diff --git a/.github/docs/upgrade-kubernetes.md b/.github/docs/upgrade-kubernetes.md index 526f78b78..bb907272e 100644 --- a/.github/docs/upgrade-kubernetes.md +++ b/.github/docs/upgrade-kubernetes.md @@ -17,19 +17,15 @@ During cluster initialization, multiple Kubernetes resources are deployed. Some You can check available version tags for container images using [the container registry tags API](https://docs.docker.com/registry/spec/api/#listing-image-tags): ```sh -curl -q https://k8s.gcr.io/v2/autoscaling/cluster-autoscaler/tags/list | jq .tags -curl -q https://k8s.gcr.io/v2/cloud-controller-manager/tags/list | jq .tags -curl -q https://us.gcr.io/v2/k8s-artifacts-prod/provider-aws/cloud-controller-manager/tags/list | jq .tags -curl -q https://mcr.microsoft.com/v2/oss/kubernetes/azure-cloud-controller-manager/tags/list | jq .tags -curl -q https://mcr.microsoft.com/v2/oss/kubernetes/azure-cloud-node-manager/tags/list | jq .tags +curl -qL https://registry.k8s.io/v2/autoscaling/cluster-autoscaler/tags/list | jq .tags +curl -qL https://registry.k8s.io/v2/cloud-controller-manager/tags/list | jq .tags +curl -qL https://registry.k8s.io/v2/provider-aws/cloud-controller-manager/tags/list | jq .tags +curl -qL https://mcr.microsoft.com/v2/oss/kubernetes/azure-cloud-controller-manager/tags/list | jq .tags +curl -qL https://mcr.microsoft.com/v2/oss/kubernetes/azure-cloud-node-manager/tags/list | jq .tags # [...] ``` -## Upgrade go dependencies - -The [`go.mod`](/go.mod) and [`go.sum`](/go.sum) files pin versions of the Kubernetes go packages. While these do not need to be on the exact versions used in the Kubernetes deployment, it is a good idea to keep them updated and on a similar version. -Upgrade Kubernetes go dependencies by changing the versions of all packages in the `k8s.io` namespace from the old version to the new version in [`go.mod`](/go.mod) and run `go mod tidy`. Ensure that there are no other conflicts and test your changes. -See the diff of [this PR](https://github.com/edgelesssys/constellation/pull/110) as an example of updating the go dependencies. +Normally renovate will handle the upgrading of Kubernetes dependencies. ## Test the new Kubernetes version diff --git a/cli/internal/helm/charts/edgeless/constellation-services/charts/autoscaler/values.schema.json b/cli/internal/helm/charts/edgeless/constellation-services/charts/autoscaler/values.schema.json index d01913788..0afadab95 100644 --- a/cli/internal/helm/charts/edgeless/constellation-services/charts/autoscaler/values.schema.json +++ b/cli/internal/helm/charts/edgeless/constellation-services/charts/autoscaler/values.schema.json @@ -3,13 +3,19 @@ "properties": { "csp": { "description": "CSP to which the chart is deployed.", - "enum": ["Azure", "GCP", "AWS", "QEMU"] + "enum": [ + "Azure", + "GCP", + "AWS", + "QEMU" + ] }, "image": { "description": "Container image to use for the spawned pods.", "type": "string", - "examples": ["k8s.gcr.io/autoscaling/cluster-autoscaler:v1.23.1"] - + "examples": [ + "registry.k8s.io/autoscaling/cluster-autoscaler:v1.23.1" + ] }, "Azure": { "description": "Config values required for deployment on Azure", @@ -50,10 +56,20 @@ "image" ], "if": { - "properties": { "csp": { "const": "Azure" } }, - "required": ["csp"] + "properties": { + "csp": { + "const": "Azure" + } + }, + "required": [ + "csp" + ] + }, + "then": { + "required": [ + "Azure" + ] }, - "then": { "required": ["Azure"] }, "title": "Values", "type": "object" } diff --git a/cli/internal/helm/charts/edgeless/operators/charts/constellation-operator/values.schema.json b/cli/internal/helm/charts/edgeless/operators/charts/constellation-operator/values.schema.json index ccca473d6..f2957df8f 100644 --- a/cli/internal/helm/charts/edgeless/operators/charts/constellation-operator/values.schema.json +++ b/cli/internal/helm/charts/edgeless/operators/charts/constellation-operator/values.schema.json @@ -11,8 +11,9 @@ "image": { "description": "Container image to use for the spawned pods.", "type": "string", - "examples": ["k8s.gcr.io/autoscaling/cluster-autoscaler:v1.23.1"] - + "examples": [ + "registry.k8s.io/autoscaling/cluster-autoscaler:v1.23.1" + ] } }, "required": [ @@ -26,7 +27,12 @@ }, "csp": { "description": "CSP to which the chart is deployed.", - "enum": ["Azure", "GCP", "AWS", "QEMU"] + "enum": [ + "Azure", + "GCP", + "AWS", + "QEMU" + ] }, "constellationUID": { "description": "UID for the specific cluster", diff --git a/cli/internal/helm/charts/edgeless/operators/charts/node-maintenance-operator/values.schema.json b/cli/internal/helm/charts/edgeless/operators/charts/node-maintenance-operator/values.schema.json index 3e22f3dea..7ca409d1e 100644 --- a/cli/internal/helm/charts/edgeless/operators/charts/node-maintenance-operator/values.schema.json +++ b/cli/internal/helm/charts/edgeless/operators/charts/node-maintenance-operator/values.schema.json @@ -11,8 +11,9 @@ "image": { "description": "Container image to use for the spawned pods.", "type": "string", - "examples": ["k8s.gcr.io/autoscaling/cluster-autoscaler:v1.23.1"] - + "examples": [ + "registry.k8s.io/autoscaling/cluster-autoscaler:v1.23.1" + ] } }, "required": [ diff --git a/image/mkosi.skeleton/usr/etc/containerd/config.toml b/image/mkosi.skeleton/usr/etc/containerd/config.toml index d0d931827..b1a2e073b 100644 --- a/image/mkosi.skeleton/usr/etc/containerd/config.toml +++ b/image/mkosi.skeleton/usr/etc/containerd/config.toml @@ -53,7 +53,7 @@ version = 2 max_container_log_line_size = 16384 netns_mounts_under_state_dir = false restrict_oom_score_adj = false - sandbox_image = "k8s.gcr.io/pause:3.5" + sandbox_image = "registry.k8s.io/pause:3.9@sha256:7031c1b283388d2c2e09b57badb803c05ebed362dc88d84b480cc47f72a21097" selinux_category_range = 1024 stats_collect_period = 10 stream_idle_timeout = "4h0m0s" diff --git a/internal/versions/versions.go b/internal/versions/versions.go index 65a8f2735..ad91f083a 100644 --- a/internal/versions/versions.go +++ b/internal/versions/versions.go @@ -55,7 +55,7 @@ const ( // // KonnectivityAgentImage agent image for konnectivity service. - KonnectivityAgentImage = "us.gcr.io/k8s-artifacts-prod/kas-network-proxy/proxy-agent:v0.0.33@sha256:48f2a4ec3e10553a81b8dd1c6fa5fe4bcc9617f78e71c1ca89c6921335e2d7da" // renovate:container + KonnectivityAgentImage = "registry.k8s.io/kas-network-proxy/proxy-agent:v0.0.33@sha256:48f2a4ec3e10553a81b8dd1c6fa5fe4bcc9617f78e71c1ca89c6921335e2d7da" // renovate:container // KonnectivityServerImage server image for konnectivity service. KonnectivityServerImage = "registry.k8s.io/kas-network-proxy/proxy-server:v0.0.33@sha256:2c111f004bec24888d8cfa2a812a38fb8341350abac67dcd0ac64e709dfe389c" // renovate:container // JoinImage image of Constellation join service. @@ -146,7 +146,7 @@ var VersionConfigs = map[ValidK8sVersion]KubernetesVersion{ // CloudNodeManagerImageAzure is the cloud-node-manager image used on Azure. CloudNodeManagerImageAzure: "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.23.23@sha256:a82d73fb1ee10e3041b4f03cfe4ab5bb8edc8329c45bf1d42ff9e06340137de3", // renovate:container // External service image. Depends on k8s version. - ClusterAutoscalerImage: "k8s.gcr.io/autoscaling/cluster-autoscaler:v1.23.1@sha256:cd2101ba67f3d6ec719f7792d4bdaa3a50e1b716f3a9ccee8931086496c655b7", // renovate:container + ClusterAutoscalerImage: "registry.k8s.io/autoscaling/cluster-autoscaler:v1.23.1@sha256:cd2101ba67f3d6ec719f7792d4bdaa3a50e1b716f3a9ccee8931086496c655b7", // renovate:container }, V1_24: { PatchVersion: "v1.24.9", // renovate:kubernetes-release @@ -192,7 +192,7 @@ var VersionConfigs = map[ValidK8sVersion]KubernetesVersion{ // CloudNodeManagerImageAzure is the