Merge pull request #103 from sassoftware/staging

3.7.0 - January 19, 2024
sassoftware · Jan 19, 2024 · fed43b3 · fed43b3
2 parents 5ae77c0 + 925b713
commit fed43b3
Show file tree

Hide file tree

Showing 17 changed files with 87 additions and 69 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -9,7 +9,7 @@ RUN apt-get update && apt-get upgrade -y --no-install-recommends \
 # Layers used for building/downloading/installing tools
 FROM baseline as tool_builder
 ARG HELM_VERSION=3.13.2
-ARG KUBECTL_VERSION=1.26.10
+ARG KUBECTL_VERSION=1.27.9
 ARG TERRAFORM_VERSION=1.6.3-*
 
 WORKDIR /build

diff --git a/docs/CONFIG-VARS.md b/docs/CONFIG-VARS.md
@@ -69,11 +69,11 @@ Terraform input variables can be set in the following ways:
 
 | Name | Description | Type | Default | Notes |
 | :--- | :--- | :--- | :--- | :--- |
-| cluster_version        | Kubernetes version | string | "1.26.7" | Valid values are listed here: [SAS Viya platform Supported Kubernetes Versions](https://documentation.sas.com/?cdcId=itopscdc&cdcVersion=default&docsetId=itopssr&docsetTarget=n1ika6zxghgsoqn1mq4bck9dx695.htm#p03v0o4maa8oidn1awe0w4xlxcf6). |
+| cluster_version        | Kubernetes version | string | "1.27.9" | Valid values are listed here: [SAS Viya platform Supported Kubernetes Versions](https://documentation.sas.com/?cdcId=itopscdc&cdcVersion=default&docsetId=itopssr&docsetTarget=n1ika6zxghgsoqn1mq4bck9dx695.htm#p03v0o4maa8oidn1awe0w4xlxcf6). |
 | cluster_cni            | Kubernetes container network interface (CNI) | string | "calico" | |
-| cluster_cni_version    | Kubernetes Container Network Interface (CNI) Version | string | "3.24.5" | |
+| cluster_cni_version    | Kubernetes Container Network Interface (CNI) Version | string | "3.27.0" | |
 | cluster_cri            | Kubernetes container runtime interface (CRI) | string | "containerd" | |
-| cluster_cri_version    | Version of the CRI specifed by `cluster_cri` to be installed  | string | "1.6.20" | Set as an empty string to use the latest upstream version from the Docker APT repository. Currently only containerd is supported, see the [releases page](https://github.com/containerd/containerd/releases) for available versions |
+| cluster_cri_version    | Version of the CRI specifed by `cluster_cri` to be installed  | string | "1.6.26" | Set as an empty string to use the latest upstream version from the Docker APT repository. Currently only containerd is supported, see the [releases page](https://github.com/containerd/containerd/releases) for available versions |
 | cluster_service_subnet | Kubernetes service subnet | string | "10.43.0.0/16" | |
 | cluster_pod_subnet     | Kubernetes pod subnet | string | "10.42.0.0/16" | |
 | cluster_domain         | Cluster domain suffix for DNS | string | | |
@@ -353,13 +353,13 @@ The following variables are used to describe the machine targets for the SAS Viy
 | prefix | A prefix used in the names of all the resources created by this script | string | | |
 | deployment_type | Type of deployment to be performed | string | "bare_metal" | Specify `bare_metal` or `vsphere`. |
 | kubernetes_cluster_name | Cluster name | string | "{{ prefix }}-oss" | This item is auto-filled. **ONLY** change the `prefix` value described previously. |
-| kubernetes_version | Kubernetes version | string | "1.26.7" | Valid values are listed here: [Kubernetes Releases](https://kubernetes.io/releases/). |
+| kubernetes_version | Kubernetes version | string | "1.27.9" | Valid values are listed here: [Kubernetes Releases](https://kubernetes.io/releases/). |
 | kubernetes_upgrade_allowed | | bool | true | **NOTE:** Not currently used. |
 | kubernetes_arch | | string | "{{ vm_arch }}" | This item is auto-filled. **ONLY** change the `vm_arch` value described previously. |
 | kubernetes_cni | Kubernetes Container Network Interface (CNI) | string | "calico" | |
-| kubernetes_cni_version | Kubernetes Container Network Interface (CNI) Version | string | "3.24.5" | |
+| kubernetes_cni_version | Kubernetes Container Network Interface (CNI) Version | string | "3.27.0" | |
 | kubernetes_cri | Kubernetes Container Runtime Interface (CRI) | string | "containerd" | |
-| kubernetes_cri_version | Version of the CRI specifed by `kubernetes_cri` to be installed  | string | "1.6.20" | Set as an empty string to use the latest upstream version from the Docker APT repository. Currently only containerd is supported, see the [releases page](https://github.com/containerd/containerd/releases) for available versions | |
+| kubernetes_cri_version | Version of the CRI specifed by `kubernetes_cri` to be installed  | string | "1.6.26" | Set as an empty string to use the latest upstream version from the Docker APT repository. Currently only containerd is supported, see the [releases page](https://github.com/containerd/containerd/releases) for available versions | |
 | kubernetes_service_subnet | Kubernetes service subnet | string | "10.43.0.0/16" | |
 | kubernetes_pod_subnet | Kubernetes pod subnet | string | "10.42.0.0/16" | |
 | kubernetes_vip_version | kube-vip version | string | "0.5.7" | |

diff --git a/docs/REQUIREMENTS.md b/docs/REQUIREMENTS.md
@@ -203,11 +203,11 @@ vsphere_network       = "" # Name of the network to to use for the VMs
 system_ssh_keys_dir = "~/.ssh" # Directory holding public keys to be used on each machine
 
 # Kubernetes - Cluster
-cluster_version        = "1.26.7"                        # Kubernetes version
+cluster_version        = "1.27.9"                        # Kubernetes version
 cluster_cni            = "calico"                        # Kubernetes Container Network Interface (CNI)
-cluster_cni_version    = "3.24.5"                        # Kubernetes Container Network Interface (CNI) Version
+cluster_cni_version    = "3.27.0"                        # Kubernetes Container Network Interface (CNI) Version
 cluster_cri            = "containerd"                    # Kubernetes Container Runtime Interface (CRI)
-cluster_cri_version    = "1.6.20"                        # Kubernetes Container Runtime Interface (CRI) Version
+cluster_cri_version    = "1.6.26"                        # Kubernetes Container Runtime Interface (CRI) Version
 cluster_service_subnet = "10.35.0.0/16"                  # Kubernetes service subnet
 cluster_pod_subnet     = "10.36.0.0/16"                  # Kubernetes Pod subnet
 cluster_domain         = "sample.domain.foo.com"         # Cluster domain suffix for DNS
@@ -510,9 +510,9 @@ kubernetes_version         : ""
 kubernetes_upgrade_allowed : true
 kubernetes_arch            : "{{ vm_arch }}"
 kubernetes_cni             : "calico"           # Choices : [calico]
-kubernetes_cni_version     : "3.24.5"           # Choices : [3.24.5]
+kubernetes_cni_version     : "3.27.0"           # Choices : [3.27.0]
 kubernetes_cri             : "containerd"       # Choices : [containerd]
-kubernetes_cri_version     : "1.6.20"           # Choices : [1.6.20]
+kubernetes_cri_version     : "1.6.26"           # Choices : [1.6.26]
 kubernetes_service_subnet  : ""
 kubernetes_pod_subnet      : ""
 

diff --git a/examples/bare-metal/sample-ansible-vars.yaml b/examples/bare-metal/sample-ansible-vars.yaml
@@ -24,9 +24,9 @@ kubernetes_version         : ""
 kubernetes_upgrade_allowed : true
 kubernetes_arch            : "{{ vm_arch }}"
 kubernetes_cni             : "calico"        # Choices : [calico]
-kubernetes_cni_version     : "3.24.5"        # Choices : [3.24.5]
+kubernetes_cni_version     : "3.27.0"        # Choices : [3.27.0]
 kubernetes_cri             : "containerd"    # Choices : [containerd]
-kubernetes_cri_version     : "1.6.20"        # Choices : [1.6.20]
+kubernetes_cri_version     : "1.6.26"        # Choices : [1.6.26]
 kubernetes_service_subnet  : ""
 kubernetes_pod_subnet      : ""
 

diff --git a/examples/vsphere/sample-terraform-dhcp.tfvars b/examples/vsphere/sample-terraform-dhcp.tfvars
@@ -18,11 +18,11 @@ vsphere_network       = "" # Name of the network to to use for the VMs
 system_ssh_keys_dir = "~/.ssh/oss" # Directory holding public keys to be used on each system
 
