From 3bab15214de985b7738250f2a6d84a796c5e9253 Mon Sep 17 00:00:00 2001 From: Andrey Smirnov Date: Tue, 9 Jul 2024 16:54:17 +0400 Subject: [PATCH] feat: update Kubernetes to 1.31.0-alpha.3 Fixes #8911 Signed-off-by: Andrey Smirnov --- Makefile | 2 +- go.mod | 43 ++++----- go.sum | 90 ++++++++++--------- go.work | 2 +- hack/release.toml | 7 +- hack/test/e2e.sh | 2 +- .../pkg/controllers/k8s/control_plane.go | 15 +++- .../pkg/controllers/k8s/control_plane_test.go | 71 +++++++++++++++ .../serviceaccount/crd_controller.go | 36 ++------ pkg/kubernetes/version.go | 37 ++++++++ pkg/kubernetes/version_test.go | 72 +++++++++++++++ .../types/v1alpha1/v1alpha1_proxyconfig.go | 4 - pkg/machinery/constants/constants.go | 2 +- pkg/machinery/go.mod | 2 +- website/content/v1.8/_index.md | 2 +- website/content/v1.8/reference/cli.md | 6 +- .../configuration/v1alpha1/config.md | 30 +++---- 17 files changed, 303 insertions(+), 120 deletions(-) create mode 100644 pkg/kubernetes/version.go create mode 100644 pkg/kubernetes/version_test.go diff --git a/Makefile b/Makefile index 505782aba..5dcc8a794 100644 --- a/Makefile +++ b/Makefile @@ -91,7 +91,7 @@ TALOSCTL_EXECUTABLE := $(PWD)/$(ARTIFACTS)/$(TALOSCTL_DEFAULT_TARGET)-$(ARCH) INTEGRATION_TEST_DEFAULT_TARGET := integration-test-$(OPERATING_SYSTEM) INTEGRATION_TEST_PROVISION_DEFAULT_TARGET := integration-test-provision-$(OPERATING_SYSTEM) # renovate: datasource=github-releases depName=kubernetes/kubernetes -KUBECTL_VERSION ?= v1.30.2 +KUBECTL_VERSION ?= v1.31.0-alpha.3 # renovate: datasource=github-releases depName=kastenhq/kubestr KUBESTR_VERSION ?= v0.4.44 # renovate: datasource=github-releases depName=helm/helm diff --git a/go.mod b/go.mod index 4557e9fe0..382965933 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/siderolabs/talos -go 1.22.4 +go 1.22.5 replace ( // forked coredns so we don't carry caddy and other stuff into the Talos @@ -25,16 +25,16 @@ replace ( // Kubernetes dependencies sharing the same version. require ( - k8s.io/api v0.30.2 - k8s.io/apimachinery v0.30.2 - k8s.io/apiserver v0.30.2 - k8s.io/client-go v0.30.2 - k8s.io/component-base v0.30.2 - k8s.io/cri-api v0.31.0-alpha.0.0.20240529224029-3a66d9d86654 - k8s.io/kube-scheduler v0.30.2 - k8s.io/kubectl v0.30.2 - k8s.io/kubelet v0.30.2 - k8s.io/pod-security-admission v0.30.2 + k8s.io/api v0.31.0-alpha.3 + k8s.io/apimachinery v0.31.0-alpha.3 + k8s.io/apiserver v0.31.0-alpha.3 + k8s.io/client-go v0.31.0-alpha.3 + k8s.io/component-base v0.31.0-alpha.3 + k8s.io/cri-api v0.31.0-alpha.3 + k8s.io/kube-scheduler v0.31.0-alpha.3 + k8s.io/kubectl v0.31.0-alpha.3 + k8s.io/kubelet v0.31.0-alpha.3 + k8s.io/pod-security-admission v0.31.0-alpha.3 ) require ( @@ -62,7 +62,7 @@ require ( github.com/containernetworking/plugins v1.5.1 github.com/coredns/coredns v1.11.2 github.com/coreos/go-iptables v0.7.0 - github.com/cosi-project/runtime v0.5.1 + github.com/cosi-project/runtime v0.5.2 github.com/distribution/reference v0.6.0 github.com/docker/docker v27.0.3+incompatible github.com/docker/go-connections v0.5.0 @@ -134,7 +134,7 @@ require ( github.com/siderolabs/go-debug v0.3.0 github.com/siderolabs/go-kmsg v0.1.4 github.com/siderolabs/go-kubeconfig v0.1.0 - github.com/siderolabs/go-kubernetes v0.2.9 + github.com/siderolabs/go-kubernetes v0.2.10 github.com/siderolabs/go-loadbalancer v0.3.4 github.com/siderolabs/go-pcidb v0.3.0 github.com/siderolabs/go-pointer v1.0.0 @@ -165,7 +165,7 @@ require ( golang.org/x/net v0.26.0 golang.org/x/oauth2 v0.21.0 golang.org/x/sync v0.7.0 - golang.org/x/sys v0.21.0 + golang.org/x/sys v0.22.0 golang.org/x/term v0.21.0 golang.org/x/text v0.16.0 golang.org/x/time v0.5.0 @@ -232,6 +232,7 @@ require ( github.com/evanphx/json-patch v5.9.0+incompatible // indirect github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d // indirect github.com/felixge/httpsnoop v1.0.4 // indirect + github.com/fxamacker/cbor/v2 v2.7.0 // indirect github.com/gdamore/encoding v1.0.0 // indirect github.com/ghodss/yaml v1.0.0 // indirect github.com/go-errors/errors v1.4.2 // indirect @@ -281,12 +282,12 @@ require ( github.com/mitchellh/go-wordwrap v1.0.1 // indirect github.com/moby/docker-image-spec v1.3.1 // indirect github.com/moby/locker v1.0.1 // indirect - github.com/moby/spdystream v0.2.0 // indirect + github.com/moby/spdystream v0.4.0 // indirect github.com/moby/sys/mountinfo v0.7.1 // indirect github.com/moby/sys/sequential v0.5.0 // indirect github.com/moby/sys/signal v0.7.0 // indirect github.com/moby/sys/user v0.1.0 // indirect - github.com/moby/term v0.0.0-20221205130635-1aeaba878587 // indirect + github.com/moby/term v0.5.0 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.2 // indirect github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 // indirect @@ -304,7 +305,7 @@ require ( github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect github.com/prometheus/client_golang v1.19.1 // indirect github.com/prometheus/client_model v0.6.1 // indirect - github.com/prometheus/common v0.54.0 // indirect + github.com/prometheus/common v0.55.0 // indirect github.com/rivo/uniseg v0.4.7 // indirect github.com/russross/blackfriday/v2 v2.1.0 // indirect github.com/siderolabs/protoenc v0.2.1 // indirect @@ -315,6 +316,7 @@ require ( github.com/u-root/uio v0.0.0-20240209044354-b3d14b93376a // indirect github.com/vbatts/tar-split v0.11.3 // indirect github.com/vishvananda/netns v0.0.4 // indirect + github.com/x448/float16 v0.8.4 // indirect github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2 // indirect github.com/xlab/treeprint v1.2.0 // indirect go.etcd.io/bbolt v1.3.10 // indirect @@ -338,16 +340,17 @@ require ( golang.zx2c4.com/wireguard v0.0.0-20231211153847-12269c276173 // indirect google.golang.org/genproto/googleapis/api v0.0.0-20240617180043-68d350f18fd4 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20240701130421-f6361c86f094 // indirect + gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect - k8s.io/cli-runtime v0.30.2 // indirect + k8s.io/cli-runtime v0.31.0-alpha.3 // indirect k8s.io/kube-openapi v0.0.0-20240703190633-0aa61b46e8c2 // indirect k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0 // indirect kernel.org/pub/linux/libs/security/libcap/psx v1.2.70 // indirect rsc.io/qr v0.2.0 // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect - sigs.k8s.io/kustomize/api v0.13.5-0.20230601165947-6ce0bf390ce3 // indirect - sigs.k8s.io/kustomize/kyaml v0.14.3-0.20230601165947-6ce0bf390ce3 // indirect + sigs.k8s.io/kustomize/api v0.17.2 // indirect + sigs.k8s.io/kustomize/kyaml v0.17.1 // indirect sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect tags.cncf.io/container-device-interface v0.7.2 // indirect tags.cncf.io/container-device-interface/specs-go v0.7.0 // indirect diff --git a/go.sum b/go.sum index c85f48447..b6493ed72 100644 --- a/go.sum +++ b/go.sum @@ -187,8 +187,8 @@ github.com/coreos/go-semver v0.3.1 h1:yi21YpKnrx1gt5R+la8n5WgS0kCrsPp33dmEyHReZr github.com/coreos/go-semver v0.3.1/go.mod h1:irMmmIw/7yzSRPWryHsK7EYSg09caPQL03VsM8rvUec= github.com/coreos/go-systemd/v22 v22.5.0 h1:RrqgGjYQKalulkV8NGVIfkXQf6YYmOyiJKk8iXXhfZs= github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= -github.com/cosi-project/runtime v0.5.1 h1:07r4lk8sgiyhLdRuqZidB6qV3jFpKYhGccWdhTYHYcc= -github.com/cosi-project/runtime v0.5.1/go.mod h1:m+bkfUzKYeUyoqYAQBxdce3bfgncG8BsqcbfKRbvJKs= +github.com/cosi-project/runtime v0.5.2 h1:3UlNiXF1/jexLYu2grd8jdTR8/FrACOUdN1mxRnCKZs= +github.com/cosi-project/runtime v0.5.2/go.mod h1:m+bkfUzKYeUyoqYAQBxdce3bfgncG8BsqcbfKRbvJKs= github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/cpuguy83/go-md2man/v2 v2.0.4 h1:wfIWP927BUkWJb2NmU/kNDYIBTh/ziUX91+lVfRxZq4= github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= @@ -246,6 +246,8 @@ github.com/freddierice/go-losetup/v2 v2.0.1 h1:wPDx/Elu9nDV8y/CvIbEDz5Xi5Zo80y4h github.com/freddierice/go-losetup/v2 v2.0.1/go.mod h1:TEyBrvlOelsPEhfWD5rutNXDmUszBXuFnwT1kIQF4J8= github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA= github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM= +github.com/fxamacker/cbor/v2 v2.7.0 h1:iM5WgngdRBanHcxugY4JySA0nk1wZorNOpTgCMedv5E= +github.com/fxamacker/cbor/v2 v2.7.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ= github.com/gdamore/encoding v1.0.0 h1:+7OoQ1Bc6eTm5niUzBa0Ctsh6JbMW6Ra+YNuAtDBdko= github.com/gdamore/encoding v1.0.0/go.mod h1:alR0ol34c49FCSBLjhosxzcPHQbf2trDkoo5dl+VrEg= github.com/gdamore/tcell/v2 v2.7.4 h1:sg6/UnTM9jGpZU+oFYAsDahfchWAFW8Xx2yFinNSAYU= @@ -362,8 +364,8 @@ github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hf github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20201218002935-b9804c9f04c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6 h1:k7nVchz72niMH6YLQNvHSdIE7iqsQxK1P41mySCvssg= -github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6/go.mod h1:kf6iHlnVGwgKolg33glAes7Yg/8iWP8ukqeldJSO7jw= +github.com/google/pprof v0.0.0-20240525223248-4bfdf5a9a2af h1:kmjWCqn2qkEml422C2Rrd27c3VGxi6a/6HNq8QmHRKM= +github.com/google/pprof v0.0.0-20240525223248-4bfdf5a9a2af/go.mod h1:K1liHPHnj73Fdn/EKuT8nrFqBihUSKXoLYU0BuatOYo= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4= github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ= @@ -376,7 +378,6 @@ github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5m github.com/googleapis/google-cloud-go-testing v0.0.0-20200911160855-bcd43fbb19e8/go.mod h1:dvDLG8qkwmyD9a/MJJN3XJcT3xFxOKAvTZGvuZmac9g= github.com/gopacket/gopacket v1.2.0 h1:eXbzFad7f73P1n2EJHQlsKuvIMJjVXK5tXoSca78I3A= github.com/gopacket/gopacket v1.2.0/go.mod h1:BrAKEy5EOGQ76LSqh7DMAr7z0NNPdczWm2GxCG7+I8M= -github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= github.com/gorilla/websocket v1.5.1 h1:gmztn0JnHVt9JZquRuzLw3g4wouNVzKL15iLr/zn/QY= github.com/gorilla/websocket v1.5.1/go.mod h1:x3kM2JMyaluk02fnUJpQuwD2dCS5NDG2ZHL0uE0tcaY= github.com/gosuri/uilive v0.0.4 h1:hUEBpQDj8D8jXgtCdBu7sWsy5sbW/5GhuO8KBwJ2jyY= @@ -518,8 +519,8 @@ github.com/moby/docker-image-spec v1.3.1 h1:jMKff3w6PgbfSa69GfNg+zN/XLhfXJGnEx3N github.com/moby/docker-image-spec v1.3.1/go.mod h1:eKmb5VW8vQEh/BAr2yvVNvuiJuY6UIocYsFu/DxxRpo= github.com/moby/locker v1.0.1 h1:fOXqR41zeveg4fFODix+1Ch4mj/gT0NE1XJbp/epuBg= github.com/moby/locker v1.0.1/go.mod h1:S7SDdo5zpBK84bzzVlKr2V0hz+7x9hWbYC/kq7oQppc= -github.com/moby/spdystream v0.2.0 h1:cjW1zVyyoiM0T7b6UoySUFqzXMoqRckQtXwGPiBhOM8= -github.com/moby/spdystream v0.2.0/go.mod h1:f7i0iNDQJ059oMTcWxx8MA/zKFIuD/lY+0GqbN2Wy8c= +github.com/moby/spdystream v0.4.0 h1:Vy79D6mHeJJjiPdFEL2yku1kl0chZpJfZcPpb16BRl8= +github.com/moby/spdystream