Merge pull request #8194 from zalando-incubator/alpha-to-beta

alpha to beta

cluster/config-defaults.yaml

@@ -724,9 +724,6 @@ tracing_coredns_local_zone_traces_endpoint: ""
 # AMI id given the image name and the Image AWS account owner.
 #
 # [0]: https://github.com/zalando-incubator/cluster-lifecycle-manager/blob/8a9bd1cb2d094038a9e23e646421f8146b48886a/provisioner/template.go#L116
-kuberuntu_image_v1_30_jammy_amd64: {{ amiID "zalando-ubuntu-jammy-22.04-kubernetes-production-v1.30.2-amd64-master-341" "861068367966" }}
-kuberuntu_image_v1_30_jammy_arm64: {{ amiID "zalando-ubuntu-jammy-22.04-kubernetes-production-v1.30.2-arm64-master-341" "861068367966" }}
-
 kuberuntu_image_v1_31_jammy_amd64: {{ amiID "zalando-ubuntu-jammy-22.04-kubernetes-production-v1.31.0-amd64-master-347" "861068367966" }}
 kuberuntu_image_v1_31_jammy_arm64: {{ amiID "zalando-ubuntu-jammy-22.04-kubernetes-production-v1.31.0-arm64-master-347" "861068367966" }}
 
@@ -799,7 +796,7 @@ ebs_csi_controller_sidecar_cpu: "10m"
 serialize_image_pulls: "false"
 
 # rate of image pull in the kubelet, see
-# see https://github.com/kubernetes/kubernetes/blob/v1.30.0/staging/src/k8s.io/kubelet/config/v1beta1/types.go#L200-L212
+# see https://github.com/kubernetes/kubernetes/blob/v1.31.0/staging/src/k8s.io/kubelet/config/v1beta1/types.go#L200-L212
 #
 # registryPullQPS is the limit of registry pulls per second.
 # The value must not be a negative number.

cluster/manifests/01-vertical-pod-autoscaler/admission-controller-deployment.yaml

@@ -26,9 +26,9 @@ spec:
       containers:
       - name: admission-controller
         {{if eq .Cluster.ConfigItems.vertical_pod_autoscaler_version "current"}}
-        image: container-registry.zalando.net/teapot/vpa-admission-controller:v1.1.2-main-5-custom
+        image: container-registry.zalando.net/teapot/vpa-admission-controller:v1.2.1-main-6-custom
         {{else if eq .Cluster.ConfigItems.vertical_pod_autoscaler_version "legacy"}}
-        image: container-registry.zalando.net/teapot/vpa-admission-controller:v1.1.2-main-2-custom
+        image: container-registry.zalando.net/teapot/vpa-admission-controller:v1.1.2-main-5-custom
         {{end}}
         command:
           - /admission-controller

cluster/manifests/01-vertical-pod-autoscaler/recommender-deployment.yaml

@@ -24,9 +24,9 @@ spec:
       containers:
       - name: recommender
         {{if eq .Cluster.ConfigItems.vertical_pod_autoscaler_version "current"}}
-        image: container-registry.zalando.net/teapot/vpa-recommender:v1.1.2-main-5-custom
+        image: container-registry.zalando.net/teapot/vpa-recommender:v1.2.1-main-6-custom
         {{else if eq .Cluster.ConfigItems.vertical_pod_autoscaler_version "legacy"}}
-        image: container-registry.zalando.net/teapot/vpa-recommender:v1.1.2-main-2-custom
+        image: container-registry.zalando.net/teapot/vpa-recommender:v1.1.2-main-5-custom
         {{end}}
         args:
         - --logtostderr

cluster/manifests/01-vertical-pod-autoscaler/updater-deployment.yaml

@@ -24,9 +24,9 @@ spec:
       containers:
       - name: updater
         {{if eq .Cluster.ConfigItems.vertical_pod_autoscaler_version "current"}}
-        image: container-registry.zalando.net/teapot/vpa-updater:v1.1.2-main-5-custom
+        image: container-registry.zalando.net/teapot/vpa-updater:v1.2.1-main-6-custom
         {{else if eq .Cluster.ConfigItems.vertical_pod_autoscaler_version "legacy"}}
-        image: container-registry.zalando.net/teapot/vpa-updater:v1.1.2-main-2-custom
+        image: container-registry.zalando.net/teapot/vpa-updater:v1.1.2-main-5-custom
         {{end}}
         command:
           - ./updater

cluster/manifests/02-kube-aws-iam-controller/deployment.yaml

@@ -27,7 +27,7 @@ spec:
       hostNetwork: true
       containers:
       - name: kube-aws-iam-controller
-        image: container-registry.zalando.net/teapot/kube-aws-iam-controller:v0.3.0-33-g6df0443
+        image: container-registry.zalando.net/teapot/kube-aws-iam-controller:v0.3.0-35-gdd6d128
         env:
         - name: AWS_DEFAULT_REGION
           value: "{{.Cluster.Region}}"

