From 10a839ff1aeac1fcf78cdac10aa06ec37d2e7d51 Mon Sep 17 00:00:00 2001 From: nikhil1697 Date: Fri, 12 Apr 2024 13:07:16 +0530 Subject: [PATCH] support_k8s_v1.28.7_&_nginx_ingress_v1.9.6 --- documentation/Installation.md | 55 +- kubemarine/patches/software_upgrade.yaml | 3 +- ...nx-ingress-controller-v1.9.6-original.yaml | 661 ++++++++++++++++++ .../internal/kubernetes_images.yaml | 14 + .../compatibility/internal/packages.yaml | 12 + .../compatibility/internal/plugins.yaml | 15 +- .../compatibility/internal/thirdparties.yaml | 12 + .../compatibility/kubernetes_versions.yaml | 8 +- 8 files changed, 733 insertions(+), 47 deletions(-) create mode 100644 kubemarine/plugins/yaml/nginx-ingress-controller-v1.9.6-original.yaml diff --git a/documentation/Installation.md b/documentation/Installation.md index db4c1c770..ea09b8873 100644 --- a/documentation/Installation.md +++ b/documentation/Installation.md @@ -6434,23 +6434,23 @@ The tables below shows the correspondence of versions that are supported and is | | kubernetesui/metrics-scraper | v1.0.8 | v1.0.8 | v1.0.8 | v1.0.8 | v1.0.8 | v1.0.8 | v1.0.8 | Required only if Kubernetes Dashboard plugin is set to be installed. | | | rancher/local-path-provisioner | v0.0.25 | v0.0.25 | v0.0.25 | v0.0.25 | v0.0.25 | v0.0.25 | v0.0.25 | Required only if local-path provisioner plugin is set to be installed. | -## Default Dependent Components Versions for Kubernetes Versions v1.28.6 +## Default Dependent Components Versions for Kubernetes Versions v1.28.7 | Type | Name | Versions | | | | | | | Note | |----------|----------------------------------------------------------------|------------------|------------------------------|--------------|--------------|-------------------|-----------|-----------|------------------------------------------------------------------------------------------------------------| | | | CentOS RHEL 7.5+ | CentOS RHEL Oracle Linux 8.4 | Ubuntu 20.04 | Ubuntu 22.04 | Oracle Linux 7.5+ | RHEL 8.6+ | RockyLinux 8.6+ | | -| binaries | kubeadm | v1.28.6 | v1.28.6 | v1.28.6 | v1.28.6 | v1.28.6 | v1.28.6 | v1.28.6 | SHA1: a6846fe15ce29865e9c813a677f40dc21868223c | -| | kubelet | v1.28.6 | v1.28.6 | v1.28.6 | v1.28.6 | v1.28.6 | v1.28.6 | v1.28.6 | SHA1: 25e2675bcbc59004ef148dc91a25404132b1faa1 | -| | kubectl | v1.28.6 | v1.28.6 | v1.28.6 | v1.28.6 | v1.28.6 | v1.28.6 | v1.28.6 | SHA1: 1458cc8aa68c2c4406db9fb36eeff181460d7f65 | +| binaries | kubeadm | v1.28.7 | v1.28.7 | v1.28.7 | v1.28.7 | v1.28.7 | v1.28.7 | v1.28.7 | SHA1: b8a9c0c4d874231216775ec7a0b658f602a72d6a | +| | kubelet | v1.28.7 | v1.28.7 | v1.28.7 | v1.28.7 | v1.28.7 | v1.28.7 | v1.28.7 | SHA1: 72b0dd411771f41e3dbb310140f821b92d2a026b | +| | kubectl | v1.28.7 | v1.28.7 | v1.28.7 | v1.28.7 | v1.28.7 | v1.28.7 | v1.28.7 | SHA1: a575b8178fcbc023ea9deca62e8d05989fc1f628 | | | calicoctl | v3.27.0 | v3.27.0 | v3.27.0 | v3.27.0 | v3.27.0 | v3.27.0 | v3.27.0 | SHA1: 4d62cba82a4aee97ab20b96e7270da85d77ce20e Required only if calico is installed. | | | crictl | v1.29.0 | v1.29.0 | v1.29.0 | v1.29.0 | v1.29.0 | v1.29.0 | v1.29.0 | SHA1: c4224ed25f729dbf73976198c8bc73dec0bf5a5f Required only if containerd is used as a container runtime. | | rpms | docker-ce | 19.03 | 19.03 | 20.10 | 20.10 | 19.03 | 19.03 | 19.03 | | | | containerd.io | 1.6.* | 1.6.* | 1.6.* | 1.6.* | 1.6.* | 1.6.* | 1.6.* | | | | haproxy/rh-haproxy | 1.8 | 1.8 | 2.* | 2.* | 1.8 | 1.8 | 1.8 | Required only if balancers are presented in the deployment scheme. | | | keepalived | 1.3 | 2.1 | 2.* | 2.