diff --git a/Makefile b/Makefile index 5ed03747..f80e714f 100644 --- a/Makefile +++ b/Makefile @@ -73,7 +73,7 @@ gate-lint: gate-lint-deps tox -e gate-lint gate-lint-deps: - sudo apt-get install -y --no-install-recommends shellcheck + sudo apt-get install -y --no-install-recommends shellcheck tox helm-lint: $(addprefix helm-lint-,$(CHARTS)) diff --git a/charts/apiserver-webhook/values.yaml b/charts/apiserver-webhook/values.yaml index c1ab32bb..1233d811 100644 --- a/charts/apiserver-webhook/values.yaml +++ b/charts/apiserver-webhook/values.yaml @@ -17,7 +17,7 @@ release_uuid: null images: tags: - apiserver: gcr.io/google_containers/hyperkube-amd64:v1.17.3 + apiserver: gcr.io/google_containers/hyperkube-amd64:v1.18.6 kubernetes_keystone_webhook: docker.io/k8scloudprovider/k8s-keystone-auth:latest scripted_test: docker.io/openstackhelm/heat:newton dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1 @@ -325,10 +325,10 @@ conf: encryption_provider: file: 'encryption_provider.yaml' command_options: - - '--experimental-encryption-provider-config=/etc/webhook_apiserver/dynamic/encryption_provider.yaml' + - '--encryption-provider-config=/etc/webhook_apiserver/dynamic/encryption_provider.yaml' content: - kind: EncryptionConfig - apiVersion: v1 + kind: EncryptionConfiguration + apiVersion: apiserver.config.k8s.io/v1 policy: - resource: verbs: diff --git a/charts/apiserver/values.yaml b/charts/apiserver/values.yaml index 77114000..808be191 100644 --- a/charts/apiserver/values.yaml +++ b/charts/apiserver/values.yaml @@ -58,9 +58,9 @@ const: images: tags: dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1 - anchor: gcr.io/google_containers/hyperkube-amd64:v1.17.3 - apiserver: gcr.io/google_containers/hyperkube-amd64:v1.17.3 - key_rotate: gcr.io/google_containers/hyperkube-amd64:v1.17.3 + anchor: gcr.io/google_containers/hyperkube-amd64:v1.18.6 + apiserver: gcr.io/google_containers/hyperkube-amd64:v1.18.6 + key_rotate: gcr.io/google_containers/hyperkube-amd64:v1.18.6 pull_policy: "IfNotPresent" local_registry: active: false @@ -146,10 +146,10 @@ conf: encryption_provider: file: encryption_provider.yaml command_options: - - '--experimental-encryption-provider-config=/etc/kubernetes/apiserver/encryption_provider.yaml' + - '--encryption-provider-config=/etc/kubernetes/apiserver/encryption_provider.yaml' content: - kind: EncryptionConfig - apiVersion: v1 + kind: EncryptionConfiguration + apiVersion: apiserver.config.k8s.io/v1 resources: - resources: - 'secrets' diff --git a/charts/controller_manager/values.yaml b/charts/controller_manager/values.yaml index 7e217302..4475a96e 100644 --- a/charts/controller_manager/values.yaml +++ b/charts/controller_manager/values.yaml @@ -16,8 +16,8 @@ release_group: null images: tags: - anchor: gcr.io/google_containers/hyperkube-amd64:v1.17.3 - controller_manager: gcr.io/google_containers/hyperkube-amd64:v1.17.3 + anchor: gcr.io/google_containers/hyperkube-amd64:v1.18.6 + controller_manager: gcr.io/google_containers/hyperkube-amd64:v1.18.6 pull_policy: "IfNotPresent" labels: diff --git a/charts/haproxy/values.yaml b/charts/haproxy/values.yaml index 7cdf02f6..b334b2b1 100644 --- a/charts/haproxy/values.yaml +++ b/charts/haproxy/values.yaml @@ -64,7 +64,7 @@ conf: images: tags: - anchor: gcr.io/google_containers/hyperkube-amd64:v1.17.3 + anchor: gcr.io/google_containers/hyperkube-amd64:v1.18.6 haproxy: haproxy:1.8.25 test: python:3.6 pull_policy: "IfNotPresent" diff --git a/charts/promenade/values.yaml b/charts/promenade/values.yaml index d82692f7..39136d61 100644 --- a/charts/promenade/values.yaml +++ b/charts/promenade/values.yaml @@ -49,7 +49,7 @@ conf: images: tags: monitoring_image: busybox:1.28.3 - hyperkube: gcr.io/google_containers/hyperkube-amd64:v1.17.3 + hyperkube: gcr.io/google_containers/hyperkube-amd64:v1.18.6 promenade: quay.io/airshipit/promenade:latest ks_user: docker.io/openstackhelm/heat:newton ks_service: docker.io/openstackhelm/heat:newton diff --git a/charts/proxy/values.yaml b/charts/proxy/values.yaml index f6cec724..268e54c2 100644 --- a/charts/proxy/values.yaml +++ b/charts/proxy/values.yaml @@ -67,7 +67,7 @@ pod: images: tags: - proxy: gcr.io/google_containers/hyperkube-amd64:v1.17.3 + proxy: gcr.io/google_containers/hyperkube-amd64:v1.18.6 pull_policy: "IfNotPresent" proxy: diff --git a/charts/scheduler/values.yaml b/charts/scheduler/values.yaml index cc7d3390..b18ff5ef 100644 --- a/charts/scheduler/values.yaml +++ b/charts/scheduler/values.yaml @@ -85,8 +85,8 @@ secrets: images: tags: - anchor: gcr.io/google_containers/hyperkube-amd64:v1.17.3 - scheduler: gcr.io/google_containers/hyperkube-amd64:v1.17.3 + anchor: gcr.io/google_containers/hyperkube-amd64:v1.18.6 + scheduler: gcr.io/google_containers/hyperkube-amd64:v1.18.6 pull_policy: "IfNotPresent" network: @@ -100,4 +100,7 @@ service: command_prefix: - /hyperkube - kube-scheduler - - --feature-gates=TaintNodesByCondition=true + # TaintNodesByCondition feature is unconditionally enabled and the + # corresponding --feature-gates flags have been removed in 1.18.x + # See: https://kubernetes.io/docs/setup/release/notes/#urgent-upgrade-notes + #- --feature-gates=TaintNodesByCondition=true diff --git a/doc/source/configuration/genesis.rst b/doc/source/configuration/genesis.rst index 3ff6321d..2266268d 100644 --- a/doc/source/configuration/genesis.rst +++ b/doc/source/configuration/genesis.rst @@ -48,10 +48,10 @@ Here is a complete sample document: helm: tiller: gcr.io/kubernetes-helm/tiller:v2.16.1 kubernetes: - apiserver: gcr.io/google_containers/hyperkube-amd64:v1.17.3 - controller-manager: gcr.io/google_containers/hyperkube-amd64:v1.17.3 + apiserver: gcr.io/google_containers/hyperkube-amd64:v1.18.6 + controller-manager: gcr.io/google_containers/hyperkube-amd64:v1.18.6 etcd: quay.io/coreos/etcd:v3.4.2 - scheduler: gcr.io/google_containers/hyperkube-amd64:v1.17.3 + scheduler: gcr.io/google_containers/hyperkube-amd64:v1.18.6 files: - path: /var/lib/anchor/calico-etcd-bootstrap content: "" diff --git a/doc/source/configuration/host-system.rst b/doc/source/configuration/host-system.rst index d12a8321..f60b7335 100644 --- a/doc/source/configuration/host-system.rst +++ b/doc/source/configuration/host-system.rst @@ -16,7 +16,7 @@ Sample Document to run containers in Docker runtime data: files: - path: /opt/kubernetes/bin/kubelet - tar_url: https://dl.k8s.io/v1.17.3/kubernetes-node-linux-amd64.tar.gz + tar_url: https://dl.k8s.io/v1.18.6/kubernetes-node-linux-amd64.tar.gz tar_path: kubernetes/node/bin/kubelet mode: 0555 images: @@ -24,7 +24,7 @@ Sample Document to run containers in Docker runtime helm: helm: lachlanevenson/k8s-helm:v2.14.0 kubernetes: - kubectl: gcr.io/google_containers/hyperkube-amd64:v1.17.3 + kubectl: gcr.io/google_containers/hyperkube-amd64:v1.18.6 packages: repositories: - deb [arch=amd64] https://download.docker.com/linux/ubuntu bionic stable @@ -116,7 +116,7 @@ Sample Document to run containers in Containerd runtime data: files: - path: /opt/kubernetes/bin/kubelet - tar_url: https://dl.k8s.io/v1.17.3/kubernetes-node-linux-amd64.tar.gz + tar_url: https://dl.k8s.io/v1.18.6/kubernetes-node-linux-amd64.tar.gz tar_path: kubernetes/node/bin/kubelet mode: 0555 images: @@ -124,7 +124,7 @@ Sample Document to run containers in Containerd runtime helm: helm: lachlanevenson/k8s-helm:v2.14.0 kubernetes: - kubectl: gcr.io/google_containers/hyperkube-amd64:v1.17.3 + kubectl: gcr.io/google_containers/hyperkube-amd64:v1.18.6 packages: additional: - curl diff --git a/examples/basic/Genesis.yaml b/examples/basic/Genesis.yaml index 4c59f5f3..fc631069 100644 --- a/examples/basic/Genesis.yaml +++ b/examples/basic/Genesis.yaml @@ -26,7 +26,7 @@ data: - --endpoint-reconciler-type=lease - --feature-gates=PodShareProcessNamespace=true - --admission-control-config-file=/etc/kubernetes/apiserver/acconfig.yaml - - --experimental-encryption-provider-config=/etc/kubernetes/apiserver/encryption_provider.yaml + - --encryption-provider-config=/etc/kubernetes/apiserver/encryption_provider.yaml - --v=3 armada: target_manifest: cluster-bootstrap @@ -51,10 +51,10 @@ data: helm: tiller: gcr.io/kubernetes-helm/tiller:v2.16.1 kubernetes: - apiserver: gcr.io/google_containers/hyperkube-amd64:v1.17.3 - controller-manager: gcr.io/google_containers/hyperkube-amd64:v1.17.3 + apiserver: gcr.io/google_containers/hyperkube-amd64:v1.18.6 + controller-manager: gcr.io/google_containers/hyperkube-amd64:v1.18.6 etcd: quay.io/coreos/etcd:v3.4.2 - scheduler: gcr.io/google_containers/hyperkube-amd64:v1.17.3 + scheduler: gcr.io/google_containers/hyperkube-amd64:v1.18.6 files: - path: /var/lib/anchor/calico-etcd-bootstrap content: "# placeholder for triggering calico etcd bootstrapping" diff --git a/examples/basic/HostSystem.yaml b/examples/basic/HostSystem.yaml index 7a04dd85..9c0bc131 