From 8a323827f293be431279f9a83f968510e7e8d89f Mon Sep 17 00:00:00 2001 From: Matt Boersma Date: Wed, 14 Oct 2020 10:34:13 -0600 Subject: [PATCH] chore: remove support for Kubernetes 1.15 (#3751) --- Jenkinsfile | 2 +- cmd/generate_test.go | 5 - cmd/rotate_certs_test.go | 2 +- .../addons/nvidia-device-plugin/README.md | 2 +- ...ubernetes-customfiles-podnodeselector.json | 2 +- .../kubernetes/gpu-enabled/definition.json | 2 +- .../kubernetes-config/addons-enabled.json | 2 +- .../node-count/50-nodes/definition.json | 2 +- .../kubernetes/zones/definition.json | 2 +- .../vmas/kubernetes-vmas-multimaster.json | 2 +- .../vmas/kubernetes-vmas.json | 2 +- .../vmss/kubernetes-vmss.json | 2 +- .../kubernetes-featuresgates.json | 2 +- examples/ipvs/kubernetes-msi.json | 2 +- .../kubernetes-cloud-controller-manager.json | 2 +- .../kubernetes-keyvault-encryption.json | 2 +- .../kubernetes-standardlb.json | 2 +- examples/kubernetes-containerd.json | 2 +- examples/kubernetes-kubenet-containerd.json | 2 +- examples/kubernetes-labels/kubernetes.json | 2 +- .../kubernetes-releases/kubernetes1.15.json | 31 - .../kubernetes-vmss-master/kubernetes.json | 2 +- examples/kubernetes-vmss-master/windows.json | 2 +- examples/kubernetes-vmss-spot/kubernetes.json | 2 +- examples/kubernetes-vmss/kubernetes.json | 2 +- examples/largeclusters/kubernetes.json | 2 +- examples/managed-identity/kubernetes-msi.json | 2 +- examples/multiple-nodepools/multipool.json | 2 +- examples/networkpolicy/kubernetes-antrea.json | 2 +- examples/networkpolicy/kubernetes-cilium.json | 2 +- examples/windows/kubernetes-hyperv.json | 2 +- examples/windows/kubernetes-windows-1903.json | 2 +- examples/windows/kubernetes.json | 2 +- parts/k8s/addons/1.15/calico.yaml | 776 -------------- parts/k8s/addons/aad-pod-identity.yaml | 8 +- parts/k8s/addons/aci-connector.yaml | 4 +- parts/k8s/addons/audit-policy.yaml | 2 +- parts/k8s/addons/azure-cloud-provider.yaml | 12 +- .../k8s/addons/azure-cni-networkmonitor.yaml | 8 - parts/k8s/addons/azure-network-policy.yaml | 6 +- .../azuredisk-csi-driver-deployment.yaml | 2 - .../azurefile-csi-driver-deployment.yaml | 2 - parts/k8s/addons/blobfuse-flexvolume.yaml | 2 +- parts/k8s/addons/cluster-autoscaler.yaml | 6 +- parts/k8s/addons/coredns.yaml | 2 +- parts/k8s/addons/flannel.yaml | 8 +- parts/k8s/addons/ip-masq-agent.yaml | 12 +- parts/k8s/addons/keyvault-flexvolume.yaml | 4 +- parts/k8s/addons/kube-dns.yaml | 7 +- parts/k8s/addons/kube-proxy.yaml | 20 +- parts/k8s/addons/kube-rescheduler.yaml | 8 +- parts/k8s/addons/metrics-server.yaml | 10 - parts/k8s/addons/nvidia-device-plugin.yaml | 4 - parts/k8s/addons/pod-security-policy.yaml | 4 +- parts/k8s/addons/smb-flexvolume.yaml | 2 +- parts/k8s/addons/tiller.yaml | 4 +- parts/k8s/cloud-init/masternodecustomdata.yml | 4 - parts/k8s/cloud-init/nodecustomdata.yml | 4 - parts/k8s/kuberneteswindowssetup.ps1 | 4 - pkg/api/addons.go | 6 +- pkg/api/addons_test.go | 7 +- pkg/api/apiloader_test.go | 8 +- pkg/api/common/helper_test.go | 45 - pkg/api/common/versions.go | 12 +- pkg/api/common/versions_test.go | 10 +- pkg/api/convertertoagentpoolonlyapi_test.go | 2 +- pkg/api/defaults-kubelet_test.go | 18 +- pkg/api/defaults_test.go | 2 +- pkg/api/types_test.go | 2 +- pkg/api/vlabs/validate_test.go | 60 +- pkg/engine/template_generator.go | 6 - pkg/engine/template_generator_test.go | 2 - pkg/engine/templates_generated.go | 951 +----------------- .../addons/kubernetes-custom-psp.json | 2 +- .../addons/kubernetes-kube-proxy.json | 2 +- pkg/engine/testdata/addons/kubernetes.json | 2 +- .../agentPoolOnly/v20170831/agents.json | 2 +- .../agentPoolOnly/v20180331/agents.json | 2 +- .../agentsWithFullNetworkProfile.json | 2 +- .../agentsWithFullNetworkProfileV2.json | 2 +- .../agentsWithOnlyNetworkPlugin.json | 2 +- .../testdata/azurestack/kubernetes.json | 2 +- .../disks-managed/kubernetes-vmss.json | 2 +- .../testdata/key-vault-certs/kubernetes.json | 4 +- .../testdata/kubernetesversions/1.13.json | 2 +- .../largeclusters/kubernetes-vmss.json | 2 +- .../testdata/mastersonly/mastersonly.json | 2 +- .../windows/kubernetes-kubernetesconfig.json | 2 +- .../testdata/windows/kubernetes-vmss.json | 2 +- test/e2e/go.sum | 1 + .../container_monitoring.json | 9 - .../network_policy/antrea.json | 2 +- .../network_policy/antrea_azure.json | 2 +- .../network_policy/cilium.json | 43 - .../e2e/test_cluster_configs/no_outbound.json | 2 +- .../windows/network_plugin/kubenet.json | 1 - vhd/packer/configure-windows-vhd.ps1 | 10 - vhd/packer/install-dependencies.sh | 6 - 98 files changed, 171 insertions(+), 2093 deletions(-) delete mode 100644 examples/kubernetes-releases/kubernetes1.15.json delete mode 100644 parts/k8s/addons/1.15/calico.yaml delete mode 100644 test/e2e/test_cluster_configs/network_policy/cilium.json diff --git a/Jenkinsfile b/Jenkinsfile index d7858a0120..88a879c251 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -5,7 +5,7 @@ defaultEnv = [ CREATE_VNET: false, ] + params -def k8sVersions = ["1.15", "1.16", "1.17", "1.18", "1.19"] +def k8sVersions = ["1.16", "1.17", "1.18", "1.19"] def latestReleasedVersion = "1.19" def tasks = [:] def testConfigs = [] diff --git a/cmd/generate_test.go b/cmd/generate_test.go index c3447080d0..b60ec288d1 100644 --- a/cmd/generate_test.go +++ b/cmd/generate_test.go @@ -556,11 +556,6 @@ func TestExampleAPIModels(t *testing.T) { apiModelPath: "../examples/kubernetes-msi-userassigned/kube-vmss.json", setArgs: defaultSet, }, - { - name: "1.15 example", - apiModelPath: "../examples/kubernetes-releases/kubernetes1.15.json", - setArgs: defaultSet, - }, { name: "1.16 example", apiModelPath: "../examples/kubernetes-releases/kubernetes1.16.json", diff --git a/cmd/rotate_certs_test.go b/cmd/rotate_certs_test.go index e369c76a92..4bc4a671a1 100644 --- a/cmd/rotate_certs_test.go +++ b/cmd/rotate_certs_test.go @@ -258,7 +258,7 @@ func TestWriteArtifacts(t *testing.T) { t.Parallel() g := NewGomegaWithT(t) - cs := api.CreateMockContainerService("testcluster", "1.15.11", 3, 2, false) + cs := api.CreateMockContainerService("testcluster", "1.16.14", 3, 2, false) _, err := cs.SetPropertiesDefaults(api.PropertiesDefaultsParams{ IsScale: false, IsUpgrade: false, diff --git a/examples/addons/nvidia-device-plugin/README.md b/examples/addons/nvidia-device-plugin/README.md index 482ece8a43..063c85dd66 100644 --- a/examples/addons/nvidia-device-plugin/README.md +++ b/examples/addons/nvidia-device-plugin/README.md @@ -8,7 +8,7 @@ This is the [NVIDIA Device Plugin](https://github.com/NVIDIA/k8s-device-plugin) "properties": { "orchestratorProfile": { "orchestratorType": "Kubernetes", - "orchestratorRelease": "1.15", + "orchestratorRelease": "1.16", "kubernetesConfig": { "addons": [ { diff --git a/examples/customfiles/kubernetes-customfiles-podnodeselector.json b/examples/customfiles/kubernetes-customfiles-podnodeselector.json index b75ced1090..5f2b24b73b 100644 --- a/examples/customfiles/kubernetes-customfiles-podnodeselector.json +++ b/examples/customfiles/kubernetes-customfiles-podnodeselector.json @@ -3,7 +3,7 @@ "properties": { "orchestratorProfile": { "orchestratorType": "Kubernetes", - "orchestratorVersion": "1.15.11", + "orchestratorVersion": "1.16.14", "kubernetesConfig": { "enableRbac" : true, "enableAggregatedAPIs": true, diff --git a/examples/e2e-tests/kubernetes/gpu-enabled/definition.json b/examples/e2e-tests/kubernetes/gpu-enabled/definition.json index 06b1fc95b6..da0c8c55ac 100644 --- a/examples/e2e-tests/kubernetes/gpu-enabled/definition.json +++ b/examples/e2e-tests/kubernetes/gpu-enabled/definition.json @@ -3,7 +3,7 @@ "properties": { "orchestratorProfile": { "orchestratorType": "Kubernetes", - "orchestratorRelease": "1.15" + "orchestratorRelease": "1.16" }, "masterProfile": { "count": 1, diff --git a/examples/e2e-tests/kubernetes/kubernetes-config/addons-enabled.json b/examples/e2e-tests/kubernetes/kubernetes-config/addons-enabled.json index 7c8980061d..b3433d5cf9 100644 --- a/examples/e2e-tests/kubernetes/kubernetes-config/addons-enabled.json +++ b/examples/e2e-tests/kubernetes/kubernetes-config/addons-enabled.json @@ -3,7 +3,7 @@ "properties": { "orchestratorProfile": { "orchestratorType": "Kubernetes", - "orchestratorRelease": "1.15", + "orchestratorRelease": "1.16", "kubernetesConfig": { "addons": [ { diff --git a/examples/e2e-tests/kubernetes/node-count/50-nodes/definition.json b/examples/e2e-tests/kubernetes/node-count/50-nodes/definition.json index 286e72f673..bc44366966 100644 --- a/examples/e2e-tests/kubernetes/node-count/50-nodes/definition.json +++ b/examples/e2e-tests/kubernetes/node-count/50-nodes/definition.json @@ -3,7 +3,7 @@ "properties": { "orchestratorProfile": { "orchestratorType": "Kubernetes", - "orchestratorRelease": "1.15" + "orchestratorRelease": "1.16" }, "masterProfile": { "count": 5, diff --git a/examples/e2e-tests/kubernetes/zones/definition.json b/examples/e2e-tests/kubernetes/zones/definition.json index 64df141368..32e84f3819 100644 --- a/examples/e2e-tests/kubernetes/zones/definition.json +++ b/examples/e2e-tests/kubernetes/zones/definition.json @@ -3,7 +3,7 @@ "properties": { "orchestratorProfile": { "orchestratorType": "Kubernetes", - "orchestratorRelease": "1.15" + "orchestratorRelease": "1.16" }, "masterProfile": { "count": 5, diff --git a/examples/e2e-tests/userassignedidentity/vmas/kubernetes-vmas-multimaster.json b/examples/e2e-tests/userassignedidentity/vmas/kubernetes-vmas-multimaster.json index e8f8532300..15e4433c32 100644 --- a/examples/e2e-tests/userassignedidentity/vmas/kubernetes-vmas-multimaster.json +++ b/examples/e2e-tests/userassignedidentity/vmas/kubernetes-vmas-multimaster.json @@ -3,7 +3,7 @@ "properties": { "orchestratorProfile": { "orchestratorType": "Kubernetes", - "orchestratorRelease": "1.15", + "orchestratorRelease": "1.16", "kubernetesConfig": { "useManagedIdentity": true, "userAssignedID": "aksenginetestid" diff --git a/examples/e2e-tests/userassignedidentity/vmas/kubernetes-vmas.json b/examples/e2e-tests/userassignedidentity/vmas/kubernetes-vmas.json index 4a84ba3614..df3eeea8bf 100644 --- a/examples/e2e-tests/userassignedidentity/vmas/kubernetes-vmas.json +++ b/examples/e2e-tests/userassignedidentity/vmas/kubernetes-vmas.json @@ -3,7 +3,7 @@ "properties": { "orchestratorProfile": { "orchestratorType": "Kubernetes", - "orchestratorRelease": "1.15", + "orchestratorRelease": "1.16", "kubernetesConfig": { "useManagedIdentity": true, "userAssignedID": "aksenginetestid" diff --git a/examples/e2e-tests/userassignedidentity/vmss/kubernetes-vmss.json b/examples/e2e-tests/userassignedidentity/vmss/kubernetes-vmss.json index 3d591d50db..358f36e6f4 100644 --- a/examples/e2e-tests/userassignedidentity/vmss/kubernetes-vmss.json +++ b/examples/e2e-tests/userassignedidentity/vmss/kubernetes-vmss.json @@ -3,7 +3,7 @@ "properties": { "orchestratorProfile": { "orchestratorType": "Kubernetes", - "orchestratorRelease": "1.15", + "orchestratorRelease": "1.16", "kubernetesConfig": { "useManagedIdentity": true, "userAssignedID": "aksenginetestid" diff --git a/examples/feature-gates/kubernetes-featuresgates.json b/examples/feature-gates/kubernetes-featuresgates.json index fc37a8e38a..eb73f31af5 100644 --- a/examples/feature-gates/kubernetes-featuresgates.json +++ b/examples/feature-gates/kubernetes-featuresgates.json @@ -3,7 +3,7 @@ "properties": { "orchestratorProfile": { "orchestratorType": "Kubernetes", - "orchestratorRelease": "1.15", + "orchestratorRelease": "1.16", "kubernetesConfig": { "kubeletConfig" : { "--feature-gates": "MountPropagation=true,DebugContainers=true" diff --git a/examples/ipvs/kubernetes-msi.json b/examples/ipvs/kubernetes-msi.json index 9eb5d7fc72..c95f120568 100644 --- a/examples/ipvs/kubernetes-msi.json +++ b/examples/ipvs/kubernetes-msi.json @@ -3,7 +3,7 @@ "properties": { "orchestratorProfile": { "orchestratorType": "Kubernetes", - "orchestratorRelease": "1.15", + "orchestratorRelease": "1.16", "kubernetesConfig": { "useManagedIdentity": true, "kubeProxyMode" : "ipvs" diff --git a/examples/kubernetes-config/kubernetes-cloud-controller-manager.json b/examples/kubernetes-config/kubernetes-cloud-controller-manager.json index 24016320af..e1482beb91 100644 --- a/examples/kubernetes-config/kubernetes-cloud-controller-manager.json +++ b/examples/kubernetes-config/kubernetes-cloud-controller-manager.json @@ -3,7 +3,7 @@ "properties": { "orchestratorProfile": { "orchestratorType": "Kubernetes", - "orchestratorRelease": "1.15", + "orchestratorRelease": "1.16", "kubernetesConfig": { "useCloudControllerManager": true } diff --git a/examples/kubernetes-config/kubernetes-keyvault-encryption.json b/examples/kubernetes-config/kubernetes-keyvault-encryption.json index 54c2421c3e..1acacba950 100644 --- a/examples/kubernetes-config/kubernetes-keyvault-encryption.json +++ b/examples/kubernetes-config/kubernetes-keyvault-encryption.json @@ -3,7 +3,7 @@ "properties": { "orchestratorProfile": { "orchestratorType": "Kubernetes", - "orchestratorRelease": "1.15", + "orchestratorRelease": "1.16", "kubernetesConfig": { "enableEncryptionWithExternalKms": true, "keyVaultSku": "Premium" diff --git a/examples/kubernetes-config/kubernetes-standardlb.json b/examples/kubernetes-config/kubernetes-standardlb.json index b4a640bd42..8467863fc9 100644 --- a/examples/kubernetes-config/kubernetes-standardlb.json +++ b/examples/kubernetes-config/kubernetes-standardlb.json @@ -3,7 +3,7 @@ "properties": { "orchestratorProfile": { "orchestratorType": "Kubernetes", - "orchestratorRelease": "1.15", + "orchestratorRelease": "1.16", "kubernetesConfig": { "loadBalancerSku": "Standard", "excludeMasterFromStandardLB": true diff --git a/examples/kubernetes-containerd.json b/examples/kubernetes-containerd.json index a53461278e..1d1ce64568 100644 --- a/examples/kubernetes-containerd.json +++ b/examples/kubernetes-containerd.json @@ -3,7 +3,7 @@ "properties": { "orchestratorProfile": { "orchestratorType": "Kubernetes", - "orchestratorRelease": "1.15", + "orchestratorRelease": "1.16", "kubernetesConfig": { "networkPlugin": "flannel", "containerRuntime": "containerd", diff --git a/examples/kubernetes-kubenet-containerd.json b/examples/kubernetes-kubenet-containerd.json index 104fd9f169..8b10272d3f 100644 --- a/examples/kubernetes-kubenet-containerd.json +++ b/examples/kubernetes-kubenet-containerd.json @@ -3,7 +3,7 @@ "properties": { "orchestratorProfile": { "orchestratorType": "Kubernetes", - "orchestratorRelease": "1.15", + "orchestratorRelease": "1.16", "kubernetesConfig": { "networkPlugin": "kubenet", "containerRuntime": "containerd" diff --git a/examples/kubernetes-labels/kubernetes.json b/examples/kubernetes-labels/kubernetes.json index 60140a1673..1e8464e063 100644 --- a/examples/kubernetes-labels/kubernetes.json +++ b/examples/kubernetes-labels/kubernetes.json @@ -3,7 +3,7 @@ "properties": { "orchestratorProfile": { "orchestratorType": "Kubernetes", - "orchestratorRelease": "1.15" + "orchestratorRelease": "1.16" }, "masterProfile": { "count": 1, diff --git a/examples/kubernetes-releases/kubernetes1.15.json b/examples/kubernetes-releases/kubernetes1.15.json deleted file mode 100644 index af0f7836fb..0000000000 --- a/examples/kubernetes-releases/kubernetes1.15.json +++ /dev/null @@ -1,31 +0,0 @@ -{ - "apiVersion": "vlabs", - "properties": { - "orchestratorProfile": { - "orchestratorType": "Kubernetes", - "orchestratorRelease": "1.15" - }, - "masterProfile": { - "count": 1, - "dnsPrefix": "", - "vmSize": "Standard_D2_v3" - }, - "agentPoolProfiles": [ - { - "name": "agentpool1", - "count": 3, - "vmSize": "Standard_D2_v3" - } - ], - "linuxProfile": { - "adminUsername": "azureuser", - "ssh": { - "publicKeys": [ - { - "keyData": "" - } - ] - } - } - } -} diff --git a/examples/kubernetes-vmss-master/kubernetes.json b/examples/kubernetes-vmss-master/kubernetes.json index 499f284d72..e537252cd7 100644 --- a/examples/kubernetes-vmss-master/kubernetes.json +++ b/examples/kubernetes-vmss-master/kubernetes.json @@ -3,7 +3,7 @@ "properties": { "orchestratorProfile": { "orchestratorType": "Kubernetes", - "orchestratorRelease": "1.15" + "orchestratorRelease": "1.16" }, "masterProfile": { "count": 1, diff --git a/examples/kubernetes-vmss-master/windows.json b/examples/kubernetes-vmss-master/windows.json index 13e0dc0e6b..dcac49a12b 100644 --- a/examples/kubernetes-vmss-master/windows.json +++ b/examples/kubernetes-vmss-master/windows.json @@ -3,7 +3,7 @@ "properties": { "orchestratorProfile": { "orchestratorType": "Kubernetes", - "orchestratorRelease": "1.15" + "orchestratorRelease": "1.16" }, "masterProfile": { "count": 1, diff --git a/examples/kubernetes-vmss-spot/kubernetes.json b/examples/kubernetes-vmss-spot/kubernetes.json index a8d3525977..037eb11423 100644 --- a/examples/kubernetes-vmss-spot/kubernetes.json +++ b/examples/kubernetes-vmss-spot/kubernetes.json @@ -3,7 +3,7 @@ "properties": { "orchestratorProfile": { "orchestratorType": "Kubernetes", - "orchestratorRelease": "1.15", + "orchestratorRelease": "1.16", "kubernetesConfig": { "useManagedIdentity": true } diff --git a/examples/kubernetes-vmss/kubernetes.json b/examples/kubernetes-vmss/kubernetes.json index ca732e6f1f..017c16b86f 100644 --- a/examples/kubernetes-vmss/kubernetes.json +++ b/examples/kubernetes-vmss/kubernetes.json @@ -3,7 +3,7 @@ "properties": { "orchestratorProfile": { "orchestratorType": "Kubernetes", - "orchestratorRelease": "1.15", + "orchestratorRelease": "1.16", "kubernetesConfig": { "useManagedIdentity": true } diff --git a/examples/largeclusters/kubernetes.json b/examples/largeclusters/kubernetes.json index 250e04f009..2699f20431 100644 --- a/examples/largeclusters/kubernetes.json +++ b/examples/largeclusters/kubernetes.json @@ -3,7 +3,7 @@ "properties": { "orchestratorProfile": { "orchestratorType": "Kubernetes", - "orchestratorRelease": "1.15", + "orchestratorRelease": "1.16", "kubernetesConfig": { "cloudProviderBackoff": true, "cloudProviderBackoffRetries": 6, diff --git a/examples/managed-identity/kubernetes-msi.json b/examples/managed-identity/kubernetes-msi.json index 88db950321..6ab7598fd9 100644 --- a/examples/managed-identity/kubernetes-msi.json +++ b/examples/managed-identity/kubernetes-msi.json @@ -3,7 +3,7 @@ "properties": { "orchestratorProfile": { "orchestratorType": "Kubernetes", - "orchestratorRelease": "1.15", + "orchestratorRelease": "1.16", "kubernetesConfig": { "useManagedIdentity": true } diff --git a/examples/multiple-nodepools/multipool.json b/examples/multiple-nodepools/multipool.json index 794ba960a1..2ff7cded32 100644 --- a/examples/multiple-nodepools/multipool.json +++ b/examples/multiple-nodepools/multipool.json @@ -3,7 +3,7 @@ "properties": { "orchestratorProfile": { "orchestratorType": "Kubernetes", - "orchestratorRelease": "1.15" + "orchestratorRelease": "1.16" }, "masterProfile": { "count": 1, diff --git a/examples/networkpolicy/kubernetes-antrea.json b/examples/networkpolicy/kubernetes-antrea.json index 49f10285c5..c73e46cfaf 100644 --- a/examples/networkpolicy/kubernetes-antrea.json +++ b/examples/networkpolicy/kubernetes-antrea.json @@ -3,7 +3,7 @@ "properties": { "orchestratorProfile": { "orchestratorType": "Kubernetes", - "orchestratorRelease": "1.15", + "orchestratorRelease": "1.16", "kubernetesConfig": { "networkPolicy": "antrea" } diff --git a/examples/networkpolicy/kubernetes-cilium.json b/examples/networkpolicy/kubernetes-cilium.json index 8b64d5e621..9ab6a45bc8 100644 --- a/examples/networkpolicy/kubernetes-cilium.json +++ b/examples/networkpolicy/kubernetes-cilium.json @@ -3,7 +3,7 @@ "properties": { "orchestratorProfile": { "orchestratorType": "Kubernetes", - "orchestratorRelease": "1.15", + "orchestratorRelease": "1.16", "kubernetesConfig": { "networkPolicy": "cilium" } diff --git a/examples/windows/kubernetes-hyperv.json b/examples/windows/kubernetes-hyperv.json index 26fbcd0210..fd9d5246e6 100644 --- a/examples/windows/kubernetes-hyperv.json +++ b/examples/windows/kubernetes-hyperv.json @@ -3,7 +3,7 @@ "properties": { "orchestratorProfile": { "orchestratorType": "Kubernetes", - "orchestratorRelease": "1.15", + "orchestratorRelease": "1.16", "kubernetesConfig": { "networkPlugin": "azure", "containerRuntime": "containerd", diff --git a/examples/windows/kubernetes-windows-1903.json b/examples/windows/kubernetes-windows-1903.json index e736a21a01..ecee0b0800 100644 --- a/examples/windows/kubernetes-windows-1903.json +++ b/examples/windows/kubernetes-windows-1903.json @@ -3,7 +3,7 @@ "properties": { "orchestratorProfile": { "orchestratorType": "Kubernetes", - "orchestratorRelease": "1.15" + "orchestratorRelease": "1.16" }, "masterProfile": { "count": 1, diff --git a/examples/windows/kubernetes.json b/examples/windows/kubernetes.json index 67bf4c10df..c18f2a98d5 100644 --- a/examples/windows/kubernetes.json +++ b/examples/windows/kubernetes.json @@ -3,7 +3,7 @@ "properties": { "orchestratorProfile": { "orchestratorType": "Kubernetes", - "orchestratorRelease": "1.15" + "orchestratorRelease": "1.16" }, "masterProfile": { "count": 1, diff --git a/parts/k8s/addons/1.15/calico.yaml b/parts/k8s/addons/1.15/calico.yaml deleted file mode 100644 index ce7daeba3a..0000000000 --- a/parts/k8s/addons/1.15/calico.yaml +++ /dev/null @@ -1,776 +0,0 @@ -{{- /* Source: calico/templates/calico-config.yaml -This ConfigMap is used to configure a self-hosted Calico installation. */}} -kind: ConfigMap -apiVersion: v1 -metadata: - name: calico-config - namespace: kube-system - labels: - addonmanager.kubernetes.io/mode: "EnsureExists" -data: - {{- /* You must set a non-zero value for Typha replicas below. */}} - typha_service_name: "calico-typha" - {{- /* The CNI network configuration to install on each node. The special - values in this config will be automatically populated. */}} - cni_network_config: |- - { - "name": "k8s-pod-network", - "cniVersion": "0.3.1", - "plugins": [ - { - "type": "calico", - "log_level": "info", - "datastore_type": "kubernetes", - "nodename": "__KUBERNETES_NODE_NAME__", - "mtu": 1500, -{{- if not IsAzureCNI}} - "ipam": { - "type": "host-local", - "subnet": "usePodCidr" - }, -{{- end}} - "policy": { - "type": "k8s" - }, - "kubernetes": { - "kubeconfig": "__KUBECONFIG_FILEPATH__" - } - }, - { - "type": "portmap", - "snat": true, - "capabilities": {"portMappings": true} - } - ] - } - ---- -{{- /* Source: calico/templates/kdd-crds.yaml */}} -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: felixconfigurations.crd.projectcalico.org - labels: - addonmanager.kubernetes.io/mode: "EnsureExists" -spec: - scope: Cluster - group: crd.projectcalico.org - version: v1 - names: - kind: FelixConfiguration - plural: felixconfigurations - singular: felixconfiguration ---- - -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: bgpconfigurations.crd.projectcalico.org - labels: - addonmanager.kubernetes.io/mode: "EnsureExists" -spec: - scope: Cluster - group: crd.projectcalico.org - version: v1 - names: - kind: BGPConfiguration - plural: bgpconfigurations - singular: bgpconfiguration ---- - -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: ippools.crd.projectcalico.org - labels: - addonmanager.kubernetes.io/mode: "EnsureExists" -spec: - scope: Cluster - group: crd.projectcalico.org - version: v1 - names: - kind: IPPool - plural: ippools - singular: ippool ---- - -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: hostendpoints.crd.projectcalico.org - labels: - addonmanager.kubernetes.io/mode: "EnsureExists" -spec: - scope: Cluster - group: crd.projectcalico.org - version: v1 - names: - kind: HostEndpoint - plural: hostendpoints - singular: hostendpoint ---- - -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: clusterinformations.crd.projectcalico.org - labels: - addonmanager.kubernetes.io/mode: "EnsureExists" -spec: - scope: Cluster - group: crd.projectcalico.org - version: v1 - names: - kind: ClusterInformation - plural: clusterinformations - singular: clusterinformation ---- - -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: globalnetworkpolicies.crd.projectcalico.org - labels: - addonmanager.kubernetes.io/mode: "EnsureExists" -spec: - scope: Cluster - group: crd.projectcalico.org - version: v1 - names: - kind: GlobalNetworkPolicy - plural: globalnetworkpolicies - singular: globalnetworkpolicy ---- - -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: globalnetworksets.crd.projectcalico.org - labels: - addonmanager.kubernetes.io/mode: "EnsureExists" -spec: - scope: Cluster - group: crd.projectcalico.org - version: v1 - names: - kind: GlobalNetworkSet - plural: globalnetworksets - singular: globalnetworkset ---- - -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: networkpolicies.crd.projectcalico.org - labels: - addonmanager.kubernetes.io/mode: "EnsureExists" -spec: - scope: Namespaced - group: crd.projectcalico.org - version: v1 - names: - kind: NetworkPolicy - plural: networkpolicies - singular: networkpolicy ---- - -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: networksets.crd.projectcalico.org - labels: - addonmanager.kubernetes.io/mode: "EnsureExists" -spec: - scope: Namespaced - group: crd.projectcalico.org - version: v1 - names: - kind: NetworkSet - plural: networksets - singular: networkset ---- -{{- /* Source: calico/templates/rbac.yaml -Include a clusterrole for the calico-node DaemonSet, -and bind it to the calico-node serviceaccount. */}} -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: calico-node - labels: - addonmanager.kubernetes.io/mode: "EnsureExists" -rules: -{{- /* The CNI plugin needs to get pods, nodes, and namespaces. */}} -- apiGroups: [""] - resources: - - pods - - nodes - - namespaces - verbs: - - get -- apiGroups: [""] - resources: - - endpoints - - services - verbs: - {{- /* Used to discover service IPs for advertisement. */}} - - watch - - list - {{- /* Used to discover Typhas. */}} - - get -- apiGroups: [""] - resources: - - nodes/status - verbs: - {{- /* Needed for clearing NodeNetworkUnavailable flag. */}} - - patch - {{- /* Calico stores some configuration information in node annotations. */}} - - update -{{- /* Watch for changes to Kubernetes NetworkPolicies. */}} -- apiGroups: ["networking.k8s.io"] - resources: - - networkpolicies - verbs: - - watch - - list -{{- /* Used by Calico for policy information. */}} -- apiGroups: [""] - resources: - - pods - - namespaces - - serviceaccounts - verbs: - - list - - watch -{{- /* The CNI plugin patches pods/status. */}} -- apiGroups: [""] - resources: - - pods/status - verbs: - - patch -{{- /* Calico monitors various CRDs for config. */}} -- apiGroups: ["crd.projectcalico.org"] - resources: - - globalfelixconfigs - - felixconfigurations - - bgppeers - - globalbgpconfigs - - bgpconfigurations - - ippools - - ipamblocks - - globalnetworkpolicies - - globalnetworksets - - networkpolicies - - networksets - - clusterinformations - - hostendpoints - verbs: - - get - - list - - watch -{{- /* Calico must create and update some CRDs on startup. */}} -- apiGroups: ["crd.projectcalico.org"] - resources: - - ippools - - felixconfigurations - - clusterinformations - verbs: - - create - - update -{{- /* Calico stores some configuration information on the node. */}} -- apiGroups: [""] - resources: - - nodes - verbs: - - get - - list - - watch -{{- /* These permissions are only requried for upgrade from v2.6, and can -be removed after upgrade or on fresh installations. */}} -- apiGroups: ["crd.projectcalico.org"] - resources: - - bgpconfigurations - - bgppeers - verbs: - - create - - update ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: calico-node - labels: - addonmanager.kubernetes.io/mode: "EnsureExists" -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: calico-node -subjects: -- kind: ServiceAccount - name: calico-node - namespace: kube-system ---- -{{- /* Source: calico/templates/calico-typha.yaml -This manifest creates a Service, which will be backed by Calico's Typha daemon. -Typha sits in between Felix and the API server, reducing Calico's load on the API server. */}} -apiVersion: v1 -kind: Service -metadata: - name: calico-typha - namespace: kube-system - labels: - k8s-app: calico-typha - addonmanager.kubernetes.io/mode: "EnsureExists" -spec: - ports: - - port: 5473 - protocol: TCP - targetPort: calico-typha - name: calico-typha - selector: - k8s-app: calico-typha ---- -{{- /* This manifest creates a Deployment of Typha to back the above service. */}} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: calico-typha - namespace: kube-system - labels: - k8s-app: calico-typha - addonmanager.kubernetes.io/mode: "EnsureExists" -spec: - {{- /* Number of Typha replicas. To enable Typha, set this to a non-zero value *and* set the - typha_service_name variable in the calico-config ConfigMap above. - We recommend using Typha if you have more than 50 nodes. Above 100 nodes it is essential - (when using the Kubernetes datastore). Use one replica for every 100-200 nodes. In - production, we recommend running at least 3 replicas to reduce the impact of rolling upgrade. */}} - replicas: 1 - revisionHistoryLimit: 2 - selector: - matchLabels: - k8s-app: calico-typha - template: - metadata: - labels: - k8s-app: calico-typha - annotations: - {{- /* This, along with the CriticalAddonsOnly toleration below, marks the pod as a critical - add-on, ensuring it gets priority scheduling and that its resources are reserved - if it ever gets evicted. */}} - scheduler.alpha.kubernetes.io/critical-pod: '' - cluster-autoscaler.kubernetes.io/safe-to-evict: 'true' - spec: - nodeSelector: - kubernetes.io/os: linux - hostNetwork: true - tolerations: - {{- /* Mark the pod as a critical add-on for rescheduling. */}} - - key: CriticalAddonsOnly - operator: Exists - {{- /* Since Calico can't network a pod until Typha is up, we need to run Typha itself - as a host-networked pod. */}} - serviceAccountName: calico-node - priorityClassName: system-cluster-critical - containers: - - image: {{ContainerImage "calico-typha"}} - name: calico-typha - ports: - - containerPort: 5473 - name: calico-typha - protocol: TCP - env: - {{- /* Enable "info" logging by default. Can be set to "debug" to increase verbosity. */}} - - name: TYPHA_LOGSEVERITYSCREEN - value: "info" - {{- /* Disable logging to file and syslog since those don't make sense in Kubernetes. */}} - - name: TYPHA_LOGFILEPATH - value: "none" - - name: TYPHA_LOGSEVERITYSYS - value: "none" - {{- /* Monitor the Kubernetes API to find the number of running instances and rebalance - connections. */}} - - name: TYPHA_CONNECTIONREBALANCINGMODE - value: "kubernetes" - - name: TYPHA_DATASTORETYPE - value: "kubernetes" - - name: TYPHA_HEALTHENABLED - value: "true" - {{- /* Configure route aggregation based on pod CIDR. */}} - - name: USE_POD_CIDR - value: "true" - - name: FELIX_INTERFACEPREFIX - value: "{{if IsAzureCNI}}azv{{else}}cali{{end}}" - # Uncomment these lines to enable prometheus metrics. Since Typha is host-networked, - # this opens a port on the host, which may need to be secured. - #- name: TYPHA_PROMETHEUSMETRICSENABLED - # value: "true" - #- name: TYPHA_PROMETHEUSMETRICSPORT - # value: "9093" - livenessProbe: - httpGet: - path: /liveness - port: 9098 - host: localhost - periodSeconds: 30 - initialDelaySeconds: 30 - readinessProbe: - httpGet: - path: /readiness - port: 9098 - host: localhost - periodSeconds: 10 ---- -{{- /* Source: calico/templates/calico-node.yaml -This manifest installs the calico-node container, as well -as the CNI plugins and network config on -each master and worker node in a Kubernetes cluster. */}} -kind: DaemonSet -apiVersion: apps/v1 -metadata: - name: calico-node - namespace: kube-system - labels: - k8s-app: calico-node - addonmanager.kubernetes.io/mode: "EnsureExists" -spec: - selector: - matchLabels: - k8s-app: calico-node - updateStrategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: 1 - template: - metadata: - labels: - k8s-app: calico-node - annotations: - {{- /* This, along with the CriticalAddonsOnly toleration below, - marks the pod as a critical add-on, ensuring it gets - priority scheduling and that its resources are reserved - if it ever gets evicted. */}} - scheduler.alpha.kubernetes.io/critical-pod: '' - spec: - nodeSelector: - kubernetes.io/os: linux - hostNetwork: true - tolerations: - {{- /* Make sure calico-node gets scheduled on all nodes. */}} - - effect: NoSchedule - operator: Exists - {{- /* Mark the pod as a critical add-on for rescheduling. */}} - - key: CriticalAddonsOnly - operator: Exists - - effect: NoExecute - operator: Exists - serviceAccountName: calico-node - {{- /* Minimize downtime during a rolling upgrade or deletion; tell Kubernetes to do a "force deletion": - https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods. */}} - terminationGracePeriodSeconds: 0 - priorityClassName: system-node-critical - initContainers: -{{- if not IsAzureCNI}} - {{- /* This container installs the CNI binaries - and CNI network config file on each node. */}} - - name: install-cni - image: {{ContainerImage "calico-cni"}} - command: ["/install-cni.sh"] - env: - {{- /* Name of the CNI config file to create. */}} - - name: CNI_CONF_NAME - value: "10-calico.conflist" - {{- /* The CNI network config to install on each node. */}} - - name: CNI_NETWORK_CONFIG - valueFrom: - configMapKeyRef: - name: calico-config - key: cni_network_config - {{- /* Set the hostname based on the k8s node name. */}} - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - {{- /* Prevents the container from sleeping forever. */}} - - name: SLEEP - value: "false" - volumeMounts: - - mountPath: /host/opt/cni/bin - name: cni-bin-dir - - mountPath: /host/etc/cni/net.d - name: cni-net-dir -{{- end}} - {{- /* Adds a Flex Volume Driver that creates a per-pod Unix Domain Socket to allow Dikastes - to communicate with Felix over the Policy Sync API. */}} - - name: flexvol-driver - image: {{ContainerImage "calico-pod2daemon"}} - volumeMounts: - - name: flexvol-driver-host - mountPath: /host/driver - containers: - {{- /* Runs calico-node container on each Kubernetes node. This - container programs network policy and routes on each - host. */}} - - name: calico-node - image: {{ContainerImage "calico-node"}} - env: - {{- /* Use Kubernetes API as the backing datastore. */}} - - name: DATASTORE_TYPE - value: "kubernetes" - {{- /* Configure route aggregation based on pod CIDR. */}} - - name: USE_POD_CIDR - value: "true" - {{- /* Typha support: controlled by the ConfigMap. */}} - - name: FELIX_TYPHAK8SSERVICENAME - valueFrom: - configMapKeyRef: - name: calico-config - key: typha_service_name - {{- /* Wait for the datastore. */}} - - name: WAIT_FOR_DATASTORE - value: "true" - {{- /* Set based on the k8s node name. */}} - - name: NODENAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - {{- /* Don't enable BGP. */}} - - name: CALICO_NETWORKING_BACKEND - value: "none" - {{- /* Cluster type to identify the deployment type */}} - - name: CLUSTER_TYPE - value: "k8s" - {{- /* The default IPv4 pool to create on startup if none exists. Pod IPs will be - chosen from this range. Changing this value after installation will have - no effect. This should fall within `--cluster-cidr`. */}} - - name: CALICO_IPV4POOL_CIDR - value: "{{GetClusterSubnet}}" - {{- /* Disable file logging so `kubectl logs` works. */}} - - name: CALICO_DISABLE_FILE_LOGGING - value: "true" - {{- /* Set Felix endpoint to host default action to ACCEPT. */}} - - name: FELIX_DEFAULTENDPOINTTOHOSTACTION - value: "ACCEPT" - {{- /* Disable IPv6 on Kubernetes. */}} - - name: FELIX_IPV6SUPPORT - value: "false" - {{- /* Set Felix logging to "info" */}} - - name: FELIX_LOGSEVERITYSCREEN - value: {{ContainerConfig "logSeverityScreen"}} - - name: FELIX_HEALTHENABLED - value: "true" - - name: CALICO_IPV4POOL_IPIP - value: "off" - - name: FELIX_INTERFACEPREFIX - value: "{{if IsAzureCNI}}azv{{else}}cali{{end}}" - securityContext: - privileged: true - resources: - requests: - cpu: 250m - livenessProbe: - httpGet: - path: /liveness - port: 9099 - host: localhost - periodSeconds: 10 - initialDelaySeconds: 10 - failureThreshold: 6 - readinessProbe: - exec: - command: - - /bin/calico-node - - -felix-ready - periodSeconds: 10 - volumeMounts: - - mountPath: /lib/modules - name: lib-modules - readOnly: true - - mountPath: /run/xtables.lock - name: xtables-lock - readOnly: false - - mountPath: /var/run/calico - name: var-run-calico - readOnly: false - - mountPath: /var/lib/calico - name: var-lib-calico - readOnly: false - - name: policysync - mountPath: /var/run/nodeagent - volumes: - {{- /* Used by calico-node. */}} - - name: lib-modules - hostPath: - path: /lib/modules - - name: var-run-calico - hostPath: - path: /var/run/calico - - name: var-lib-calico - hostPath: - path: /var/lib/calico - - name: xtables-lock - hostPath: - path: /run/xtables.lock - type: FileOrCreate - {{- /* Used to install CNI. */}} - - name: cni-bin-dir - hostPath: - path: /opt/cni/bin - - name: cni-net-dir - hostPath: - path: /etc/cni/net.d - {{- /* Used to create per-pod Unix Domain Sockets */}} - - name: policysync - hostPath: - type: DirectoryOrCreate - path: /var/run/nodeagent - {{- /* Used to install Flex Volume Driver */}} - - name: flexvol-driver-host - hostPath: - type: DirectoryOrCreate - path: /etc/kubernetes/volumeplugins/nodeagent~uds ---- - -apiVersion: v1 -kind: ServiceAccount -metadata: - name: calico-node - namespace: kube-system - labels: - addonmanager.kubernetes.io/mode: "EnsureExists" ---- -{{- /* Typha Horizontal Autoscaler ConfigMap */}} -kind: ConfigMap -apiVersion: v1 -metadata: - name: calico-typha-horizontal-autoscaler - namespace: kube-system - labels: - addonmanager.kubernetes.io/mode: "EnsureExists" -data: - ladder: |- - { - "coresToReplicas": [], - "nodesToReplicas": - [ - [1, 1], - [10, 2], - [100, 3], - [250, 4], - [500, 5], - [1000, 6], - [1500, 7], - [2000, 8] - ] - } - ---- -{{- /* Typha Horizontal Autoscaler Deployment */}} -apiVersion: extensions/v1beta1 -kind: Deployment -metadata: - name: calico-typha-horizontal-autoscaler - namespace: kube-system - labels: - k8s-app: calico-typha-autoscaler - addonmanager.kubernetes.io/mode: "EnsureExists" -spec: - replicas: 1 - template: - metadata: - labels: - k8s-app: calico-typha-autoscaler - annotations: - scheduler.alpha.kubernetes.io/critical-pod: '' - spec: - priorityClassName: system-cluster-critical - securityContext: - supplementalGroups: [65534] - fsGroup: 65534 - containers: - - image: {{ContainerImage "calico-cluster-proportional-autoscaler"}} - name: autoscaler - command: - - /cluster-proportional-autoscaler - - --namespace=kube-system - - --configmap=calico-typha-horizontal-autoscaler - - --target=deployment/calico-typha - - --logtostderr=true - - --v=2 - resources: - requests: - cpu: 10m - limits: - cpu: 10m - serviceAccountName: typha-cpha ---- -{{- /* Typha Horizontal Autoscaler Cluster Role */}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: typha-cpha - labels: - addonmanager.kubernetes.io/mode: "EnsureExists" -rules: -- apiGroups: [""] - resources: ["nodes"] - verbs: ["list"] - ---- -{{- /* Typha Horizontal Autoscaler Cluster Role Binding */}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: typha-cpha - labels: - addonmanager.kubernetes.io/mode: "EnsureExists" -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: typha-cpha -subjects: -- kind: ServiceAccount - name: typha-cpha - namespace: kube-system ---- -{{- /* Typha Horizontal Autoscaler Role */}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: typha-cpha - namespace: kube-system - labels: - addonmanager.kubernetes.io/mode: "EnsureExists" -rules: -- apiGroups: [""] - resources: ["configmaps"] - verbs: ["get"] -- apiGroups: ["extensions"] - resources: ["deployments/scale"] - verbs: ["get", "update"] - ---- -{{- /* Typha Horizontal Autoscaler Role Binding */}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: typha-cpha - namespace: kube-system - labels: - addonmanager.kubernetes.io/mode: "EnsureExists" -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: typha-cpha -subjects: -- kind: ServiceAccount - name: typha-cpha - namespace: kube-system ---- -{{- /* Typha Horizontal Autoscaler Service Account */}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: typha-cpha - namespace: kube-system - labels: - addonmanager.kubernetes.io/mode: "EnsureExists" diff --git a/parts/k8s/addons/aad-pod-identity.yaml b/parts/k8s/addons/aad-pod-identity.yaml index 28582c9046..8202d63bd4 100644 --- a/parts/k8s/addons/aad-pod-identity.yaml +++ b/parts/k8s/addons/aad-pod-identity.yaml @@ -110,7 +110,7 @@ roleRef: name: aad-pod-id-nmi-role apiGroup: rbac.authorization.k8s.io --- -apiVersion: {{if IsKubernetesVersionGe "1.16.0"}}apps/v1{{else}}extensions/v1beta1{{end}} +apiVersion: apps/v1 kind: DaemonSet metadata: labels: @@ -124,12 +124,10 @@ metadata: spec: updateStrategy: type: RollingUpdate -{{- if IsKubernetesVersionGe "1.16.0"}} selector: matchLabels: component: nmi tier: node -{{- end}} template: metadata: labels: @@ -253,7 +251,7 @@ roleRef: name: aad-pod-id-mic-role apiGroup: rbac.authorization.k8s.io --- -apiVersion: {{if IsKubernetesVersionGe "1.16.0"}}apps/v1{{else}}extensions/v1beta1{{end}} +apiVersion: apps/v1 kind: Deployment metadata: labels: @@ -265,11 +263,9 @@ metadata: namespace: kube-system spec: replicas: 2 -{{- if IsKubernetesVersionGe "1.16.0"}} selector: matchLabels: component: mic -{{- end}} template: metadata: labels: diff --git a/parts/k8s/addons/aci-connector.yaml b/parts/k8s/addons/aci-connector.yaml index 66054f724b..c86f32df15 100644 --- a/parts/k8s/addons/aci-connector.yaml +++ b/parts/k8s/addons/aci-connector.yaml @@ -61,7 +61,7 @@ data: cert.pem: key.pem: --- -apiVersion: {{if IsKubernetesVersionGe "1.16.0"}}apps/v1{{else}}extensions/v1beta1{{end}} +apiVersion: apps/v1 kind: Deployment metadata: name: aci-connector @@ -73,11 +73,9 @@ metadata: addonmanager.kubernetes.io/mode: Reconcile spec: replicas: 1 -{{- if IsKubernetesVersionGe "1.16.0"}} selector: matchLabels: app: aci-connector -{{- end}} template: metadata: labels: diff --git a/parts/k8s/addons/audit-policy.yaml b/parts/k8s/addons/audit-policy.yaml index c501d4af8e..e4a77e608d 100644 --- a/parts/k8s/addons/audit-policy.yaml +++ b/parts/k8s/addons/audit-policy.yaml @@ -1,4 +1,4 @@ -apiVersion: audit.k8s.io/v1{{ if not (IsKubernetesVersionGe "1.16.0")}}beta1{{end}} +apiVersion: audit.k8s.io/v1 kind: Policy omitStages: - RequestReceived diff --git a/parts/k8s/addons/azure-cloud-provider.yaml b/parts/k8s/addons/azure-cloud-provider.yaml index a1fa1b549b..5c416823cd 100644 --- a/parts/k8s/addons/azure-cloud-provider.yaml +++ b/parts/k8s/addons/azure-cloud-provider.yaml @@ -1,5 +1,5 @@ --- -apiVersion: rbac.authorization.k8s.io/v1{{- if not (IsKubernetesVersionGe "1.16.0")}}beta1{{end}} +apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: labels: @@ -13,7 +13,7 @@ rules: - patch - update --- -apiVersion: rbac.authorization.k8s.io/v1{{- if not (IsKubernetesVersionGe "1.16.0")}}beta1{{end}} +apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: labels: @@ -28,7 +28,7 @@ subjects: name: azure-cloud-provider namespace: kube-system --- -apiVersion: rbac.authorization.k8s.io/v1{{- if not (IsKubernetesVersionGe "1.16.0")}}beta1{{end}} +apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: system:azure-persistent-volume-binder @@ -39,7 +39,7 @@ rules: resources: ['secrets'] verbs: ['get','create'] --- -apiVersion: rbac.authorization.k8s.io/v1{{- if not (IsKubernetesVersionGe "1.16.0")}}beta1{{end}} +apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: system:azure-persistent-volume-binder @@ -54,7 +54,7 @@ subjects: name: persistent-volume-binder namespace: kube-system --- -apiVersion: rbac.authorization.k8s.io/v1{{- if not (IsKubernetesVersionGe "1.16.0")}}beta1{{end}} +apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: labels: @@ -66,7 +66,7 @@ rules: verbs: - get --- -apiVersion: rbac.authorization.k8s.io/v1{{- if not (IsKubernetesVersionGe "1.16.0")}}beta1{{end}} +apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: labels: diff --git a/parts/k8s/addons/azure-cni-networkmonitor.yaml b/parts/k8s/addons/azure-cni-networkmonitor.yaml index c152725be9..390c4e1664 100644 --- a/parts/k8s/addons/azure-cni-networkmonitor.yaml +++ b/parts/k8s/addons/azure-cni-networkmonitor.yaml @@ -1,8 +1,4 @@ -{{- if IsKubernetesVersionGe "1.16.0"}} apiVersion: apps/v1 -{{else}} -apiVersion: extensions/v1beta1 -{{- end}} kind: DaemonSet metadata: name: azure-cni-networkmonitor @@ -20,10 +16,6 @@ spec: metadata: labels: k8s-app: azure-cnms -{{- if not (IsKubernetesVersionGe "1.16.0")}} - annotations: - scheduler.alpha.kubernetes.io/critical-pod: '' -{{- end}} {{- if IsKubernetesVersionGe "1.17.0"}} annotations: cluster-autoscaler.kubernetes.io/daemonset-pod: "true" diff --git a/parts/k8s/addons/azure-network-policy.yaml b/parts/k8s/addons/azure-network-policy.yaml index 851cf7f621..065e541ca2 100644 --- a/parts/k8s/addons/azure-network-policy.yaml +++ b/parts/k8s/addons/azure-network-policy.yaml @@ -49,7 +49,7 @@ roleRef: name: azure-npm apiGroup: rbac.authorization.k8s.io --- -apiVersion: {{if IsKubernetesVersionGe "1.16.0"}}apps/v1{{else}}extensions/v1beta1{{end}} +apiVersion: apps/v1 kind: DaemonSet metadata: name: azure-npm @@ -67,12 +67,10 @@ spec: metadata: labels: k8s-app: azure-npm -{{- if IsKubernetesVersionGe "1.16.0"}} annotations: scheduler.alpha.kubernetes.io/critical-pod: '' - {{- if IsKubernetesVersionGe "1.17.0"}} +{{- if IsKubernetesVersionGe "1.17.0"}} cluster-autoscaler.kubernetes.io/daemonset-pod: "true" - {{- end}} {{- end}} spec: priorityClassName: system-node-critical diff --git a/parts/k8s/addons/azuredisk-csi-driver-deployment.yaml b/parts/k8s/addons/azuredisk-csi-driver-deployment.yaml index 08518034ed..ffc7f85f10 100644 --- a/parts/k8s/addons/azuredisk-csi-driver-deployment.yaml +++ b/parts/k8s/addons/azuredisk-csi-driver-deployment.yaml @@ -700,7 +700,6 @@ spec: cpu: {{ContainerCPUReqs "csi-snapshotter"}} memory: {{ContainerMemReqs "csi-snapshotter"}} {{end}} - {{if IsKubernetesVersionGe "1.16.0"}} - name: csi-resizer image: {{ContainerImage "csi-resizer"}} args: @@ -720,7 +719,6 @@ spec: requests: cpu: {{ContainerCPUReqs "csi-resizer"}} memory: {{ContainerMemReqs "csi-resizer"}} - {{end}} - name: liveness-probe image: {{ContainerImage "livenessprobe"}} args: diff --git a/parts/k8s/addons/azurefile-csi-driver-deployment.yaml b/parts/k8s/addons/azurefile-csi-driver-deployment.yaml index 50ce8982b0..21cba89b66 100644 --- a/parts/k8s/addons/azurefile-csi-driver-deployment.yaml +++ b/parts/k8s/addons/azurefile-csi-driver-deployment.yaml @@ -713,7 +713,6 @@ spec: cpu: {{ContainerCPUReqs "csi-snapshotter"}} memory: {{ContainerMemReqs "csi-snapshotter"}} {{end}} - {{if IsKubernetesVersionGe "1.16.0"}} - name: csi-resizer image: {{ContainerImage "csi-resizer"}} args: @@ -733,7 +732,6 @@ spec: requests: cpu: {{ContainerCPUReqs "csi-resizer"}} memory: {{ContainerMemReqs "csi-resizer"}} - {{end}} - name: liveness-probe image: {{ContainerImage "livenessprobe"}} args: diff --git a/parts/k8s/addons/blobfuse-flexvolume.yaml b/parts/k8s/addons/blobfuse-flexvolume.yaml index 3384ecdbfd..c8a50bbb66 100644 --- a/parts/k8s/addons/blobfuse-flexvolume.yaml +++ b/parts/k8s/addons/blobfuse-flexvolume.yaml @@ -1,4 +1,4 @@ -apiVersion: {{if IsKubernetesVersionGe "1.16.0"}}apps/v1{{else}}extensions/v1beta1{{end}} +apiVersion: apps/v1 kind: DaemonSet metadata: name: blobfuse-flexvol-installer diff --git a/parts/k8s/addons/cluster-autoscaler.yaml b/parts/k8s/addons/cluster-autoscaler.yaml index 1793fd1aff..95c47eabb4 100644 --- a/parts/k8s/addons/cluster-autoscaler.yaml +++ b/parts/k8s/addons/cluster-autoscaler.yaml @@ -148,11 +148,7 @@ metadata: kubernetes.io/cluster-service: "true" addonmanager.kubernetes.io/mode: {{GetMode}} --- -{{- if IsKubernetesVersionGe "1.16.0"}} apiVersion: apps/v1 -{{else}} -apiVersion: extensions/v1beta1 -{{- end}} kind: Deployment metadata: labels: @@ -179,7 +175,7 @@ spec: value: "true" key: node-role.kubernetes.io/master nodeSelector: - kubernetes.{{if IsKubernetesVersionGe "1.16.0"}}azure.com{{else}}io{{end}}/role: master + kubernetes.azure.com/role: master kubernetes.io/os: linux containers: - image: {{ContainerImage "cluster-autoscaler"}} diff --git a/parts/k8s/addons/coredns.yaml b/parts/k8s/addons/coredns.yaml index 623f00f976..3fad192a32 100644 --- a/parts/k8s/addons/coredns.yaml +++ b/parts/k8s/addons/coredns.yaml @@ -156,7 +156,7 @@ spec: nodeSelector: kubernetes.io/os: linux {{- if ContainerConfig "use-host-network"}} - kubernetes.{{if IsKubernetesVersionGe "1.16.0"}}azure.com{{else}}io{{end}}/role: agent + kubernetes.azure.com/role: agent {{end}} containers: - name: coredns diff --git a/parts/k8s/addons/flannel.yaml b/parts/k8s/addons/flannel.yaml index d7c780f355..59346572e4 100644 --- a/parts/k8s/addons/flannel.yaml +++ b/parts/k8s/addons/flannel.yaml @@ -34,7 +34,7 @@ data: } } --- -apiVersion: {{if IsKubernetesVersionGe "1.16.0"}}apps/v1{{else}}extensions/v1beta1{{end}} +apiVersion: apps/v1 kind: DaemonSet metadata: name: kube-flannel-ds @@ -44,21 +44,15 @@ metadata: app: flannel addonmanager.kubernetes.io/mode: Reconcile spec: -{{- if IsKubernetesVersionGe "1.16.0"}} selector: matchLabels: tier: node app: flannel -{{- end}} template: metadata: labels: tier: node app: flannel -{{- if not (IsKubernetesVersionGe "1.16.0")}} - annotations: - scheduler.alpha.kubernetes.io/critical-pod: '' -{{- end}} {{- if IsKubernetesVersionGe "1.17.0"}} annotations: cluster-autoscaler.kubernetes.io/daemonset-pod: "true" diff --git a/parts/k8s/addons/ip-masq-agent.yaml b/parts/k8s/addons/ip-masq-agent.yaml index a6f6d5a454..33d6990914 100644 --- a/parts/k8s/addons/ip-masq-agent.yaml +++ b/parts/k8s/addons/ip-masq-agent.yaml @@ -1,4 +1,4 @@ -apiVersion: {{if IsKubernetesVersionGe "1.16.0"}}apps/v1{{else}}extensions/v1beta1{{end}} +apiVersion: apps/v1 kind: DaemonSet metadata: name: azure-ip-masq-agent @@ -9,12 +9,10 @@ metadata: addonmanager.kubernetes.io/mode: Reconcile tier: node spec: -{{- if IsKubernetesVersionGe "1.16.0"}} selector: matchLabels: k8s-app: azure-ip-masq-agent tier: node -{{- end}} template: metadata: labels: @@ -44,10 +42,8 @@ spec: - name: azure-ip-masq-agent image: {{ContainerImage "ip-masq-agent"}} imagePullPolicy: IfNotPresent -{{- if IsKubernetesVersionGe "1.16.0"}} args: - --enable-ipv6={{ContainerConfig "enable-ipv6"}} -{{- end}} securityContext: privileged: true volumeMounts: @@ -78,11 +74,9 @@ data: ip-masq-agent: |- nonMasqueradeCIDRs: - {{ContainerConfig "non-masquerade-cidr"}} -{{- if IsKubernetesVersionGe "1.16.0"}} - {{- if ContainerConfig "secondary-non-masquerade-cidr"}} +{{- if ContainerConfig "secondary-non-masquerade-cidr"}} - {{ContainerConfig "secondary-non-masquerade-cidr"}} - {{end -}} -{{- end}} +{{end -}} {{- if ContainerConfig "non-masq-cni-cidr"}} - {{ContainerConfig "non-masq-cni-cidr"}} masqLinkLocal: true diff --git a/parts/k8s/addons/keyvault-flexvolume.yaml b/parts/k8s/addons/keyvault-flexvolume.yaml index 9bdc62db95..c16323e92e 100644 --- a/parts/k8s/addons/keyvault-flexvolume.yaml +++ b/parts/k8s/addons/keyvault-flexvolume.yaml @@ -1,4 +1,4 @@ -apiVersion: {{if IsKubernetesVersionGe "1.16.0"}}apps/v1{{else}}extensions/v1beta1{{end}} +apiVersion: apps/v1 kind: DaemonSet metadata: labels: @@ -10,11 +10,9 @@ metadata: spec: updateStrategy: type: RollingUpdate -{{- if IsKubernetesVersionGe "1.16.0"}} selector: matchLabels: app: keyvault-flexvolume -{{- end}} template: metadata: labels: diff --git a/parts/k8s/addons/kube-dns.yaml b/parts/k8s/addons/kube-dns.yaml index c4c7dc9e28..4ef38bb117 100644 --- a/parts/k8s/addons/kube-dns.yaml +++ b/parts/k8s/addons/kube-dns.yaml @@ -53,7 +53,7 @@ metadata: labels: addonmanager.kubernetes.io/mode: EnsureExists --- -apiVersion: {{if IsKubernetesVersionGe "1.16.0"}}apps/v1{{else}}extensions/v1beta1{{end}} +apiVersion: apps/v1 kind: Deployment metadata: name: kube-dns @@ -78,11 +78,6 @@ spec: metadata: labels: k8s-app: kube-dns -{{- if not (IsKubernetesVersionGe "1.16.0")}} - annotations: - scheduler.alpha.kubernetes.io/critical-pod: '' - seccomp.security.alpha.kubernetes.io/pod: 'docker/default' -{{- end}} spec: priorityClassName: system-node-critical tolerations: diff --git a/parts/k8s/addons/kube-proxy.yaml b/parts/k8s/addons/kube-proxy.yaml index 6e865ebbcb..f0497780b3 100644 --- a/parts/k8s/addons/kube-proxy.yaml +++ b/parts/k8s/addons/kube-proxy.yaml @@ -1,4 +1,3 @@ -{{if IsKubernetesVersionGe "1.16.0" -}} apiVersion: v1 kind: ConfigMap data: @@ -32,8 +31,7 @@ metadata: tier: node k8s-app: kube-proxy --- -{{- end}} -apiVersion: {{if IsKubernetesVersionGe "1.16.0"}}apps/v1{{else}}extensions/v1beta1{{end}} +apiVersion: apps/v1 kind: DaemonSet metadata: labels: @@ -48,10 +46,8 @@ spec: selector: matchLabels: k8s-app: kube-proxy -{{- if IsKubernetesVersionGe "1.16.0"}} component: kube-proxy tier: node -{{- end}} updateStrategy: type: RollingUpdate rollingUpdate: @@ -82,18 +78,8 @@ spec: operator: Exists containers: - command: -{{- if not (IsKubernetesVersionGe "1.16.0")}} - - /hyperkube -{{- end}} - kube-proxy -{{- if not (IsKubernetesVersionGe "1.16.0")}} - - --kubeconfig=/var/lib/kubelet/kubeconfig - - --cluster-cidr={{ContainerConfig "cluster-cidr"}} - - --feature-gates=ExperimentalCriticalPodAnnotation=true - - --proxy-mode={{ContainerConfig "proxy-mode"}} -{{else}} - --config=/var/lib/kube-proxy/config.yaml -{{- end}} image: {{ContainerImage "kube-proxy"}} imagePullPolicy: IfNotPresent name: kube-proxy @@ -117,12 +103,10 @@ spec: - mountPath: /lib/modules/ name: kernelmodules readOnly: true -{{- if IsKubernetesVersionGe "1.16.0"}} - mountPath: /var/lib/kube-proxy/config.yaml subPath: config.yaml name: kube-proxy-config-volume readOnly: true -{{- end}} hostNetwork: true volumes: - hostPath: @@ -140,10 +124,8 @@ spec: - hostPath: path: /lib/modules/ name: kernelmodules -{{- if IsKubernetesVersionGe "1.16.0"}} - configMap: name: kube-proxy-config name: kube-proxy-config-volume -{{- end}} nodeSelector: kubernetes.io/os: linux diff --git a/parts/k8s/addons/kube-rescheduler.yaml b/parts/k8s/addons/kube-rescheduler.yaml index 194d0a3c7b..bd6a9b4019 100644 --- a/parts/k8s/addons/kube-rescheduler.yaml +++ b/parts/k8s/addons/kube-rescheduler.yaml @@ -1,4 +1,4 @@ -apiVersion: {{if IsKubernetesVersionGe "1.16.0"}}apps/v1{{else}}extensions/v1beta1{{end}} +apiVersion: apps/v1 kind: Deployment metadata: name: rescheduler @@ -16,14 +16,8 @@ spec: metadata: labels: k8s-app: rescheduler -{{- if not (IsKubernetesVersionGe "1.16.0")}} - annotations: - scheduler.alpha.kubernetes.io/critical-pod: '' -{{- end}} spec: -{{- if IsKubernetesVersionGe "1.16.0"}} priorityClassName: system-node-critical -{{- end}} nodeSelector: kubernetes.io/os: linux containers: diff --git a/parts/k8s/addons/metrics-server.yaml b/parts/k8s/addons/metrics-server.yaml index 75c34123ea..ccf92fb542 100644 --- a/parts/k8s/addons/metrics-server.yaml +++ b/parts/k8s/addons/metrics-server.yaml @@ -20,9 +20,7 @@ rules: resources: - pods - nodes -{{- if IsKubernetesVersionGe "1.16.0"}} - nodes/stats -{{- end}} - namespaces verbs: - get @@ -103,11 +101,7 @@ spec: protocol: TCP targetPort: 443 --- -{{- if IsKubernetesVersionGe "1.16.0"}} apiVersion: apps/v1 -{{else}} -apiVersion: extensions/v1beta1 -{{- end}} kind: Deployment metadata: name: metrics-server @@ -134,11 +128,7 @@ spec: imagePullPolicy: IfNotPresent command: - /metrics-server -{{- if IsKubernetesVersionGe "1.16.0"}} - --kubelet-insecure-tls -{{else}} - - --source=kubernetes.summary_api:'' -{{- end}} nodeSelector: kubernetes.io/os: linux --- diff --git a/parts/k8s/addons/nvidia-device-plugin.yaml b/parts/k8s/addons/nvidia-device-plugin.yaml index c013bfe575..35d3e51915 100644 --- a/parts/k8s/addons/nvidia-device-plugin.yaml +++ b/parts/k8s/addons/nvidia-device-plugin.yaml @@ -15,10 +15,6 @@ spec: type: RollingUpdate template: metadata: -{{- if not (IsKubernetesVersionGe "1.16.0")}} - annotations: - scheduler.alpha.kubernetes.io/critical-pod: "" -{{- end}} {{- if IsKubernetesVersionGe "1.17.0"}} annotations: cluster-autoscaler.kubernetes.io/daemonset-pod: "true" diff --git a/parts/k8s/addons/pod-security-policy.yaml b/parts/k8s/addons/pod-security-policy.yaml index 86e0d68736..ec266a0688 100644 --- a/parts/k8s/addons/pod-security-policy.yaml +++ b/parts/k8s/addons/pod-security-policy.yaml @@ -1,4 +1,4 @@ -apiVersion: {{if IsKubernetesVersionGe "1.16.0"}}policy{{else}}extensions{{end}}/v1beta1 +apiVersion: policy/v1beta1 kind: PodSecurityPolicy metadata: name: privileged @@ -28,7 +28,7 @@ spec: fsGroup: rule: RunAsAny --- -apiVersion: {{if IsKubernetesVersionGe "1.16.0"}}policy{{else}}extensions{{end}}/v1beta1 +apiVersion: policy/v1beta1 kind: PodSecurityPolicy metadata: name: restricted diff --git a/parts/k8s/addons/smb-flexvolume.yaml b/parts/k8s/addons/smb-flexvolume.yaml index 824e83d860..cb33dc376e 100644 --- a/parts/k8s/addons/smb-flexvolume.yaml +++ b/parts/k8s/addons/smb-flexvolume.yaml @@ -1,4 +1,4 @@ -apiVersion: {{if IsKubernetesVersionGe "1.16.0"}}apps/v1{{else}}extensions/v1beta1{{end}} +apiVersion: apps/v1 kind: DaemonSet metadata: name: smb-flexvol-installer diff --git a/parts/k8s/addons/tiller.yaml b/parts/k8s/addons/tiller.yaml index 08c4c28f40..aea83f9bef 100644 --- a/parts/k8s/addons/tiller.yaml +++ b/parts/k8s/addons/tiller.yaml @@ -43,7 +43,7 @@ spec: name: tiller type: ClusterIP --- -apiVersion: {{if IsKubernetesVersionGe "1.16.0"}}apps/v1{{else}}extensions/v1beta1{{end}} +apiVersion: apps/v1 kind: Deployment metadata: labels: @@ -54,12 +54,10 @@ metadata: name: tiller-deploy namespace: kube-system spec: -{{- if IsKubernetesVersionGe "1.16.0"}} selector: matchLabels: app: helm name: tiller -{{- end}} template: metadata: labels: diff --git a/parts/k8s/cloud-init/masternodecustomdata.yml b/parts/k8s/cloud-init/masternodecustomdata.yml index f67e3e7d7a..63625a22dc 100644 --- a/parts/k8s/cloud-init/masternodecustomdata.yml +++ b/parts/k8s/cloud-init/masternodecustomdata.yml @@ -426,11 +426,7 @@ MASTER_CONTAINER_ADDONS_PLACEHOLDER owner: root content: | KUBELET_CONFIG={{GetKubeletConfigKeyVals .MasterProfile.KubernetesConfig}} -{{- if IsKubernetesVersionGe "1.16.0"}} KUBELET_NODE_LABELS={{GetMasterKubernetesLabels "',variables('labelResourceGroup'),'"}} -{{else}} - KUBELET_NODE_LABELS={{GetMasterKubernetesLabelsDeprecated "',variables('labelResourceGroup'),'"}} -{{end}} {{- if IsCustomCloudProfile }} AZURE_ENVIRONMENT_FILEPATH=/etc/kubernetes/azurestackcloud.json {{end}} diff --git a/parts/k8s/cloud-init/nodecustomdata.yml b/parts/k8s/cloud-init/nodecustomdata.yml index a788bff5a2..bf63d6c1a0 100644 --- a/parts/k8s/cloud-init/nodecustomdata.yml +++ b/parts/k8s/cloud-init/nodecustomdata.yml @@ -411,11 +411,7 @@ write_files: owner: root content: | KUBELET_CONFIG={{GetKubeletConfigKeyVals .KubernetesConfig }} -{{- if IsKubernetesVersionGe "1.16.0"}} KUBELET_NODE_LABELS={{GetAgentKubernetesLabels . "',variables('labelResourceGroup'),'"}} -{{else}} - KUBELET_NODE_LABELS={{GetAgentKubernetesLabelsDeprecated . "',variables('labelResourceGroup'),'"}} -{{end}} {{- if IsCustomCloudProfile }} AZURE_ENVIRONMENT_FILEPATH=/etc/kubernetes/azurestackcloud.json {{end}} diff --git a/parts/k8s/kuberneteswindowssetup.ps1 b/parts/k8s/kuberneteswindowssetup.ps1 index a40109d94e..589125744e 100644 --- a/parts/k8s/kuberneteswindowssetup.ps1 +++ b/parts/k8s/kuberneteswindowssetup.ps1 @@ -100,11 +100,7 @@ $global:PrimaryScaleSetName = "{{WrapAsVariable "primaryScaleSetName"}}" $global:KubeClusterCIDR = "{{WrapAsParameter "kubeClusterCidr"}}" $global:KubeServiceCIDR = "{{WrapAsParameter "kubeServiceCidr"}}" $global:VNetCIDR = "{{WrapAsParameter "vnetCidr"}}" -{{if IsKubernetesVersionGe "1.16.0"}} $global:KubeletNodeLabels = "{{GetAgentKubernetesLabels . "',variables('labelResourceGroup'),'"}}" -{{else}} -$global:KubeletNodeLabels = "{{GetAgentKubernetesLabelsDeprecated . "',variables('labelResourceGroup'),'"}}" -{{end}} $global:KubeletConfigArgs = @( {{GetKubeletConfigKeyValsPsh .KubernetesConfig }} ) $global:UseManagedIdentityExtension = "{{WrapAsVariable "useManagedIdentityExtension"}}" diff --git a/pkg/api/addons.go b/pkg/api/addons.go index 8d5468fe4f..70174b8c4f 100644 --- a/pkg/api/addons.go +++ b/pkg/api/addons.go @@ -789,7 +789,7 @@ func (cs *ContainerService) setAddonsConfig(isUpgrade bool) { defaultPodSecurityPolicyAddonsConfig := KubernetesAddon{ Name: common.PodSecurityPolicyAddonName, - Enabled: to.BoolPtr(common.IsKubernetesVersionGe(o.OrchestratorVersion, "1.15.0") || to.Bool(o.KubernetesConfig.EnablePodSecurityPolicy)), + Enabled: to.BoolPtr(true), } defaultAuditPolicyAddonsConfig := KubernetesAddon{ @@ -1082,8 +1082,8 @@ func (cs *ContainerService) setAddonsConfig(isUpgrade bool) { o.KubernetesConfig.Addons = append(o.KubernetesConfig.Addons[:i], o.KubernetesConfig.Addons[i+1:]...) } - // Enable pod-security-policy addon during upgrade to 1.15 or greater scenarios, unless explicitly disabled - if isUpgrade && common.IsKubernetesVersionGe(o.OrchestratorVersion, "1.15.0") && !o.KubernetesConfig.IsAddonDisabled(common.PodSecurityPolicyAddonName) { + // Enable pod-security-policy addon during upgrade scenarios, unless explicitly disabled + if isUpgrade && !o.KubernetesConfig.IsAddonDisabled(common.PodSecurityPolicyAddonName) { if i := getAddonsIndexByName(o.KubernetesConfig.Addons, common.PodSecurityPolicyAddonName); i > -1 { o.KubernetesConfig.Addons[i].Enabled = to.BoolPtr(true) } diff --git a/pkg/api/addons_test.go b/pkg/api/addons_test.go index 06b7cba953..5b5e4336ad 100644 --- a/pkg/api/addons_test.go +++ b/pkg/api/addons_test.go @@ -5176,13 +5176,10 @@ func getDefaultAddons(version, kubernetesImageBase, kubernetesImageBaseType stri }, }, }, - } - - if common.IsKubernetesVersionGe(version, "1.15.0") { - addons = append(addons, KubernetesAddon{ + { Name: common.PodSecurityPolicyAddonName, Enabled: to.BoolPtr(true), - }) + }, } if !common.IsKubernetesVersionGe(version, "1.16.0") { diff --git a/pkg/api/apiloader_test.go b/pkg/api/apiloader_test.go index 9cbc54a70c..9c7901a7f1 100644 --- a/pkg/api/apiloader_test.go +++ b/pkg/api/apiloader_test.go @@ -207,7 +207,7 @@ func TestLoadContainerServiceWithEmptyLocationCustomCloud(t *testing.T) { "properties": { "orchestratorProfile": { "orchestratorType": "Kubernetes", - "orchestratorRelease": "1.15", + "orchestratorRelease": "1.16", "kubernetesConfig": { "kubernetesImageBase": "msazurestackqa/", "useInstanceMetadata": false, @@ -297,7 +297,7 @@ func TestLoadContainerServiceWithEmptyLocationCustomCloud(t *testing.T) { "properties": { "orchestratorProfile": { "orchestratorType": "Kubernetes", - "orchestratorRelease": "1.15", + "orchestratorRelease": "1.16", "kubernetesConfig": { "kubernetesImageBase": "msazurestackqa/", "useInstanceMetadata": false, @@ -452,7 +452,7 @@ func TestLoadContainerServiceForAgentPoolOnlyClusterWithRawJSON(t *testing.T) { Translator: &i18n.Translator{}, } - cs, _, err := apiloader.LoadContainerServiceForAgentPoolOnlyCluster(rawJSON, v20170831.APIVersion, true, false, "1.15.11", nil) + cs, _, err := apiloader.LoadContainerServiceForAgentPoolOnlyCluster(rawJSON, v20170831.APIVersion, true, false, "1.16.14", nil) if err != nil { t.Errorf("unexpected error while executing LoadContainerServiceForAgentPoolOnlyCluster: %s", err.Error()) @@ -478,7 +478,7 @@ func TestLoadContainerServiceForAgentPoolOnlyClusterWithRawJSON(t *testing.T) { rawJSON20180331 := []byte(`{"id":"sampleID","location":"westus2","plan":{"name":"sampleRPPlan","product":"fooProduct","promotionCode":"barPromoCode","publisher":"bazPublisher"},"tags":{"123":"456","abc":"def"},"type":"sampleType","properties":{"provisioningState":"Succeeded","kubernetesVersion":"","dnsPrefix":"blueorange","fqdn":"blueorange.azure.com","agentPoolProfiles":[{"name":"sampleagent","count":0,"vmSize":"Standard_DS1_v1","osDiskSizeGB":512,"storageProfile":"ManagedDisks","vnetSubnetID":"/subscriptions/SUB_ID/resourceGroups/RG_NAME/providers/Microsoft.Network/virtualNetworks/sampleVnet/subnets/sampleVnetSubnetID","osType":"Linux"}],"windowsProfile":{"adminUsername":"azureuser","adminPassword":"azurepassword"},"servicePrincipalProfile":{"clientId":"sampleClientID","secret":"sampleSecret"}}}`) //Test with version v20180331 - cs, _, err = apiloader.LoadContainerServiceForAgentPoolOnlyCluster(rawJSON20180331, v20180331.APIVersion, true, false, "1.15.11", nil) + cs, _, err = apiloader.LoadContainerServiceForAgentPoolOnlyCluster(rawJSON20180331, v20180331.APIVersion, true, false, "1.16.14", nil) if err != nil { t.Errorf("unexpected error while executing LoadContainerServiceForAgentPoolOnlyCluster: %s", err.Error()) diff --git a/pkg/api/common/helper_test.go b/pkg/api/common/helper_test.go index 57f62545d6..cb19c1d2cc 100644 --- a/pkg/api/common/helper_test.go +++ b/pkg/api/common/helper_test.go @@ -138,51 +138,6 @@ func TestIsSGXEnabledSKU(t *testing.T) { } } -func TestGetMasterKubernetesLabelsDeprecated(t *testing.T) { - cases := []struct { - name string - rg string - deprecated bool - expected string - }{ - { - "valid rg string", - "my-resource-group", - false, - "kubernetes.azure.com/role=master,node.kubernetes.io/exclude-from-external-load-balancers=true,node.kubernetes.io/exclude-disruption=true,kubernetes.azure.com/cluster=my-resource-group", - }, - { - "valid rg string", - "my-resource-group", - true, - "kubernetes.azure.com/role=master,node.kubernetes.io/exclude-from-external-load-balancers=true,node.kubernetes.io/exclude-disruption=true,kubernetes.io/role=master,node-role.kubernetes.io/master=,kubernetes.azure.com/cluster=my-resource-group", - }, - { - "empty string", - "", - false, - "kubernetes.azure.com/role=master,node.kubernetes.io/exclude-from-external-load-balancers=true,node.kubernetes.io/exclude-disruption=true,kubernetes.azure.com/cluster=", - }, - { - "empty string", - "", - true, - "kubernetes.azure.com/role=master,node.kubernetes.io/exclude-from-external-load-balancers=true,node.kubernetes.io/exclude-disruption=true,kubernetes.io/role=master,node-role.kubernetes.io/master=,kubernetes.azure.com/cluster=", - }, - } - - for _, c := range cases { - c := c - t.Run(c.name, func(t *testing.T) { - t.Parallel() - ret := GetMasterKubernetesLabels(c.rg, c.deprecated) - if ret != c.expected { - t.Fatalf("expected GetMasterKubernetesLabels(%s, %t) to return %s, but instead got %s", c.rg, c.deprecated, c.expected, ret) - } - }) - } -} - func TestGetOrderedEscapedKeyValsString(t *testing.T) { alphabetizedString := `"foo=bar", "yes=please"` cases := []struct { diff --git a/pkg/api/common/versions.go b/pkg/api/common/versions.go index 458f1cf495..602f024274 100644 --- a/pkg/api/common/versions.go +++ b/pkg/api/common/versions.go @@ -151,8 +151,8 @@ var AllKubernetesSupportedVersions = map[string]bool{ "1.15.8": false, // disabled because of https://github.com/kubernetes/release/issues/1020 "1.15.9": false, "1.15.10": false, - "1.15.11": true, - "1.15.12": true, + "1.15.11": false, + "1.15.12": false, "1.16.0-alpha.1": false, "1.16.0-alpha.2": false, "1.16.0-alpha.3": false, @@ -230,8 +230,8 @@ var AllKubernetesSupportedVersionsAzureStack = map[string]bool{ "1.15.4": false, "1.15.5": false, // disabled because of https://github.com/Azure/aks-engine/issues/2312 "1.15.10": false, - "1.15.11": true, - "1.15.12": true, + "1.15.11": false, + "1.15.12": false, "1.16.9": false, "1.16.10": false, "1.16.11": false, @@ -248,8 +248,8 @@ var AllKubernetesSupportedVersionsAzureStack = map[string]bool{ // AllKubernetesWindowsSupportedVersionsAzureStack maintain a set of available k8s Windows versions in aks-engine on Azure Stack var AllKubernetesWindowsSupportedVersionsAzureStack = map[string]bool{ "1.15.10": false, - "1.15.11": true, - "1.15.12": true, + "1.15.11": false, + "1.15.12": false, "1.16.9": false, "1.16.10": false, "1.16.11": false, diff --git a/pkg/api/common/versions_test.go b/pkg/api/common/versions_test.go index d3d7d8cd1f..85e42f95d9 100644 --- a/pkg/api/common/versions_test.go +++ b/pkg/api/common/versions_test.go @@ -668,11 +668,11 @@ func Test_IsSupportedKubernetesVersion(t *testing.T) { } func Test_IsValidMinVersion(t *testing.T) { - orchestratorRelease := "1.15" + orchestratorRelease := "1.16" orchestratorVersion := "" t.Run("Minimum version is valid", func(t *testing.T) { - minVersion := "1.15.0" + minVersion := "1.16.0" _, err := IsValidMinVersion(Kubernetes, orchestratorRelease, orchestratorVersion, minVersion) if err != nil { t.Errorf("version should be valid: %v", err) @@ -680,7 +680,7 @@ func Test_IsValidMinVersion(t *testing.T) { }) t.Run("Minimum version is invalid", func(t *testing.T) { - minVersion := "v1.15.0" + minVersion := "v1.16.0" _, err := IsValidMinVersion(Kubernetes, orchestratorRelease, orchestratorVersion, minVersion) if err == nil { t.Errorf("version should be invalid: %v", err) @@ -696,7 +696,7 @@ func Test_IsValidMinVersion(t *testing.T) { }) t.Run("Kubernetes release is lower than minimum required version", func(t *testing.T) { - minVersion := "1.16.0" + minVersion := "1.17.0" isValidVersion, _ := IsValidMinVersion(Kubernetes, orchestratorRelease, orchestratorVersion, minVersion) if