Update package manager instructions with community-hosted repos

Signed-off-by: Marko Mudrinić <[email protected]>
kubernetes · Jul 28, 2023 · 8284b7b · 8284b7b
1 parent 5984c64
commit 8284b7b
Show file tree

Hide file tree

Showing 5 changed files with 497 additions and 22 deletions.
diff --git a/...nt/en/docs/setup/production-environment/tools/kubeadm/create-cluster-kubeadm.md b/...nt/en/docs/setup/production-environment/tools/kubeadm/create-cluster-kubeadm.md
@@ -76,9 +76,8 @@ Install a {{< glossary_tooltip term_id="container-runtime" text="container runti
 For detailed instructions and other prerequisites, see [Installing kubeadm](/docs/setup/production-environment/tools/kubeadm/install-kubeadm/).
 
 {{< note >}}
-If you have already installed kubeadm, run
-`apt-get update && apt-get upgrade` or
-`yum update` to get the latest version of kubeadm.
+If you have already installed kubeadm, see the first two steps of the
+[Upgrading Linux nodes](/docs/tasks/administer-cluster/kubeadm/upgrading-linux-nodes) document for instructions on how to upgrade kubeadm.
 
 When you upgrade, the kubelet restarts every few seconds as it waits in a crashloop for
 kubeadm to tell it what to do. This crashloop is expected and normal.

diff --git a/content/en/docs/setup/production-environment/tools/kubeadm/install-kubeadm.md b/content/en/docs/setup/production-environment/tools/kubeadm/install-kubeadm.md
@@ -144,9 +144,66 @@ For more information on version skews, see:
 * Kubernetes [version and version-skew policy](/docs/setup/release/version-skew-policy/)
 * Kubeadm-specific [version skew policy](/docs/setup/production-environment/tools/kubeadm/create-cluster-kubeadm/#version-skew-policy)
 
+{{< warning >}}
+Kubernetes has two different package repositories starting from August 2023.
+The Google-hosted repository is considered deprecated and we will stop
+publishing packages to that repository starting with Kubernetes 1.30.0.
+The community-hosted repositories are replacement for the Google-hosted
+repository. There are some important considerations for the community-hosted
+repositories:
+
+- We strongly recommend using the community-hosted repositories especially for
+  new setups. For existing setups, we recommend migrating to the community-hosted
+  repositories. The migration process is described in the following document: TBD.
+- The community-hosted repositories contain only packages starting with
+  Kubernetes 1.24.0. Earlier versions are available only in the Google-hosted
+  repository.
+- We have a different repository for each Kubernetes minor release.
+  Please take this into consideration when upgrading to the next minor release.
+
+For more information about community-hosted repositories, we recommend
+checking out the following document: TBD
+{{< /warning >}}
+
 {{< tabs name="k8s_install" >}}
 {{% tab name="Debian-based distributions" %}}
 
+### Community-hosted repositories
+
+1. Update the `apt` package index and install packages needed to use the Kubernetes `apt` repository:
+
+   ```shell
+   sudo apt-get update
+   sudo apt-get install -y apt-transport-https ca-certificates curl
+   ```
+
+2. Download the public signing key for community-hosted repositories. The same signing key is used for all repositories so you can disregard the version in the URL:
+
+   ```shell
+   curl -fsSL https://pkgs.k8s.io/core:/stable:/{{< param "version" >}}/deb/Release.key | sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg
+   ```
+
+3. Add the appropriate community-hosted Kubernetes `apt` repository. If you want to use Kubernetes version different than {{< param "version" >}},
+   replace {{< param "version" >}} with the desired minor version in the command below:
+
+   ```shell
+   echo 'deb https://pkgs.k8s.io/core:/stable:/{{< param "version" >}}/deb/ /' | sudo tee /etc/apt/sources.list.d/kubernetes.list
+   ```
+
+4. Update `apt` package index, install kubelet, kubeadm and kubectl, and pin their version:
+
+   ```shell
+   sudo apt-get update
+   sudo apt-get install -y kubelet kubeadm kubectl
+   sudo apt-mark hold kubelet kubeadm kubectl
+   ```
+{{< note >}}
+In releases older than Debian 12 and Ubuntu 22.04, `/etc/apt/keyrings` does not exist by default.
+You can create this directory if you need to, making it world-readable but writeable only by admins.
+{{< /note >}}
+
+### Google-hosted repository (Deprecated)
+
 1. Update the `apt` package index and install packages needed to use the Kubernetes `apt` repository:
 
    ```shell
@@ -160,7 +217,7 @@ For more information on version skews, see:
    curl -fsSL https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-archive-keyring.gpg
    ```
 
-3. Add the Kubernetes `apt` repository:
+3. Add the Google-hosted Kubernetes `apt` repository:
 
    ```shell
    echo "deb [signed-by=/etc/apt/keyrings/kubernetes-archive-keyring.gpg] https://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.list
@@ -180,7 +237,56 @@ You can create this directory if you need to, making it world-readable but write
 
 {{% /tab %}}
 {{% tab name="Red Hat-based distributions" %}}
-```bash
+
+### Prerequisites
+
+These prerequisites must be satisfied regardless if you're using
+community-hosted or Google-hosted repositories.
+
+1. Set SELinux in the permissive mode:
+
+```shell
+# Set SELinux in permissive mode (effectively disabling it)
+sudo setenforce 0
+sudo sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config
+```
+
+  **Notes:**
+
+  - Setting SELinux in permissive mode by running `setenforce 0` and `sed ...` effectively disables it.
+    This is required to allow containers to access the host filesystem, which is needed by pod networks for example.
+    You have to do this until SELinux support is improved in the kubelet.
+
+  - You can leave SELinux enabled if you know how to configure it but it may require settings that are not supported by kubeadm.
+
+### Community-hosted repositories
+
+1. Add the community-hosted Kubernetes `yum` repository. If you want to use Kubernetes version different than {{< param "version" >}}, replace {{< param "version" >}} with the desired minor version in the command below:
+
+```shell
+cat <<EOF | sudo tee /etc/yum.repos.d/kubernetes.repo
+[kubernetes]
+name=Kubernetes
+baseurl=https://pkgs.k8s.io/core:/stable:/{{< param "version" >}}/rpm/
+enabled=1
+gpgcheck=1
+gpgkey=https://pkgs.k8s.io/core:/stable:/{{< param "version" >}}/rpm/repodata/repomd.xml.key
+exclude=kubelet kubeadm kubectl
+EOF
+```
+
+3. Install kubelet, kubeadm and kubectl, and enable kubelet to ensure it's automatically started on startup:
+
+```shell
+sudo yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes
+sudo systemctl enable --now kubelet
+```
+
+### Google-hosted repository (Deprecated)
+
+2. Add the Google-hosted Kubernetes `yum` repository:
+
+```shell
 cat <<EOF | sudo tee /etc/yum.repos.d/kubernetes.repo
 [kubernetes]
 name=Kubernetes
@@ -190,24 +296,17 @@ gpgcheck=1
 gpgkey=https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
 exclude=kubelet kubeadm kubectl
 EOF
+```
 
-# Set SELinux in permissive mode (effectively disabling it)
-sudo setenforce 0
-sudo sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config
+3. Install kubelet, kubeadm and kubectl, and enable kubelet to ensure it's automatically started on startup:
 
+```shell
 sudo yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes
-
 sudo systemctl enable --now kubelet
 ```
 
   **Notes:**
 
-  - Setting SELinux in permissive mode by running `setenforce 0` and `sed ...` effectively disables it.
-    This is required to allow containers to access the host filesystem, which is needed by pod networks for example.
-    You have to do this until SELinux support is improved in the kubelet.
-
-  - You can leave SELinux enabled if you know how to configure it but it may require settings that are not supported by kubeadm.
-
   - If the `baseurl` fails because your Red Hat-based distribution cannot interpret `basearch`, replace `\$basearch` with your computer's architecture.
   Type `uname -m` to see that value.
   For example, the `baseurl` URL for `x86_64` could be: `https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64`.

diff --git a/content/en/docs/tasks/administer-cluster/kubeadm/kubeadm-upgrade.md b/content/en/docs/tasks/administer-cluster/kubeadm/kubeadm-upgrade.md
@@ -52,6 +52,148 @@ The upgrade workflow at high level is the following:
 
 <!-- steps -->
 
+## Changing the package repository
+
+{{< warning >}}
+<!-- TBD: Add a link -->
+Follow this step only if you use the community-hosted repositories.
+{{< /warning >}}
+
+{{< tabs name="k8s_install_versions" >}}
+{{% tab name="Ubuntu, Debian or HypriotOS" %}}
+
+Check if you're using the community-hosted repositories or the Google-hosted
+repository:
+
+```shell
+cat /etc/apt/sources.list.d/kubernetes.list
+```
+
+If you see the URL similar to:
+
+```
+deb https://pkgs.k8s.io/core:/stable:/v{{< skew currentVersionAddMinor -1 "." >}}/deb/ /
+```
+
+**You're using the community-hosted repositories and you need to change
+the package repository.** Otherwise, skip to the next step, but please note that,
+we strongly recommend migrating to the community-hosted repositories as
+the Google-hosted repository is considered deprecated. See the following
+document for more information about migrating to the community-hosted
+repositories: TBD
+
+{{< note >}}
+The URL for the community-hosted repositories is not limited to `pkgs.k8s.io`,
+it can be one of:
+
+- `pkgs.k8s.io`
+- `pkgs.kubernetes.io`
+- `packages.kubernetes.io`
+- `packages.kubernetes.io`
+{{</ note >}}
+
+Change the repository URL in a way that the URL contains the Kubernetes
+minor version that you want to upgrade to. Open the `apt` repository definition
+in a text editor of your choice, for example:
+
+```shell
+nano /etc/apt/sources.list.d/kubernetes.list
+```
+
+You will see a single line with the URL that contains your current Kubernetes
+minor version. For example, if you're using v{{< skew currentVersionAddMinor -1 "." >}},
+you should see this:
+
+```
+deb https://pkgs.k8s.io/core:/stable:/v{{< skew currentVersionAddMinor -1 "." >}}/deb/ /
+```
+
+Change the version to the next available minor release, for example:
+
+```
+deb https://pkgs.k8s.io/core:/stable:/{{< param "version" >}}/deb/ /
+```
+
+Save the file and exit your text editor.
+
+{{% /tab %}}
+{{% tab name="CentOS, RHEL or Fedora" %}}
+
+Check if you're using the community-hosted repositories or the Google-hosted
+repository:
+
+```shell
+cat /etc/yum.repos.d/kubernetes.repo
+```
+
+If you see the `baseurl` similar to `baseurl` in the output below:
+
+```
+[kubernetes]
+name=Kubernetes
+baseurl=https://pkgs.k8s.io/core:/stable:/v{{< skew currentVersionAddMinor -1 "." >}}/rpm/
+enabled=1
+gpgcheck=1
+gpgkey=https://pkgs.k8s.io/core:/stable:/v{{< skew currentVersionAddMinor -1 "." >}}/rpm/repodata/repomd.xml.key
+exclude=kubelet kubeadm kubectl
+```
+
+**You're using the community-hosted repositories and you need to change
+the package repository.** Otherwise, skip to the next step, but please note that,
+we strongly recommend migrating to the community-hosted repositories as
+the Google-hosted repository is considered deprecated. See the following
+document for more information about migrating to the community-hosted
+repositories: TBD
+
+{{< note >}}
+The URL for the community-hosted repositories is not limited to `pkgs.k8s.io`,
+it can be one of:
+
+- `pkgs.k8s.io`
+- `pkgs.kubernetes.io`
+- `packages.kubernetes.io`
+- `packages.kubernetes.io`
+{{</ note >}}
+
+Change the repository URLs in a way that URLs contain the Kubernetes
+minor version that you want to upgrade to. Open the `yum` repository definition
+in a text editor of your choice, for example:
+
+```shell
+nano /etc/yum.repos.d/kubernetes.repo
+```
+
+You will see two lines with URLs that contain your current Kubernetes
+minor version. For example, if you're using v{{< skew currentVersionAddMinor -1 "." >}},
+you should see this:
+
+```
+[kubernetes]
+name=Kubernetes
+baseurl=https://pkgs.k8s.io/core:/stable:/v{{< skew currentVersionAddMinor -1 "." >}}/rpm/
+enabled=1
+gpgcheck=1
+gpgkey=https://pkgs.k8s.io/core:/stable:/v{{< skew currentVersionAddMinor -1 "." >}}/rpm/repodata/repomd.xml.key
+exclude=kubelet kubeadm kubectl
+```
+
+Change the version to the next available minor release, for example:
+
+```
+[kubernetes]
+name=Kubernetes
+baseurl=https://pkgs.k8s.io/core:/stable:/v{{< param "version" >}}/rpm/
+enabled=1
+gpgcheck=1
+gpgkey=https://pkgs.k8s.io/core:/stable:/v{{< param "version" >}}/rpm/repodata/repomd.xml.key
+exclude=kubelet kubeadm kubectl
+```
+
+Save the file and exit your text editor.
+
+{{% /tab %}}
+{{< /tabs >}}
+
 ## Determine which version to upgrade to
 
 Find the latest patch release for Kubernetes {{< skew currentVersion >}} using the OS package manager: