Skip to content

Releases: YAKEcloud/yake

v1.86.0-0

18 Dec 13:26
@github-actions github-actions
v1.86.0-0
76099bc
Compare
Choose a tag to compare
v1.86.0-0

Release Notes v1.86

Yake/23KE release notes and upgrade guide

⚠️ This update renames 23ke to yake. You need to rename the config secret and GitRepository resource as described.

⚠️ This update definitely needs backups to be configured. If you are running a 23KE instance without backups, enable backups before performing this update.

Prerequisites

etcd downgrade

In order to align the versions of etcd and etcd-backup-restore with gardener/etcd-druid, we perform a downgrade to etcd-3.4.26 and an upgrade to etcd-backup-restore-0.24.7. This is also expected to improve the stability of the backup process. For the upgrade, you need to

  • Make sure you have an up-to-date backup of the virtual garden etcds. To perform a full backup you can use the following request:

    kubectl -n garden exec -it etcd-0 curl localhost:8080/snapshot/full

  • Delete the statefulset etcd and etcd-events in the garden namespace

    kubectl delete statefulset -n garden etcd
kubectl delete statefulset -n garden etcd-events

During the upgrade helm will create new persistentVolumes for the virtual garden's etcds. These volumes are prefixed by virtual-garden-.

Temporarily remove gardener-metrics-exporter

To workaround an issue with how yake uses gardener-metrics-exporter's chart, delete its deployment

kubectl delete -n garden deployment gardener-metrics-exporter

Upgrade

Perform the migration from 23ke to yake execute the following steps.

  • Create copy of Secret 23ke-config named yake-config

    kubectl get secret -n flux-system 23ke-config -o yaml | kubectl-neat | yq '.metadata.name="yake-config"' | kubectl apply -f -

  • Create new GitRepository source named yake.

    cat <<EOF | kubectl apply -f -
apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
  name: yake
  namespace: flux-system
spec:
  interval: 1m
  ref:
    tag: v1.86.0-0
  timeout: 60s
  url: https://github.com/yakecloud/yake
EOF

  • Suspend 23ke Kustomization

    flux suspend ks 23ke

  • Relabel Kustomizations created by the main 23ke Kustomization

    kubectl label ks -n flux-system -l kustomize.toolkit.fluxcd.io/name=23ke kustomize.toolkit.fluxcd.io/name=yake --overwrite

  • Recreate the main Kustomization with name yake

    kubectl get ks -n flux-system 23ke -o yaml | kubectl-neat | yq '.metadata.name="yake" | .spec.sourceRef.name="yake"' | kubectl apply -f -

  • Resume the yake Kustomization

    flux resume ks yake

Cleanup obsolete resources

Once you confirmed everything's working correctly you can remove obsolete resources.

  • Delete the old 23ke Kustomization

    kubectl delete ks -n flux-system 23ke

  • Delete the old GitRepository resource

    kubectl delete gitrepo -n flux-system 23ke

  • Delete Secret 23ke-config

    kubectl delete secret -n flux-system 23ke-config

  • (Optional) Delete the old persistentVolumeClaims and their persistentVolumes belonging to the already deleted statefulsets of etcd and etcd-events.

    kubectl get pvc -n garden | grep '^etcd'
kubectl get pv | grep garden/etcd

Related upstream release notes / changelogs

Update shoot-networking-filter to 0.16.0

[gardener/gardener-extension-shoot-networking-filter]

✨ New Features

  • [USER] Update image of egress-filter to 0.14.0 by @axel7born [#107]
  • [USER] Mount /run/xtables.lock to prevent concurrent modifications of iptables rules. by @axel7born [#106]

🏃 Others

  • [OPERATOR] Bump github.com/gardener/gardener from 1.84.0 to 1.84.1. by @dependabot[bot] [#102]
  • [OPERATOR] Bumps golang from 1.21.4 to 1.21.5. by @dependabot[bot] [#105]
  • [OPERATOR] Bump github.com/gardener/gardener from 1.84.1 to 1.85.0. by @dependabot[bot] [#104]

Docker Images

  • gardener-extension-shoot-networking-filter: eu.gcr.io/gardener-project/gardener/extensions/shoot-networking-filter:v0.16.0
Update provider-aws to 1.51.0

[gardener/gardener-extension-provider-aws]

🏃 Others

  • [OPERATOR] The following golang dependencies have been upgraded :
  • [OPERATOR] Add documentation for the "flow" infrastructure reconciler. by @kon-angelo [#827]
  • [DEVELOPER] Add new unit tests. by @axel7born [#829]

Docker Images

  • gardener-extension-admission-aws: eu.gcr.io/gardener-project/gardener/extensions/admission-aws:v1.51.0
  • gardener-extension-provider-aws: eu.gcr.io/gardener-project/gardener/extensions/provider-aws:v1.51.0
Update shoot-rsyslog-relp to 0.3.0

[gardener/gardener-extension-shoot-rsyslog-relp]

⚠️ Breaking Changes

  • [OPERATOR] The security.gardener.cloud/pod-security-enforce annotation in the ControllerRegistration is set to baseline. With this, the pods running in the extension namespace should comply with baseline pod-security standard. by @AleksandarSavchev [#17]

✨ New Features

🏃 Others

  • [OPERATOR] Metrics for the rsyslog service running on the shoot nodes are now exposed and collected according to the following:
    • The metrics are available on the node-exporter's /metrics endpoint.
    • The names of the new metrics match the rsyslog_pstat_.+ regex.
    • The metrics are scraped and collected in the shoot's prometheus instance.
    • A dedicated plutono dashboard is added which displays the rsyslog metrics. by @plkokanov [#32]
  • [OPERATOR] Fixed an issue where the rsyslog systemd unit could become stuck in a failed state immediately after it is installed on the shoot's nodes, if the shoot-rsyslog-relp extension was enabled on the shoot before that. The configure-rsyslog.sh script which is responsible for configuring and restarting the rsyslog systemd unit will now wait for the syslog.service symlink to be created before attempting to configure and restart the rsyslog systemd unit. by @plkokanov [#34]
  • [OPERATOR] The shoot-rsyslog-relp extension is now aligned with Gardener's component checklist:
    • RBAC for the shoot-rsyslog-relp extension controller have been drastically reduced to only the required ones.
    • The deployment for the shoot-rsyslog-relp extension controller now contains the proper label for HA - high-availability-config.resources.gardener.cloud/type: controller
    • The shoot-rsyslog-relp admission pod no longer has a SecurityContext. This will be automatically added by the seccomp-profile webhook of the gardener-resource-manager
    • The rsyslog-relp-configurator and rsyslog-relp-configuration-cleaner pods now use the RuntimeDefault seccomp profile.
    • The init containers of the rsyslog-relp-configurator and rsyslog-relp-configuration-cleaner pods no longer run in privileged mode.
    • The rsyslog-relp-configurator and rsyslog-relp-configuration-cleaner now specify resource requests and limits.
    • PodSecurityPolicys for the rsyslog-relp-configurator and rsyslog-relp-configuration-cleaner are now deployed in the shoot cluster, if its kubernetes version is 1.24.x. by @plkokanov [#29]
  • [OPERATOR] The healthcheck controller is now removed. Starting v1.65.0, gardenlet perform health checks for all ManagedResources in the Shoot control plane in the Seed. There is no longer need of the custom healthcheck controller in the shoot-rsyslog-relp extension as it was doing the same job. It was performing health check for the ManagedResource it deploys. by @plkokanov [#28]
  • [OPERATOR] The rsyslog-relp-configuration-cleaner is no longer deployed on Shoot deletion with shoot-rsyslog-relp extension enabled. The Extension deletion occurs after the Worker deletion. There are no Nodes, hence there is no need to clean up registry configuration. by @plkokanov [#30]

Docker Images

  • gardener-extension-shoot-rsyslog-relp-admission: eu.gcr.io/gardener-project/gardener/extensions/shoot-rsyslog-relp-admission:v0.3.0
  • gardener-extension-shoot-rsyslog-relp: eu.gcr.io/gardener-project/gardener/extensions/shoot-rsyslog-relp:v0.3.0
Update etcd to 6.0.0

What's Changed

New Contributors

Full Changelog: gardener-community/etcd@5.3.2...6.0.0

Update etcd to 6.0.0

What's Changed

Read more

Contributors

holgerkoser, afritzler, and 22 other contributors
Assets 2
Loading