 # Kubernetes - Cluster
-cluster_version        = "1.26.7"       # Kubernetes Version
+cluster_version        = "1.27.9"       # Kubernetes Version
 cluster_cni            = "calico"       # Kubernetes Container Network Interface (CNI)
-cluster_cni_version    = "3.24.5"       # Kubernetes Container Network Interface (CNI) Version
+cluster_cni_version    = "3.27.0"       # Kubernetes Container Network Interface (CNI) Version
 cluster_cri            = "containerd"   # Kubernetes Container Runtime Interface (CRI)
-cluster_cri_version    = "1.6.20"       # Kubernetes Container Runtime Interface (CRI) Version
+cluster_cri_version    = "1.6.26"       # Kubernetes Container Runtime Interface (CRI) Version
 cluster_service_subnet = "10.43.0.0/16" # Kubernetes Service Subnet
 cluster_pod_subnet     = "10.42.0.0/16" # Kubernetes Pod Subnet
 cluster_domain         = ""             # Cluster domain suffix for DNS

diff --git a/examples/vsphere/sample-terraform-minimal.tfvars b/examples/vsphere/sample-terraform-minimal.tfvars
@@ -18,11 +18,11 @@ vsphere_network       = "" # Name of the network to to use for the VMs
 system_ssh_keys_dir = "~/.ssh/oss" # Directory holding public keys to be used on each system
 
 # Kubernetes - Cluster
-cluster_version        = "1.26.7"       # Kubernetes Version
+cluster_version        = "1.27.9"       # Kubernetes Version
 cluster_cni            = "calico"       # Kubernetes Container Network Interface (CNI)
-cluster_cni_version    = "3.24.5"       # Kubernetes Container Network Interface (CNI) Version
+cluster_cni_version    = "3.27.0"       # Kubernetes Container Network Interface (CNI) Version
 cluster_cri            = "containerd"   # Kubernetes Container Runtime Interface (CRI)
-cluster_cri_version    = "1.6.20"       # Kubernetes Container Runtime Interface (CRI) Version
+cluster_cri_version    = "1.6.26"       # Kubernetes Container Runtime Interface (CRI) Version
 cluster_service_subnet = "10.43.0.0/16" # Kubernetes Service Subnet
 cluster_pod_subnet     = "10.42.0.0/16" # Kubernetes Pod Subnet
 cluster_domain         = ""             # Cluster domain suffix for DNS
@@ -83,7 +83,6 @@ control_plane_ssh_key_name = "cp_ssh"
 #                     These are typically: compute, stateful, and
 #                     stateless. 
 #
-cluster_node_pool_mode = "minimal"
 node_pools = {
   # REQUIRED NODE TYPE - DO NOT REMOVE and DO NOT CHANGE THE NAME
   #                      Other variables may be altered

diff --git a/examples/vsphere/sample-terraform-static-ips.tfvars b/examples/vsphere/sample-terraform-static-ips.tfvars
@@ -18,11 +18,11 @@ vsphere_network       = "" # Name of the network to to use for the VMs
 system_ssh_keys_dir = "~/.ssh/oss" # Directory holding public keys to be used on each system
 
