workers/variables.tf index 704c6bbc..7fd7a507 100644 --- a/google-cloud/fedora-coreos/kubernetes/workers/variables.tf +++ b/google-cloud/fedora-coreos/kubernetes/workers/variables.tf @@ -51,6 +51,16 @@ variable "disk_size" { default = 30 } +variable "disk_type" { + type = string + description = "Type of managed disk" + default = "pd-standard" + validation { + condition = contains(["pd-standard", "pd-ssd", "pd-balanced"], var.disk_type) + error_message = "The disk_type must be pd-standard, pd-ssd or pd-balanced." + } +} + variable "preemptible" { type = bool description = "If enabled, Compute Engine will terminate instances randomly within 24 hours" @@ -109,4 +119,3 @@ variable "accelerator_count" { default = "0" description = "Number of compute engine accelerators" } - diff --git a/google-cloud/fedora-coreos/kubernetes/workers/workers.tf b/google-cloud/fedora-coreos/kubernetes/workers/workers.tf index 85227587..86f7ce61 100644 --- a/google-cloud/fedora-coreos/kubernetes/workers/workers.tf +++ b/google-cloud/fedora-coreos/kubernetes/workers/workers.tf @@ -80,6 +80,7 @@ resource "google_compute_region_instance_template" "worker" { boot = true source_image = data.google_compute_image.fedora-coreos.self_link disk_size_gb = var.disk_size + disk_type = var.disk_type } network_interface { diff --git a/google-cloud/flatcar-linux/kubernetes/controllers.tf b/google-cloud/flatcar-linux/kubernetes/controllers.tf index b05dc375..8dd0ee70 100644 --- a/google-cloud/flatcar-linux/kubernetes/controllers.tf +++ b/google-cloud/flatcar-linux/kubernetes/controllers.tf @@ -45,6 +45,7 @@ resource "google_compute_instance" "controllers" { initialize_params { image = data.google_compute_image.flatcar-linux.self_link size = var.controller_disk_size + type = var.controller_disk_type } } diff --git a/google-cloud/flatcar-linux/kubernetes/variables.tf b/google-cloud/flatcar-linux/kubernetes/variables.tf index 1a6c0f7e..fd2f77b8 100644 --- a/google-cloud/flatcar-linux/kubernetes/variables.tf +++ b/google-cloud/flatcar-linux/kubernetes/variables.tf @@ -51,6 +51,16 @@ variable "controller_disk_size" { default = 30 } +variable "controller_disk_type" { + type = string + description = "Type of managed disk for controller node(s)" + default = "pd-standard" + validation { + condition = contains(["pd-standard", "pd-ssd", "pd-balanced"], var.controller_disk_type) + error_message = "The controller_disk_type must be pd-standard, pd-ssd or pd-balanced." + } +} + variable "worker_count" { type = number description = "Number of workers" @@ -69,6 +79,16 @@ variable "worker_disk_size" { default = 30 } +variable "worker_disk_type" { + type = string + description = "Type of managed disk for worker nodes" + default = "pd-standard" + validation { + condition = contains(["pd-standard", "pd-ssd", "pd-balanced"], var.worker_disk_type) + error_message = "The worker_disk_type must be pd-standard, pd-ssd or pd-balanced." + } +} + variable "worker_preemptible" { type = bool description = "If enabled, Compute Engine will terminate workers randomly within 24 hours" diff --git a/google-cloud/flatcar-linux/kubernetes/workers.tf b/google-cloud/flatcar-linux/kubernetes/workers.tf index b3a6ce12..d539f692 100644 --- a/google-cloud/flatcar-linux/kubernetes/workers.tf +++ b/google-cloud/flatcar-linux/kubernetes/workers.tf @@ -10,6 +10,7 @@ module "workers" { machine_type = var.worker_type os_image = var.os_image disk_size = var.worker_disk_size + disk_type = var.worker_disk_type preemptible = var.worker_preemptible # configuration @@ -19,4 +20,3 @@ module "workers" { snippets = var.worker_snippets node_labels = var.worker_node_labels } - diff --git a/google-cloud/flatcar-linux/kubernetes/workers/variables.tf b/google-cloud/flatcar-linux/kubernetes/workers/variables.tf index 165bf25f..b7e803fb 100644 --- a/google-cloud/flatcar-linux/kubernetes/workers/variables.tf +++ b/google-cloud/flatcar-linux/kubernetes/workers/variables.tf @@ -51,6 +51,16 @@ variable "disk_size" { default = 30 } +variable "disk_type" { + type = string + description = "Type of managed disk" + default = "pd-standard" + validation { + condition = contains(["pd-standard", "pd-ssd", "pd-balanced"], var.disk_type) + error_message = "The disk_type must be pd-standard, pd-ssd or pd-balanced." + } +} + variable "preemptible" { type = bool description = "If enabled, Compute Engine will terminate instances randomly within 24 hours" @@ -109,4 +119,3 @@ variable "accelerator_count" { default = "0" description = "Number of compute engine accelerators" } - diff --git a/google-cloud/flatcar-linux/kubernetes/workers/workers.tf b/google-cloud/flatcar-linux/kubernetes/workers/workers.tf index 0ca0a8b1..3d971c04 100644 --- a/google-cloud/flatcar-linux/kubernetes/workers/workers.tf +++ b/google-cloud/flatcar-linux/kubernetes/workers/workers.tf @@ -80,6 +80,7 @@ resource "google_compute_region_instance_template" "worker" { boot = true source_image = data.google_compute_image.flatcar-linux.self_link disk_size_gb = var.disk_size + disk_type = var.disk_type } network_interface { From 598f707cbd688bbf718b90b1e6c018da0a321106 Mon Sep 17 00:00:00 2001 From: Dalton Hubble Date: Fri, 20 Sep 2024 14:43:39 -0700 Subject: [PATCH 106/132] Update Kubernetes from v1.31.0 to v1.31.1 * https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.31.md#v1311 --- CHANGES.md | 5 +++- README.md | 10 +++---- aws/fedora-coreos/kubernetes/README.md | 2 +- aws/fedora-coreos/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/workers/butane/worker.yaml | 2 +- aws/flatcar-linux/kubernetes/README.md | 2 +- aws/flatcar-linux/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/workers/butane/worker.yaml | 2 +- azure/fedora-coreos/kubernetes/README.md | 2 +- azure/fedora-coreos/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/workers/butane/worker.yaml | 2 +- azure/flatcar-linux/kubernetes/README.md | 2 +- azure/flatcar-linux/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/workers/butane/worker.yaml | 2 +- bare-metal/fedora-coreos/kubernetes/README.md | 2 +- .../fedora-coreos/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/worker/butane/worker.yaml | 2 +- bare-metal/flatcar-linux/kubernetes/README.md | 2 +- .../flatcar-linux/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/worker/butane/worker.yaml | 2 +- .../fedora-coreos/kubernetes/README.md | 2 +- .../fedora-coreos/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/butane/worker.yaml | 2 +- .../flatcar-linux/kubernetes/README.md | 2 +- .../flatcar-linux/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/butane/worker.yaml | 2 +- docs/advanced/arm64.md | 28 +++++++++---------- docs/advanced/nodes.md | 8 +++--- docs/advanced/worker-pools.md | 22 +++++++-------- docs/fedora-coreos/aws.md | 10 +++---- docs/fedora-coreos/azure.md | 10 +++---- docs/fedora-coreos/bare-metal.md | 12 ++++---- docs/fedora-coreos/digitalocean.md | 10 +++---- docs/fedora-coreos/google-cloud.md | 10 +++---- docs/flatcar-linux/aws.md | 10 +++---- docs/flatcar-linux/azure.md | 10 +++---- docs/flatcar-linux/bare-metal.md | 12 ++++---- docs/flatcar-linux/digitalocean.md | 10 +++---- docs/flatcar-linux/google-cloud.md | 10 +++---- docs/index.md | 10 +++---- docs/topics/maintenance.md | 8 +++--- .../fedora-coreos/kubernetes/README.md | 2 +- .../fedora-coreos/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/workers/butane/worker.yaml | 2 +- .../flatcar-linux/kubernetes/README.md | 2 +- .../flatcar-linux/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/workers/butane/worker.yaml | 2 +- 57 files changed, 149 insertions(+), 146 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index 576ef618..ad29f97b 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -4,9 +4,12 @@ Notable changes between versions. ## Latest +* Kubernetes [v1.31.1](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.31.md#v1311) +* Update flannel from v0.25.5 to [v0.25.6](https://github.com/flannel-io/flannel/releases/tag/v0.25.6) + ### Google -* Add `controller_disk_type` and `worker_disk_type` variables +* Add `controller_disk_type` and `worker_disk_type` variables ([#1513](https://github.com/poseidon/typhoon/pull/1513)) ## v1.31.0 diff --git a/README.md b/README.md index 5712aff1..460495f9 100644 --- a/README.md +++ b/README.md @@ -18,7 +18,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.31.0 (upstream) +* Kubernetes v1.31.1 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/), SELinux enforcing * Advanced features like [worker pools](https://typhoon.psdn.io/advanced/worker-pools/), [preemptible](https://typhoon.psdn.io/flatcar-linux/google-cloud/#preemption) workers, and [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization @@ -78,7 +78,7 @@ Define a Kubernetes cluster by using the Terraform module for your chosen platfo ```tf module "yavin" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.31.0" + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.31.1" # Google Cloud cluster_name = "yavin" @@ -117,9 +117,9 @@ In 4-8 minutes (varies by platform), the cluster will be ready. This Google Clou $ export KUBECONFIG=/home/user/.kube/configs/yavin-config $ kubectl get nodes NAME ROLES STATUS AGE VERSION -yavin-controller-0.c.example-com.internal Ready 6m v1.31.0 -yavin-worker-jrbf.c.example-com.internal Ready 5m v1.31.0 -yavin-worker-mzdm.c.example-com.internal Ready 5m v1.31.0 +yavin-controller-0.c.example-com.internal Ready 6m v1.31.1 +yavin-worker-jrbf.c.example-com.internal Ready 5m v1.31.1 +yavin-worker-mzdm.c.example-com.internal Ready 5m v1.31.1 ``` List the pods. diff --git a/aws/fedora-coreos/kubernetes/README.md b/aws/fedora-coreos/kubernetes/README.md index 3426cfb7..7b94ced0 100644 --- a/aws/fedora-coreos/kubernetes/README.md +++ b/aws/fedora-coreos/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.31.0 (upstream) +* Kubernetes v1.31.1 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/), SELinux enforcing * Advanced features like [worker pools](https://typhoon.psdn.io/advanced/worker-pools/), [spot](https://typhoon.psdn.io/fedora-coreos/aws/#spot) workers, and [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/aws/fedora-coreos/kubernetes/bootstrap.tf b/aws/fedora-coreos/kubernetes/bootstrap.tf index 1d3e4704..3674567b 100644 --- a/aws/fedora-coreos/kubernetes/bootstrap.tf +++ b/aws/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=1ddecb1cef65c9715ed66b6c335634bc51f59613" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=1cfc6544945e7c178d6a69be2439a01e060d3528" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/aws/fedora-coreos/kubernetes/butane/controller.yaml b/aws/fedora-coreos/kubernetes/butane/controller.yaml index 9b24ebda..00f57a77 100644 --- a/aws/fedora-coreos/kubernetes/butane/controller.yaml +++ b/aws/fedora-coreos/kubernetes/butane/controller.yaml @@ -57,7 +57,7 @@ systemd: After=afterburn.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.0 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.1 EnvironmentFile=/run/metadata/afterburn ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests @@ -116,7 +116,7 @@ systemd: --volume /opt/bootstrap/assets:/assets:ro,Z \ --volume /opt/bootstrap/apply:/apply:ro,Z \ --entrypoint=/apply \ - quay.io/poseidon/kubelet:v1.31.0 + quay.io/poseidon/kubelet:v1.31.1 ExecStartPost=/bin/touch /opt/bootstrap/bootstrap.done ExecStartPost=-/usr/bin/podman stop bootstrap storage: diff --git a/aws/fedora-coreos/kubernetes/workers/butane/worker.yaml b/aws/fedora-coreos/kubernetes/workers/butane/worker.yaml index d4952cd9..8f8ea940 100644 --- a/aws/fedora-coreos/kubernetes/workers/butane/worker.yaml +++ b/aws/fedora-coreos/kubernetes/workers/butane/worker.yaml @@ -29,7 +29,7 @@ systemd: After=afterburn.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.0 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.1 EnvironmentFile=/run/metadata/afterburn ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests diff --git a/aws/flatcar-linux/kubernetes/README.md b/aws/flatcar-linux/kubernetes/README.md index 0485610c..90b94ead 100644 --- a/aws/flatcar-linux/kubernetes/README.md +++ b/aws/flatcar-linux/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.31.0 (upstream) +* Kubernetes v1.31.1 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/) * Advanced features like [worker pools](https://typhoon.psdn.io/advanced/worker-pools/), [spot](https://typhoon.psdn.io/flatcar-linux/aws/#spot) workers, and [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/aws/flatcar-linux/kubernetes/bootstrap.tf b/aws/flatcar-linux/kubernetes/bootstrap.tf index 1d3e4704..3674567b 100644 --- a/aws/flatcar-linux/kubernetes/bootstrap.tf +++ b/aws/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=1ddecb1cef65c9715ed66b6c335634bc51f59613" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=1cfc6544945e7c178d6a69be2439a01e060d3528" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/aws/flatcar-linux/kubernetes/butane/controller.yaml b/aws/flatcar-linux/kubernetes/butane/controller.yaml index 758fe9ff..3f4148ad 100644 --- a/aws/flatcar-linux/kubernetes/butane/controller.yaml +++ b/aws/flatcar-linux/kubernetes/butane/controller.yaml @@ -58,7 +58,7 @@ systemd: After=coreos-metadata.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.0 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.1 EnvironmentFile=/run/metadata/coreos ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests @@ -109,7 +109,7 @@ systemd: Type=oneshot RemainAfterExit=true WorkingDirectory=/opt/bootstrap - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.0 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.1 ExecStart=/usr/bin/docker run \ -v /etc/kubernetes/pki:/etc/kubernetes/pki:ro \ -v /opt/bootstrap/assets:/assets:ro \ diff --git a/aws/flatcar-linux/kubernetes/workers/butane/worker.yaml b/aws/flatcar-linux/kubernetes/workers/butane/worker.yaml index 00e65d1f..cd369b96 100644 --- a/aws/flatcar-linux/kubernetes/workers/butane/worker.yaml +++ b/aws/flatcar-linux/kubernetes/workers/butane/worker.yaml @@ -30,7 +30,7 @@ systemd: After=coreos-metadata.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.0 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.1 EnvironmentFile=/run/metadata/coreos ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests diff --git a/azure/fedora-coreos/kubernetes/README.md b/azure/fedora-coreos/kubernetes/README.md index 52351dfd..02584247 100644 --- a/azure/fedora-coreos/kubernetes/README.md +++ b/azure/fedora-coreos/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.31.0 (upstream) +* Kubernetes v1.31.1 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/), SELinux enforcing * Advanced features like [worker pools](https://typhoon.psdn.io/advanced/worker-pools/), [spot priority](https://typhoon.psdn.io/fedora-coreos/azure/#low-priority) workers, and [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/azure/fedora-coreos/kubernetes/bootstrap.tf b/azure/fedora-coreos/kubernetes/bootstrap.tf index 1535d8c9..fa980d68 100644 --- a/azure/fedora-coreos/kubernetes/bootstrap.tf +++ b/azure/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=1ddecb1cef65c9715ed66b6c335634bc51f59613" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=1cfc6544945e7c178d6a69be2439a01e060d3528" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/azure/fedora-coreos/kubernetes/butane/controller.yaml b/azure/fedora-coreos/kubernetes/butane/controller.yaml index 6b754ba9..85f1bec7 100644 --- a/azure/fedora-coreos/kubernetes/butane/controller.yaml +++ b/azure/fedora-coreos/kubernetes/butane/controller.yaml @@ -54,7 +54,7 @@ systemd: Description=Kubelet (System Container) Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.0 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.1 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin @@ -111,7 +111,7 @@ systemd: --volume /opt/bootstrap/assets:/assets:ro,Z \ --volume /opt/bootstrap/apply:/apply:ro,Z \ --entrypoint=/apply \ - quay.io/poseidon/kubelet:v1.31.0 + quay.io/poseidon/kubelet:v1.31.1 ExecStartPost=/bin/touch /opt/bootstrap/bootstrap.done ExecStartPost=-/usr/bin/podman stop bootstrap storage: diff --git a/azure/fedora-coreos/kubernetes/workers/butane/worker.yaml b/azure/fedora-coreos/kubernetes/workers/butane/worker.yaml index 0164c2a8..1a5df71c 100644 --- a/azure/fedora-coreos/kubernetes/workers/butane/worker.yaml +++ b/azure/fedora-coreos/kubernetes/workers/butane/worker.yaml @@ -26,7 +26,7 @@ systemd: Description=Kubelet (System Container) Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.0 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.1 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin diff --git a/azure/flatcar-linux/kubernetes/README.md b/azure/flatcar-linux/kubernetes/README.md index d4ef3c5c..9856e71c 100644 --- a/azure/flatcar-linux/kubernetes/README.md +++ b/azure/flatcar-linux/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.31.0 (upstream) +* Kubernetes v1.31.1 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/) * Advanced features like [worker pools](https://typhoon.psdn.io/advanced/worker-pools/), [low-priority](https://typhoon.psdn.io/flatcar-linux/azure/#low-priority) workers, and [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/azure/flatcar-linux/kubernetes/bootstrap.tf b/azure/flatcar-linux/kubernetes/bootstrap.tf index 1535d8c9..fa980d68 100644 --- a/azure/flatcar-linux/kubernetes/bootstrap.tf +++ b/azure/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=1ddecb1cef65c9715ed66b6c335634bc51f59613" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=1cfc6544945e7c178d6a69be2439a01e060d3528" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/azure/flatcar-linux/kubernetes/butane/controller.yaml b/azure/flatcar-linux/kubernetes/butane/controller.yaml index 676337db..3d0f9fd0 100644 --- a/azure/flatcar-linux/kubernetes/butane/controller.yaml +++ b/azure/flatcar-linux/kubernetes/butane/controller.yaml @@ -56,7 +56,7 @@ systemd: After=docker.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.0 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.1 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin @@ -105,7 +105,7 @@ systemd: Type=oneshot RemainAfterExit=true WorkingDirectory=/opt/bootstrap - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.0 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.1 ExecStart=/usr/bin/docker run \ -v /etc/kubernetes/pki:/etc/kubernetes/pki:ro \ -v /opt/bootstrap/assets:/assets:ro \ diff --git a/azure/flatcar-linux/kubernetes/workers/butane/worker.yaml b/azure/flatcar-linux/kubernetes/workers/butane/worker.yaml index e701240b..913d31e5 100644 --- a/azure/flatcar-linux/kubernetes/workers/butane/worker.yaml +++ b/azure/flatcar-linux/kubernetes/workers/butane/worker.yaml @@ -28,7 +28,7 @@ systemd: After=docker.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.0 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.1 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin diff --git a/bare-metal/fedora-coreos/kubernetes/README.md b/bare-metal/fedora-coreos/kubernetes/README.md index 25590992..5bec94c3 100644 --- a/bare-metal/fedora-coreos/kubernetes/README.md +++ b/bare-metal/fedora-coreos/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.31.0 (upstream) +* Kubernetes v1.31.1 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/), SELinux enforcing * Advanced features like [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/bare-metal/fedora-coreos/kubernetes/bootstrap.tf b/bare-metal/fedora-coreos/kubernetes/bootstrap.tf index e2f48de3..62020152 100644 --- a/bare-metal/fedora-coreos/kubernetes/bootstrap.tf +++ b/bare-metal/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=1ddecb1cef65c9715ed66b6c335634bc51f59613" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=1cfc6544945e7c178d6a69be2439a01e060d3528" cluster_name = var.cluster_name api_servers = [var.k8s_domain_name] diff --git a/bare-metal/fedora-coreos/kubernetes/butane/controller.yaml b/bare-metal/fedora-coreos/kubernetes/butane/controller.yaml index ddb21b39..4b3d451a 100644 --- a/bare-metal/fedora-coreos/kubernetes/butane/controller.yaml +++ b/bare-metal/fedora-coreos/kubernetes/butane/controller.yaml @@ -53,7 +53,7 @@ systemd: Description=Kubelet (System Container) Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.0 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.1 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin @@ -113,7 +113,7 @@ systemd: Type=oneshot RemainAfterExit=true WorkingDirectory=/opt/bootstrap - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.0 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.1 ExecStartPre=-/usr/bin/podman rm bootstrap ExecStart=/usr/bin/podman run --name bootstrap \ --network host \ diff --git a/bare-metal/fedora-coreos/kubernetes/worker/butane/worker.yaml b/bare-metal/fedora-coreos/kubernetes/worker/butane/worker.yaml index 105d8da9..c0c853c6 100644 --- a/bare-metal/fedora-coreos/kubernetes/worker/butane/worker.yaml +++ b/bare-metal/fedora-coreos/kubernetes/worker/butane/worker.yaml @@ -25,7 +25,7 @@ systemd: Description=Kubelet (System Container) Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.0 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.1 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin diff --git a/bare-metal/flatcar-linux/kubernetes/README.md b/bare-metal/flatcar-linux/kubernetes/README.md index 4b178b22..000e5052 100644 --- a/bare-metal/flatcar-linux/kubernetes/README.md +++ b/bare-metal/flatcar-linux/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.31.0 (upstream) +* Kubernetes v1.31.1 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/) * Advanced features like [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/bare-metal/flatcar-linux/kubernetes/bootstrap.tf b/bare-metal/flatcar-linux/kubernetes/bootstrap.tf index 5253309f..0572aaca 100644 --- a/bare-metal/flatcar-linux/kubernetes/bootstrap.tf +++ b/bare-metal/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=1ddecb1cef65c9715ed66b6c335634bc51f59613" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=1cfc6544945e7c178d6a69be2439a01e060d3528" cluster_name = var.cluster_name api_servers = [var.k8s_domain_name] diff --git a/bare-metal/flatcar-linux/kubernetes/butane/controller.yaml b/bare-metal/flatcar-linux/kubernetes/butane/controller.yaml index 4801e11a..b9584682 100644 --- a/bare-metal/flatcar-linux/kubernetes/butane/controller.yaml +++ b/bare-metal/flatcar-linux/kubernetes/butane/controller.yaml @@ -64,7 +64,7 @@ systemd: After=docker.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.0 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.1 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin @@ -114,7 +114,7 @@ systemd: Type=oneshot RemainAfterExit=true WorkingDirectory=/opt/bootstrap - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.0 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.1 ExecStart=/usr/bin/docker run \ -v /etc/kubernetes/pki:/etc/kubernetes/pki:ro \ -v /opt/bootstrap/assets:/assets:ro \ diff --git a/bare-metal/flatcar-linux/kubernetes/worker/butane/worker.yaml b/bare-metal/flatcar-linux/kubernetes/worker/butane/worker.yaml index 1ae30dce..aa748656 100644 --- a/bare-metal/flatcar-linux/kubernetes/worker/butane/worker.yaml +++ b/bare-metal/flatcar-linux/kubernetes/worker/butane/worker.yaml @@ -36,7 +36,7 @@ systemd: After=docker.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.0 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.1 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin diff --git a/digital-ocean/fedora-coreos/kubernetes/README.md b/digital-ocean/fedora-coreos/kubernetes/README.md index e10b5ae3..15262592 100644 --- a/digital-ocean/fedora-coreos/kubernetes/README.md +++ b/digital-ocean/fedora-coreos/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.31.0 (upstream) +* Kubernetes v1.31.1 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/), SELinux enforcing * Advanced features like [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/digital-ocean/fedora-coreos/kubernetes/bootstrap.tf b/digital-ocean/fedora-coreos/kubernetes/bootstrap.tf index d4b07299..dbdf74b5 100644 --- a/digital-ocean/fedora-coreos/kubernetes/bootstrap.tf +++ b/digital-ocean/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=1ddecb1cef65c9715ed66b6c335634bc51f59613" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=1cfc6544945e7c178d6a69be2439a01e060d3528" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/digital-ocean/fedora-coreos/kubernetes/butane/controller.yaml b/digital-ocean/fedora-coreos/kubernetes/butane/controller.yaml index 6794618b..06d866a0 100644 --- a/digital-ocean/fedora-coreos/kubernetes/butane/controller.yaml +++ b/digital-ocean/fedora-coreos/kubernetes/butane/controller.yaml @@ -55,7 +55,7 @@ systemd: After=afterburn.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.0 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.1 EnvironmentFile=/run/metadata/afterburn ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests @@ -123,7 +123,7 @@ systemd: --volume /opt/bootstrap/assets:/assets:ro,Z \ --volume /opt/bootstrap/apply:/apply:ro,Z \ --entrypoint=/apply \ - quay.io/poseidon/kubelet:v1.31.0 + quay.io/poseidon/kubelet:v1.31.1 ExecStartPost=/bin/touch /opt/bootstrap/bootstrap.done ExecStartPost=-/usr/bin/podman stop bootstrap storage: diff --git a/digital-ocean/fedora-coreos/kubernetes/butane/worker.yaml b/digital-ocean/fedora-coreos/kubernetes/butane/worker.yaml index d233f86b..dd62e31a 100644 --- a/digital-ocean/fedora-coreos/kubernetes/butane/worker.yaml +++ b/digital-ocean/fedora-coreos/kubernetes/butane/worker.yaml @@ -28,7 +28,7 @@ systemd: After=afterburn.