100644 --- a/examples/basic/HostSystem.yaml +++ b/examples/basic/HostSystem.yaml @@ -13,11 +13,11 @@ data: enable: true files: - path: /opt/kubernetes/bin/kubelet - tar_url: https://dl.k8s.io/v1.17.3/kubernetes-node-linux-amd64.tar.gz + tar_url: https://dl.k8s.io/v1.18.6/kubernetes-node-linux-amd64.tar.gz tar_path: kubernetes/node/bin/kubelet mode: 0555 - path: /usr/local/bin/kubectl - tar_url: https://dl.k8s.io/v1.17.3/kubernetes-node-linux-amd64.tar.gz + tar_url: https://dl.k8s.io/v1.18.6/kubernetes-node-linux-amd64.tar.gz tar_path: kubernetes/node/bin/kubectl mode: 0555 - path: /etc/systemd/system/kube-cgroup.service diff --git a/examples/basic/Kubelet.yaml b/examples/basic/Kubelet.yaml index 0e6bc305..868ae1c8 100644 --- a/examples/basic/Kubelet.yaml +++ b/examples/basic/Kubelet.yaml @@ -16,11 +16,10 @@ data: images: pause: gcr.io/google_containers/pause-amd64:3.1 config_file_overrides: - cgroupRoot: "/kube_whitelist" evictionMaxPodGracePeriod: -1 featureGates: PodShareProcessNamespace: true - TaintBasedEvictions: false + TaintBasedEvictions: true nodeStatusUpdateFrequency: "5s" serializeImagePulls: false ... diff --git a/examples/basic/armada-resources.yaml b/examples/basic/armada-resources.yaml index f7543545..48bbafce 100644 --- a/examples/basic/armada-resources.yaml +++ b/examples/basic/armada-resources.yaml @@ -160,7 +160,7 @@ data: values: images: tags: - proxy: gcr.io/google_containers/hyperkube-amd64:v1.17.3 + proxy: gcr.io/google_containers/hyperkube-amd64:v1.18.6 network: kubernetes_netloc: 127.0.0.1:6553 source: @@ -627,7 +627,7 @@ data: images: tags: - anchor: gcr.io/google_containers/hyperkube-amd64:v1.17.3 + anchor: gcr.io/google_containers/hyperkube-amd64:v1.18.6 haproxy: haproxy:1.8.3 test: python:3.6 @@ -719,17 +719,17 @@ data: encryption_provider: file: encryption_provider.yaml command_options: - - '--experimental-encryption-provider-config=/etc/kubernetes/apiserver/encryption_provider.yaml' + - '--encryption-provider-config=/etc/kubernetes/apiserver/encryption_provider.yaml' content: - kind: EncryptionConfig - apiVersion: v1 + kind: EncryptionConfiguration + apiVersion: apiserver.config.k8s.io/v1 apiserver: etcd: endpoints: https://127.0.0.1:2378 images: tags: - anchor: gcr.io/google_containers/hyperkube-amd64:v1.17.3 - apiserver: gcr.io/google_containers/hyperkube-amd64:v1.17.3 + anchor: gcr.io/google_containers/hyperkube-amd64:v1.18.6 + apiserver: gcr.io/google_containers/hyperkube-amd64:v1.18.6 network: kubernetes_service_ip: 10.96.0.1 pod_cidr: 10.97.0.0/16 @@ -794,8 +794,8 @@ data: values: images: tags: - anchor: gcr.io/google_containers/hyperkube-amd64:v1.17.3 - controller_manager: gcr.io/google_containers/hyperkube-amd64:v1.17.3 + anchor: gcr.io/google_containers/hyperkube-amd64:v1.18.6 + controller_manager: gcr.io/google_containers/hyperkube-amd64:v1.18.6 secrets: service_account: private_key: placeholder @@ -868,8 +868,8 @@ data: images: tags: - anchor: gcr.io/google_containers/hyperkube-amd64:v1.17.3 - scheduler: gcr.io/google_containers/hyperkube-amd64:v1.17.3 + anchor: gcr.io/google_containers/hyperkube-amd64:v1.18.6 + scheduler: gcr.io/google_containers/hyperkube-amd64:v1.18.6 source: type: local diff --git a/examples/complete/Genesis.yaml b/examples/complete/Genesis.yaml index 3c7bd1cc..f6542008 100644 --- a/examples/complete/Genesis.yaml +++ b/examples/complete/Genesis.yaml @@ -39,10 +39,10 @@ data: helm: tiller: gcr.io/kubernetes-helm/tiller:v2.16.1 kubernetes: - apiserver: gcr.io/google_containers/hyperkube-amd64:v1.17.3 - controller-manager: gcr.io/google_containers/hyperkube-amd64:v1.17.3 + apiserver: gcr.io/google_containers/hyperkube-amd64:v1.18.6 + controller-manager: gcr.io/google_containers/hyperkube-amd64:v1.18.6 etcd: quay.io/coreos/etcd:v3.4.2 - scheduler: gcr.io/google_containers/hyperkube-amd64:v1.17.3 + scheduler: gcr.io/google_containers/hyperkube-amd64:v1.18.6 files: - path: /var/lib/anchor/calico-etcd-bootstrap content: "# placeholder for triggering calico etcd bootstrapping" diff --git a/examples/complete/HostSystem.yaml b/examples/complete/HostSystem.yaml index 5bd71501..86bef535 100644 --- a/examples/complete/HostSystem.yaml +++ b/examples/complete/HostSystem.yaml @@ -10,11 +10,11 @@ metadata: data: files: - path: /opt/kubernetes/bin/kubelet - tar_url: https://dl.k8s.io/v1.17.3/kubernetes-node-linux-amd64.tar.gz + tar_url: https://dl.k8s.io/v1.18.6/kubernetes-node-linux-amd64.tar.gz tar_path: kubernetes/node/bin/kubelet mode: 0555 - path: /usr/local/bin/kubectl - tar_url: https://dl.k8s.io/v1.17.3/kubernetes-node-linux-amd64.tar.gz + tar_url: https://dl.k8s.io/v1.18.6/kubernetes-node-linux-amd64.tar.gz tar_path: kubernetes/node/bin/kubectl mode: 0555 - path: /etc/logrotate.d/json-logrotate diff --git a/examples/complete/armada-resources.yaml b/examples/complete/armada-resources.yaml index 1235829c..f743a5a8 100644 --- a/examples/complete/armada-resources.yaml +++ b/examples/complete/armada-resources.yaml @@ -201,7 +201,7 @@ data: values: images: tags: - proxy: gcr.io/google_containers/hyperkube-amd64:v1.17.3 + proxy: gcr.io/google_containers/hyperkube-amd64:v1.18.6 network: kubernetes_netloc: 127.0.0.1:6553 source: @@ -644,7 +644,7 @@ data: images: tags: - anchor: gcr.io/google_containers/hyperkube-amd64:v1.17.3 + anchor: gcr.io/google_containers/hyperkube-amd64:v1.18.6 haproxy: haproxy:1.8.3 test: python:3.6 @@ -730,8 +730,8 @@ data: endpoints: https://127.0.0.1:2378 images: tags: - anchor: gcr.io/google_containers/hyperkube-amd64:v1.17.3 - apiserver: gcr.io/google_containers/hyperkube-amd64:v1.17.3 + anchor: gcr.io/google_containers/hyperkube-amd64:v1.18.6 + apiserver: gcr.io/google_containers/hyperkube-amd64:v1.18.6 secrets: service_account: public_key: placeholder @@ -807,8 +807,8 @@ data: values: images: tags: - anchor: gcr.io/google_containers/hyperkube-amd64:v1.17.3 - controller_manager: gcr.io/google_containers/hyperkube-amd64:v1.17.3 + anchor: gcr.io/google_containers/hyperkube-amd64:v1.18.6 + controller_manager: gcr.io/google_containers/hyperkube-amd64:v1.18.6 secrets: service_account: private_key: placeholder @@ -880,8 +880,8 @@ data: images: tags: - anchor: gcr.io/google_containers/hyperkube-amd64:v1.17.3 - scheduler: gcr.io/google_containers/hyperkube-amd64:v1.17.3 + anchor: gcr.io/google_containers/hyperkube-amd64:v1.18.6 + scheduler: gcr.io/google_containers/hyperkube-amd64:v1.18.6 source: type: local diff --git a/examples/containerd/Genesis.yaml b/examples/containerd/Genesis.yaml index debfca59..2967d2d8 100644 --- a/examples/containerd/Genesis.yaml +++ b/examples/containerd/Genesis.yaml @@ -26,7 +26,7 @@ data: - --endpoint-reconciler-type=lease - --feature-gates=PodShareProcessNamespace=true - --admission-control-config-file=/etc/kubernetes/apiserver/acconfig.yaml - - --experimental-encryption-provider-config=/etc/kubernetes/apiserver/encryption_provider.yaml + - --encryption-provider-config=/etc/kubernetes/apiserver/encryption_provider.yaml - --v=3 armada: target_manifest: cluster-bootstrap @@ -51,10 +51,10 @@ data: helm: tiller: gcr.io/kubernetes-helm/tiller:v2.16.1 kubernetes: - apiserver: gcr.io/google_containers/hyperkube-amd64:v1.17.3 - controller-manager: gcr.io/google_containers/hyperkube-amd64:v1.17.3 + apiserver: gcr.io/google_containers/hyperkube-amd64:v1.18.6 + controller-manager: gcr.io/google_containers/hyperkube-amd64:v1.18.6 etcd: quay.io/coreos/etcd:v3.4.2 - scheduler: gcr.io/google_containers/hyperkube-amd64:v1.17.3 + scheduler: gcr.io/google_containers/hyperkube-amd64:v1.18.6 files: - path: /var/lib/anchor/calico-etcd-bootstrap content: "# placeholder for triggering calico etcd bootstrapping" diff --git a/examples/containerd/HostSystem.yaml b/examples/containerd/HostSystem.yaml index 80490b87..3cc36e9e 100644 --- a/examples/containerd/HostSystem.yaml +++ b/examples/containerd/HostSystem.yaml @@ -13,11 +13,11 @@ data: enable: true files: - path: /opt/kubernetes/bin/kubelet - tar_url: https://dl.k8s.io/v1.17.3/kubernetes-node-linux-amd64.tar.gz + tar_url: https://dl.k8s.io/v1.18.6/kubernetes-node-linux-amd64.tar.gz tar_path: kubernetes/node/bin/kubelet mode: 0555 - path: /usr/local/bin/kubectl - tar_url: https://dl.k8s.io/v1.17.3/kubernetes-node-linux-amd64.tar.gz + tar_url: https://dl.k8s.io/v1.18.6/kubernetes-node-linux-amd64.tar.gz tar_path: kubernetes/node/bin/kubectl mode: 0555 - path: /etc/systemd/system/kube-cgroup.service diff --git a/examples/containerd/Kubelet.yaml b/examples/containerd/Kubelet.yaml index 7d8e7fd2..0ae30dfa 100644 --- a/examples/containerd/Kubelet.yaml +++ b/examples/containerd/Kubelet.yaml @@ -22,7 +22,7 @@ data: evictionMaxPodGracePeriod: -1 featureGates: PodShareProcessNamespace: true - TaintBasedEvictions: false + TaintBasedEvictions: true nodeStatusUpdateFrequency: "5s" serializeImagePulls: false ... diff --git a/examples/containerd/armada-resources.yaml b/examples/containerd/armada-resources.yaml index 0714778c..0e39b7eb 100644 --- a/examples/containerd/armada-resources.yaml +++ b/examples/containerd/armada-resources.yaml @@ -160,7 +160,7 @@ data: values: images: tags: - proxy: gcr.io/google_containers/hyperkube-amd64:v1.17.3 + proxy: gcr.io/google_containers/hyperkube-amd64:v1.18.6 network: kubernetes_netloc: 127.0.0.1:6553 source: @@ -524,7 +524,7 @@ data: images: tags: - anchor: gcr.io/google_containers/hyperkube-amd64:v1.17.3 + anchor: gcr.io/google_containers/hyperkube-amd64:v1.18.6 haproxy: haproxy:1.8.3 test: python:3.6 @@ -617,17 +617,17 @@ data: encryption_provider: file: encryption_provider.yaml command_options: - - '--experimental-encryption-provider-config=/etc/kubernetes/apiserver/encryption_provider.yaml' + - '--encryption-provider-config=/etc/kubernetes/apiserver/encryption_provider.yaml' content: - kind: EncryptionConfig - apiVersion: v1 + kind: EncryptionConfiguration + apiVersion: apiserver.config.k8s.io/v1 apiserver: etcd: endpoints: https://127.0.0.1:2378 images: tags: - anchor: gcr.io/google_containers/hyperkube-amd64:v1.17.3 - apiserver: gcr.io/google_containers/hyperkube-amd64:v1.17.3 + anchor: gcr.io/google_containers/hyperkube-amd64:v1.18.6 + apiserver: gcr.io/google_containers/hyperkube-amd64:v1.18.6 network: kubernetes_service_ip: 10.96.0.1 pod_cidr: 10.97.0.0/16 @@ -692,8 +692,8 @@ data: values: images: tags: - anchor: gcr.io/google_containers/hyperkube-amd64:v1.17.3 - controller_manager: gcr.io/google_containers/hyperkube-amd64:v1.17.3 + anchor: gcr.io/google_containers/hyperkube-amd64:v1.18.6 + controller_manager: gcr.io/google_containers/hyperkube-amd64:v1.18.6 secrets: service_account: private_key: placeholder @@ -766,8 +766,8 @@ data: images: tags: - anchor: gcr.io/google_containers/hyperkube-amd64:v1.17.3 - scheduler: gcr.io/google_containers/hyperkube-amd64:v1.17.3 + anchor: gcr.io/google_containers/hyperkube-amd64:v1.18.6 + scheduler: gcr.io/google_containers/hyperkube-amd64:v1.18.6 source: type: local diff --git a/examples/gate/Genesis.yaml b/examples/gate/Genesis.yaml index debfca59..2967d2d8 100644 --- a/examples/gate/Genesis.yaml +++ b/examples/gate/Genesis.yaml @@ -26,7 +26,7 @@ data: - --endpoint-reconciler-type=lease - --feature-gates=PodShareProcessNamespace=true - --admission-control-config-file=/etc/kubernetes/apiserver/acconfig.yaml - - --experimental-encryption-provider-config=/etc/kubernetes/apiserver/encryption_provider.yaml + - --encryption-provider-config=/etc/kubernetes/apiserver/encryption_provider.yaml - --v=3 armada: target_manifest: cluster-bootstrap @@ -51,10 +51,10 @@ data: helm: tiller: gcr.io/kubernetes-helm/tiller:v2.16.1 kubernetes: - apiserver: gcr.io/google_containers/hyperkube-amd64:v1.17.3 - controller-manager: gcr.io/google_containers/hyperkube-amd64:v1.17.3 + apiserver: gcr.io/google_containers/hyperkube-amd64:v1.18.6 + controller-manager: gcr.io/google_containers/hyperkube-amd64:v1.18.6 etcd: quay.io/coreos/etcd:v3.4.2 - scheduler: gcr.io/google_containers/hyperkube-amd64:v1.17.3 + scheduler: gcr.io/google_containers/hyperkube-amd64:v1.18.6 files: - path: /var/lib/anchor/calico-etcd-bootstrap content: "# placeholder for triggering calico etcd bootstrapping" diff --git a/examples/gate/HostSystem.yaml b/examples/gate/HostSystem.yaml index 05bd43a9..c1928812 100644 --- a/examples/gate/HostSystem.yaml +++ b/examples/gate/HostSystem.yaml @@ -13,11 +13,11 @@ data: enable: true files: - path: /opt/kubernetes/bin/kubelet - tar_url: https://dl.k8s.io/v1.17.3/kubernetes-node-linux-amd64.tar.gz + tar_url: https://dl.k8s.io/v1.18.6/kubernetes-node-linux-amd64.tar.gz tar_path: kubernetes/node/bin/kubelet mode: 0555 - path: /usr/local/bin/kubectl - tar_url: https://dl.k8s.io/v1.17.3/kubernetes-node-linux-amd64.tar.gz + tar_url: https://dl.k8s.io/v1.18.6/kubernetes-node-linux-amd64.tar.gz tar_path: kubernetes/node/bin/kubectl mode: 0555 - path: /etc/systemd/system/kube-cgroup.service diff --git a/examples/gate/Kubelet.yaml b/examples/gate/Kubelet.yaml index f053601f..868ae1c8 100644 --- a/examples/gate/Kubelet.yaml +++ b/examples/gate/Kubelet.yaml @@ -19,7 +19,7 @@ data: evictionMaxPodGracePeriod: -1 featureGates: PodShareProcessNamespace: true - TaintBasedEvictions: false + TaintBasedEvictions: true nodeStatusUpdateFrequency: "5s" serializeImagePulls: false ... diff --git a/examples/gate/armada-resources.yaml b/examples/gate/armada-resources.yaml index 7e1687d6..22a83989 100644 --- a/examples/gate/armada-resources.yaml +++ b/examples/gate/armada-resources.yaml @@ -160,7 +160,7 @@ data: values: images: tags: - proxy: gcr.io/google_containers/hyperkube-amd64:v1.17.3 + proxy: gcr.io/google_containers/hyperkube-amd64:v1.18.6 network: kubernetes_netloc: 127.0.0.1:6553 source: @@ -530,7 +530,7 @@ data: images: tags: - anchor: gcr.io/google_containers/hyperkube-amd64:v1.17.3 + anchor: gcr.io/google_containers/hyperkube-amd64:v1.18.6 haproxy: haproxy:1.8.3 test: python:3.6 @@ -623,17 +623,17 @@ data: encryption_provider: file: encryption_provider.yaml command_options: - - '--experimental-encryption-provider-config=/etc/kubernetes/apiserver/encryption_provider.yaml' + - '--encryption-provider-config=/etc/kubernetes/apiserver/encryption_provider.yaml' content: - kind: EncryptionConfig - apiVersion: v1 + kind: EncryptionConfiguration + apiVersion: apiserver.config.k8s.io/v1 apiserver: etcd: endpoints: https://127.0.0.1:2378 images: tags: - anchor: gcr.io/google_containers/hyperkube-amd64:v1.17.3 - apiserver: gcr.io/google_containers/hyperkube-amd64:v1.17.3 + anchor: gcr.io/google_containers/hyperkube-amd64:v1.18.6 + apiserver: gcr.io/google_containers/hyperkube-amd64:v1.18.6 network: kubernetes_service_ip: 10.96.0.1 pod_cidr: 10.97.0.0/16 @@ -698,8 +698,8 @@ data: values: images: tags: - anchor: gcr.io/google_containers/hyperkube-amd64:v1.17.3 - controller_manager: gcr.io/google_containers/hyperkube-amd64:v1.17.3 + anchor: gcr.io/google_containers/hyperkube-amd64:v1.18.6 + controller_manager: gcr.io/google_containers/hyperkube-amd64:v1.18.6 secrets: service_account: private_key: placeholder @@ -772,8 +772,8 @@ data: images: tags: - anchor: gcr.io/google_containers/hyperkube-amd64:v1.17.3 - scheduler: gcr.io/google_containers/hyperkube-amd64:v1.17.3 + anchor: gcr.io/google_containers/hyperkube-amd64:v1.18.6 + scheduler: gcr.io/google_containers/hyperkube-amd64:v1.18.6 source: type: local diff --git a/promenade/templates/include/utils.sh b/promenade/templates/include/utils.sh index 853bde51..bb290eac 100644 --- a/promenade/templates/include/utils.sh +++ b/promenade/templates/include/utils.sh @@ -243,7 +243,7 @@ spec: EOPOD wait_for_node_ready $NODE 300 - wait_for_pod_termination $NAMESPACE $POD_NAME + wait_for_pod_termination $NAMESPACE $POD_NAME 400 sleep 5 ACTUAL_LOGS=$(kubectl --namespace $NAMESPACE logs $POD_NAME) if [ "x$ACTUAL_LOGS" != "xEXPECTED RESULT" ]; then diff --git a/promenade/templates/roles/genesis/etc/genesis/apiserver/encryption_provider.yaml b/promenade/templates/roles/genesis/etc/genesis/apiserver/encryption_provider.yaml index 3aab7fa7..4a705fc6 100644 --- a/promenade/templates/roles/genesis/etc/genesis/apiserver/encryption_provider.yaml +++ b/promenade/templates/roles/genesis/etc/genesis/apiserver/encryption_provider.yaml @@ -1,4 +1,4 @@ -kind: EncryptionConfig -apiVersion: v1 +kind: EncryptionConfiguration +apiVersion: apiserver.config.k8s.io/v1 resources: {{ config.get_path('Genesis:apiserver.encryption', {}) | toyaml | indent(2, true) }} diff --git a/promenade/templates/roles/genesis/etc/kubernetes/manifests/kubernetes-scheduler.yaml b/promenade/templates/roles/genesis/etc/kubernetes/manifests/kubernetes-scheduler.yaml index 842f201a..0cde75d8 100644 --- a/promenade/templates/roles/genesis/etc/kubernetes/manifests/kubernetes-scheduler.yaml +++ b/promenade/templates/roles/genesis/etc/kubernetes/manifests/kubernetes-scheduler.yaml @@ -20,7 +20,10 @@ spec: - kube-scheduler - --leader-elect=true - --kubeconfig=/etc/kubernetes/scheduler/kubeconfig.yaml - - --feature-gates=TaintNodesByCondition=true + # TaintNodesByCondition feature is unconditionally enabled and the + # corresponding --feature-gates flags have been removed in 1.18.x + # See: https://kubernetes.io/docs/setup/release/notes/#urgent-upgrade-notes + #- --feature-gates=TaintNodesByCondition=true - --v=5 volumeMounts: - name: config diff --git a/requirements-direct.txt b/requirements-direct.txt index e513c717..a7545510 100644 --- a/requirements-direct.txt +++ b/requirements-direct.txt @@ -13,5 +13,5 @@ oslo.policy==1.40.1 pastedeploy==1.5.2 pyyaml~=5.1 requests==2.22.0 -uwsgi==2.0.17.1 +uwsgi==2.0.19.1 git+https://opendev.org/airship/deckhand.git@7d2092b100bddcab77fca0acadd9fc99ba59797b#egg=deckhand diff --git a/requirements-frozen.txt