Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2025-08-07 22:42:22 -04:00
Code Issues Projects Releases Packages Wiki Activity

versions: add K8s v1.32; remove K8s v1.29 (#3895)

Browse source 
* versions: remove K8s v1.29

* versions: add K8s v1.32

* versions: default to K8s v1.31

* docs: add k8s v1.32

* versions: update microservice versions for k8s v1.32

* ci: bump k8s versions

* dev-docs: mention ci k8s bump

* bazel: ignore GO-2025-3770
This commit is contained in:
Moritz Sanft 2025-07-30 18:41:12 +02:00 committed by GitHub
parent 98666f9d7f
commit 31b8ff9dea
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
9 changed files with 150 additions and 141 deletions
Download patch file Download diff file Expand all files Collapse all files

26
.github/workflows/e2e-test-release.yml vendored
View file

@ -54,67 +54,67 @@ jobs:
- "azure-sev-snp"
- "azure-tdx"
- "aws-sev-snp"
kubernetes-version: ["v1.31"]
kubernetes-version: ["v1.32"]
clusterCreation: ["cli"]
runner: ["ubuntu-24.04"]
include:
# sonobuoy full test on all k8s versions
- test: "sonobuoy full"
attestationVariant: "gcp-sev-es"
kubernetes-version: "v1.30"
kubernetes-version: "v1.31"
runner: "ubuntu-24.04"
clusterCreation: "cli"
- test: "sonobuoy full"
attestationVariant: "gcp-sev-snp"
kubernetes-version: "v1.30"
kubernetes-version: "v1.31"
runner: "ubuntu-24.04"
clusterCreation: "cli"
- test: "sonobuoy full"
attestationVariant: "azure-sev-snp"
kubernetes-version: "v1.30"
kubernetes-version: "v1.31"
runner: "ubuntu-24.04"
clusterCreation: "cli"
- test: "sonobuoy full"
attestationVariant: "azure-tdx"
kubernetes-version: "v1.30"
kubernetes-version: "v1.31"
runner: "ubuntu-24.04"
clusterCreation: "cli"
- test: "sonobuoy full"
attestationVariant: "aws-sev-snp"
kubernetes-version: "v1.30"
kubernetes-version: "v1.31"
runner: "ubuntu-24.04"
clusterCreation: "cli"
- test: "sonobuoy full"
attestationVariant: "gcp-sev-es"
kubernetes-version: "v1.29"
kubernetes-version: "v1.30"
runner: "ubuntu-24.04"
clusterCreation: "cli"
- test: "sonobuoy full"
attestationVariant: "gcp-sev-snp"
kubernetes-version: "v1.29"
kubernetes-version: "v1.30"
runner: "ubuntu-24.04"
clusterCreation: "cli"
- test: "sonobuoy full"
attestationVariant: "azure-sev-snp"
kubernetes-version: "v1.29"
kubernetes-version: "v1.30"
runner: "ubuntu-24.04"
clusterCreation: "cli"
- test: "sonobuoy full"
attestationVariant: "azure-tdx"
kubernetes-version: "v1.29"
kubernetes-version: "v1.30"
runner: "ubuntu-24.04"
clusterCreation: "cli"
- test: "sonobuoy full"
attestationVariant: "aws-sev-snp"
kubernetes-version: "v1.29"
kubernetes-version: "v1.30"
runner: "ubuntu-24.04"
clusterCreation: "cli"
# s3proxy test on latest k8s version
- test: "s3proxy"
attestationVariant: "gcp-sev-es"
kubernetes-version: "v1.31"
kubernetes-version: "v1.32"
runner: "ubuntu-24.04"
clusterCreation: "cli"
@ -129,7 +129,7 @@ jobs:
# runner: "macos-latest"
- test: "recover"
attestationVariant: "gcp-sev-es"
kubernetes-version: "v1.31"
kubernetes-version: "v1.32"
runner: "macos-latest"
clusterCreation: "cli"
runs-on: ${{ matrix.runner }}