* | 1.3 | 2.1 | 2.1 | Required only if VRRP is presented in the deployment scheme. | -| images | registry.k8s.io/kube-apiserver | v1.28.6 | v1.28.6 | v1.28.6 | v1.28.6 | v1.28.6 | v1.28.6 | v1.28.6 | | -| | registry.k8s.io/kube-controller-manager | v1.28.6 | v1.28.6 | v1.28.6 | v1.28.6 | v1.28.6 | v1.28.6 | v1.28.6 | | -| | registry.k8s.io/kube-proxy | v1.28.6 | v1.28.6 | v1.28.6 | v1.28.6 | v1.28.6 | v1.28.6 | v1.28.6 | | -| | registry.k8s.io/kube-scheduler | v1.28.6 | v1.28.6 | v1.28.6 | v1.28.6 | v1.28.6 | v1.28.6 | v1.28.6 | | +| images | registry.k8s.io/kube-apiserver | v1.28.7 | v1.28.7 | v1.28.7 | v1.28.7 | v1.28.7 | v1.28.7 | v1.28.7 | | +| | registry.k8s.io/kube-controller-manager | v1.28.7 | v1.28.7 | v1.28.7 | v1.28.7 | v1.28.7 | v1.28.7 | v1.28.7 | | +| | registry.k8s.io/kube-proxy | v1.28.7 | v1.28.7 | v1.28.7 | v1.28.7 | v1.28.7 | v1.28.7 | v1.28.7 | | +| | registry.k8s.io/kube-scheduler | v1.28.7 | v1.28.7 | v1.28.7 | v1.28.7 | v1.28.7 | v1.28.7 | v1.28.7 | | | | registry.k8s.io/coredns | v1.10.1 | v1.10.1 | v1.10.1 | v1.10.1 | v1.10.1 | v1.10.1 | v1.10.1 | | | | registry.k8s.io/pause | 3.9 | 3.9 | 3.9 | 3.9 | 3.9 | 3.9 | 3.9 | | | | registry.k8s.io/etcd | 3.5.10-0 | 3.5.10-0 | 3.5.10-0 | 3.5.10-0 | 3.5.10-0 | 3.5.10-0 | 3.5.10-0 | | @@ -6459,39 +6459,8 @@ The tables below shows the correspondence of versions that are supported and is | | calico/node | v3.27.0 | v3.27.0 | v3.27.0 | v3.27.0 | v3.27.0 | v3.27.0 | v3.27.0 | | | | calico/kube-controllers | v3.27.0 | v3.27.0 | v3.27.0 | v3.27.0 | v3.27.0 | v3.27.0 | v3.27.0 | | | | calico/apiserver | v3.27.0 | v3.27.0 | v3.27.0 | v3.27.0 | v3.27.0 | v3.27.0 | v3.27.0 | Required only if API server is enabled in Calico config. | -| | registry.k8s.io/ingress-nginx/controller | v1.9.5 | v1.9.5 | v1.9.5 | v1.9.5 | v1.9.5 | v1.9.5 | v1.9.5 | | -| | registry.k8s.io/kube-webhook-certgen | v20231011-8b53cabe0 | v20231011-8b53cabe0 | v20231011-8b53cabe0 | v20231011-8b53cabe0 | v20231011-8b53cabe0 | v20231011-8b53cabe0 | v20231011-8b53cabe0 | | -| | kubernetesui/dashboard | v2.7.0 | v2.7.0 | v2.7.0 | v2.7.0 | v2.7.0 | v2.7.0 | v2.7.0 | Required only if Kubernetes Dashboard plugin is set to be installed. | -| | kubernetesui/metrics-scraper | v1.0.8 | v1.0.8 | v1.0.8 | v1.0.8 | v1.0.8 | v1.0.8 | v1.0.8 | Required only if Kubernetes Dashboard plugin is set to be installed. | -| | rancher/local-path-provisioner | v0.0.26 | v0.0.26 | v0.0.26 | v0.0.26 | v0.0.26 | v0.0.26 | v0.0.26 | Required only if local-path provisioner plugin is set to be installed. | - -## Default Dependent Components Versions for Kubernetes Versions v1.28.6 -| Type | Name | Versions | | | | | | | Note | -|----------|----------------------------------------------------------------|------------------|------------------------------|--------------|--------------|-------------------|-----------|-----------|------------------------------------------------------------------------------------------------------------| -| | | CentOS RHEL 7.5+ | CentOS RHEL Oracle Linux 8.4 | Ubuntu 20.04 | Ubuntu 22.04 | Oracle Linux 7.5+ | RHEL 8.6+ | RockyLinux 8.6+ | | -| binaries | kubeadm | v1.28.6 | v1.28.6 | v1.28.6 | v1.28.6 | v1.28.6 | v1.28.6 | v1.28.6 | SHA1: a6846fe15ce29865e9c813a677f40dc21868223c | -| | kubelet | v1.28.6 | v1.28.6 | v1.28.6 | v1.28.6 | v1.28.6 | v1.28.6 | v1.28.6 | SHA1: 25e2675bcbc59004ef148dc91a25404132b1faa1 | -| | kubectl | v1.28.6 | v1.28.6 | v1.28.6 | v1.28.6 | v1.28.6 | v1.28.6 | v1.28.6 | SHA1: 1458cc8aa68c2c4406db9fb36eeff181460d7f65 | -| | calicoctl | v3.27.0 | v3.27.0 | v3.27.0 | v3.27.0 | v3.27.0 | v3.27.0 | v3.27.0 | SHA1: 4d62cba82a4aee97ab20b96e7270da85d77ce20e Required only if calico is installed. | -| | crictl | v1.29.0 | v1.29.0 | v1.29.0 | v1.29.0 | v1.29.0 | v1.29.0 | v1.29.0 | SHA1: c4224ed25f729dbf73976198c8bc73dec0bf5a5f Required only if containerd is used as a container runtime. | -| rpms | docker-ce | 19.03 | 19.03 | 20.10 | 20.10 | 19.03 | 19.03 | 19.03 | | -| | containerd.io | 1.6.