v0.4.0/go.mod h1:xBAYlnt/ay+11ShkdFKNAG7LsyK/tmNBVvVOwrfMgdI= github.com/moby/sys/mountinfo v0.7.1 h1:/tTvQaSJRr2FshkhXiIpux6fQ2Zvc4j7tAhMTStAG2g= github.com/moby/sys/mountinfo v0.7.1/go.mod h1:IJb6JQeOklcdMU9F5xQ8ZALD+CUr5VlGpwtX+VE0rpI= github.com/moby/sys/sequential v0.5.0 h1:OPvI35Lzn9K04PBbCLW0g4LcFAJgHsvXsRyewg5lXtc= @@ -528,8 +529,8 @@ github.com/moby/sys/signal v0.7.0 h1:25RW3d5TnQEoKvRbEKUGay6DCQ46IxAVTT9CUMgmsSI github.com/moby/sys/signal v0.7.0/go.mod h1:GQ6ObYZfqacOwTtlXvcmh9A26dVRul/hbOZn88Kg8Tg= github.com/moby/sys/user v0.1.0 h1:WmZ93f5Ux6het5iituh9x2zAG7NFY9Aqi49jjE1PaQg= github.com/moby/sys/user v0.1.0/go.mod h1:fKJhFOnsCN6xZ5gSfbM6zaHGgDJMrqt9/reuj4T7MmU= -github.com/moby/term v0.0.0-20221205130635-1aeaba878587 h1:HfkjXDfhgVaN5rmueG8cL8KKeFNecRCXFhaJ2qZ5SKA= -github.com/moby/term v0.0.0-20221205130635-1aeaba878587/go.mod h1:8FzsFHVUBGZdbDsJw/ot+X+d5HLUbvklYLJ9uGfcI3Y= +github.com/moby/term v0.5.0 h1:xt8Q1nalod/v7BqbG21f8mQPqH+xAaC9C3N3wfWbVP0= +github.com/moby/term v0.5.0/go.mod h1:8FzsFHVUBGZdbDsJw/ot+X+d5HLUbvklYLJ9uGfcI3Y= github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= @@ -594,8 +595,8 @@ github.com/prometheus/client_golang v1.19.1/go.mod h1:mP78NwGzrVks5S2H6ab8+ZZGJL github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E= github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY= -github.com/prometheus/common v0.54.0 h1:ZlZy0BgJhTwVZUn7dLOkwCZHUkrAqd3WYtcFCWnM1D8= -github.com/prometheus/common v0.54.0/go.mod h1:/TQgMJP5CuVYveyT7n/0Ix8yLNNXy9yRSkhnLTHPDIQ= +github.com/prometheus/common v0.55.0 h1:KEi6DK7lXW/m7Ig5i47x0vRzuBsHuvJdi5ee6Y3G1dc= +github.com/prometheus/common v0.55.0/go.mod h1:2SECS4xJG1kd8XF9IcM1gMX6510RAEL65zxzNImwdc8= github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc= github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk= github.com/rivo/tview v0.0.0-20240625185742-b0a7293b8130 h1:o1CYtoFOm6xJK3DvDAEG5wDJPLj+SoxUtUDFaQgt1iY= @@ -621,8 +622,8 @@ github.com/santhosh-tekuri/jsonschema/v5 v5.3.1 h1:lZUw3E0/J3roVtGQ+SCrUrg3ON6Ng github.com/santhosh-tekuri/jsonschema/v5 v5.3.1/go.mod h1:uToXkOrWAZ6/Oc07xWQrPOhJotwFIyu2bBVN41fcDUY= github.com/scaleway/scaleway-sdk-go v1.0.0-beta.28 h1:2vT+ryIQGfF21HN/W5yn/CBPpsTJULuuepWfUq/geV4= github.com/scaleway/scaleway-sdk-go v1.0.0-beta.28/go.mod h1:fCa7OJZ/9DRTnOKmxvT6pn+LPWUptQAmHF/SBJUGEcg= -github.com/sergi/go-diff v1.1.0 h1:we8PVUC3FE2uYfodKH/nBHMSetSfHDR6scGdBi+erh0= -github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= +github.com/sergi/go-diff v1.2.0 h1:XU+rvMAioB0UC3q1MFrIQy4Vo5/4VsRDQQXHsEya6xQ= +github.com/sergi/go-diff v1.2.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= github.com/siderolabs/coredns v1.11.53 h1:HoRPGey3HNj409+15OGnP9Jt4NNpRKsm7izjc/M/G20= github.com/siderolabs/coredns v1.11.53/go.mod h1:2bxje5r6+o9rO0k7bEb5BitqPz8YUYaIY8iJHD1ELtE= github.com/siderolabs/crypto v0.4.4 h1:Q6EDBMR2Ub2oAZW5Xl8lrKB27bM3Sn8Gkfw3rngco5U= @@ -651,8 +652,8 @@ github.com/siderolabs/go-kmsg v0.1.4 h1:RLAa90O9bWuhA3pXPAYAdrI+kzcqTshZASRA5yso github.com/siderolabs/go-kmsg v0.1.4/go.mod h1:BLkt2N2DHT0wsFMz32lMw6vNEZL90c8ZnBjpIUoBb/M= github.com/siderolabs/go-kubeconfig v0.1.0 h1:t/2oMWkLSdWHXglKPMz8ySXnx6ZjHckeGY79NaDcBTo= github.com/siderolabs/go-kubeconfig v0.1.0/go.mod h1:eM3mO02Td6wYDvdi9zTbMrj1Q4WqEFN8XQ6pNjCUWkI= -github.com/siderolabs/go-kubernetes v0.2.9 h1:EtaOcni9P0etJz+UDlIKQkgsTjCg2MWI2p1fKeRTo8Q= -github.com/siderolabs/go-kubernetes v0.2.9/go.mod h1:AAydnLZrqG+MJrKTa82AszkWIytkqwDBt7PL+bfbupI= +github.com/siderolabs/go-kubernetes v0.2.10 h1:G/+MRb+dR7ZXJpdVQ46uC/dD1Mx+mNmFFtdmrTYz8VU= +github.com/siderolabs/go-kubernetes v0.2.10/go.mod h1:hrPsfl4GGcFq3L+29iksKvKhdtwUxQJbD/3DGqTsfXE= github.com/siderolabs/go-loadbalancer v0.3.4 h1:clxUefcY20djLdHMrh2j3rjVYDwDApXh1us/6cgrgoo= github.com/siderolabs/go-loadbalancer v0.3.4/go.mod h1:v0ziDvpArNRSF5LO0PIPQIPIYYHxX/fk+Vlg0wuSIiM= github.com/siderolabs/go-pcidb v0.3.0 h1:jR4w1YLNY8Cv1o5jnoQ2Q+pbxcosO2FVFrAAp1RURnw= @@ -737,6 +738,8 @@ github.com/vmware/vmw-guestinfo v0.0.0-20220317130741-510905f0efa3 h1:v6jG/tdl4O github.com/vmware/vmw-guestinfo v0.0.0-20220317130741-510905f0efa3/go.mod h1:CSBTxrhePCm0cmXNKDGeu+6bOQzpaEklfCqEpn89JWk= github.com/vultr/metadata v1.1.0 h1:RUjCnH5Mdlz7uuyfb1jOZNkU72zl/HwK76jLzVFdiOo= github.com/vultr/metadata v1.1.0/go.mod h1:4yocaI6h2EFJzwN0m1KnnC/vDCx2axIqnyxmtF/LWoQ= +github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM= +github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg= github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU= github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb h1:zGWFAtiMcyryUHoUjUJX0/lt1H2+i2Ka2n+D3DImSNo= github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU= @@ -996,8 +999,9 @@ golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws= golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.22.0 h1:RI27ohtqKCnwULzJLqkv897zojh5/DwS/ENaMzUOaWI= +golang.org/x/sys v0.22.