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.0 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.1 EnvironmentFile=/run/metadata/afterburn ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests diff --git a/digital-ocean/flatcar-linux/kubernetes/README.md b/digital-ocean/flatcar-linux/kubernetes/README.md index ea43fd7b..23705a89 100644 --- a/digital-ocean/flatcar-linux/kubernetes/README.md +++ b/digital-ocean/flatcar-linux/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.31.0 (upstream) +* Kubernetes v1.31.1 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/) * Advanced features like [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/digital-ocean/flatcar-linux/kubernetes/bootstrap.tf b/digital-ocean/flatcar-linux/kubernetes/bootstrap.tf index d4b07299..dbdf74b5 100644 --- a/digital-ocean/flatcar-linux/kubernetes/bootstrap.tf +++ b/digital-ocean/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=1ddecb1cef65c9715ed66b6c335634bc51f59613" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=1cfc6544945e7c178d6a69be2439a01e060d3528" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/digital-ocean/flatcar-linux/kubernetes/butane/controller.yaml b/digital-ocean/flatcar-linux/kubernetes/butane/controller.yaml index 585fc230..e0f4f6f8 100644 --- a/digital-ocean/flatcar-linux/kubernetes/butane/controller.yaml +++ b/digital-ocean/flatcar-linux/kubernetes/butane/controller.yaml @@ -66,7 +66,7 @@ systemd: After=coreos-metadata.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.0 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.1 EnvironmentFile=/run/metadata/coreos ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests @@ -117,7 +117,7 @@ systemd: Type=oneshot RemainAfterExit=true WorkingDirectory=/opt/bootstrap - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.0 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.1 ExecStart=/usr/bin/docker run \ -v /etc/kubernetes/pki:/etc/kubernetes/pki:ro \ -v /opt/bootstrap/assets:/assets:ro \ diff --git a/digital-ocean/flatcar-linux/kubernetes/butane/worker.yaml b/digital-ocean/flatcar-linux/kubernetes/butane/worker.yaml index 6fe75f38..973d07bd 100644 --- a/digital-ocean/flatcar-linux/kubernetes/butane/worker.yaml +++ b/digital-ocean/flatcar-linux/kubernetes/butane/worker.yaml @@ -38,7 +38,7 @@ systemd: After=coreos-metadata.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.0 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.1 EnvironmentFile=/run/metadata/coreos ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests diff --git a/docs/advanced/arm64.md b/docs/advanced/arm64.md index 13ad3a5c..d85926dd 100644 --- a/docs/advanced/arm64.md +++ b/docs/advanced/arm64.md @@ -13,7 +13,7 @@ Create a cluster on AWS with ARM64 controller and worker nodes. Container worklo ```tf module "gravitas" { - source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes?ref=v1.31.0" + source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes?ref=v1.31.1" # AWS cluster_name = "gravitas" @@ -37,7 +37,7 @@ Create a cluster on AWS with ARM64 controller and worker nodes. Container worklo ```tf module "gravitas" { - source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes?ref=v1.31.0" + source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes?ref=v1.31.1" # AWS cluster_name = "gravitas" @@ -62,9 +62,9 @@ Verify the cluster has only arm64 (`aarch64`) nodes. For Flatcar Linux, describe ``` $ kubectl get nodes -o wide NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME -ip-10-0-21-119 Ready 77s v1.31.0 10.0.21.119 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.aarch64 containerd://1.5.8 -ip-10-0-32-166 Ready 80s v1.31.0 10.0.32.166 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.aarch64 containerd://1.5.8 -ip-10-0-5-79 Ready 77s v1.31.0 10.0.5.79 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.aarch64 containerd://1.5.8 +ip-10-0-21-119 Ready 77s v1.31.1 10.0.21.119 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.aarch64 containerd://1.5.8 +ip-10-0-32-166 Ready 80s v1.31.1 10.0.32.166 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.aarch64 containerd://1.5.8 +ip-10-0-5-79 Ready 77s v1.31.1 10.0.5.79 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.aarch64 containerd://1.5.8 ``` ## Azure @@ -73,7 +73,7 @@ Create a cluster on Azure with ARM64 controller and worker nodes. Container work ```tf module "ramius" { - source = "git::https://github.com/poseidon/typhoon//azure/flatcar-linux/kubernetes?ref=v1.31.0" + source = "git::https://github.com/poseidon/typhoon//azure/flatcar-linux/kubernetes?ref=v1.31.1" # Azure cluster_name = "ramius" @@ -103,7 +103,7 @@ Here's an AWS example, ```tf module "gravitas" { - source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes?ref=v1.31.0" + source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes?ref=v1.31.1" # AWS cluster_name = "gravitas" @@ -127,7 +127,7 @@ Here's an AWS example, ```tf module "gravitas" { - source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes?ref=v1.31.0" + source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes?ref=v1.31.1" # AWS cluster_name = "gravitas" @@ -151,7 +151,7 @@ Here's an AWS example, ```tf module "gravitas-arm64" { - source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes/workers?ref=v1.31.0" + source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes/workers?ref=v1.31.1" # AWS vpc_id = module.gravitas.vpc_id @@ -175,7 +175,7 @@ Here's an AWS example, ```tf module "gravitas-arm64" { - source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes/workers?ref=v1.31.0" + source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes/workers?ref=v1.31.1" # AWS vpc_id = module.gravitas.vpc_id @@ -200,9 +200,9 @@ Verify amd64 (x86_64) and arm64 (aarch64) nodes are present. ``` $ kubectl get nodes -o wide NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME -ip-10-0-1-73 Ready 111m v1.31.0 10.0.1.73 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.x86_64 containerd://1.5.8 -ip-10-0-22-79... Ready 111m v1.31.0 10.0.22.79 Flatcar Container Linux by Kinvolk 3033.2.0 (Oklo) 5.10.84-flatcar containerd://1.5.8 -ip-10-0-24-130 Ready 111m v1.31.0 10.0.24.130 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.x86_64 containerd://1.5.8 -ip-10-0-39-19 Ready 111m v1.31.0 10.0.39.19 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.x86_64 containerd://1.5.8 +ip-10-0-1-73 Ready 111m v1.31.1 10.0.1.73 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.x86_64 containerd://1.5.8 +ip-10-0-22-79... Ready 111m v1.31.1 10.0.22.79 Flatcar Container Linux by Kinvolk 3033.2.0 (Oklo) 5.10.84-flatcar containerd://1.5.8 +ip-10-0-24-130 Ready 111m v1.31.1 10.0.24.130 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.x86_64 containerd://1.5.8 +ip-10-0-39-19 Ready 111m v1.31.1 10.0.39.19 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.x86_64 containerd://1.5.8 ``` diff --git a/docs/advanced/nodes.md b/docs/advanced/nodes.md index 834ad1eb..d56e7ff3 100644 --- a/docs/advanced/nodes.md +++ b/docs/advanced/nodes.md @@ -36,7 +36,7 @@ Add custom initial worker node labels to default workers or worker pool nodes to ```tf module "yavin" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.31.0" + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.31.1" # Google Cloud cluster_name = "yavin" @@ -57,7 +57,7 @@ Add custom initial worker node labels to default workers or worker pool nodes to ```tf module "yavin-pool" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes/workers?ref=v1.31.0" + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes/workers?ref=v1.31.1" # Google Cloud cluster_name = "yavin" @@ -89,7 +89,7 @@ Add custom initial taints on worker pool nodes to indicate a node is unique and ```tf module "yavin" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.31.0" + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.31.1" # Google Cloud cluster_name = "yavin" @@ -110,7 +110,7 @@ Add custom initial taints on worker pool nodes to indicate a node is unique and ```tf module "yavin-pool" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes/workers?ref=v1.31.0" + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes/workers?ref=v1.31.1" # Google Cloud cluster_name = "yavin" diff --git a/docs/advanced/worker-pools.md b/docs/advanced/worker-pools.md index 04141c79..ea152ddf 100644 --- a/docs/advanced/worker-pools.md +++ b/docs/advanced/worker-pools.md @@ -19,7 +19,7 @@ Create a cluster following the AWS [tutorial](../flatcar-linux/aws.md#cluster). ```tf module "tempest-worker-pool" { - source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes/workers?ref=v1.31.0" + source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes/workers?ref=v1.31.1" # AWS vpc_id = module.tempest.vpc_id @@ -42,7 +42,7 @@ Create a cluster following the AWS [tutorial](../flatcar-linux/aws.md#cluster). ```tf module "tempest-worker-pool" { - source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes/workers?ref=v1.31.0" + source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes/workers?ref=v1.31.1" # AWS vpc_id = module.tempest.vpc_id @@ -111,7 +111,7 @@ Create a cluster following the Azure [tutorial](../flatcar-linux/azure.md#cluste ```tf module "ramius-worker-pool" { - source = "git::https://github.com/poseidon/typhoon//azure/fedora-coreos/kubernetes/workers?ref=v1.31.0" + source = "git::https://github.com/poseidon/typhoon//azure/fedora-coreos/kubernetes/workers?ref=v1.31.1" # Azure location = module.ramius.location @@ -137,7 +137,7 @@ Create a cluster following the Azure [tutorial](../flatcar-linux/azure.md#cluste ```tf module "ramius-worker-pool" { - source = "git::https://github.com/poseidon/typhoon//azure/flatcar-linux/kubernetes/workers?ref=v1.31.0" + source = "git::https://github.com/poseidon/typhoon//azure/flatcar-linux/kubernetes/workers?ref=v1.31.1" # Azure location = module.ramius.location @@ -207,7 +207,7 @@ Create a cluster following the Google Cloud [tutorial](../flatcar-linux/google-c ```tf module "yavin-worker-pool" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes/workers?ref=v1.31.0" + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes/workers?ref=v1.31.1" # Google Cloud region = "europe-west2" @@ -231,7 +231,7 @@ Create a cluster following the Google Cloud [tutorial](../flatcar-linux/google-c ```tf module "yavin-worker-pool" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/flatcar-linux/kubernetes/workers?ref=v1.31.0" + source = "git::https://github.com/poseidon/typhoon//google-cloud/flatcar-linux/kubernetes/workers?ref=v1.31.1" # Google Cloud region = "europe-west2" @@ -262,11 +262,11 @@ Verify a managed instance group of workers joins the cluster within a few minute ``` $ kubectl get nodes NAME STATUS AGE VERSION -yavin-controller-0.c.example-com.internal Ready 6m v1.31.0 -yavin-worker-jrbf.c.example-com.internal Ready 5m v1.31.0 -yavin-worker-mzdm.c.example-com.internal Ready 5m v1.31.0 -yavin-16x-worker-jrbf.c.example-com.internal Ready 3m v1.31.0 -yavin-16x-worker-mzdm.c.example-com.internal Ready 3m v1.31.0 +yavin-controller-0.c.example-com.internal Ready 6m v1.31.1 +yavin-worker-jrbf.c.example-com.internal Ready 5m v1.31.1 +yavin-worker-mzdm.c.example-com.internal Ready 5m v1.31.1 +yavin-16x-worker-jrbf.c.example-com.internal Ready 3m v1.31.1 +yavin-16x-worker-mzdm.c.example-com.internal Ready 3m v1.31.1 ``` ### Variables diff --git a/docs/fedora-coreos/aws.md b/docs/fedora-coreos/aws.md index 8cb2fd25..051863a7 100644 --- a/docs/fedora-coreos/aws.md +++ b/docs/fedora-coreos/aws.md @@ -1,6 +1,6 @@ # AWS -In this tutorial, we'll create a Kubernetes v1.31.0 cluster on AWS with Fedora CoreOS. +In this tutorial, we'll create a Kubernetes v1.31.1 cluster on AWS with Fedora CoreOS. We'll declare a Kubernetes cluster using the Typhoon Terraform module. Then apply the changes to create a VPC, gateway, subnets, security groups, controller instances, worker auto-scaling group, network load balancer, and TLS assets. @@ -72,7 +72,7 @@ Define a Kubernetes cluster using the module `aws/fedora-coreos/kubernetes`. ```tf module "tempest" { - source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes?ref=v1.31.0" + source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes?ref=v1.31.1" # AWS cluster_name = "tempest" @@ -145,9 +145,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/tempest-config $ kubectl get nodes NAME STATUS ROLES AGE VERSION -ip-10-0-3-155 Ready 10m v1.31.0 -ip-10-0-26-65 Ready 10m v1.31.0 -ip-10-0-41-21 Ready 10m v1.31.0 +ip-10-0-3-155 Ready 10m v1.31.1 +ip-10-0-26-65 Ready 10m v1.31.1 +ip-10-0-41-21 Ready 10m v1.31.1 ``` List the pods. diff --git a/docs/fedora-coreos/azure.md b/docs/fedora-coreos/azure.md index 4c376331..7effd562 100644 --- a/docs/fedora-coreos/azure.md +++ b/docs/fedora-coreos/azure.md @@ -1,6 +1,6 @@ # Azure -In this tutorial, we'll create a Kubernetes v1.31.0 cluster on Azure with Fedora CoreOS. +In this tutorial, we'll create a Kubernetes v1.31.1 cluster on Azure with Fedora CoreOS. We'll declare a Kubernetes cluster using the Typhoon Terraform module. Then apply the changes to create a resource group, virtual network, subnets, security groups, controller availability set, worker scale set, load balancer, and TLS assets. @@ -86,7 +86,7 @@ Define a Kubernetes cluster using the module `azure/fedora-coreos/kubernetes`. ```tf module "ramius" { - source = "git::https://github.com/poseidon/typhoon//azure/fedora-coreos/kubernetes?ref=v1.31.0" + source = "git::https://github.com/poseidon/typhoon//azure/fedora-coreos/kubernetes?ref=v1.31.1" # Azure cluster_name = "ramius" @@ -163,9 +163,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/ramius-config $ kubectl get nodes NAME STATUS ROLES AGE VERSION -ramius-controller-0 Ready 24m v1.31.0 -ramius-worker-000001 Ready 25m v1.31.0 -ramius-worker-000002 Ready 24m v1.31.0 +ramius-controller-0 Ready 24m v1.31.1 +ramius-worker-000001 Ready 25m v1.31.1 +ramius-worker-000002 Ready 24m v1.31.1 ``` List the pods. diff --git a/docs/fedora-coreos/bare-metal.md b/docs/fedora-coreos/bare-metal.md index 2cf303d0..a6d9a99b 100644 --- a/docs/fedora-coreos/bare-metal.md +++ b/docs/fedora-coreos/bare-metal.md @@ -1,6 +1,6 @@ # Bare-Metal -In this tutorial, we'll network boot and provision a Kubernetes v1.31.0 cluster on bare-metal with Fedora CoreOS. +In this tutorial, we'll network boot and provision a Kubernetes v1.31.1 cluster on bare-metal with Fedora CoreOS. First, we'll deploy a [Matchbox](https://github.com/poseidon/matchbox) service and setup a network boot environment. Then, we'll declare a Kubernetes cluster using the Typhoon Terraform module and power on machines. On PXE boot, machines will install Fedora CoreOS to disk, reboot into the disk install, and provision themselves as Kubernetes controllers or workers via Ignition. @@ -154,7 +154,7 @@ Define a Kubernetes cluster using the module `bare-metal/fedora-coreos/kubernete ```tf module "mercury" { - source = "git::https://github.com/poseidon/typhoon//bare-metal/fedora-coreos/kubernetes?ref=v1.31.0" + source = "git::https://github.com/poseidon/typhoon//bare-metal/fedora-coreos/kubernetes?ref=v1.31.1" # bare-metal cluster_name = "mercury" @@ -191,7 +191,7 @@ Workers with similar features can be defined inline using the `workers` field as ```tf module "mercury-node1" { - source = "git::https://github.com/poseidon/typhoon//bare-metal/fedora-coreos/kubernetes/worker?ref=v1.31.0" + source = "git::https://github.com/poseidon/typhoon//bare-metal/fedora-coreos/kubernetes/worker?ref=v1.31.1" # bare-metal cluster_name = "mercury" @@ -313,9 +313,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/mercury-config $ kubectl get nodes NAME STATUS ROLES AGE VERSION -node1.example.com Ready 10m v1.31.0 -node2.example.com Ready 10m v1.31.0 -node3.example.com Ready 10m v1.31.0 +node1.example.com Ready 10m v1.31.1 +node2.example.com Ready 10m v1.31.1 +node3.example.com Ready 10m v1.31.1 ``` List the pods. diff --git a/docs/fedora-coreos/digitalocean.md b/docs/fedora-coreos/digitalocean.md index 7c3d62df..145687b3 100644 --- a/docs/fedora-coreos/digitalocean.md +++ b/docs/fedora-coreos/digitalocean.md @@ -1,6 +1,6 @@ # DigitalOcean -In this tutorial, we'll create a Kubernetes v1.31.0 cluster on DigitalOcean with Fedora CoreOS. +In this tutorial, we'll create a Kubernetes v1.31.1 cluster on DigitalOcean with Fedora CoreOS. We'll declare a Kubernetes cluster using the Typhoon Terraform module. Then apply the changes to create controller droplets, worker droplets, DNS records, tags, and TLS assets. @@ -81,7 +81,7 @@ Define a Kubernetes cluster using the module `digital-ocean/fedora-coreos/kubern ```tf module "nemo" { - source = "git::https://github.com/poseidon/typhoon//digital-ocean/fedora-coreos/kubernetes?ref=v1.31.0" + source = "git::https://github.com/poseidon/typhoon//digital-ocean/fedora-coreos/kubernetes?ref=v1.31.1" # Digital Ocean cluster_name = "nemo" @@ -155,9 +155,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/nemo-config $ kubectl get nodes NAME STATUS ROLES AGE VERSION -10.132.110.130 Ready 10m v1.31.0 -10.132.115.81 Ready 10m v1.31.0 -10.132.124.107 Ready 10m v1.31.0 +10.132.110.130 Ready 10m v1.31.1 +10.132.115.81 Ready 10m v1.31.1 +10.132.124.107 Ready 10m v1.31.1 ``` List the pods. diff --git a/docs/fedora-coreos/google-cloud.md b/docs/fedora-coreos/google-cloud.md index 20f5c718..636e76e7 100644 --- a/docs/fedora-coreos/google-cloud.md +++ b/docs/fedora-coreos/google-cloud.md @@ -1,6 +1,6 @@ # Google Cloud -In this tutorial, we'll create a Kubernetes v1.31.0 cluster on Google Compute Engine with Fedora CoreOS. +In this tutorial, we'll create a Kubernetes v1.31.1 cluster on Google Compute Engine with Fedora CoreOS. We'll declare a Kubernetes cluster using the Typhoon Terraform module. Then apply the changes to create a network, firewall rules, health checks, controller instances, worker managed instance group, load balancers, and TLS assets. @@ -73,7 +73,7 @@ Define a Kubernetes cluster using the module `google-cloud/fedora-coreos/kuberne ```tf module "yavin" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.31.0" + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.31.1" # Google Cloud cluster_name = "yavin" @@ -147,9 +147,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/yavin-config $ kubectl get nodes NAME ROLES STATUS AGE VERSION -yavin-controller-0.c.example-com.internal Ready 6m v1.31.0 -yavin-worker-jrbf.c.example-com.internal Ready 5m v1.31.0 -yavin-worker-mzdm.c.example-com.internal Ready 5m v1.31.0 +yavin-controller-0.c.example-com.internal Ready 6m v1.31.1 +yavin-worker-jrbf.c.example-com.internal Ready 5m v1.31.1 +yavin-worker-mzdm.c.example-com.internal Ready 5m v1.31.1 ``` List the pods. diff --git a/docs/flatcar-linux/aws.md b/docs/flatcar-linux/aws.md index 61096663..7c6e7b53 100644 --- a/docs/flatcar-linux/aws.md +++ b/docs/flatcar-linux/aws.md @@ -1,6 +1,6 @@ # AWS -In this tutorial, we'll create a Kubernetes v1.31.0 cluster on AWS with Flatcar Linux. +In this tutorial, we'll create a Kubernetes v1.31.1 cluster on AWS with Flatcar Linux. We'll declare a Kubernetes cluster using the Typhoon Terraform module. Then apply the changes to create a VPC, gateway, subnets, security groups, controller instances, worker auto-scaling group, network load balancer, and TLS assets. @@ -72,7 +72,7 @@ Define a Kubernetes cluster using the module `aws/flatcar-linux/kubernetes`. ```tf module "tempest" { - source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes?ref=v1.31.0" + source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes?ref=v1.31.1" # AWS cluster_name = "tempest" @@ -145,9 +145,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/tempest-config $ kubectl get nodes NAME STATUS ROLES AGE VERSION -ip-10-0-3-155 Ready 10m v1.31.0 -ip-10-0-26-65 Ready 10m v1.31.0 -ip-10-0-41-21 Ready 10m v1.31.0 +ip-10-0-3-155 Ready 10m v1.31.1 +ip-10-0-26-65 Ready 10m v1.31.1 +ip-10-0-41-21 Ready 10m v1.31.1 ``` List the pods. diff --git a/docs/flatcar-linux/azure.md b/docs/flatcar-linux/azure.md index 39bbdec7..93461d92 100644 --- a/docs/flatcar-linux/azure.md +++ b/docs/flatcar-linux/azure.md @@ -1,6 +1,6 @@ # Azure -In this tutorial, we'll create a Kubernetes v1.31.0 cluster on Azure with Flatcar Linux. +In this tutorial, we'll create a Kubernetes v1.31.1 cluster on Azure with Flatcar Linux. We'll declare a Kubernetes cluster using the Typhoon Terraform module. Then apply the changes to create a resource group, virtual network, subnets, security groups, controller availability set, worker scale set, load balancer, and TLS assets. @@ -75,7 +75,7 @@ Define a Kubernetes cluster using the module `azure/flatcar-linux/kubernetes`. ```tf module "ramius" { - source = "git::https://github.com/poseidon/typhoon//azure/flatcar-linux/kubernetes?ref=v1.31.0" + source = "git::https://github.com/poseidon/typhoon//azure/flatcar-linux/kubernetes?ref=v1.31.1" # Azure cluster_name = "ramius" @@ -151,9 +151,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/ramius-config $ kubectl get nodes NAME STATUS ROLES AGE VERSION -ramius-controller-0 Ready 24m v1.31.0 -ramius-worker-000001 Ready 25m v1.31.0 -ramius-worker-000002 Ready 24m v1.31.0 +ramius-controller-0 Ready 24m v1.31.1 +ramius-worker-000001 Ready 25m v1.31.1 +ramius-worker-000002 Ready 24m v1.31.1 ``` List the pods. diff --git a/docs/flatcar-linux/bare-metal.md b/docs/flatcar-linux/bare-metal.md index 90aff6e0..9f741d11 100644 --- a/docs/flatcar-linux/bare-metal.md +++ b/docs/flatcar-linux/bare-metal.md @@ -1,6 +1,6 @@ # Bare-Metal -In this tutorial, we'll network boot and provision a Kubernetes v1.31.0 cluster on bare-metal with Flatcar Linux. +In this tutorial, we'll network boot and provision a Kubernetes v1.31.1 cluster on bare-metal with Flatcar Linux. First, we'll deploy a [Matchbox](https://github.com/poseidon/matchbox) service and setup a network boot environment. Then, we'll declare a Kubernetes cluster using the Typhoon Terraform module and power on machines. On PXE boot, machines will install Container Linux to disk, reboot into the disk install, and provision themselves as Kubernetes controllers or workers via Ignition. @@ -154,7 +154,7 @@ Define a Kubernetes cluster using the module `bare-metal/flatcar-linux/kubernete ```tf module "mercury" { - source = "git::https://github.com/poseidon/typhoon//bare-metal/flatcar-linux/kubernetes?ref=v1.31.0" + source = "git::https://github.com/poseidon/typhoon//bare-metal/flatcar-linux/kubernetes?ref=v1.31.1" # bare-metal cluster_name = "mercury" @@ -194,7 +194,7 @@ Workers with similar features can be defined inline using the `workers` field as ```tf module "mercury-node1" { - source = "git::https://github.com/poseidon/typhoon//bare-metal/fedora-coreos/kubernetes/worker?ref=v1.31.0" + source = "git::https://github.com/poseidon/typhoon//bare-metal/fedora-coreos/kubernetes/worker?ref=v1.31.1" # bare-metal cluster_name = "mercury" @@ -323,9 +323,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/mercury-config $ kubectl get nodes NAME STATUS ROLES AGE VERSION -node1.example.com Ready 10m v1.31.0 -node2.example.com Ready 10m v1.31.0 -node3.example.com Ready 10m v1.31.0 +node1.example.com Ready 10m v1.31.1 +node2.example.com Ready 10m v1.31.1 +node3.example.com Ready 10m v1.31.1 ``` List the pods. diff --git a/docs/flatcar-linux/digitalocean.md b/docs/flatcar-linux/digitalocean.md index 6050a96d..d5e34c2e 100644 --- a/docs/flatcar-linux/digitalocean.md +++ b/docs/flatcar-linux/digitalocean.md @@ -1,6 +1,6 @@ # DigitalOcean -In this tutorial, we'll create a Kubernetes v1.31.0 cluster on DigitalOcean with Flatcar Linux. +In this tutorial, we'll create a Kubernetes v1.31.1 cluster on DigitalOcean with Flatcar Linux. We'll declare a Kubernetes cluster using the Typhoon Terraform module. Then apply the changes to create controller droplets, worker droplets, DNS records, tags, and TLS assets. @@ -81,7 +81,7 @@ Define a Kubernetes cluster using the module `digital-ocean/flatcar-linux/kubern ```tf module "nemo" { - source = "git::https://github.com/poseidon/typhoon//digital-ocean/flatcar-linux/kubernetes?ref=v1.31.0" + source = "git::https://github.com/poseidon/typhoon//digital-ocean/flatcar-linux/kubernetes?ref=v1.31.1" # Digital Ocean cluster_name = "nemo" @@ -155,9 +155,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/nemo-config $ kubectl get nodes NAME STATUS ROLES AGE VERSION -10.132.110.130 Ready 10m v1.31.0 -10.132.115.81 Ready 10m v1.31.0 -10.132.124.107 Ready 10m v1.31.0 +10.132.110.130 Ready 10m v1.31.1 +10.132.115.81 Ready 10m v1.31.1 +10.132.124.107 Ready 10m v1.31.1 ``` List the pods. diff --git a/docs/flatcar-linux/google-cloud.md b/docs/flatcar-linux/google-cloud.md index a404e4be..3229fcde 100644 --- a/docs/flatcar-linux/google-cloud.md +++ b/docs/flatcar-linux/google-cloud.md @@ -1,6 +1,6 @@ # Google Cloud -In this tutorial, we'll create a Kubernetes v1.31.0 cluster on Google Compute Engine with Flatcar Linux. +In this tutorial, we'll create a Kubernetes v1.31.1 cluster on Google Compute Engine with Flatcar Linux. We'll declare a Kubernetes cluster using the Typhoon Terraform module. Then apply the changes to create a network, firewall rules, health checks, controller instances, worker managed instance group, load balancers, and TLS assets. @@ -73,7 +73,7 @@ Define a Kubernetes cluster using the module `google-cloud/flatcar-linux/kuberne ```tf module "yavin" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/flatcar-linux/kubernetes?ref=v1.31.0" + source = "git::https://github.com/poseidon/typhoon//google-cloud/flatcar-linux/kubernetes?ref=v1.31.1" # Google Cloud cluster_name = "yavin" @@ -147,9 +147,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/yavin-config $ kubectl get nodes NAME ROLES STATUS AGE VERSION -yavin-controller-0.c.example-com.internal Ready 6m v1.31.0 -yavin-worker-jrbf.c.example-com.internal Ready 5m v1.31.0 -yavin-worker-mzdm.c.example-com.internal Ready 5m v1.31.0 +yavin-controller-0.c.example-com.internal Ready 6m v1.31.1 +yavin-worker-jrbf.c.example-com.internal Ready 5m v1.31.1 +yavin-worker-mzdm.c.example-com.internal Ready 5m v1.31.1 ``` List the pods. diff --git a/docs/index.md b/docs/index.md index 40942e29..7302078c 100644 --- a/docs/index.md +++ b/docs/index.