isValidVersion { t.Errorf("version should be not valid") @@ -704,7 +704,7 @@ func Test_IsValidMinVersion(t *testing.T) { }) t.Run("Kubernetes version is higher than required version", func(t *testing.T) { - orchestratorVersion = "1.15.11" + orchestratorVersion = "1.16.14" minVersion := "1.13.0" isValidVersion, _ := IsValidMinVersion(Kubernetes, "", orchestratorVersion, minVersion) if !isValidVersion { diff --git a/pkg/api/convertertoagentpoolonlyapi_test.go b/pkg/api/convertertoagentpoolonlyapi_test.go index d395e8206a..ff3debdc2a 100644 --- a/pkg/api/convertertoagentpoolonlyapi_test.go +++ b/pkg/api/convertertoagentpoolonlyapi_test.go @@ -14,7 +14,7 @@ import ( ) func TestConvertV20180331AgentPoolOnlyOrchestratorProfile(t *testing.T) { - kubernetesVersion := "1.15.11" + kubernetesVersion := "1.16.14" networkPlugin := v20180331.Azure networkPolicy := v20180331.NetworkPolicyCalico networkPluginKubenet := v20180331.Kubenet diff --git a/pkg/api/defaults-kubelet_test.go b/pkg/api/defaults-kubelet_test.go index 5a0c8ffaa6..dc76ecb5d7 100644 --- a/pkg/api/defaults-kubelet_test.go +++ b/pkg/api/defaults-kubelet_test.go @@ -245,7 +245,7 @@ func getDefaultLinuxKubeletConfig(cs *ContainerService) map[string]string { } func TestKubeletConfigAzureStackDefaults(t *testing.T) { - cs := CreateMockContainerService("testcluster", common.RationalizeReleaseAndVersion(Kubernetes, "1.15", "", false, false, false), 3, 2, false) + cs := CreateMockContainerService("testcluster", common.RationalizeReleaseAndVersion(Kubernetes, "1.16", "", false, false, false), 3, 2, false) cs.Properties.CustomCloudProfile = &CustomCloudProfile{} winProfile := &AgentPoolProfile{} winProfile.Count = 1 @@ -260,18 +260,20 @@ func TestKubeletConfigAzureStackDefaults(t *testing.T) { "--address": "0.0.0.0", "--allow-privileged": "true", // validate that we delete this key for >= 1.15 clusters "--anonymous-auth": "false", + "--authentication-token-webhook": "true", "--authorization-mode": "Webhook", "--azure-container-registry-config": "/etc/kubernetes/azure.json", "--cadvisor-port": "", // Validate that we delete this key for >= 1.12 clusters "--cgroups-per-qos": "true", "--client-ca-file": "/etc/kubernetes/certs/ca.crt", - "--cloud-provider": "azure", "--cloud-config": "/etc/kubernetes/azure.json", + "--cloud-provider": "azure", "--cluster-dns": DefaultKubernetesDNSServiceIP, "--cluster-domain": "cluster.local", "--enforce-node-allocatable": "pods", "--event-qps": DefaultKubeletEventQPS, "--eviction-hard": DefaultKubernetesHardEvictionThreshold, + "--feature-gates": "RotateKubeletServerCertificate=true", "--image-gc-high-threshold": strconv.Itoa(DefaultKubernetesGCHighThreshold), "--image-gc-low-threshold": strconv.Itoa(DefaultKubernetesGCLowThreshold), "--image-pull-progress-deadline": "30m", @@ -281,17 +283,17 @@ func TestKubeletConfigAzureStackDefaults(t *testing.T) { "--network-plugin": NetworkPluginKubenet, "--node-status-update-frequency": DefaultAzureStackKubernetesNodeStatusUpdateFrequency, "--non-masquerade-cidr": DefaultNonMasqueradeCIDR, - "--pod-manifest-path": "/etc/kubernetes/manifests", "--pod-infra-container-image": cs.Properties.OrchestratorProfile.KubernetesConfig.MCRKubernetesImageBase + k8sComponentsByVersionMap[cs.Properties.OrchestratorProfile.OrchestratorVersion][common.PauseComponentName], + "--pod-manifest-path": "/etc/kubernetes/manifests", "--pod-max-pids": strconv.Itoa(DefaultKubeletPodMaxPIDs), "--protect-kernel-defaults": "true", + "--read-only-port": "0", + "--register-with-taints": common.MasterNodeTaint, "--rotate-certificates": "true", "--streaming-connection-idle-timeout": "4h", - "--feature-gates": "RotateKubeletServerCertificate=true", - "--tls-cipher-suites": TLSStrongCipherSuitesKubelet, "--tls-cert-file": "/etc/kubernetes/certs/kubeletserver.crt", + "--tls-cipher-suites": TLSStrongCipherSuitesKubelet, "--tls-private-key-file": "/etc/kubernetes/certs/kubeletserver.key", - "--register-with-taints": common.MasterNodeTaint, "--v": "2", "--volume-plugin-dir": "/etc/kubernetes/volumeplugins", "--healthz-port": DefaultKubeletHealthzPort, @@ -389,7 +391,7 @@ func TestKubeletConfigAzureStackDefaults(t *testing.T) { } func TestKubeletConfigDefaultsRemovals(t *testing.T) { - cs := CreateMockContainerService("testcluster", common.RationalizeReleaseAndVersion(Kubernetes, "1.15", "", false, false, false), 3, 2, false) + cs := CreateMockContainerService("testcluster", common.RationalizeReleaseAndVersion(Kubernetes, "1.16", "", false, false, false), 3, 2, false) poolProfile := &AgentPoolProfile{} poolProfile.Count = 1 poolProfile.Name = "agentpool2" @@ -407,7 +409,7 @@ func TestKubeletConfigDefaultsRemovals(t *testing.T) { key) } } - cs = CreateMockContainerService("testcluster", "1.15.0-beta.1", 3, 2, false) + cs = CreateMockContainerService("testcluster", "1.16.0-beta.1", 3, 2, false) cs.Properties.AgentPoolProfiles = append(cs.Properties.AgentPoolProfiles, poolProfile) cs.setKubeletConfig(false) kubeletConfig = cs.Properties.OrchestratorProfile.KubernetesConfig.KubeletConfig diff --git a/pkg/api/defaults_test.go b/pkg/api/defaults_test.go index e089d795fb..19e7492338 100644 --- a/pkg/api/defaults_test.go +++ b/pkg/api/defaults_test.go @@ -231,7 +231,7 @@ func TestAddonsIndexByName(t *testing.T) { } func TestAssignDefaultAddonImages(t *testing.T) { - kubernetesVersion := "1.15.11" + kubernetesVersion := "1.16.14" k8sComponents := GetK8sComponentsByVersionMap(&KubernetesConfig{KubernetesImageBaseType: common.KubernetesImageBaseTypeMCR})[kubernetesVersion] customImage := "myimage" specConfig := AzureCloudSpecEnvMap["AzurePublicCloud"].KubernetesSpecConfig diff --git a/pkg/api/types_test.go b/pkg/api/types_test.go index e2411ca48c..e36503b313 100644 --- a/pkg/api/types_test.go +++ b/pkg/api/types_test.go @@ -42,7 +42,7 @@ const exampleAKSAPIModel = `{ "properties": { "dnsPrefix": "agents006", "fqdn": "agents006.azmk8s.io", - "kubernetesVersion": "1.15.11", + "kubernetesVersion": "1.16.14", "agentPoolProfiles": [ { "name": "agentpool1", "count": 2, "vmSize": "Standard_D2_v2" } ], "linuxProfile": { "adminUsername": "azureuser", "ssh": { "publicKeys": [ { "keyData": "" } ] } }, diff --git a/pkg/api/vlabs/validate_test.go b/pkg/api/vlabs/validate_test.go index daaa863b29..99ab984eb9 100644 --- a/pkg/api/vlabs/validate_test.go +++ b/pkg/api/vlabs/validate_test.go @@ -94,7 +94,7 @@ func Test_OrchestratorProfile_Validate(t *testing.T) { properties: &Properties{ OrchestratorProfile: &OrchestratorProfile{ OrchestratorType: "Kubernetes", - OrchestratorVersion: "1.15.11", + OrchestratorVersion: "1.16.14", KubernetesConfig: &KubernetesConfig{ EnableAggregatedAPIs: true, EnableRbac: &falseVal, @@ -131,7 +131,7 @@ func Test_OrchestratorProfile_Validate(t *testing.T) { properties: &Properties{ OrchestratorProfile: &OrchestratorProfile{ OrchestratorType: "Kubernetes", - OrchestratorVersion: "1.15.11", + OrchestratorVersion: "1.16.14", KubernetesConfig: &KubernetesConfig{ EnableDataEncryptionAtRest: &trueVal, EtcdEncryptionKey: "fakeEncryptionKey", @@ -194,7 +194,7 @@ func Test_OrchestratorProfile_Validate(t *testing.T) { properties: &Properties{ OrchestratorProfile: &OrchestratorProfile{ OrchestratorType: "Kubernetes", - OrchestratorVersion: "1.15.11", + OrchestratorVersion: "1.16.14", KubernetesConfig: &KubernetesConfig{ EnablePodSecurityPolicy: &trueVal, }, @@ -277,7 +277,7 @@ func Test_OrchestratorProfile_Validate(t *testing.T) { properties: &Properties{ OrchestratorProfile: &OrchestratorProfile{ OrchestratorType: "Kubernetes", - OrchestratorVersion: "v1.15.11", + OrchestratorVersion: "v1.16.14", }, }, }, @@ -2524,7 +2524,7 @@ func Test_Properties_ValidateAddons(t *testing.T) { ) } - p.OrchestratorProfile.OrchestratorRelease = "1.15" + p.OrchestratorProfile.OrchestratorRelease = "1.16" if err := p.validateAddons(); err != nil { t.Errorf( "should not error on nvidia-device-plugin with k8s >= 1.12", @@ -3062,7 +3062,7 @@ func TestProperties_ValidateManagedIdentity(t *testing.T) { }{ { name: "use managed identity with master vmas", - orchestratorRelease: "1.15", + orchestratorRelease: "1.16", useManagedIdentity: true, masterProfile: MasterProfile{ DNSPrefix: "dummy", @@ -3078,7 +3078,7 @@ func TestProperties_ValidateManagedIdentity(t *testing.T) { }, { name: "use master VMSS with empty user assigned ID", - orchestratorRelease: "1.15", + orchestratorRelease: "1.16", useManagedIdentity: true, masterProfile: MasterProfile{ DNSPrefix: "dummy", @@ -3169,7 +3169,7 @@ func TestMasterProfileValidate(t *testing.T) { { name: "Master Profile with VMSS and storage account", orchestratorType: Kubernetes, - orchestratorRelease: "1.15", + orchestratorRelease: "1.16", masterProfile: MasterProfile{ DNSPrefix: "dummy", Count: 3, @@ -3181,7 +3181,7 @@ func TestMasterProfileValidate(t *testing.T) { { name: "Master Profile with VMSS and agent profiles with VMAS", orchestratorType: Kubernetes, - orchestratorRelease: "1.15", + orchestratorRelease: "1.16", masterProfile: MasterProfile{ DNSPrefix: "dummy", Count: 3, @@ -3270,7 +3270,7 @@ func TestProperties_ValidateZones(t *testing.T) { }{ { name: "Agent profile with zones vmas", - orchestratorRelease: "1.15", + orchestratorRelease: "1.16", masterProfile: &MasterProfile{ Count: 5, DNSPrefix: "foo", @@ -3292,7 +3292,7 @@ func TestProperties_ValidateZones(t *testing.T) { }, { name: "Master profile with zones and Agent profile without zones", - orchestratorRelease: "1.15", + orchestratorRelease: "1.16", masterProfile: &MasterProfile{ Count: 5, DNSPrefix: "foo", @@ -3313,7 +3313,7 @@ func TestProperties_ValidateZones(t *testing.T) { }, { name: "Master profile without zones and Agent profile with zones", - orchestratorRelease: "1.15", + orchestratorRelease: "1.16", masterProfile: &MasterProfile{ Count: 3, DNSPrefix: "foo", @@ -3334,7 +3334,7 @@ func TestProperties_ValidateZones(t *testing.T) { }, { name: "all zones and basic loadbalancer", - orchestratorRelease: "1.15", + orchestratorRelease: "1.16", loadBalancerSku: BasicLoadBalancerSku, masterProfile: &MasterProfile{ Count: 5, @@ -3357,7 +3357,7 @@ func TestProperties_ValidateZones(t *testing.T) { }, { name: "all zones with standard loadbalancer and false excludeMasterFromStandardLB", - orchestratorRelease: "1.15", + orchestratorRelease: "1.16", loadBalancerSku: StandardLoadBalancerSku, excludeMasterFromStandardLB: false, masterProfile: &MasterProfile{ @@ -3560,7 +3560,7 @@ func TestProperties_ValidateLoadBalancer(t *testing.T) { }{ { name: "lowercase basic LB", - orchestratorRelease: "1.15", + orchestratorRelease: "1.16", loadBalancerSku: "basic", masterProfile: &MasterProfile{ Count: 3, @@ -3580,7 +3580,7 @@ func TestProperties_ValidateLoadBalancer(t *testing.T) { }, { name: "Basic LB", - orchestratorRelease: "1.15", + orchestratorRelease: "1.16", loadBalancerSku: BasicLoadBalancerSku, masterProfile: &MasterProfile{ Count: 3, @@ -3591,7 +3591,7 @@ func TestProperties_ValidateLoadBalancer(t *testing.T) { }, { name: "lowercase standard LB", - orchestratorRelease: "1.15", + orchestratorRelease: "1.16", loadBalancerSku: "standard", masterProfile: &MasterProfile{ Count: 3, @@ -3602,7 +3602,7 @@ func TestProperties_ValidateLoadBalancer(t *testing.T) { }, { name: "Standard LB without master excluded", - orchestratorRelease: "1.15", + orchestratorRelease: "1.16", loadBalancerSku: StandardLoadBalancerSku, masterProfile: &MasterProfile{ Count: 3, @@ -3615,7 +3615,7 @@ func TestProperties_ValidateLoadBalancer(t *testing.T) { }, { name: "Standard LB", - orchestratorRelease: "1.15", + orchestratorRelease: "1.16", loadBalancerSku: StandardLoadBalancerSku, masterProfile: &MasterProfile{ Count: 3, @@ -3627,7 +3627,7 @@ func TestProperties_ValidateLoadBalancer(t *testing.T) { }, { name: "empty string LB value", - orchestratorRelease: "1.15", + orchestratorRelease: "1.16", loadBalancerSku: "", masterProfile: &MasterProfile{ Count: 3, @@ -3638,7 +3638,7 @@ func TestProperties_ValidateLoadBalancer(t *testing.T) { }, { name: "invalid LB string value", - orchestratorRelease: "1.15", + orchestratorRelease: "1.16", loadBalancerSku: "foo", masterProfile: &MasterProfile{ Count: 3, @@ -3745,7 +3745,7 @@ func TestProperties_ValidateSinglePlacementGroup(t *testing.T) { t.Run(test.name, func(t *testing.T) { t.Parallel() cs := getK8sDefaultContainerService(true) - cs.Properties.OrchestratorProfile.OrchestratorRelease = "1.15" + cs.Properties.OrchestratorProfile.OrchestratorRelease = "1.16" cs.Properties.MasterProfile = test.masterProfile cs.Properties.AgentPoolProfiles = test.agentPoolProfiles err := cs.Validate(true) @@ -3858,7 +3858,7 @@ func TestProperties_ValidatePPGID(t *testing.T) { t.Run(test.name, func(t *testing.T) { t.Parallel() cs := getK8sDefaultContainerService(true) - cs.Properties.OrchestratorProfile.OrchestratorRelease = "1.15" + cs.Properties.OrchestratorProfile.OrchestratorRelease = "1.16" cs.Properties.MasterProfile = test.masterProfile cs.Properties.AgentPoolProfiles = test.agentPoolProfiles err := cs.Validate(true) @@ -4034,7 +4034,7 @@ func TestProperties_ValidateVNET(t *testing.T) { t.Run(test.name, func(t *testing.T) { t.Parallel() cs := getK8sDefaultContainerService(true) - cs.Properties.OrchestratorProfile.OrchestratorRelease = "1.15" + cs.Properties.OrchestratorProfile.OrchestratorRelease = "1.16" cs.Properties.MasterProfile = test.masterProfile cs.Properties.AgentPoolProfiles = test.agentPoolProfiles err := cs.Validate(true) @@ -4668,7 +4668,7 @@ func TestValidateLocation(t *testing.T) { }, OrchestratorProfile: &OrchestratorProfile{ OrchestratorType: Kubernetes, - OrchestratorVersion: "1.15.11", + OrchestratorVersion: "1.16.14", KubernetesConfig: &KubernetesConfig{ UseInstanceMetadata: to.BoolPtr(trueVal), }, @@ -4689,7 +4689,7 @@ func TestValidateLocation(t *testing.T) { }, OrchestratorProfile: &OrchestratorProfile{ OrchestratorType: Kubernetes, - OrchestratorVersion: "1.15.11", + OrchestratorVersion: "1.16.14", KubernetesConfig: &KubernetesConfig{ EtcdDiskSizeGB: "1024", }, @@ -4710,7 +4710,7 @@ func TestValidateLocation(t *testing.T) { }, OrchestratorProfile: &OrchestratorProfile{ OrchestratorType: Kubernetes, - OrchestratorVersion: "1.15.11", + OrchestratorVersion: "1.16.14", KubernetesConfig: &KubernetesConfig{ EtcdDiskSizeGB: "1024GB", }, @@ -4731,7 +4731,7 @@ func TestValidateLocation(t *testing.T) { }, OrchestratorProfile: &OrchestratorProfile{ OrchestratorType: Kubernetes, - OrchestratorVersion: "1.15.11", + OrchestratorVersion: "1.16.14", }, AgentPoolProfiles: []*AgentPoolProfile{ { @@ -4757,7 +4757,7 @@ func TestValidateLocation(t *testing.T) { }, OrchestratorProfile: &OrchestratorProfile{ OrchestratorType: Kubernetes, - OrchestratorVersion: "1.15.11", + OrchestratorVersion: "1.16.14", }, AgentPoolProfiles: []*AgentPoolProfile{ { @@ -4823,7 +4823,7 @@ func TestValidateAcceleratedNetworkingEnabledWindows(t *testing.T) { }, OrchestratorProfile: &OrchestratorProfile{ OrchestratorType: Kubernetes, - OrchestratorVersion: "1.15.11", + OrchestratorVersion: "1.16.14", }, AgentPoolProfiles: []*AgentPoolProfile{ { diff --git a/pkg/engine/template_generator.go b/pkg/engine/template_generator.go index 1c4deeb498..ce332f37f8 100644 --- a/pkg/engine/template_generator.go +++ b/pkg/engine/template_generator.go @@ -284,15 +284,9 @@ func getContainerServiceFuncMap(cs *api.ContainerService) template.FuncMap { "GetMasterKubernetesLabels": func(rg string) string { return common.GetMasterKubernetesLabels(rg, false) }, - "GetMasterKubernetesLabelsDeprecated": func(rg string) string { - return common.GetMasterKubernetesLabels(rg, true) - }, "GetAgentKubernetesLabels": func(profile *api.AgentPoolProfile, rg string) string { return profile.GetKubernetesLabels(rg, false) }, - "GetAgentKubernetesLabelsDeprecated": func(profile *api.AgentPoolProfile, rg string) string { - return profile.GetKubernetesLabels(rg, true) - }, "GetKubeletConfigKeyVals": func(kc *api.KubernetesConfig) string { if kc == nil { return "" diff --git a/pkg/engine/template_generator_test.go b/pkg/engine/template_generator_test.go index 313fda29d5..065e3284e5 100644 --- a/pkg/engine/template_generator_test.go +++ b/pkg/engine/template_generator_test.go @@ -56,9 +56,7 @@ func TestGetTemplateFuncMap(t *testing.T) { "IsKubernetesVersionGe", "IsKubernetesVersionLt", "GetMasterKubernetesLabels", - "GetMasterKubernetesLabelsDeprecated", "GetAgentKubernetesLabels", - "GetAgentKubernetesLabelsDeprecated", "GetKubeletConfigKeyVals", "GetKubeletConfigKeyValsPsh", "GetK8sRuntimeConfigKeyVals", diff --git a/pkg/engine/templates_generated.go b/pkg/engine/templates_generated.go index 8d2fcfbef9..02a1fd2890 100644 --- a/pkg/engine/templates_generated.go +++ b/pkg/engine/templates_generated.go @@ -32,7 +32,6 @@ // ../../parts/dcos/dcosprovision.sh // ../../parts/dcos/dcosprovisionsource.sh // ../../parts/iaasoutputs.t -// ../../parts/k8s/addons/1.15/calico.yaml // ../../parts/k8s/addons/aad-default-admin-group-rbac.yaml // ../../parts/k8s/addons/aad-pod-identity.yaml // ../../parts/k8s/addons/aci-connector.yaml @@ -6387,799 +6386,6 @@ func iaasoutputsT() (*asset, error) { return a, nil } -var _k8sAddons115CalicoYaml = []byte(`{{- /* Source: calico/templates/calico-config.yaml -This ConfigMap is used to configure a self-hosted Calico installation. */}} -kind: ConfigMap -apiVersion: v1 -metadata: - name: calico-config - namespace: kube-system - labels: - addonmanager.kubernetes.io/mode: "EnsureExists" -data: - {{- /* You must set a non-zero value for Typha replicas below. */}} - typha_service_name: "calico-typha" - {{- /* The CNI network configuration to install on each node. The special - values in this config will be automatically populated. */}} - cni_network_config: |- - { - "name": "k8s-pod-network", - "cniVersion": "0.3.1", - "plugins": [ - { - "type": "calico", - "log_level": "info", - "datastore_type": "kubernetes", - "nodename": "__KUBERNETES_NODE_NAME__", - "mtu": 1500, -{{- if not IsAzureCNI}} - "ipam": { - "type": "host-local", - "subnet": "usePodCidr" - }, -{{- end}} - "policy": { - "type": "k8s" - }, - "kubernetes": { - "kubeconfig": "__KUBECONFIG_FILEPATH__" - } - }, - { - "type": "portmap", - "snat": true, - "capabilities": {"portMappings": true} - } - ] - } - ---- -{{- /* Source: calico/templates/kdd-crds.yaml */}} -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: felixconfigurations.crd.projectcalico.org - labels: - addonmanager.kubernetes.io/mode: "EnsureExists" -spec: - scope: Cluster - group: crd.projectcalico.org - version: v1 - names: - kind: FelixConfiguration - plural: felixconfigurations - singular: felixconfiguration ---- - -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: bgpconfigurations.crd.projectcalico.org - labels: - addonmanager.kubernetes.io/mode: "EnsureExists" -spec: - scope: Cluster - group: crd.projectcalico.org - version: v1 - names: - kind: BGPConfiguration - plural: bgpconfigurations - singular: bgpconfiguration ---- - -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: ippools.crd.projectcalico.org - labels: - addonmanager.kubernetes.io/mode: "EnsureExists" -spec: - scope: Cluster - group: crd.projectcalico.org - version: v1 - names: - kind: IPPool - plural: ippools - singular: ippool ---- - -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: hostendpoints.crd.projectcalico.org - labels: - addonmanager.kubernetes.io/mode: "EnsureExists" -spec: - scope: Cluster - group: crd.projectcalico.org - version: v1 - names: - kind: HostEndpoint - plural: hostendpoints - singular: hostendpoint ---- - -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: clusterinformations.crd.projectcalico.org - labels: - addonmanager.kubernetes.io/mode: "EnsureExists" -spec: - scope: Cluster - group: crd.projectcalico.org - version: v1 - names: - kind: ClusterInformation - plural: clusterinformations - singular: clusterinformation ---- - -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: globalnetworkpolicies.crd.projectcalico.org - labels: - addonmanager.kubernetes.io/mode: "EnsureExists" -spec: - scope: Cluster - group: crd.projectcalico.org - version: v1 - names: - kind: GlobalNetworkPolicy - plural: globalnetworkpolicies - singular: globalnetworkpolicy ---- - -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: globalnetworksets.crd.projectcalico.org - labels: - addonmanager.kubernetes.io/mode: "EnsureExists" -spec: - scope: Cluster - group: crd.projectcalico.org - version: v1 - names: - kind: GlobalNetworkSet - plural: globalnetworksets - singular: globalnetworkset ---- - -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: networkpolicies.crd.projectcalico.org - labels: - addonmanager.kubernetes.io/mode: "EnsureExists" -spec: - scope: Namespaced - group: crd.projectcalico.org - version: v1 - names: - kind: NetworkPolicy - plural: networkpolicies - singular: networkpolicy ---- - -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: networksets.crd.projectcalico.org - labels: - addonmanager.kubernetes.io/mode: "EnsureExists" -spec: - scope: Namespaced - group: crd.projectcalico.org - version: v1 - names: - kind: NetworkSet - plural: networksets - singular: networkset ---- -{{- /* Source: calico/templates/rbac.yaml -Include a clusterrole for the calico-node DaemonSet, -and bind it to the calico-node serviceaccount. */}} -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: calico-node - labels: - addonmanager.kubernetes.io/mode: "EnsureExists" -rules: -{{- /* The CNI plugin needs to get pods, nodes, and namespaces. */}} -- apiGroups: [""] - resources: - - pods - - nodes - - namespaces - verbs: - - get -- apiGroups: [""] - resources: - - endpoints - - services - verbs: - {{- /* Used to discover service IPs for advertisement. */}} - - watch - - list - {{- /* Used to discover Typhas. */}} - - get -- apiGroups: [""] - resources: - - nodes/status - verbs: - {{- /* Needed for clearing NodeNetworkUnavailable flag. */}} - - patch - {{- /* Calico stores some configuration information in node annotations. */}} - - update -{{- /* Watch for changes to Kubernetes NetworkPolicies. */}} -- apiGroups: ["networking.k8s.io"] - resources: - - networkpolicies - verbs: - - watch - - list -{{- /* Used by Calico for policy information. */}} -- apiGroups: [""] - resources: - - pods - - namespaces - - serviceaccounts - verbs: - - list - - watch -{{- /* The CNI plugin patches pods/status. */}} -- apiGroups: [""] - resources: - - pods/status - verbs: - - patch -{{- /* Calico monitors various CRDs for config. */}} -- apiGroups: ["crd.projectcalico.org"] - resources: - - globalfelixconfigs - - felixconfigurations - - bgppeers - - globalbgpconfigs - - bgpconfigurations - - ippools - - ipamblocks - - globalnetworkpolicies - - globalnetworksets - - networkpolicies - - networksets - - clusterinformations - - hostendpoints - verbs: - - get - - list - - watch -{{- /* Calico must create and update some CRDs on startup. */}} -- apiGroups: ["crd.projectcalico.org"] - resources: - - ippools - - felixconfigurations - - clusterinformations - verbs: - - create - - update -{{- /* Calico stores some configuration information on the node. */}} -- apiGroups: [""] - resources: - - nodes - verbs: - - get - - list - - watch -{{- /* These permissions are only requried for upgrade from v2.6, and can -be removed after upgrade or on fresh installations. */}} -- apiGroups: ["crd.projectcalico.org"] - resources: - - bgpconfigurations - - bgppeers - verbs: - - create - - update ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: calico-node - labels: - addonmanager.kubernetes.io/mode: "EnsureExists" -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: calico-node -subjects: -- kind: ServiceAccount - name: calico-node - namespace: kube-system ---- -{{- /* Source: calico/templates/calico-typha.yaml -This manifest creates a Service, which will be backed by Calico's Typha daemon. -Typha sits in between Felix and the API server, reducing Calico's load on the API server. */}} -apiVersion: v1 -kind: Service -metadata: - name: calico-typha - namespace: kube-system - labels: - k8s-app: calico-typha - addonmanager.kubernetes.io/mode: "EnsureExists" -spec: - ports: - - port: 5473 - protocol: TCP - targetPort: calico-typha - name: calico-typha - selector: - k8s-app: calico-typha ---- -{{- /* This manifest creates a Deployment of Typha to back the above service. */}} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: calico-typha - namespace: kube-system - labels: - k8s-app: calico-typha - addonmanager.kubernetes.io/mode: "EnsureExists" -spec: - {{- /* Number of Typha replicas. To enable Typha, set this to a non-zero value *and* set the - typha_service_name variable in the calico-config ConfigMap above. - We recommend using Typha if you have more than 50 nodes. Above 100 nodes it is essential - (when using the Kubernetes datastore). Use one replica for every 100-200 nodes. In - production, we recommend running at least 3 replicas to reduce the impact of rolling upgrade. */}} - replicas: 1 - revisionHistoryLimit: 2 - selector: - matchLabels: - k8s-app: calico-typha - template: - metadata: - labels: - k8s-app: calico-typha - annotations: - {{- /* This, along with the CriticalAddonsOnly toleration below, marks the pod as a critical - add-on, ensuring it gets priority scheduling and that its resources are reserved - if it ever gets evicted. */}} - scheduler.alpha.kubernetes.io/critical-pod: '' - cluster-autoscaler.kubernetes.io/safe-to-evict: 'true' - spec: - nodeSelector: - kubernetes.io/os: linux - hostNetwork: true - tolerations: - {{- /* Mark the pod as a critical add-on for rescheduling. */}} - - key: CriticalAddonsOnly - operator: Exists - {{- /* Since Calico can't network a pod until Typha is up, we need to run Typha itself - as a host-networked pod. */}} - serviceAccountName: calico-node - priorityClassName: system-cluster-critical - containers: - - image: {{ContainerImage "calico-typha"}} - name: calico-typha - ports: - - containerPort: 5473 - name: calico-typha - protocol: TCP - env: - {{- /* Enable "info" logging by default. Can be set to "debug" to increase verbosity. */}} - - name: TYPHA_LOGSEVERITYSCREEN - value: "info" - {{- /* Disable logging to file and syslog since those don't make sense in Kubernetes. */}} - - name: TYPHA_LOGFILEPATH - value: "none" - - name: TYPHA_LOGSEVERITYSYS - value: "none" - {{- /* Monitor the Kubernetes API to find the number of running instances and rebalance - connections. */}} - - name: TYPHA_CONNECTIONREBALANCINGMODE - value: "kubernetes" - - name: TYPHA_DATASTORETYPE - value: "kubernetes" - - name: TYPHA_HEALTHENABLED - value: "true" - {{- /* Configure route aggregation based on pod CIDR. */}} - - name: USE_POD_CIDR - value: "true" - - name: FELIX_INTERFACEPREFIX - value: "{{if IsAzureCNI}}azv{{else}}cali{{end}}" - # Uncomment these lines to enable prometheus metrics. Since Typha is host-networked, - # this opens a port on the host, which may need to be secured. - #- name: TYPHA_PROMETHEUSMETRICSENABLED - # value: "true" - #- name: TYPHA_PROMETHEUSMETRICSPORT - # value: "9093" - livenessProbe: - httpGet: - path: /liveness - port: 9098 - host: localhost - periodSeconds: 30 - initialDelaySeconds: 30 - readinessProbe: - httpGet: - path: /readiness - port: 9098 - host: localhost - periodSeconds: 10 ---- -{{- /* Source: calico/templates/calico-node.yaml -This manifest installs the calico-node container, as well -as the CNI plugins and network config on -each master and worker node in a Kubernetes cluster. */}} -kind: DaemonSet -apiVersion: apps/v1 -metadata: - name: calico-node - namespace: kube-system - labels: - k8s-app: calico-node - addonmanager.kubernetes.io/mode: "EnsureExists" -spec: - selector: - matchLabels: - k8s-app: calico-node - updateStrategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: 1 - template: - metadata: - labels: - k8s-app: calico-node - annotations: - {{- /* This, along with the CriticalAddonsOnly toleration below, - marks the pod as a critical add-on, ensuring it gets - priority scheduling and that its resources are reserved - if it ever gets evicted. */}} - scheduler.alpha.kubernetes.io/critical-pod: '' - spec: - nodeSelector: - kubernetes.io/os: linux - hostNetwork: true - tolerations: - {{- /* Make sure calico-node gets scheduled on all nodes. */}} - - effect: NoSchedule - operator: Exists - {{- /* Mark the pod as a critical add-on for rescheduling. */}} - - key: CriticalAddonsOnly - operator: Exists - - effect: NoExecute - operator: Exists - serviceAccountName: calico-node - {{- /* Minimize downtime during a rolling upgrade or deletion; tell Kubernetes to do a "force deletion": - https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods. */}} - terminationGracePeriodSeconds: 0 - priorityClassName: system-node-critical - initContainers: -{{- if not IsAzureCNI}} - {{- /* This container installs the CNI binaries - and CNI network config file on each node. */}} - - name: install-cni - image: {{ContainerImage "calico-cni"}} - command: ["/install-cni.sh"] - env: - {{- /* Name of the CNI config file to create. */}} - - name: CNI_CONF_NAME - value: "10-calico.conflist" - {{- /* The CNI network config to install on each node. */}} - - name: CNI_NETWORK_CONFIG - valueFrom: - configMapKeyRef: - name: calico-config - key: cni_network_config - {{- /* Set the hostname based on the k8s node name. */}} - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - {{- /* Prevents the container from sleeping forever. */}} - - name: SLEEP - value: "false" - volumeMounts: - - mountPath: /host/opt/cni/bin - name: cni-bin-dir - - mountPath: /host/etc/cni/net.d - name: cni-net-dir -{{- end}} - {{- /* Adds a Flex Volume Driver that creates a per-pod Unix Domain Socket to allow Dikastes - to communicate with Felix over the Policy Sync API. */}} - - name: flexvol-driver - image: {{ContainerImage "calico-pod2daemon"}} - volumeMounts: - - name: flexvol-driver-host - mountPath: /host/driver - containers: - {{- /* Runs calico-node container on each Kubernetes node. This - container programs network policy and routes on each - host. */}} - - name: calico-node - image: {{ContainerImage "calico-node"}} - env: - {{- /* Use Kubernetes API as the backing datastore. */}} - - name: DATASTORE_TYPE - value: "kubernetes" - {{- /* Configure route aggregation based on pod CIDR. */}} - - name: USE_POD_CIDR - value: "true" - {{- /* Typha support: controlled by the ConfigMap. */}} - - name: FELIX_TYPHAK8SSERVICENAME - valueFrom: - configMapKeyRef: - name: calico-config - key: typha_service_name - {{- /* Wait for the datastore. */}} - - name: WAIT_FOR_DATASTORE - value: "true" - {{- /* Set based on the k8s node name. */}} - - name: NODENAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - {{- /* Don't enable BGP. */}} - - name: CALICO_NETWORKING_BACKEND - value: "none" - {{- /* Cluster type to identify the deployment type */}} - - name: CLUSTER_TYPE - value: "k8s" - {{- /* The default IPv4 pool to create on startup if none exists. Pod IPs will be - chosen from this range. Changing this value after installation will have - no effect. This should fall within ` + "`" + `--cluster-cidr` + "`" + `. */}} - - name: CALICO_IPV4POOL_CIDR - value: "{{GetClusterSubnet}}" - {{- /* Disable file logging so ` + "`" + `kubectl logs` + "`" + ` works. */}} - - name: CALICO_DISABLE_FILE_LOGGING - value: "true" - {{- /* Set Felix endpoint to host default action to ACCEPT. */}} - - name: FELIX_DEFAULTENDPOINTTOHOSTACTION - value: "ACCEPT" - {{- /* Disable IPv6 on Kubernetes. */}} - - name: FELIX_IPV6SUPPORT - value: "false" - {{- /* Set Felix logging to "info" */}} - - name: FELIX_LOGSEVERITYSCREEN - value: {{ContainerConfig "logSeverityScreen"}} - - name: FELIX_HEALTHENABLED - value: "true" - - name: CALICO_IPV4POOL_IPIP - value: "off" - - name: FELIX_INTERFACEPREFIX - value: "{{if IsAzureCNI}}azv{{else}}cali{{end}}" - securityContext: - privileged: true - resources: - requests: - cpu: 250m - livenessProbe: - httpGet: - path: /liveness - port: 9099 - host: localhost - periodSeconds: 10 - initialDelaySeconds: 10 - failureThreshold: 6 - readinessProbe: - exec: - command: - - /bin/calico-node - - -felix-ready - periodSeconds: 10 - volumeMounts: - - mountPath: /lib/modules - name: lib-modules - readOnly: true - - mountPath: /run/xtables.lock - name: xtables-lock - readOnly: false - - mountPath: /var/run/calico - name: var-run-calico - readOnly: false - - mountPath: /var/lib/calico - name: var-lib-calico - readOnly: false - - name: policysync - mountPath: /var/run/nodeagent - volumes: - {{- /* Used by calico-node. */}} - - name: lib-modules - hostPath: - path: /lib/modules - - name: var-run-calico - hostPath: - path: /var/run/calico - - name: var-lib-calico - hostPath: - path: /var/lib/calico - - name: xtables-lock - hostPath: - path: /run/xtables.lock - type: FileOrCreate - {{- /* Used to install CNI. */}} - - name: cni-bin-dir - hostPath: - path: /opt/cni/bin - - name: cni-net-dir - hostPath: - path: /etc/cni/net.d - {{- /* Used to create per-pod Unix Domain Sockets */}} - - name: policysync - hostPath: - type: DirectoryOrCreate - path: /var/run/nodeagent - {{- /* Used to install Flex Volume Driver */}} - - name: flexvol-driver-host - hostPath: - type: DirectoryOrCreate - path: /etc/kubernetes/volumeplugins/nodeagent~uds ---- - -apiVersion: v1 -kind: ServiceAccount -metadata: - name: calico-node - namespace: kube-system - labels: - addonmanager.kubernetes.io/mode: "EnsureExists" ---- -{{- /* Typha Horizontal Autoscaler ConfigMap */}} -kind: ConfigMap -apiVersion: v1 -metadata: - name: calico-typha-horizontal-autoscaler - namespace: kube-system - labels: - addonmanager.kubernetes.io/mode: "EnsureExists" -data: - ladder: |- - { - "coresToReplicas": [], - "nodesToReplicas": - [ - [1, 1], - [10, 2], - [100, 3], - [250, 4], - [500, 5], - [1000, 6], - [1500, 7], - [2000, 8] - ] - } - ---- -{{- /* Typha Horizontal Autoscaler Deployment */}} -apiVersion: extensions/v1beta1 -kind: Deployment -metadata: - name: calico-typha-horizontal-autoscaler - namespace: kube-system - labels: - k8s-app: calico-typha-autoscaler - addonmanager.kubernetes.io/mode: "EnsureExists" -spec: - replicas: 1 - template: - metadata: - labels: - k8s-app: calico-typha-autoscaler - annotations: - scheduler.alpha.kubernetes.io/critical-pod: '' - spec: - priorityClassName: system-cluster-critical - securityContext: - supplementalGroups: [65534] - fsGroup: 65534 - containers: - - image: {{ContainerImage "calico-cluster-proportional-autoscaler"}} - name: autoscaler - command: - - /cluster-proportional-autoscaler - - --namespace=kube-system - - --configmap=calico-typha-horizontal-autoscaler - - --target=deployment/calico-typha - - --logtostderr=true - - --v=2 - resources: - requests: - cpu: 10m - limits: - cpu: 10m - serviceAccountName: typha-cpha ---- -{{- /* Typha Horizontal Autoscaler Cluster Role */}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: typha-cpha - labels: - addonmanager.kubernetes.io/mode: "EnsureExists" -rules: -- apiGroups: [""] - resources: ["nodes"] - verbs: ["list"] - ---- -{{- /* Typha Horizontal Autoscaler Cluster Role Binding */}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: typha-cpha - labels: - addonmanager.kubernetes.io/mode: "EnsureExists" -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: typha-cpha -subjects: -- kind: ServiceAccount - name: typha-cpha - namespace: kube-system ---- -{{- /* Typha Horizontal Autoscaler Role */}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: typha-cpha - namespace: kube-system - labels: - addonmanager.kubernetes.io/mode: "EnsureExists" -rules: -- apiGroups: [""] - resources: ["configmaps"] - verbs: ["get"] -- apiGroups: ["extensions"] - resources: ["deployments/scale"] - verbs: ["get", "update"] - ---- -{{- /* Typha Horizontal Autoscaler Role Binding */}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: typha-cpha - namespace: kube-system - labels: - addonmanager.kubernetes.io/mode: "EnsureExists" -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: typha-cpha -subjects: -- kind: ServiceAccount - name: typha-cpha - namespace: kube-system ---- -{{- /* Typha Horizontal Autoscaler Service Account */}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: typha-cpha - namespace: kube-system - labels: - addonmanager.kubernetes.io/mode: "EnsureExists" -`) - -func k8sAddons115CalicoYamlBytes() ([]byte, error) { - return _k8sAddons115CalicoYaml, nil -} - -func k8sAddons115CalicoYaml() (*asset, error) { - bytes, err := k8sAddons115CalicoYamlBytes() - if err != nil { - return nil, err - } - - info := bindataFileInfo{name: "k8s/addons/1.15/calico.yaml", size: 0, mode: os.FileMode(0), modTime: time.Unix(0, 0)} - a := &asset{bytes: bytes, info: info} - return a, nil -} - var _k8sAddonsAadDefaultAdminGroupRbacYaml = []byte(`kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: @@ -7324,7 +6530,7 @@ roleRef: name: aad-pod-id-nmi-role apiGroup: rbac.authorization.k8s.io --- -apiVersion: {{if IsKubernetesVersionGe "1.16.0"}}apps/v1{{else}}extensions/v1beta1{{end}} +apiVersion: apps/v1 kind: DaemonSet metadata: labels: @@ -7338,12 +6544,10 @@ metadata: spec: updateStrategy: type: RollingUpdate -{{- if IsKubernetesVersionGe "1.16.0"}} selector: matchLabels: component: nmi tier: node -{{- end}} template: metadata: labels: @@ -7467,7 +6671,7 @@ roleRef: name: aad-pod-id-mic-role apiGroup: rbac.authorization.k8s.io --- -apiVersion: {{if IsKubernetesVersionGe "1.16.0"}}apps/v1{{else}}extensions/v1beta1{{end}} +apiVersion: apps/v1 kind: Deployment metadata: labels: @@ -7479,11 +6683,9 @@ metadata: namespace: kube-system spec: replicas: 2 -{{- if IsKubernetesVersionGe "1.16.0"}} selector: matchLabels: component: mic -{{- end}} template: metadata: labels: @@ -7606,7 +6808,7 @@ data: cert.pem: key.pem: --- -apiVersion: {{if IsKubernetesVersionGe "1.16.0"}}apps/v1{{else}}extensions/v1beta1{{end}} +apiVersion: apps/v1 kind: Deployment metadata: name: aci-connector @@ -7618,11 +6820,9 @@ metadata: addonmanager.kubernetes.io/mode: Reconcile spec: replicas: 1 -{{- if IsKubernetesVersionGe "1.16.0"}} selector: matchLabels: app: aci-connector -{{- end}} template: metadata: labels: @@ -8543,7 +7743,7 @@ func k8sAddonsArcOnboardingYaml() (*asset, error) { return a, nil } -var _k8sAddonsAuditPolicyYaml = []byte(`apiVersion: audit.k8s.io/v1{{ if not (IsKubernetesVersionGe "1.16.0")}}beta1{{end}} +var _k8sAddonsAuditPolicyYaml = []byte(`apiVersion: audit.k8s.io/v1 kind: Policy omitStages: - RequestReceived @@ -8601,7 +7801,7 @@ func k8sAddonsAuditPolicyYaml() (*asset, error) { } var _k8sAddonsAzureCloudProviderYaml = []byte(`--- -apiVersion: rbac.authorization.k8s.io/v1{{- if not (IsKubernetesVersionGe "1.16.0")}}beta1{{end}} +apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: labels: @@ -8615,7 +7815,7 @@ rules: - patch - update --- -apiVersion: rbac.authorization.k8s.io/v1{{- if not (IsKubernetesVersionGe "1.16.0")}}beta1{{end}} +apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: labels: @@ -8630,7 +7830,7 @@ subjects: name: azure-cloud-provider namespace: kube-system --- -apiVersion: rbac.authorization.k8s.io/v1{{- if not (IsKubernetesVersionGe "1.16.0")}}beta1{{end}} +apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: system:azure-persistent-volume-binder @@ -8641,7 +7841,7 @@ rules: resources: ['secrets'] verbs: ['get','create'] --- -apiVersion: rbac.authorization.k8s.io/v1{{- if not (IsKubernetesVersionGe "1.16.0")}}beta1{{end}} +apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: system:azure-persistent-volume-binder @@ -8656,7 +7856,7 @@ subjects: name: persistent-volume-binder namespace: kube-system --- -apiVersion: rbac.authorization.k8s.io/v1{{- if not (IsKubernetesVersionGe "1.16.0")}}beta1{{end}} +apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: labels: @@ -8668,7 +7868,7 @@ rules: verbs: - get --- -apiVersion: rbac.authorization.k8s.io/v1{{- if not (IsKubernetesVersionGe "1.16.0")}}beta1{{end}} +apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: labels: @@ -8894,11 +8094,7 @@ func k8sAddonsAzureCloudProviderYaml() (*asset, error) { return a, nil } -var _k8sAddonsAzureCniNetworkmonitorYaml = []byte(`{{- if IsKubernetesVersionGe "1.16.0"}} -apiVersion: apps/v1 -{{else}} -apiVersion: extensions/v1beta1 -{{- end}} +var _k8sAddonsAzureCniNetworkmonitorYaml = []byte(`apiVersion: apps/v1 kind: DaemonSet metadata: name: azure-cni-networkmonitor @@ -8916,10 +8112,6 @@ spec: metadata: labels: k8s-app: azure-cnms -{{- if not (IsKubernetesVersionGe "1.16.0")}} - annotations: - scheduler.alpha.kubernetes.io/critical-pod: '' -{{- end}} {{- if IsKubernetesVersionGe "1.17.0"}} annotations: cluster-autoscaler.kubernetes.io/daemonset-pod: "true" @@ -9047,7 +8239,7 @@ roleRef: name: azure-npm apiGroup: rbac.authorization.k8s.io --- -apiVersion: {{if IsKubernetesVersionGe "1.16.0"}}apps/v1{{else}}extensions/v1beta1{{end}} +apiVersion: apps/v1 kind: DaemonSet metadata: name: azure-npm @@ -9065,12 +8257,10 @@ spec: metadata: labels: k8s-app: azure-npm -{{- if IsKubernetesVersionGe "1.16.0"}} annotations: scheduler.alpha.kubernetes.io/critical-pod: '' - {{- if IsKubernetesVersionGe "1.17.0"}} +{{- if IsKubernetesVersionGe "1.17.0"}} cluster-autoscaler.kubernetes.io/daemonset-pod: "true" - {{- end}} {{- end}} spec: priorityClassName: system-node-critical @@ -10552,7 +9742,6 @@ spec: cpu: {{ContainerCPUReqs "csi-snapshotter"}} memory: {{ContainerMemReqs "csi-snapshotter"}} {{end}} - {{if IsKubernetesVersionGe "1.16.0"}} - name: csi-resizer image: {{ContainerImage "csi-resizer"}} args: @@ -10572,7 +9761,6 @@ spec: requests: cpu: {{ContainerCPUReqs "csi-resizer"}} memory: {{ContainerMemReqs "csi-resizer"}} - {{end}} - name: liveness-probe image: {{ContainerImage "livenessprobe"}} args: @@ -11942,7 +11130,6 @@ spec: cpu: {{ContainerCPUReqs "csi-snapshotter"}} memory: {{ContainerMemReqs "csi-snapshotter"}} {{end}} - {{if IsKubernetesVersionGe "1.16.0"}} - name: csi-resizer image: {{ContainerImage "csi-resizer"}} args: @@ -11962,7 +11149,6 @@ spec: requests: cpu: {{ContainerCPUReqs "csi-resizer"}} memory: {{ContainerMemReqs "csi-resizer"}} - {{end}} - name: liveness-probe image: {{ContainerImage "livenessprobe"}} args: @@ -12059,7 +11245,7 @@ func k8sAddonsAzurefileCsiDriverDeploymentYaml() (*asset, error) { return a, nil } -var _k8sAddonsBlobfuseFlexvolumeYaml = []byte(`apiVersion: {{if IsKubernetesVersionGe "1.16.0"}}apps/v1{{else}}extensions/v1beta1{{end}} +var _k8sAddonsBlobfuseFlexvolumeYaml = []byte(`apiVersion: apps/v1 kind: DaemonSet metadata: name: blobfuse-flexvol-installer @@ -14106,11 +13292,7 @@ metadata: kubernetes.io/cluster-service: "true" addonmanager.kubernetes.io/mode: {{GetMode}} --- -{{- if IsKubernetesVersionGe "1.16.0"}} apiVersion: apps/v1 -{{else}} -apiVersion: extensions/v1beta1 -{{- end}} kind: Deployment metadata: labels: @@ -14137,7 +13319,7 @@ spec: value: "true" key: node-role.kubernetes.io/master nodeSelector: - kubernetes.{{if IsKubernetesVersionGe "1.16.0"}}azure.com{{else}}io{{end}}/role: master + kubernetes.azure.com/role: master kubernetes.io/os: linux containers: - image: {{ContainerImage "cluster-autoscaler"}} @@ -15135,7 +14317,7 @@ spec: nodeSelector: kubernetes.io/os: linux {{- if ContainerConfig "use-host-network"}} - kubernetes.{{if IsKubernetesVersionGe "1.16.0"}}azure.com{{else}}io{{end}}/role: agent + kubernetes.azure.com/role: agent {{end}} containers: - name: coredns @@ -15380,7 +14562,7 @@ data: } } --- -apiVersion: {{if IsKubernetesVersionGe "1.16.0"}}apps/v1{{else}}extensions/v1beta1{{end}} +apiVersion: apps/v1 kind: DaemonSet metadata: name: kube-flannel-ds @@ -15390,21 +14572,15 @@ metadata: app: flannel addonmanager.kubernetes.io/mode: Reconcile spec: -{{- if IsKubernetesVersionGe "1.16.0"}} selector: matchLabels: tier: node app: flannel -{{- end}} template: metadata: labels: tier: node app: flannel -{{- if not (IsKubernetesVersionGe "1.16.0")}} - annotations: - scheduler.alpha.kubernetes.io/critical-pod: '' -{{- end}} {{- if IsKubernetesVersionGe "1.17.0"}} annotations: cluster-autoscaler.kubernetes.io/daemonset-pod: "true" @@ -15525,7 +14701,7 @@ func k8sAddonsFlannelYaml() (*asset, error) { return a, nil } -var _k8sAddonsIpMasqAgentYaml = []byte(`apiVersion: {{if IsKubernetesVersionGe "1.16.0"}}apps/v1{{else}}extensions/v1beta1{{end}} +var _k8sAddonsIpMasqAgentYaml = []byte(`apiVersion: apps/v1 kind: DaemonSet metadata: name: azure-ip-masq-agent @@ -15536,12 +14712,10 @@ metadata: addonmanager.kubernetes.io/mode: Reconcile tier: node spec: -{{- if IsKubernetesVersionGe "1.16.0"}} selector: matchLabels: k8s-app: azure-ip-masq-agent tier: node -{{- end}} template: metadata: labels: @@ -15571,10 +14745,8 @@ spec: - name: azure-ip-masq-agent image: {{ContainerImage "ip-masq-agent"}} imagePullPolicy: IfNotPresent -{{- if IsKubernetesVersionGe "1.16.0"}} args: - --enable-ipv6={{ContainerConfig "enable-ipv6"}} -{{- end}} securityContext: privileged: true volumeMounts: @@ -15605,11 +14777,9 @@ data: ip-masq-agent: |- nonMasqueradeCIDRs: - {{ContainerConfig "non-masquerade-cidr"}} -{{- if IsKubernetesVersionGe "1.16.0"}} - {{- if ContainerConfig "secondary-non-masquerade-cidr"}} +{{- if ContainerConfig "secondary-non-masquerade-cidr"}} - {{ContainerConfig "secondary-non-masquerade-cidr"}} - {{end -}} -{{- end}} +{{end -}} {{- if ContainerConfig "non-masq-cni-cidr"}} - {{ContainerConfig "non-masq-cni-cidr"}} masqLinkLocal: true @@ -15634,7 +14804,7 @@ func k8sAddonsIpMasqAgentYaml() (*asset, error) { return a, nil } -var _k8sAddonsKeyvaultFlexvolumeYaml = []byte(`apiVersion: {{if IsKubernetesVersionGe "1.16.0"}}apps/v1{{else}}extensions/v1beta1{{end}} +var _k8sAddonsKeyvaultFlexvolumeYaml = []byte(`apiVersion: apps/v1 kind: DaemonSet metadata: labels: @@ -15646,11 +14816,9 @@ metadata: spec: updateStrategy: type: RollingUpdate -{{- if IsKubernetesVersionGe "1.16.0"}} selector: matchLabels: app: keyvault-flexvolume -{{- end}} template: metadata: labels: @@ -15768,7 +14936,7 @@ metadata: labels: addonmanager.kubernetes.io/mode: EnsureExists --- -apiVersion: {{if IsKubernetesVersionGe "1.16.0"}}apps/v1{{else}}extensions/v1beta1{{end}} +apiVersion: apps/v1 kind: Deployment metadata: name: kube-dns @@ -15793,11 +14961,6 @@ spec: metadata: labels: k8s-app: kube-dns -{{- if not (IsKubernetesVersionGe "1.16.0")}} - annotations: - scheduler.alpha.kubernetes.io/critical-pod: '' - seccomp.security.alpha.kubernetes.io/pod: 'docker/default' -{{- end}} spec: priorityClassName: system-node-critical tolerations: @@ -15944,8 +15107,7 @@ func k8sAddonsKubeDnsYaml() (*asset, error) { return a, nil } -var _k8sAddonsKubeProxyYaml = []byte(`{{if IsKubernetesVersionGe "1.16.0" -}} -apiVersion: v1 +var _k8sAddonsKubeProxyYaml = []byte(`apiVersion: v1 kind: ConfigMap data: config.yaml: | @@ -15978,8 +15140,7 @@ metadata: tier: node k8s-app: kube-proxy --- -{{- end}} -apiVersion: {{if IsKubernetesVersionGe "1.16.0"}}apps/v1{{else}}extensions/v1beta1{{end}} +apiVersion: apps/v1 kind: DaemonSet metadata: labels: @@ -15994,10 +15155,8 @@ spec: selector: matchLabels: k8s-app: kube-proxy -{{- if IsKubernetesVersionGe "1.16.0"}} component: kube-proxy tier: node -{{- end}} updateStrategy: type: RollingUpdate rollingUpdate: @@ -16028,18 +15187,8 @@ spec: operator: Exists containers: - command: -{{- if not (IsKubernetesVersionGe "1.16.0")}} - - /hyperkube -{{- end}} - kube-proxy -{{- if not (IsKubernetesVersionGe "1.16.0")}} - - --kubeconfig=/var/lib/kubelet/kubeconfig - - --cluster-cidr={{ContainerConfig "cluster-cidr"}} - - --feature-gates=ExperimentalCriticalPodAnnotation=true - - --proxy-mode={{ContainerConfig "proxy-mode"}} -{{else}} - --config=/var/lib/kube-proxy/config.yaml -{{- end}} image: {{ContainerImage "kube-proxy"}} imagePullPolicy: IfNotPresent name: kube-proxy @@ -16063,12 +15212,10 @@ spec: - mountPath: /lib/modules/ name: kernelmodules readOnly: true -{{- if IsKubernetesVersionGe "1.16.0"}} - mountPath: /var/lib/kube-proxy/config.yaml subPath: config.yaml name: kube-proxy-config-volume readOnly: true -{{- end}} hostNetwork: true volumes: - hostPath: @@ -16086,11 +15233,9 @@ spec: - hostPath: path: /lib/modules/ name: kernelmodules -{{- if IsKubernetesVersionGe "1.16.0"}} - configMap: name: kube-proxy-config name: kube-proxy-config-volume -{{- end}} nodeSelector: kubernetes.io/os: linux `) @@ -16110,7 +15255,7 @@ func k8sAddonsKubeProxyYaml() (*asset, error) { return a, nil } -var _k8sAddonsKubeReschedulerYaml = []byte(`apiVersion: {{if IsKubernetesVersionGe "1.16.0"}}apps/v1{{else}}extensions/v1beta1{{end}} +var _k8sAddonsKubeReschedulerYaml = []byte(`apiVersion: apps/v1 kind: Deployment metadata: name: rescheduler @@ -16128,14 +15273,8 @@ spec: metadata: labels: k8s-app: rescheduler -{{- if not (IsKubernetesVersionGe "1.16.0")}} - annotations: - scheduler.alpha.kubernetes.io/critical-pod: '' -{{- end}} spec: -{{- if IsKubernetesVersionGe "1.16.0"}} priorityClassName: system-node-critical -{{- end}} nodeSelector: kubernetes.io/os: linux containers: @@ -16502,9 +15641,7 @@ rules: resources: - pods - nodes -{{- if IsKubernetesVersionGe "1.16.0"}} - nodes/stats -{{- end}} - namespaces verbs: - get @@ -16585,11 +15722,7 @@ spec: protocol: TCP targetPort: 443 --- -{{- if IsKubernetesVersionGe "1.16.0"}} apiVersion: apps/v1 -{{else}} -apiVersion: extensions/v1beta1 -{{- end}} kind: Deployment metadata: name: metrics-server @@ -16616,11 +15749,7 @@ spec: imagePullPolicy: IfNotPresent command: - /metrics-server -{{- if IsKubernetesVersionGe "1.16.0"}} - --kubelet-insecure-tls -{{else}} - - --source=kubernetes.summary_api:'' -{{- end}} nodeSelector: kubernetes.io/os: linux --- @@ -16808,10 +15937,6 @@ spec: type: RollingUpdate template: metadata: -{{- if not (IsKubernetesVersionGe "1.16.0")}} - annotations: - scheduler.alpha.kubernetes.io/critical-pod: "" -{{- end}} {{- if IsKubernetesVersionGe "1.17.0"}} annotations: cluster-autoscaler.kubernetes.io/daemonset-pod: "true" @@ -16877,7 +16002,7 @@ func k8sAddonsNvidiaDevicePluginYaml() (*asset, error) { return a, nil } -var _k8sAddonsPodSecurityPolicyYaml = []byte(`apiVersion: {{if IsKubernetesVersionGe "1.16.0"}}policy{{else}}extensions{{end}}/v1beta1 +var _k8sAddonsPodSecurityPolicyYaml = []byte(`apiVersion: policy/v1beta1 kind: PodSecurityPolicy metadata: name: privileged @@ -16907,7 +16032,7 @@ spec: fsGroup: rule: RunAsAny --- -apiVersion: {{if IsKubernetesVersionGe "1.16.0"}}policy{{else}}extensions{{end}}/v1beta1 +apiVersion: policy/v1beta1 kind: PodSecurityPolicy metadata: name: restricted @@ -17903,7 +17028,7 @@ func k8sAddonsSecretsStoreCsiDriverYaml() (*asset, error) { return a, nil } -var _k8sAddonsSmbFlexvolumeYaml = []byte(`apiVersion: {{if IsKubernetesVersionGe "1.16.0"}}apps/v1{{else}}extensions/v1beta1{{end}} +var _k8sAddonsSmbFlexvolumeYaml = []byte(`apiVersion: apps/v1 kind: DaemonSet metadata: name: smb-flexvol-installer @@ -18022,7 +17147,7 @@ spec: name: tiller type: ClusterIP --- -apiVersion: {{if IsKubernetesVersionGe "1.16.0"}}apps/v1{{else}}extensions/v1beta1{{end}} +apiVersion: apps/v1 kind: Deployment metadata: labels: @@ -18033,12 +17158,10 @@ metadata: name: tiller-deploy namespace: kube-system spec: -{{- if IsKubernetesVersionGe "1.16.0"}} selector: matchLabels: app: helm name: tiller -{{- end}} template: metadata: labels: @@ -21914,11 +21037,7 @@ MASTER_CONTAINER_ADDONS_PLACEHOLDER owner: root content: | KUBELET_CONFIG={{GetKubeletConfigKeyVals .MasterProfile.KubernetesConfig}} -{{- if IsKubernetesVersionGe "1.16.0"}} KUBELET_NODE_LABELS={{GetMasterKubernetesLabels "',variables('labelResourceGroup'),'"}} -{{else}} - KUBELET_NODE_LABELS={{GetMasterKubernetesLabelsDeprecated "',variables('labelResourceGroup'),'"}} -{{end}} {{- if IsCustomCloudProfile }} AZURE_ENVIRONMENT_FILEPATH=/etc/kubernetes/azurestackcloud.json {{end}} @@ -22473,11 +21592,7 @@ write_files: owner: root content: | KUBELET_CONFIG={{GetKubeletConfigKeyVals .KubernetesConfig }} -{{- if IsKubernetesVersionGe "1.16.0"}} KUBELET_NODE_LABELS={{GetAgentKubernetesLabels . "',variables('labelResourceGroup'),'"}} -{{else}} - KUBELET_NODE_LABELS={{GetAgentKubernetesLabelsDeprecated . "',variables('labelResourceGroup'),'"}} -{{end}} {{- if IsCustomCloudProfile }} AZURE_ENVIRONMENT_FILEPATH=/etc/kubernetes/azurestackcloud.json {{end}} @@ -23667,11 +22782,7 @@ $global:PrimaryScaleSetName = "{{WrapAsVariable "primaryScaleSetName"}}" $global:KubeClusterCIDR = "{{WrapAsParameter "kubeClusterCidr"}}" $global:KubeServiceCIDR = "{{WrapAsParameter "kubeServiceCidr"}}" $global:VNetCIDR = "{{WrapAsParameter "vnetCidr"}}" -{{if IsKubernetesVersionGe "1.16.0"}} $global:KubeletNodeLabels = "{{GetAgentKubernetesLabels . "',variables('labelResourceGroup'),'"}}" -{{else}} -$global:KubeletNodeLabels = "{{GetAgentKubernetesLabelsDeprecated . "',variables('labelResourceGroup'),'"}}" -{{end}} $global:KubeletConfigArgs = @( {{GetKubeletConfigKeyValsPsh .KubernetesConfig }} ) $global:UseManagedIdentityExtension = "{{WrapAsVariable "useManagedIdentityExtension"}}" @@ -29294,7 +28405,6 @@ var _bindata = map[string]func() (*asset, error){ "dcos/dcosprovision.sh": dcosDcosprovisionSh, "dcos/dcosprovisionsource.sh": dcosDcosprovisionsourceSh, "iaasoutputs.t": iaasoutputsT, - "k8s/addons/1.15/calico.yaml": k8sAddons115CalicoYaml, "k8s/addons/aad-default-admin-group-rbac.yaml": k8sAddonsAadDefaultAdminGroupRbacYaml, "k8s/addons/aad-pod-identity.yaml": k8sAddonsAadPodIdentityYaml, "k8s/addons/aci-connector.yaml": k8sAddonsAciConnectorYaml, @@ -29488,9 +28598,6 @@ var _bintree = &bintree{nil, map[string]*bintree{ "iaasoutputs.t": {iaasoutputsT, map[string]*bintree{}}, "k8s": {nil, map[string]*bintree{ "addons": {nil, map[string]*bintree{ - "1.15": {nil, map[string]*bintree{ - "calico.yaml": {k8sAddons115CalicoYaml, map[string]*bintree{}}, - }}, "aad-default-admin-group-rbac.yaml": {k8sAddonsAadDefaultAdminGroupRbacYaml, map[string]*bintree{}}, "aad-pod-identity.yaml": {k8sAddonsAadPodIdentityYaml, map[string]*bintree{}}, "aci-connector.yaml": {k8sAddonsAciConnectorYaml, map[string]*bintree{}}, diff --git a/pkg/engine/testdata/addons/kubernetes-custom-psp.json b/pkg/engine/testdata/addons/kubernetes-custom-psp.json index 648338823b..cd01b48514 100644 --- a/pkg/engine/testdata/addons/kubernetes-custom-psp.json +++ b/pkg/engine/testdata/addons/kubernetes-custom-psp.json @@ -5,7 +5,7 @@ "provisioningState": "", "orchestratorProfile": { "orchestratorType": "Kubernetes", - "orchestratorRelease": "1.15", + "orchestratorRelease": "1.16", "kubernetesConfig": { "enablePodSecurityPolicy": true, "enableRbac": true, diff --git a/pkg/engine/testdata/addons/kubernetes-kube-proxy.json b/pkg/engine/testdata/addons/kubernetes-kube-proxy.json index 883087ded0..3b4c296acc 100644 --- a/pkg/engine/testdata/addons/kubernetes-kube-proxy.json +++ b/pkg/engine/testdata/addons/kubernetes-kube-proxy.json @@ -5,7 +5,7 @@ "provisioningState": "", "orchestratorProfile": { "orchestratorType": "Kubernetes", - "orchestratorRelease": "1.15", + "orchestratorRelease": "1.16", "kubernetesConfig": { "addons": [ { diff --git a/pkg/engine/testdata/addons/kubernetes.json b/pkg/engine/testdata/addons/kubernetes.json index 602656d656..504c4faa28 100644 --- a/pkg/engine/testdata/addons/kubernetes.json +++ b/pkg/engine/testdata/addons/kubernetes.json @@ -5,7 +5,7 @@ "provisioningState": "", "orchestratorProfile": { "orchestratorType": "Kubernetes", - "orchestratorRelease": "1.15", + "orchestratorRelease": "1.16", "kubernetesConfig": { "addons": [ { diff --git a/pkg/engine/testdata/agentPoolOnly/v20170831/agents.json b/pkg/engine/testdata/agentPoolOnly/v20170831/agents.json index 978530c704..838d1bce85 100644 --- a/pkg/engine/testdata/agentPoolOnly/v20170831/agents.json +++ b/pkg/engine/testdata/agentPoolOnly/v20170831/agents.json @@ -3,7 +3,7 @@ "properties": { "dnsPrefix": "agents006", "fqdn": "agents006.azmk8s.io", - "kubernetesVersion": "1.15.11", + "kubernetesVersion": "1.16.14", "agentPoolProfiles": [ { "name": "agentpool1", diff --git a/pkg/engine/testdata/agentPoolOnly/v20180331/agents.json b/pkg/engine/testdata/agentPoolOnly/v20180331/agents.json index de51e315ee..e21c28d2d9 100644 --- a/pkg/engine/testdata/agentPoolOnly/v20180331/agents.json +++ b/pkg/engine/testdata/agentPoolOnly/v20180331/agents.json @@ -3,7 +3,7 @@ "properties": { "dnsPrefix": "agents006", "fqdn": "agents006.azmk8s.io", - "kubernetesVersion": "1.15.11", + "kubernetesVersion": "1.16.14", "agentPoolProfiles": [ { "name": "agentpool1", diff --git a/pkg/engine/testdata/agentPoolOnly/v20180331/agentsWithFullNetworkProfile.json b/pkg/engine/testdata/agentPoolOnly/v20180331/agentsWithFullNetworkProfile.json index 3eeae40a4d..ee993e7f5a 100644 --- a/pkg/engine/testdata/agentPoolOnly/v20180331/agentsWithFullNetworkProfile.json +++ b/pkg/engine/testdata/agentPoolOnly/v20180331/agentsWithFullNetworkProfile.json @@ -3,7 +3,7 @@ "properties": { "dnsPrefix": "agents006", "fqdn": "agents006.azmk8s.io", - "kubernetesVersion": "1.15.11", + "kubernetesVersion": "1.16.14", "agentPoolProfiles": [ { "name": "agentpool1", diff --git a/pkg/engine/testdata/agentPoolOnly/v20180331/agentsWithFullNetworkProfileV2.json b/pkg/engine/testdata/agentPoolOnly/v20180331/agentsWithFullNetworkProfileV2.json index 2a70de2c5a..7714210a1d 100644 --- a/pkg/engine/testdata/agentPoolOnly/v20180331/agentsWithFullNetworkProfileV2.json +++ b/pkg/engine/testdata/agentPoolOnly/v20180331/agentsWithFullNetworkProfileV2.json @@ -3,7 +3,7 @@ "properties": { "dnsPrefix": "agents006", "fqdn": "agents006.azmk8s.io", - "kubernetesVersion": "1.15.11", + "kubernetesVersion": "1.16.14", "agentPoolProfiles": [ { "name": "agentpool1", diff --git a/pkg/engine/testdata/agentPoolOnly/v20180331/agentsWithOnlyNetworkPlugin.json b/pkg/engine/testdata/agentPoolOnly/v20180331/agentsWithOnlyNetworkPlugin.json index 9d584376b4..3a213d7836 100644 --- a/pkg/engine/testdata/agentPoolOnly/v20180331/agentsWithOnlyNetworkPlugin.json +++ b/pkg/engine/testdata/agentPoolOnly/v20180331/agentsWithOnlyNetworkPlugin.json @@ -3,7 +3,7 @@ "properties": { "dnsPrefix": "agents006", "fqdn": "agents006.azmk8s.io", - "kubernetesVersion": "1.15.11", + "kubernetesVersion": "1.16.14", "agentPoolProfiles": [ { "name": "agentpool1", diff --git a/pkg/engine/testdata/azurestack/kubernetes.json b/pkg/engine/testdata/azurestack/kubernetes.json index d4df356e37..9d0e9acd4d 100644 --- a/pkg/engine/testdata/azurestack/kubernetes.json +++ b/pkg/engine/testdata/azurestack/kubernetes.json @@ -4,7 +4,7 @@ "properties": { "orchestratorProfile": { "orchestratorType": "Kubernetes", - "orchestratorRelease": "1.15", + "orchestratorRelease": "1.16", "kubernetesConfig": { "kubernetesImageBase": "k8s.gcr.io/", "useInstanceMetadata": false, diff --git a/pkg/engine/testdata/disks-managed/kubernetes-vmss.json b/pkg/engine/testdata/disks-managed/kubernetes-vmss.json index 51a1d0b616..be8c55825a 100644 --- a/pkg/engine/testdata/disks-managed/kubernetes-vmss.json +++ b/pkg/engine/testdata/disks-managed/kubernetes-vmss.json @@ -5,7 +5,7 @@ "provisioningState": "", "orchestratorProfile": { "orchestratorType": "Kubernetes", - "orchestratorRelease": "1.15" + "orchestratorRelease": "1.16" }, "masterProfile": { "count": 1, diff --git a/pkg/engine/testdata/key-vault-certs/kubernetes.json b/pkg/engine/testdata/key-vault-certs/kubernetes.json index 130711d006..f2bb20858c 100644 --- a/pkg/engine/testdata/key-vault-certs/kubernetes.json +++ b/pkg/engine/testdata/key-vault-certs/kubernetes.json @@ -3,8 +3,8 @@ "properties": { "orchestratorProfile": { "orchestratorType": "Kubernetes", - "orchestratorRelease": "1.15", - "orchestratorVersion": "1.15.11", + "orchestratorRelease": "1.16", + "orchestratorVersion": "1.16.14", "kubernetesConfig": { "kubernetesImageBase": "k8s.gcr.io/", "clusterSubnet": "10.240.0.0/12", diff --git a/pkg/engine/testdata/kubernetesversions/1.13.json b/pkg/engine/testdata/kubernetesversions/1.13.json index 1af94c3c72..797bc13935 100644 --- a/pkg/engine/testdata/kubernetesversions/1.13.json +++ b/pkg/engine/testdata/kubernetesversions/1.13.json @@ -3,7 +3,7 @@ "properties": { "orchestratorProfile": { "orchestratorType": "Kubernetes", - "orchestratorRelease": "1.15" + "orchestratorRelease": "1.16" }, "masterProfile": { "count": 1, diff --git a/pkg/engine/testdata/largeclusters/kubernetes-vmss.json b/pkg/engine/testdata/largeclusters/kubernetes-vmss.json index f942e94ef0..7711b1a9e8 100644 --- a/pkg/engine/testdata/largeclusters/kubernetes-vmss.json +++ b/pkg/engine/testdata/largeclusters/kubernetes-vmss.json @@ -3,7 +3,7 @@ "properties": { "orchestratorProfile": { "orchestratorType": "Kubernetes", - "orchestratorRelease": "1.15" + "orchestratorRelease": "1.16" }, "masterProfile": { "count": 1, diff --git a/pkg/engine/testdata/mastersonly/mastersonly.json b/pkg/engine/testdata/mastersonly/mastersonly.json index 6e67405f69..87626a4241 100644 --- a/pkg/engine/testdata/mastersonly/mastersonly.json +++ b/pkg/engine/testdata/mastersonly/mastersonly.json @@ -3,7 +3,7 @@ "properties": { "orchestratorProfile": { "orchestratorType": "Kubernetes", - "orchestratorRelease": "1.15" + "orchestratorRelease": "1.16" }, "masterProfile": { "count": 3, diff --git a/pkg/engine/testdata/windows/kubernetes-kubernetesconfig.json b/pkg/engine/testdata/windows/kubernetes-kubernetesconfig.json index 739087e204..7e2a179b16 100644 --- a/pkg/engine/testdata/windows/kubernetes-kubernetesconfig.json +++ b/pkg/engine/testdata/windows/kubernetes-kubernetesconfig.json @@ -3,7 +3,7 @@ "properties": { "orchestratorProfile": { "orchestratorType": "Kubernetes", - "orchestratorRelease": "1.15", + "orchestratorRelease": "1.16", "kubernetesConfig": { "useInstanceMetadata": false, "windowsNodeBinariesURL": "http://test/test.tar.gz", diff --git a/pkg/engine/testdata/windows/kubernetes-vmss.json b/pkg/engine/testdata/windows/kubernetes-vmss.json index 945901dd6c..ba6faa54fd 100644 --- a/pkg/engine/testdata/windows/kubernetes-vmss.json +++ b/pkg/engine/testdata/windows/kubernetes-vmss.json @@ -3,7 +3,7 @@ "properties": { "orchestratorProfile": { "orchestratorType": "Kubernetes", - "orchestratorRelease": "1.15", + "orchestratorRelease": "1.16", "kubernetesConfig": { "useInstanceMetadata": false } diff --git a/test/e2e/go.sum b/test/e2e/go.sum index c37e99c7d7..41eb988888 100644 --- a/test/e2e/go.sum +++ b/test/e2e/go.sum @@ -1,4 +1,5 @@ cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= +github.com/Azure/aks-engine/test/e2e v0.0.0-20200824230646-0441db37dfab/go.mod h1:EDTbokBTrpxb0TIRdqc64pVotCB2KqBtDoHh8o/+hn4= github.com/Azure/azure-sdk-for-go v43.0.0+incompatible h1:/wSNCu0e6EsHFR4Qa3vBEBbicaprEHMyyga9g8RTULI= github.com/Azure/azure-sdk-for-go v43.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= github.com/Azure/go-autorest/autorest v0.9.0/go.mod h1:xyHB1BMZT0cuDHU7I0+g046+BFDTQ8rEZB0s4Yfa6bI= diff --git a/test/e2e/test_cluster_configs/container_monitoring.json b/test/e2e/test_cluster_configs/container_monitoring.json index cd58d31fb3..f0b5fec620 100644 --- a/test/e2e/test_cluster_configs/container_monitoring.json +++ b/test/e2e/test_cluster_configs/container_monitoring.json @@ -1,14 +1,5 @@ { "env": {}, - "options": { - "allowedOrchestratorVersions": [ - "1.15", - "1.16", - "1.17", - "1.18", - "1.19" - ] - }, "apiModel": { "apiVersion": "vlabs", "properties": { diff --git a/test/e2e/test_cluster_configs/network_policy/antrea.json b/test/e2e/test_cluster_configs/network_policy/antrea.json index 2be68829e2..d382016472 100644 --- a/test/e2e/test_cluster_configs/network_policy/antrea.json +++ b/test/e2e/test_cluster_configs/network_policy/antrea.json @@ -2,7 +2,7 @@ "env": { }, "options": { - "allowedOrchestratorVersions": ["1.15", "1.16"] + "allowedOrchestratorVersions": ["1.16"] }, "apiModel": { "apiVersion": "vlabs", diff --git a/test/e2e/test_cluster_configs/network_policy/antrea_azure.json b/test/e2e/test_cluster_configs/network_policy/antrea_azure.json index 7cfdf20b78..bc17295cc9 100644 --- a/test/e2e/test_cluster_configs/network_policy/antrea_azure.json +++ b/test/e2e/test_cluster_configs/network_policy/antrea_azure.json @@ -1,7 +1,7 @@ { "env": {}, "options": { - "allowedOrchestratorVersions": ["1.15", "1.16"] + "allowedOrchestratorVersions": ["1.16"] }, "apiModel": { "apiVersion": "vlabs", diff --git a/test/e2e/test_cluster_configs/network_policy/cilium.json b/test/e2e/test_cluster_configs/network_policy/cilium.json deleted file mode 100644 index abfa89de2d..0000000000 --- a/test/e2e/test_cluster_configs/network_policy/cilium.json +++ /dev/null @@ -1,43 +0,0 @@ -{ - "env": { - "GINKGO_FOCUS": "should apply various network policies" - }, - "options": { - "allowedOrchestratorVersions": ["1.15"] - }, - "apiModel": { - "apiVersion": "vlabs", - "properties": { - "orchestratorProfile": { - "orchestratorType": "Kubernetes", - "kubernetesConfig": { - "networkPolicy": "cilium" - } - }, - "masterProfile": { - "count": 1, - "dnsPrefix": "", - "vmSize": "Standard_D2_v3" - }, - "agentPoolProfiles": [ - { - "name": "agent1", - "count": 1, - "vmSize": "Standard_D2_v3", - "availabilityProfile": "VirtualMachineScaleSets", - "scalesetPriority": "Spot" - } - ], - "linuxProfile": { - "adminUsername": "azureuser", - "ssh": { - "publicKeys": [ - { - "keyData": "" - } - ] - } - } - } - } -} diff --git a/test/e2e/test_cluster_configs/no_outbound.json b/test/e2e/test_cluster_configs/no_outbound.json index 61f5b9b358..6a7aa0956b 100644 --- a/test/e2e/test_cluster_configs/no_outbound.json +++ b/test/e2e/test_cluster_configs/no_outbound.json @@ -1,7 +1,7 @@ { "env": {}, "options": { - "allowedOrchestratorVersions": ["1.15", "1.16", "1.17", "1.18", "1.19"] + "allowedOrchestratorVersions": ["1.16", "1.17", "1.18", "1.19"] }, "apiModel": { "apiVersion": "vlabs", diff --git a/test/e2e/test_cluster_configs/windows/network_plugin/kubenet.json b/test/e2e/test_cluster_configs/windows/network_plugin/kubenet.json index 216ef64afe..4e634ba048 100644 --- a/test/e2e/test_cluster_configs/windows/network_plugin/kubenet.json +++ b/test/e2e/test_cluster_configs/windows/network_plugin/kubenet.json @@ -2,7 +2,6 @@ "env": {}, "options": { "allowedOrchestratorVersions": [ - "1.15", "1.16", "1.17", "1.18" diff --git a/vhd/packer/configure-windows-vhd.ps1 b/vhd/packer/configure-windows-vhd.ps1 index 9dc8155f4f..559a5491ff 100644 --- a/vhd/packer/configure-windows-vhd.ps1 +++ b/vhd/packer/configure-windows-vhd.ps1 @@ -99,20 +99,10 @@ function Get-FilesToCacheOnVHD { ); "c:\akse-cache\win-k8s\" = @( - "https://kubernetesartifacts.azureedge.net/kubernetes/v1.15.11-azs/windowszip/v1.15.11-azs-1int.zip", - "https://kubernetesartifacts.azureedge.net/kubernetes/v1.15.12-azs/windowszip/v1.15.12-azs-1int.zip", "https://kubernetesartifacts.azureedge.net/kubernetes/v1.16.13-azs/windowszip/v1.16.13-azs-1int.zip", "https://kubernetesartifacts.azureedge.net/kubernetes/v1.16.14-azs/windowszip/v1.16.14-azs-1int.zip", "https://kubernetesartifacts.azureedge.net/kubernetes/v1.17.9-azs/windowszip/v1.17.9-azs-1int.zip", "https://kubernetesartifacts.azureedge.net/kubernetes/v1.17.11-azs/windowszip/v1.17.11-azs-1int.zip", - "https://kubernetesartifacts.azureedge.net/kubernetes/v1.15.10/windowszip/v1.15.10-1int.zip", - "https://kubernetesartifacts.azureedge.net/kubernetes/v1.15.11/windowszip/v1.15.11-1int.zip", - "https://kubernetesartifacts.azureedge.net/kubernetes/v1.15.11-hotfix.20200714/windowszip/v1.15.11-hotfix.20200714-1int.zip", - "https://kubernetesartifacts.azureedge.net/kubernetes/v1.15.11-hotfix.20200817/windowszip/v1.15.11-hotfix.20200817-1int.zip", - "https://kubernetesartifacts.azureedge.net/kubernetes/v1.15.12/windowszip/v1.15.12-1int.zip", - "https://kubernetesartifacts.azureedge.net/kubernetes/v1.15.12-hotfix.20200714/windowszip/v1.15.12-hotfix.20200714-1int.zip", - "https://kubernetesartifacts.azureedge.net/kubernetes/v1.15.12-hotfix.20200623/windowszip/v1.15.12-hotfix.20200623-1int.zip", - "https://kubernetesartifacts.azureedge.net/kubernetes/v1.15.12-hotfix.20200817/windowszip/v1.15.12-hotfix.20200817-1int.zip", "https://kubernetesartifacts.azureedge.net/kubernetes/v1.16.13/windowszip/v1.16.13-1int.zip", "https://kubernetesartifacts.azureedge.net/kubernetes/v1.16.13-hotfix.20200714/windowszip/v1.16.13-hotfix.20200714-1int.zip", "https://kubernetesartifacts.azureedge.net/kubernetes/v1.16.13-hotfix.20200817/windowszip/v1.16.13-hotfix.20200817-1int.zip", diff --git a/vhd/packer/install-dependencies.sh b/vhd/packer/install-dependencies.sh index 8f55dedd2a..679f650fe3 100644 --- a/vhd/packer/install-dependencies.sh +++ b/vhd/packer/install-dependencies.sh @@ -143,7 +143,6 @@ done ADDON_RESIZER_VERSIONS=" 1.8.7 -1.8.4 " for ADDON_RESIZER_VERSION in ${ADDON_RESIZER_VERSIONS}; do CONTAINER_IMAGE="k8s.gcr.io/addon-resizer:${ADDON_RESIZER_VERSION}" @@ -240,7 +239,6 @@ CLUSTER_AUTOSCALER_VERSIONS=" 1.18.2 1.17.3 1.16.6 -1.15.7 " for CLUSTER_AUTOSCALER_VERSION in ${CLUSTER_AUTOSCALER_VERSIONS}; do CONTAINER_IMAGE="mcr.microsoft.com/oss/kubernetes/autoscaler/cluster-autoscaler:v${CLUSTER_AUTOSCALER_VERSION}" @@ -375,10 +373,6 @@ K8S_VERSIONS=" 1.16.15 1.16.14 1.16.14-azs -1.15.12 -1.15.12-azs -1.15.11 -1.15.11-azs " for KUBERNETES_VERSION in ${K8S_VERSIONS}; do if (( $(echo ${KUBERNETES_VERSION} | cut -d"." -f2) < 17 )); then