104
.github/workflows/e2e-test-weekly.yml vendored
View file

@ -55,257 +55,257 @@ jobs:
- test: "emergency ssh"
refStream: "ref/main/stream/debug/?"
attestationVariant: "gcp-sev-es"
kubernetes-version: "v1.30"
kubernetes-version: "v1.32"
clusterCreation: "cli"
- test: "emergency ssh"
refStream: "ref/main/stream/debug/?"
attestationVariant: "gcp-sev-snp"
kubernetes-version: "v1.30"
kubernetes-version: "v1.32"
clusterCreation: "cli"
- test: "emergency ssh"
refStream: "ref/main/stream/debug/?"
attestationVariant: "azure-sev-snp"
kubernetes-version: "v1.30"
kubernetes-version: "v1.32"
clusterCreation: "cli"
- test: "emergency ssh"
refStream: "ref/main/stream/debug/?"
attestationVariant: "azure-tdx"
kubernetes-version: "v1.30"
kubernetes-version: "v1.32"
clusterCreation: "cli"
- test: "emergency ssh"
refStream: "ref/main/stream/debug/?"
attestationVariant: "aws-sev-snp"
kubernetes-version: "v1.30"
kubernetes-version: "v1.32"
clusterCreation: "cli"
# Sonobuoy full test on latest k8s version
- test: "sonobuoy full"
refStream: "ref/main/stream/debug/?"
attestationVariant: "gcp-sev-es"
kubernetes-version: "v1.30"
kubernetes-version: "v1.32"
clusterCreation: "cli"
- test: "sonobuoy full"
refStream: "ref/main/stream/debug/?"
attestationVariant: "gcp-sev-snp"
kubernetes-version: "v1.30"
kubernetes-version: "v1.32"
clusterCreation: "cli"
- test: "sonobuoy full"
refStream: "ref/main/stream/debug/?"
attestationVariant: "azure-sev-snp"
kubernetes-version: "v1.30"
kubernetes-version: "v1.32"
clusterCreation: "cli"
- test: "sonobuoy full"
refStream: "ref/main/stream/debug/?"
attestationVariant: "azure-tdx"
kubernetes-version: "v1.30"
kubernetes-version: "v1.32"
clusterCreation: "cli"
- test: "sonobuoy full"
refStream: "ref/main/stream/debug/?"
attestationVariant: "aws-sev-snp"
kubernetes-version: "v1.30"
kubernetes-version: "v1.32"
clusterCreation: "cli"
# Sonobuoy conformance test
- test: "sonobuoy conformance"
refStream: "ref/main/stream/debug/?"
attestationVariant: "gcp-sev-snp"
kubernetes-version: "v1.30"
kubernetes-version: "v1.32"
clusterCreation: "cli"
# Sonobuoy quick test on all but the latest k8s versions
- test: "sonobuoy quick"
refStream: "ref/main/stream/debug/?"
attestationVariant: "gcp-sev-es"
kubernetes-version: "v1.30"
kubernetes-version: "v1.31"
clusterCreation: "cli"
- test: "sonobuoy quick"
refStream: "ref/main/stream/debug/?"
attestationVariant: "gcp-sev-snp"
kubernetes-version: "v1.30"
kubernetes-version: "v1.31"
clusterCreation: "cli"
- test: "sonobuoy quick"
refStream: "ref/main/stream/debug/?"
attestationVariant: "azure-sev-snp"
kubernetes-version: "v1.30"
kubernetes-version: "v1.31"
clusterCreation: "cli"
- test: "sonobuoy quick"
refStream: "ref/main/stream/debug/?"
attestationVariant: "azure-tdx"
kubernetes-version: "v1.30"
kubernetes-version: "v1.31"
clusterCreation: "cli"
- test: "sonobuoy quick"
refStream: "ref/main/stream/debug/?"
attestationVariant: "aws-sev-snp"
kubernetes-version: "v1.30"
kubernetes-version: "v1.31"
clusterCreation: "cli"
- test: "sonobuoy quick"
refStream: "ref/main/stream/debug/?"
attestationVariant: "gcp-sev-es"
kubernetes-version: "v1.29"
kubernetes-version: "v1.30"
clusterCreation: "cli"
- test: "sonobuoy quick"
refStream: "ref/main/stream/debug/?"
attestationVariant: "gcp-sev-snp"
kubernetes-version: "v1.29"
kubernetes-version: "v1.30"
clusterCreation: "cli"
- test: "sonobuoy quick"
refStream: "ref/main/stream/debug/?"
attestationVariant: "azure-sev-snp"
kubernetes-version: "v1.29"
kubernetes-version: "v1.30"
clusterCreation: "cli"
- test: "sonobuoy quick"
refStream: "ref/main/stream/debug/?"
attestationVariant: "azure-tdx"
kubernetes-version: "v1.29"
kubernetes-version: "v1.30"
clusterCreation: "cli"
- test: "sonobuoy quick"
refStream: "ref/main/stream/debug/?"
attestationVariant: "aws-sev-snp"
kubernetes-version: "v1.29"
kubernetes-version: "v1.30"
clusterCreation: "cli"
# verify test on latest k8s version
- test: "verify"
refStream: "ref/main/stream/debug/?"
attestationVariant: "gcp-sev-es"
kubernetes-version: "v1.30"
kubernetes-version: "v1.32"
clusterCreation: "cli"
- test: "verify"
refStream: "ref/main/stream/debug/?"
attestationVariant: "gcp-sev-snp"
kubernetes-version: "v1.30"
kubernetes-version: "v1.32"
clusterCreation: "cli"
- test: "verify"
refStream: "ref/main/stream/debug/?"
attestationVariant: "azure-sev-snp"
kubernetes-version: "v1.30"
kubernetes-version: "v1.32"
azureSNPEnforcementPolicy: "equal" # This run checks for unknown ID Key disgests.
clusterCreation: "cli"
- test: "verify"
refStream: "ref/main/stream/debug/?"
attestationVariant: "azure-tdx"
kubernetes-version: "v1.30"
kubernetes-version: "v1.32"
clusterCreation: "cli"
- test: "verify"
attestationVariant: "aws-sev-snp"
refStream: "ref/main/stream/debug/?"
kubernetes-version: "v1.30"
kubernetes-version: "v1.32"
clusterCreation: "cli"
# recover test on latest k8s version
- test: "recover"
refStream: "ref/main/stream/debug/?"
attestationVariant: "gcp-sev-es"
kubernetes-version: "v1.30"
kubernetes-version: "v1.32"
clusterCreation: "cli"
- test: "recover"
refStream: "ref/main/stream/debug/?"
attestationVariant: "gcp-sev-snp"
kubernetes-version: "v1.30"
kubernetes-version: "v1.32"
clusterCreation: "cli"
- test: "recover"
refStream: "ref/main/stream/debug/?"
attestationVariant: "azure-sev-snp"
kubernetes-version: "v1.30"
kubernetes-version: "v1.32"
clusterCreation: "cli"
- test: "recover"
refStream: "ref/main/stream/debug/?"
attestationVariant: "azure-tdx"
kubernetes-version: "v1.30"
kubernetes-version: "v1.32"
clusterCreation: "cli"
- test: "recover"
refStream: "ref/main/stream/debug/?"
attestationVariant: "aws-sev-snp"
kubernetes-version: "v1.30"
kubernetes-version: "v1.32"
clusterCreation: "cli"
# lb test on latest k8s version
- test: "lb"
refStream: "ref/main/stream/debug/?"
attestationVariant: "gcp-sev-es"
kubernetes-version: "v1.30"
kubernetes-version: "v1.32"
clusterCreation: "cli"
- test: "lb"
refStream: "ref/main/stream/debug/?"
attestationVariant: "gcp-sev-snp"
kubernetes-version: "v1.30"
kubernetes-version: "v1.32"
clusterCreation: "cli"
- test: "lb"
refStream: "ref/main/stream/debug/?"
attestationVariant: "azure-sev-snp"
kubernetes-version: "v1.30"
kubernetes-version: "v1.32"
clusterCreation: "cli"
- test: "lb"
refStream: "ref/main/stream/debug/?"
attestationVariant: "azure-tdx"
kubernetes-version: "v1.30"
kubernetes-version: "v1.32"
clusterCreation: "cli"
- test: "lb"
refStream: "ref/main/stream/debug/?"
attestationVariant: "aws-sev-snp"
kubernetes-version: "v1.30"
kubernetes-version: "v1.32"
clusterCreation: "cli"
# autoscaling test on latest k8s version
- test: "autoscaling"
refStream: "ref/main/stream/debug/?"
attestationVariant: "gcp-sev-es"
kubernetes-version: "v1.30"
kubernetes-version: "v1.32"
clusterCreation: "cli"
- test: "autoscaling"
refStream: "ref/main/stream/debug/?"
attestationVariant: "gcp-sev-snp"
kubernetes-version: "v1.30"
kubernetes-version: "v1.32"
clusterCreation: "cli"
- test: "autoscaling"
refStream: "ref/main/stream/debug/?"
attestationVariant: "azure-sev-snp"
kubernetes-version: "v1.30"
kubernetes-version: "v1.32"
clusterCreation: "cli"
- test: "autoscaling"
refStream: "ref/main/stream/debug/?"
attestationVariant: "azure-tdx"
kubernetes-version: "v1.30"
kubernetes-version: "v1.32"
clusterCreation: "cli"
- test: "autoscaling"
refStream: "ref/main/stream/debug/?"
attestationVariant: "aws-sev-snp"
kubernetes-version: "v1.30"
kubernetes-version: "v1.32"
clusterCreation: "cli"
# perf-bench test on latest k8s version
- test: "perf-bench"
refStream: "ref/main/stream/nightly/?"
attestationVariant: "gcp-sev-es"
kubernetes-version: "v1.30"
kubernetes-version: "v1.32"
clusterCreation: "cli"
- test: "perf-bench"
refStream: "ref/main/stream/nightly/?"
attestationVariant: "gcp-sev-snp"
kubernetes-version: "v1.30"
kubernetes-version: "v1.32"
clusterCreation: "cli"
- test: "perf-bench"
refStream: "ref/main/stream/nightly/?"
attestationVariant: "azure-sev-snp"
kubernetes-version: "v1.30"
kubernetes-version: "v1.32"
clusterCreation: "cli"
- test: "perf-bench"
refStream: "ref/main/stream/nightly/?"
attestationVariant: "azure-tdx"
kubernetes-version: "v1.30"
kubernetes-version: "v1.32"
clusterCreation: "cli"
- test: "perf-bench"
refStream: "ref/main/stream/nightly/?"
attestationVariant: "aws-sev-snp"
kubernetes-version: "v1.30"
kubernetes-version: "v1.32"
clusterCreation: "cli"
# s3proxy test on latest k8s version
- test: "s3proxy"
refStream: "ref/main/stream/debug/?"
attestationVariant: "gcp-sev-es"
kubernetes-version: "v1.30"
kubernetes-version: "v1.32"
clusterCreation: "cli"
#
@ -316,27 +316,27 @@ jobs:
- test: "verify"
refStream: "ref/release/stream/stable/?"
attestationVariant: "gcp-sev-es"
kubernetes-version: "v1.30"
kubernetes-version: "v1.31"
clusterCreation: "cli"
- test: "verify"
refStream: "ref/release/stream/stable/?"
attestationVariant: "gcp-sev-snp"
kubernetes-version: "v1.30"
kubernetes-version: "v1.31"
clusterCreation: "cli"
- test: "verify"
refStream: "ref/release/stream/stable/?"
attestationVariant: "azure-sev-snp"
kubernetes-version: "v1.30"
kubernetes-version: "v1.31"
clusterCreation: "cli"
- test: "verify"
refStream: "ref/release/stream/stable/?"
attestationVariant: "azure-tdx"
kubernetes-version: "v1.30"
kubernetes-version: "v1.31"
clusterCreation: "cli"
- test: "verify"
refStream: "ref/release/stream/stable/?"
attestationVariant: "aws-sev-snp"
kubernetes-version: "v1.30"
kubernetes-version: "v1.31"
clusterCreation: "cli"
runs-on: ubuntu-24.04

1
bazel/ci/govulncheck.sh.in
View file

@ -30,6 +30,7 @@ check_module() {
excluded_osvs=(
"GO-2025-3521" # Kubernetes GitRepo Volume Inadvertent Local Repository Access
"GO-2025-3547" # Kubernetes kube-apiserver Vulnerable to Race Condition
"GO-2025-3770" # Host Header Injection which Leads to Open Redirect in RedirectSlashes in github.com/go-chi/chi
)
# shellcheck disable=SC2016 # The $ sign in the single quoted string is correct.

2
dev-docs/workflows/upgrade-kubernetes.md
View file

@ -27,6 +27,8 @@ curl -qL https://mcr.microsoft.com/v2/oss/kubernetes/azure-cloud-node-manager/ta
Normally renovate will handle the upgrading of Kubernetes dependencies.
Also, don't forget to update the Kubernetes versions tested in the CI. (e.g. release, weekly E2E tests)
## Test the new Kubernetes version
- Setup a Constellation cluster using the new image with the new bootstrapper binary and check if Kubernetes is deployed successfully.

2
docs/docs/architecture/versions.md
View file

@ -16,6 +16,6 @@ Subsequent Constellation releases drop support for the oldest (and deprecated) K
The following Kubernetes versions are currently supported:
<!--AUTO_GENERATED_BY_BAZEL-->
<!--DO_NOT_EDIT-->
* v1.29.15
* v1.30.14
* v1.31.11
* v1.32.7

2
docs/docs/reference/cli.md
View file

@ -81,7 +81,7 @@ constellation config generate {aws|azure|gcp|openstack|qemu|stackit} [flags]
```
-a, --attestation string attestation variant to use {aws-sev-snp|aws-nitro-tpm|azure-sev-snp|azure-tdx|azure-trustedlaunch|gcp-sev-snp|gcp-sev-es|qemu-vtpm}. If not specified, the default for the cloud provider is used
-h, --help help for generate
-k, --kubernetes string Kubernetes version to use in format MAJOR.MINOR (default "v1.30")
-k, --kubernetes string Kubernetes version to use in format MAJOR.MINOR (default "v1.31")
-t, --tags strings additional tags for created resources given a list of key=value
```

144
internal/versions/versions.go
View file

@ -100,12 +100,12 @@ func ResolveK8sPatchVersion(k8sVersion string) (string, error) {
// supported patch version as PATCH.
func k8sVersionFromMajorMinor(version string) string {
switch version {
case semver.MajorMinor(string(V1_29)):
return string(V1_29)
case semver.MajorMinor(string(V1_30)):
return string(V1_30)
case semver.MajorMinor(string(V1_31)):
return string(V1_31)
case semver.MajorMinor(string(V1_32)):
return string(V1_32)
default:
return ""
}
@ -181,14 +181,14 @@ const (
// currently supported versions.
//nolint:revive
V1_29 ValidK8sVersion = "v1.29.15" // renovate:kubernetes-release
//nolint:revive
V1_30 ValidK8sVersion = "v1.30.14" // renovate:kubernetes-release
//nolint:revive
V1_31 ValidK8sVersion = "v1.31.11" // renovate:kubernetes-release
//nolint:revive
V1_32 ValidK8sVersion = "v1.32.7" // renovate:kubernetes-release
// Default k8s version deployed by Constellation.
Default ValidK8sVersion = V1_30
Default ValidK8sVersion = V1_31
)
// Regenerate the hashes by running go generate.
@ -197,73 +197,6 @@ const (
// VersionConfigs holds download URLs for all required kubernetes components for every supported version.
var VersionConfigs = map[ValidK8sVersion]KubernetesVersion{
V1_29: {
ClusterVersion: "v1.29.15", // renovate:kubernetes-release
KubernetesComponents: components.Components{
{
Url: "https://github.com/containernetworking/plugins/releases/download/v1.7.1/cni-plugins-linux-amd64-v1.7.1.tgz", // renovate:cni-plugins-release
Hash: "sha256:1a28a0506bfe5bcdc981caf1a49eeab7e72da8321f1119b7be85f22621013098",
InstallPath: constants.CniPluginsDir,
Extract: true,
},
{
Url: "https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.33.0/crictl-v1.33.0-linux-amd64.tar.gz", // renovate:crictl-release
Hash: "sha256:8307399e714626e69d1213a4cd18c8dec3d0201ecdac009b1802115df8973f0f",
InstallPath: constants.BinDir,
Extract: true,
},
{
Url: "https://dl.k8s.io/v1.29.15/bin/linux/amd64/kubelet", // renovate:kubernetes-release
Hash: "sha256:cd0228a5820f98bbb6371344e5d6645f6486d767c30f927a1d0ec8d17eca4da5",
InstallPath: constants.KubeletPath,
Extract: false,
},
{
Url: "https://dl.k8s.io/v1.29.15/bin/linux/amd64/kubeadm", // renovate:kubernetes-release
Hash: "sha256:d0744fbaa1e67fc65c4a3409f083e01a4ede58181c759b2feeb08b1ef10d6201",
InstallPath: constants.KubeadmPath,
Extract: false,
},
{
Url: "https://dl.k8s.io/v1.29.15/bin/linux/amd64/kubectl", // renovate:kubernetes-release
Hash: "sha256:3473e14c7b024a6e5403c6401b273b3faff8e5b1fed022d633815eb3168e4516",
InstallPath: constants.KubectlPath,
Extract: false,
},
{
Url: "data:application/json;base64,W3sib3AiOiJyZXBsYWNlIiwicGF0aCI6Ii9zcGVjL2NvbnRhaW5lcnMvMC9pbWFnZSIsInZhbHVlIjoicmVnaXN0cnkuazhzLmlvL2t1YmUtYXBpc2VydmVyOnYxLjI5LjE1QHNoYTI1NjpmZDgyYzc0ZTA3NzNhMTAzOTYwNTU5MDQ3NTMxMjY0MTFiM2E5NTg0Y2M0NTNlMWM3MTUyYzgxMDE4YTkzM2I2In1d",
InstallPath: patchFilePath("kube-apiserver"),
},
{
Url: "data:application/json;base64,W3sib3AiOiJyZXBsYWNlIiwicGF0aCI6Ii9zcGVjL2NvbnRhaW5lcnMvMC9pbWFnZSIsInZhbHVlIjoicmVnaXN0cnkuazhzLmlvL2t1YmUtY29udHJvbGxlci1tYW5hZ2VyOnYxLjI5LjE1QHNoYTI1Njo0ZjA1YmUyYzA2NjdkOWY0OTc1YmNjNDNkNWUxMzZiMjQzNjk0NmY4NGM4ZjdkYzJkMmRhMTQzOTJlNzYxYTcxIn1d",
InstallPath: patchFilePath("kube-controller-manager"),
},
{
Url: "data:application/json;base64,W3sib3AiOiJyZXBsYWNlIiwicGF0aCI6Ii9zcGVjL2NvbnRhaW5lcnMvMC9pbWFnZSIsInZhbHVlIjoicmVnaXN0cnkuazhzLmlvL2t1YmUtc2NoZWR1bGVyOnYxLjI5LjE1QHNoYTI1NjoyNzYxMDhhNDU0MWE1MTg5NGEwMTA2MzMyMzBmN2I2ZDEwZTkyZTczMDI3NGYyNGJkMjFlODI3ZTY0MjQzZDY2In1d",
InstallPath: patchFilePath("kube-scheduler"),
},
{
Url: "data:application/json;base64,W3sib3AiOiJyZXBsYWNlIiwicGF0aCI6Ii9zcGVjL2NvbnRhaW5lcnMvMC9pbWFnZSIsInZhbHVlIjoicmVnaXN0cnkuazhzLmlvL2V0Y2Q6My41LjIxLTBAc2hhMjU2OmQ1OGMwMzVkZjU1NzA4MGEyNzM4N2Q2ODcwOTJlM2ZjMmI2NGM2ZDBlMzE2MmRjNTE0NTNhMTE1Zjg0N2QxMjEifV0=",
InstallPath: patchFilePath("etcd"),
},
},
// CloudControllerManagerImageAWS is the CCM image used on AWS.
// Check for newer versions at https://github.com/kubernetes/cloud-provider-aws/releases.
CloudControllerManagerImageAWS: "registry.k8s.io/provider-aws/cloud-controller-manager:v1.29.8@sha256:3f8e7be967f76b328123d53846c21dcd930b60094f9f4abd8bf5ab0fe108e6e4", // renovate:container
// CloudControllerManagerImageAzure is the CCM image used on Azure.
// Check for newer versions at https://github.com/kubernetes-sigs/cloud-provider-azure/blob/master/README.md.
CloudControllerManagerImageAzure: "mcr.microsoft.com/oss/kubernetes/azure-cloud-controller-manager:v1.29.15@sha256:22e562ab13b52c8725add9cf87b5c91b2ca7da75bbf08529163890616ffe4ca7", // renovate:container
// CloudNodeManagerImageAzure is the cloud-node-manager image used on Azure.
// Check for newer versions at https://github.com/kubernetes-sigs/cloud-provider-azure/blob/master/README.md.
CloudNodeManagerImageAzure: "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.29.15@sha256:049bf87e7df4653c191b31228b3868627ce2268328158ef39270ca25f3e55b39", // renovate:container
// CloudControllerManagerImageGCP is the CCM image used on GCP.
CloudControllerManagerImageGCP: "ghcr.io/edgelesssys/cloud-provider-gcp:v29.5.1@sha256:ebbc6f5755725b6c2c81ca1d1580e2feba83572c41608b739c50f85b2e5de936", // renovate:container
// CloudControllerManagerImageOpenStack is the CCM image used on OpenStack.
CloudControllerManagerImageOpenStack: "docker.io/k8scloudprovider/openstack-cloud-controller-manager:v1.26.4@sha256:05e846fb13481b6dbe4a1e50491feb219e8f5101af6cf662a086115735624db0", // renovate:container
// External service image. Depends on k8s version.
// Check for new versions at https://github.com/kubernetes/autoscaler/releases.
ClusterAutoscalerImage: "registry.k8s.io/autoscaling/cluster-autoscaler:v1.29.5@sha256:76865740be7c965b35ee1524931bb4abfe4c27b5bfad280e84068cd6653ee7bb", // renovate:container
},
V1_30: {
ClusterVersion: "v1.30.14", // renovate:kubernetes-release
KubernetesComponents: components.Components{
@ -398,6 +331,73 @@ var VersionConfigs = map[ValidK8sVersion]KubernetesVersion{
// Check for new versions at https://github.com/kubernetes/autoscaler/releases.
ClusterAutoscalerImage: "registry.k8s.io/autoscaling/cluster-autoscaler:v1.31.2@sha256:2f2ae9f88573d45d8c72d22abff97fb77fd8d9e55f40e57aa282957e56fd3a1a", // renovate:container
},
V1_32: {
ClusterVersion: "v1.32.7", // renovate:kubernetes-release
KubernetesComponents: components.Components{
{
Url: "https://github.com/containernetworking/plugins/releases/download/v1.7.1/cni-plugins-linux-amd64-v1.7.1.tgz", // renovate:cni-plugins-release
Hash: "sha256:1a28a0506bfe5bcdc981caf1a49eeab7e72da8321f1119b7be85f22621013098",
InstallPath: constants.CniPluginsDir,
Extract: true,
},
{
Url: "https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.33.0/crictl-v1.33.0-linux-amd64.tar.gz", // renovate:crictl-release
Hash: "sha256:8307399e714626e69d1213a4cd18c8dec3d0201ecdac009b1802115df8973f0f",
InstallPath: constants.BinDir,
Extract: true,
},
{
Url: "https://dl.k8s.io/v1.32.7/bin/linux/amd64/kubelet", // renovate:kubernetes-release
Hash: "sha256:7ab96898436475640cbd416b2446f33aba1c2cb62dae876302ff7775d850041c",
InstallPath: constants.KubeletPath,
Extract: false,
},
{
Url: "https://dl.k8s.io/v1.32.7/bin/linux/amd64/kubeadm", // renovate:kubernetes-release
Hash: "sha256:dcd40af0042c559f3218dbd23bf318b850a5213528b428e1637ccb357ac32498",
InstallPath: constants.KubeadmPath,
Extract: false,
},
{
Url: "https://dl.k8s.io/v1.32.7/bin/linux/amd64/kubectl", // renovate:kubernetes-release
Hash: "sha256:b8f24d467a8963354b028796a85904824d636132bef00988394cadacffe959c9",
InstallPath: constants.KubectlPath,
Extract: false,
},
{
Url: "data:application/json;base64,W3sib3AiOiJyZXBsYWNlIiwicGF0aCI6Ii9zcGVjL2NvbnRhaW5lcnMvMC9pbWFnZSIsInZhbHVlIjoicmVnaXN0cnkuazhzLmlvL2t1YmUtYXBpc2VydmVyOnYxLjMyLjdAc2hhMjU2OmUwNGY2MjIzZDUyZjgwNDFjNDZlZjQ1NDVjY2FmMDc4OTRiMWNhNTg1MTUwNmE5MTQyNzA2ZDQyMDY5MTFmNjQifV0=",
InstallPath: patchFilePath("kube-apiserver"),
},
{
Url: "data:application/json;base64,W3sib3AiOiJyZXBsYWNlIiwicGF0aCI6Ii9zcGVjL2NvbnRhaW5lcnMvMC9pbWFnZSIsInZhbHVlIjoicmVnaXN0cnkuazhzLmlvL2t1YmUtY29udHJvbGxlci1tYW5hZ2VyOnYxLjMyLjdAc2hhMjU2OjZjN2YyODhhYjAxODFlNDk2NjA2YTQzZGJhZGU5NTQ4MTlhZjJiMWUxYzA1NTJiZWNmNjkwMzQzNmUxNmVhNzUifV0=",
InstallPath: patchFilePath("kube-controller-manager"),
},
{
Url: "data:application/json;base64,W3sib3AiOiJyZXBsYWNlIiwicGF0aCI6Ii9zcGVjL2NvbnRhaW5lcnMvMC9pbWFnZSIsInZhbHVlIjoicmVnaXN0cnkuazhzLmlvL2t1YmUtc2NoZWR1bGVyOnYxLjMyLjdAc2hhMjU2OjFjMzVhOTcwYjQ0NTBiNDI4NTUzMTQ5NWJlODJjZGExZjY1NDk5NTJmNzBkNmUzZGU4ZGI1N2MyMGEzZGE0Y2UifV0=",
InstallPath: patchFilePath("kube-scheduler"),
},
{
Url: "data:application/json;base64,W3sib3AiOiJyZXBsYWNlIiwicGF0aCI6Ii9zcGVjL2NvbnRhaW5lcnMvMC9pbWFnZSIsInZhbHVlIjoicmVnaXN0cnkuazhzLmlvL2V0Y2Q6My41LjIxLTBAc2hhMjU2OmQ1OGMwMzVkZjU1NzA4MGEyNzM4N2Q2ODcwOTJlM2ZjMmI2NGM2ZDBlMzE2MmRjNTE0NTNhMTE1Zjg0N2QxMjEifV0=",
InstallPath: patchFilePath("etcd"),
},
},
// CloudControllerManagerImageAWS is the CCM image used on AWS.
// Check for newer versions at https://github.com/kubernetes/cloud-provider-aws/releases.