 # Kubernetes - Cluster
-cluster_version        = "1.26.7"       # Kubernetes Version
+cluster_version        = "1.27.9"       # Kubernetes Version
 cluster_cni            = "calico"       # Kubernetes Container Network Interface (CNI)
-cluster_cni_version    = "3.24.5"       # Kubernetes Container Network Interface (CNI) Version
+cluster_cni_version    = "3.27.0"       # Kubernetes Container Network Interface (CNI) Version
 cluster_cri            = "containerd"   # Kubernetes Container Runtime Interface (CRI)
-cluster_cri_version    = "1.6.20"       # Kubernetes Container Runtime Interface (CRI) Version
+cluster_cri_version    = "1.6.26"       # Kubernetes Container Runtime Interface (CRI) Version
 cluster_service_subnet = "10.43.0.0/16" # Kubernetes Service Subnet
 cluster_pod_subnet     = "10.42.0.0/16" # Kubernetes Pod Subnet
 cluster_domain         = ""             # Cluster domain suffix for DNS

diff --git a/examples/vsphere/sample-terraform-static-singlestore.tfvars b/examples/vsphere/sample-terraform-static-singlestore.tfvars
@@ -18,11 +18,11 @@ vsphere_network       = "" # Name of the network to to use for the VMs
 system_ssh_keys_dir = "~/.ssh/oss" # Directory holding public keys to be used on each system
 
 # Kubernetes - Cluster
-cluster_version        = "1.26.7"       # Kubernetes Version
+cluster_version        = "1.27.9"       # Kubernetes Version
 cluster_cni            = "calico"       # Kubernetes Container Network Interface (CNI)
-cluster_cni_version    = "3.24.5"       # Kubernetes Container Network Interface (CNI) Version
+cluster_cni_version    = "3.27.0"       # Kubernetes Container Network Interface (CNI) Version
 cluster_cri            = "containerd"   # Kubernetes Container Runtime Interface (CRI)
-cluster_cri_version    = "1.6.20"       # Kubernetes Container Runtime Interface (CRI) Version
+cluster_cri_version    = "1.6.26"       # Kubernetes Container Runtime Interface (CRI) Version
 cluster_service_subnet = "10.43.0.0/16" # Kubernetes Service Subnet
 cluster_pod_subnet     = "10.42.0.0/16" # Kubernetes Pod Subnet
 cluster_domain         = ""             # Cluster domain suffix for DNS

diff --git a/examples/vsphere/sample-terraform-vi.tfvars b/examples/vsphere/sample-terraform-vi.tfvars
@@ -18,11 +18,11 @@ vsphere_network       = "" # Name of the network to to use for the VMs
 system_ssh_keys_dir = "~/.ssh/oss" # Directory holding public keys to be used on each system
 
 # Kubernetes - Cluster
-cluster_version        = "1.26.7"       # Kubernetes Version
+cluster_version        = "1.27.9"       # Kubernetes Version
 cluster_cni            = "calico"       # Kubernetes Container Network Interface (CNI)
-cluster_cni_version    = "3.24.5"       # Kubernetes Container Network Interface (CNI) Version
+cluster_cni_version    = "3.27.0"       # Kubernetes Container Network Interface (CNI) Version
 cluster_cri            = "containerd"   # Kubernetes Container Runtime Interface (CRI)
-cluster_cri_version    = "1.6.20"       # Kubernetes Container Runtime Interface (CRI) Version
+cluster_cri_version    = "1.6.26"       # Kubernetes Container Runtime Interface (CRI) Version
 cluster_service_subnet = "10.43.0.0/16" # Kubernetes Service Subnet
 cluster_pod_subnet     = "10.42.0.0/16" # Kubernetes Pod Subnet
 cluster_domain         = ""             # Cluster domain suffix for DNS

diff --git a/outputs.tf b/outputs.tf
@@ -5,10 +5,6 @@ output "cluster_name" {
   value = local.cluster_name
 }
 
-output "cluster_node_pool_mode" {
-  value = "default"
-}
-
 output "jump_admin_username" {
   value = "root"
 }

diff --git a/roles/kubernetes/cni/calico/templates/custom-resources.tmpl b/roles/kubernetes/cni/calico/templates/custom-resources.tmpl
@@ -1,6 +1,6 @@
 ---
 # This section includes base Calico installation configuration.
-# For more information, see: https://projectcalico.docs.tigera.io/reference/installation/api#operator.tigera.io/v1.Installation
+# For more information, see: https://docs.tigera.io/calico/latest/reference/installation/api#operator.tigera.io/v1.Installation
 apiVersion: operator.tigera.io/v1
 kind: Installation
 metadata:
@@ -17,7 +17,7 @@ spec:
       nodeSelector: all()
 ---
 # This section configures the Calico API server.
-# For more information, see: https://projectcalico.docs.tigera.io/reference/installation/api#operator.tigera.io/v1.APIServer
+# For more information, see: https://docs.tigera.io/calico/latest/reference/installation/api#operator.tigera.io/v1.APIServer
 apiVersion: operator.tigera.io/v1
 kind: APIServer 
 metadata: 

diff --git a/roles/kubernetes/cri/containerd/defaults/main.yaml b/roles/kubernetes/cri/containerd/defaults/main.yaml
@@ -11,5 +11,5 @@
 # Focal 20 https://download.docker.com/linux/ubuntu/dists/focal/stable/binary-amd64/
 # On that page select "Packages" and the text file that is downloaded will contain all the versions of
 # containerd available in the repository.
-kubernetes_cri_version: "1.6.20"
+kubernetes_cri_version: "1.6.26"
 kubernetes_cri_deb_rev: ""
diff --git a/roles/kubernetes/cri/containerd/tasks/main.yaml b/roles/kubernetes/cri/containerd/tasks/main.yaml
@@ -105,7 +105,9 @@
 - name: Set containerd.io package debian revision if not specified
   set_fact:
     kubernetes_cri_deb_rev: "-*"
-  when: kubernetes_cri_version | regex_search("^(\d+\.)(\d+\.)(\d+)$")
+  when:
+    - ansible_distribution == "Ubuntu" and (ansible_distribution_version == "20.04" or ansible_distribution_version == "22.04")
+    - kubernetes_cri_version | regex_search("^(\d+\.)(\d+\.)(\d+)$")
   tags:
     - install
     - update

diff --git a/roles/kubernetes/metrics/metrics-server/defaults/main.yaml b/roles/kubernetes/metrics/metrics-server/defaults/main.yaml
@@ -7,7 +7,7 @@ METRICS_SERVER_NAME: metrics-server
 METRICS_SERVER_NAMESPACE: kube-system
 METRICS_SERVER_CHART_NAME: metrics-server
 METRICS_SERVER_CHART_URL: https://kubernetes-sigs.github.io/metrics-server/
-METRICS_SERVER_CHART_VERSION: 3.8.3
+METRICS_SERVER_CHART_VERSION: 3.11.0
 METRICS_SERVER_CONFIG:
   apiService:
     create: true

diff --git a/roles/kubernetes/toolbox/defaults/main.yaml b/roles/kubernetes/toolbox/defaults/main.yaml
@@ -0,0 +1,10 @@
+# Copyright © 2022-2023, SAS Institute Inc., Cary, NC, USA. All Rights Reserved.
+# SPDX-License-Identifier: Apache-2.0
+
+---
+# Allows users to overwrite deb revisions of the kube toolbox packages
+# kubelet, kubeadm, & kubectl which will be installed on all the
+# ansible "k8s" hosts.
+# It's not recommended you change this value unless for debugging purposes.
+# leaving it as this default value will result in the latest deb rev for the packages
+kube_deb_rev: "*"
diff --git a/roles/kubernetes/toolbox/tasks/main.yaml b/roles/kubernetes/toolbox/tasks/main.yaml
@@ -6,41 +6,52 @@
 # Installing Kubernetes tooling
 #
 
-# Apply Google Cloud public signing key
-- name: Apply Google Cloud public signing key
-  ansible.builtin.get_url:
-    url: https://packages.cloud.google.com/apt/doc/apt-key.gpg
-    dest: /usr/share/keyrings/kubernetes-archive-keyring.gpg
-  when: ansible_distribution == "Ubuntu" and (ansible_distribution_version == "20.04" or ansible_distribution_version == "22.04")
-  tags:
-    - install
-    - update
-
-# Add Kubernetes apt repository
-- name: Add Kubernetes apt repository
-  ansible.builtin.copy:
-    dest: /etc/apt/sources.list.d/kubernetes.list
-    content: |
-      deb [signed-by=/usr/share/keyrings/kubernetes-archive-keyring.gpg trusted=yes] https://apt.kubernetes.io/ kubernetes-xenial main
-  when: ansible_distribution == "Ubuntu" and (ansible_distribution_version == "20.04" or ansible_distribution_version == "22.04")
+# Only applicable for releases older than Ubuntu 22.04
+- name: Create /etc/apt/keyrings directory
+  ansible.builtin.file:
+    path: /etc/apt/keyrings
+    state: directory
+    mode: "0755"
+    owner: root
+    group: root
+  when: ansible_distribution == "Ubuntu" and (ansible_distribution_version == "20.04")
   tags:
     - install
     - update
 