cloud-node-manager image used on Azure. CloudNodeManagerImageAzure: "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.10@sha256:fed0573c5200e2ba6874a08b4fa875523958d6e6cebc4831f5798ae8caf4ac8e", // renovate:container // External service image. Depends on k8s version. - ClusterAutoscalerImage: "k8s.gcr.io/autoscaling/cluster-autoscaler:v1.24.0@sha256:5bd22353ae7f30c9abfaa08189281367ef47ea1b3d09eb13eb26bd13de241e72", // renovate:container + ClusterAutoscalerImage: "registry.k8s.io/autoscaling/cluster-autoscaler:v1.24.0@sha256:5bd22353ae7f30c9abfaa08189281367ef47ea1b3d09eb13eb26bd13de241e72", // renovate:container }, V1_25: { PatchVersion: "v1.25.5", // renovate:kubernetes-release @@ -241,7 +241,7 @@ var VersionConfigs = map[ValidK8sVersion]KubernetesVersion{ CloudNodeManagerImageAzure: "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.4@sha256:5227c3820a60df390107fa0a0865bf19745f21fc3c323c779ac71e3b70e46846", // renovate:container // External service image. Depends on k8s version. // Check for new versions at https://github.com/kubernetes/autoscaler/releases. - ClusterAutoscalerImage: "k8s.gcr.io/autoscaling/cluster-autoscaler:v1.25.0@sha256:f509ffab618dbd07d129b69ec56963aac7f61aaa792851206b54a2f0bbe046df", // renovate:container + ClusterAutoscalerImage: "registry.k8s.io/autoscaling/cluster-autoscaler:v1.25.0@sha256:f509ffab618dbd07d129b69ec56963aac7f61aaa792851206b54a2f0bbe046df", // renovate:container }, V1_26: { PatchVersion: "v1.26.0", // renovate:kubernetes-release @@ -290,7 +290,7 @@ var VersionConfigs = map[ValidK8sVersion]KubernetesVersion{ CloudNodeManagerImageAzure: "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.4@sha256:5227c3820a60df390107fa0a0865bf19745f21fc3c323c779ac71e3b70e46846", // renovate:container // External service image. Depends on k8s version. // Check for new versions at https://github.com/kubernetes/autoscaler/releases. - ClusterAutoscalerImage: "k8s.gcr.io/autoscaling/cluster-autoscaler:v1.25.0@sha256:f509ffab618dbd07d129b69ec56963aac7f61aaa792851206b54a2f0bbe046df", // renovate:container + ClusterAutoscalerImage: "registry.k8s.io/autoscaling/cluster-autoscaler:v1.25.0@sha256:f509ffab618dbd07d129b69ec56963aac7f61aaa792851206b54a2f0bbe046df", // renovate:container }, } diff --git a/internal/versions/versions_test.go b/internal/versions/versions_test.go index a279cb6a4..a4781697a 100644 --- a/internal/versions/versions_test.go +++ b/internal/versions/versions_test.go @@ -19,15 +19,15 @@ func TestVersionFromDockerImage(t *testing.T) { wantPanic bool }{ "valid image name": { - imageName: "k8s.gcr.io/kube-apiserver:v1.18.0", + imageName: "registry.test.foo/kube-apiserver:v1.18.0", wantVersion: "v1.18.0", }, "valid image name with sha": { - imageName: "k8s.gcr.io/kube-apiserver:v1.18.0@sha256:1234567890abcdef", + imageName: "registry.test.foo/kube-apiserver:v1.18.0@sha256:1234567890abcdef", wantVersion: "v1.18.0", }, "invalid image name": { - imageName: "k8s.gcr.io/kube-apiserver", + imageName: "registry.test.foo/kube-apiserver", wantPanic: true, }, } diff --git a/renovate.json b/renovate.json index d67c6ccff..943a8609c 100644 --- a/renovate.json +++ b/renovate.json @@ -100,7 +100,7 @@ "registry.k8s.io/provider-aws/cloud-controller-manager", "mcr.microsoft.com/oss/kubernetes/azure-cloud-controller-manager", "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager", - "k8s.gcr.io/autoscaling/cluster-autoscaler" + "registry.k8s.io/autoscaling/cluster-autoscaler" ], "versioning": "regex:^(?v?\\d+\\.\\d+\\.)(?\\d+)$", "groupName": "K8s constrained versions", @@ -149,8 +149,12 @@ "prPriority": -20 }, { - "matchManagers": ["github-actions"], - "matchPackageNames": ["slsa-framework/slsa-github-generator"], + "matchManagers": [ + "github-actions" + ], + "matchPackageNames": [ + "slsa-framework/slsa-github-generator" + ], "pinDigests": false } ],