CloudControllerManagerImageAWS: "registry.k8s.io/provider-aws/cloud-controller-manager:v1.32.3@sha256:894dc5ce38646acad312a722e29ee7641aa5032aba5b134ebb98462b492f9bc6", // renovate:container
// CloudControllerManagerImageAzure is the CCM image used on Azure.
// Check for newer versions at https://github.com/kubernetes-sigs/cloud-provider-azure/blob/master/README.md.
CloudControllerManagerImageAzure: "mcr.microsoft.com/oss/kubernetes/azure-cloud-controller-manager:v1.32.6@sha256:4e617973016c837ef5a8d8a3b58dd0a4ead21f683358715cca8cd14d71fcfa8a", // renovate:container
// CloudNodeManagerImageAzure is the cloud-node-manager image used on Azure.
// Check for newer versions at https://github.com/kubernetes-sigs/cloud-provider-azure/blob/master/README.md.
CloudNodeManagerImageAzure: "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.32.5@sha256:3371131c0c0c7b30b0f26d057479aead1969826cb69d08417438b38b7abffea2", // renovate:container
// CloudControllerManagerImageGCP is the CCM image used on GCP.
CloudControllerManagerImageGCP: "ghcr.io/edgelesssys/cloud-provider-gcp:v30.1.4@sha256:0c3695a18d3825492196facb092e5fe56e466fa8517cde5a206fe21630c1da13", // renovate:container
// CloudControllerManagerImageOpenStack is the CCM image used on OpenStack.
CloudControllerManagerImageOpenStack: "registry.k8s.io/provider-os/openstack-cloud-controller-manager:v1.33.0@sha256:864d87b7ca64ad3c15a091a7d6122b471a1e761120f7ab33912555d4947105d6", // renovate:container
// External service image. Depends on k8s version.
// Check for new versions at https://github.com/kubernetes/autoscaler/releases.
ClusterAutoscalerImage: "registry.k8s.io/autoscaling/cluster-autoscaler:v1.32.1@sha256:dfc7e06c58b3757e530a0be1b8af6f6fe38926f0f4da35d6f1b8a9a9e0bb78de", // renovate:container
},
}
// KubernetesVersion bundles download Urls to all version-releated binaries necessary for installing/deploying a particular Kubernetes version.

8
nix/shells/default.nix
View file

@ -1,7 +1,13 @@
{ mkShell, git, bazel_7 }:
{
mkShell,
git,
bazel_7,
go,
}:
mkShell {
nativeBuildInputs = [
bazel_7
git
go
];
}

2
terraform-provider-constellation/docs/resources/cluster.md
View file

@ -69,7 +69,7 @@ resource "constellation_cluster" "azure_example" {
See the [full list of CSPs](https://docs.edgeless.systems/constellation/overview/clouds) that Constellation supports.
- `image` (Attributes) Constellation OS Image to use on the nodes. (see [below for nested schema](#nestedatt--image))
- `init_secret` (String) Secret used for initialization of the cluster.
- `kubernetes_version` (String) The Kubernetes version to use for the cluster. The supported versions are [v1.29.15 v1.30.14 v1.31.11].
- `kubernetes_version` (String) The Kubernetes version to use for the cluster. The supported versions are [v1.30.14 v1.31.11 v1.32.7].
- `master_secret` (String) Hex-encoded 32-byte master secret for the cluster.
- `master_secret_salt` (String) Hex-encoded 32-byte master secret salt for the cluster.
- `measurement_salt` (String) Hex-encoded 32-byte measurement salt for the cluster.