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.31.0 (upstream) +* Kubernetes v1.31.1 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/), SELinux enforcing * Advanced features like [worker pools](advanced/worker-pools/), [preemptible](fedora-coreos/google-cloud/#preemption) workers, and [snippets](advanced/customization/#hosts) customization @@ -70,7 +70,7 @@ Define a Kubernetes cluster by using the Terraform module for your chosen platfo ```tf module "yavin" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.31.0" + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.31.1" # Google Cloud cluster_name = "yavin" @@ -108,9 +108,9 @@ In 4-8 minutes (varies by platform), the cluster will be ready. This Google Clou $ export KUBECONFIG=/home/user/.kube/configs/yavin-config $ kubectl get nodes NAME ROLES STATUS AGE VERSION -yavin-controller-0.c.example-com.internal Ready 6m v1.31.0 -yavin-worker-jrbf.c.example-com.internal Ready 5m v1.31.0 -yavin-worker-mzdm.c.example-com.internal Ready 5m v1.31.0 +yavin-controller-0.c.example-com.internal Ready 6m v1.31.1 +yavin-worker-jrbf.c.example-com.internal Ready 5m v1.31.1 +yavin-worker-mzdm.c.example-com.internal Ready 5m v1.31.1 ``` List the pods. diff --git a/docs/topics/maintenance.md b/docs/topics/maintenance.md index e8cd54c9..41df6ecf 100644 --- a/docs/topics/maintenance.md +++ b/docs/topics/maintenance.md @@ -13,12 +13,12 @@ Typhoon provides tagged releases to allow clusters to be versioned using ordinar ``` module "yavin" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.31.0" + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.31.1" ... } module "mercury" { - source = "git::https://github.com/poseidon/typhoon//bare-metal/flatcar-linux/kubernetes?ref=v1.31.0" + source = "git::https://github.com/poseidon/typhoon//bare-metal/flatcar-linux/kubernetes?ref=v1.31.1" ... } ``` @@ -192,7 +192,7 @@ Applying edits to most worker fields will start an instance refresh: However, changing `os_stream`/`os_channel` or new AMIs becoming available will NOT change the launch configuration or trigger an Instance Refresh. This allows Fedora CoreOS or Flatcar Linux to auto-update themselves via reboots and avoids unexpected terraform diffs for new AMIs. !!! note - Before Typhoon v1.31.0, worker nodes only used new launch configurations when replaced manually (or due to failure). If you must change node configuration manually, it's still possible. Create a new [worker pool](../advanced/worker-pools.md), then scale down the old worker pool as desired. + Before Typhoon v1.31.1, worker nodes only used new launch configurations when replaced manually (or due to failure). If you must change node configuration manually, it's still possible. Create a new [worker pool](../advanced/worker-pools.md), then scale down the old worker pool as desired. ### Google Cloud @@ -233,7 +233,7 @@ Applying edits to most worker fields will start an instance refresh: However, changing `os_stream`/`os_channel` or new compute images becoming available will NOT change the launch template or update instances. This allows Fedora CoreOS or Flatcar Linux to auto-update themselves via reboots and avoids unexpected terraform diffs for new AMIs. !!! note - Before Typhoon v1.31.0, worker nodes only used new launch templates when replaced manually (or due to failure). If you must change node configuration manually, it's still possible. Create a new [worker pool](../advanced/worker-pools.md), then scale down the old worker pool as desired. + Before Typhoon v1.31.1, worker nodes only used new launch templates when replaced manually (or due to failure). If you must change node configuration manually, it's still possible. Create a new [worker pool](../advanced/worker-pools.md), then scale down the old worker pool as desired. ## Upgrade poseidon/ct diff --git a/google-cloud/fedora-coreos/kubernetes/README.md b/google-cloud/fedora-coreos/kubernetes/README.md index 19c8e880..92c93a4d 100644 --- a/google-cloud/fedora-coreos/kubernetes/README.md +++ b/google-cloud/fedora-coreos/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.31.0 (upstream) +* Kubernetes v1.31.1 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/), SELinux enforcing * Advanced features like [worker pools](https://typhoon.psdn.io/advanced/worker-pools/), [preemptible](https://typhoon.psdn.io/fedora-coreos/google-cloud/#preemption) workers, and [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/google-cloud/fedora-coreos/kubernetes/bootstrap.tf b/google-cloud/fedora-coreos/kubernetes/bootstrap.tf index bc06a1fb..c4ef1a5b 100644 --- a/google-cloud/fedora-coreos/kubernetes/bootstrap.tf +++ b/google-cloud/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=1ddecb1cef65c9715ed66b6c335634bc51f59613" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=1cfc6544945e7c178d6a69be2439a01e060d3528" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/google-cloud/fedora-coreos/kubernetes/butane/controller.yaml b/google-cloud/fedora-coreos/kubernetes/butane/controller.yaml index b55e3775..d28b30a9 100644 --- a/google-cloud/fedora-coreos/kubernetes/butane/controller.yaml +++ b/google-cloud/fedora-coreos/kubernetes/butane/controller.yaml @@ -54,7 +54,7 @@ systemd: Description=Kubelet (System Container) Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.0 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.1 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin @@ -111,7 +111,7 @@ systemd: --volume /opt/bootstrap/assets:/assets:ro,Z \ --volume /opt/bootstrap/apply:/apply:ro,Z \ --entrypoint=/apply \ - quay.io/poseidon/kubelet:v1.31.0 + quay.io/poseidon/kubelet:v1.31.1 ExecStartPost=/bin/touch /opt/bootstrap/bootstrap.done ExecStartPost=-/usr/bin/podman stop bootstrap storage: diff --git a/google-cloud/fedora-coreos/kubernetes/workers/butane/worker.yaml b/google-cloud/fedora-coreos/kubernetes/workers/butane/worker.yaml index a863b230..f972334b 100644 --- a/google-cloud/fedora-coreos/kubernetes/workers/butane/worker.yaml +++ b/google-cloud/fedora-coreos/kubernetes/workers/butane/worker.yaml @@ -26,7 +26,7 @@ systemd: Description=Kubelet (System Container) Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.0 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.1 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin diff --git a/google-cloud/flatcar-linux/kubernetes/README.md b/google-cloud/flatcar-linux/kubernetes/README.md index 2495c17e..b9b3c0f5 100644 --- a/google-cloud/flatcar-linux/kubernetes/README.md +++ b/google-cloud/flatcar-linux/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.31.0 (upstream) +* Kubernetes v1.31.1 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/) * Advanced features like [worker pools](https://typhoon.psdn.io/advanced/worker-pools/), [preemptible](https://typhoon.psdn.io/flatcar-linux/google-cloud/#preemption) workers, and [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/google-cloud/flatcar-linux/kubernetes/bootstrap.tf b/google-cloud/flatcar-linux/kubernetes/bootstrap.tf index bc06a1fb..c4ef1a5b 100644 --- a/google-cloud/flatcar-linux/kubernetes/bootstrap.tf +++ b/google-cloud/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=1ddecb1cef65c9715ed66b6c335634bc51f59613" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=1cfc6544945e7c178d6a69be2439a01e060d3528" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/google-cloud/flatcar-linux/kubernetes/butane/controller.yaml b/google-cloud/flatcar-linux/kubernetes/butane/controller.yaml index 83e3fb2d..68253279 100644 --- a/google-cloud/flatcar-linux/kubernetes/butane/controller.yaml +++ b/google-cloud/flatcar-linux/kubernetes/butane/controller.yaml @@ -56,7 +56,7 @@ systemd: After=docker.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.0 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.1 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin @@ -105,7 +105,7 @@ systemd: Type=oneshot RemainAfterExit=true WorkingDirectory=/opt/bootstrap - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.0 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.1 ExecStart=/usr/bin/docker run \ -v /etc/kubernetes/pki:/etc/kubernetes/pki:ro \ -v /opt/bootstrap/assets:/assets:ro \ diff --git a/google-cloud/flatcar-linux/kubernetes/workers/butane/worker.yaml b/google-cloud/flatcar-linux/kubernetes/workers/butane/worker.yaml index ea4d8fd6..008994f3 100644 --- a/google-cloud/flatcar-linux/kubernetes/workers/butane/worker.yaml +++ b/google-cloud/flatcar-linux/kubernetes/workers/butane/worker.yaml @@ -28,7 +28,7 @@ systemd: After=docker.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.0 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.1 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin From c87c21c7e252207f98120a8e5dd61b2f4662f224 Mon Sep 17 00:00:00 2001 From: "dghubble-renovate[bot]" <119624128+dghubble-renovate[bot]@users.noreply.github.com> Date: Sat, 21 Sep 2024 20:21:06 +0000 Subject: [PATCH 107/132] Bump mkdocs-material from 9.5.35 to v9.5.36 --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 21ff9535..d4cdd9da 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,4 +1,4 @@ mkdocs==1.6.1 -mkdocs-material==9.5.35 +mkdocs-material==9.5.36 pygments==2.18.0 pymdown-extensions==10.9 From 16c26f438491973124421473addbff7787f78dd4 Mon Sep 17 00:00:00 2001 From: "dghubble-renovate[bot]" <119624128+dghubble-renovate[bot]@users.noreply.github.com> Date: Mon, 7 Oct 2024 21:00:40 +0000 Subject: [PATCH 108/132] Bump docker.io/flannel/flannel image from v0.25.6 to v0.25.7 --- addons/flannel/daemonset.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/addons/flannel/daemonset.tf b/addons/flannel/daemonset.tf index 6fe7b90c..f7c8182e 100644 --- a/addons/flannel/daemonset.tf +++ b/addons/flannel/daemonset.tf @@ -73,7 +73,7 @@ resource "kubernetes_daemonset" "flannel" { container { name = "flannel" - image = "docker.io/flannel/flannel:v0.25.6" + image = "docker.io/flannel/flannel:v0.25.7" command = [ "/opt/bin/flanneld", "--ip-masq", From 8656a2d75b2c0bd8ebc7055e50adbb33c55f0bdd Mon Sep 17 00:00:00 2001 From: "dghubble-renovate[bot]" <119624128+dghubble-renovate[bot]@users.noreply.github.com> Date: Thu, 26 Sep 2024 09:40:54 +0000 Subject: [PATCH 109/132] Bump quay.io/cilium/operator-generic image from v1.16.1 to v1.16.2 --- addons/cilium/deployment.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/addons/cilium/deployment.tf b/addons/cilium/deployment.tf index 364931f5..58d86dac 100644 --- a/addons/cilium/deployment.tf +++ b/addons/cilium/deployment.tf @@ -58,7 +58,7 @@ resource "kubernetes_deployment" "operator" { enable_service_links = false container { name = "cilium-operator" - image = "quay.io/cilium/operator-generic:v1.16.1" + image = "quay.io/cilium/operator-generic:v1.16.2" command = ["cilium-operator-generic"] args = [ "--config-dir=/tmp/cilium/config-map", From edd9328554d077a401b7606dbc3b557791843341 Mon Sep 17 00:00:00 2001 From: "dghubble-renovate[bot]" <119624128+dghubble-renovate[bot]@users.noreply.github.com> Date: Thu, 26 Sep 2024 09:40:50 +0000 Subject: [PATCH 110/132] Bump quay.io/cilium/cilium image from v1.16.1 to v1.16.2 --- addons/cilium/daemonset.tf | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/addons/cilium/daemonset.tf b/addons/cilium/daemonset.tf index 1d5ec15f..80f52f2d 100644 --- a/addons/cilium/daemonset.tf +++ b/addons/cilium/daemonset.tf @@ -61,7 +61,7 @@ resource "kubernetes_daemonset" "cilium" { # https://github.com/cilium/cilium/pull/24075 init_container { name = "install-cni" - image = "quay.io/cilium/cilium:v1.16.1" + image = "quay.io/cilium/cilium:v1.16.2" command = ["/install-plugin.sh"] security_context { allow_privilege_escalation = true @@ -80,7 +80,7 @@ resource "kubernetes_daemonset" "cilium" { # We use nsenter command with host's cgroup and mount namespaces enabled. init_container { name = "mount-cgroup" - image = "quay.io/cilium/cilium:v1.16.1" + image = "quay.io/cilium/cilium:v1.16.2" command = [ "sh", "-ec", @@ -115,7 +115,7 @@ resource "kubernetes_daemonset" "cilium" { init_container { name = "clean-cilium-state" - image = "quay.io/cilium/cilium:v1.16.1" + image = "quay.io/cilium/cilium:v1.16.2" command = ["/init-container.sh"] security_context { allow_privilege_escalation = true @@ -139,7 +139,7 @@ resource "kubernetes_daemonset" "cilium" { container { name = "cilium-agent" - image = "quay.io/cilium/cilium:v1.16.1" + image = "quay.io/cilium/cilium:v1.16.2" command = ["cilium-agent"] args = [ "--config-dir=/tmp/cilium/config-map" From e6989514a58eb48e1e3eefb1052b628a1107f515 Mon Sep 17 00:00:00 2001 From: "dghubble-renovate[bot]" <119624128+dghubble-renovate[bot]@users.noreply.github.com> Date: Sun, 29 Sep 2024 20:00:40 +0000 Subject: [PATCH 111/132] Bump mkdocs-material from 9.5.36 to v9.5.39 --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index d4cdd9da..f937b068 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,4 +1,4 @@ mkdocs==1.6.1 -mkdocs-material==9.5.36 +mkdocs-material==9.5.39 pygments==2.18.0 pymdown-extensions==10.9 From 6a5b808b1795fd0f4e257be41e6935b6767dd0ba Mon Sep 17 00:00:00 2001 From: Dalton Hubble Date: Tue, 8 Oct 2024 21:25:06 -0700 Subject: [PATCH 112/132] Add region to gcp instance template resource * Configure the regional worker instance templates with the region of the cluster. This defaults to the provider's region which isn't always what you want and if left off causes an error * Close #1512 --- CHANGES.md | 3 +++ google-cloud/fedora-coreos/kubernetes/workers/workers.tf | 1 + google-cloud/flatcar-linux/kubernetes/workers/workers.tf | 1 + 3 files changed, 5 insertions(+) diff --git a/CHANGES.md b/CHANGES.md index ad29f97b..6f59c7bb 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -4,12 +4,15 @@ Notable changes between versions. ## Latest +## v1.31.1 + * Kubernetes [v1.31.1](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.31.md#v1311) * Update flannel from v0.25.5 to [v0.25.6](https://github.com/flannel-io/flannel/releases/tag/v0.25.6) ### Google * Add `controller_disk_type` and `worker_disk_type` variables ([#1513](https://github.com/poseidon/typhoon/pull/1513)) +* Add explicit `region` field to regional worker instance templates ([#1524](https://github.com/poseidon/typhoon/pull/1524)) ## v1.31.0 diff --git a/google-cloud/fedora-coreos/kubernetes/workers/workers.tf b/google-cloud/fedora-coreos/kubernetes/workers/workers.tf index 86f7ce61..043d445f 100644 --- a/google-cloud/fedora-coreos/kubernetes/workers/workers.tf +++ b/google-cloud/fedora-coreos/kubernetes/workers/workers.tf @@ -62,6 +62,7 @@ resource "google_compute_region_instance_template" "worker" { name_prefix = "${var.name}-worker-" description = "${var.name} worker instance template" machine_type = var.machine_type + region = var.region metadata = { user-data = data.ct_config.worker.rendered diff --git a/google-cloud/flatcar-linux/kubernetes/workers/workers.tf b/google-cloud/flatcar-linux/kubernetes/workers/workers.tf index 3d971c04..a83bdd0d 100644 --- a/google-cloud/flatcar-linux/kubernetes/workers/workers.tf +++ b/google-cloud/flatcar-linux/kubernetes/workers/workers.tf @@ -62,6 +62,7 @@ resource "google_compute_region_instance_template" "worker" { name_prefix = "${var.name}-worker-" description = "Worker Instance template" machine_type = var.machine_type + region = var.region metadata = { user-data = data.ct_config.worker.rendered From 5932b651e3a367f8446fb5f2fefa5202043a5415 Mon Sep 17 00:00:00 2001 From: jordanp Date: Tue, 24 Sep 2024 16:25:58 +0200 Subject: [PATCH 113/132] doc: set file_permission 0600 for kubeconfig file It's only documentation, but kubeconfig file contains sensitive info so it's better to secure it a little --- README.md | 5 +++-- docs/fedora-coreos/aws.md | 6 +++--- docs/fedora-coreos/azure.md | 5 +++-- docs/fedora-coreos/bare-metal.md | 6 +++--- docs/fedora-coreos/digitalocean.md | 6 +++--- docs/fedora-coreos/google-cloud.md | 5 +++-- docs/flatcar-linux/aws.md | 6 +++--- docs/flatcar-linux/azure.md | 5 +++-- docs/flatcar-linux/bare-metal.md | 5 +++-- docs/flatcar-linux/digitalocean.md | 5 +++-- docs/flatcar-linux/google-cloud.md | 5 +++-- docs/index.md | 6 +++--- 12 files changed, 36 insertions(+), 29 deletions(-) diff --git a/README.md b/README.md index 460495f9..055fd1e0 100644 --- a/README.md +++ b/README.md @@ -96,8 +96,9 @@ module "yavin" { # Obtain cluster kubeconfig resource "local_file" "kubeconfig-yavin" { - content = module.yavin.kubeconfig-admin - filename = "/home/user/.kube/configs/yavin-config" + content = module.yavin.kubeconfig-admin + filename = "/home/user/.kube/configs/yavin-config" + file_permission = "0600" } ``` diff --git a/docs/fedora-coreos/aws.md b/docs/fedora-coreos/aws.md index 051863a7..f20de0a9 100644 --- a/docs/fedora-coreos/aws.md +++ b/docs/fedora-coreos/aws.md @@ -134,8 +134,9 @@ In 4-8 minutes, the Kubernetes cluster will be ready. ``` resource "local_file" "kubeconfig-tempest" { - content = module.tempest.kubeconfig-admin - filename = "/home/user/.kube/configs/tempest-config" + content = module.tempest.kubeconfig-admin + filename = "/home/user/.kube/configs/tempest-config" + file_permission = "0600" } ``` @@ -241,4 +242,3 @@ Check the list of valid [instance types](https://aws.amazon.com/ec2/instance-typ #### Spot Add `worker_price = "0.10"` to use spot instance workers (instead of "on-demand") and set a maximum spot price in USD. Clusters can tolerate spot market interuptions fairly well (reschedules pods, but cannot drain) to save money, with the tradeoff that requests for workers may go unfulfilled. - diff --git a/docs/fedora-coreos/azure.md b/docs/fedora-coreos/azure.md index 7effd562..8f0c18ad 100644 --- a/docs/fedora-coreos/azure.md +++ b/docs/fedora-coreos/azure.md @@ -152,8 +152,9 @@ In 4-8 minutes, the Kubernetes cluster will be ready. ``` resource "local_file" "kubeconfig-ramius" { - content = module.ramius.kubeconfig-admin - filename = "/home/user/.kube/configs/ramius-config" + content = module.ramius.kubeconfig-admin + filename = "/home/user/.kube/configs/ramius-config" + file_permission = "0600" } ``` diff --git a/docs/fedora-coreos/bare-metal.md b/docs/fedora-coreos/bare-metal.md index a6d9a99b..0e8df442 100644 --- a/docs/fedora-coreos/bare-metal.md +++ b/docs/fedora-coreos/bare-metal.md @@ -302,8 +302,9 @@ systemd[1]: Started Kubernetes control plane. ``` resource "local_file" "kubeconfig-mercury" { - content = module.mercury.kubeconfig-admin - filename = "/home/user/.kube/configs/mercury-config" + content = module.mercury.kubeconfig-admin + filename = "/home/user/.kube/configs/mercury-config" + file_permission = "0600" } ``` @@ -373,4 +374,3 @@ Check the [variables.tf](https://github.com/poseidon/typhoon/blob/master/bare-me | kernel_args | Additional kernel args to provide at PXE boot | [] | ["kvm-intel.nested=1"] | | worker_node_labels | Map from worker name to list of initial node labels | {} | {"node2" = ["role=special"]} | | worker_node_taints | Map from worker name to list of initial node taints | {} | {"node2" = ["role=special:NoSchedule"]} | - diff --git a/docs/fedora-coreos/digitalocean.md b/docs/fedora-coreos/digitalocean.md index 145687b3..eea0f7d0 100644 --- a/docs/fedora-coreos/digitalocean.md +++ b/docs/fedora-coreos/digitalocean.md @@ -144,8 +144,9 @@ In 3-6 minutes, the Kubernetes cluster will be ready. ``` resource "local_file" "kubeconfig-nemo" { - content = module.nemo.kubeconfig-admin - filename = "/home/user/.kube/configs/nemo-config" + content = module.nemo.kubeconfig-admin + filename = "/home/user/.kube/configs/nemo-config" + file_permission = "0600" } ``` @@ -248,4 +249,3 @@ Check the list of valid [droplet types](https://developers.digitalocean.com/docu !!! warning Do not choose a `controller_type` smaller than 2GB. Smaller droplets are not sufficient for running a controller and bootstrapping will fail. - diff --git a/docs/fedora-coreos/google-cloud.md b/docs/fedora-coreos/google-cloud.md index 636e76e7..73198d37 100644 --- a/docs/fedora-coreos/google-cloud.md +++ b/docs/fedora-coreos/google-cloud.md @@ -136,8 +136,9 @@ In 4-8 minutes, the Kubernetes cluster will be ready. ``` resource "local_file" "kubeconfig-yavin" { - content = module.yavin.kubeconfig-admin - filename = "/home/user/.kube/configs/yavin-config" + content = module.yavin.kubeconfig-admin + filename = "/home/user/.kube/configs/yavin-config" + file_permission = "0600" } ``` diff --git a/docs/flatcar-linux/aws.md b/docs/flatcar-linux/aws.md index 7c6e7b53..b61a8a79 100644 --- a/docs/flatcar-linux/aws.md +++ b/docs/flatcar-linux/aws.md @@ -134,8 +134,9 @@ In 4-8 minutes, the Kubernetes cluster will be ready. ``` resource "local_file" "kubeconfig-tempest" { - content = module.tempest.kubeconfig-admin - filename = "/home/user/.kube/configs/tempest-config" + content = module.tempest.kubeconfig-admin + filename = "/home/user/.kube/configs/tempest-config" + file_permission = "0600" } ``` @@ -239,4 +240,3 @@ Check the list of valid [instance types](https://aws.amazon.com/ec2/instance-typ #### Spot Add `worker_price = "0.10"` to use spot instance workers (instead of "on-demand") and set a maximum spot price in USD. Clusters can tolerate spot market interuptions fairly well (reschedules pods, but cannot drain) to save money, with the tradeoff that requests for workers may go unfulfilled. - diff --git a/docs/flatcar-linux/azure.md b/docs/flatcar-linux/azure.md index 93461d92..e33f6e65 100644 --- a/docs/flatcar-linux/azure.md +++ b/docs/flatcar-linux/azure.md @@ -140,8 +140,9 @@ In 4-8 minutes, the Kubernetes cluster will be ready. ``` resource "local_file" "kubeconfig-ramius" { - content = module.ramius.kubeconfig-admin - filename = "/home/user/.kube/configs/ramius-config" + content = module.ramius.kubeconfig-admin + filename = "/home/user/.kube/configs/ramius-config" + file_permission = "0600" } ``` diff --git a/docs/flatcar-linux/bare-metal.md b/docs/flatcar-linux/bare-metal.md index 9f741d11..61355940 100644 --- a/docs/flatcar-linux/bare-metal.md +++ b/docs/flatcar-linux/bare-metal.md @@ -312,8 +312,9 @@ systemd[1]: Started Kubernetes control plane. ``` resource "local_file" "kubeconfig-mercury" { - content = module.mercury.kubeconfig-admin - filename = "/home/user/.kube/configs/mercury-config" + content = module.mercury.kubeconfig-admin + filename = "/home/user/.kube/configs/mercury-config" + file_permission = "0600" } ``` diff --git a/docs/flatcar-linux/digitalocean.md b/docs/flatcar-linux/digitalocean.md index d5e34c2e..f4b82345 100644 --- a/docs/flatcar-linux/digitalocean.md +++ b/docs/flatcar-linux/digitalocean.md @@ -144,8 +144,9 @@ In 3-6 minutes, the Kubernetes cluster will be ready. ``` resource "local_file" "kubeconfig-nemo" { - content = module.nemo.kubeconfig-admin - filename = "/home/user/.kube/configs/nemo-config" + content = module.nemo.kubeconfig-admin + filename = "/home/user/.kube/configs/nemo-config" + file_permission = "0600" } ``` diff --git a/docs/flatcar-linux/google-cloud.md b/docs/flatcar-linux/google-cloud.md index 3229fcde..e9c6ca3f 100644 --- a/docs/flatcar-linux/google-cloud.md +++ b/docs/flatcar-linux/google-cloud.md @@ -136,8 +136,9 @@ In 4-8 minutes, the Kubernetes cluster will be ready. ``` resource "local_file" "kubeconfig-yavin" { - content = module.yavin.kubeconfig-admin - filename = "/home/user/.kube/configs/yavin-config" + content = module.yavin.kubeconfig-admin + filename = "/home/user/.kube/configs/yavin-config" + file_permission = "0600" } ``` diff --git a/docs/index.md b/docs/index.md index 7302078c..798016d8 100644 --- a/docs/index.md +++ b/docs/index.md @@ -87,8 +87,9 @@ module "yavin" { # Obtain cluster kubeconfig resource "local_file" "kubeconfig-yavin" { - content = module.yavin.kubeconfig-admin - filename = "/home/user/.kube/configs/yavin-config" + content = module.yavin.kubeconfig-admin + filename = "/home/user/.kube/configs/yavin-config" + file_permission = "0600" } ``` @@ -157,4 +158,3 @@ Poseidon's Github [Sponsors](https://github.com/sponsors/poseidon) support the i