cluster/manifests/cluster-lifecycle-controller/deployment.yaml

@@ -35,7 +35,7 @@ spec:
         operator: Exists
       containers:
       - name: cluster-lifecycle-controller
-        image: container-registry.zalando.net/teapot/cluster-lifecycle-controller:master-42
+        image: container-registry.zalando.net/teapot/cluster-lifecycle-controller:master-43
         args:
             - --drain-grace-period={{.Cluster.ConfigItems.drain_grace_period}}
             - --drain-min-pod-lifetime={{.Cluster.ConfigItems.drain_min_pod_lifetime}}

cluster/manifests/deletions.yaml

@@ -297,34 +297,10 @@ post_apply:
   namespace: kube-system
 
 {{ if ne .Cluster.ConfigItems.k8s_dashboard_enabled "true" }}
-- name: kubernetes-dashboard
-  namespace: kube-system
-  kind: Deployment
-- name: kubernetes-dashboard
-  namespace: kube-system
-  kind: Service
-- name: dashboard-metrics-scraper
-  namespace: kube-system
-  kind: Service
-- name: dashboard-metrics-scraper
-  namespace: kube-system
-  kind: Deployment
-- name: kubernetes-dashboard
-  namespace: kube-system
+- name: readonly-dashboard
   kind: Role
-- name: kubernetes-dashboard
   namespace: kube-system
+- name: readonly-dashboard
   kind: RoleBinding
-- name: kubernetes-dashboard
-  kind: ClusterRole
-- name: kubernetes-dashboard-internal
-  kind: ClusterRoleBinding
-- name: kubernetes-dashboard-readonly
-  kind: ClusterRoleBinding
-- name: dashboard-metrics-scraper-vpa
   namespace: kube-system
-  kind: VerticalPodAutoscaler
-- name: kubernetes-dashboard
-  namespace: kube-system
-  kind: ServiceAccount
 {{ end }}

cluster/manifests/emergency-access-service/deployment.yaml

@@ -41,7 +41,7 @@ spec:
             cpu: 25m
             memory: 25Mi
       - name: emergency-access-service
-        image: "container-registry.zalando.net/teapot/emergency-access-service:master-94"
+        image: "container-registry.zalando.net/teapot/emergency-access-service:master-95"
         args:
         - --insecure-http
         - --community={{ .Cluster.Owner }}

cluster/manifests/fabric-gateway/deployment.yaml

@@ -1,4 +1,5 @@
-# {{ $version := "master-289" }}
+# {{ $image := "container-registry.zalando.net/gwproxy/fabric-gateway:master-289" }}
+# {{ $version := index (split $image ":") 1 }}
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -38,7 +39,7 @@ spec:
       serviceAccountName: fabric-gateway-controller
       containers:
         - name: controller
-          image: container-registry.zalando.net/gwproxy/fabric-gateway:{{ $version }}
+          image: "{{ $image }}"
           args:
             - -update-fabric-gateway-status=true
             - -versioned-hosts-base-domain={{ .Values.hosted_zone }}

cluster/manifests/kube-node-ready-controller/daemonset.yaml

@@ -36,7 +36,7 @@ spec:
         effect: NoSchedule
       containers:
       - name: controller
-        image: container-registry.zalando.net/teapot/kube-node-ready-controller:master-28
+        image: container-registry.zalando.net/teapot/kube-node-ready-controller:master-29
         resources:
           requests:
             cpu: {{.Cluster.ConfigItems.kube_node_ready_controller_cpu}}

cluster/manifests/metrics-server/deployment.yaml

@@ -28,7 +28,7 @@ spec:
       serviceAccountName: metrics-server
       containers:
       - name: metrics-server
-        image: container-registry.zalando.net/teapot/metrics-server:v0.7.0-master-16
+        image: container-registry.zalando.net/teapot/metrics-server:v0.7.2-master-18
         args:
         - --cert-dir=/tmp
         - --secure-port=4443

cluster/manifests/nvidia/nvidia-gpu-device-plugin.yaml

@@ -60,7 +60,7 @@ spec:
 {{- end}}
       containers:
       - name: nvidia-gpu-device-plugin
-        image: container-registry.zalando.net/teapot/nvidia-gpu-device-plugin:v0.16.0-master-13
+        image: container-registry.zalando.net/teapot/nvidia-gpu-device-plugin:v0.16.2-master-14
         args:
         - --fail-on-init-error=false
         - --pass-device-specs

cluster/manifests/prometheus/statefulset.yaml

@@ -57,7 +57,7 @@ spec:
           mountPath: /prometheus
       containers:
       - name: prometheus
-        image: container-registry.zalando.net/teapot/prometheus:v2.53.1-master-56
+        image: container-registry.zalando.net/teapot/prometheus:v2.53.1-master-57
         args:
         - "--config.file=/prometheus/prometheus.yaml"
         - "--storage.tsdb.path=/prometheus/"