* | 1.6.* | 1.6.* | 1.6.* | 1.6.* | 1.6.* | 1.6.* | | -| | haproxy/rh-haproxy | 1.8 | 1.8 | 2.* | 2.* | 1.8 | 1.8 | 1.8 | Required only if balancers are presented in the deployment scheme. | -| | keepalived | 1.3 | 2.1 | 2.* | 2.* | 1.3 | 2.1 | 2.1 | Required only if VRRP is presented in the deployment scheme. | -| images | registry.k8s.io/kube-apiserver | v1.28.6 | v1.28.6 | v1.28.6 | v1.28.6 | v1.28.6 | v1.28.6 | v1.28.6 | | -| | registry.k8s.io/kube-controller-manager | v1.28.6 | v1.28.6 | v1.28.6 | v1.28.6 | v1.28.6 | v1.28.6 | v1.28.6 | | -| | registry.k8s.io/kube-proxy | v1.28.6 | v1.28.6 | v1.28.6 | v1.28.6 | v1.28.6 | v1.28.6 | v1.28.6 | | -| | registry.k8s.io/kube-scheduler | v1.28.6 | v1.28.6 | v1.28.6 | v1.28.6 | v1.28.6 | v1.28.6 | v1.28.6 | | -| | registry.k8s.io/coredns | v1.10.1 | v1.10.1 | v1.10.1 | v1.10.1 | v1.10.1 | v1.10.1 | v1.10.1 | | -| | registry.k8s.io/pause | 3.9 | 3.9 | 3.9 | 3.9 | 3.9 | 3.9 | 3.9 | | -| | registry.k8s.io/etcd | 3.5.10-0 | 3.5.10-0 | 3.5.10-0 | 3.5.10-0 | 3.5.10-0 | 3.5.10-0 | 3.5.10-0 | | -| | calico/typha | v3.27.0 | v3.27.0 | v3.27.0 | v3.27.0 | v3.27.0 | v3.27.0 | v3.27.0 | Required only if Typha is enabled in Calico config. | -| | calico/cni | v3.27.0 | v3.27.0 | v3.27.0 | v3.27.0 | v3.27.0 | v3.27.0 | v3.27.0 | | -| | calico/node | v3.27.0 | v3.27.0 | v3.27.0 | v3.27.0 | v3.27.0 | v3.27.0 | v3.27.0 | | -| | calico/kube-controllers | v3.27.0 | v3.27.0 | v3.27.0 | v3.27.0 | v3.27.0 | v3.27.0 | v3.27.0 | | -| | calico/apiserver | v3.27.0 | v3.27.0 | v3.27.0 | v3.27.0 | v3.27.0 | v3.27.0 | v3.27.0 | Required only if API server is enabled in Calico config. | -| | registry.k8s.io/ingress-nginx/controller | v1.9.5 | v1.9.5 | v1.9.5 | v1.9.5 | v1.9.5 | v1.9.5 | v1.9.5 | | -| | registry.k8s.io/kube-webhook-certgen | v20231011-8b53cabe0 | v20231011-8b53cabe0 | v20231011-8b53cabe0 | v20231011-8b53cabe0 | v20231011-8b53cabe0 | v20231011-8b53cabe0 | v20231011-8b53cabe0 | | +| | registry.k8s.io/ingress-nginx/controller | v1.9.6 | v1.9.6 | v1.9.6 | v1.9.6 | v1.9.6 | v1.9.6 | v1.9.6 | | +| | registry.k8s.io/kube-webhook-certgen | v20231226-1a7112e06 | v20231226-1a7112e06 | v20231226-1a7112e06 | v20231226-1a7112e06 | v20231226-1a7112e06 | v20231226-1a7112e06 | v20231226-1a7112e06 | | | | kubernetesui/dashboard | v2.7.0 | v2.7.0 | v2.7.0 | v2.7.0 | v2.7.0 | v2.7.0 | v2.7.0 | Required only if Kubernetes Dashboard plugin is set to be installed. | | | kubernetesui/metrics-scraper | v1.0.8 | v1.0.8 | v1.0.8 | v1.0.8 | v1.0.8 | v1.0.8 | v1.0.8 | Required only if Kubernetes Dashboard plugin is set to be installed. | | | rancher/local-path-provisioner | v0.0.26 | v0.0.26 | v0.0.26 | v0.0.26 | v0.0.26 | v0.0.26 | v0.0.26 | Required only if local-path provisioner plugin is set to be installed. | @@ -6521,8 +6490,8 @@ The tables below shows the correspondence of versions that are supported and is | | calico/node | v3.27.0 | v3.27.0 | v3.27.0 | v3.27.0 | v3.27.0 | v3.27.0 | v3.27.0 | | | | calico/kube-controllers | v3.27.0 | v3.27.0 | v3.27.0 | v3.27.0 | v3.27.0 | v3.27.0 | v3.27.0 | | | | calico/apiserver | v3.27.0 | v3.27.0 | v3.27.0 | v3.27.0 | v3.27.0 | v3.27.0 | v3.27.0 | Required only if API server is enabled in Calico config. | -| | registry.k8s.io/ingress-nginx/controller | v1.9.5 | v1.9.5 | v1.9.5 | v1.9.5 | v1.9.5 | v1.9.5 | v1.9.5 | | -| | registry.k8s.io/kube-webhook-certgen | v20231011-8b53cabe0 | v20231011-8b53cabe0 | v20231011-8b53cabe0 | v20231011-8b53cabe0 | v20231011-8b53cabe0 | v20231011-8b53cabe0 | v20231011-8b53cabe0 | | +| | registry.k8s.io/ingress-nginx/controller | v1.9.6 | v1.9.6 | v1.9.6 | v1.9.6 | v1.9.6 | v1.9.6 | v1.9.6 | | +| | registry.k8s.io/kube-webhook-certgen | v20231226-1a7112e06 | v20231226-1a7112e06 | v20231226-1a7112e06 | v20231226-1a7112e06 | v20231226-1a7112e06 | v20231226-1a7112e06 | v20231226-1a7112e06 | | | | kubernetesui/dashboard | v2.7.0 | v2.7.0 | v2.7.0 | v2.7.0 | v2.7.0 | v2.7.0 | v2.7.0 | Required only if Kubernetes Dashboard plugin is set to be installed. | | | kubernetesui/metrics-scraper | v1.0.8 | v1.0.8 | v1.0.8 | v1.0.8 | v1.0.8 | v1.0.8 | v1.0.8 | Required only if Kubernetes Dashboard plugin is set to be installed. | | | rancher/local-path-provisioner | v0.0.26 | v0.0.26 | v0.0.26 | v0.0.26 | v0.0.26 | v0.0.26 | v0.0.26 | Required only if local-path provisioner plugin is set to be installed. | diff --git a/kubemarine/patches/software_upgrade.yaml b/kubemarine/patches/software_upgrade.yaml index b669d26ba..91d355a3c 100644 --- a/kubemarine/patches/software_upgrade.yaml +++ b/kubemarine/patches/software_upgrade.yaml @@ -35,6 +35,7 @@ packages: version_debian: false plugins: calico: [] - nginx-ingress-controller: [] + nginx-ingress-controller: + - v1.29.1 kubernetes-dashboard: [] local-path-provisioner: [] diff --git a/kubemarine/plugins/yaml/nginx-ingress-controller-v1.9.6-original.yaml b/kubemarine/plugins/yaml/nginx-ingress-controller-v1.9.6-original.yaml new file mode 100644 index 000000000..8ac9dedaf --- /dev/null +++ b/kubemarine/plugins/yaml/nginx-ingress-controller-v1.9.6-original.yaml @@ -0,0 +1,661 @@ +apiVersion: v1 +kind: Namespace +metadata: + labels: + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/name: ingress-nginx + name: ingress-nginx +--- +apiVersion: v1 +automountServiceAccountToken: true +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.9.6 + name: ingress-nginx + namespace: ingress-nginx +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: admission-webhook + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.9.6 + name: ingress-nginx-admission + namespace: ingress-nginx +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.9.6 + name: ingress-nginx + namespace: ingress-nginx +rules: +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get +- apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + - endpoints + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch +- apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch +- apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - update +- apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list + - watch +- apiGroups: + - coordination.k8s.io + resourceNames: + - ingress-nginx-leader + resources: + - leases + verbs: + - get + - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - list + - watch + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/component: admission-webhook + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.9.6 + name: ingress-nginx-admission + namespace: ingress-nginx +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.9.6 + name: ingress-nginx +rules: +- apiGroups: + - "" + resources: + - configmaps + - endpoints + - nodes + - pods + - secrets + - namespaces + verbs: + - list + - watch +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - list + - watch +- apiGroups: + - "" + resources: + - nodes + verbs: + - get +- apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch +- apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - update +- apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list + - watch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - list + - watch + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: admission-webhook + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.9.6 + name: ingress-nginx-admission +rules: +- apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + verbs: + - get + - update +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.9.6 + name: ingress-nginx + namespace: ingress-nginx +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: ingress-nginx +subjects: +- kind: ServiceAccount + name: ingress-nginx + namespace: ingress-nginx +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/component: admission-webhook + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.9.6 + name: ingress-nginx-admission + namespace: ingress-nginx +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: ingress-nginx-admission +subjects: +- kind: ServiceAccount + name: ingress-nginx-admission + namespace: ingress-nginx +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.9.6 + name: ingress-nginx +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: ingress-nginx +subjects: +- kind: ServiceAccount + name: ingress-nginx + namespace: ingress-nginx +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/component: admission-webhook + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.9.6 + name: ingress-nginx-admission +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: ingress-nginx-admission +subjects: +- kind: ServiceAccount + name: ingress-nginx-admission + namespace: ingress-nginx +--- +apiVersion: v1 +data: + allow-snippet-annotations: "false" +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.9.6 + name: ingress-nginx-controller + namespace: ingress-nginx +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.9.6 + name: ingress-nginx-controller + namespace: ingress-nginx +spec: + externalTrafficPolicy: Local + ipFamilies: + - IPv4 + ipFamilyPolicy: SingleStack + ports: + - appProtocol: http + name: http + port: 80 + protocol: TCP + targetPort: http + - appProtocol: https + name: https + port: 443 + protocol: TCP + targetPort: https + selector: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/name: ingress-nginx + type: LoadBalancer +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.9.6 + name: ingress-nginx-controller-admission + namespace: ingress-nginx +spec: + ports: + - appProtocol: https + name: https-webhook + port: 443 + targetPort: webhook + selector: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/name: ingress-nginx + type: ClusterIP +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.9.6 + name: ingress-nginx-controller + namespace: ingress-nginx +spec: + minReadySeconds: 0 + revisionHistoryLimit: 10 + selector: + matchLabels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/name: ingress-nginx + strategy: + rollingUpdate: + maxUnavailable: 1 + type: RollingUpdate + template: + metadata: + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.9.6 + spec: + containers: + - args: + - /nginx-ingress-controller + - --publish-service=$(POD_NAMESPACE)/ingress-nginx-controller + - --election-id=ingress-nginx-leader + - --controller-class=k8s.io/ingress-nginx + - --ingress-class=nginx + - --configmap=$(POD_NAMESPACE)/ingress-nginx-controller + - --validating-webhook=:8443 + - --validating-webhook-certificate=/usr/local/certificates/cert + - --validating-webhook-key=/usr/local/certificates/key + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: LD_PRELOAD + value: /usr/local/lib/libmimalloc.so + image: registry.k8s.io/ingress-nginx/controller:v1.9.6@sha256:1405cc613bd95b2c6edd8b2a152510ae91c7e62aea4698500d23b2145960ab9c + imagePullPolicy: IfNotPresent + lifecycle: + preStop: + exec: + command: + - /wait-shutdown + livenessProbe: + failureThreshold: 5 + httpGet: + path: /healthz + port: 10254 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + name: controller + ports: + - containerPort: 80 + name: http + protocol: TCP + - containerPort: 443 + name: https + protocol: TCP + - containerPort: 8443 + name: webhook + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 10254 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + resources: + requests: + cpu: 100m + memory: 90Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + add: + - NET_BIND_SERVICE + drop: + - ALL + readOnlyRootFilesystem: false + runAsNonRoot: true + runAsUser: 101 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /usr/local/certificates/ + name: webhook-cert + readOnly: true + dnsPolicy: ClusterFirst + nodeSelector: + kubernetes.io/os: linux + serviceAccountName: ingress-nginx + terminationGracePeriodSeconds: 300 + volumes: + - name: webhook-cert + secret: + secretName: ingress-nginx-admission +--- +apiVersion: batch/v1 +kind: Job +metadata: + labels: + app.kubernetes.io/component: admission-webhook + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.9.6 + name: ingress-nginx-admission-create + namespace: ingress-nginx +spec: + template: + metadata: + labels: + app.kubernetes.io/component: admission-webhook + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.9.6 + name: ingress-nginx-admission-create + spec: + containers: + - args: + - create + - --host=ingress-nginx-controller-admission,ingress-nginx-controller-admission.$(POD_NAMESPACE).svc + - --namespace=$(POD_NAMESPACE) + - --secret-name=ingress-nginx-admission + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20231226-1a7112e06@sha256:25d6a5f11211cc5c3f9f2bf552b585374af287b4debf693cacbe2da47daa5084 + imagePullPolicy: IfNotPresent + name: create + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 65532 + seccompProfile: + type: RuntimeDefault + nodeSelector: + kubernetes.io/os: linux + restartPolicy: OnFailure + serviceAccountName: ingress-nginx-admission +--- +apiVersion: batch/v1 +kind: Job +metadata: + labels: + app.kubernetes.io/component: admission-webhook + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.9.6 + name: ingress-nginx-admission-patch + namespace: ingress-nginx +spec: + template: + metadata: + labels: + app.kubernetes.io/component: admission-webhook + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.9.6 + name: ingress-nginx-admission-patch + spec: + containers: + - args: + - patch + - --webhook-name=ingress-nginx-admission + - --namespace=$(POD_NAMESPACE) + - --patch-mutating=false + - --secret-name=ingress-nginx-admission + - --patch-failure-policy=Fail + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20231226-1a7112e06@sha256:25d6a5f11211cc5c3f9f2bf552b585374af287b4debf693cacbe2da47daa5084 + imagePullPolicy: IfNotPresent + name: patch + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 65532 + seccompProfile: + type: RuntimeDefault + nodeSelector: + kubernetes.io/os: linux + restartPolicy: OnFailure + serviceAccountName: ingress-nginx-admission +--- +apiVersion: networking.k8s.io/v1 +kind: IngressClass +metadata: + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.9.6 + name: nginx +spec: + controller: k8s.io/ingress-nginx +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + labels: + app.kubernetes.io/component: admission-webhook + app.kubernetes.io/instance: ingress-nginx + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.9.6 + name: ingress-nginx-admission +webhooks: +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: ingress-nginx-controller-admission + namespace: ingress-nginx + path: /networking/v1/ingresses + failurePolicy: Fail + matchPolicy: Equivalent + name: validate.nginx.ingress.kubernetes.io + rules: + - apiGroups: + - networking.k8s.io + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - ingresses + sideEffects: None diff --git a/kubemarine/resources/configurations/compatibility/internal/kubernetes_images.yaml b/kubemarine/resources/configurations/compatibility/internal/kubernetes_images.yaml index a13b5850b..086c606f4 100644 --- a/kubemarine/resources/configurations/compatibility/internal/kubernetes_images.yaml +++ b/kubemarine/resources/configurations/compatibility/internal/kubernetes_images.yaml @@ -39,6 +39,8 @@ kube-apiserver: version: v1.28.4 v1.28.6: version: v1.28.6 + v1.28.7: + version: v1.28.7 v1.29.1: version: v1.29.1 kube-controller-manager: @@ -80,6 +82,8 @@ kube-controller-manager: version: v1.28.4 v1.28.6: version: v1.28.6 + v1.28.7: + version: v1.28.7 v1.29.1: version: v1.29.1 kube-scheduler: @@ -121,6 +125,8 @@ kube-scheduler: version: v1.28.4 v1.28.6: version: v1.28.6 + v1.28.7: + version: v1.28.7 v1.29.1: version: v1.29.1 kube-proxy: @@ -162,6 +168,8 @@ kube-proxy: version: v1.28.4 v1.28.6: version: v1.28.6 + v1.28.7: + version: v1.28.7 v1.29.1: version: v1.29.1 pause: @@ -203,6 +211,8 @@ pause: version: '3.9' v1.28.6: version: '3.9' + v1.28.7: + version: '3.9' v1.29.1: version: '3.9' etcd: @@ -244,6 +254,8 @@ etcd: version: 3.5.9-0 v1.28.6: version: 3.5.10-0 + v1.28.7: + version: 3.5.10-0 v1.29.1: version: 3.5.10-0 coredns/coredns: @@ -285,5 +297,7 @@ coredns/coredns: version: v1.10.1 v1.28.6: version: v1.10.1 + v1.28.7: + version: v1.10.1 v1.29.1: version: v1.11.1 diff --git a/kubemarine/resources/configurations/compatibility/internal/packages.yaml b/kubemarine/resources/configurations/compatibility/internal/packages.yaml index 4c21d881c..816febd24 100644 --- a/kubemarine/resources/configurations/compatibility/internal/packages.yaml +++ b/kubemarine/resources/configurations/compatibility/internal/packages.yaml @@ -100,6 +100,11 @@ docker: version_rhel8: 19.03* version_rhel9: 20.10* version_debian: 5:20.10.* + v1.28.7: + version_rhel: 19.03* + version_rhel8: 19.03* + version_rhel9: 20.10* + version_debian: 5:20.10.* v1.29.1: version_rhel: 19.03* version_rhel8: 19.03* @@ -144,6 +149,8 @@ containerd: version_debian: 1.6.* v1.28.6: version_debian: 1.6.* + v1.28.7: + version_debian: 1.6.* v1.29.1: version_debian: 1.6.* containerdio: @@ -242,6 +249,11 @@ containerdio: version_rhel8: 1.6* version_rhel9: 1.6* version_debian: 1.6.* + v1.28.7: + version_rhel: 1.6* + version_rhel8: 1.6* + version_rhel9: 1.6* + version_debian: 1.6.* v1.29.1: version_rhel: 1.6* version_rhel8: 1.6* diff --git a/kubemarine/resources/configurations/compatibility/internal/plugins.yaml b/kubemarine/resources/configurations/compatibility/internal/plugins.yaml index c38d45031..a0aa4530b 100644 --- a/kubemarine/resources/configurations/compatibility/internal/plugins.yaml +++ b/kubemarine/resources/configurations/compatibility/internal/plugins.yaml @@ -43,6 +43,8 @@ calico: version: v3.26.4 v1.28.6: version: v3.27.0 + v1.28.7: + version: v3.27.0 v1.29.1: version: v3.27.0 nginx-ingress-controller: @@ -103,9 +105,12 @@ nginx-ingress-controller: v1.28.6: version: v1.9.5 webhook-version: v20231011-8b53cabe0 + v1.28.7: + version: v1.9.6 + webhook-version: v20231226-1a7112e06 v1.29.1: - version: v1.9.5 - webhook-version: v20231011-8b53cabe0 + version: v1.9.6 + webhook-version: v20231226-1a7112e06 kubernetes-dashboard: v1.23.1: version: v2.5.1 @@ -164,6 +169,9 @@ kubernetes-dashboard: v1.28.6: version: v2.7.0 metrics-scraper-version: v1.0.8 + v1.28.7: + version: v2.7.0 + metrics-scraper-version: v1.0.8 v1.29.1: version: v2.7.0 metrics-scraper-version: v1.0.8 @@ -225,6 +233,9 @@ local-path-provisioner: v1.28.6: version: v0.0.26 busybox-version: 1.34.1 + v1.28.7: + version: v0.0.26 + busybox-version: 1.34.1 v1.29.1: version: v0.0.26 busybox-version: 1.34.1 diff --git a/kubemarine/resources/configurations/compatibility/internal/thirdparties.yaml b/kubemarine/resources/configurations/compatibility/internal/thirdparties.yaml index 4fb8f9c3e..5bd62de9a 100644 --- a/kubemarine/resources/configurations/compatibility/internal/thirdparties.yaml +++ b/kubemarine/resources/configurations/compatibility/internal/thirdparties.yaml @@ -40,6 +40,8 @@ kubeadm: sha1: 450eef85788fb68c4c26db82c6a0fb222e07869d v1.28.6: sha1: a6846fe15ce29865e9c813a677f40dc21868223c + v1.28.7: + sha1: b8a9c0c4d874231216775ec7a0b658f602a72d6a v1.29.1: sha1: 14390d6df2bb0b6546efd2238068c300461053fd kubelet: @@ -81,6 +83,8 @@ kubelet: sha1: 32ef1daaf8f4996d16ff386f44cc0555c6f3de24 v1.28.6: sha1: 25e2675bcbc59004ef148dc91a25404132b1faa1 + v1.28.7: + sha1: 72b0dd411771f41e3dbb310140f821b92d2a026b v1.29.1: sha1: aa871f4656bf1cc6393058f28d5c938268df3d4e kubectl: @@ -122,6 +126,8 @@ kubectl: sha1: 9a1691d307cb419d7047baccba89765015b2b7a4 v1.28.6: sha1: 1458cc8aa68c2c4406db9fb36eeff181460d7f65 + v1.28.7: + sha1: a575b8178fcbc023ea9deca62e8d05989fc1f628 v1.29.1: sha1: 5867f210ce90c62e0551062492751e43c2ae6a46 calicoctl: @@ -184,6 +190,9 @@ calicoctl: v1.28.6: version: v3.27.0 sha1: 4d62cba82a4aee97ab20b96e7270da85d77ce20e + v1.28.7: + version: v3.27.0 + sha1: 4d62cba82a4aee97ab20b96e7270da85d77ce20e v1.29.1: version: v3.27.0 sha1: 4d62cba82a4aee97ab20b96e7270da85d77ce20e @@ -247,6 +256,9 @@ crictl: v1.28.6: version: v1.29.0 sha1: c4224ed25f729dbf73976198c8bc73dec0bf5a5f + v1.28.7: + version: v1.29.0 + sha1: c4224ed25f729dbf73976198c8bc73dec0bf5a5f v1.29.1: version: v1.29.0 sha1: c4224ed25f729dbf73976198c8bc73dec0bf5a5f diff --git a/kubemarine/resources/configurations/compatibility/kubernetes_versions.yaml b/kubemarine/resources/configurations/compatibility/kubernetes_versions.yaml index 8883bc9d7..be2116502 100644 --- a/kubemarine/resources/configurations/compatibility/kubernetes_versions.yaml +++ b/kubemarine/resources/configurations/compatibility/kubernetes_versions.yaml @@ -131,9 +131,15 @@ compatibility_map: kubernetes-dashboard: v2.7.0 local-path-provisioner: v0.0.26 crictl: v1.29.0 + v1.28.7: + calico: v3.27.0 + nginx-ingress-controller: v1.9.6 + kubernetes-dashboard: v2.7.0 + local-path-provisioner: v0.0.26 + crictl: v1.29.0 v1.29.1: calico: v3.27.0 - nginx-ingress-controller: v1.9.5 + nginx-ingress-controller: v1.9.6 kubernetes-dashboard: v2.7.0 local-path-provisioner: v0.0.26 crictl: v1.29.0