    If you'd like your company here, please contact dghubble at psdn.io. - From 3d4905bb3a593f3a62e56fbfa337d73227375bdc Mon Sep 17 00:00:00 2001 From: "dghubble-renovate[bot]" <119624128+dghubble-renovate[bot]@users.noreply.github.com> Date: Wed, 2 Oct 2024 04:41:14 +0000 Subject: [PATCH 114/132] Bump pymdown-extensions from 10.9 to v10.11.2 --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index f937b068..a9b7d7bd 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,4 +1,4 @@ mkdocs==1.6.1 mkdocs-material==9.5.39 pygments==2.18.0 -pymdown-extensions==10.9 +pymdown-extensions==10.11.2 From a4e0ade8d9d06850371bd4f0f7c27e5eeb66be14 Mon Sep 17 00:00:00 2001 From: "dghubble-renovate[bot]" <119624128+dghubble-renovate[bot]@users.noreply.github.com> Date: Wed, 23 Oct 2024 16:01:22 +0000 Subject: [PATCH 115/132] Bump docker.io/flannel/flannel image from v0.25.7 to v0.26.0 --- addons/flannel/daemonset.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/addons/flannel/daemonset.tf b/addons/flannel/daemonset.tf index f7c8182e..fdfc1b6a 100644 --- a/addons/flannel/daemonset.tf +++ b/addons/flannel/daemonset.tf @@ -73,7 +73,7 @@ resource "kubernetes_daemonset" "flannel" { container { name = "flannel" - image = "docker.io/flannel/flannel:v0.25.7" + image = "docker.io/flannel/flannel:v0.26.0" command = [ "/opt/bin/flanneld", "--ip-masq", From 81265483c6897e97386496c14360064e100620c1 Mon Sep 17 00:00:00 2001 From: "dghubble-renovate[bot]" <119624128+dghubble-renovate[bot]@users.noreply.github.com> Date: Fri, 11 Oct 2024 15:00:47 +0000 Subject: [PATCH 116/132] Bump quay.io/cilium/operator-generic image from v1.16.2 to v1.16.3 --- addons/cilium/deployment.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/addons/cilium/deployment.tf b/addons/cilium/deployment.tf index 58d86dac..2b627499 100644 --- a/addons/cilium/deployment.tf +++ b/addons/cilium/deployment.tf @@ -58,7 +58,7 @@ resource "kubernetes_deployment" "operator" { enable_service_links = false container { name = "cilium-operator" - image = "quay.io/cilium/operator-generic:v1.16.2" + image = "quay.io/cilium/operator-generic:v1.16.3" command = ["cilium-operator-generic"] args = [ "--config-dir=/tmp/cilium/config-map", From c3cb5a3f1b1338179e2902a269f90d105ef68b1a Mon Sep 17 00:00:00 2001 From: "dghubble-renovate[bot]" <119624128+dghubble-renovate[bot]@users.noreply.github.com> Date: Fri, 11 Oct 2024 15:00:43 +0000 Subject: [PATCH 117/132] Bump quay.io/cilium/cilium image from v1.16.2 to v1.16.3 --- addons/cilium/daemonset.tf | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/addons/cilium/daemonset.tf b/addons/cilium/daemonset.tf index 80f52f2d..42058f15 100644 --- a/addons/cilium/daemonset.tf +++ b/addons/cilium/daemonset.tf @@ -61,7 +61,7 @@ resource "kubernetes_daemonset" "cilium" { # https://github.com/cilium/cilium/pull/24075 init_container { name = "install-cni" - image = "quay.io/cilium/cilium:v1.16.2" + image = "quay.io/cilium/cilium:v1.16.3" command = ["/install-plugin.sh"] security_context { allow_privilege_escalation = true @@ -80,7 +80,7 @@ resource "kubernetes_daemonset" "cilium" { # We use nsenter command with host's cgroup and mount namespaces enabled. init_container { name = "mount-cgroup" - image = "quay.io/cilium/cilium:v1.16.2" + image = "quay.io/cilium/cilium:v1.16.3" command = [ "sh", "-ec", @@ -115,7 +115,7 @@ resource "kubernetes_daemonset" "cilium" { init_container { name = "clean-cilium-state" - image = "quay.io/cilium/cilium:v1.16.2" + image = "quay.io/cilium/cilium:v1.16.3" command = ["/init-container.sh"] security_context { allow_privilege_escalation = true @@ -139,7 +139,7 @@ resource "kubernetes_daemonset" "cilium" { container { name = "cilium-agent" - image = "quay.io/cilium/cilium:v1.16.2" + image = "quay.io/cilium/cilium:v1.16.3" command = ["cilium-agent"] args = [ "--config-dir=/tmp/cilium/config-map" From e143061bcf174057f42325d5eabfda1ee3baaed1 Mon Sep 17 00:00:00 2001 From: "dghubble-renovate[bot]" <119624128+dghubble-renovate[bot]@users.noreply.github.com> Date: Sun, 20 Oct 2024 20:40:48 +0000 Subject: [PATCH 118/132] Bump mkdocs-material from 9.5.39 to v9.5.42 --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index a9b7d7bd..920d61d5 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,4 +1,4 @@ mkdocs==1.6.1 -mkdocs-material==9.5.39 +mkdocs-material==9.5.42 pygments==2.18.0 pymdown-extensions==10.11.2 From 61ffc0bc19600e059c5a1070059eb2934c09b239 Mon Sep 17 00:00:00 2001 From: Dalton Hubble Date: Sat, 26 Oct 2024 08:33:43 -0700 Subject: [PATCH 119/132] Update Kubernetes from v1.31.1 to v1.31.2 * https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.31.md#v1312 * Update Cilium from v1.16.1 to v1.16.3 * Update flannel from v0.25.6 to v0.26.0 --- CHANGES.md | 6 ++++ README.md | 10 +++---- aws/fedora-coreos/kubernetes/README.md | 2 +- aws/fedora-coreos/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/workers/butane/worker.yaml | 2 +- aws/flatcar-linux/kubernetes/README.md | 2 +- aws/flatcar-linux/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/workers/butane/worker.yaml | 2 +- azure/fedora-coreos/kubernetes/README.md | 2 +- azure/fedora-coreos/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/workers/butane/worker.yaml | 2 +- azure/flatcar-linux/kubernetes/README.md | 2 +- azure/flatcar-linux/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/workers/butane/worker.yaml | 2 +- bare-metal/fedora-coreos/kubernetes/README.md | 2 +- .../fedora-coreos/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/worker/butane/worker.yaml | 2 +- bare-metal/flatcar-linux/kubernetes/README.md | 2 +- .../flatcar-linux/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/worker/butane/worker.yaml | 2 +- .../fedora-coreos/kubernetes/README.md | 2 +- .../fedora-coreos/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/butane/worker.yaml | 2 +- .../flatcar-linux/kubernetes/README.md | 2 +- .../flatcar-linux/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/butane/worker.yaml | 2 +- docs/advanced/arm64.md | 28 +++++++++---------- docs/advanced/nodes.md | 8 +++--- docs/advanced/worker-pools.md | 22 +++++++-------- docs/fedora-coreos/aws.md | 10 +++---- docs/fedora-coreos/azure.md | 10 +++---- docs/fedora-coreos/bare-metal.md | 12 ++++---- docs/fedora-coreos/digitalocean.md | 10 +++---- docs/fedora-coreos/google-cloud.md | 10 +++---- docs/flatcar-linux/aws.md | 10 +++---- docs/flatcar-linux/azure.md | 10 +++---- docs/flatcar-linux/bare-metal.md | 12 ++++---- docs/flatcar-linux/digitalocean.md | 10 +++---- docs/flatcar-linux/google-cloud.md | 10 +++---- docs/index.md | 10 +++---- docs/topics/maintenance.md | 8 +++--- .../fedora-coreos/kubernetes/README.md | 2 +- .../fedora-coreos/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/workers/butane/worker.yaml | 2 +- .../flatcar-linux/kubernetes/README.md | 2 +- .../flatcar-linux/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/workers/butane/worker.yaml | 2 +- 57 files changed, 151 insertions(+), 145 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index 6f59c7bb..44e9ca75 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -4,6 +4,12 @@ Notable changes between versions. ## Latest +## v1.31.2 + +* Kubernetes [v1.31.2](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.31.md#v1312) +* Update Cilium from v1.16.1 to [v1.16.3](https://github.com/cilium/cilium/releases/tag/v1.16.3) +* Update flannel from v0.25.6 to [v0.26.0](https://github.com/flannel-io/flannel/releases/tag/v0.26.0) + ## v1.31.1 * Kubernetes [v1.31.1](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.31.md#v1311) diff --git a/README.md b/README.md index 055fd1e0..b264e9df 100644 --- a/README.md +++ b/README.md @@ -18,7 +18,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.31.1 (upstream) +* Kubernetes v1.31.2 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/), SELinux enforcing * Advanced features like [worker pools](https://typhoon.psdn.io/advanced/worker-pools/), [preemptible](https://typhoon.psdn.io/flatcar-linux/google-cloud/#preemption) workers, and [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization @@ -78,7 +78,7 @@ Define a Kubernetes cluster by using the Terraform module for your chosen platfo ```tf module "yavin" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.31.1" + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.31.2" # Google Cloud cluster_name = "yavin" @@ -118,9 +118,9 @@ In 4-8 minutes (varies by platform), the cluster will be ready. This Google Clou $ export KUBECONFIG=/home/user/.kube/configs/yavin-config $ kubectl get nodes NAME ROLES STATUS AGE VERSION -yavin-controller-0.c.example-com.internal Ready 6m v1.31.1 -yavin-worker-jrbf.c.example-com.internal Ready 5m v1.31.1 -yavin-worker-mzdm.c.example-com.internal Ready 5m v1.31.1 +yavin-controller-0.c.example-com.internal Ready 6m v1.31.2 +yavin-worker-jrbf.c.example-com.internal Ready 5m v1.31.2 +yavin-worker-mzdm.c.example-com.internal Ready 5m v1.31.2 ``` List the pods. diff --git a/aws/fedora-coreos/kubernetes/README.md b/aws/fedora-coreos/kubernetes/README.md index 7b94ced0..cc9afd87 100644 --- a/aws/fedora-coreos/kubernetes/README.md +++ b/aws/fedora-coreos/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.31.1 (upstream) +* Kubernetes v1.31.2 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/), SELinux enforcing * Advanced features like [worker pools](https://typhoon.psdn.io/advanced/worker-pools/), [spot](https://typhoon.psdn.io/fedora-coreos/aws/#spot) workers, and [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/aws/fedora-coreos/kubernetes/bootstrap.tf b/aws/fedora-coreos/kubernetes/bootstrap.tf index 3674567b..6047a8dc 100644 --- a/aws/fedora-coreos/kubernetes/bootstrap.tf +++ b/aws/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=1cfc6544945e7c178d6a69be2439a01e060d3528" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=95203db11c7f5dc7dacdeddd54bbcc4881624eae" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/aws/fedora-coreos/kubernetes/butane/controller.yaml b/aws/fedora-coreos/kubernetes/butane/controller.yaml index 00f57a77..0c763fe7 100644 --- a/aws/fedora-coreos/kubernetes/butane/controller.yaml +++ b/aws/fedora-coreos/kubernetes/butane/controller.yaml @@ -57,7 +57,7 @@ systemd: After=afterburn.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.1 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.2 EnvironmentFile=/run/metadata/afterburn ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests @@ -116,7 +116,7 @@ systemd: --volume /opt/bootstrap/assets:/assets:ro,Z \ --volume /opt/bootstrap/apply:/apply:ro,Z \ --entrypoint=/apply \ - quay.io/poseidon/kubelet:v1.31.1 + quay.io/poseidon/kubelet:v1.31.2 ExecStartPost=/bin/touch /opt/bootstrap/bootstrap.done ExecStartPost=-/usr/bin/podman stop bootstrap storage: diff --git a/aws/fedora-coreos/kubernetes/workers/butane/worker.yaml b/aws/fedora-coreos/kubernetes/workers/butane/worker.yaml index 8f8ea940..7cba67a9 100644 --- a/aws/fedora-coreos/kubernetes/workers/butane/worker.yaml +++ b/aws/fedora-coreos/kubernetes/workers/butane/worker.yaml @@ -29,7 +29,7 @@ systemd: After=afterburn.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.1 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.2 EnvironmentFile=/run/metadata/afterburn ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests diff --git a/aws/flatcar-linux/kubernetes/README.md b/aws/flatcar-linux/kubernetes/README.md index 90b94ead..f7753441 100644 --- a/aws/flatcar-linux/kubernetes/README.md +++ b/aws/flatcar-linux/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.31.1 (upstream) +* Kubernetes v1.31.2 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/) * Advanced features like [worker pools](https://typhoon.psdn.io/advanced/worker-pools/), [spot](https://typhoon.psdn.io/flatcar-linux/aws/#spot) workers, and [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/aws/flatcar-linux/kubernetes/bootstrap.tf b/aws/flatcar-linux/kubernetes/bootstrap.tf index 3674567b..6047a8dc 100644 --- a/aws/flatcar-linux/kubernetes/bootstrap.tf +++ b/aws/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=1cfc6544945e7c178d6a69be2439a01e060d3528" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=95203db11c7f5dc7dacdeddd54bbcc4881624eae" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/aws/flatcar-linux/kubernetes/butane/controller.yaml b/aws/flatcar-linux/kubernetes/butane/controller.yaml index 3f4148ad..85d8a580 100644 --- a/aws/flatcar-linux/kubernetes/butane/controller.yaml +++ b/aws/flatcar-linux/kubernetes/butane/controller.yaml @@ -58,7 +58,7 @@ systemd: After=coreos-metadata.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.1 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.2 EnvironmentFile=/run/metadata/coreos ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests @@ -109,7 +109,7 @@ systemd: Type=oneshot RemainAfterExit=true WorkingDirectory=/opt/bootstrap - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.1 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.2 ExecStart=/usr/bin/docker run \ -v /etc/kubernetes/pki:/etc/kubernetes/pki:ro \ -v /opt/bootstrap/assets:/assets:ro \ diff --git a/aws/flatcar-linux/kubernetes/workers/butane/worker.yaml b/aws/flatcar-linux/kubernetes/workers/butane/worker.yaml index cd369b96..9c66a3b8 100644 --- a/aws/flatcar-linux/kubernetes/workers/butane/worker.yaml +++ b/aws/flatcar-linux/kubernetes/workers/butane/worker.yaml @@ -30,7 +30,7 @@ systemd: After=coreos-metadata.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.1 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.2 EnvironmentFile=/run/metadata/coreos ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests diff --git a/azure/fedora-coreos/kubernetes/README.md b/azure/fedora-coreos/kubernetes/README.md index 02584247..c7203537 100644 --- a/azure/fedora-coreos/kubernetes/README.md +++ b/azure/fedora-coreos/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.31.1 (upstream) +* Kubernetes v1.31.2 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/), SELinux enforcing * Advanced features like [worker pools](https://typhoon.psdn.io/advanced/worker-pools/), [spot priority](https://typhoon.psdn.io/fedora-coreos/azure/#low-priority) workers, and [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/azure/fedora-coreos/kubernetes/bootstrap.tf b/azure/fedora-coreos/kubernetes/bootstrap.tf index fa980d68..47cbefe4 100644 --- a/azure/fedora-coreos/kubernetes/bootstrap.tf +++ b/azure/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=1cfc6544945e7c178d6a69be2439a01e060d3528" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=95203db11c7f5dc7dacdeddd54bbcc4881624eae" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/azure/fedora-coreos/kubernetes/butane/controller.yaml b/azure/fedora-coreos/kubernetes/butane/controller.yaml index 85f1bec7..cd8c3c24 100644 --- a/azure/fedora-coreos/kubernetes/butane/controller.yaml +++ b/azure/fedora-coreos/kubernetes/butane/controller.yaml @@ -54,7 +54,7 @@ systemd: Description=Kubelet (System Container) Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.1 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.2 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin @@ -111,7 +111,7 @@ systemd: --volume /opt/bootstrap/assets:/assets:ro,Z \ --volume /opt/bootstrap/apply:/apply:ro,Z \ --entrypoint=/apply \ - quay.io/poseidon/kubelet:v1.31.1 + quay.io/poseidon/kubelet:v1.31.2 ExecStartPost=/bin/touch /opt/bootstrap/bootstrap.done ExecStartPost=-/usr/bin/podman stop bootstrap storage: diff --git a/azure/fedora-coreos/kubernetes/workers/butane/worker.yaml b/azure/fedora-coreos/kubernetes/workers/butane/worker.yaml index 1a5df71c..8f5281cc 100644 --- a/azure/fedora-coreos/kubernetes/workers/butane/worker.yaml +++ b/azure/fedora-coreos/kubernetes/workers/butane/worker.yaml @@ -26,7 +26,7 @@ systemd: Description=Kubelet (System Container) Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.1 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.2 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin diff --git a/azure/flatcar-linux/kubernetes/README.md b/azure/flatcar-linux/kubernetes/README.md index 9856e71c..0f612d3d 100644 --- a/azure/flatcar-linux/kubernetes/README.md +++ b/azure/flatcar-linux/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.31.1 (upstream) +* Kubernetes v1.31.2 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/) * Advanced features like [worker pools](https://typhoon.psdn.io/advanced/worker-pools/), [low-priority](https://typhoon.psdn.io/flatcar-linux/azure/#low-priority) workers, and [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/azure/flatcar-linux/kubernetes/bootstrap.tf b/azure/flatcar-linux/kubernetes/bootstrap.tf index fa980d68..47cbefe4 100644 --- a/azure/flatcar-linux/kubernetes/bootstrap.tf +++ b/azure/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=1cfc6544945e7c178d6a69be2439a01e060d3528" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=95203db11c7f5dc7dacdeddd54bbcc4881624eae" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/azure/flatcar-linux/kubernetes/butane/controller.yaml b/azure/flatcar-linux/kubernetes/butane/controller.yaml index 3d0f9fd0..31c7d354 100644 --- a/azure/flatcar-linux/kubernetes/butane/controller.yaml +++ b/azure/flatcar-linux/kubernetes/butane/controller.yaml @@ -56,7 +56,7 @@ systemd: After=docker.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.1 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.2 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin @@ -105,7 +105,7 @@ systemd: Type=oneshot RemainAfterExit=true WorkingDirectory=/opt/bootstrap - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.1 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.2 ExecStart=/usr/bin/docker run \ -v /etc/kubernetes/pki:/etc/kubernetes/pki:ro \ -v /opt/bootstrap/assets:/assets:ro \ diff --git a/azure/flatcar-linux/kubernetes/workers/butane/worker.yaml b/azure/flatcar-linux/kubernetes/workers/butane/worker.yaml index 913d31e5..47d8b918 100644 --- a/azure/flatcar-linux/kubernetes/workers/butane/worker.yaml +++ b/azure/flatcar-linux/kubernetes/workers/butane/worker.yaml @@ -28,7 +28,7 @@ systemd: After=docker.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.1 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.2 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin diff --git a/bare-metal/fedora-coreos/kubernetes/README.md b/bare-metal/fedora-coreos/kubernetes/README.md index 5bec94c3..b38e7c2e 100644 --- a/bare-metal/fedora-coreos/kubernetes/README.md +++ b/bare-metal/fedora-coreos/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.31.1 (upstream) +* Kubernetes v1.31.2 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/), SELinux enforcing * Advanced features like [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/bare-metal/fedora-coreos/kubernetes/bootstrap.tf b/bare-metal/fedora-coreos/kubernetes/bootstrap.tf index 62020152..ddb29f52 100644 --- a/bare-metal/fedora-coreos/kubernetes/bootstrap.tf +++ b/bare-metal/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=1cfc6544945e7c178d6a69be2439a01e060d3528" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=95203db11c7f5dc7dacdeddd54bbcc4881624eae" cluster_name = var.cluster_name api_servers = [var.k8s_domain_name] diff --git a/bare-metal/fedora-coreos/kubernetes/butane/controller.yaml b/bare-metal/fedora-coreos/kubernetes/butane/controller.yaml index 4b3d451a..815dc118 100644 --- a/bare-metal/fedora-coreos/kubernetes/butane/controller.yaml +++ b/bare-metal/fedora-coreos/kubernetes/butane/controller.yaml @@ -53,7 +53,7 @@ systemd: Description=Kubelet (System Container) Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.1 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.2 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin @@ -113,7 +113,7 @@ systemd: Type=oneshot RemainAfterExit=true WorkingDirectory=/opt/bootstrap - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.1 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.2 ExecStartPre=-/usr/bin/podman rm bootstrap ExecStart=/usr/bin/podman run --name bootstrap \ --network host \ diff --git a/bare-metal/fedora-coreos/kubernetes/worker/butane/worker.yaml b/bare-metal/fedora-coreos/kubernetes/worker/butane/worker.yaml index c0c853c6..c00283a1 100644 --- a/bare-metal/fedora-coreos/kubernetes/worker/butane/worker.yaml +++ b/bare-metal/fedora-coreos/kubernetes/worker/butane/worker.yaml @@ -25,7 +25,7 @@ systemd: Description=Kubelet (System Container) Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.1 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.2 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin diff --git a/bare-metal/flatcar-linux/kubernetes/README.md b/bare-metal/flatcar-linux/kubernetes/README.md index 000e5052..f5c07fc0 100644 --- a/bare-metal/flatcar-linux/kubernetes/README.md +++ b/bare-metal/flatcar-linux/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.31.1 (upstream) +* Kubernetes v1.31.2 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/) * Advanced features like [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/bare-metal/flatcar-linux/kubernetes/bootstrap.tf b/bare-metal/flatcar-linux/kubernetes/bootstrap.tf index 0572aaca..b71135a8 100644 --- a/bare-metal/flatcar-linux/kubernetes/bootstrap.tf +++ b/bare-metal/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=1cfc6544945e7c178d6a69be2439a01e060d3528" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=95203db11c7f5dc7dacdeddd54bbcc4881624eae" cluster_name = var.cluster_name api_servers = [var.k8s_domain_name] diff --git a/bare-metal/flatcar-linux/kubernetes/butane/controller.yaml b/bare-metal/flatcar-linux/kubernetes/butane/controller.yaml index b9584682..8b311f0a 100644 --- a/bare-metal/flatcar-linux/kubernetes/butane/controller.yaml +++ b/bare-metal/flatcar-linux/kubernetes/butane/controller.yaml @@ -64,7 +64,7 @@ systemd: After=docker.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.1 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.2 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin @@ -114,7 +114,7 @@ systemd: Type=oneshot RemainAfterExit=true WorkingDirectory=/opt/bootstrap - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.1 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.2 ExecStart=/usr/bin/docker run \ -v /etc/kubernetes/pki:/etc/kubernetes/pki:ro \ -v /opt/bootstrap/assets:/assets:ro \ diff --git a/bare-metal/flatcar-linux/kubernetes/worker/butane/worker.yaml b/bare-metal/flatcar-linux/kubernetes/worker/butane/worker.yaml index aa748656..06635721 100644 --- a/bare-metal/flatcar-linux/kubernetes/worker/butane/worker.yaml +++ b/bare-metal/flatcar-linux/kubernetes/worker/butane/worker.yaml @@ -36,7 +36,7 @@ systemd: After=docker.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.1 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.2 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin diff --git a/digital-ocean/fedora-coreos/kubernetes/README.md b/digital-ocean/fedora-coreos/kubernetes/README.md index 15262592..fa132c1c 100644 --- a/digital-ocean/fedora-coreos/kubernetes/README.md +++ b/digital-ocean/fedora-coreos/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.31.1 (upstream) +* Kubernetes v1.31.2 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/), SELinux enforcing * Advanced features like [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/digital-ocean/fedora-coreos/kubernetes/bootstrap.tf b/digital-ocean/fedora-coreos/kubernetes/bootstrap.tf index dbdf74b5..30c77442 100644 --- a/digital-ocean/fedora-coreos/kubernetes/bootstrap.tf +++ b/digital-ocean/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=1cfc6544945e7c178d6a69be2439a01e060d3528" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=95203db11c7f5dc7dacdeddd54bbcc4881624eae" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/digital-ocean/fedora-coreos/kubernetes/butane/controller.yaml b/digital-ocean/fedora-coreos/kubernetes/butane/controller.yaml index 06d866a0..cba290bc 100644 --- a/digital-ocean/fedora-coreos/kubernetes/butane/controller.yaml +++ b/digital-ocean/fedora-coreos/kubernetes/butane/controller.yaml @@ -55,7 +55,7 @@ systemd: After=afterburn.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.1 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.2 EnvironmentFile=/run/metadata/afterburn ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests @@ -123,7 +123,7 @@ systemd: --volume /opt/bootstrap/assets:/assets:ro,Z \ --volume /opt/bootstrap/apply:/apply:ro,Z \ --entrypoint=/apply \ - quay.io/poseidon/kubelet:v1.31.1 + quay.io/poseidon/kubelet:v1.31.2 ExecStartPost=/bin/touch /opt/bootstrap/bootstrap.done ExecStartPost=-/usr/bin/podman stop bootstrap storage: diff --git a/digital-ocean/fedora-coreos/kubernetes/butane/worker.yaml b/digital-ocean/fedora-coreos/kubernetes/butane/worker.yaml index dd62e31a..2a8bb2e5 100644 --- a/digital-ocean/fedora-coreos/kubernetes/butane/worker.yaml +++ b/digital-ocean/fedora-coreos/kubernetes/butane/worker.yaml @@ -28,7 +28,7 @@ systemd: After=afterburn.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.1 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.2 EnvironmentFile=/run/metadata/afterburn ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests diff --git a/digital-ocean/flatcar-linux/kubernetes/README.md b/digital-ocean/flatcar-linux/kubernetes/README.md index 23705a89..a1470479 100644 --- a/digital-ocean/flatcar-linux/kubernetes/README.md +++ b/digital-ocean/flatcar-linux/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.31.1 (upstream) +* Kubernetes v1.31.2 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/) * Advanced features like [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/digital-ocean/flatcar-linux/kubernetes/bootstrap.tf b/digital-ocean/flatcar-linux/kubernetes/bootstrap.tf index dbdf74b5..30c77442 100644 --- a/digital-ocean/flatcar-linux/kubernetes/bootstrap.tf +++ b/digital-ocean/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=1cfc6544945e7c178d6a69be2439a01e060d3528" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=95203db11c7f5dc7dacdeddd54bbcc4881624eae" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/digital-ocean/flatcar-linux/kubernetes/butane/controller.yaml b/digital-ocean/flatcar-linux/kubernetes/butane/controller.yaml index e0f4f6f8..c840f56a 100644 --- a/digital-ocean/flatcar-linux/kubernetes/butane/controller.yaml +++ b/digital-ocean/flatcar-linux/kubernetes/butane/controller.yaml @@ -66,7 +66,7 @@ systemd: After=coreos-metadata.