kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #15543 from johngmyers/bump-vers 

Create release notes for kOps 1.28; delete code for removed features
This commit is contained in:
Kubernetes Prow Robot 2023-06-23 00:39:23 -07:00 committed by GitHub
parent d3cc46313a 37f67231b6
commit bd265c1f41
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
33 changed files with 49 additions and 875 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
cmd/kops/create_cluster.go
View File

@ -301,7 +301,7 @@ func NewCmdCreateCluster(f *util.Factory, out io.Writer) *cobra.Command {
cmd.Flags().StringVar(&options.EtcdStorageType, "etcd-storage-type", options.EtcdStorageType, "The default storage type for etcd members")
cmd.RegisterFlagCompletionFunc("etcd-storage-type", completeStorageType)
cmd.Flags().StringVar(&options.Networking, "networking", options.Networking, "Networking mode. kubenet, external, weave, flannel-vxlan (or flannel), flannel-udp, calico, canal, kube-router, amazonvpc, cilium, cilium-etcd, cni.")
cmd.Flags().StringVar(&options.Networking, "networking", options.Networking, "Networking mode. kubenet, external, flannel-vxlan (or flannel), flannel-udp, calico, canal, kube-router, amazonvpc, cilium, cilium-etcd, cni.")
cmd.RegisterFlagCompletionFunc("networking", completeNetworking(options))
cmd.Flags().StringVar(&options.DNSZone, "dns-zone", options.DNSZone, "DNS hosted zone (defaults to longest matching zone)")
@ -990,7 +990,6 @@ func completeNetworking(options *CreateClusterOptions) func(cmd *cobra.Command,
completions = append(completions,
"kubenet",
"kopeio",
"weave",
"flannel",
"canal",
"kube-router",

1
cmd/kops/create_cluster_integration_test.go
View File

@ -46,7 +46,6 @@ var MagicTimestamp = metav1.Time{Time: time.Date(2017, 1, 1, 0, 0, 0, 0, time.UT
// TestCreateClusterMinimal runs kops create cluster minimal.example.com --zones us-test-1a
func TestCreateClusterMinimal(t *testing.T) {
runCreateClusterIntegrationTest(t, "../../tests/integration/create_cluster/minimal-1.22", "v1alpha2")
runCreateClusterIntegrationTest(t, "../../tests/integration/create_cluster/minimal-1.23", "v1alpha2")
runCreateClusterIntegrationTest(t, "../../tests/integration/create_cluster/minimal-1.24", "v1alpha2")
runCreateClusterIntegrationTest(t, "../../tests/integration/create_cluster/minimal-1.25", "v1alpha2")

1
cmd/kops/create_secret.go
View File

@ -36,7 +36,6 @@ func NewCmdCreateSecret(f *util.Factory, out io.Writer) *cobra.Command {
cmd.AddCommand(NewCmdCreateSecretCiliumPassword(f, out))
cmd.AddCommand(NewCmdCreateSecretDockerConfig(f, out))
cmd.AddCommand(NewCmdCreateSecretEncryptionConfig(f, out))
cmd.AddCommand(NewCmdCreateSecretWeavePassword(f, out))
sshPublicKey := NewCmdCreateSSHPublicKey(f, out)
sshPublicKey.Hidden = true