-- name: Set kubernetes version facts for crictl
+- name: Set kubernetes version facts for toolbox installation
   set_fact:
     k8s_version_semantic_parts: "{{ kubernetes_version.split('.') }}"
-  when: kubernetes_cri|lower != 'docker'
   tags:
     - install
     - update
 
-- name: Set kubernetes version part facts for crictl
+- name: Set kubernetes version part facts for toolbox installation
   set_fact:
     k8s_major_version: "{% if k8s_version_semantic_parts|length > 0 %}{{ k8s_version_semantic_parts.0 }}{% endif %}"
     k8s_minor_version: "{% if k8s_version_semantic_parts|length > 1 %}{{ k8s_version_semantic_parts.1 }}{% endif %}"
     k8s_patch_version: "{% if k8s_version_semantic_parts|length > 2 %}{{ k8s_version_semantic_parts.2 }}{% else %}0{% endif %}"
-  when: kubernetes_cri|lower != 'docker'
+  tags:
+    - install
+    - update
+
+# Apply Kubernetes public signing key
+- name: Apply Kubernetes public signing key
+  ansible.builtin.get_url:
+    url: "https://pkgs.k8s.io/core:/stable:/v{{ k8s_major_version }}.{{ k8s_minor_version }}/deb/Release.key"
+    dest: /etc/apt/keyrings/kubernetes-apt-keyring.asc
+  when: ansible_distribution == "Ubuntu" and (ansible_distribution_version == "20.04" or ansible_distribution_version == "22.04")
+  tags:
+    - install
+    - update
+
+# Add Kubernetes apt repository
+- name: Add Kubernetes apt repository
+  ansible.builtin.apt_repository:
+    repo: "deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.asc] https://pkgs.k8s.io/core:/stable:/v{{ k8s_major_version }}.{{ k8s_minor_version }}/deb/ /"
+    state: present
+    update_cache: true
+  when: ansible_distribution == "Ubuntu" and (ansible_distribution_version == "20.04" or ansible_distribution_version == "22.04")
   tags:
     - install
     - update
@@ -108,9 +119,9 @@
 - name: Update apt package index and install kubelet, kubeadm, kubectl
   ansible.builtin.apt:
     pkg:
-      - kubelet={{ kubernetes_version }}-00
-      - kubeadm={{ kubernetes_version }}-00
-      - kubectl={{ kubernetes_version }}-00
+      - kubelet={{ kubernetes_version }}-{{ kube_deb_rev }}
+      - kubeadm={{ kubernetes_version }}-{{ kube_deb_rev }}
+      - kubectl={{ kubernetes_version }}-{{ kube_deb_rev }}
     state: present
     update_cache: true
   when: ansible_distribution == "Ubuntu" and (ansible_distribution_version == "20.04" or ansible_distribution_version == "22.04")
@@ -145,9 +156,9 @@
 - name: Update apt package index and remove kubelet, kubeadm, kubectl
   ansible.builtin.apt:
     pkg:
-      - kubelet={{ kubernetes_version }}-00
-      - kubeadm={{ kubernetes_version }}-00
-      - kubectl={{ kubernetes_version }}-00
+      - kubelet={{ kubernetes_version }}-{{ kube_deb_rev }}
+      - kubeadm={{ kubernetes_version }}-{{ kube_deb_rev }}
+      - kubectl={{ kubernetes_version }}-{{ kube_deb_rev }}
     state: absent
     update_cache: true
   when: ansible_distribution == "Ubuntu" and (ansible_distribution_version == "20.04" or ansible_distribution_version == "22.04")