[ATMOSPHERE-263] feat: Support Kubernetes 1.29.x and 1.30.x

[0x00ace]

Successfully booted Kubernetes 1.27.11 and upgraded to new Kubernetes versions 1.27.11 -> 1.28.7 -> 1.29.2 using commands:

 openstack coe cluster upgrade cluster_1 k8s-v1.28.7
 openstack coe cluster upgrade cluster_1 k8s-v1.29.2

Also, tested new images uploading to the custom container registry without any issues

[mnaser]

Sorry, last around of changes:

• We need to addthe 1.27.3 versions of images in image-loader

Once we have this, I will build and ship images for all these and switch the CI afterwards to include all the new images.

[0x00ace]

@mnaser I have all sets of the images added. Also, I have updated k8s versions.

[mnaser]

@okozachenko1203 can you take into consideration your patch there?

[KeplerSysAdmin]

Kepler Team here,
We would like to have this k8s version supported ASAP.
Thank you

[KeplerSysAdmin]

v1.27 end of life is 2024-06-28
When can we merge this PR?

[mnaser]

recheck

[0x00ace]

@mnaser
I have successfully created a 1.28.x cluster and have upgraded it to 1.29.x
But to create a 1.29.x one needs to add a label keystone_auth_enabled=false

[okozachenko1203]

recheck

[0x00ace]

For kubernetes >= 1.29.0 there is an issue with k8s-keystone-auth

Because of that issue, I need to pass a label keystone_auth_enabled=false

[0x00ace]

@mnaser
Should I also include Kubernetes 1.30.x support in this PR? The issue with k8s-keystone-auth I have mentioned above is also valid for 1.30.x. Everything else looks to be working.

[cgroschupp]

It might be a good idea to split this PR to get a newer k8s version than 1.27 as soon as possible, since the end of life is in 6 days. And then work on the keystone-auth problems in another PR and release it later.

[mnaser]

I am struggling with finding a good way to manage the life cycle of these images other than "write a manual script" at this point. It seems like it's hard to find a way to get CI to react for changes, and the image builds are flakey, and the Sonobuoy tests are flakey too, and on top of it they eat a lot of resources...

[0x00ace]

@mnaser I will rework this PR to support only k8s 1.29 and 1.30
k8s 1.28 support in this PR

[mnaser]

@0x00ace thanks, actually I figured out a nice way to build images that is far more reliable.

https://github.com/vexxhost/capo-image-elements

I am almost done with the CI bit and then we can ignore the image build here and ship the images from there to consume here.

[mnaser]

Alright, 1.28 is in right now, I'm also trying to get image builds for EL9 working for 1.28, and then we can tackle this issue.

[0x00ace]

@mnaser
Updated PR for support k8s 1.29.x and 1.30.x
I'm using Rocky 9 with cilium and keystone_auth_enabled=false.
Cluster creation, resizing, and adding new nodegroups look to be working without issues.
Also, I have no issues with a cluster upgrade from 1.28 -> 1.29 -> 1.30.

[mnaser]

vexxhost/capo-image-elements#4

This is what I'm struggling for EL9

[okozachenko1203]

/recheck

[okozachenko1203]

1.29 and 1.30 passed for calico at least

[okozachenko1203]

failed tests

1.29.6 cilium
[It] [sig-network] Services should serve endpoints on same port and different protocols [Conformance]

1.30 calico
[It] [sig-api-machinery] AdmissionWebhook [Privileged:ClusterAdmin] should mutate configmap [Conformance]

1.30 cilium
[It] [sig-network] Services should serve endpoints on same port and different protocols [Conformance]

[okozachenko1203]

cilium/cilium#29913
cilium/cilium#9207

[okozachenko1203]

all ubuntu tests passed

[KeplerSysAdmin]

@okozachenko1203
When is this version of magnum capi available?