145
cmd/kops/create_secret_weavepassword.go
View File

@ -1,145 +0,0 @@
/*
Copyright 2019 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package main
import (
"context"
"fmt"
"io"
"os"
"github.com/spf13/cobra"
"k8s.io/kops/pkg/commands/commandutils"
"k8s.io/kops/cmd/kops/util"
"k8s.io/kops/upup/pkg/fi"
"k8s.io/kubectl/pkg/util/i18n"
"k8s.io/kubectl/pkg/util/templates"
)
var (
createSecretWeavePasswordLong = templates.LongDesc(i18n.T(`
Create a new weave encryption secret and store it in the state store.
Used by Weave networking to encrypt communication between nodes.
If no password is provided, kOps will generate one at random.
WARNING: cannot be enabled or changed on a running cluster without downtime.`))
createSecretWeavePasswordExample = templates.Examples(i18n.T(`
# Create a new random weave password.
kops create secret weavepassword \
--name k8s-cluster.example.com --state s3://my-state-store
# Install a specific weave password.
kops create secret weavepassword -f /path/to/weavepassword \
--name k8s-cluster.example.com --state s3://my-state-store
# Install a specific weave password via stdin.
kops create secret weavepassword -f - \
--name k8s-cluster.example.com --state s3://my-state-store
# Replace an existing weave password.
kops create secret weavepassword -f /path/to/weavepassword --force \
--name k8s-cluster.example.com --state s3://my-state-store
`))
createSecretWeavePasswordShort = i18n.T(`Create a Weave password.`)
)
type CreateSecretWeavePasswordOptions struct {
ClusterName string
WeavePasswordFilePath string
Force bool
}
func NewCmdCreateSecretWeavePassword(f *util.Factory, out io.Writer) *cobra.Command {
options := &CreateSecretWeavePasswordOptions{}
cmd := &cobra.Command{
Use: "weavepassword [CLUSTER]",
Short: createSecretWeavePasswordShort,
Long: createSecretWeavePasswordLong,
Example: createSecretWeavePasswordExample,
Args: rootCommand.clusterNameArgs(&options.ClusterName),
ValidArgsFunction: commandutils.CompleteClusterName(f, true, false),
RunE: func(cmd *cobra.Command, args []string) error {
return RunCreateSecretWeavePassword(cmd.Context(), f, out, options)
},
}
cmd.Flags().StringVarP(&options.WeavePasswordFilePath, "filename", "f", "", "Path to Weave password file")
cmd.Flags().BoolVar(&options.Force, "force", options.Force, "Force replace the secret if it already exists")
return cmd
}
func RunCreateSecretWeavePassword(ctx context.Context, f commandutils.Factory, out io.Writer, options *CreateSecretWeavePasswordOptions) error {
secret, err := fi.CreateSecret()
if err != nil {
return fmt.Errorf("creating Weave password: %v", err)
}
cluster, err := GetCluster(ctx, f, options.ClusterName)
if err != nil {
return err
}
clientset, err := f.KopsClient()
if err != nil {
return err
}
secretStore, err := clientset.SecretStore(cluster)
if err != nil {
return err
}
if options.WeavePasswordFilePath != "" {
var data []byte
if options.WeavePasswordFilePath == "-" {
data, err = ConsumeStdin()
if err != nil {
return fmt.Errorf("reading Weave password file from stdin: %v", err)
}
} else {
data, err = os.ReadFile(options.WeavePasswordFilePath)
if err != nil {
return fmt.Errorf("reading Weave password file %v: %v", options.WeavePasswordFilePath, err)
}
}
secret.Data = data
}
if !options.Force {
_, created, err := secretStore.GetOrCreateSecret(ctx, "weavepassword", secret)
if err != nil {
return fmt.Errorf("adding weavepassword secret: %v", err)
}
if !created {
return fmt.Errorf("failed to create the weavepassword secret as it already exists. Pass the `--force` flag to replace an existing secret")
}
} else {
_, err := secretStore.ReplaceSecret("weavepassword", secret)
if err != nil {
return fmt.Errorf("updating weavepassword secret: %v", err)
}
}
return nil
}

2
docs/cli/kops_create_cluster.md generated
View File

@ -99,7 +99,7 @@ kops create cluster [CLUSTER] [flags]
--kubernetes-version string Version of Kubernetes to run (defaults to version in channel)
--network-cidr string Network CIDR to use
--network-id string Shared Network or VPC to use
--networking string Networking mode. kubenet, external, weave, flannel-vxlan (or flannel), flannel-udp, calico, canal, kube-router, amazonvpc, cilium, cilium-etcd, cni. (default "cilium")
--networking string Networking mode. kubenet, external, flannel-vxlan (or flannel), flannel-udp, calico, canal, kube-router, amazonvpc, cilium, cilium-etcd, cni. (default "cilium")
--node-count int32 Total number of worker nodes. Defaults to one node per zone
--node-image string Machine image for worker nodes. Takes precedence over --image
--node-security-groups strings Additional pre-created security groups to add to worker nodes.

1
docs/cli/kops_create_secret.md generated
View File

@ -26,5 +26,4 @@ Create a secret.
* [kops create secret ciliumpassword](kops_create_secret_ciliumpassword.md) - Create a Cilium IPsec configuration.
* [kops create secret dockerconfig](kops_create_secret_dockerconfig.md) - Create a Docker config.
* [kops create secret encryptionconfig](kops_create_secret_encryptionconfig.md) - Create an encryption config.
* [kops create secret weavepassword](kops_create_secret_weavepassword.md) - Create a Weave password.

60
docs/cli/kops_create_secret_weavepassword.md generated
View File

@ -1,60 +0,0 @@
<!--- This file is automatically generated by make gen-cli-docs; changes should be made in the go CLI command code (under cmd/kops) -->
## kops create secret weavepassword
Create a Weave password.
### Synopsis
Create a new weave encryption secret and store it in the state store. Used by Weave networking to encrypt communication between nodes.
If no password is provided, kOps will generate one at random.
WARNING: cannot be enabled or changed on a running cluster without downtime.
```
kops create secret weavepassword [CLUSTER] [flags]
```
### Examples
```
# Create a new random weave password.
kops create secret weavepassword \
--name k8s-cluster.example.com --state s3://my-state-store
# Install a specific weave password.
kops create secret weavepassword -f /path/to/weavepassword \
--name k8s-cluster.example.com --state s3://my-state-store
# Install a specific weave password via stdin.
kops create secret weavepassword -f - \
--name k8s-cluster.example.com --state s3://my-state-store
# Replace an existing weave password.
kops create secret weavepassword -f /path/to/weavepassword --force \
--name k8s-cluster.example.com --state s3://my-state-store
```
### Options
```
-f, --filename string Path to Weave password file
--force Force replace the secret if it already exists
-h, --help help for weavepassword
```
### Options inherited from parent commands
```
--config string yaml config file (default is $HOME/.kops.yaml)
--name string Name of cluster. Overrides KOPS_CLUSTER_NAME environment variable
--state string Location of state storage (kops 'config' file). Overrides KOPS_STATE_STORE environment variable
-v, --v Level number for the log level verbosity
```
### SEE ALSO
* [kops create secret](kops_create_secret.md) - Create a secret.

4
docs/getting_started/digitalocean.md
View File

@ -36,8 +36,8 @@ Note that you kOps will only be able to successfully provision clusters in regio
kops create cluster --cloud=digitalocean --name=my-cluster.example.com --networking=flannel --zones=tor1 --ssh-public-key=~/.ssh/id_rsa.pub
kops update cluster my-cluster.example.com --yes
# ubuntu + weave overlay cluster in nyc1 using larger droplets
kops create cluster --cloud=digitalocean --name=my-cluster.example.com --image=ubuntu-16-04-x64 --networking=weave --zones=nyc1 --ssh-public-key=~/.ssh/id_rsa.pub --node-size=s-8vcpu-32gb
# ubuntu + calico overlay cluster in nyc1 using larger droplets
kops create cluster --cloud=digitalocean --name=my-cluster.example.com --image=ubuntu-16-04-x64 --networking=calico --zones=nyc1 --ssh-public-key=~/.ssh/id_rsa.pub --node-size=s-8vcpu-32gb
kops update cluster my-cluster.example.com --yes
# debian + flannel overlay cluster in ams3 using optimized droplets

4
docs/getting_started/openstack.md
View File

@ -48,7 +48,7 @@ If your OpenStack does not have Swift you can use any other VFS store, such as S
# to see your etcd storage type
openstack volume type list
# coreos (the default) + flannel overlay cluster in Default
# coreos (the default) + calico overlay cluster in Default
kops create cluster \
--cloud openstack \
--name my-cluster.k8s.local \
@ -65,7 +65,7 @@ kops create cluster \
--topology private \
--bastion \
--ssh-public-key ~/.ssh/id_rsa.pub \
--networking weave \
--networking calico \
--os-ext-net <externalnetworkname>
# to update a cluster

4
docs/manifests_and_customizing_via_api.md
View File

@ -38,7 +38,7 @@ export KOPS_STATE_STORE=s3://example-state-store
kops create cluster $NAME \
--zones "us-east-2a,us-east-2b,us-east-2c" \
--master-zones "us-east-2a,us-east-2b,us-east-2c" \
--networking weave \
--networking calico \
--topology private \
--bastion \
--node-count 3 \
@ -94,7 +94,7 @@ spec:
networkCIDR: 172.20.0.0/16
networkID: vpc-6335dd1a
networking:
weave: {}
calico: {}
nonMasqueradeCIDR: 100.64.0.0/10
sshAccess:
- 0.0.0.0/0

1
docs/networking.md
View File

@ -70,7 +70,6 @@ Several CNI providers are currently built into kOps:
* [Cilium](networking/cilium.md)
* [Flannel](networking/flannel.md)
* [Kube-router](networking/kube-router.md)
* [Weave](networking/weave.md)
kOps makes it easy for cluster operators to choose one of these options. The manifests for the providers
are included with kOps, and you simply use `--networking <provider-name>`. Replace the provider name

110
docs/networking/weave.md
View File

@ -1,110 +0,0 @@
### Weave
&#9888; The Weave CNI is not supported for Kubernetes 1.23 or later.
#### Installation
To use the Weave, specify the following in the cluster spec.
```yaml
networking:
weave: {}
```
The following command sets up a cluster using Weave.
```sh
export ZONES=mylistofzone
kops create cluster \
--zones $ZONES \
--networking weave \
--yes \
--name myclustername.mydns.io
```
### Configuring Weave MTU
The Weave MTU is configurable by editing the cluster and setting `mtu` option in the weave configuration.
AWS VPCs support jumbo frames, so on cluster creation kOps sets the weave MTU to 8912 bytes (9001 minus overhead).
```yaml
spec:
networking:
weave:
mtu: 8912
```
### Configuring Weave Net EXTRA_ARGS
Weave allows you to pass command line arguments to weave by adding those arguments to the EXTRA_ARGS environmental variable.
This can be used for debugging or for customizing the logging level of weave net.
```yaml
spec:
networking:
weave:
netExtraArgs: "--log-level=info"
```
Note that it is possible to break the cluster networking if flags are improperly used and as such this option should be used with caution.
### Configuring Weave NPC EXTRA_ARGS
Weave-npc (the Weave network policy controller) allows you to customize arguments of the running binary by setting the EXTRA_ARGS environmental variable.
This can be used for debugging or for customizing the logging level of weave npc.
```yaml
spec:
networking:
weave:
npcExtraArgs: "--log-level=info"
```
Note that it is possible to break the cluster networking if flags are improperly used and as such this option should be used with caution.
### Configuring Weave network encryption
The Weave network encryption is configurable by creating a weave network secret password.
Weaveworks recommends choosing a secret with [at least 50 bits of entropy](https://www.weave.works/docs/net/latest/tasks/manage/security-untrusted-networks/).
If no password is supplied, kOps will generate one at random.
```sh
cat /dev/urandom | tr -dc A-Za-z0-9 | head -c9 > password
kops create secret weavepassword -f password
kops update cluster
```
Since unencrypted nodes will not be able to connect to nodes configured with encryption enabled, this configuration cannot be changed easily without downtime.
### Override Weave image tag
{{ kops_feature_table(kops_added_default='1.19', k8s_min='1.12') }}
Weave networking comes with default specs and version which are the recommended ones, already configured by kOps .
In case users want to override Weave image tag, thus default version, specs should be customized as follows:
```yaml
spec:
networking:
weave:
version: "2.7.0"
```
### Override default CPU/Memory resources
Weave networking comes with default specs related to CPU/Memory requests and limits, already configured by kOps.
In case users want to override default values, specs should be customized as follows:
```yaml
spec:
networking:
weave:
memoryRequest: 300Mi
cpuRequest: 100m
memoryLimit: 300Mi
cpuLimit: 100m
npcMemoryRequest: 300Mi
npcCPURequest: 100m
npcMemoryLimit: 300Mi
npcCPULimit: 100m
```
> **NOTE**: These are just example values and not necessarily the recommended values. You should override the default values according to your needs.

18
docs/operations/images.md
View File

@ -49,7 +49,7 @@ The following table provides the support status for various distros with regards
| [RHEL 9](#rhel-9) | 1.27 | - | - | - |
| [Rocky 8](#rocky-8) | 1.23.2 | 1.24 | - | - |
| Ubuntu 16.04 | 1.5 | 1.10 | 1.17 | 1.20 |
| [Ubuntu 18.04](#ubuntu-1804-bionic) | 1.10 | 1.16 | 1.26 | - |
| Ubuntu 18.04 | 1.10 | 1.16 | 1.26 | 1.28 |
| [Ubuntu 20.04](#ubuntu-2004-focal) | 1.16.2 | 1.18 | - | - |
| [Ubuntu 22.04](#ubuntu-2204-jammy) | 1.23 | 1.24 | - | - |
@ -241,22 +241,6 @@ az vm image list --all --output table \
--publisher Canonical --offer 0001-com-ubuntu-server-jammy --sku 22_04-lts-gen2
```
## Deprecated Distros
### Ubuntu 18.04 (Bionic)
Ubuntu 18.04.5 is based on Kernel version **5.4** which fixes all the known major Kernel bugs.
Earlier patch versions may still work, but are not recommended nor supported.
Available images can be listed using:
```bash
aws ec2 describe-images --region us-east-1 --output table \
--owners 099720109477 \
--query "sort_by(Images, &CreationDate)[*].[CreationDate,Name,ImageId]" \
--filters "Name=name,Values=ubuntu/images/hvm-ssd/ubuntu-bionic-18.04-amd64-*"
```
## Owner aliases
kOps supports owner aliases for the official accounts of supported distros:

8
docs/operations/rotate-secrets.md
View File

@ -177,14 +177,6 @@ Following that, use `kops update cluster --yes` and `kops rolling-update cluster
Use `kops create secret dockerconfig --force` to update the Docker secret.
Following that, use `kops update cluster --yes` and `kops rolling-update cluster --yes`.
## Rotating the Weave password
It is not possible to rotate the Weave password without a disruptive partition of the Weave network.
As of the writing of this document, this is a limitation of Weave itself.
Use `kops create secret weavepassword --force` to update the Docker secret.
Following that, use `kops update cluster --yes` and `kops rolling-update cluster --cloudonly --yes`.
## Legacy procedure
The following is the procedure to rotate secrets and keypairs in kOps versions

36
docs/releases/1.28-NOTES.md Normal file
View File

@ -0,0 +1,36 @@
## Release notes for kOps 1.28 series
**&#9888; kOps 1.28 has not been released yet! &#9888;**
This is a document to gather the release notes prior to the release.
# Significant changes
## AWS
## GCP
## Openstack
# Breaking changes
## Other breaking changes
* Support for Kubernetes version 1.22 has been removed.
* Support for Ubuntu 18.04 is has been removed.
# Deprecations
* Support for Kubernetes version 1.23 is deprecated and will be removed in kOps 1.29.
* Support for Kubernetes version 1.24 is deprecated and will be removed in kOps 1.30.
* Support for AWS Classic Load Balancer for API is deprecated and should not be used for newly created clusters.
* All legacy addons are deprecated in favor of managed addons, including the [metrics server addon](https://github.com/kubernetes/kops/tree/master/addons/metrics-server) and the [autoscaler addon](https://github.com/kubernetes/kops/tree/master/addons/cluster-autoscaler).
# Help Wanted
* kOps needs maintainers for Canal, Flannel, and Kube-Router to keep versions up to date and move the integration from experimental to stable.
If no volunteers step up by the time kOps 1.27 is released, support will be phased out.

2
hack/dev-build.sh
View File

@ -80,7 +80,7 @@ KOPS_CREATE=${KOPS_CREATE:-yes}
# NETWORK
TOPOLOGY=${TOPOLOGY:-private}
NETWORKING=${NETWORKING:-weave}
NETWORKING=${NETWORKING:-calico}
# How verbose go logging is
VERBOSITY=${VERBOSITY:-10}

1
mkdocs.yml
View File

@ -106,7 +106,6 @@ nav:
- Cilium: "networking/cilium.md"
- Flannel: "networking/flannel.md"
- Kube-Router: "networking/kube-router.md"
- Weave: "networking/weave.md"
- IPv6: "networking/ipv6.md"
- Run kOps in an existing VPC: "run_in_existing_vpc.md"
- Supported network topologies: "topology.md"

1
permalinks/upgrade_k8s.md
View File

@ -17,6 +17,7 @@ Kops will remove support for Kubernetes versions as follows:
| 1.27 | 1.21 |
| 1.28 | 1.22 |
| 1.29 | 1.23 |
| 1.30 | 1.24 |
You are running a version of kubernetes that we recommend upgrading.

45
pkg/apis/kops/parse_test.go
View File

@ -129,48 +129,3 @@ func TestParseConfigYAML(t *testing.T) {
})
}
}
func TestWeaveParseConfigYAML(t *testing.T) {
grid := []struct {
Config string
ExpectedValue string
}{
{
Config: "networking: { weave: { memoryRequest: 500Mi, cpuRequest: 100m, npcMemoryRequest: 100Mi, npcCPURequest: 50m} }",
ExpectedValue: "50m",
},
{
Config: "networking: {}",
ExpectedValue: "",
},
}
for i := range grid {
g := grid[i]
t.Run(fmt.Sprintf("%q", g.Config), func(t *testing.T) {
config := ClusterSpec{}
err := utils.YamlUnmarshal([]byte(g.Config), &config)
if err != nil {
t.Errorf("error parsing configuration %q: %v", g.Config, err)
return
}
var actual string
if nil != config.Networking.Weave {
actual = config.Networking.Weave.NPCCPURequest.String()
}
if g.ExpectedValue == "" {
if actual != "" {
t.Errorf("expected empty value for Networking.Weave.NPCCPURequest.String(), got %v", actual)
return
}
} else {
if actual == "" {
t.Errorf("expected %v value for Networking.Weave.NPCCPURequest.String(), got empty string", g.ExpectedValue)
return
} else if actual != g.ExpectedValue {
t.Errorf("expected %v value for Networking.Weave.NPCCPURequest.String(), got %v", g.ExpectedValue, actual)
return
}
}
})
}
}

5
pkg/apis/kops/validation/validation.go
View File

@ -1050,11 +1050,6 @@ func validateNetworking(cluster *kops.Cluster, v *kops.NetworkingSpec, fldPath *
}
if v.Weave != nil {
if optionTaken {
allErrs = append(allErrs, field.Forbidden(fldPath.Child("weave"), "only one networking option permitted"))
}
optionTaken = true
allErrs = append(allErrs, field.Forbidden(fldPath.Child("weave"), "Weave is no longer supported"))
}

6
pkg/model/openstackmodel/firewall.go
View File

@ -461,12 +461,6 @@ func (b *FirewallModelBuilder) addCNIRules(c *fi.CloudupModelBuilderContext, sgM
tcpPorts = append(tcpPorts, 4240)
}
if b.Cluster.Spec.Networking.Weave != nil {
udpPorts = append(udpPorts, 6783)
tcpPorts = append(tcpPorts, 6783)
udpPorts = append(udpPorts, 6784)
}
if b.Cluster.Spec.Networking.Flannel != nil {
switch b.Cluster.Spec.Networking.Flannel.Backend {
case "", "udp":

2
tests/e2e/pkg/tester/skip_regex.go
View File

@ -54,7 +54,7 @@ func (t *Tester) setSkipRegexFlag() error {
networking := cluster.Spec.LegacyNetworking
switch {
case networking.Kubenet != nil, networking.Canal != nil, networking.Weave != nil, networking.Cilium != nil:
case networking.Kubenet != nil, networking.Canal != nil, networking.Cilium != nil:
skipRegex += "|Services.*rejected.*endpoints"
}
if networking.Cilium != nil {

100
tests/integration/create_cluster/minimal-1.22/expected-v1alpha2.yaml
View File

@ -1,100 +0,0 @@
apiVersion: kops.k8s.io/v1alpha2
kind: Cluster
metadata:
creationTimestamp: "2017-01-01T00:00:00Z"
name: minimal.example.com
spec:
api:
dns: {}
authorization:
rbac: {}
channel: stable
cloudProvider: aws
configBase: memfs://tests/minimal.example.com
etcdClusters:
- cpuRequest: 200m
etcdMembers:
- encryptedVolume: true
instanceGroup: control-plane-us-test-1a
name: a
manager:
backupRetentionDays: 90
memoryRequest: 100Mi
name: main
- cpuRequest: 100m
etcdMembers:
- encryptedVolume: true
instanceGroup: control-plane-us-test-1a
name: a
manager:
backupRetentionDays: 90
memoryRequest: 100Mi
name: events
iam:
allowContainerRegistry: true
legacy: false
kubelet:
anonymousAuth: false
kubernetesApiAccess:
- 0.0.0.0/0
- ::/0
kubernetesVersion: v1.22.0
masterPublicName: api.minimal.example.com
networkCIDR: 172.20.0.0/16
networking:
cni: {}
nonMasqueradeCIDR: 100.64.0.0/10
sshAccess:
- 0.0.0.0/0
- ::/0
subnets:
- cidr: 172.20.32.0/19
name: us-test-1a
type: Public
zone: us-test-1a
topology:
dns:
type: Public
masters: public
nodes: public
---
apiVersion: kops.k8s.io/v1alpha2
kind: InstanceGroup
metadata:
creationTimestamp: "2017-01-01T00:00:00Z"
labels:
kops.k8s.io/cluster: minimal.example.com
name: control-plane-us-test-1a
spec:
image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20230502
instanceMetadata:
httpTokens: required
machineType: m3.medium
maxSize: 1
minSize: 1
role: Master
subnets:
- us-test-1a
---
apiVersion: kops.k8s.io/v1alpha2
kind: InstanceGroup
metadata:
creationTimestamp: "2017-01-01T00:00:00Z"
labels:
kops.k8s.io/cluster: minimal.example.com
name: nodes-us-test-1a
spec:
image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20230502
instanceMetadata:
httpPutResponseHopLimit: 1
httpTokens: required
machineType: t2.medium
maxSize: 1
minSize: 1
role: Node
subnets:
- us-test-1a

6
tests/integration/create_cluster/minimal-1.22/options.yaml
View File

@ -1,6 +0,0 @@
ClusterName: minimal.example.com
Zones:
- us-test-1a
CloudProvider: aws
Networking: cni
KubernetesVersion: v1.22.0

296
upup/models/cloudup/resources/addons/networking.weave/k8s-1.12.yaml.template
View File

@ -1,296 +0,0 @@
# Pulled and modified from: https://github.com/weaveworks/weave/releases/download/v2.8.1/weave-daemonset-k8s-1.11.yaml
{{- if WeaveSecret }}
apiVersion: v1
kind: Secret
metadata:
name: weave-net
namespace: kube-system
stringData:
network-password: {{ WeaveSecret }}
---
{{- end }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: weave-net
labels:
name: weave-net
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: weave-net
labels:
name: weave-net
rules:
- apiGroups:
- ''
resources:
- pods
- namespaces
- nodes
verbs:
- get
- list
- watch
- apiGroups:
- extensions
resources:
- networkpolicies
verbs:
- get
- list
- watch
- apiGroups:
- 'networking.k8s.io'
resources:
- networkpolicies
verbs:
- get
- list
- watch
- apiGroups:
- ''
resources:
- nodes/status
verbs:
- patch
- update
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: weave-net
labels:
name: weave-net
roleRef:
kind: ClusterRole
name: weave-net
apiGroup: rbac.authorization.k8s.io
subjects:
- kind: ServiceAccount
name: weave-net
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: weave-net
namespace: kube-system
labels:
name: weave-net
rules:
- apiGroups:
- ''
resources:
- configmaps
resourceNames:
- weave-net
verbs:
- get
- update
- apiGroups:
- ''
resources:
- configmaps
verbs:
- create
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: weave-net
namespace: kube-system
labels:
name: weave-net
roleRef:
kind: Role
name: weave-net
apiGroup: rbac.authorization.k8s.io
subjects:
- kind: ServiceAccount
name: weave-net
namespace: kube-system
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: weave-net
labels:
name: weave-net
namespace: kube-system
spec:
# Wait 5 seconds to let pod connect before rolling next pod
selector:
matchLabels:
name: weave-net
minReadySeconds: 5
template:
metadata:
labels:
name: weave-net
annotations:
prometheus.io/scrape: "true"
spec:
initContainers:
- name: weave-init
image: 'weaveworks/weave-kube:{{ or .Networking.Weave.Version "2.8.1" }}'
command:
- /home/weave/init.sh
securityContext:
privileged: true
volumeMounts:
- name: cni-bin
mountPath: /host/opt
- name: cni-bin2
mountPath: /host/home
- name: cni-conf
mountPath: /host/etc
- name: lib-modules
mountPath: /lib/modules
- name: xtables-lock
mountPath: /run/xtables.lock
readOnly: false
containers:
- name: weave
command:
- /home/weave/launch.sh
env:
- name: INIT_CONTAINER
value: "true"
- name: HOSTNAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: spec.nodeName
- name: IPALLOC_RANGE
value: {{ .KubeControllerManager.ClusterCIDR }}
{{- if .Networking.Weave.MTU }}
- name: WEAVE_MTU
value: "{{ .Networking.Weave.MTU }}"
{{- end }}
{{- if .Networking.Weave.NoMasqLocal }}
- name: NO_MASQ_LOCAL
value: "{{ .Networking.Weave.NoMasqLocal }}"
{{- end }}
{{- if .Networking.Weave.ConnLimit }}
- name: CONN_LIMIT
value: "{{ .Networking.Weave.ConnLimit }}"
{{- end }}
{{- if .Networking.Weave.NetExtraArgs }}
- name: EXTRA_ARGS
value: "{{ .Networking.Weave.NetExtraArgs }}"
{{- end }}
{{- if WeaveSecret }}
- name: WEAVE_PASSWORD
valueFrom:
secretKeyRef:
name: weave-net
key: network-password
{{- end }}
image: 'weaveworks/weave-kube:{{ or .Networking.Weave.Version "2.8.1" }}'
ports:
- name: metrics
containerPort: 6782
readinessProbe:
httpGet:
host: 127.0.0.1
path: /status
port: 6784
resources:
requests:
cpu: {{ or .Networking.Weave.CPURequest "50m" }}
memory: {{ or .Networking.Weave.MemoryRequest "200Mi" }}
limits:
{{- if .Networking.Weave.CPULimit }}
cpu: {{ .Networking.Weave.CPULimit }}
{{- end }}
memory: {{ or .Networking.Weave.MemoryLimit "200Mi" }}
securityContext:
privileged: true
volumeMounts:
- name: weavedb
mountPath: /weavedb
- name: dbus
mountPath: /host/var/lib/dbus
readOnly: true
- mountPath: /host/etc/machine-id
name: cni-machine-id
readOnly: true
- name: xtables-lock
mountPath: /run/xtables.lock
readOnly: false
- name: weave-npc
env:
- name: HOSTNAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: spec.nodeName
{{- if .Networking.Weave.NPCExtraArgs }}
- name: EXTRA_ARGS
value: "{{ .Networking.Weave.NPCExtraArgs }}"
{{- end }}
image: 'weaveworks/weave-npc:{{ or .Networking.Weave.Version "2.8.1" }}'
ports:
- name: metrics
containerPort: 6781
resources:
requests:
cpu: {{ or .Networking.Weave.NPCCPURequest "50m" }}
memory: {{ or .Networking.Weave.NPCMemoryRequest "200Mi" }}
limits:
{{- if .Networking.Weave.NPCCPULimit }}
cpu: {{ .Networking.Weave.NPCCPULimit }}
{{- end }}
memory: {{ or .Networking.Weave.NPCMemoryLimit "200Mi" }}
securityContext:
privileged: true
volumeMounts:
- name: xtables-lock
mountPath: /run/xtables.lock
readOnly: false
hostNetwork: true
dnsPolicy: ClusterFirstWithHostNet
hostPID: false
restartPolicy: Always
securityContext:
seLinuxOptions: {}
serviceAccountName: weave-net
tolerations:
- effect: NoSchedule
operator: Exists
- effect: NoExecute
operator: Exists
volumes:
- name: weavedb
hostPath:
path: /var/lib/weave
- name: cni-bin
hostPath:
path: /opt
- name: cni-bin2
hostPath:
path: /home
- name: cni-conf
hostPath:
path: /etc
- name: cni-machine-id
hostPath:
path: /etc/machine-id
- name: dbus
hostPath:
path: /var/lib/dbus
- name: lib-modules
hostPath:
path: /lib/modules
- name: xtables-lock
hostPath:
path: /run/xtables.lock
type: FileOrCreate
priorityClassName: system-node-critical
updateStrategy:
type: RollingUpdate

3
upup/pkg/fi/cloudup/apply_cluster.go
View File

@ -83,7 +83,7 @@ const (
// OldestSupportedKubernetesVersion is the oldest kubernetes version that is supported in kOps.
OldestSupportedKubernetesVersion = "1.23.0"
// OldestRecommendedKubernetesVersion is the oldest kubernetes version that is not deprecated in kOps.
OldestRecommendedKubernetesVersion = "1.27.0"
OldestRecommendedKubernetesVersion = "1.25.0"
)
// TerraformCloudProviders is the list of cloud providers with terraform target support
@ -1582,7 +1582,6 @@ func (n *nodeUpConfigBuilder) buildWarmPoolImages(ig *kops.InstanceGroup) []stri
//"docker.io/calico/",
//"docker.io/cilium/",
//"docker.io/cloudnativelabs/kube-router:",
//"docker.io/weaveworks/",
"registry.k8s.io/kube-proxy:",
"registry.k8s.io/provider-aws/",
"registry.k8s.io/sig-storage/csi-node-driver-registrar:",

16
upup/pkg/fi/cloudup/bootstrapchannelbuilder/bootstrapchannelbuilder.go
View File

@ -975,22 +975,6 @@ func (b *BootstrapChannelBuilder) buildAddons(c *fi.CloudupModelBuilderContext)
}
}
if b.Cluster.Spec.Networking.Weave != nil {
key := "networking.weave"
{
location := key + "/k8s-1.12.yaml"
id := "k8s-1.12"
addons.Add(&channelsapi.AddonSpec{
Name: fi.PtrTo(key),
Selector: networkingSelector(),
Manifest: fi.PtrTo(location),
Id: id,
})
}
}
if b.Cluster.Spec.Networking.Flannel != nil {
key := "networking.flannel"

9
upup/pkg/fi/cloudup/new_cluster.go
View File

@ -1108,15 +1108,6 @@ func setupNetworking(opt *NewClusterOptions, cluster *api.Cluster) error {
cluster.Spec.Networking.CNI = &api.CNINetworkingSpec{}
case "kopeio-vxlan", "kopeio":
cluster.Spec.Networking.Kopeio = &api.KopeioNetworkingSpec{}
case "weave":
cluster.Spec.Networking.Weave = &api.WeaveNetworkingSpec{}
if cluster.Spec.GetCloudProvider() == api.CloudProviderAWS {
// AWS supports "jumbo frames" of 9001 bytes and weave adds up to 87 bytes overhead
// sets the default to the largest number that leaves enough overhead and is divisible by 4
jumboFrameMTUSize := int32(8912)
cluster.Spec.Networking.Weave.MTU = &jumboFrameMTUSize
}
case "flannel", "flannel-vxlan":
cluster.Spec.Networking.Flannel = &api.FlannelNetworkingSpec{
Backend: "vxlan",

12
upup/pkg/fi/cloudup/new_cluster_test.go
View File

@ -149,18 +149,6 @@ func TestSetupNetworking(t *testing.T) {
},
},
},
{
options: NewClusterOptions{
Networking: "weave",
},
expected: api.Cluster{
Spec: api.ClusterSpec{
Networking: api.NetworkingSpec{
Weave: &api.WeaveNetworkingSpec{},
},
},
},
},
{
options: NewClusterOptions{
Networking: "flannel",

14
upup/pkg/fi/cloudup/template_functions.go
View File

@ -324,20 +324,6 @@ func (tf *TemplateFunctions) AddTo(dest template.FuncMap, secretStore fi.SecretS
dest["FlannelBackendType"] = func() string { return flannelBackendType }
}
if cluster.Spec.Networking.Weave != nil {
weavesecretString := ""
weavesecret, _ := secretStore.Secret("weavepassword")
if weavesecret != nil {
weavesecretString, err = weavesecret.AsString()
if err != nil {
return err
}
klog.V(4).Info("Weave secret function successfully registered")
}
dest["WeaveSecret"] = func() string { return weavesecretString }
}
dest["CloudLabels"] = func() string {
labels := []string{
fmt.Sprintf("KubernetesCluster=%s", cluster.ObjectMeta.Name),

1
util/pkg/distributions/distributions.go
View File

@ -40,7 +40,6 @@ var (
DistributionDebian10 = Distribution{packageFormat: "deb", project: "debian", id: "buster", version: 10}
DistributionDebian11 = Distribution{packageFormat: "deb", project: "debian", id: "bullseye", version: 11}
DistributionDebian12 = Distribution{packageFormat: "deb", project: "debian", id: "bookworm", version: 12}
DistributionUbuntu1804 = Distribution{packageFormat: "deb", project: "ubuntu", id: "bionic", version: 18.04}
DistributionUbuntu2004 = Distribution{packageFormat: "deb", project: "ubuntu", id: "focal", version: 20.04}
DistributionUbuntu2010 = Distribution{packageFormat: "deb", project: "ubuntu", id: "groovy", version: 20.10}
DistributionUbuntu2104 = Distribution{packageFormat: "deb", project: "ubuntu", id: "hirsute", version: 21.04}

2
util/pkg/distributions/identify.go
View File

@ -58,8 +58,6 @@ func FindDistribution(rootfs string) (Distribution, error) {
return DistributionDebian11, nil
case "debian-12":
return DistributionDebian12, nil
case "ubuntu-18.04":
return DistributionUbuntu1804, nil
case "ubuntu-20.04":
return DistributionUbuntu2004, nil
case "ubuntu-20.10":

5
util/pkg/distributions/identify_test.go
View File

@ -114,11 +114,6 @@ func TestFindDistribution(t *testing.T) {
err: fmt.Errorf("unsupported distro: ubuntu-16.04"),
expected: Distribution{},
},
{
rootfs: "ubuntu1804",
err: nil,
expected: DistributionUbuntu1804,
},
{
rootfs: "ubuntu2004",
err: nil,