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.0.0-20220526004731-065cf7ba2467/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= @@ -1194,6 +1198,8 @@ gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= +gopkg.in/evanphx/json-patch.v4 v4.12.0 h1:n6jtcsulIzXPJaxegRbvFNNrZDjbij7ny3gmSPG+6V4= +gopkg.in/evanphx/json-patch.v4 v4.12.0/go.mod h1:p8EYWUEYMpynmqDbY58zCKCFZw8pRWMG4EsWvDvM72M= gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= @@ -1211,32 +1217,32 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= -k8s.io/api v0.30.2 h1:+ZhRj+28QT4UOH+BKznu4CBgPWgkXO7XAvMcMl0qKvI= -k8s.io/api v0.30.2/go.mod h1:ULg5g9JvOev2dG0u2hig4Z7tQ2hHIuS+m8MNZ+X6EmI= -k8s.io/apimachinery v0.30.2 h1:fEMcnBj6qkzzPGSVsAZtQThU62SmQ4ZymlXRC5yFSCg= -k8s.io/apimachinery v0.30.2/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc= -k8s.io/apiserver v0.30.2 h1:ACouHiYl1yFI2VFI3YGM+lvxgy6ir4yK2oLOsLI1/tw= -k8s.io/apiserver v0.30.2/go.mod h1:BOTdFBIch9Sv0ypSEcUR6ew/NUFGocRFNl72Ra7wTm8= -k8s.io/cli-runtime v0.30.2 h1:ooM40eEJusbgHNEqnHziN9ZpLN5U4WcQGsdLKVxpkKE= -k8s.io/cli-runtime v0.30.2/go.mod h1:Y4g/2XezFyTATQUbvV5WaChoUGhojv/jZAtdp5Zkm0A= -k8s.io/client-go v0.30.2 h1:sBIVJdojUNPDU/jObC+18tXWcTJVcwyqS9diGdWHk50= -k8s.io/client-go v0.30.2/go.mod h1:JglKSWULm9xlJLx4KCkfLLQ7XwtlbflV6uFFSHTMgVs= -k8s.io/component-base v0.30.2 h1:pqGBczYoW1sno8q9ObExUqrYSKhtE5rW3y6gX88GZII= -k8s.io/component-base v0.30.2/go.mod h1:yQLkQDrkK8J6NtP+MGJOws+/PPeEXNpwFixsUI7h/OE= -k8s.io/cri-api v0.31.0-alpha.0.0.20240529224029-3a66d9d86654 h1:REcqRW1lajhGkr+RMfO5mQ7JYp93Fe65js/hJ8R/wq0= -k8s.io/cri-api v0.31.0-alpha.0.0.20240529224029-3a66d9d86654/go.mod h1:8SzLKTnltnWXG9FMIL4SHWcAnnPGssi5viN/SMMMf4k= +k8s.io/api v0.31.0-alpha.3 h1:BGZmlRxV27GiPMkUacLAIY9hwu+aopxyggyUe8d3oNo= +k8s.io/api v0.31.0-alpha.3/go.mod h1:DuSHralkv8DUXY90bSPWBvoNlRA8nUJ1fT5lyMG0hp4= +k8s.io/apimachinery v0.31.0-alpha.3 h1:VPZzsANpbCItljAzvWqK/FDTH3SnEE9cWDlb8DjUOvQ= +k8s.io/apimachinery v0.31.0-alpha.3/go.mod h1:HaB7jl7MnnH0C8g+t13Fw226p3U88ZDog/Dt8pQRZUI= +k8s.io/apiserver v0.31.0-alpha.3 h1:qPOb3O4ACmpKL80wfmokP/y9EilUr/KwuKlALyFntlw= +k8s.io/apiserver v0.31.0-alpha.3/go.mod h1:dyQbHQnV7VDH+KQMtX6g1muC3K7SeIpe8brCjBp4DQ8= +k8s.io/cli-runtime v0.31.0-alpha.3 h1:Qo5DtefWiM1695jK88lgei0JiNN29gSUGkhvY74FRUY= +k8s.io/cli-runtime v0.31.0-alpha.3/go.mod h1:dabYPQRPZ5HIZkH2aQ64sGI9AZFz4Middp+fGYVjhyk= +k8s.io/client-go v0.31.0-alpha.3 h1:g9wbiICMHrFwxl3pGi63v2wPXL4Mk4z0ps6kMRHBcSI= +k8s.io/client-go v0.31.0-alpha.3/go.mod h1:vVK9F/qT7echvzsBfdH5EeH8WH6+SMcY7IbYJCZa6fU= +k8s.io/component-base v0.31.0-alpha.3 h1:JgTZxZ+QCkyuvbnUXQg5Lscz22t7Sj//+GjUSHD4yGo= +k8s.io/component-base v0.31.0-alpha.3/go.mod h1:95zosfpQ0maOQqM/KBuXyvaBzsb/2u+MCgPv7dl4To8= +k8s.io/cri-api v0.31.0-alpha.3 h1:sLth/Vdn/TpwCY3UZRIo4sme2trzl+nGYBUnQAypfzQ= +k8s.io/cri-api v0.31.0-alpha.3/go.mod h1:++pZmPOodkvdUTNnXKrhFD68SD9WBKVP7rwC9frDbzU= k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= k8s.io/kube-openapi v0.0.0-20240703190633-0aa61b46e8c2 h1:T5TEV4a+pEjc+j9Xui3MGGeoDLIN6uzZrx8NYotFMgQ= k8s.io/kube-openapi v0.0.0-20240703190633-0aa61b46e8c2/go.mod h1:UxDHUPsUwTOOxSU+oXURfFBcAS6JwiRXTYqYwfuGowc= -k8s.io/kube-scheduler v0.30.2 h1:2uR6qVkAV4ySzAQws5XDTWu62mRCxwm2m9oS0EIhAQI= -k8s.io/kube-scheduler v0.30.2/go.mod h1:ft17TR1cD7ZgLC5m3xkpvU4wK2X5ccbsg/b+a3HdR2Y= -k8s.io/kubectl v0.30.2 h1:cgKNIvsOiufgcs4yjvgkK0+aPCfa8pUwzXdJtkbhsH8= -k8s.io/kubectl v0.30.2/go.mod h1:rz7GHXaxwnigrqob0lJsiA07Df8RE3n1TSaC2CTeuB4= -k8s.io/kubelet v0.30.2 h1:Ck4E/pHndI20IzDXxS57dElhDGASPO5pzXF7BcKfmCY= -k8s.io/kubelet v0.30.2/go.mod h1:DSwwTbLQmdNkebAU7ypIALR4P9aXZNFwgRmedojUE94= -k8s.io/pod-security-admission v0.30.2 h1:UlHnkvvOr+rgQplOqD+SHzLUF8EgKIOCpDU8kaMeTQQ= -k8s.io/pod-security-admission v0.30.2/go.mod h1:gMUJUG9zOgNBk0VIz5BS7uIYiYPEoXkBSeHh6rG2m8c= +k8s.io/kube-scheduler v0.31.0-alpha.3 h1:UmK7zPbyso53ySslAjklpuMrctqKrp5DKDiOZKLpX4k= +k8s.io/kube-scheduler v0.31.0-alpha.3/go.mod h1:Gt1oP4h8DHy0jVweGOnd9tyikmohD2LPp2W7dnaeVPg= +k8s.io/kubectl v0.31.0-alpha.3 h1:EDPyD2egrwujyjYqEqXCqM5dz9s7bwqw7dRatsnJMS4= +k8s.io/kubectl v0.31.0-alpha.3/go.mod h1:ggBsycONX7TY4xBdK70o0iprKJTALGdWbPPtn08TJ+s= +k8s.io/kubelet v0.31.0-alpha.3 h1:g4ucfosNagqKd4j0jpukNL3dFJ34rOZX4yrlyeUKtV4= +k8s.io/kubelet v0.31.0-alpha.3/go.mod h1:HzfsFTc0g8nSWqPNnQiTtlcBwmKh2wZ14YGCZbqd+kY= +k8s.io/pod-security-admission v0.31.0-alpha.3 h1:XlXZGpq7q8V1NH1OoahrNiS9Lcx5m6YSOlOagTIjK4k= +k8s.io/pod-security-admission v0.31.0-alpha.3/go.mod h1:fKtC57ir2IzYnYaV3OnlbQzX5Lmj5D2coN9B+uoMRIc= k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0 h1:jgGTlFYnhF1PM1Ax/lAlxUPE+KfCIXHaathvJg1C3ak= k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= kernel.org/pub/linux/libs/security/libcap/cap v1.2.70 h1:QnLPkuDWWbD5C+3DUA2IUXai5TK6w2zff+MAGccqdsw= @@ -1252,10 +1258,10 @@ sigs.k8s.io/hydrophone v0.6.1-0.20240705095313-91065c9fe3a5 h1:Fd61lc0AJDPXIl/15 sigs.k8s.io/hydrophone v0.6.1-0.20240705095313-91065c9fe3a5/go.mod h1:G+i45evb/pXdMUemC5oDipsebI3QGlz8vXDhdKfPUjE= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= -sigs.k8s.io/kustomize/api v0.13.5-0.20230601165947-6ce0bf390ce3 h1:XX3Ajgzov2RKUdc5jW3t5jwY7Bo7dcRm+tFxT+NfgY0= -sigs.k8s.io/kustomize/api v0.13.5-0.20230601165947-6ce0bf390ce3/go.mod h1:9n16EZKMhXBNSiUC5kSdFQJkdH3zbxS/JoO619G1VAY= -sigs.k8s.io/kustomize/kyaml v0.14.3-0.20230601165947-6ce0bf390ce3 h1:W6cLQc5pnqM7vh3b7HvGNfXrJ/xL6BDMS0v1V/HHg5U= -sigs.k8s.io/kustomize/kyaml v0.14.3-0.20230601165947-6ce0bf390ce3/go.mod h1:JWP1Fj0VWGHyw3YUPjXSQnRnrwezrZSrApfX5S0nIag= +sigs.k8s.io/kustomize/api v0.17.2 