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.1 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.2 EnvironmentFile=/run/metadata/coreos ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests @@ -117,7 +117,7 @@ systemd: Type=oneshot RemainAfterExit=true WorkingDirectory=/opt/bootstrap - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.1 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.2 ExecStart=/usr/bin/docker run \ -v /etc/kubernetes/pki:/etc/kubernetes/pki:ro \ -v /opt/bootstrap/assets:/assets:ro \ diff --git a/digital-ocean/flatcar-linux/kubernetes/butane/worker.yaml b/digital-ocean/flatcar-linux/kubernetes/butane/worker.yaml index 973d07bd..55221853 100644 --- a/digital-ocean/flatcar-linux/kubernetes/butane/worker.yaml +++ b/digital-ocean/flatcar-linux/kubernetes/butane/worker.yaml @@ -38,7 +38,7 @@ systemd: After=coreos-metadata.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.1 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.2 EnvironmentFile=/run/metadata/coreos ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests diff --git a/docs/advanced/arm64.md b/docs/advanced/arm64.md index d85926dd..c7c554cf 100644 --- a/docs/advanced/arm64.md +++ b/docs/advanced/arm64.md @@ -13,7 +13,7 @@ Create a cluster on AWS with ARM64 controller and worker nodes. Container worklo ```tf module "gravitas" { - source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes?ref=v1.31.1" + source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes?ref=v1.31.2" # AWS cluster_name = "gravitas" @@ -37,7 +37,7 @@ Create a cluster on AWS with ARM64 controller and worker nodes. Container worklo ```tf module "gravitas" { - source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes?ref=v1.31.1" + source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes?ref=v1.31.2" # AWS cluster_name = "gravitas" @@ -62,9 +62,9 @@ Verify the cluster has only arm64 (`aarch64`) nodes. For Flatcar Linux, describe ``` $ kubectl get nodes -o wide NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME -ip-10-0-21-119 Ready 77s v1.31.1 10.0.21.119 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.aarch64 containerd://1.5.8 -ip-10-0-32-166 Ready 80s v1.31.1 10.0.32.166 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.aarch64 containerd://1.5.8 -ip-10-0-5-79 Ready 77s v1.31.1 10.0.5.79 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.aarch64 containerd://1.5.8 +ip-10-0-21-119 Ready 77s v1.31.2 10.0.21.119 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.aarch64 containerd://1.5.8 +ip-10-0-32-166 Ready 80s v1.31.2 10.0.32.166 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.aarch64 containerd://1.5.8 +ip-10-0-5-79 Ready 77s v1.31.2 10.0.5.79 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.aarch64 containerd://1.5.8 ``` ## Azure @@ -73,7 +73,7 @@ Create a cluster on Azure with ARM64 controller and worker nodes. Container work ```tf module "ramius" { - source = "git::https://github.com/poseidon/typhoon//azure/flatcar-linux/kubernetes?ref=v1.31.1" + source = "git::https://github.com/poseidon/typhoon//azure/flatcar-linux/kubernetes?ref=v1.31.2" # Azure cluster_name = "ramius" @@ -103,7 +103,7 @@ Here's an AWS example, ```tf module "gravitas" { - source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes?ref=v1.31.1" + source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes?ref=v1.31.2" # AWS cluster_name = "gravitas" @@ -127,7 +127,7 @@ Here's an AWS example, ```tf module "gravitas" { - source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes?ref=v1.31.1" + source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes?ref=v1.31.2" # AWS cluster_name = "gravitas" @@ -151,7 +151,7 @@ Here's an AWS example, ```tf module "gravitas-arm64" { - source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes/workers?ref=v1.31.1" + source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes/workers?ref=v1.31.2" # AWS vpc_id = module.gravitas.vpc_id @@ -175,7 +175,7 @@ Here's an AWS example, ```tf module "gravitas-arm64" { - source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes/workers?ref=v1.31.1" + source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes/workers?ref=v1.31.2" # AWS vpc_id = module.gravitas.vpc_id @@ -200,9 +200,9 @@ Verify amd64 (x86_64) and arm64 (aarch64) nodes are present. ``` $ kubectl get nodes -o wide NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME -ip-10-0-1-73 Ready 111m v1.31.1 10.0.1.73 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.x86_64 containerd://1.5.8 -ip-10-0-22-79... Ready 111m v1.31.1 10.0.22.79 Flatcar Container Linux by Kinvolk 3033.2.0 (Oklo) 5.10.84-flatcar containerd://1.5.8 -ip-10-0-24-130 Ready 111m v1.31.1 10.0.24.130 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.x86_64 containerd://1.5.8 -ip-10-0-39-19 Ready 111m v1.31.1 10.0.39.19 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.x86_64 containerd://1.5.8 +ip-10-0-1-73 Ready 111m v1.31.2 10.0.1.73 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.x86_64 containerd://1.5.8 +ip-10-0-22-79... Ready 111m v1.31.2 10.0.22.79 Flatcar Container Linux by Kinvolk 3033.2.0 (Oklo) 5.10.84-flatcar containerd://1.5.8 +ip-10-0-24-130 Ready 111m v1.31.2 10.0.24.130 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.x86_64 containerd://1.5.8 +ip-10-0-39-19 Ready 111m v1.31.2 10.0.39.19 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.x86_64 containerd://1.5.8 ``` diff --git a/docs/advanced/nodes.md b/docs/advanced/nodes.md index d56e7ff3..d44b96a0 100644 --- a/docs/advanced/nodes.md +++ b/docs/advanced/nodes.md @@ -36,7 +36,7 @@ Add custom initial worker node labels to default workers or worker pool nodes to ```tf module "yavin" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.31.1" + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.31.2" # Google Cloud cluster_name = "yavin" @@ -57,7 +57,7 @@ Add custom initial worker node labels to default workers or worker pool nodes to ```tf module "yavin-pool" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes/workers?ref=v1.31.1" + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes/workers?ref=v1.31.2" # Google Cloud cluster_name = "yavin" @@ -89,7 +89,7 @@ Add custom initial taints on worker pool nodes to indicate a node is unique and ```tf module "yavin" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.31.1" + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.31.2" # Google Cloud cluster_name = "yavin" @@ -110,7 +110,7 @@ Add custom initial taints on worker pool nodes to indicate a node is unique and ```tf module "yavin-pool" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes/workers?ref=v1.31.1" + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes/workers?ref=v1.31.2" # Google Cloud cluster_name = "yavin" diff --git a/docs/advanced/worker-pools.md b/docs/advanced/worker-pools.md index ea152ddf..c9a5e686 100644 --- a/docs/advanced/worker-pools.md +++ b/docs/advanced/worker-pools.md @@ -19,7 +19,7 @@ Create a cluster following the AWS [tutorial](../flatcar-linux/aws.md#cluster). ```tf module "tempest-worker-pool" { - source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes/workers?ref=v1.31.1" + source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes/workers?ref=v1.31.2" # AWS vpc_id = module.tempest.vpc_id @@ -42,7 +42,7 @@ Create a cluster following the AWS [tutorial](../flatcar-linux/aws.md#cluster). ```tf module "tempest-worker-pool" { - source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes/workers?ref=v1.31.1" + source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes/workers?ref=v1.31.2" # AWS vpc_id = module.tempest.vpc_id @@ -111,7 +111,7 @@ Create a cluster following the Azure [tutorial](../flatcar-linux/azure.md#cluste ```tf module "ramius-worker-pool" { - source = "git::https://github.com/poseidon/typhoon//azure/fedora-coreos/kubernetes/workers?ref=v1.31.1" + source = "git::https://github.com/poseidon/typhoon//azure/fedora-coreos/kubernetes/workers?ref=v1.31.2" # Azure location = module.ramius.location @@ -137,7 +137,7 @@ Create a cluster following the Azure [tutorial](../flatcar-linux/azure.md#cluste ```tf module "ramius-worker-pool" { - source = "git::https://github.com/poseidon/typhoon//azure/flatcar-linux/kubernetes/workers?ref=v1.31.1" + source = "git::https://github.com/poseidon/typhoon//azure/flatcar-linux/kubernetes/workers?ref=v1.31.2" # Azure location = module.ramius.location @@ -207,7 +207,7 @@ Create a cluster following the Google Cloud [tutorial](../flatcar-linux/google-c ```tf module "yavin-worker-pool" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes/workers?ref=v1.31.1" + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes/workers?ref=v1.31.2" # Google Cloud region = "europe-west2" @@ -231,7 +231,7 @@ Create a cluster following the Google Cloud [tutorial](../flatcar-linux/google-c ```tf module "yavin-worker-pool" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/flatcar-linux/kubernetes/workers?ref=v1.31.1" + source = "git::https://github.com/poseidon/typhoon//google-cloud/flatcar-linux/kubernetes/workers?ref=v1.31.2" # Google Cloud region = "europe-west2" @@ -262,11 +262,11 @@ Verify a managed instance group of workers joins the cluster within a few minute ``` $ kubectl get nodes NAME STATUS AGE VERSION -yavin-controller-0.c.example-com.internal Ready 6m v1.31.1 -yavin-worker-jrbf.c.example-com.internal Ready 5m v1.31.1 -yavin-worker-mzdm.c.example-com.internal Ready 5m v1.31.1 -yavin-16x-worker-jrbf.c.example-com.internal Ready 3m v1.31.1 -yavin-16x-worker-mzdm.c.example-com.internal Ready 3m v1.31.1 +yavin-controller-0.c.example-com.internal Ready 6m v1.31.2 +yavin-worker-jrbf.c.example-com.internal Ready 5m v1.31.2 +yavin-worker-mzdm.c.example-com.internal Ready 5m v1.31.2 +yavin-16x-worker-jrbf.c.example-com.internal Ready 3m v1.31.2 +yavin-16x-worker-mzdm.c.example-com.internal Ready 3m v1.31.2 ``` ### Variables diff --git a/docs/fedora-coreos/aws.md b/docs/fedora-coreos/aws.md index f20de0a9..8261c676 100644 --- a/docs/fedora-coreos/aws.md +++ b/docs/fedora-coreos/aws.md @@ -1,6 +1,6 @@ # AWS -In this tutorial, we'll create a Kubernetes v1.31.1 cluster on AWS with Fedora CoreOS. +In this tutorial, we'll create a Kubernetes v1.31.2 cluster on AWS with Fedora CoreOS. We'll declare a Kubernetes cluster using the Typhoon Terraform module. Then apply the changes to create a VPC, gateway, subnets, security groups, controller instances, worker auto-scaling group, network load balancer, and TLS assets. @@ -72,7 +72,7 @@ Define a Kubernetes cluster using the module `aws/fedora-coreos/kubernetes`. ```tf module "tempest" { - source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes?ref=v1.31.1" + source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes?ref=v1.31.2" # AWS cluster_name = "tempest" @@ -146,9 +146,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/tempest-config $ kubectl get nodes NAME STATUS ROLES AGE VERSION -ip-10-0-3-155 Ready 10m v1.31.1 -ip-10-0-26-65 Ready 10m v1.31.1 -ip-10-0-41-21 Ready 10m v1.31.1 +ip-10-0-3-155 Ready 10m v1.31.2 +ip-10-0-26-65 Ready 10m v1.31.2 +ip-10-0-41-21 Ready 10m v1.31.2 ``` List the pods. diff --git a/docs/fedora-coreos/azure.md b/docs/fedora-coreos/azure.md index 8f0c18ad..fbc044e4 100644 --- a/docs/fedora-coreos/azure.md +++ b/docs/fedora-coreos/azure.md @@ -1,6 +1,6 @@ # Azure -In this tutorial, we'll create a Kubernetes v1.31.1 cluster on Azure with Fedora CoreOS. +In this tutorial, we'll create a Kubernetes v1.31.2 cluster on Azure with Fedora CoreOS. We'll declare a Kubernetes cluster using the Typhoon Terraform module. Then apply the changes to create a resource group, virtual network, subnets, security groups, controller availability set, worker scale set, load balancer, and TLS assets. @@ -86,7 +86,7 @@ Define a Kubernetes cluster using the module `azure/fedora-coreos/kubernetes`. ```tf module "ramius" { - source = "git::https://github.com/poseidon/typhoon//azure/fedora-coreos/kubernetes?ref=v1.31.1" + source = "git::https://github.com/poseidon/typhoon//azure/fedora-coreos/kubernetes?ref=v1.31.2" # Azure cluster_name = "ramius" @@ -164,9 +164,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/ramius-config $ kubectl get nodes NAME STATUS ROLES AGE VERSION -ramius-controller-0 Ready 24m v1.31.1 -ramius-worker-000001 Ready 25m v1.31.1 -ramius-worker-000002 Ready 24m v1.31.1 +ramius-controller-0 Ready 24m v1.31.2 +ramius-worker-000001 Ready 25m v1.31.2 +ramius-worker-000002 Ready 24m v1.31.2 ``` List the pods. diff --git a/docs/fedora-coreos/bare-metal.md b/docs/fedora-coreos/bare-metal.md index 0e8df442..25c05388 100644 --- a/docs/fedora-coreos/bare-metal.md +++ b/docs/fedora-coreos/bare-metal.md @@ -1,6 +1,6 @@ # Bare-Metal -In this tutorial, we'll network boot and provision a Kubernetes v1.31.1 cluster on bare-metal with Fedora CoreOS. +In this tutorial, we'll network boot and provision a Kubernetes v1.31.2 cluster on bare-metal with Fedora CoreOS. First, we'll deploy a [Matchbox](https://github.com/poseidon/matchbox) service and setup a network boot environment. Then, we'll declare a Kubernetes cluster using the Typhoon Terraform module and power on machines. On PXE boot, machines will install Fedora CoreOS to disk, reboot into the disk install, and provision themselves as Kubernetes controllers or workers via Ignition. @@ -154,7 +154,7 @@ Define a Kubernetes cluster using the module `bare-metal/fedora-coreos/kubernete ```tf module "mercury" { - source = "git::https://github.com/poseidon/typhoon//bare-metal/fedora-coreos/kubernetes?ref=v1.31.1" + source = "git::https://github.com/poseidon/typhoon//bare-metal/fedora-coreos/kubernetes?ref=v1.31.2" # bare-metal cluster_name = "mercury" @@ -191,7 +191,7 @@ Workers with similar features can be defined inline using the `workers` field as ```tf module "mercury-node1" { - source = "git::https://github.com/poseidon/typhoon//bare-metal/fedora-coreos/kubernetes/worker?ref=v1.31.1" + source = "git::https://github.com/poseidon/typhoon//bare-metal/fedora-coreos/kubernetes/worker?ref=v1.31.2" # bare-metal cluster_name = "mercury" @@ -314,9 +314,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/mercury-config $ kubectl get nodes NAME STATUS ROLES AGE VERSION -node1.example.com Ready 10m v1.31.1 -node2.example.com Ready 10m v1.31.1 -node3.example.com Ready 10m v1.31.1 +node1.example.com Ready 10m v1.31.2 +node2.example.com Ready 10m v1.31.2 +node3.example.com Ready 10m v1.31.2 ``` List the pods. diff --git a/docs/fedora-coreos/digitalocean.md b/docs/fedora-coreos/digitalocean.md index eea0f7d0..239206e3 100644 --- a/docs/fedora-coreos/digitalocean.md +++ b/docs/fedora-coreos/digitalocean.md @@ -1,6 +1,6 @@ # DigitalOcean -In this tutorial, we'll create a Kubernetes v1.31.1 cluster on DigitalOcean with Fedora CoreOS. +In this tutorial, we'll create a Kubernetes v1.31.2 cluster on DigitalOcean with Fedora CoreOS. We'll declare a Kubernetes cluster using the Typhoon Terraform module. Then apply the changes to create controller droplets, worker droplets, DNS records, tags, and TLS assets. @@ -81,7 +81,7 @@ Define a Kubernetes cluster using the module `digital-ocean/fedora-coreos/kubern ```tf module "nemo" { - source = "git::https://github.com/poseidon/typhoon//digital-ocean/fedora-coreos/kubernetes?ref=v1.31.1" + source = "git::https://github.com/poseidon/typhoon//digital-ocean/fedora-coreos/kubernetes?ref=v1.31.2" # Digital Ocean cluster_name = "nemo" @@ -156,9 +156,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/nemo-config $ kubectl get nodes NAME STATUS ROLES AGE VERSION -10.132.110.130 Ready 10m v1.31.1 -10.132.115.81 Ready 10m v1.31.1 -10.132.124.107 Ready 10m v1.31.1 +10.132.110.130 Ready 10m v1.31.2 +10.132.115.81 Ready 10m v1.31.2 +10.132.124.107 Ready 10m v1.31.2 ``` List the pods. diff --git a/docs/fedora-coreos/google-cloud.md b/docs/fedora-coreos/google-cloud.md index 73198d37..552ffd77 100644 --- a/docs/fedora-coreos/google-cloud.md +++ b/docs/fedora-coreos/google-cloud.md @@ -1,6 +1,6 @@ # Google Cloud -In this tutorial, we'll create a Kubernetes v1.31.1 cluster on Google Compute Engine with Fedora CoreOS. +In this tutorial, we'll create a Kubernetes v1.31.2 cluster on Google Compute Engine with Fedora CoreOS. We'll declare a Kubernetes cluster using the Typhoon Terraform module. Then apply the changes to create a network, firewall rules, health checks, controller instances, worker managed instance group, load balancers, and TLS assets. @@ -73,7 +73,7 @@ Define a Kubernetes cluster using the module `google-cloud/fedora-coreos/kuberne ```tf module "yavin" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.31.1" + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.31.2" # Google Cloud cluster_name = "yavin" @@ -148,9 +148,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/yavin-config $ kubectl get nodes NAME ROLES STATUS AGE VERSION -yavin-controller-0.c.example-com.internal Ready 6m v1.31.1 -yavin-worker-jrbf.c.example-com.internal Ready 5m v1.31.1 -yavin-worker-mzdm.c.example-com.internal Ready 5m v1.31.1 +yavin-controller-0.c.example-com.internal Ready 6m v1.31.2 +yavin-worker-jrbf.c.example-com.internal Ready 5m v1.31.2 +yavin-worker-mzdm.c.example-com.internal Ready 5m v1.31.2 ``` List the pods. diff --git a/docs/flatcar-linux/aws.md b/docs/flatcar-linux/aws.md index b61a8a79..a279fdfb 100644 --- a/docs/flatcar-linux/aws.md +++ b/docs/flatcar-linux/aws.md @@ -1,6 +1,6 @@ # AWS -In this tutorial, we'll create a Kubernetes v1.31.1 cluster on AWS with Flatcar Linux. +In this tutorial, we'll create a Kubernetes v1.31.2 cluster on AWS with Flatcar Linux. We'll declare a Kubernetes cluster using the Typhoon Terraform module. Then apply the changes to create a VPC, gateway, subnets, security groups, controller instances, worker auto-scaling group, network load balancer, and TLS assets. @@ -72,7 +72,7 @@ Define a Kubernetes cluster using the module `aws/flatcar-linux/kubernetes`. ```tf module "tempest" { - source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes?ref=v1.31.1" + source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes?ref=v1.31.2" # AWS cluster_name = "tempest" @@ -146,9 +146,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/tempest-config $ kubectl get nodes NAME STATUS ROLES AGE VERSION -ip-10-0-3-155 Ready 10m v1.31.1 -ip-10-0-26-65 Ready 10m v1.31.1 -ip-10-0-41-21 Ready 10m v1.31.1 +ip-10-0-3-155 Ready 10m v1.31.2 +ip-10-0-26-65 Ready 10m v1.31.2 +ip-10-0-41-21 Ready 10m v1.31.2 ``` List the pods. diff --git a/docs/flatcar-linux/azure.md b/docs/flatcar-linux/azure.md index e33f6e65..19fbaabe 100644 --- a/docs/flatcar-linux/azure.md +++ b/docs/flatcar-linux/azure.md @@ -1,6 +1,6 @@ # Azure -In this tutorial, we'll create a Kubernetes v1.31.1 cluster on Azure with Flatcar Linux. +In this tutorial, we'll create a Kubernetes v1.31.2 cluster on Azure with Flatcar Linux. We'll declare a Kubernetes cluster using the Typhoon Terraform module. Then apply the changes to create a resource group, virtual network, subnets, security groups, controller availability set, worker scale set, load balancer, and TLS assets. @@ -75,7 +75,7 @@ Define a Kubernetes cluster using the module `azure/flatcar-linux/kubernetes`. ```tf module "ramius" { - source = "git::https://github.com/poseidon/typhoon//azure/flatcar-linux/kubernetes?ref=v1.31.1" + source = "git::https://github.com/poseidon/typhoon//azure/flatcar-linux/kubernetes?ref=v1.31.2" # Azure cluster_name = "ramius" @@ -152,9 +152,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/ramius-config $ kubectl get nodes NAME STATUS ROLES AGE VERSION -ramius-controller-0 Ready 24m v1.31.1 -ramius-worker-000001 Ready 25m v1.31.1 -ramius-worker-000002 Ready 24m v1.31.1 +ramius-controller-0 Ready 24m v1.31.2 +ramius-worker-000001 Ready 25m v1.31.2 +ramius-worker-000002 Ready 24m v1.31.2 ``` List the pods. diff --git a/docs/flatcar-linux/bare-metal.md b/docs/flatcar-linux/bare-metal.md index 61355940..5137d040 100644 --- a/docs/flatcar-linux/bare-metal.md +++ b/docs/flatcar-linux/bare-metal.md @@ -1,6 +1,6 @@ # Bare-Metal -In this tutorial, we'll network boot and provision a Kubernetes v1.31.1 cluster on bare-metal with Flatcar Linux. +In this tutorial, we'll network boot and provision a Kubernetes v1.31.2 cluster on bare-metal with Flatcar Linux. First, we'll deploy a [Matchbox](https://github.com/poseidon/matchbox) service and setup a network boot environment. Then, we'll declare a Kubernetes cluster using the Typhoon Terraform module and power on machines. On PXE boot, machines will install Container Linux to disk, reboot into the disk install, and provision themselves as Kubernetes controllers or workers via Ignition. @@ -154,7 +154,7 @@ Define a Kubernetes cluster using the module `bare-metal/flatcar-linux/kubernete ```tf module "mercury" { - source = "git::https://github.com/poseidon/typhoon//bare-metal/flatcar-linux/kubernetes?ref=v1.31.1" + source = "git::https://github.com/poseidon/typhoon//bare-metal/flatcar-linux/kubernetes?ref=v1.31.2" # bare-metal cluster_name = "mercury" @@ -194,7 +194,7 @@ Workers with similar features can be defined inline using the `workers` field as ```tf module "mercury-node1" { - source = "git::https://github.com/poseidon/typhoon//bare-metal/fedora-coreos/kubernetes/worker?ref=v1.31.1" + source = "git::https://github.com/poseidon/typhoon//bare-metal/fedora-coreos/kubernetes/worker?ref=v1.31.2" # bare-metal cluster_name = "mercury" @@ -324,9 +324,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/mercury-config $ kubectl get nodes NAME STATUS ROLES AGE VERSION -node1.example.com Ready 10m v1.31.1 -node2.example.com Ready 10m v1.31.1 -node3.example.com Ready 10m v1.31.1 +node1.example.com Ready 10m v1.31.2 +node2.example.com Ready 10m v1.31.2 +node3.example.com Ready 10m v1.31.2 ``` List the pods. diff --git a/docs/flatcar-linux/digitalocean.md b/docs/flatcar-linux/digitalocean.md index f4b82345..961ca521 100644 --- a/docs/flatcar-linux/digitalocean.md +++ b/docs/flatcar-linux/digitalocean.md @@ -1,6 +1,6 @@ # DigitalOcean -In this tutorial, we'll create a Kubernetes v1.31.1 cluster on DigitalOcean with Flatcar Linux. +In this tutorial, we'll create a Kubernetes v1.31.2 cluster on DigitalOcean with Flatcar Linux. We'll declare a Kubernetes cluster using the Typhoon Terraform module. Then apply the changes to create controller droplets, worker droplets, DNS records, tags, and TLS assets. @@ -81,7 +81,7 @@ Define a Kubernetes cluster using the module `digital-ocean/flatcar-linux/kubern ```tf module "nemo" { - source = "git::https://github.com/poseidon/typhoon//digital-ocean/flatcar-linux/kubernetes?ref=v1.31.1" + source = "git::https://github.com/poseidon/typhoon//digital-ocean/flatcar-linux/kubernetes?ref=v1.31.2" # Digital Ocean cluster_name = "nemo" @@ -156,9 +156,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/nemo-config $ kubectl get nodes NAME STATUS ROLES AGE VERSION -10.132.110.130 Ready 10m v1.31.1 -10.132.115.81 Ready 10m v1.31.1 -10.132.124.107 Ready 10m v1.31.1 +10.132.110.130 Ready 10m v1.31.2 +10.132.115.81 Ready 10m v1.31.2 +10.132.124.107 Ready 10m v1.31.2 ``` List the pods. diff --git a/docs/flatcar-linux/google-cloud.md b/docs/flatcar-linux/google-cloud.md index e9c6ca3f..712ab54a 100644 --- a/docs/flatcar-linux/google-cloud.md +++ b/docs/flatcar-linux/google-cloud.md @@ -1,6 +1,6 @@ # Google Cloud -In this tutorial, we'll create a Kubernetes v1.31.1 cluster on Google Compute Engine with Flatcar Linux. +In this tutorial, we'll create a Kubernetes v1.31.2 cluster on Google Compute Engine with Flatcar Linux. We'll declare a Kubernetes cluster using the Typhoon Terraform module. Then apply the changes to create a network, firewall rules, health checks, controller instances, worker managed instance group, load balancers, and TLS assets. @@ -73,7 +73,7 @@ Define a Kubernetes cluster using the module `google-cloud/flatcar-linux/kuberne ```tf module "yavin" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/flatcar-linux/kubernetes?ref=v1.31.1" + source = "git::https://github.com/poseidon/typhoon//google-cloud/flatcar-linux/kubernetes?ref=v1.31.2" # Google Cloud cluster_name = "yavin" @@ -148,9 +148,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/yavin-config $ kubectl get nodes NAME ROLES STATUS AGE VERSION -yavin-controller-0.c.example-com.internal Ready 6m v1.31.1 -yavin-worker-jrbf.c.example-com.internal Ready 5m v1.31.1 -yavin-worker-mzdm.c.example-com.internal Ready 5m v1.31.1 +yavin-controller-0.c.example-com.internal Ready 6m v1.31.2 +yavin-worker-jrbf.c.example-com.internal Ready 5m v1.31.2 +yavin-worker-mzdm.c.example-com.internal Ready 5m v1.31.2 ``` List the pods. diff --git a/docs/index.md b/docs/index.md index 798016d8..c56e9b20 100644 --- a/docs/index.md +++ b/docs/index.