b/requirements-frozen.txt index 2ae7d9fc..636dc66f 100644 --- a/requirements-frozen.txt +++ b/requirements-frozen.txt @@ -105,7 +105,7 @@ testtools==2.4.0 traceback2==1.4.0 unittest2==1.1.0 urllib3==1.25.9 -uWSGI==2.0.17.1 +uWSGI==2.0.19.1 vine==1.3.0 wcwidth==0.2.4 WebOb==1.8.6 diff --git a/tests/unit/api/test_validatedesign.py b/tests/unit/api/test_validatedesign.py index 075e6c31..ad0ebe8e 100644 --- a/tests/unit/api/test_validatedesign.py +++ b/tests/unit/api/test_validatedesign.py @@ -107,13 +107,13 @@ VALID_DOCS = [ }, 'kubernetes': { 'apiserver': - 'gcr.io/google_containers/hyperkube-amd64:v1.17.3', + 'gcr.io/google_containers/hyperkube-amd64:v1.18.6', 'controller-manager': - 'gcr.io/google_containers/hyperkube-amd64:v1.17.3', + 'gcr.io/google_containers/hyperkube-amd64:v1.18.6', 'etcd': 'quay.io/coreos/etcd:v3.4.2', 'scheduler': - 'gcr.io/google_containers/hyperkube-amd64:v1.17.3' + 'gcr.io/google_containers/hyperkube-amd64:v1.18.6' } }, 'ip': @@ -149,7 +149,7 @@ VALID_DOCS = [ 'tar_path': 'kubernetes/node/bin/kubelet', 'tar_url': - 'https://dl.k8s.io/v1.17.3/kubernetes-node-linux-amd64.tar.gz' + 'https://dl.k8s.io/v1.18.6/kubernetes-node-linux-amd64.tar.gz' }, { 'content': @@ -166,7 +166,7 @@ VALID_DOCS = [ }, 'kubernetes': { 'kubectl': - 'gcr.io/google_containers/hyperkube-amd64:v1.17.3' + 'gcr.io/google_containers/hyperkube-amd64:v1.18.6' } }, 'packages': { diff --git a/tests/unit/builder_data/simple/Genesis.yaml b/tests/unit/builder_data/simple/Genesis.yaml index 2d177fc6..3b2fd3b3 100644 --- a/tests/unit/builder_data/simple/Genesis.yaml +++ b/tests/unit/builder_data/simple/Genesis.yaml @@ -36,10 +36,10 @@ data: helm: tiller: gcr.io/kubernetes-helm/tiller:v2.16.1 kubernetes: - apiserver: gcr.io/google_containers/hyperkube-amd64:v1.17.3 - controller-manager: gcr.io/google_containers/hyperkube-amd64:v1.17.3 + apiserver: gcr.io/google_containers/hyperkube-amd64:v1.18.6 + controller-manager: gcr.io/google_containers/hyperkube-amd64:v1.18.6 etcd: quay.io/coreos/etcd:v3.4.2 - scheduler: gcr.io/google_containers/hyperkube-amd64:v1.17.3 + scheduler: gcr.io/google_containers/hyperkube-amd64:v1.18.6 files: - path: /var/lib/anchor/calico-etcd-bootstrap content: "# placeholder for triggering calico etcd bootstrapping" diff --git a/tests/unit/builder_data/simple/HostSystem.yaml b/tests/unit/builder_data/simple/HostSystem.yaml index 19c7017b..de6618c4 100644 --- a/tests/unit/builder_data/simple/HostSystem.yaml +++ b/tests/unit/builder_data/simple/HostSystem.yaml @@ -14,7 +14,7 @@ data: # attempt to actually run Kubernetes, only to construct the genesis and # join scripts. # - path: /opt/kubernetes/bin/kubelet - # tar_url: https://dl.k8s.io/v1.17.3/kubernetes-node-linux-amd64.tar.gz + # tar_url: https://dl.k8s.io/v1.18.6/kubernetes-node-linux-amd64.tar.gz # tar_path: kubernetes/node/bin/kubelet # mode: 0555 - path: /etc/logrotate.d/json-logrotate diff --git a/tests/unit/builder_data/simple/armada-resources.yaml b/tests/unit/builder_data/simple/armada-resources.yaml index e8d20806..63560200 100644 --- a/tests/unit/builder_data/simple/armada-resources.yaml +++ b/tests/unit/builder_data/simple/armada-resources.yaml @@ -161,7 +161,7 @@ data: values: images: tags: - proxy: gcr.io/google_containers/hyperkube-amd64:v1.17.3 + proxy: gcr.io/google_containers/hyperkube-amd64:v1.18.6 network: kubernetes_netloc: 127.0.0.1:6553 source: @@ -537,7 +537,7 @@ data: images: tags: - anchor: gcr.io/google_containers/hyperkube-amd64:v1.17.3 + anchor: gcr.io/google_containers/hyperkube-amd64:v1.18.6 haproxy: haproxy:1.8.3 test: python:3.6 @@ -629,8 +629,8 @@ data: endpoints: https://127.0.0.1:2378 images: tags: - anchor: gcr.io/google_containers/hyperkube-amd64:v1.17.3 - apiserver: gcr.io/google_containers/hyperkube-amd64:v1.17.3 + anchor: gcr.io/google_containers/hyperkube-amd64:v1.18.6 + apiserver: gcr.io/google_containers/hyperkube-amd64:v1.18.6 secrets: service_account: public_key: placeholder @@ -706,8 +706,8 @@ data: values: images: tags: - anchor: gcr.io/google_containers/hyperkube-amd64:v1.17.3 - controller_manager: gcr.io/google_containers/hyperkube-amd64:v1.17.3 + anchor: gcr.io/google_containers/hyperkube-amd64:v1.18.6 + controller_manager: gcr.io/google_containers/hyperkube-amd64:v1.18.6 secrets: service_account: private_key: placeholder @@ -779,8 +779,8 @@ data: images: tags: - anchor: gcr.io/google_containers/hyperkube-amd64:v1.17.3 - scheduler: gcr.io/google_containers/hyperkube-amd64:v1.17.3 + anchor: gcr.io/google_containers/hyperkube-amd64:v1.18.6 + scheduler: gcr.io/google_containers/hyperkube-amd64:v1.18.6 source: type: local diff --git a/tools/g2/lib/config.sh b/tools/g2/lib/config.sh index 98f79262..21f772eb 100644 --- a/tools/g2/lib/config.sh +++ b/tools/g2/lib/config.sh @@ -3,7 +3,7 @@ export BASE_IMAGE_SIZE=${BASE_IMAGE_SIZE:-344784896} export BASE_IMAGE_URL=${BASE_IMAGE_URL:-https://cloud-images.ubuntu.com/releases/bionic/release/ubuntu-18.04-server-cloudimg-amd64.img} export IMAGE_PROMENADE=${IMAGE_PROMENADE:-quay.io/airshipit/promenade:master} export IMAGE_PROMENADE_DISTRO=${IMAGE_PROMENADE_DISTRO:-ubuntu_bionic} -export IMAGE_HYPERKUBE=${IMAGE_HYPERKUBE:-gcr.io/google_containers/hyperkube-amd64:v1.17.3} +export IMAGE_HYPERKUBE=${IMAGE_HYPERKUBE:-gcr.io/google_containers/hyperkube-amd64:v1.18.6} export NGINX_DIR="${TEMP_DIR}/nginx" export NGINX_URL="http://192.168.77.1:7777" export PROMENADE_BASE_URL="http://promenade-api.ucp.svc.cluster.local" diff --git a/tools/g2/lib/etcd.sh b/tools/g2/lib/etcd.sh index dad7200b..5bfe0bca 100644 --- a/tools/g2/lib/etcd.sh +++ b/tools/g2/lib/etcd.sh @@ -21,7 +21,7 @@ etcdctl_member_remove() { NODE=${3} shift 3 - MEMBER_ID=$(etcdctl_cmd $CLUSTER ${VM} member list | awk -F', ' "/${NODE}/ "'{ print $1}') + MEMBER_ID=$(etcdctl_cmd "$CLUSTER" "${VM}" member list | awk -F', ' "/${NODE}/ "'{ print $1}') if [[ -n $MEMBER_ID ]] ; then etcdctl_cmd "${CLUSTER}" "${VM}" member remove "$MEMBER_ID" else diff --git a/tools/g2/lib/validate.sh b/tools/g2/lib/validate.sh index ebfccf02..3c7d7000 100644 --- a/tools/g2/lib/validate.sh +++ b/tools/g2/lib/validate.sh @@ -17,7 +17,7 @@ validate_etcd_membership() { log Validating "${CLUSTER}" etcd membership via "${VM}" for members: "${EXPECTED_MEMBERS[@]}" local retries=25 - for ((n=0;n<=$retries;n++)); do + for ((n=0;n<=retries;n++)); do FOUND_MEMBERS=$(etcdctl_member_list "${CLUSTER}" "${VM}" | tr '\n' ' ' | sed 's/ $//') log "Found \"${FOUND_MEMBERS}\", expected \"${EXPECTED_MEMBERS}\"" diff --git a/tools/gate/default-config-env b/tools/gate/default-config-env index 0c06bfdb..9b929005 100644 --- a/tools/gate/default-config-env +++ b/tools/gate/default-config-env @@ -8,6 +8,6 @@ IMAGE_DEP_CHECK=quay.io/stackanetes/kubernetes-entrypoint:v0.3.1 IMAGE_ETCD=quay.io/coreos/etcd:v3.4.2 IMAGE_HAPROXY=haproxy:1.8.3 IMAGE_HELM=lachlanevenson/k8s-helm:v2.14.0 -IMAGE_HYPERKUBE=gcr.io/google_containers/hyperkube-amd64:v1.17.3 +IMAGE_HYPERKUBE=gcr.io/google_containers/hyperkube-amd64:v1.18.6 IMAGE_TILLER=gcr.io/kubernetes-helm/tiller:v2.16.1 -KUBELET_URL=https://dl.k8s.io/v1.17.3/kubernetes-node-linux-amd64.tar.gz +KUBELET_URL=https://dl.k8s.io/v1.18.6/kubernetes-node-linux-amd64.tar.gz diff --git a/tools/registry/IMAGES b/tools/registry/IMAGES index 84abafc6..fff69ae0 100644 --- a/tools/registry/IMAGES +++ b/tools/registry/IMAGES @@ -1,6 +1,6 @@ # source_name, tag, cache_name coredns/coredns,0.9.9,coredns -gcr.io/google_containers/hyperkube-amd64,v1.17.3,hyperkube +gcr.io/google_containers/hyperkube-amd64,v1.18.6,hyperkube gcr.io/google_containers/k8s-dns-dnsmasq-nanny-amd64,1.14.4,k8s-dns-dnsmasq-nanny-amd64 gcr.io/google_containers/k8s-dns-kube-dns-amd64,1.14.4,k8s-dns-kube-dns-amd64 gcr.io/google_containers/k8s-dns-sidecar-amd64,1.14.4,k8s-dns-sidecar-amd64 diff --git a/tools/setup_gate.sh b/tools/setup_gate.sh index 641cff03..35ae3679 100755 --- a/tools/setup_gate.sh +++ b/tools/setup_gate.sh @@ -21,6 +21,7 @@ export DEBIAN_FRONTEND=noninteractive sudo apt-get update -qq sudo apt-get install -q -y --no-install-recommends \ apt-transport-https \ + build-essential \ ca-certificates \ curl \ fio \ @@ -28,6 +29,7 @@ sudo apt-get install -q -y --no-install-recommends \ jq \ libstring-shellquote-perl \ libvirt-bin \ + python3-dev \ qemu-kvm \ qemu-utils \ software-properties-common \ diff --git a/tools/simple-deployment.sh b/tools/simple-deployment.sh index ec642539..7f066acf 100755 --- a/tools/simple-deployment.sh +++ b/tools/simple-deployment.sh @@ -3,7 +3,7 @@ set -eux IMAGE_PROMENADE=${IMAGE_PROMENADE:-quay.io/airshipit/promenade:master} -IMAGE_HYPERKUBE=${IMAGE_HYPERKUBE:-gcr.io/google_containers/hyperkube-amd64:v1.17.3} +IMAGE_HYPERKUBE=${IMAGE_HYPERKUBE:-gcr.io/google_containers/hyperkube-amd64:v1.18.6} PROMENADE_DEBUG=${PROMENADE_DEBUG:-0} SCRIPT_DIR=$(realpath $(dirname $0))