h1:E7/Fjk7V5fboiuijoZHgs4aHuexi5Y2loXlVOAVAG5g= +sigs.k8s.io/kustomize/api v0.17.2/go.mod h1:UWTz9Ct+MvoeQsHcJ5e+vziRRkwimm3HytpZgIYqye0= +sigs.k8s.io/kustomize/kyaml v0.17.1 h1:TnxYQxFXzbmNG6gOINgGWQt09GghzgTP6mIurOgrLCQ= +sigs.k8s.io/kustomize/kyaml v0.17.1/go.mod h1:9V0mCjIEYjlXuCdYsSXvyoy2BTsLESH7TlGV81S282U= sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4= sigs.k8s.io/structured-merge-diff/v4 v4.4.1/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08= sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E= diff --git a/go.work b/go.work index 507c2d758..5b71699ed 100644 --- a/go.work +++ b/go.work @@ -1,4 +1,4 @@ -go 1.22.4 +go 1.22.5 use ( . diff --git a/hack/release.toml b/hack/release.toml index b87933e4b..4e38783a7 100644 --- a/hack/release.toml +++ b/hack/release.toml @@ -17,7 +17,7 @@ preface = """\ [notes.updates] title = "Component Updates" description = """\ -Kubernetes: 1.30.2 +Kubernetes: 1.31.0-alpha.3 Linux: 6.6.36 containerd: 2.0.0-rc.3 runc: 1.2.0-rc.2 @@ -85,6 +85,11 @@ Talos Linux now shows diagnostics information for common problems related to mis Talos Linux now support configuring 'vlan_filtering' for bridge interfaces. """ + [notes.proxy] + title = "kube-proxy" + description = """\ +Talos Linux configures kube-proxy >= v1.31.0 to use 'nftables' backend by default. +""" [make_deps] diff --git a/hack/test/e2e.sh b/hack/test/e2e.sh index b486bf680..3b90aced8 100755 --- a/hack/test/e2e.sh +++ b/hack/test/e2e.sh @@ -39,7 +39,7 @@ export TALOS_VERSION # Kubernetes export KUBECONFIG="${TMP}/kubeconfig" -export KUBERNETES_VERSION=${KUBERNETES_VERSION:-1.30.2} +export KUBERNETES_VERSION=${KUBERNETES_VERSION:-1.31.0-alpha.3} export NAME_PREFIX="talos-e2e-${SHA}-${PLATFORM}" export TIMEOUT=1200 diff --git a/internal/app/machined/pkg/controllers/k8s/control_plane.go b/internal/app/machined/pkg/controllers/k8s/control_plane.go index e4d8de118..274c38583 100644 --- a/internal/app/machined/pkg/controllers/k8s/control_plane.go +++ b/internal/app/machined/pkg/controllers/k8s/control_plane.go @@ -10,6 +10,7 @@ import ( "strconv" "strings" + "github.com/blang/semver/v4" "github.com/cosi-project/runtime/pkg/controller" "github.com/cosi-project/runtime/pkg/controller/generic" "github.com/cosi-project/runtime/pkg/controller/generic/transform" @@ -23,6 +24,7 @@ import ( "github.com/siderolabs/talos/pkg/argsbuilder" "github.com/siderolabs/talos/pkg/images" + "github.com/siderolabs/talos/pkg/kubernetes" talosconfig "github.com/siderolabs/talos/pkg/machinery/config/config" "github.com/siderolabs/talos/pkg/machinery/constants" "github.com/siderolabs/talos/pkg/machinery/nethelpers" @@ -412,11 +414,22 @@ func convertResources(resources talosconfig.Resources) k8s.Resources { func getProxyArgs(cfgProvider talosconfig.Config) ([]string, error) { clusterCidr := strings.Join(cfgProvider.Cluster().Network().PodCIDRs(), ",") + proxyMode := cfgProvider.Cluster().Proxy().Mode() + + if proxyMode == "" { + // determine proxy mode based on kube-proxy version via the image, use 'nftables' for Kubernetes >= 1.31 + if kubernetes.VersionGTE(cfgProvider.Cluster().Proxy().Image(), semver.MustParse("1.31.0")) { + proxyMode = "nftables" + } else { + proxyMode = "iptables" + } + } + builder := argsbuilder.Args{ "cluster-cidr": clusterCidr, "hostname-override": "$(NODE_NAME)", "kubeconfig": "/etc/kubernetes/kubeconfig", - "proxy-mode": cfgProvider.Cluster().Proxy().Mode(), + "proxy-mode": proxyMode, "conntrack-max-per-core": "0", } diff --git a/internal/app/machined/pkg/controllers/k8s/control_plane_test.go b/internal/app/machined/pkg/controllers/k8s/control_plane_test.go index 3c63a7c4b..eac40dd44 100644 --- a/internal/app/machined/pkg/controllers/k8s/control_plane_test.go +++ b/internal/app/machined/pkg/controllers/k8s/control_plane_test.go @@ -549,6 +549,77 @@ metadata: ) } +func (suite *K8sControlPlaneSuite) TestReconcileKubeProxyMode() { + u, err := url.Parse("https://foo:6443") + suite.Require().NoError(err) + + cfg := config.NewMachineConfig( + container.NewV1Alpha1( + &v1alpha1.Config{ + ConfigVersion: "v1alpha1", + MachineConfig: &v1alpha1.MachineConfig{ + MachineType: "controlplane", + }, + ClusterConfig: &v1alpha1.ClusterConfig{ + ControlPlane: &v1alpha1.ControlPlaneConfig{ + Endpoint: &v1alpha1.Endpoint{ + URL: u, + }, + }, + }, + }, + ), + ) + + suite.setupMachine(cfg) + + rtestutils.AssertResources(suite.Ctx(), suite.T(), suite.State(), []resource.ID{k8s.BootstrapManifestsConfigID}, + func(cfg *k8s.BootstrapManifestsConfig, assert *assert.Assertions) { + assert.Contains( + cfg.TypedSpec().ProxyArgs, + "--proxy-mode=nftables", + ) + }, + ) +} + +func (suite *K8sControlPlaneSuite) TestReconcileKubeProxyModeLegacy() { + u, err := url.Parse("https://foo:6443") + suite.Require().NoError(err) + + cfg := config.NewMachineConfig( + container.NewV1Alpha1( + &v1alpha1.Config{ + ConfigVersion: "v1alpha1", + MachineConfig: &v1alpha1.MachineConfig{ + MachineType: "controlplane", + }, + ClusterConfig: &v1alpha1.ClusterConfig{ + ControlPlane: &v1alpha1.ControlPlaneConfig{ + Endpoint: &v1alpha1.Endpoint{ + URL: u, + }, + }, + ProxyConfig: &v1alpha1.ProxyConfig{ + ContainerImage: constants.KubeProxyImage + ":v1.30.0", + }, + }, + }, + ), + ) + + suite.setupMachine(cfg) + + rtestutils.AssertResources(suite.Ctx(), suite.T(), suite.State(), []resource.ID{k8s.BootstrapManifestsConfigID}, + func(cfg *k8s.BootstrapManifestsConfig, assert *assert.Assertions) { + assert.Contains( + cfg.TypedSpec().ProxyArgs, + "--proxy-mode=iptables", + ) + }, + ) +} + func TestK8sControlPlaneSuite(t *testing.T) { t.Parallel() diff --git a/internal/app/machined/pkg/controllers/kubeaccess/serviceaccount/crd_controller.go b/internal/app/machined/pkg/controllers/kubeaccess/serviceaccount/crd_controller.go index 3b79eec31..8eed00d68 100644 --- a/internal/app/machined/pkg/controllers/kubeaccess/serviceaccount/crd_controller.go +++ b/internal/app/machined/pkg/controllers/kubeaccess/serviceaccount/crd_controller.go @@ -93,7 +93,7 @@ type CRDController struct { allowedNamespaces []string allowedRoles map[string]struct{} - queue workqueue.RateLimitingInterface + queue workqueue.TypedRateLimitingInterface[string] kubeInformerFactory kubeinformers.SharedInformerFactory dynamicInformerFactory dynamicinformer.DynamicSharedInformerFactory @@ -162,9 +162,8 @@ func NewCRDController( dynamicClient: dynCli, dialer: dialer, dynamicLister: lister, - queue: workqueue.NewNamedRateLimitingQueue( - workqueue.DefaultControllerRateLimiter(), - constants.ServiceAccountResourceKind, + queue: workqueue.NewTypedRateLimitingQueue( + workqueue.DefaultTypedControllerRateLimiter[string](), ), logger: logger, secretsSynced: secrets.Informer().HasSynced, @@ -259,28 +258,17 @@ func (t *CRDController) processNextWorkItem(ctx context.Context) bool { return false } - err := func(obj any) error { + err := func(obj string) error { defer t.queue.Done(obj) - var key string + if err := t.syncHandler(ctx, obj); err != nil { + t.queue.AddRateLimited(obj) - var ok bool - - if key, ok = obj.(string); !ok { - t.queue.Forget(obj) - utilruntime.HandleError(fmt.Errorf("expected string in workqueue but got %#v", obj)) - - return nil - } - - if err := t.syncHandler(ctx, key); err != nil { - t.queue.AddRateLimited(key) - - return fmt.Errorf("error syncing '%s': %s, requeuing", key, err.Error()) + return fmt.Errorf("error syncing '%s': %s, requeuing", obj, err.Error()) } t.queue.Forget(obj) - t.logger.Sugar().Debugf("successfully synced '%s'", key) + t.logger.Sugar().Debugf("successfully synced '%s'", obj) return nil }(obj) @@ -492,16 +480,8 @@ func (t *CRDController) updateTalosSAStatus( talosSACopy := talosSA.DeepCopy() - if err != nil { - return err - } - if failureReason == "" { unstructured.RemoveNestedField(talosSACopy.UnstructuredContent(), "status", "failureReason") - - if err != nil { - return err - } } else { err = unstructured.SetNestedField(talosSACopy.UnstructuredContent(), failureReason, "status", "failureReason") if err != nil { diff --git a/pkg/kubernetes/version.go b/pkg/kubernetes/version.go new file mode 100644 index 000000000..2046fce43 --- /dev/null +++ b/pkg/kubernetes/version.go @@ -0,0 +1,37 @@ +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this +// file, You can obtain one at http://mozilla.org/MPL/2.0/. + +package kubernetes + +import ( + "github.com/blang/semver/v4" + "github.com/distribution/reference" +) + +// VersionGTE returns true if the version of the image is greater than or equal to the provided version. +// +// It supports any kind of image reference, but requires the tag to be present. +func VersionGTE(image string, version semver.Version) bool { + imageRef, err := reference.ParseNormalizedNamed(image) + if err != nil { + // couldn't parse the reference, so we can't compare + return false + } + + taggedRef, ok := imageRef.(reference.Tagged) + if !ok { + // tag is missing + return false + } + + vers, err := semver.ParseTolerant(taggedRef.Tag()) + if err != nil { + // invalid version + return false + } + + vers.Pre = nil // reset the pre-release version to compare only the version + + return vers.GTE(version) +} diff --git a/pkg/kubernetes/version_test.go b/pkg/kubernetes/version_test.go new file mode 100644 index 000000000..159a6ac49 --- /dev/null +++ b/pkg/kubernetes/version_test.go @@ -0,0 +1,72 @@ +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this +// file, You can obtain one at http://mozilla.org/MPL/2.0/. + +package kubernetes_test + +import ( + "testing" + + "github.com/blang/semver/v4" + "github.com/stretchr/testify/require" + + "github.com/siderolabs/talos/pkg/kubernetes" +) + +func TestVersionGTE(t *testing.T) { + for _, test := range []struct { + name string + + image string + version semver.Version + + expected bool + }{ + { + name: "tagged image", + image: "registry.k8s.io/kube-apiserver:v1.30.0", + version: semver.MustParse("1.30.0"), + + expected: true, + }, + { + name: "tagged image, not less", + image: "registry.k8s.io/kube-apiserver:v1.29.8", + version: semver.MustParse("1.30.0"), + + expected: false, + }, + { + name: "tagged image, alpha", + image: "registry.k8s.io/kube-apiserver:v1.30.0-alpha.3", + version: semver.MustParse("1.30.0"), + + expected: true, + }, + { + name: "tagged and digested image", + image: "registry.k8s.io/kube-apiserver:v1.30.0@sha256:9efd51eb47ecdd66b9426d9361edca2cbed38d57c4fe9d81213867310a1fdd99", + version: semver.MustParse("1.30.0"), + + expected: true, + }, + { + name: "invalid tag", + image: "registry.k8s.io/kube-apiserver:latest", + version: semver.MustParse("1.30.0"), + + expected: false, + }, + { + name: "only digest", + image: "registry.k8s.io/kube-apiserver@sha256:9efd51eb47ecdd66b9426d9361edca2cbed38d57c4fe9d81213867310a1fdd99", + version: semver.MustParse("1.30.0"), + + expected: false, + }, + } { + t.Run(test.name, func(t *testing.T) { + require.Equal(t, test.expected, kubernetes.VersionGTE(test.image, test.version)) + }) + } +} diff --git a/pkg/machinery/config/types/v1alpha1/v1alpha1_proxyconfig.go b/pkg/machinery/config/types/v1alpha1/v1alpha1_proxyconfig.go index 9228e7569..277c68111 100644 --- a/pkg/machinery/config/types/v1alpha1/v1alpha1_proxyconfig.go +++ b/pkg/machinery/config/types/v1alpha1/v1alpha1_proxyconfig.go @@ -30,10 +30,6 @@ func (p *ProxyConfig) Image() string { // Mode implements the config.Proxy interface. func (p *ProxyConfig) Mode() string { - if p.ModeConfig == "" { - return "iptables" - } - return p.ModeConfig } diff --git a/pkg/machinery/constants/constants.go b/pkg/machinery/constants/constants.go index 838099666..a45c97d68 100644 --- a/pkg/machinery/constants/constants.go +++ b/pkg/machinery/constants/constants.go @@ -342,7 +342,7 @@ const ( // DefaultKubernetesVersion is the default target version of the control plane. // renovate: datasource=github-releases depName=kubernetes/kubernetes - DefaultKubernetesVersion = "1.30.2" + DefaultKubernetesVersion = "1.31.0-alpha.3" // SupportedKubernetesVersions is the number of Kubernetes versions supported by Talos starting from DefaultKubernesVersion going backwards. SupportedKubernetesVersions = 6 diff --git a/pkg/machinery/go.mod b/pkg/machinery/go.mod index 93d36b205..644bf5461 100644 --- a/pkg/machinery/go.mod +++ b/pkg/machinery/go.mod @@ -1,6 +1,6 @@ module github.com/siderolabs/talos/pkg/machinery -go 1.22.4 +go 1.22.5 // forked go-yaml that introduces RawYAML interface, which can be used to populate YAML fields using bytes // which are then encoded as a valid YAML blocks with proper indentiation diff --git a/website/content/v1.8/_index.md b/website/content/v1.8/_index.md index 882b44371..66a44f8bd 100644 --- a/website/content/v1.8/_index.md +++ b/website/content/v1.8/_index.md @@ -6,7 +6,7 @@ images: ["images/talos-dev-banner.png"] cascade: type: docs lastRelease: v1.8.0-alpha.0 -kubernetesRelease: "1.30.0" +kubernetesRelease: "1.31.0-alpha.3" prevKubernetesRelease: "1.30.0" nvidiaContainerToolkitRelease: "v1.14.5" nvidiaDriverRelease: "535.129.03" diff --git a/website/content/v1.8/reference/cli.md b/website/content/v1.8/reference/cli.md index ccc00fbdf..74d7e8374 100644 --- a/website/content/v1.8/reference/cli.md +++ b/website/content/v1.8/reference/cli.md @@ -136,7 +136,7 @@ talosctl cluster create [flags] --ipxe-boot-script string iPXE boot script (URL) to use --iso-path string the ISO path to use for the initial boot (VM only) --kubeprism-port int KubePrism port (set to 0 to disable) (default 7445) - --kubernetes-version string desired kubernetes version to run (default "1.30.2") + --kubernetes-version string desired kubernetes version to run (default "1.31.0-alpha.3") --memory int the limit on memory usage in MB (each control plane/VM) (default 2048) --memory-workers int the limit on memory usage in MB (each worker/VM) (default 2048) --mtu int MTU of the cluster network (default 1500) @@ -1335,7 +1335,7 @@ talosctl gen config [flags] -h, --help help for config --install-disk string the disk to install to (default "/dev/sda") --install-image string the image used to perform an installation (default "ghcr.io/siderolabs/installer:latest") - --kubernetes-version string desired kubernetes version to run (default "1.30.2") + --kubernetes-version string desired kubernetes version to run (default "1.31.0-alpha.3") -o, --output string destination to output generated files. when multiple output types are specified, it must be a directory. for a single output type, it must either be a file path, or "-" for stdout -t, --output-types strings types of outputs to be generated. valid types are: ["controlplane" "worker" "talosconfig"] (default [controlplane,worker,talosconfig]) -p, --persist the desired persist value for configs (default true) @@ -2948,7 +2948,7 @@ talosctl upgrade-k8s [flags] --pre-pull-images pre-pull images before upgrade (default true) --proxy-image string kube-proxy image to use (default "registry.k8s.io/kube-proxy") --scheduler-image string kube-scheduler image to use (default "registry.k8s.io/kube-scheduler") - --to string the Kubernetes control plane version to upgrade to (default "1.30.2") + --to string the Kubernetes control plane version to upgrade to (default "1.31.0-alpha.3") --upgrade-kubelet upgrade kubelet service (default true) --with-docs patch all machine configs adding the documentation for each field (default true) --with-examples patch all machine configs with the commented examples (default true) diff --git a/website/content/v1.8/reference/configuration/v1alpha1/config.md b/website/content/v1.8/reference/configuration/v1alpha1/config.md index 2229ee454..c39532517 100644 --- a/website/content/v1.8/reference/configuration/v1alpha1/config.md +++ b/website/content/v1.8/reference/configuration/v1alpha1/config.md @@ -90,7 +90,7 @@ controlPlane: {{< /highlight >}} | | |`kubelet` |KubeletConfig |Used to provide additional options to the kubelet.
Show example(s){{< highlight yaml >}} kubelet: - image: ghcr.io/siderolabs/kubelet:v1.30.2 # The `image` field is an optional reference to an alternative kubelet image. + image: ghcr.io/siderolabs/kubelet:v1.31.0-alpha.3 # The `image` field is an optional reference to an alternative kubelet image. # The `extraArgs` field is used to provide additional flags to the kubelet. extraArgs: feature-gates: ServerSideApply=true @@ -499,7 +499,7 @@ KubeletConfig represents the kubelet config values. {{< highlight yaml >}} machine: kubelet: - image: ghcr.io/siderolabs/kubelet:v1.30.2 # The `image` field is an optional reference to an alternative kubelet image. + image: ghcr.io/siderolabs/kubelet:v1.31.0-alpha.3 # The `image` field is an optional reference to an alternative kubelet image. # The `extraArgs` field is used to provide additional flags to the kubelet. extraArgs: feature-gates: ServerSideApply=true @@ -552,7 +552,7 @@ machine: | Field | Type | Description | Value(s) | |-------|------|-------------|----------| |`image` |string |The `image` field is an optional reference to an alternative kubelet image.
Show example(s){{< highlight yaml >}} -image: ghcr.io/siderolabs/kubelet:v1.30.2 +image: ghcr.io/siderolabs/kubelet:v1.31.0-alpha.3 {{< /highlight >}}
| | |`clusterDNS` |[]string |The `ClusterDNS` field is an optional reference to an alternative kubelet clusterDNS ip list.
Show example(s){{< highlight yaml >}} clusterDNS: @@ -2900,7 +2900,7 @@ serviceAccount: {{< /highlight >}}
| | |`apiServer` |APIServerConfig |API server specific configuration options.
Show example(s){{< highlight yaml >}} apiServer: - image: registry.k8s.io/kube-apiserver:v1.30.2 # The container image used in the API server manifest. + image: registry.k8s.io/kube-apiserver:v1.31.0-alpha.3 # The container image used in the API server manifest. # Extra arguments to supply to the API server. extraArgs: feature-gates: ServerSideApply=true @@ -2939,14 +2939,14 @@ apiServer: {{< /highlight >}}
| | |`controllerManager` |ControllerManagerConfig |Controller manager server specific configuration options.
Show example(s){{< highlight yaml >}} controllerManager: - image: registry.k8s.io/kube-controller-manager:v1.30.2 # The container image used in the controller manager manifest. + image: registry.k8s.io/kube-controller-manager:v1.31.0-alpha.3 # The container image used in the controller manager manifest. # Extra arguments to supply to the controller manager. extraArgs: feature-gates: ServerSideApply=true {{< /highlight >}}
| | |`proxy` |ProxyConfig |Kube-proxy server-specific configuration options
Show example(s){{< highlight yaml >}} proxy: - image: registry.k8s.io/kube-proxy:v1.30.2 # The container image used in the kube-proxy manifest. + image: registry.k8s.io/kube-proxy:v1.31.0-alpha.3 # The container image used in the kube-proxy manifest. mode: ipvs # proxy mode of kube-proxy. # Extra arguments to supply to kube-proxy. extraArgs: @@ -2957,7 +2957,7 @@ proxy: {{< /highlight >}}
| | |`scheduler` |SchedulerConfig |Scheduler server specific configuration options.
Show example(s){{< highlight yaml >}} scheduler: - image: registry.k8s.io/kube-scheduler:v1.30.2 # The container image used in the scheduler manifest. + image: registry.k8s.io/kube-scheduler:v1.31.0-alpha.3 # The container image used in the scheduler manifest. # Extra arguments to supply to the scheduler. extraArgs: feature-gates: AllBeta=true @@ -3201,7 +3201,7 @@ APIServerConfig represents the kube apiserver configuration options. {{< highlight yaml >}} cluster: apiServer: - image: registry.k8s.io/kube-apiserver:v1.30.2 # The container image used in the API server manifest. + image: registry.k8s.io/kube-apiserver:v1.31.0-alpha.3 # The container image used in the API server manifest. # Extra arguments to supply to the API server. extraArgs: feature-gates: ServerSideApply=true @@ -3243,7 +3243,7 @@ cluster: | Field | Type | Description | Value(s) | |-------|------|-------------|----------| |`image` |string |The container image used in the API server manifest.
Show example(s){{< highlight yaml >}} -image: registry.k8s.io/kube-apiserver:v1.30.2 +image: registry.k8s.io/kube-apiserver:v1.31.0-alpha.3 {{< /highlight >}}
| | |`extraArgs` |map[string]string |Extra arguments to supply to the API server. | | |`extraVolumes` |[]VolumeMountConfig |Extra volumes to mount to the API server static pod. | | @@ -3382,7 +3382,7 @@ ControllerManagerConfig represents the kube controller manager configuration opt {{< highlight yaml >}} cluster: controllerManager: - image: registry.k8s.io/kube-controller-manager:v1.30.2 # The container image used in the controller manager manifest. + image: registry.k8s.io/kube-controller-manager:v1.31.0-alpha.3 # The container image used in the controller manager manifest. # Extra arguments to supply to the controller manager. extraArgs: feature-gates: ServerSideApply=true @@ -3392,7 +3392,7 @@ cluster: | Field | Type | Description | Value(s) | |-------|------|-------------|----------| |`image` |string |The container image used in the controller manager manifest.
Show example(s){{< highlight yaml >}} -image: registry.k8s.io/kube-controller-manager:v1.30.2 +image: registry.k8s.io/kube-controller-manager:v1.31.0-alpha.3 {{< /highlight >}}
| | |`extraArgs` |map[string]string |Extra arguments to supply to the controller manager. | | |`extraVolumes` |[]VolumeMountConfig |Extra volumes to mount to the controller manager static pod. | | @@ -3462,7 +3462,7 @@ ProxyConfig represents the kube proxy configuration options. {{< highlight yaml >}} cluster: proxy: - image: registry.k8s.io/kube-proxy:v1.30.2 # The container image used in the kube-proxy manifest. + image: registry.k8s.io/kube-proxy:v1.31.0-alpha.3 # The container image used in the kube-proxy manifest. mode: ipvs # proxy mode of kube-proxy. # Extra arguments to supply to kube-proxy. extraArgs: @@ -3479,7 +3479,7 @@ cluster: disabled: false {{< /highlight >}}
| | |`image` |string |The container image used in the kube-proxy manifest.
Show example(s){{< highlight yaml >}} -image: registry.k8s.io/kube-proxy:v1.30.2 +image: registry.k8s.io/kube-proxy:v1.31.0-alpha.3 {{< /highlight >}}
| | |`mode` |string |
proxy mode of kube-proxy.The default is 'iptables'.
| | |`extraArgs` |map[string]string |Extra arguments to supply to kube-proxy. | | @@ -3498,7 +3498,7 @@ SchedulerConfig represents the kube scheduler configuration options. {{< highlight yaml >}} cluster: scheduler: - image: registry.k8s.io/kube-scheduler:v1.30.2 # The container image used in the scheduler manifest. + image: registry.k8s.io/kube-scheduler:v1.31.0-alpha.3 # The container image used in the scheduler manifest. # Extra arguments to supply to the scheduler. extraArgs: feature-gates: AllBeta=true @@ -3508,7 +3508,7 @@ cluster: | Field | Type | Description | Value(s) | |-------|------|-------------|----------| |`image` |string |The container image used in the scheduler manifest.
Show example(s){{< highlight yaml >}} -image: registry.k8s.io/kube-scheduler:v1.30.2 +image: registry.k8s.io/kube-scheduler:v1.31.0-alpha.3 {{< /highlight >}}
| | |`extraArgs` |map[string]string |Extra arguments to supply to the scheduler. | | |`extraVolumes` |[]VolumeMountConfig |Extra volumes to mount to the scheduler static pod. | |