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.31.1 (upstream) +* Kubernetes v1.31.2 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/), SELinux enforcing * Advanced features like [worker pools](advanced/worker-pools/), [preemptible](fedora-coreos/google-cloud/#preemption) workers, and [snippets](advanced/customization/#hosts) customization @@ -70,7 +70,7 @@ Define a Kubernetes cluster by using the Terraform module for your chosen platfo ```tf module "yavin" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.31.1" + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.31.2" # Google Cloud cluster_name = "yavin" @@ -109,9 +109,9 @@ In 4-8 minutes (varies by platform), the cluster will be ready. This Google Clou $ export KUBECONFIG=/home/user/.kube/configs/yavin-config $ kubectl get nodes NAME ROLES STATUS AGE VERSION -yavin-controller-0.c.example-com.internal Ready 6m v1.31.1 -yavin-worker-jrbf.c.example-com.internal Ready 5m v1.31.1 -yavin-worker-mzdm.c.example-com.internal Ready 5m v1.31.1 +yavin-controller-0.c.example-com.internal Ready 6m v1.31.2 +yavin-worker-jrbf.c.example-com.internal Ready 5m v1.31.2 +yavin-worker-mzdm.c.example-com.internal Ready 5m v1.31.2 ``` List the pods. diff --git a/docs/topics/maintenance.md b/docs/topics/maintenance.md index 41df6ecf..1e795fa2 100644 --- a/docs/topics/maintenance.md +++ b/docs/topics/maintenance.md @@ -13,12 +13,12 @@ Typhoon provides tagged releases to allow clusters to be versioned using ordinar ``` module "yavin" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.31.1" + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.31.2" ... } module "mercury" { - source = "git::https://github.com/poseidon/typhoon//bare-metal/flatcar-linux/kubernetes?ref=v1.31.1" + source = "git::https://github.com/poseidon/typhoon//bare-metal/flatcar-linux/kubernetes?ref=v1.31.2" ... } ``` @@ -192,7 +192,7 @@ Applying edits to most worker fields will start an instance refresh: However, changing `os_stream`/`os_channel` or new AMIs becoming available will NOT change the launch configuration or trigger an Instance Refresh. This allows Fedora CoreOS or Flatcar Linux to auto-update themselves via reboots and avoids unexpected terraform diffs for new AMIs. !!! note - Before Typhoon v1.31.1, worker nodes only used new launch configurations when replaced manually (or due to failure). If you must change node configuration manually, it's still possible. Create a new [worker pool](../advanced/worker-pools.md), then scale down the old worker pool as desired. + Before Typhoon v1.31.2, worker nodes only used new launch configurations when replaced manually (or due to failure). If you must change node configuration manually, it's still possible. Create a new [worker pool](../advanced/worker-pools.md), then scale down the old worker pool as desired. ### Google Cloud @@ -233,7 +233,7 @@ Applying edits to most worker fields will start an instance refresh: However, changing `os_stream`/`os_channel` or new compute images becoming available will NOT change the launch template or update instances. This allows Fedora CoreOS or Flatcar Linux to auto-update themselves via reboots and avoids unexpected terraform diffs for new AMIs. !!! note - Before Typhoon v1.31.1, worker nodes only used new launch templates when replaced manually (or due to failure). If you must change node configuration manually, it's still possible. Create a new [worker pool](../advanced/worker-pools.md), then scale down the old worker pool as desired. + Before Typhoon v1.31.2, worker nodes only used new launch templates when replaced manually (or due to failure). If you must change node configuration manually, it's still possible. Create a new [worker pool](../advanced/worker-pools.md), then scale down the old worker pool as desired. ## Upgrade poseidon/ct diff --git a/google-cloud/fedora-coreos/kubernetes/README.md b/google-cloud/fedora-coreos/kubernetes/README.md index 92c93a4d..6fe6573a 100644 --- a/google-cloud/fedora-coreos/kubernetes/README.md +++ b/google-cloud/fedora-coreos/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.31.1 (upstream) +* Kubernetes v1.31.2 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/), SELinux enforcing * Advanced features like [worker pools](https://typhoon.psdn.io/advanced/worker-pools/), [preemptible](https://typhoon.psdn.io/fedora-coreos/google-cloud/#preemption) workers, and [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/google-cloud/fedora-coreos/kubernetes/bootstrap.tf b/google-cloud/fedora-coreos/kubernetes/bootstrap.tf index c4ef1a5b..fae5f1a2 100644 --- a/google-cloud/fedora-coreos/kubernetes/bootstrap.tf +++ b/google-cloud/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=1cfc6544945e7c178d6a69be2439a01e060d3528" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=95203db11c7f5dc7dacdeddd54bbcc4881624eae" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/google-cloud/fedora-coreos/kubernetes/butane/controller.yaml b/google-cloud/fedora-coreos/kubernetes/butane/controller.yaml index d28b30a9..ba48732b 100644 --- a/google-cloud/fedora-coreos/kubernetes/butane/controller.yaml +++ b/google-cloud/fedora-coreos/kubernetes/butane/controller.yaml @@ -54,7 +54,7 @@ systemd: Description=Kubelet (System Container) Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.1 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.2 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin @@ -111,7 +111,7 @@ systemd: --volume /opt/bootstrap/assets:/assets:ro,Z \ --volume /opt/bootstrap/apply:/apply:ro,Z \ --entrypoint=/apply \ - quay.io/poseidon/kubelet:v1.31.1 + quay.io/poseidon/kubelet:v1.31.2 ExecStartPost=/bin/touch /opt/bootstrap/bootstrap.done ExecStartPost=-/usr/bin/podman stop bootstrap storage: diff --git a/google-cloud/fedora-coreos/kubernetes/workers/butane/worker.yaml b/google-cloud/fedora-coreos/kubernetes/workers/butane/worker.yaml index f972334b..0b828fb0 100644 --- a/google-cloud/fedora-coreos/kubernetes/workers/butane/worker.yaml +++ b/google-cloud/fedora-coreos/kubernetes/workers/butane/worker.yaml @@ -26,7 +26,7 @@ systemd: Description=Kubelet (System Container) Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.1 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.2 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin diff --git a/google-cloud/flatcar-linux/kubernetes/README.md b/google-cloud/flatcar-linux/kubernetes/README.md index b9b3c0f5..43fa0aa5 100644 --- a/google-cloud/flatcar-linux/kubernetes/README.md +++ b/google-cloud/flatcar-linux/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.31.1 (upstream) +* Kubernetes v1.31.2 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/) * Advanced features like [worker pools](https://typhoon.psdn.io/advanced/worker-pools/), [preemptible](https://typhoon.psdn.io/flatcar-linux/google-cloud/#preemption) workers, and [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/google-cloud/flatcar-linux/kubernetes/bootstrap.tf b/google-cloud/flatcar-linux/kubernetes/bootstrap.tf index c4ef1a5b..fae5f1a2 100644 --- a/google-cloud/flatcar-linux/kubernetes/bootstrap.tf +++ b/google-cloud/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=1cfc6544945e7c178d6a69be2439a01e060d3528" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=95203db11c7f5dc7dacdeddd54bbcc4881624eae" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/google-cloud/flatcar-linux/kubernetes/butane/controller.yaml b/google-cloud/flatcar-linux/kubernetes/butane/controller.yaml index 68253279..a8bef091 100644 --- a/google-cloud/flatcar-linux/kubernetes/butane/controller.yaml +++ b/google-cloud/flatcar-linux/kubernetes/butane/controller.yaml @@ -56,7 +56,7 @@ systemd: After=docker.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.1 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.2 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin @@ -105,7 +105,7 @@ systemd: Type=oneshot RemainAfterExit=true WorkingDirectory=/opt/bootstrap - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.1 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.2 ExecStart=/usr/bin/docker run \ -v /etc/kubernetes/pki:/etc/kubernetes/pki:ro \ -v /opt/bootstrap/assets:/assets:ro \ diff --git a/google-cloud/flatcar-linux/kubernetes/workers/butane/worker.yaml b/google-cloud/flatcar-linux/kubernetes/workers/butane/worker.yaml index 008994f3..19008052 100644 --- a/google-cloud/flatcar-linux/kubernetes/workers/butane/worker.yaml +++ b/google-cloud/flatcar-linux/kubernetes/workers/butane/worker.yaml @@ -28,7 +28,7 @@ systemd: After=docker.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.1 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.2 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin From 9b28867ea8cf9efcf3e7b9052d4c125a5110c8cb Mon Sep 17 00:00:00 2001 From: "dghubble-renovate[bot]" <119624128+dghubble-renovate[bot]@users.noreply.github.com> Date: Tue, 29 Oct 2024 14:40:50 +0000 Subject: [PATCH 120/132] Bump pymdown-extensions from 10.11.2 to v10.12 --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 920d61d5..9b0ef969 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,4 +1,4 @@ mkdocs==1.6.1 mkdocs-material==9.5.42 pygments==2.18.0 -pymdown-extensions==10.11.2 +pymdown-extensions==10.12 From ef740832c95bfba38abfe497d9d20155736caea8 Mon Sep 17 00:00:00 2001 From: "dghubble-renovate[bot]" <119624128+dghubble-renovate[bot]@users.noreply.github.com> Date: Fri, 8 Nov 2024 04:00:42 +0000 Subject: [PATCH 121/132] Bump docker.io/flannel/flannel image from v0.26.0 to v0.26.1 --- addons/flannel/daemonset.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/addons/flannel/daemonset.tf b/addons/flannel/daemonset.tf index fdfc1b6a..e9644626 100644 --- a/addons/flannel/daemonset.tf +++ b/addons/flannel/daemonset.tf @@ -73,7 +73,7 @@ resource "kubernetes_daemonset" "flannel" { container { name = "flannel" - image = "docker.io/flannel/flannel:v0.26.0" + image = "docker.io/flannel/flannel:v0.26.1" command = [ "/opt/bin/flanneld", "--ip-masq", From 93c52df9295de1d00783df6db4c54dc3ac1b676c Mon Sep 17 00:00:00 2001 From: "dghubble-renovate[bot]" <119624128+dghubble-renovate[bot]@users.noreply.github.com> Date: Wed, 6 Nov 2024 06:40:46 +0000 Subject: [PATCH 122/132] Bump mkdocs-material from 9.5.42 to v9.5.44 --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 9b0ef969..13a96e96 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,4 +1,4 @@ mkdocs==1.6.1 -mkdocs-material==9.5.42 +mkdocs-material==9.5.44 pygments==2.18.0 pymdown-extensions==10.12 From 93c6c2fed32c1ee4d90f84d9105ee035839e14ba Mon Sep 17 00:00:00 2001 From: Raimo Radczewski Date: Mon, 4 Nov 2024 20:29:08 +0100 Subject: [PATCH 123/132] nginx: Add endpointslices.discovery.k8s.io to all rbac documents --- addons/nginx-ingress/aws/rbac/cluster-role.yaml | 11 +++++++++-- addons/nginx-ingress/azure/rbac/cluster-role.yaml | 11 +++++++++-- .../nginx-ingress/bare-metal/rbac/cluster-role.yaml | 11 +++++++++-- .../digital-ocean/rbac/cluster-role.yaml | 11 +++++++++-- .../nginx-ingress/google-cloud/rbac/cluster-role.yaml | 6 +++--- 5 files changed, 39 insertions(+), 11 deletions(-) diff --git a/addons/nginx-ingress/aws/rbac/cluster-role.yaml b/addons/nginx-ingress/aws/rbac/cluster-role.yaml index 90edbeb1..916a3675 100644 --- a/addons/nginx-ingress/aws/rbac/cluster-role.yaml +++ b/addons/nginx-ingress/aws/rbac/cluster-role.yaml @@ -29,7 +29,7 @@ rules: - list - watch - apiGroups: - - "" + - "" resources: - events verbs: @@ -59,4 +59,11 @@ rules: - get - list - watch - + - apiGroups: + - discovery.k8s.io + resources: + - "endpointslices" + verbs: + - get + - list + - watch diff --git a/addons/nginx-ingress/azure/rbac/cluster-role.yaml b/addons/nginx-ingress/azure/rbac/cluster-role.yaml index 90edbeb1..916a3675 100644 --- a/addons/nginx-ingress/azure/rbac/cluster-role.yaml +++ b/addons/nginx-ingress/azure/rbac/cluster-role.yaml @@ -29,7 +29,7 @@ rules: - list - watch - apiGroups: - - "" + - "" resources: - events verbs: @@ -59,4 +59,11 @@ rules: - get - list - watch - + - apiGroups: + - discovery.k8s.io + resources: + - "endpointslices" + verbs: + - get + - list + - watch diff --git a/addons/nginx-ingress/bare-metal/rbac/cluster-role.yaml b/addons/nginx-ingress/bare-metal/rbac/cluster-role.yaml index 90edbeb1..916a3675 100644 --- a/addons/nginx-ingress/bare-metal/rbac/cluster-role.yaml +++ b/addons/nginx-ingress/bare-metal/rbac/cluster-role.yaml @@ -29,7 +29,7 @@ rules: - list - watch - apiGroups: - - "" + - "" resources: - events verbs: @@ -59,4 +59,11 @@ rules: - get - list - watch - + - apiGroups: + - discovery.k8s.io + resources: + - "endpointslices" + verbs: + - get + - list + - watch diff --git a/addons/nginx-ingress/digital-ocean/rbac/cluster-role.yaml b/addons/nginx-ingress/digital-ocean/rbac/cluster-role.yaml index 90edbeb1..916a3675 100644 --- a/addons/nginx-ingress/digital-ocean/rbac/cluster-role.yaml +++ b/addons/nginx-ingress/digital-ocean/rbac/cluster-role.yaml @@ -29,7 +29,7 @@ rules: - list - watch - apiGroups: - - "" + - "" resources: - events verbs: @@ -59,4 +59,11 @@ rules: - get - list - watch - + - apiGroups: + - discovery.k8s.io + resources: + - "endpointslices" + verbs: + - get + - list + - watch diff --git a/addons/nginx-ingress/google-cloud/rbac/cluster-role.yaml b/addons/nginx-ingress/google-cloud/rbac/cluster-role.yaml index a10fe262..916a3675 100644 --- a/addons/nginx-ingress/google-cloud/rbac/cluster-role.yaml +++ b/addons/nginx-ingress/google-cloud/rbac/cluster-role.yaml @@ -29,7 +29,7 @@ rules: - list - watch - apiGroups: - - "" + - "" resources: - events verbs: @@ -59,11 +59,11 @@ rules: - get - list - watch - - apiGroups: + - apiGroups: - discovery.k8s.io resources: - "endpointslices" - verbs: + verbs: - get - list - watch From 2b99ccaa391919f250127a0bda75cc8098c4fbc0 Mon Sep 17 00:00:00 2001 From: Raimo Radczewski Date: Mon, 4 Nov 2024 20:29:21 +0100 Subject: [PATCH 124/132] nginx/bare-metal: fix selector --- addons/nginx-ingress/bare-metal/service.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/addons/nginx-ingress/bare-metal/service.yaml b/addons/nginx-ingress/bare-metal/service.yaml index cca30291..1339b3c3 100644 --- a/addons/nginx-ingress/bare-metal/service.yaml +++ b/addons/nginx-ingress/bare-metal/service.yaml @@ -1,7 +1,7 @@ apiVersion: v1 kind: Service metadata: - name: ingress-controller-public + name: nginx-ingress-controller namespace: ingress annotations: prometheus.io/scrape: 'true' @@ -10,7 +10,7 @@ spec: type: ClusterIP clusterIP: 10.3.0.12 selector: - name: ingress-controller-public + name: nginx-ingress-controller phase: prod ports: - name: http From a908d30821d47a6314d79e8ea79b1afea7c30945 Mon Sep 17 00:00:00 2001 From: "dghubble-renovate[bot]" <119624128+dghubble-renovate[bot]@users.noreply.github.com> Date: Thu, 14 Nov 2024 13:00:42 +0000 Subject: [PATCH 125/132] Bump registry.k8s.io/coredns/coredns image from v1.11.3 to v1.11.4 --- addons/coredns/deployment.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/addons/coredns/deployment.tf b/addons/coredns/deployment.tf index f8b6e792..c0bd2cb8 100644 --- a/addons/coredns/deployment.tf +++ b/addons/coredns/deployment.tf @@ -77,7 +77,7 @@ resource "kubernetes_deployment" "coredns" { } container { name = "coredns" - image = "registry.k8s.io/coredns/coredns:v1.11.3" + image = "registry.k8s.io/coredns/coredns:v1.11.4" args = ["-conf", "/etc/coredns/Corefile"] port { name = "dns" From dfb307b1a7a75dcf81e142f5118b18c14db341f1 Mon Sep 17 00:00:00 2001 From: Dalton Hubble Date: Sat, 23 Nov 2024 21:20:00 -0800 Subject: [PATCH 126/132] Use consistent resources naming btw Azure Flatcar/FCOS * Fix Azure Public IP name in the Flatcar Linux configuration --- azure/flatcar-linux/kubernetes/lb.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/azure/flatcar-linux/kubernetes/lb.tf b/azure/flatcar-linux/kubernetes/lb.tf index d98e394f..32f6d000 100644 --- a/azure/flatcar-linux/kubernetes/lb.tf +++ b/azure/flatcar-linux/kubernetes/lb.tf @@ -34,7 +34,7 @@ resource "azurerm_public_ip" "frontend-ipv4" { # Static IPv6 address for the load balancer resource "azurerm_public_ip" "frontend-ipv6" { - name = "${var.cluster_name}-ingress-ipv6" + name = "${var.cluster_name}-frontend-ipv6" resource_group_name = azurerm_resource_group.cluster.name location = var.location ip_version = "IPv6" From 5cb48f01bd3b0e50cb84e20ea844b75a8cc63901 Mon Sep 17 00:00:00 2001 From: "dghubble-renovate[bot]" <119624128+dghubble-renovate[bot]@users.noreply.github.com> Date: Wed, 20 Nov 2024 20:20:57 +0000 Subject: [PATCH 127/132] Bump mkdocs-material from 9.5.44 to v9.5.45 --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 13a96e96..469d574d 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,4 +1,4 @@ mkdocs==1.6.1 -mkdocs-material==9.5.44 +mkdocs-material==9.5.45 pygments==2.18.0 pymdown-extensions==10.12 From afbb55b79eaaa9513b655cca7c3d42b9389e2f8b Mon Sep 17 00:00:00 2001 From: "dghubble-renovate[bot]" <119624128+dghubble-renovate[bot]@users.noreply.github.com> Date: Tue, 19 Nov 2024 15:20:55 +0000 Subject: [PATCH 128/132] Bump quay.io/cilium/operator-generic image from v1.16.3 to v1.16.4 --- addons/cilium/deployment.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/addons/cilium/deployment.tf b/addons/cilium/deployment.tf index 2b627499..fbbb03dc 100644 --- a/addons/cilium/deployment.tf +++ b/addons/cilium/deployment.tf @@ -58,7 +58,7 @@ resource "kubernetes_deployment" "operator" { enable_service_links = false container { name = "cilium-operator" - image = "quay.io/cilium/operator-generic:v1.16.3" + image = "quay.io/cilium/operator-generic:v1.16.4" command = ["cilium-operator-generic"] args = [ "--config-dir=/tmp/cilium/config-map", From cec2a097d41557f255816851eeaf3e7ffebbbf16 Mon Sep 17 00:00:00 2001 From: "dghubble-renovate[bot]" <119624128+dghubble-renovate[bot]@users.noreply.github.com> Date: Tue, 19 Nov 2024 15:20:51 +0000 Subject: [PATCH 129/132] Bump quay.io/cilium/cilium image from v1.16.3 to v1.16.4 --- addons/cilium/daemonset.tf | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/addons/cilium/daemonset.tf b/addons/cilium/daemonset.tf index 42058f15..d160f0e9 100644 --- a/addons/cilium/daemonset.tf +++ b/addons/cilium/daemonset.tf @@ -61,7 +61,7 @@ resource "kubernetes_daemonset" "cilium" { # https://github.com/cilium/cilium/pull/24075 init_container { name = "install-cni" - image = "quay.io/cilium/cilium:v1.16.3" + image = "quay.io/cilium/cilium:v1.16.4" command = ["/install-plugin.sh"] security_context { allow_privilege_escalation = true @@ -80,7 +80,7 @@ resource "kubernetes_daemonset" "cilium" { # We use nsenter command with host's cgroup and mount namespaces enabled. init_container { name = "mount-cgroup" - image = "quay.io/cilium/cilium:v1.16.3" + image = "quay.io/cilium/cilium:v1.16.4" command = [ "sh", "-ec", @@ -115,7 +115,7 @@ resource "kubernetes_daemonset" "cilium" { init_container { name = "clean-cilium-state" - image = "quay.io/cilium/cilium:v1.16.3" + image = "quay.io/cilium/cilium:v1.16.4" command = ["/init-container.sh"] security_context { allow_privilege_escalation = true @@ -139,7 +139,7 @@ resource "kubernetes_daemonset" "cilium" { container { name = "cilium-agent" - image = "quay.io/cilium/cilium:v1.16.3" + image = "quay.io/cilium/cilium:v1.16.4" command = ["cilium-agent"] args = [ "--config-dir=/tmp/cilium/config-map" From bc59d5153e9a45def224c380ca86240da538e2ba Mon Sep 17 00:00:00 2001 From: Dalton Hubble Date: Sun, 24 Nov 2024 08:43:54 -0800 Subject: [PATCH 130/132] Update Kubernetes from v1.31.2 to v1.31.3 * https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.31.md#v1313 * Update CoreDNS from v1.11.3 to v1.11.4 * Update Cilium from v1.16.3 to v1.16.4 * Plan to drop support for using Calico CNI, recommend everyone use the Cilium default --- CHANGES.md | 10 +++++++ README.md | 10 +++---- aws/fedora-coreos/kubernetes/README.md | 2 +- aws/fedora-coreos/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/workers/butane/worker.yaml | 2 +- aws/flatcar-linux/kubernetes/README.md | 2 +- aws/flatcar-linux/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/workers/butane/worker.yaml | 2 +- azure/fedora-coreos/kubernetes/README.md | 2 +- azure/fedora-coreos/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/workers/butane/worker.yaml | 2 +- azure/flatcar-linux/kubernetes/README.md | 2 +- azure/flatcar-linux/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/workers/butane/worker.yaml | 2 +- bare-metal/fedora-coreos/kubernetes/README.md | 2 +- .../fedora-coreos/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/worker/butane/worker.yaml | 2 +- bare-metal/flatcar-linux/kubernetes/README.md | 2 +- .../flatcar-linux/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/worker/butane/worker.yaml | 2 +- .../fedora-coreos/kubernetes/README.md | 2 +- .../fedora-coreos/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/butane/worker.yaml | 2 +- .../flatcar-linux/kubernetes/README.md | 2 +- .../flatcar-linux/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/butane/worker.yaml | 2 +- docs/advanced/arm64.md | 28 +++++++++---------- docs/advanced/nodes.md | 8 +++--- docs/advanced/worker-pools.md | 22 +++++++-------- docs/fedora-coreos/aws.md | 10 +++---- docs/fedora-coreos/azure.md | 10 +++---- docs/fedora-coreos/bare-metal.md | 12 ++++---- docs/fedora-coreos/digitalocean.md | 10 +++---- docs/fedora-coreos/google-cloud.md | 10 +++---- docs/flatcar-linux/aws.md | 10 +++---- docs/flatcar-linux/azure.md | 10 +++---- docs/flatcar-linux/bare-metal.md | 12 ++++---- docs/flatcar-linux/digitalocean.md | 10 +++---- docs/flatcar-linux/google-cloud.md | 10 +++---- docs/index.md | 10 +++---- docs/topics/maintenance.md | 8 +++--- .../fedora-coreos/kubernetes/README.md | 2 +- .../fedora-coreos/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/workers/butane/worker.yaml | 2 +- .../flatcar-linux/kubernetes/README.md | 2 +- .../flatcar-linux/kubernetes/bootstrap.tf | 2 +- .../kubernetes/butane/controller.yaml | 4 +-- .../kubernetes/workers/butane/worker.yaml | 2 +- 57 files changed, 155 insertions(+), 145 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index 44e9ca75..409cd149 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -4,6 +4,16 @@ Notable changes between versions. ## Latest +## v1.31.3 + +* Kubernetes [v1.31.2](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.31.md#v1312) +* Update CoreDNS from v1.11.3 to v1.11.4 +* Update Cilium from v1.16.3 to [v1.16.4](https://github.com/cilium/cilium/releases/tag/v1.16.4) + +### Deprecations + +* Plan to drop support for using Calico CNI, recommend everyone use the Cilium default + ## v1.31.2 * Kubernetes [v1.31.2](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.31.md#v1312) diff --git a/README.md b/README.md index b264e9df..4e554b96 100644 --- a/README.md +++ b/README.md @@ -18,7 +18,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.31.2 (upstream) +* Kubernetes v1.31.3 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/), SELinux enforcing * Advanced features like [worker pools](https://typhoon.psdn.io/advanced/worker-pools/), [preemptible](https://typhoon.psdn.io/flatcar-linux/google-cloud/#preemption) workers, and [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization @@ -78,7 +78,7 @@ Define a Kubernetes cluster by using the Terraform module for your chosen platfo ```tf module "yavin" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.31.2" + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.31.3" # Google Cloud cluster_name = "yavin" @@ -118,9 +118,9 @@ In 4-8 minutes (varies by platform), the cluster will be ready. This Google Clou $ export KUBECONFIG=/home/user/.kube/configs/yavin-config $ kubectl get nodes NAME ROLES STATUS AGE VERSION -yavin-controller-0.c.example-com.internal Ready 6m v1.31.2 -yavin-worker-jrbf.c.example-com.internal Ready 5m v1.31.2 -yavin-worker-mzdm.c.example-com.internal Ready 5m v1.31.2 +yavin-controller-0.c.example-com.internal Ready 6m v1.31.3 +yavin-worker-jrbf.c.example-com.internal Ready 5m v1.31.3 +yavin-worker-mzdm.c.example-com.internal Ready 5m v1.31.3 ``` List the pods. diff --git a/aws/fedora-coreos/kubernetes/README.md b/aws/fedora-coreos/kubernetes/README.md index cc9afd87..204202f3 100644 --- a/aws/fedora-coreos/kubernetes/README.md +++ b/aws/fedora-coreos/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.31.2 (upstream) +* Kubernetes v1.31.3 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/), SELinux enforcing * Advanced features like [worker pools](https://typhoon.psdn.io/advanced/worker-pools/), [spot](https://typhoon.psdn.io/fedora-coreos/aws/#spot) workers, and [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/aws/fedora-coreos/kubernetes/bootstrap.tf b/aws/fedora-coreos/kubernetes/bootstrap.tf index 6047a8dc..56a5e257 100644 --- a/aws/fedora-coreos/kubernetes/bootstrap.tf +++ b/aws/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=95203db11c7f5dc7dacdeddd54bbcc4881624eae" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=e6a1c7bccfc45ab299b5f8149bc3840f99b30b2b" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/aws/fedora-coreos/kubernetes/butane/controller.yaml b/aws/fedora-coreos/kubernetes/butane/controller.yaml index 0c763fe7..90cbf91f 100644 --- a/aws/fedora-coreos/kubernetes/butane/controller.yaml +++ b/aws/fedora-coreos/kubernetes/butane/controller.yaml @@ -57,7 +57,7 @@ systemd: After=afterburn.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.2 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.3 EnvironmentFile=/run/metadata/afterburn ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests @@ -116,7 +116,7 @@ systemd: --volume /opt/bootstrap/assets:/assets:ro,Z \ --volume /opt/bootstrap/apply:/apply:ro,Z \ --entrypoint=/apply \ - quay.io/poseidon/kubelet:v1.31.2 + quay.io/poseidon/kubelet:v1.31.3 ExecStartPost=/bin/touch /opt/bootstrap/bootstrap.done ExecStartPost=-/usr/bin/podman stop bootstrap storage: diff --git a/aws/fedora-coreos/kubernetes/workers/butane/worker.yaml b/aws/fedora-coreos/kubernetes/workers/butane/worker.yaml index 7cba67a9..1ddfa590 100644 --- a/aws/fedora-coreos/kubernetes/workers/butane/worker.yaml +++ b/aws/fedora-coreos/kubernetes/workers/butane/worker.yaml @@ -29,7 +29,7 @@ systemd: After=afterburn.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.2 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.3 EnvironmentFile=/run/metadata/afterburn ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests diff --git a/aws/flatcar-linux/kubernetes/README.md b/aws/flatcar-linux/kubernetes/README.md index f7753441..f511e4e0 100644 --- a/aws/flatcar-linux/kubernetes/README.md +++ b/aws/flatcar-linux/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.31.2 (upstream) +* Kubernetes v1.31.3 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/) * Advanced features like [worker pools](https://typhoon.psdn.io/advanced/worker-pools/), [spot](https://typhoon.psdn.io/flatcar-linux/aws/#spot) workers, and [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/aws/flatcar-linux/kubernetes/bootstrap.tf b/aws/flatcar-linux/kubernetes/bootstrap.tf index 6047a8dc..56a5e257 100644 --- a/aws/flatcar-linux/kubernetes/bootstrap.tf +++ b/aws/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=95203db11c7f5dc7dacdeddd54bbcc4881624eae" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=e6a1c7bccfc45ab299b5f8149bc3840f99b30b2b" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/aws/flatcar-linux/kubernetes/butane/controller.yaml b/aws/flatcar-linux/kubernetes/butane/controller.yaml index 85d8a580..febcb2c0 100644 --- a/aws/flatcar-linux/kubernetes/butane/controller.yaml +++ b/aws/flatcar-linux/kubernetes/butane/controller.yaml @@ -58,7 +58,7 @@ systemd: After=coreos-metadata.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.2 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.3 EnvironmentFile=/run/metadata/coreos ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests @@ -109,7 +109,7 @@ systemd: Type=oneshot RemainAfterExit=true WorkingDirectory=/opt/bootstrap - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.2 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.3 ExecStart=/usr/bin/docker run \ -v /etc/kubernetes/pki:/etc/kubernetes/pki:ro \ -v /opt/bootstrap/assets:/assets:ro \ diff --git a/aws/flatcar-linux/kubernetes/workers/butane/worker.yaml b/aws/flatcar-linux/kubernetes/workers/butane/worker.yaml index 9c66a3b8..ada79a8b 100644 --- a/aws/flatcar-linux/kubernetes/workers/butane/worker.yaml +++ b/aws/flatcar-linux/kubernetes/workers/butane/worker.yaml @@ -30,7 +30,7 @@ systemd: After=coreos-metadata.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.2 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.3 EnvironmentFile=/run/metadata/coreos ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests diff --git a/azure/fedora-coreos/kubernetes/README.md b/azure/fedora-coreos/kubernetes/README.md index c7203537..70f1936e 100644 --- a/azure/fedora-coreos/kubernetes/README.md +++ b/azure/fedora-coreos/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.31.2 (upstream) +* Kubernetes v1.31.3 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/), SELinux enforcing * Advanced features like [worker pools](https://typhoon.psdn.io/advanced/worker-pools/), [spot priority](https://typhoon.psdn.io/fedora-coreos/azure/#low-priority) workers, and [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/azure/fedora-coreos/kubernetes/bootstrap.tf b/azure/fedora-coreos/kubernetes/bootstrap.tf index 47cbefe4..1e735c10 100644 --- a/azure/fedora-coreos/kubernetes/bootstrap.tf +++ b/azure/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=95203db11c7f5dc7dacdeddd54bbcc4881624eae" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=e6a1c7bccfc45ab299b5f8149bc3840f99b30b2b" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/azure/fedora-coreos/kubernetes/butane/controller.yaml b/azure/fedora-coreos/kubernetes/butane/controller.yaml index cd8c3c24..846d8bbf 100644 --- a/azure/fedora-coreos/kubernetes/butane/controller.yaml +++ b/azure/fedora-coreos/kubernetes/butane/controller.yaml @@ -54,7 +54,7 @@ systemd: Description=Kubelet (System Container) Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.2 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.3 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin @@ -111,7 +111,7 @@ systemd: --volume /opt/bootstrap/assets:/assets:ro,Z \ --volume /opt/bootstrap/apply:/apply:ro,Z \ --entrypoint=/apply \ - quay.io/poseidon/kubelet:v1.31.2 + quay.io/poseidon/kubelet:v1.31.3 ExecStartPost=/bin/touch /opt/bootstrap/bootstrap.done ExecStartPost=-/usr/bin/podman stop bootstrap storage: diff --git a/azure/fedora-coreos/kubernetes/workers/butane/worker.yaml b/azure/fedora-coreos/kubernetes/workers/butane/worker.yaml index 8f5281cc..bb2055ff 100644 --- a/azure/fedora-coreos/kubernetes/workers/butane/worker.yaml +++ b/azure/fedora-coreos/kubernetes/workers/butane/worker.yaml @@ -26,7 +26,7 @@ systemd: Description=Kubelet (System Container) Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.2 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.3 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin diff --git a/azure/flatcar-linux/kubernetes/README.md b/azure/flatcar-linux/kubernetes/README.md index 0f612d3d..01b3ff88 100644 --- a/azure/flatcar-linux/kubernetes/README.md +++ b/azure/flatcar-linux/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.31.2 (upstream) +* Kubernetes v1.31.3 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/) * Advanced features like [worker pools](https://typhoon.psdn.io/advanced/worker-pools/), [low-priority](https://typhoon.psdn.io/flatcar-linux/azure/#low-priority) workers, and [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/azure/flatcar-linux/kubernetes/bootstrap.tf b/azure/flatcar-linux/kubernetes/bootstrap.tf index 47cbefe4..1e735c10 100644 --- a/azure/flatcar-linux/kubernetes/bootstrap.tf +++ b/azure/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=95203db11c7f5dc7dacdeddd54bbcc4881624eae" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=e6a1c7bccfc45ab299b5f8149bc3840f99b30b2b" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/azure/flatcar-linux/kubernetes/butane/controller.yaml b/azure/flatcar-linux/kubernetes/butane/controller.yaml index 31c7d354..6b5a5a13 100644 --- a/azure/flatcar-linux/kubernetes/butane/controller.yaml +++ b/azure/flatcar-linux/kubernetes/butane/controller.yaml @@ -56,7 +56,7 @@ systemd: After=docker.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.2 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.3 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin @@ -105,7 +105,7 @@ systemd: Type=oneshot RemainAfterExit=true WorkingDirectory=/opt/bootstrap - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.2 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.3 ExecStart=/usr/bin/docker run \ -v /etc/kubernetes/pki:/etc/kubernetes/pki:ro \ -v /opt/bootstrap/assets:/assets:ro \ diff --git a/azure/flatcar-linux/kubernetes/workers/butane/worker.yaml b/azure/flatcar-linux/kubernetes/workers/butane/worker.yaml index 47d8b918..d2f92084 100644 --- a/azure/flatcar-linux/kubernetes/workers/butane/worker.yaml +++ b/azure/flatcar-linux/kubernetes/workers/butane/worker.yaml @@ -28,7 +28,7 @@ systemd: After=docker.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.2 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.3 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin diff --git a/bare-metal/fedora-coreos/kubernetes/README.md b/bare-metal/fedora-coreos/kubernetes/README.md index b38e7c2e..df758938 100644 --- a/bare-metal/fedora-coreos/kubernetes/README.md +++ b/bare-metal/fedora-coreos/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.31.2 (upstream) +* Kubernetes v1.31.3 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/), SELinux enforcing * Advanced features like [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/bare-metal/fedora-coreos/kubernetes/bootstrap.tf b/bare-metal/fedora-coreos/kubernetes/bootstrap.tf index ddb29f52..e17f14cc 100644 --- a/bare-metal/fedora-coreos/kubernetes/bootstrap.tf +++ b/bare-metal/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=95203db11c7f5dc7dacdeddd54bbcc4881624eae" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=e6a1c7bccfc45ab299b5f8149bc3840f99b30b2b" cluster_name = var.cluster_name api_servers = [var.k8s_domain_name] diff --git a/bare-metal/fedora-coreos/kubernetes/butane/controller.yaml b/bare-metal/fedora-coreos/kubernetes/butane/controller.yaml index 815dc118..bdb7a0ce 100644 --- a/bare-metal/fedora-coreos/kubernetes/butane/controller.yaml +++ b/bare-metal/fedora-coreos/kubernetes/butane/controller.yaml @@ -53,7 +53,7 @@ systemd: Description=Kubelet (System Container) Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.2 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.3 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin @@ -113,7 +113,7 @@ systemd: Type=oneshot RemainAfterExit=true WorkingDirectory=/opt/bootstrap - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.2 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.3 ExecStartPre=-/usr/bin/podman rm bootstrap ExecStart=/usr/bin/podman run --name bootstrap \ --network host \ diff --git a/bare-metal/fedora-coreos/kubernetes/worker/butane/worker.yaml b/bare-metal/fedora-coreos/kubernetes/worker/butane/worker.yaml index c00283a1..1601c3a5 100644 --- a/bare-metal/fedora-coreos/kubernetes/worker/butane/worker.yaml +++ b/bare-metal/fedora-coreos/kubernetes/worker/butane/worker.yaml @@ -25,7 +25,7 @@ systemd: Description=Kubelet (System Container) Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.2 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.3 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin diff --git a/bare-metal/flatcar-linux/kubernetes/README.md b/bare-metal/flatcar-linux/kubernetes/README.md index f5c07fc0..dd9c3cee 100644 --- a/bare-metal/flatcar-linux/kubernetes/README.md +++ b/bare-metal/flatcar-linux/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.31.2 (upstream) +* Kubernetes v1.31.3 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/) * Advanced features like [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/bare-metal/flatcar-linux/kubernetes/bootstrap.tf b/bare-metal/flatcar-linux/kubernetes/bootstrap.tf index b71135a8..d24b3f31 100644 --- a/bare-metal/flatcar-linux/kubernetes/bootstrap.tf +++ b/bare-metal/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=95203db11c7f5dc7dacdeddd54bbcc4881624eae" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=e6a1c7bccfc45ab299b5f8149bc3840f99b30b2b" cluster_name = var.cluster_name api_servers = [var.k8s_domain_name] diff --git a/bare-metal/flatcar-linux/kubernetes/butane/controller.yaml b/bare-metal/flatcar-linux/kubernetes/butane/controller.yaml index 8b311f0a..8f32a127 100644 --- a/bare-metal/flatcar-linux/kubernetes/butane/controller.yaml +++ b/bare-metal/flatcar-linux/kubernetes/butane/controller.yaml @@ -64,7 +64,7 @@ systemd: After=docker.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.2 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.3 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin @@ -114,7 +114,7 @@ systemd: Type=oneshot RemainAfterExit=true WorkingDirectory=/opt/bootstrap - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.2 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.3 ExecStart=/usr/bin/docker run \ -v /etc/kubernetes/pki:/etc/kubernetes/pki:ro \ -v /opt/bootstrap/assets:/assets:ro \ diff --git a/bare-metal/flatcar-linux/kubernetes/worker/butane/worker.yaml b/bare-metal/flatcar-linux/kubernetes/worker/butane/worker.yaml index 06635721..e67f9926 100644 --- a/bare-metal/flatcar-linux/kubernetes/worker/butane/worker.yaml +++ b/bare-metal/flatcar-linux/kubernetes/worker/butane/worker.yaml @@ -36,7 +36,7 @@ systemd: After=docker.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.2 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.3 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin diff --git a/digital-ocean/fedora-coreos/kubernetes/README.md b/digital-ocean/fedora-coreos/kubernetes/README.md index fa132c1c..b49f2d84 100644 --- a/digital-ocean/fedora-coreos/kubernetes/README.md +++ b/digital-ocean/fedora-coreos/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.31.2 (upstream) +* Kubernetes v1.31.3 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/), SELinux enforcing * Advanced features like [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/digital-ocean/fedora-coreos/kubernetes/bootstrap.tf b/digital-ocean/fedora-coreos/kubernetes/bootstrap.tf index 30c77442..8fd1d6a8 100644 --- a/digital-ocean/fedora-coreos/kubernetes/bootstrap.tf +++ b/digital-ocean/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=95203db11c7f5dc7dacdeddd54bbcc4881624eae" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=e6a1c7bccfc45ab299b5f8149bc3840f99b30b2b" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/digital-ocean/fedora-coreos/kubernetes/butane/controller.yaml b/digital-ocean/fedora-coreos/kubernetes/butane/controller.yaml index cba290bc..c42ea759 100644 --- a/digital-ocean/fedora-coreos/kubernetes/butane/controller.yaml +++ b/digital-ocean/fedora-coreos/kubernetes/butane/controller.yaml @@ -55,7 +55,7 @@ systemd: After=afterburn.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.2 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.3 EnvironmentFile=/run/metadata/afterburn ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests @@ -123,7 +123,7 @@ systemd: --volume /opt/bootstrap/assets:/assets:ro,Z \ --volume /opt/bootstrap/apply:/apply:ro,Z \ --entrypoint=/apply \ - quay.io/poseidon/kubelet:v1.31.2 + quay.io/poseidon/kubelet:v1.31.3 ExecStartPost=/bin/touch /opt/bootstrap/bootstrap.done ExecStartPost=-/usr/bin/podman stop bootstrap storage: diff --git a/digital-ocean/fedora-coreos/kubernetes/butane/worker.yaml b/digital-ocean/fedora-coreos/kubernetes/butane/worker.yaml index 2a8bb2e5..0bde53f0 100644 --- a/digital-ocean/fedora-coreos/kubernetes/butane/worker.yaml +++ b/digital-ocean/fedora-coreos/kubernetes/butane/worker.yaml @@ -28,7 +28,7 @@ systemd: After=afterburn.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.2 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.3 EnvironmentFile=/run/metadata/afterburn ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests diff --git a/digital-ocean/flatcar-linux/kubernetes/README.md b/digital-ocean/flatcar-linux/kubernetes/README.md index a1470479..4faa7d5c 100644 --- a/digital-ocean/flatcar-linux/kubernetes/README.md +++ b/digital-ocean/flatcar-linux/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.31.2 (upstream) +* Kubernetes v1.31.3 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/) * Advanced features like [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/digital-ocean/flatcar-linux/kubernetes/bootstrap.tf b/digital-ocean/flatcar-linux/kubernetes/bootstrap.tf index 30c77442..8fd1d6a8 100644 --- a/digital-ocean/flatcar-linux/kubernetes/bootstrap.tf +++ b/digital-ocean/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=95203db11c7f5dc7dacdeddd54bbcc4881624eae" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=e6a1c7bccfc45ab299b5f8149bc3840f99b30b2b" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/digital-ocean/flatcar-linux/kubernetes/butane/controller.yaml b/digital-ocean/flatcar-linux/kubernetes/butane/controller.yaml index c840f56a..4a2030e1 100644 --- a/digital-ocean/flatcar-linux/kubernetes/butane/controller.yaml +++ b/digital-ocean/flatcar-linux/kubernetes/butane/controller.yaml @@ -66,7 +66,7 @@ systemd: After=coreos-metadata.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.2 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.3 EnvironmentFile=/run/metadata/coreos ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests @@ -117,7 +117,7 @@ systemd: Type=oneshot RemainAfterExit=true WorkingDirectory=/opt/bootstrap - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.2 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.3 ExecStart=/usr/bin/docker run \ -v /etc/kubernetes/pki:/etc/kubernetes/pki:ro \ -v /opt/bootstrap/assets:/assets:ro \ diff --git a/digital-ocean/flatcar-linux/kubernetes/butane/worker.yaml b/digital-ocean/flatcar-linux/kubernetes/butane/worker.yaml index 55221853..af549314 100644 --- a/digital-ocean/flatcar-linux/kubernetes/butane/worker.yaml +++ b/digital-ocean/flatcar-linux/kubernetes/butane/worker.yaml @@ -38,7 +38,7 @@ systemd: After=coreos-metadata.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.2 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.3 EnvironmentFile=/run/metadata/coreos ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests diff --git a/docs/advanced/arm64.md b/docs/advanced/arm64.md index c7c554cf..01930fd1 100644 --- a/docs/advanced/arm64.md +++ b/docs/advanced/arm64.md @@ -13,7 +13,7 @@ Create a cluster on AWS with ARM64 controller and worker nodes. Container worklo ```tf module "gravitas" { - source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes?ref=v1.31.2" + source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes?ref=v1.31.3" # AWS cluster_name = "gravitas" @@ -37,7 +37,7 @@ Create a cluster on AWS with ARM64 controller and worker nodes. Container worklo ```tf module "gravitas" { - source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes?ref=v1.31.2" + source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes?ref=v1.31.3" # AWS cluster_name = "gravitas" @@ -62,9 +62,9 @@ Verify the cluster has only arm64 (`aarch64`) nodes. For Flatcar Linux, describe ``` $ kubectl get nodes -o wide NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME -ip-10-0-21-119 Ready 77s v1.31.2 10.0.21.119 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.aarch64 containerd://1.5.8 -ip-10-0-32-166 Ready 80s v1.31.2 10.0.32.166 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.aarch64 containerd://1.5.8 -ip-10-0-5-79 Ready 77s v1.31.2 10.0.5.79 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.aarch64 containerd://1.5.8 +ip-10-0-21-119 Ready 77s v1.31.3 10.0.21.119 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.aarch64 containerd://1.5.8 +ip-10-0-32-166 Ready 80s v1.31.3 10.0.32.166 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.aarch64 containerd://1.5.8 +ip-10-0-5-79 Ready 77s v1.31.3 10.0.5.79 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.aarch64 containerd://1.5.8 ``` ## Azure @@ -73,7 +73,7 @@ Create a cluster on Azure with ARM64 controller and worker nodes. Container work ```tf module "ramius" { - source = "git::https://github.com/poseidon/typhoon//azure/flatcar-linux/kubernetes?ref=v1.31.2" + source = "git::https://github.com/poseidon/typhoon//azure/flatcar-linux/kubernetes?ref=v1.31.3" # Azure cluster_name = "ramius" @@ -103,7 +103,7 @@ Here's an AWS example, ```tf module "gravitas" { - source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes?ref=v1.31.2" + source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes?ref=v1.31.3" # AWS cluster_name = "gravitas" @@ -127,7 +127,7 @@ Here's an AWS example, ```tf module "gravitas" { - source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes?ref=v1.31.2" + source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes?ref=v1.31.3" # AWS cluster_name = "gravitas" @@ -151,7 +151,7 @@ Here's an AWS example, ```tf module "gravitas-arm64" { - source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes/workers?ref=v1.31.2" + source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes/workers?ref=v1.31.3" # AWS vpc_id = module.gravitas.vpc_id @@ -175,7 +175,7 @@ Here's an AWS example, ```tf module "gravitas-arm64" { - source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes/workers?ref=v1.31.2" + source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes/workers?ref=v1.31.3" # AWS vpc_id = module.gravitas.vpc_id @@ -200,9 +200,9 @@ Verify amd64 (x86_64) and arm64 (aarch64) nodes are present. ``` $ kubectl get nodes -o wide NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME -ip-10-0-1-73 Ready 111m v1.31.2 10.0.1.73 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.x86_64 containerd://1.5.8 -ip-10-0-22-79... Ready 111m v1.31.2 10.0.22.79 Flatcar Container Linux by Kinvolk 3033.2.0 (Oklo) 5.10.84-flatcar containerd://1.5.8 -ip-10-0-24-130 Ready 111m v1.31.2 10.0.24.130 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.x86_64 containerd://1.5.8 -ip-10-0-39-19 Ready 111m v1.31.2 10.0.39.19 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.x86_64 containerd://1.5.8 +ip-10-0-1-73 Ready 111m v1.31.3 10.0.1.73 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.x86_64 containerd://1.5.8 +ip-10-0-22-79... Ready 111m v1.31.3 10.0.22.79 Flatcar Container Linux by Kinvolk 3033.2.0 (Oklo) 5.10.84-flatcar containerd://1.5.8 +ip-10-0-24-130 Ready 111m v1.31.3 10.0.24.130 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.x86_64 containerd://1.5.8 +ip-10-0-39-19 Ready 111m v1.31.3 10.0.39.19 Fedora CoreOS 35.20211215.3.0 5.15.7-200.fc35.x86_64 containerd://1.5.8 ``` diff --git a/docs/advanced/nodes.md b/docs/advanced/nodes.md index d44b96a0..933deaa4 100644 --- a/docs/advanced/nodes.md +++ b/docs/advanced/nodes.md @@ -36,7 +36,7 @@ Add custom initial worker node labels to default workers or worker pool nodes to ```tf module "yavin" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.31.2" + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.31.3" # Google Cloud cluster_name = "yavin" @@ -57,7 +57,7 @@ Add custom initial worker node labels to default workers or worker pool nodes to ```tf module "yavin-pool" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes/workers?ref=v1.31.2" + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes/workers?ref=v1.31.3" # Google Cloud cluster_name = "yavin" @@ -89,7 +89,7 @@ Add custom initial taints on worker pool nodes to indicate a node is unique and ```tf module "yavin" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.31.2" + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.31.3" # Google Cloud cluster_name = "yavin" @@ -110,7 +110,7 @@ Add custom initial taints on worker pool nodes to indicate a node is unique and ```tf module "yavin-pool" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes/workers?ref=v1.31.2" + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes/workers?ref=v1.31.3" # Google Cloud cluster_name = "yavin" diff --git a/docs/advanced/worker-pools.md b/docs/advanced/worker-pools.md index c9a5e686..cd963778 100644 --- a/docs/advanced/worker-pools.md +++ b/docs/advanced/worker-pools.md @@ -19,7 +19,7 @@ Create a cluster following the AWS [tutorial](../flatcar-linux/aws.md#cluster). ```tf module "tempest-worker-pool" { - source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes/workers?ref=v1.31.2" + source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes/workers?ref=v1.31.3" # AWS vpc_id = module.tempest.vpc_id @@ -42,7 +42,7 @@ Create a cluster following the AWS [tutorial](../flatcar-linux/aws.md#cluster). ```tf module "tempest-worker-pool" { - source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes/workers?ref=v1.31.2" + source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes/workers?ref=v1.31.3" # AWS vpc_id = module.tempest.vpc_id @@ -111,7 +111,7 @@ Create a cluster following the Azure [tutorial](../flatcar-linux/azure.md#cluste ```tf module "ramius-worker-pool" { - source = "git::https://github.com/poseidon/typhoon//azure/fedora-coreos/kubernetes/workers?ref=v1.31.2" + source = "git::https://github.com/poseidon/typhoon//azure/fedora-coreos/kubernetes/workers?ref=v1.31.3" # Azure location = module.ramius.location @@ -137,7 +137,7 @@ Create a cluster following the Azure [tutorial](../flatcar-linux/azure.md#cluste ```tf module "ramius-worker-pool" { - source = "git::https://github.com/poseidon/typhoon//azure/flatcar-linux/kubernetes/workers?ref=v1.31.2" + source = "git::https://github.com/poseidon/typhoon//azure/flatcar-linux/kubernetes/workers?ref=v1.31.3" # Azure location = module.ramius.location @@ -207,7 +207,7 @@ Create a cluster following the Google Cloud [tutorial](../flatcar-linux/google-c ```tf module "yavin-worker-pool" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes/workers?ref=v1.31.2" + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes/workers?ref=v1.31.3" # Google Cloud region = "europe-west2" @@ -231,7 +231,7 @@ Create a cluster following the Google Cloud [tutorial](../flatcar-linux/google-c ```tf module "yavin-worker-pool" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/flatcar-linux/kubernetes/workers?ref=v1.31.2" + source = "git::https://github.com/poseidon/typhoon//google-cloud/flatcar-linux/kubernetes/workers?ref=v1.31.3" # Google Cloud region = "europe-west2" @@ -262,11 +262,11 @@ Verify a managed instance group of workers joins the cluster within a few minute ``` $ kubectl get nodes NAME STATUS AGE VERSION -yavin-controller-0.c.example-com.internal Ready 6m v1.31.2 -yavin-worker-jrbf.c.example-com.internal Ready 5m v1.31.2 -yavin-worker-mzdm.c.example-com.internal Ready 5m v1.31.2 -yavin-16x-worker-jrbf.c.example-com.internal Ready 3m v1.31.2 -yavin-16x-worker-mzdm.c.example-com.internal Ready 3m v1.31.2 +yavin-controller-0.c.example-com.internal Ready 6m v1.31.3 +yavin-worker-jrbf.c.example-com.internal Ready 5m v1.31.3 +yavin-worker-mzdm.c.example-com.internal Ready 5m v1.31.3 +yavin-16x-worker-jrbf.c.example-com.internal Ready 3m v1.31.3 +yavin-16x-worker-mzdm.c.example-com.internal Ready 3m v1.31.3 ``` ### Variables diff --git a/docs/fedora-coreos/aws.md b/docs/fedora-coreos/aws.md index 8261c676..47419670 100644 --- a/docs/fedora-coreos/aws.md +++ b/docs/fedora-coreos/aws.md @@ -1,6 +1,6 @@ # AWS -In this tutorial, we'll create a Kubernetes v1.31.2 cluster on AWS with Fedora CoreOS. +In this tutorial, we'll create a Kubernetes v1.31.3 cluster on AWS with Fedora CoreOS. We'll declare a Kubernetes cluster using the Typhoon Terraform module. Then apply the changes to create a VPC, gateway, subnets, security groups, controller instances, worker auto-scaling group, network load balancer, and TLS assets. @@ -72,7 +72,7 @@ Define a Kubernetes cluster using the module `aws/fedora-coreos/kubernetes`. ```tf module "tempest" { - source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes?ref=v1.31.2" + source = "git::https://github.com/poseidon/typhoon//aws/fedora-coreos/kubernetes?ref=v1.31.3" # AWS cluster_name = "tempest" @@ -146,9 +146,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/tempest-config $ kubectl get nodes NAME STATUS ROLES AGE VERSION -ip-10-0-3-155 Ready 10m v1.31.2 -ip-10-0-26-65 Ready 10m v1.31.2 -ip-10-0-41-21 Ready 10m v1.31.2 +ip-10-0-3-155 Ready 10m v1.31.3 +ip-10-0-26-65 Ready 10m v1.31.3 +ip-10-0-41-21 Ready 10m v1.31.3 ``` List the pods. diff --git a/docs/fedora-coreos/azure.md b/docs/fedora-coreos/azure.md index fbc044e4..17910198 100644 --- a/docs/fedora-coreos/azure.md +++ b/docs/fedora-coreos/azure.md @@ -1,6 +1,6 @@ # Azure -In this tutorial, we'll create a Kubernetes v1.31.2 cluster on Azure with Fedora CoreOS. +In this tutorial, we'll create a Kubernetes v1.31.3 cluster on Azure with Fedora CoreOS. We'll declare a Kubernetes cluster using the Typhoon Terraform module. Then apply the changes to create a resource group, virtual network, subnets, security groups, controller availability set, worker scale set, load balancer, and TLS assets. @@ -86,7 +86,7 @@ Define a Kubernetes cluster using the module `azure/fedora-coreos/kubernetes`. ```tf module "ramius" { - source = "git::https://github.com/poseidon/typhoon//azure/fedora-coreos/kubernetes?ref=v1.31.2" + source = "git::https://github.com/poseidon/typhoon//azure/fedora-coreos/kubernetes?ref=v1.31.3" # Azure cluster_name = "ramius" @@ -164,9 +164,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/ramius-config $ kubectl get nodes NAME STATUS ROLES AGE VERSION -ramius-controller-0 Ready 24m v1.31.2 -ramius-worker-000001 Ready 25m v1.31.2 -ramius-worker-000002 Ready 24m v1.31.2 +ramius-controller-0 Ready 24m v1.31.3 +ramius-worker-000001 Ready 25m v1.31.3 +ramius-worker-000002 Ready 24m v1.31.3 ``` List the pods. diff --git a/docs/fedora-coreos/bare-metal.md b/docs/fedora-coreos/bare-metal.md index 25c05388..ca05b9d2 100644 --- a/docs/fedora-coreos/bare-metal.md +++ b/docs/fedora-coreos/bare-metal.md @@ -1,6 +1,6 @@ # Bare-Metal -In this tutorial, we'll network boot and provision a Kubernetes v1.31.2 cluster on bare-metal with Fedora CoreOS. +In this tutorial, we'll network boot and provision a Kubernetes v1.31.3 cluster on bare-metal with Fedora CoreOS. First, we'll deploy a [Matchbox](https://github.com/poseidon/matchbox) service and setup a network boot environment. Then, we'll declare a Kubernetes cluster using the Typhoon Terraform module and power on machines. On PXE boot, machines will install Fedora CoreOS to disk, reboot into the disk install, and provision themselves as Kubernetes controllers or workers via Ignition. @@ -154,7 +154,7 @@ Define a Kubernetes cluster using the module `bare-metal/fedora-coreos/kubernete ```tf module "mercury" { - source = "git::https://github.com/poseidon/typhoon//bare-metal/fedora-coreos/kubernetes?ref=v1.31.2" + source = "git::https://github.com/poseidon/typhoon//bare-metal/fedora-coreos/kubernetes?ref=v1.31.3" # bare-metal cluster_name = "mercury" @@ -191,7 +191,7 @@ Workers with similar features can be defined inline using the `workers` field as ```tf module "mercury-node1" { - source = "git::https://github.com/poseidon/typhoon//bare-metal/fedora-coreos/kubernetes/worker?ref=v1.31.2" + source = "git::https://github.com/poseidon/typhoon//bare-metal/fedora-coreos/kubernetes/worker?ref=v1.31.3" # bare-metal cluster_name = "mercury" @@ -314,9 +314,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/mercury-config $ kubectl get nodes NAME STATUS ROLES AGE VERSION -node1.example.com Ready 10m v1.31.2 -node2.example.com Ready 10m v1.31.2 -node3.example.com Ready 10m v1.31.2 +node1.example.com Ready 10m v1.31.3 +node2.example.com Ready 10m v1.31.3 +node3.example.com Ready 10m v1.31.3 ``` List the pods. diff --git a/docs/fedora-coreos/digitalocean.md b/docs/fedora-coreos/digitalocean.md index 239206e3..cf95787e 100644 --- a/docs/fedora-coreos/digitalocean.md +++ b/docs/fedora-coreos/digitalocean.md @@ -1,6 +1,6 @@ # DigitalOcean -In this tutorial, we'll create a Kubernetes v1.31.2 cluster on DigitalOcean with Fedora CoreOS. +In this tutorial, we'll create a Kubernetes v1.31.3 cluster on DigitalOcean with Fedora CoreOS. We'll declare a Kubernetes cluster using the Typhoon Terraform module. Then apply the changes to create controller droplets, worker droplets, DNS records, tags, and TLS assets. @@ -81,7 +81,7 @@ Define a Kubernetes cluster using the module `digital-ocean/fedora-coreos/kubern ```tf module "nemo" { - source = "git::https://github.com/poseidon/typhoon//digital-ocean/fedora-coreos/kubernetes?ref=v1.31.2" + source = "git::https://github.com/poseidon/typhoon//digital-ocean/fedora-coreos/kubernetes?ref=v1.31.3" # Digital Ocean cluster_name = "nemo" @@ -156,9 +156,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/nemo-config $ kubectl get nodes NAME STATUS ROLES AGE VERSION -10.132.110.130 Ready 10m v1.31.2 -10.132.115.81 Ready 10m v1.31.2 -10.132.124.107 Ready 10m v1.31.2 +10.132.110.130 Ready 10m v1.31.3 +10.132.115.81 Ready 10m v1.31.3 +10.132.124.107 Ready 10m v1.31.3 ``` List the pods. diff --git a/docs/fedora-coreos/google-cloud.md b/docs/fedora-coreos/google-cloud.md index 552ffd77..faeadcf4 100644 --- a/docs/fedora-coreos/google-cloud.md +++ b/docs/fedora-coreos/google-cloud.md @@ -1,6 +1,6 @@ # Google Cloud -In this tutorial, we'll create a Kubernetes v1.31.2 cluster on Google Compute Engine with Fedora CoreOS. +In this tutorial, we'll create a Kubernetes v1.31.3 cluster on Google Compute Engine with Fedora CoreOS. We'll declare a Kubernetes cluster using the Typhoon Terraform module. Then apply the changes to create a network, firewall rules, health checks, controller instances, worker managed instance group, load balancers, and TLS assets. @@ -73,7 +73,7 @@ Define a Kubernetes cluster using the module `google-cloud/fedora-coreos/kuberne ```tf module "yavin" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.31.2" + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.31.3" # Google Cloud cluster_name = "yavin" @@ -148,9 +148,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/yavin-config $ kubectl get nodes NAME ROLES STATUS AGE VERSION -yavin-controller-0.c.example-com.internal Ready 6m v1.31.2 -yavin-worker-jrbf.c.example-com.internal Ready 5m v1.31.2 -yavin-worker-mzdm.c.example-com.internal Ready 5m v1.31.2 +yavin-controller-0.c.example-com.internal Ready 6m v1.31.3 +yavin-worker-jrbf.c.example-com.internal Ready 5m v1.31.3 +yavin-worker-mzdm.c.example-com.internal Ready 5m v1.31.3 ``` List the pods. diff --git a/docs/flatcar-linux/aws.md b/docs/flatcar-linux/aws.md index a279fdfb..2e49b890 100644 --- a/docs/flatcar-linux/aws.md +++ b/docs/flatcar-linux/aws.md @@ -1,6 +1,6 @@ # AWS -In this tutorial, we'll create a Kubernetes v1.31.2 cluster on AWS with Flatcar Linux. +In this tutorial, we'll create a Kubernetes v1.31.3 cluster on AWS with Flatcar Linux. We'll declare a Kubernetes cluster using the Typhoon Terraform module. Then apply the changes to create a VPC, gateway, subnets, security groups, controller instances, worker auto-scaling group, network load balancer, and TLS assets. @@ -72,7 +72,7 @@ Define a Kubernetes cluster using the module `aws/flatcar-linux/kubernetes`. ```tf module "tempest" { - source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes?ref=v1.31.2" + source = "git::https://github.com/poseidon/typhoon//aws/flatcar-linux/kubernetes?ref=v1.31.3" # AWS cluster_name = "tempest" @@ -146,9 +146,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/tempest-config $ kubectl get nodes NAME STATUS ROLES AGE VERSION -ip-10-0-3-155 Ready 10m v1.31.2 -ip-10-0-26-65 Ready 10m v1.31.2 -ip-10-0-41-21 Ready 10m v1.31.2 +ip-10-0-3-155 Ready 10m v1.31.3 +ip-10-0-26-65 Ready 10m v1.31.3 +ip-10-0-41-21 Ready 10m v1.31.3 ``` List the pods. diff --git a/docs/flatcar-linux/azure.md b/docs/flatcar-linux/azure.md index 19fbaabe..891b69a9 100644 --- a/docs/flatcar-linux/azure.md +++ b/docs/flatcar-linux/azure.md @@ -1,6 +1,6 @@ # Azure -In this tutorial, we'll create a Kubernetes v1.31.2 cluster on Azure with Flatcar Linux. +In this tutorial, we'll create a Kubernetes v1.31.3 cluster on Azure with Flatcar Linux. We'll declare a Kubernetes cluster using the Typhoon Terraform module. Then apply the changes to create a resource group, virtual network, subnets, security groups, controller availability set, worker scale set, load balancer, and TLS assets. @@ -75,7 +75,7 @@ Define a Kubernetes cluster using the module `azure/flatcar-linux/kubernetes`. ```tf module "ramius" { - source = "git::https://github.com/poseidon/typhoon//azure/flatcar-linux/kubernetes?ref=v1.31.2" + source = "git::https://github.com/poseidon/typhoon//azure/flatcar-linux/kubernetes?ref=v1.31.3" # Azure cluster_name = "ramius" @@ -152,9 +152,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/ramius-config $ kubectl get nodes NAME STATUS ROLES AGE VERSION -ramius-controller-0 Ready 24m v1.31.2 -ramius-worker-000001 Ready 25m v1.31.2 -ramius-worker-000002 Ready 24m v1.31.2 +ramius-controller-0 Ready 24m v1.31.3 +ramius-worker-000001 Ready 25m v1.31.3 +ramius-worker-000002 Ready 24m v1.31.3 ``` List the pods. diff --git a/docs/flatcar-linux/bare-metal.md b/docs/flatcar-linux/bare-metal.md index 5137d040..1da92e51 100644 --- a/docs/flatcar-linux/bare-metal.md +++ b/docs/flatcar-linux/bare-metal.md @@ -1,6 +1,6 @@ # Bare-Metal -In this tutorial, we'll network boot and provision a Kubernetes v1.31.2 cluster on bare-metal with Flatcar Linux. +In this tutorial, we'll network boot and provision a Kubernetes v1.31.3 cluster on bare-metal with Flatcar Linux. First, we'll deploy a [Matchbox](https://github.com/poseidon/matchbox) service and setup a network boot environment. Then, we'll declare a Kubernetes cluster using the Typhoon Terraform module and power on machines. On PXE boot, machines will install Container Linux to disk, reboot into the disk install, and provision themselves as Kubernetes controllers or workers via Ignition. @@ -154,7 +154,7 @@ Define a Kubernetes cluster using the module `bare-metal/flatcar-linux/kubernete ```tf module "mercury" { - source = "git::https://github.com/poseidon/typhoon//bare-metal/flatcar-linux/kubernetes?ref=v1.31.2" + source = "git::https://github.com/poseidon/typhoon//bare-metal/flatcar-linux/kubernetes?ref=v1.31.3" # bare-metal cluster_name = "mercury" @@ -194,7 +194,7 @@ Workers with similar features can be defined inline using the `workers` field as ```tf module "mercury-node1" { - source = "git::https://github.com/poseidon/typhoon//bare-metal/fedora-coreos/kubernetes/worker?ref=v1.31.2" + source = "git::https://github.com/poseidon/typhoon//bare-metal/fedora-coreos/kubernetes/worker?ref=v1.31.3" # bare-metal cluster_name = "mercury" @@ -324,9 +324,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/mercury-config $ kubectl get nodes NAME STATUS ROLES AGE VERSION -node1.example.com Ready 10m v1.31.2 -node2.example.com Ready 10m v1.31.2 -node3.example.com Ready 10m v1.31.2 +node1.example.com Ready 10m v1.31.3 +node2.example.com Ready 10m v1.31.3 +node3.example.com Ready 10m v1.31.3 ``` List the pods. diff --git a/docs/flatcar-linux/digitalocean.md b/docs/flatcar-linux/digitalocean.md index 961ca521..9d627247 100644 --- a/docs/flatcar-linux/digitalocean.md +++ b/docs/flatcar-linux/digitalocean.md @@ -1,6 +1,6 @@ # DigitalOcean -In this tutorial, we'll create a Kubernetes v1.31.2 cluster on DigitalOcean with Flatcar Linux. +In this tutorial, we'll create a Kubernetes v1.31.3 cluster on DigitalOcean with Flatcar Linux. We'll declare a Kubernetes cluster using the Typhoon Terraform module. Then apply the changes to create controller droplets, worker droplets, DNS records, tags, and TLS assets. @@ -81,7 +81,7 @@ Define a Kubernetes cluster using the module `digital-ocean/flatcar-linux/kubern ```tf module "nemo" { - source = "git::https://github.com/poseidon/typhoon//digital-ocean/flatcar-linux/kubernetes?ref=v1.31.2" + source = "git::https://github.com/poseidon/typhoon//digital-ocean/flatcar-linux/kubernetes?ref=v1.31.3" # Digital Ocean cluster_name = "nemo" @@ -156,9 +156,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/nemo-config $ kubectl get nodes NAME STATUS ROLES AGE VERSION -10.132.110.130 Ready 10m v1.31.2 -10.132.115.81 Ready 10m v1.31.2 -10.132.124.107 Ready 10m v1.31.2 +10.132.110.130 Ready 10m v1.31.3 +10.132.115.81 Ready 10m v1.31.3 +10.132.124.107 Ready 10m v1.31.3 ``` List the pods. diff --git a/docs/flatcar-linux/google-cloud.md b/docs/flatcar-linux/google-cloud.md index 712ab54a..ecaf77dd 100644 --- a/docs/flatcar-linux/google-cloud.md +++ b/docs/flatcar-linux/google-cloud.md @@ -1,6 +1,6 @@ # Google Cloud -In this tutorial, we'll create a Kubernetes v1.31.2 cluster on Google Compute Engine with Flatcar Linux. +In this tutorial, we'll create a Kubernetes v1.31.3 cluster on Google Compute Engine with Flatcar Linux. We'll declare a Kubernetes cluster using the Typhoon Terraform module. Then apply the changes to create a network, firewall rules, health checks, controller instances, worker managed instance group, load balancers, and TLS assets. @@ -73,7 +73,7 @@ Define a Kubernetes cluster using the module `google-cloud/flatcar-linux/kuberne ```tf module "yavin" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/flatcar-linux/kubernetes?ref=v1.31.2" + source = "git::https://github.com/poseidon/typhoon//google-cloud/flatcar-linux/kubernetes?ref=v1.31.3" # Google Cloud cluster_name = "yavin" @@ -148,9 +148,9 @@ List nodes in the cluster. $ export KUBECONFIG=/home/user/.kube/configs/yavin-config $ kubectl get nodes NAME ROLES STATUS AGE VERSION -yavin-controller-0.c.example-com.internal Ready 6m v1.31.2 -yavin-worker-jrbf.c.example-com.internal Ready 5m v1.31.2 -yavin-worker-mzdm.c.example-com.internal Ready 5m v1.31.2 +yavin-controller-0.c.example-com.internal Ready 6m v1.31.3 +yavin-worker-jrbf.c.example-com.internal Ready 5m v1.31.3 +yavin-worker-mzdm.c.example-com.internal Ready 5m v1.31.3 ``` List the pods. diff --git a/docs/index.md b/docs/index.md index c56e9b20..9d46a994 100644 --- a/docs/index.md +++ b/docs/index.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.31.2 (upstream) +* Kubernetes v1.31.3 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/), SELinux enforcing * Advanced features like [worker pools](advanced/worker-pools/), [preemptible](fedora-coreos/google-cloud/#preemption) workers, and [snippets](advanced/customization/#hosts) customization @@ -70,7 +70,7 @@ Define a Kubernetes cluster by using the Terraform module for your chosen platfo ```tf module "yavin" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.31.2" + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.31.3" # Google Cloud cluster_name = "yavin" @@ -109,9 +109,9 @@ In 4-8 minutes (varies by platform), the cluster will be ready. This Google Clou $ export KUBECONFIG=/home/user/.kube/configs/yavin-config $ kubectl get nodes NAME ROLES STATUS AGE VERSION -yavin-controller-0.c.example-com.internal Ready 6m v1.31.2 -yavin-worker-jrbf.c.example-com.internal Ready 5m v1.31.2 -yavin-worker-mzdm.c.example-com.internal Ready 5m v1.31.2 +yavin-controller-0.c.example-com.internal Ready 6m v1.31.3 +yavin-worker-jrbf.c.example-com.internal Ready 5m v1.31.3 +yavin-worker-mzdm.c.example-com.internal Ready 5m v1.31.3 ``` List the pods. diff --git a/docs/topics/maintenance.md b/docs/topics/maintenance.md index 1e795fa2..68387d55 100644 --- a/docs/topics/maintenance.md +++ b/docs/topics/maintenance.md @@ -13,12 +13,12 @@ Typhoon provides tagged releases to allow clusters to be versioned using ordinar ``` module "yavin" { - source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.31.2" + source = "git::https://github.com/poseidon/typhoon//google-cloud/fedora-coreos/kubernetes?ref=v1.31.3" ... } module "mercury" { - source = "git::https://github.com/poseidon/typhoon//bare-metal/flatcar-linux/kubernetes?ref=v1.31.2" + source = "git::https://github.com/poseidon/typhoon//bare-metal/flatcar-linux/kubernetes?ref=v1.31.3" ... } ``` @@ -192,7 +192,7 @@ Applying edits to most worker fields will start an instance refresh: However, changing `os_stream`/`os_channel` or new AMIs becoming available will NOT change the launch configuration or trigger an Instance Refresh. This allows Fedora CoreOS or Flatcar Linux to auto-update themselves via reboots and avoids unexpected terraform diffs for new AMIs. !!! note - Before Typhoon v1.31.2, worker nodes only used new launch configurations when replaced manually (or due to failure). If you must change node configuration manually, it's still possible. Create a new [worker pool](../advanced/worker-pools.md), then scale down the old worker pool as desired. + Before Typhoon v1.31.3, worker nodes only used new launch configurations when replaced manually (or due to failure). If you must change node configuration manually, it's still possible. Create a new [worker pool](../advanced/worker-pools.md), then scale down the old worker pool as desired. ### Google Cloud @@ -233,7 +233,7 @@ Applying edits to most worker fields will start an instance refresh: However, changing `os_stream`/`os_channel` or new compute images becoming available will NOT change the launch template or update instances. This allows Fedora CoreOS or Flatcar Linux to auto-update themselves via reboots and avoids unexpected terraform diffs for new AMIs. !!! note - Before Typhoon v1.31.2, worker nodes only used new launch templates when replaced manually (or due to failure). If you must change node configuration manually, it's still possible. Create a new [worker pool](../advanced/worker-pools.md), then scale down the old worker pool as desired. + Before Typhoon v1.31.3, worker nodes only used new launch templates when replaced manually (or due to failure). If you must change node configuration manually, it's still possible. Create a new [worker pool](../advanced/worker-pools.md), then scale down the old worker pool as desired. ## Upgrade poseidon/ct diff --git a/google-cloud/fedora-coreos/kubernetes/README.md b/google-cloud/fedora-coreos/kubernetes/README.md index 6fe6573a..1c6cefc1 100644 --- a/google-cloud/fedora-coreos/kubernetes/README.md +++ b/google-cloud/fedora-coreos/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.31.2 (upstream) +* Kubernetes v1.31.3 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/), SELinux enforcing * Advanced features like [worker pools](https://typhoon.psdn.io/advanced/worker-pools/), [preemptible](https://typhoon.psdn.io/fedora-coreos/google-cloud/#preemption) workers, and [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/google-cloud/fedora-coreos/kubernetes/bootstrap.tf b/google-cloud/fedora-coreos/kubernetes/bootstrap.tf index fae5f1a2..5decc2ae 100644 --- a/google-cloud/fedora-coreos/kubernetes/bootstrap.tf +++ b/google-cloud/fedora-coreos/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=95203db11c7f5dc7dacdeddd54bbcc4881624eae" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=e6a1c7bccfc45ab299b5f8149bc3840f99b30b2b" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/google-cloud/fedora-coreos/kubernetes/butane/controller.yaml b/google-cloud/fedora-coreos/kubernetes/butane/controller.yaml index ba48732b..ab6d7fbd 100644 --- a/google-cloud/fedora-coreos/kubernetes/butane/controller.yaml +++ b/google-cloud/fedora-coreos/kubernetes/butane/controller.yaml @@ -54,7 +54,7 @@ systemd: Description=Kubelet (System Container) Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.2 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.3 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin @@ -111,7 +111,7 @@ systemd: --volume /opt/bootstrap/assets:/assets:ro,Z \ --volume /opt/bootstrap/apply:/apply:ro,Z \ --entrypoint=/apply \ - quay.io/poseidon/kubelet:v1.31.2 + quay.io/poseidon/kubelet:v1.31.3 ExecStartPost=/bin/touch /opt/bootstrap/bootstrap.done ExecStartPost=-/usr/bin/podman stop bootstrap storage: diff --git a/google-cloud/fedora-coreos/kubernetes/workers/butane/worker.yaml b/google-cloud/fedora-coreos/kubernetes/workers/butane/worker.yaml index 0b828fb0..112251f1 100644 --- a/google-cloud/fedora-coreos/kubernetes/workers/butane/worker.yaml +++ b/google-cloud/fedora-coreos/kubernetes/workers/butane/worker.yaml @@ -26,7 +26,7 @@ systemd: Description=Kubelet (System Container) Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.2 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.3 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin diff --git a/google-cloud/flatcar-linux/kubernetes/README.md b/google-cloud/flatcar-linux/kubernetes/README.md index 43fa0aa5..21ecaf52 100644 --- a/google-cloud/flatcar-linux/kubernetes/README.md +++ b/google-cloud/flatcar-linux/kubernetes/README.md @@ -11,7 +11,7 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster ## Features -* Kubernetes v1.31.2 (upstream) +* Kubernetes v1.31.3 (upstream) * Single or multi-master, [Calico](https://www.projectcalico.org/) or [Cilium](https://github.com/cilium/cilium) or [flannel](https://github.com/coreos/flannel) networking * On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/) * Advanced features like [worker pools](https://typhoon.psdn.io/advanced/worker-pools/), [preemptible](https://typhoon.psdn.io/flatcar-linux/google-cloud/#preemption) workers, and [snippets](https://typhoon.psdn.io/advanced/customization/#hosts) customization diff --git a/google-cloud/flatcar-linux/kubernetes/bootstrap.tf b/google-cloud/flatcar-linux/kubernetes/bootstrap.tf index fae5f1a2..5decc2ae 100644 --- a/google-cloud/flatcar-linux/kubernetes/bootstrap.tf +++ b/google-cloud/flatcar-linux/kubernetes/bootstrap.tf @@ -1,6 +1,6 @@ # Kubernetes assets (kubeconfig, manifests) module "bootstrap" { - source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=95203db11c7f5dc7dacdeddd54bbcc4881624eae" + source = "git::https://github.com/poseidon/terraform-render-bootstrap.git?ref=e6a1c7bccfc45ab299b5f8149bc3840f99b30b2b" cluster_name = var.cluster_name api_servers = [format("%s.%s", var.cluster_name, var.dns_zone)] diff --git a/google-cloud/flatcar-linux/kubernetes/butane/controller.yaml b/google-cloud/flatcar-linux/kubernetes/butane/controller.yaml index a8bef091..5a21f7da 100644 --- a/google-cloud/flatcar-linux/kubernetes/butane/controller.yaml +++ b/google-cloud/flatcar-linux/kubernetes/butane/controller.yaml @@ -56,7 +56,7 @@ systemd: After=docker.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.2 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.3 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin @@ -105,7 +105,7 @@ systemd: Type=oneshot RemainAfterExit=true WorkingDirectory=/opt/bootstrap - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.2 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.3 ExecStart=/usr/bin/docker run \ -v /etc/kubernetes/pki:/etc/kubernetes/pki:ro \ -v /opt/bootstrap/assets:/assets:ro \ diff --git a/google-cloud/flatcar-linux/kubernetes/workers/butane/worker.yaml b/google-cloud/flatcar-linux/kubernetes/workers/butane/worker.yaml index 19008052..1cf68fcf 100644 --- a/google-cloud/flatcar-linux/kubernetes/workers/butane/worker.yaml +++ b/google-cloud/flatcar-linux/kubernetes/workers/butane/worker.yaml @@ -28,7 +28,7 @@ systemd: After=docker.service Wants=rpc-statd.service [Service] - Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.2 + Environment=KUBELET_IMAGE=quay.io/poseidon/kubelet:v1.31.3 ExecStartPre=/bin/mkdir -p /etc/cni/net.d ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests ExecStartPre=/bin/mkdir -p /opt/cni/bin From 10dd385c38c88a580397e09584220cddaf770c58 Mon Sep 17 00:00:00 2001 From: "dghubble-renovate[bot]" <119624128+dghubble-renovate[bot]@users.noreply.github.com> Date: Sun, 24 Nov 2024 19:40:45 +0000 Subject: [PATCH 131/132] Bump registry.k8s.io/coredns/coredns image from v1.11.4 to v1.12.0 --- addons/coredns/deployment.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/addons/coredns/deployment.tf b/addons/coredns/deployment.tf index c0bd2cb8..34602a9d 100644 --- a/addons/coredns/deployment.tf +++ b/addons/coredns/deployment.tf @@ -77,7 +77,7 @@ resource "kubernetes_deployment" "coredns" { } container { name = "coredns" - image = "registry.k8s.io/coredns/coredns:v1.11.4" + image = "registry.k8s.io/coredns/coredns:v1.12.0" args = ["-conf", "/etc/coredns/Corefile"] port { name = "dns" From 17060445f71f7f82b996b59e13248b5cea285cb5 Mon Sep 17 00:00:00 2001 From: "dghubble-renovate[bot]" <119624128+dghubble-renovate[bot]@users.noreply.github.com> Date: Mon, 25 Nov 2024 23:00:59 +0000 Subject: [PATCH 132/132] Bump mkdocs-material from 9.5.45 to v9.5.46 --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 469d574d..7cd147d9 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,4 +1,4 @@ mkdocs==1.6.1 -mkdocs-material==9.5.45 +mkdocs-material==9.5.46 pygments==2.18.0 pymdown-extensions==10.12