cluster/manifests/roles/readonly-binding.yaml

@@ -19,6 +19,7 @@ subjects:
   - kind: Group
     name: "okta:common/read-only"
     apiGroup: rbac.authorization.k8s.io
+{{ if ne .Cluster.ConfigItems.k8s_dashboard_enabled "true" }}
 ---
 kind: RoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
@@ -42,6 +43,7 @@ subjects:
   - kind: Group
     name: "okta:common/read-only"
     apiGroup: rbac.authorization.k8s.io
+{{ end }}
 ---
 kind: RoleBinding
 apiVersion: rbac.authorization.k8s.io/v1

cluster/manifests/roles/readonly-dashboard.yaml

@@ -1,3 +1,4 @@
+{{ if ne .Cluster.ConfigItems.k8s_dashboard_enabled "true" }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
@@ -8,3 +9,4 @@ rules:
     resources: [ "services/proxy" ]
     verbs: [ "get" ]
     resourceNames: [ "kubernetes-dashboard" ]
+{{ end }}

cluster/manifests/skipper-canary-controller/canary-cronjob.yaml

@@ -12,6 +12,7 @@ spec:
   schedule: "*/30 * * * *"
   jobTemplate:
     spec:
+      backoffLimit: 0
       template:
         metadata:
           labels:
@@ -21,18 +22,30 @@ spec:
           serviceAccountName: skipper-canary-controller
           # Make sure the job run only once
           restartPolicy: Never
-          concurrencyPolicy: Forbid
-          backoffLimit: 0
           containers:
           - name: skipper-canary-controller
             terminationMessagePolicy: FallbackToLogsOnError
-            image: container-registry.zalando.net/gwproxy/skipper-canary-controller:main-20
+            image: container-registry.zalando.net/gwproxy/skipper-canary-controller:main-21
             env:
             - name: _PLATFORM_OBSERVABILITY_ACCESS_TOKEN
               valueFrom:
                 secretKeyRef:
                   name: skipper-ingress
                   key: lightstep-token
+            - name: _PLATFORM_OBSERVABILITY_COLLECTOR_SCHEME
+              value: "{{ .Cluster.ConfigItems.observability_collector_scheme }}"
+            - name: _PLATFORM_OBSERVABILITY_COLLECTOR_PORT
+              value: "{{ .Cluster.ConfigItems.observability_collector_port }}"
+            - name: _PLATFORM_OBSERVABILITY_COLLECTOR_ENDPOINT
+              value: "{{ .Cluster.ConfigItems.observability_collector_endpoint }}"
+            - name: _PLATFORM_OBSERVABILITY_METRICS_ENDPOINT
+              value: "{{ .Cluster.ConfigItems.observability_metrics_endpoint }}"
+            - name: _PLATFORM_OBSERVABILITY_METRICS_PORT
+              value:  "{{ .Cluster.ConfigItems.observability_metrics_port }}"
+            - name: _PLATFORM_ACCOUNT
+              value: "{{ .Cluster.Alias }}"
+            - name: _PLATFORM_OBSERVABILITY_COMMON_ATTRIBUTE_CLOUD__ACCOUNT__ID
+              value: "{{ .Cluster.Alias }}"
             - name: LIGHTSTEP_DEBUG
               value: "true"
             args:

cluster/manifests/skipper/deployment.yaml

@@ -1,4 +1,4 @@
-{{ $internal_version := "v0.21.195-1014" }}
+{{ $internal_version := "v0.21.198-1017" }}
 {{ $canary_internal_version := "v0.21.198-1017" }}
 
 {{/* Optional canary arguments separated by "[cf724afc]" to allow whitespaces, e.g. "-foo=has a whitespace[cf724afc]-baz=qux" */}}

cluster/manifests/skipper/hostname-credentials-controller.yaml

@@ -1,5 +1,6 @@
 # {{ if eq .Cluster.ConfigItems.skipper_oauth2_ui_login "true" }}
-# {{ $version := "main-13" }}
+# {{ $image := "container-registry.zalando.net/gwproxy/hostname-credentials-controller:main-14" }}
+# {{ $version := index (split $image ":") 1 }}
 apiVersion: v1
 kind: ServiceAccount
 metadata:
@@ -124,7 +125,7 @@ spec:
           restartPolicy: Never
           containers:
             - name: controller
-              image: "container-registry.zalando.net/gwproxy/hostname-credentials-controller:{{ $version }}"
+              image: "{{ $image }}"
               terminationMessagePolicy: FallbackToLogsOnError
               args:
                 - -ingress-selector=application

cluster/node-pools/master-default/userdata.yaml

@@ -206,7 +206,7 @@ write_files:
             limits:
               memory: {{ .Values.InstanceInfo.MemoryFraction (parseInt64 .Cluster.ConfigItems.apiserver_memory_limit_percent)}}
 {{- end }}
-        - image: 926694233939.dkr.ecr.eu-central-1.amazonaws.com/production_namespace/teapot/admission-controller:master-211
+        - image: 926694233939.dkr.ecr.eu-central-1.amazonaws.com/production_namespace/teapot/admission-controller:master-216
           name: admission-controller
           lifecycle:
             preStop: