diff --git a/magnum_cluster_api/cmd/image_builder.py b/magnum_cluster_api/cmd/image_builder.py index 4c301f77..d1d84d39 100644 --- a/magnum_cluster_api/cmd/image_builder.py +++ b/magnum_cluster_api/cmd/image_builder.py @@ -35,6 +35,7 @@ QEMU_PACKAGES = [ "qemu-kvm", "qemu-utils", + "mkisofs", ] @@ -59,14 +60,14 @@ def validate_version(_, __, value): @click.option( "--version", show_default=True, - default="v1.27.8", + default="v1.29.5", callback=validate_version, help="Kubernetes version", ) @click.option( "--image-builder-version", show_default=True, - default="v0.1.30", + default="v0.1.31", help="Image builder tag (or commit) to use for building image", ) @click.option( @@ -164,67 +165,30 @@ def main( "node_custom_roles_pre": f"{node_custom_roles_pre}", } - # NOTE(mnaser): We use the latest tested daily ISO for Ubuntu 22.04 in order - # to avoid a lengthy upgrade process. - if operating_system == "ubuntu-2204": - iso = "jammy-live-server-amd64.iso" - - customization["iso_url"] = ( - f"http://cdimage.ubuntu.com/ubuntu-server/jammy/daily-live/current/{iso}" - ) - - # Get the SHA256 sum for the ISO - r = requests.get( - "http://cdimage.ubuntu.com/ubuntu-server/jammy/daily-live/current/SHA256SUMS" - ) - r.raise_for_status() - for line in r.text.splitlines(): - if iso in line: - customization["iso_checksum"] = line.split()[0] - break - - # Assert that we have the checksum - assert "iso_checksum" in customization - - if operating_system == "rockylinux-8": - iso = "Rocky-x86_64-minimal.iso" - - customization["iso_url"] = ( - f"https://download.rockylinux.org/pub/rocky/8/isos/x86_64/{iso}" - ) - - # Get the SHA256 sum for the ISO - r = requests.get( - "https://download.rockylinux.org/pub/rocky/8/isos/x86_64/Rocky-x86_64-minimal.iso.CHECKSUM" - ) - r.raise_for_status() - for line in r.text.splitlines(): - if iso in line and "SHA256" in line: - customization["iso_checksum"] = line.split()[3] - break - - # Assert that we have the checksum - assert "iso_checksum" in customization - - if operating_system == "rockylinux-9": - iso = "Rocky-x86_64-minimal.iso" - - customization["iso_url"] = ( - f"https://download.rockylinux.org/pub/rocky/9/isos/x86_64/{iso}" - ) - - # Get the SHA256 sum for the ISO - r = requests.get( - "https://download.rockylinux.org/pub/rocky/9/isos/x86_64/Rocky-x86_64-minimal.iso.CHECKSUM" - ) - r.raise_for_status() - for line in r.text.splitlines(): - if iso in line and "SHA256" in line: - customization["iso_checksum"] = line.split()[3] - break - - # Assert that we have the checksum - assert "iso_checksum" in customization + # NOTE(mnaser): Inside our CI, we use a local image in order speed up the + # process, so we will not download the image from the internet. + if os.environ.get("CI") == "true": + if operating_system == "ubuntu-2204": + customization["iso_checksum"] = ( + "https://static.atmosphere.dev/ubuntu/jammy/20240605.1/SHA256SUMS" + ) + customization["iso_url"] = ( + "https://static.atmosphere.dev/ubuntu/jammy/20240605.1/jammy-server-cloudimg-amd64.img" + ) + elif operating_system == "rockylinux-8": + customization["iso_checksum"] = ( + "https://static.atmosphere.dev/rocky/8/images/x86_64/CHECKSUM" + ) + customization["iso_url"] = ( + "https://static.atmosphere.dev/rocky/8/images/x86_64/Rocky-8-GenericCloud-Base.latest.x86_64.qcow2" + ) + elif operating_system == "rockylinux-9": + customization["iso_checksum"] = ( + "https://static.atmosphere.dev/rocky/9/images/x86_64/CHECKSUM" + ) + customization["iso_url"] = ( + "https://static.atmosphere.dev/rocky/9/images/x86_64/Rocky-9-GenericCloud-Base.latest.x86_64.qcow2" + ) # NOTE(mnaser): Let's set number of CPUs to equal the number of CPUs on the # host to speed up the build process. @@ -255,7 +219,7 @@ def main( /usr/bin/make \ -C \ {ib_path}/images/capi \ - build-qemu-{operating_system} + build-qemu-{operating_system}-cloudimg """ ).encode("utf-8"), env={ diff --git a/magnum_cluster_api/conf.py b/magnum_cluster_api/conf.py index a3418a65..ea88ebcf 100644 --- a/magnum_cluster_api/conf.py +++ b/magnum_cluster_api/conf.py @@ -69,6 +69,16 @@ default="$image_repository/cluster-autoscaler:v1.28.5", help="Image for the cluster auto-scaler for Kubernetes v1.28.", ), + cfg.StrOpt( + "v1_29_image", + default="$image_repository/cluster-autoscaler:v1.29.3", + help="Image for the cluster auto-scaler for Kubernetes v1.29.", + ), + cfg.StrOpt( + "v1_30_image", + default="$image_repository/cluster-autoscaler:v1.30.1", + help="Image for the cluster auto-scaler for Kubernetes v1.30.", + ), ] diff --git a/magnum_cluster_api/resources.py b/magnum_cluster_api/resources.py index 6de7c467..df847727 100644 --- a/magnum_cluster_api/resources.py +++ b/magnum_cluster_api/resources.py @@ -214,17 +214,22 @@ def get_object(self) -> pykube.ConfigMap: "image": { "tag": cilium_version, }, + # NOTE(okozachenko): cilium has a limitation https://github.com/cilium/cilium/issues/9207 + # Because of that, it fails on the test + # `Services should serve endpoints on same port and different protocols`. + # https://github.com/kubernetes/kubernetes/pull/120069#issuecomment-2111252221 + "k8s": {"serviceProxyName": "cilium"}, "operator": { "image": { "tag": cilium_version, }, }, - # NOTE(okozachenko1203): For users who run with kube-proxy (i.e. with Cilium's kube-proxy - # replacement disabled), the ClusterIP service loadbalancing when a - # request is sent from a pod running in a non-host network namespace - # is still performed at the pod network interface (until - # https://github.com/cilium/cilium/issues/16197 is fixed). For this - # case the session affinity support is disabled by default. + # NOTE(okozachenko): For users who run with kube-proxy (i.e. with Cilium's kube-proxy + # replacement disabled), the ClusterIP service loadbalancing when a + # request is sent from a pod running in a non-host network namespace + # is still performed at the pod network interface (until + # https://github.com/cilium/cilium/issues/16197 is fixed). For this + # case the session affinity support is disabled by default. "sessionAffinity": "true", "ipam": { "operator": { @@ -736,6 +741,9 @@ def get_object(self) -> objects.KubeadmControlPlaneTemplate: "rm /var/lib/etcd/lost+found -rf", "bash /run/kubeadm/configure-kube-proxy.sh", ], + "postKubeadmCommands": [ + "echo PLACEHOLDER", + ], }, }, }, @@ -1999,18 +2007,49 @@ def get_object(self) -> objects.ClusterClass: "jsonPatches": [ { "op": "add", - "path": "/spec/template/spec/kubeadmConfigSpec/clusterConfiguration/apiServer/extraArgs/authentication-token-webhook-config-file", # noqa: E501 - "value": "/etc/kubernetes/webhooks/webhookconfig.yaml", + "path": "/spec/template/spec/kubeadmConfigSpec/files/-", + "value": { + "path": "/etc/kubernetes/keystone-kustomization/kustomization.yml", + "permissions": "0644", + "owner": "root:root", + "content": textwrap.dedent( + """\ + resources: + - kube-apiserver.yaml + patches: + - target: + group: "" + version: v1 + kind: Pod + name: kube-apiserver + patch: |- + - op: add + path: /spec/containers/0/command/- + value: --authentication-token-webhook-config-file=/etc/kubernetes/webhooks/webhookconfig.yaml # noqa: E501 + - op: add + path: /spec/containers/0/command/- + value: --authorization-webhook-config-file=/etc/kubernetes/webhooks/webhookconfig.yaml # noqa: E501 + - op: add + path: /spec/containers/0/command/- + value: --authorization-mode=Webhook + """ + ), + }, + }, + { + "op": "add", + "path": "/spec/template/spec/kubeadmConfigSpec/preKubeadmCommands/-", + "value": "mkdir /etc/kubernetes/keystone-kustomization", }, { "op": "add", - "path": "/spec/template/spec/kubeadmConfigSpec/clusterConfiguration/apiServer/extraArgs/authorization-webhook-config-file", # noqa: E501 - "value": "/etc/kubernetes/webhooks/webhookconfig.yaml", + "path": "/spec/template/spec/kubeadmConfigSpec/postKubeadmCommands/-", + "value": "cp /etc/kubernetes/manifests/kube-apiserver.yaml /etc/kubernetes/keystone-kustomization/kube-apiserver.yaml", # noqa: E501 }, { "op": "add", - "path": "/spec/template/spec/kubeadmConfigSpec/clusterConfiguration/apiServer/extraArgs/authorization-mode", # noqa: E501 - "value": "Node,RBAC,Webhook", + "path": "/spec/template/spec/kubeadmConfigSpec/postKubeadmCommands/-", + "value": "kubectl kustomize /etc/kubernetes/keystone-kustomization -o /etc/kubernetes/manifests/kube-apiserver.yaml", # noqa: E501 }, ], } diff --git a/zuul.d/jobs-flatcar.yaml b/zuul.d/jobs-flatcar.yaml index bdf05a85..7bbfd416 100644 --- a/zuul.d/jobs-flatcar.yaml +++ b/zuul.d/jobs-flatcar.yaml @@ -15,29 +15,59 @@ image_os_distro: flatcar - job: - name: magnum-cluster-api-image-build-flatcar-v1.27.8 + name: magnum-cluster-api-image-build-flatcar-v1.27.15 parent: magnum-cluster-api-image-build-flatcar vars: - kube_tag: v1.27.8 + kube_tag: v1.27.15 - job: - name: magnum-cluster-api-sonobuoy-flatcar-v1.27.8 + name: magnum-cluster-api-sonobuoy-flatcar-v1.27.15 parent: magnum-cluster-api-sonobuoy-flatcar dependencies: - - name: magnum-cluster-api-image-build-flatcar-v1.27.8 + - name: magnum-cluster-api-image-build-flatcar-v1.27.15 soft: true vars: - kube_tag: v1.27.8 + kube_tag: v1.27.15 - job: - name: magnum-cluster-api-sonobuoy-flatcar-v1.27.8-calico - parent: magnum-cluster-api-sonobuoy-flatcar-v1.27.8 + name: magnum-cluster-api-image-build-flatcar-v1.28.11 + parent: magnum-cluster-api-image-build-flatcar + vars: + kube_tag: v1.28.11 + +- job: + name: magnum-cluster-api-sonobuoy-flatcar-v1.28.11 + parent: magnum-cluster-api-sonobuoy-flatcar + dependencies: + - name: magnum-cluster-api-image-build-flatcar-v1.28.11 + soft: true + vars: + kube_tag: v1.28.11 + +- job: + name: magnum-cluster-api-image-build-flatcar-v1.29.6 + parent: magnum-cluster-api-image-build-flatcar + vars: + kube_tag: v1.29.6 + +- job: + name: magnum-cluster-api-sonobuoy-flatcar-v1.29.6 + parent: magnum-cluster-api-sonobuoy-flatcar + dependencies: + - name: magnum-cluster-api-image-build-flatcar-v1.29.6 + soft: true + vars: + kube_tag: v1.29.6 + +- job: + name: magnum-cluster-api-sonobuoy-flatcar-v1.27.15-calico + parent: magnum-cluster-api-sonobuoy-flatcar-v1.27.15 vars: network_driver: calico - job: - name: magnum-cluster-api-sonobuoy-flatcar-v1.27.8-cilium - parent: magnum-cluster-api-sonobuoy-flatcar-v1.27.8 + name: magnum-cluster-api-sonobuoy-flatcar-v1.27.15-cilium + parent: magnum-cluster-api-sonobuoy-flatcar-v1.27.15 vars: network_driver: cilium @@ -45,6 +75,6 @@ name: magnum-cluster-api-flatcar check: jobs: - - magnum-cluster-api-image-build-flatcar-v1.27.8 - - magnum-cluster-api-sonobuoy-flatcar-v1.27.8-calico - - magnum-cluster-api-sonobuoy-flatcar-v1.27.8-cilium + - magnum-cluster-api-image-build-flatcar-v1.27.15 + - magnum-cluster-api-sonobuoy-flatcar-v1.27.15-calico + - magnum-cluster-api-sonobuoy-flatcar-v1.27.15-cilium diff --git a/zuul.d/jobs-rockylinux-8.yaml b/zuul.d/jobs-rockylinux-8.yaml index adf86ab4..4a6ca624 100644 --- a/zuul.d/jobs-rockylinux-8.yaml +++ b/zuul.d/jobs-rockylinux-8.yaml @@ -15,29 +15,59 @@ image_os_distro: ubuntu - job: - name: magnum-cluster-api-image-build-rockylinux-8-v1.27.8 + name: magnum-cluster-api-image-build-rockylinux-8-v1.27.15 parent: magnum-cluster-api-image-build-rockylinux-8 vars: - kube_tag: v1.27.8 + kube_tag: v1.27.15 - job: - name: magnum-cluster-api-sonobuoy-rockylinux-8-v1.27.8 + name: magnum-cluster-api-sonobuoy-rockylinux-8-v1.27.15 parent: magnum-cluster-api-sonobuoy-rockylinux-8 dependencies: - - name: magnum-cluster-api-image-build-rockylinux-8-v1.27.8 + - name: magnum-cluster-api-image-build-rockylinux-8-v1.27.15 soft: true vars: - kube_tag: v1.27.8 + kube_tag: v1.27.15 - job: - name: magnum-cluster-api-sonobuoy-rockylinux-8-v1.27.8-calico - parent: magnum-cluster-api-sonobuoy-rockylinux-8-v1.27.8 + name: magnum-cluster-api-image-build-rockylinux-8-v1.28.11 + parent: magnum-cluster-api-image-build-rockylinux-8 + vars: + kube_tag: v1.28.11 + +- job: + name: magnum-cluster-api-sonobuoy-rockylinux-8-v1.28.11 + parent: magnum-cluster-api-sonobuoy-rockylinux-8 + dependencies: + - name: magnum-cluster-api-image-build-rockylinux-8-v1.28.11 + soft: true + vars: + kube_tag: v1.28.11 + +- job: + name: magnum-cluster-api-image-build-rockylinux-8-v1.29.6 + parent: magnum-cluster-api-image-build-rockylinux-8 + vars: + kube_tag: v1.29.6 + +- job: + name: magnum-cluster-api-sonobuoy-rockylinux-8-v1.29.6 + parent: magnum-cluster-api-sonobuoy-rockylinux-8 + dependencies: + - name: magnum-cluster-api-image-build-rockylinux-8-v1.29.6 + soft: true + vars: + kube_tag: v1.29.6 + +- job: + name: magnum-cluster-api-sonobuoy-rockylinux-8-v1.27.15-calico + parent: magnum-cluster-api-sonobuoy-rockylinux-8-v1.27.15 vars: network_driver: calico - job: - name: magnum-cluster-api-sonobuoy-rockylinux-8-v1.27.8-cilium - parent: magnum-cluster-api-sonobuoy-rockylinux-8-v1.27.8 + name: magnum-cluster-api-sonobuoy-rockylinux-8-v1.27.15-cilium + parent: magnum-cluster-api-sonobuoy-rockylinux-8-v1.27.15 vars: network_driver: cilium @@ -45,6 +75,6 @@ name: magnum-cluster-api-rockylinux-8 check: jobs: - - magnum-cluster-api-image-build-rockylinux-8-v1.27.8 - - magnum-cluster-api-sonobuoy-rockylinux-8-v1.27.8-calico - - magnum-cluster-api-sonobuoy-rockylinux-8-v1.27.8-cilium + - magnum-cluster-api-image-build-rockylinux-8-v1.27.15 + - magnum-cluster-api-sonobuoy-rockylinux-8-v1.27.15-calico + - magnum-cluster-api-sonobuoy-rockylinux-8-v1.27.15-cilium diff --git a/zuul.d/jobs-rockylinux-9.yaml b/zuul.d/jobs-rockylinux-9.yaml index 1015e148..156474bf 100644 --- a/zuul.d/jobs-rockylinux-9.yaml +++ b/zuul.d/jobs-rockylinux-9.yaml @@ -15,29 +15,59 @@ image_os_distro: ubuntu - job: - name: magnum-cluster-api-image-build-rockylinux-9-v1.27.8 + name: magnum-cluster-api-image-build-rockylinux-9-v1.27.15 parent: magnum-cluster-api-image-build-rockylinux-9 vars: - kube_tag: v1.27.8 + kube_tag: v1.27.15 - job: - name: magnum-cluster-api-sonobuoy-rockylinux-9-v1.27.8 + name: magnum-cluster-api-sonobuoy-rockylinux-9-v1.27.15 parent: magnum-cluster-api-sonobuoy-rockylinux-9 dependencies: - - name: magnum-cluster-api-image-build-rockylinux-9-v1.27.8 + - name: magnum-cluster-api-image-build-rockylinux-9-v1.27.15 soft: true vars: - kube_tag: v1.27.8 + kube_tag: v1.27.15 - job: - name: magnum-cluster-api-sonobuoy-rockylinux-9-v1.27.8-calico - parent: magnum-cluster-api-sonobuoy-rockylinux-9-v1.27.8 + name: magnum-cluster-api-image-build-rockylinux-9-v1.28.11 + parent: magnum-cluster-api-image-build-rockylinux-9 + vars: + kube_tag: v1.28.11 + +- job: + name: magnum-cluster-api-sonobuoy-rockylinux-9-v1.28.11 + parent: magnum-cluster-api-sonobuoy-rockylinux-9 + dependencies: + - name: magnum-cluster-api-image-build-rockylinux-9-v1.28.11 + soft: true + vars: + kube_tag: v1.28.11 + +- job: + name: magnum-cluster-api-image-build-rockylinux-9-v1.29.6 + parent: magnum-cluster-api-image-build-rockylinux-9 + vars: + kube_tag: v1.29.6 + +- job: + name: magnum-cluster-api-sonobuoy-rockylinux-9-v1.29.6 + parent: magnum-cluster-api-sonobuoy-rockylinux-9 + dependencies: + - name: magnum-cluster-api-image-build-rockylinux-9-v1.29.6 + soft: true + vars: + kube_tag: v1.29.6 + +- job: + name: magnum-cluster-api-sonobuoy-rockylinux-9-v1.27.15-calico + parent: magnum-cluster-api-sonobuoy-rockylinux-9-v1.27.15 vars: network_driver: calico - job: - name: magnum-cluster-api-sonobuoy-rockylinux-9-v1.27.8-cilium - parent: magnum-cluster-api-sonobuoy-rockylinux-9-v1.27.8 + name: magnum-cluster-api-sonobuoy-rockylinux-9-v1.27.15-cilium + parent: magnum-cluster-api-sonobuoy-rockylinux-9-v1.27.15 vars: network_driver: cilium @@ -45,6 +75,6 @@ name: magnum-cluster-api-rockylinux-9 check: jobs: - - magnum-cluster-api-image-build-rockylinux-9-v1.27.8 - - magnum-cluster-api-sonobuoy-rockylinux-9-v1.27.8-calico - - magnum-cluster-api-sonobuoy-rockylinux-9-v1.27.8-cilium + - magnum-cluster-api-image-build-rockylinux-9-v1.27.15 + - magnum-cluster-api-sonobuoy-rockylinux-9-v1.27.15-calico + - magnum-cluster-api-sonobuoy-rockylinux-9-v1.27.15-cilium diff --git a/zuul.d/jobs-ubuntu-2204.yaml b/zuul.d/jobs-ubuntu-2204.yaml index e81c184a..021ff11c 100644 --- a/zuul.d/jobs-ubuntu-2204.yaml +++ b/zuul.d/jobs-ubuntu-2204.yaml @@ -44,6 +44,44 @@ vars: network_driver: cilium +- job: + name: magnum-cluster-api-sonobuoy-ubuntu-2204-v1.29.6 + parent: magnum-cluster-api-sonobuoy-ubuntu-2204 + vars: + kube_tag: v1.29.6 + image_url: https://static.atmosphere.dev/artifacts/magnum-cluster-api/ubuntu-jammy-kubernetes-1-29-6-1720107687.qcow2 + +- job: + name: magnum-cluster-api-sonobuoy-ubuntu-2204-v1.29.6-calico + parent: magnum-cluster-api-sonobuoy-ubuntu-2204-v1.29.6 + vars: + network_driver: calico + +- job: + name: magnum-cluster-api-sonobuoy-ubuntu-2204-v1.29.6-cilium + parent: magnum-cluster-api-sonobuoy-ubuntu-2204-v1.29.6 + vars: + network_driver: cilium + +- job: + name: magnum-cluster-api-sonobuoy-ubuntu-2204-v1.30.2 + parent: magnum-cluster-api-sonobuoy-ubuntu-2204 + vars: + kube_tag: v1.30.2 + image_url: https://static.atmosphere.dev/artifacts/magnum-cluster-api/ubuntu-jammy-kubernetes-1-30-2-1720107688.qcow2 + +- job: + name: magnum-cluster-api-sonobuoy-ubuntu-2204-v1.30.2-calico + parent: magnum-cluster-api-sonobuoy-ubuntu-2204-v1.30.2 + vars: + network_driver: calico + +- job: + name: magnum-cluster-api-sonobuoy-ubuntu-2204-v1.30.2-cilium + parent: magnum-cluster-api-sonobuoy-ubuntu-2204-v1.30.2 + vars: + network_driver: cilium + - project-template: name: magnum-cluster-api-ubuntu-2204 check: @@ -52,3 +90,7 @@ - magnum-cluster-api-sonobuoy-ubuntu-2204-v1.27.15-cilium - magnum-cluster-api-sonobuoy-ubuntu-2204-v1.28.11-calico - magnum-cluster-api-sonobuoy-ubuntu-2204-v1.28.11-cilium + - magnum-cluster-api-sonobuoy-ubuntu-2204-v1.29.6-calico + - magnum-cluster-api-sonobuoy-ubuntu-2204-v1.29.6-cilium + - magnum-cluster-api-sonobuoy-ubuntu-2204-v1.30.2-calico + - magnum-cluster-api-sonobuoy-ubuntu-2204-v1.30.2-cilium diff --git a/zuul.d/playbooks/image-build/run.yml b/zuul.d/playbooks/image-build/run.yml index e3923b0f..82db599f 100644 --- a/zuul.d/playbooks/image-build/run.yml +++ b/zuul.d/playbooks/image-build/run.yml @@ -16,3 +16,5 @@ shell: "$HOME/.local/bin/magnum-cluster-api-image-builder --operating-system {{ image_operating_system }} --version {{ kube_tag }}" args: chdir: "{{ zuul_output_dir }}/artifacts" + environment: + CI: "true"