diff --git a/cluster/config-defaults.yaml b/cluster/config-defaults.yaml index d22f56b88d..0f2640c5e5 100644 --- a/cluster/config-defaults.yaml +++ b/cluster/config-defaults.yaml @@ -724,9 +724,6 @@ tracing_coredns_local_zone_traces_endpoint: "" # AMI id given the image name and the Image AWS account owner. # # [0]: https://github.com/zalando-incubator/cluster-lifecycle-manager/blob/8a9bd1cb2d094038a9e23e646421f8146b48886a/provisioner/template.go#L116 -kuberuntu_image_v1_30_jammy_amd64: {{ amiID "zalando-ubuntu-jammy-22.04-kubernetes-production-v1.30.2-amd64-master-341" "861068367966" }} -kuberuntu_image_v1_30_jammy_arm64: {{ amiID "zalando-ubuntu-jammy-22.04-kubernetes-production-v1.30.2-arm64-master-341" "861068367966" }} - kuberuntu_image_v1_31_jammy_amd64: {{ amiID "zalando-ubuntu-jammy-22.04-kubernetes-production-v1.31.0-amd64-master-347" "861068367966" }} kuberuntu_image_v1_31_jammy_arm64: {{ amiID "zalando-ubuntu-jammy-22.04-kubernetes-production-v1.31.0-arm64-master-347" "861068367966" }} @@ -799,7 +796,7 @@ ebs_csi_controller_sidecar_cpu: "10m" serialize_image_pulls: "false" # rate of image pull in the kubelet, see -# see https://github.com/kubernetes/kubernetes/blob/v1.30.0/staging/src/k8s.io/kubelet/config/v1beta1/types.go#L200-L212 +# see https://github.com/kubernetes/kubernetes/blob/v1.31.0/staging/src/k8s.io/kubelet/config/v1beta1/types.go#L200-L212 # # registryPullQPS is the limit of registry pulls per second. # The value must not be a negative number. diff --git a/cluster/manifests/01-vertical-pod-autoscaler/admission-controller-deployment.yaml b/cluster/manifests/01-vertical-pod-autoscaler/admission-controller-deployment.yaml index c6156f051a..d62576b433 100644 --- a/cluster/manifests/01-vertical-pod-autoscaler/admission-controller-deployment.yaml +++ b/cluster/manifests/01-vertical-pod-autoscaler/admission-controller-deployment.yaml @@ -26,9 +26,9 @@ spec: containers: - name: admission-controller {{if eq .Cluster.ConfigItems.vertical_pod_autoscaler_version "current"}} - image: container-registry.zalando.net/teapot/vpa-admission-controller:v1.1.2-main-5-custom + image: container-registry.zalando.net/teapot/vpa-admission-controller:v1.2.1-main-6-custom {{else if eq .Cluster.ConfigItems.vertical_pod_autoscaler_version "legacy"}} - image: container-registry.zalando.net/teapot/vpa-admission-controller:v1.1.2-main-2-custom + image: container-registry.zalando.net/teapot/vpa-admission-controller:v1.1.2-main-5-custom {{end}} command: - /admission-controller diff --git a/cluster/manifests/01-vertical-pod-autoscaler/recommender-deployment.yaml b/cluster/manifests/01-vertical-pod-autoscaler/recommender-deployment.yaml index a0c59ff187..371ad37ee8 100644 --- a/cluster/manifests/01-vertical-pod-autoscaler/recommender-deployment.yaml +++ b/cluster/manifests/01-vertical-pod-autoscaler/recommender-deployment.yaml @@ -24,9 +24,9 @@ spec: containers: - name: recommender {{if eq .Cluster.ConfigItems.vertical_pod_autoscaler_version "current"}} - image: container-registry.zalando.net/teapot/vpa-recommender:v1.1.2-main-5-custom + image: container-registry.zalando.net/teapot/vpa-recommender:v1.2.1-main-6-custom {{else if eq .Cluster.ConfigItems.vertical_pod_autoscaler_version "legacy"}} - image: container-registry.zalando.net/teapot/vpa-recommender:v1.1.2-main-2-custom + image: container-registry.zalando.net/teapot/vpa-recommender:v1.1.2-main-5-custom {{end}} args: - --logtostderr diff --git a/cluster/manifests/01-vertical-pod-autoscaler/updater-deployment.yaml b/cluster/manifests/01-vertical-pod-autoscaler/updater-deployment.yaml index d10b7b066b..d8ce0db434 100644 --- a/cluster/manifests/01-vertical-pod-autoscaler/updater-deployment.yaml +++ b/cluster/manifests/01-vertical-pod-autoscaler/updater-deployment.yaml @@ -24,9 +24,9 @@ spec: containers: - name: updater {{if eq .Cluster.ConfigItems.vertical_pod_autoscaler_version "current"}} - image: container-registry.zalando.net/teapot/vpa-updater:v1.1.2-main-5-custom + image: container-registry.zalando.net/teapot/vpa-updater:v1.2.1-main-6-custom {{else if eq .Cluster.ConfigItems.vertical_pod_autoscaler_version "legacy"}} - image: container-registry.zalando.net/teapot/vpa-updater:v1.1.2-main-2-custom + image: container-registry.zalando.net/teapot/vpa-updater:v1.1.2-main-5-custom {{end}} command: - ./updater diff --git a/cluster/manifests/02-kube-aws-iam-controller/deployment.yaml b/cluster/manifests/02-kube-aws-iam-controller/deployment.yaml index 8fdb542f20..d56f79e270 100644 --- a/cluster/manifests/02-kube-aws-iam-controller/deployment.yaml +++ b/cluster/manifests/02-kube-aws-iam-controller/deployment.yaml @@ -27,7 +27,7 @@ spec: hostNetwork: true containers: - name: kube-aws-iam-controller - image: container-registry.zalando.net/teapot/kube-aws-iam-controller:v0.3.0-33-g6df0443 + image: container-registry.zalando.net/teapot/kube-aws-iam-controller:v0.3.0-35-gdd6d128 env: - name: AWS_DEFAULT_REGION value: "{{.Cluster.Region}}" diff --git a/cluster/manifests/cluster-lifecycle-controller/deployment.yaml b/cluster/manifests/cluster-lifecycle-controller/deployment.yaml index e94d5db8ea..a953386f26 100644 --- a/cluster/manifests/cluster-lifecycle-controller/deployment.yaml +++ b/cluster/manifests/cluster-lifecycle-controller/deployment.yaml @@ -35,7 +35,7 @@ spec: operator: Exists containers: - name: cluster-lifecycle-controller - image: container-registry.zalando.net/teapot/cluster-lifecycle-controller:master-42 + image: container-registry.zalando.net/teapot/cluster-lifecycle-controller:master-43 args: - --drain-grace-period={{.Cluster.ConfigItems.drain_grace_period}} - --drain-min-pod-lifetime={{.Cluster.ConfigItems.drain_min_pod_lifetime}} diff --git a/cluster/manifests/deletions.yaml b/cluster/manifests/deletions.yaml index 60e9e44e9f..2a224a70fd 100644 --- a/cluster/manifests/deletions.yaml +++ b/cluster/manifests/deletions.yaml @@ -297,34 +297,10 @@ post_apply: namespace: kube-system {{ if ne .Cluster.ConfigItems.k8s_dashboard_enabled "true" }} -- name: kubernetes-dashboard - namespace: kube-system - kind: Deployment -- name: kubernetes-dashboard - namespace: kube-system - kind: Service -- name: dashboard-metrics-scraper - namespace: kube-system - kind: Service -- name: dashboard-metrics-scraper - namespace: kube-system - kind: Deployment -- name: kubernetes-dashboard - namespace: kube-system +- name: readonly-dashboard kind: Role -- name: kubernetes-dashboard namespace: kube-system +- name: readonly-dashboard kind: RoleBinding -- name: kubernetes-dashboard - kind: ClusterRole -- name: kubernetes-dashboard-internal - kind: ClusterRoleBinding -- name: kubernetes-dashboard-readonly - kind: ClusterRoleBinding -- name: dashboard-metrics-scraper-vpa namespace: kube-system - kind: VerticalPodAutoscaler -- name: kubernetes-dashboard - namespace: kube-system - kind: ServiceAccount {{ end }} diff --git a/cluster/manifests/emergency-access-service/deployment.yaml b/cluster/manifests/emergency-access-service/deployment.yaml index 6ea61e8131..02025861f0 100644 --- a/cluster/manifests/emergency-access-service/deployment.yaml +++ b/cluster/manifests/emergency-access-service/deployment.yaml @@ -41,7 +41,7 @@ spec: cpu: 25m memory: 25Mi - name: emergency-access-service - image: "container-registry.zalando.net/teapot/emergency-access-service:master-94" + image: "container-registry.zalando.net/teapot/emergency-access-service:master-95" args: - --insecure-http - --community={{ .Cluster.Owner }} diff --git a/cluster/manifests/fabric-gateway/deployment.yaml b/cluster/manifests/fabric-gateway/deployment.yaml index d6a96e4b34..bb1936d9e8 100644 --- a/cluster/manifests/fabric-gateway/deployment.yaml +++ b/cluster/manifests/fabric-gateway/deployment.yaml @@ -1,4 +1,5 @@ -# {{ $version := "master-289" }} +# {{ $image := "container-registry.zalando.net/gwproxy/fabric-gateway:master-289" }} +# {{ $version := index (split $image ":") 1 }} apiVersion: apps/v1 kind: Deployment metadata: @@ -38,7 +39,7 @@ spec: serviceAccountName: fabric-gateway-controller containers: - name: controller - image: container-registry.zalando.net/gwproxy/fabric-gateway:{{ $version }} + image: "{{ $image }}" args: - -update-fabric-gateway-status=true - -versioned-hosts-base-domain={{ .Values.hosted_zone }} diff --git a/cluster/manifests/kube-node-ready-controller/daemonset.yaml b/cluster/manifests/kube-node-ready-controller/daemonset.yaml index 05f50c49f3..d335c645a5 100644 --- a/cluster/manifests/kube-node-ready-controller/daemonset.yaml +++ b/cluster/manifests/kube-node-ready-controller/daemonset.yaml @@ -36,7 +36,7 @@ spec: effect: NoSchedule containers: - name: controller - image: container-registry.zalando.net/teapot/kube-node-ready-controller:master-28 + image: container-registry.zalando.net/teapot/kube-node-ready-controller:master-29 resources: requests: cpu: {{.Cluster.ConfigItems.kube_node_ready_controller_cpu}} diff --git a/cluster/manifests/metrics-server/deployment.yaml b/cluster/manifests/metrics-server/deployment.yaml index 32ec62d962..cd8d98c944 100644 --- a/cluster/manifests/metrics-server/deployment.yaml +++ b/cluster/manifests/metrics-server/deployment.yaml @@ -28,7 +28,7 @@ spec: serviceAccountName: metrics-server containers: - name: metrics-server - image: container-registry.zalando.net/teapot/metrics-server:v0.7.0-master-16 + image: container-registry.zalando.net/teapot/metrics-server:v0.7.2-master-18 args: - --cert-dir=/tmp - --secure-port=4443 diff --git a/cluster/manifests/nvidia/nvidia-gpu-device-plugin.yaml b/cluster/manifests/nvidia/nvidia-gpu-device-plugin.yaml index 0450d3e774..b230577454 100644 --- a/cluster/manifests/nvidia/nvidia-gpu-device-plugin.yaml +++ b/cluster/manifests/nvidia/nvidia-gpu-device-plugin.yaml @@ -60,7 +60,7 @@ spec: {{- end}} containers: - name: nvidia-gpu-device-plugin - image: container-registry.zalando.net/teapot/nvidia-gpu-device-plugin:v0.16.0-master-13 + image: container-registry.zalando.net/teapot/nvidia-gpu-device-plugin:v0.16.2-master-14 args: - --fail-on-init-error=false - --pass-device-specs diff --git a/cluster/manifests/prometheus/statefulset.yaml b/cluster/manifests/prometheus/statefulset.yaml index 41d67727d9..50927eb999 100644 --- a/cluster/manifests/prometheus/statefulset.yaml +++ b/cluster/manifests/prometheus/statefulset.yaml @@ -57,7 +57,7 @@ spec: mountPath: /prometheus containers: - name: prometheus - image: container-registry.zalando.net/teapot/prometheus:v2.53.1-master-56 + image: container-registry.zalando.net/teapot/prometheus:v2.53.1-master-57 args: - "--config.file=/prometheus/prometheus.yaml" - "--storage.tsdb.path=/prometheus/" diff --git a/cluster/manifests/roles/readonly-binding.yaml b/cluster/manifests/roles/readonly-binding.yaml index 708fcf8c93..4000a6b5ba 100644 --- a/cluster/manifests/roles/readonly-binding.yaml +++ b/cluster/manifests/roles/readonly-binding.yaml @@ -19,6 +19,7 @@ subjects: - kind: Group name: "okta:common/read-only" apiGroup: rbac.authorization.k8s.io +{{ if ne .Cluster.ConfigItems.k8s_dashboard_enabled "true" }} --- kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 @@ -42,6 +43,7 @@ subjects: - kind: Group name: "okta:common/read-only" apiGroup: rbac.authorization.k8s.io +{{ end }} --- kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 diff --git a/cluster/manifests/roles/readonly-dashboard.yaml b/cluster/manifests/roles/readonly-dashboard.yaml index ddd9fc2604..c85576295d 100644 --- a/cluster/manifests/roles/readonly-dashboard.yaml +++ b/cluster/manifests/roles/readonly-dashboard.yaml @@ -1,3 +1,4 @@ +{{ if ne .Cluster.ConfigItems.k8s_dashboard_enabled "true" }} apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: @@ -8,3 +9,4 @@ rules: resources: [ "services/proxy" ] verbs: [ "get" ] resourceNames: [ "kubernetes-dashboard" ] +{{ end }} diff --git a/cluster/manifests/skipper-canary-controller/canary-cronjob.yaml b/cluster/manifests/skipper-canary-controller/canary-cronjob.yaml index 8ec1de64b5..497074766d 100644 --- a/cluster/manifests/skipper-canary-controller/canary-cronjob.yaml +++ b/cluster/manifests/skipper-canary-controller/canary-cronjob.yaml @@ -12,6 +12,7 @@ spec: schedule: "*/30 * * * *" jobTemplate: spec: + backoffLimit: 0 template: metadata: labels: @@ -21,18 +22,30 @@ spec: serviceAccountName: skipper-canary-controller # Make sure the job run only once restartPolicy: Never - concurrencyPolicy: Forbid - backoffLimit: 0 containers: - name: skipper-canary-controller terminationMessagePolicy: FallbackToLogsOnError - image: container-registry.zalando.net/gwproxy/skipper-canary-controller:main-20 + image: container-registry.zalando.net/gwproxy/skipper-canary-controller:main-21 env: - name: _PLATFORM_OBSERVABILITY_ACCESS_TOKEN valueFrom: secretKeyRef: name: skipper-ingress key: lightstep-token + - name: _PLATFORM_OBSERVABILITY_COLLECTOR_SCHEME + value: "{{ .Cluster.ConfigItems.observability_collector_scheme }}" + - name: _PLATFORM_OBSERVABILITY_COLLECTOR_PORT + value: "{{ .Cluster.ConfigItems.observability_collector_port }}" + - name: _PLATFORM_OBSERVABILITY_COLLECTOR_ENDPOINT + value: "{{ .Cluster.ConfigItems.observability_collector_endpoint }}" + - name: _PLATFORM_OBSERVABILITY_METRICS_ENDPOINT + value: "{{ .Cluster.ConfigItems.observability_metrics_endpoint }}" + - name: _PLATFORM_OBSERVABILITY_METRICS_PORT + value: "{{ .Cluster.ConfigItems.observability_metrics_port }}" + - name: _PLATFORM_ACCOUNT + value: "{{ .Cluster.Alias }}" + - name: _PLATFORM_OBSERVABILITY_COMMON_ATTRIBUTE_CLOUD__ACCOUNT__ID + value: "{{ .Cluster.Alias }}" - name: LIGHTSTEP_DEBUG value: "true" args: diff --git a/cluster/manifests/skipper/deployment.yaml b/cluster/manifests/skipper/deployment.yaml index a54b6cac6a..b3643c0ad9 100644 --- a/cluster/manifests/skipper/deployment.yaml +++ b/cluster/manifests/skipper/deployment.yaml @@ -1,4 +1,4 @@ -{{ $internal_version := "v0.21.195-1014" }} +{{ $internal_version := "v0.21.198-1017" }} {{ $canary_internal_version := "v0.21.198-1017" }} {{/* Optional canary arguments separated by "[cf724afc]" to allow whitespaces, e.g. "-foo=has a whitespace[cf724afc]-baz=qux" */}} diff --git a/cluster/manifests/skipper/hostname-credentials-controller.yaml b/cluster/manifests/skipper/hostname-credentials-controller.yaml index 501b620760..d25227150e 100644 --- a/cluster/manifests/skipper/hostname-credentials-controller.yaml +++ b/cluster/manifests/skipper/hostname-credentials-controller.yaml @@ -1,5 +1,6 @@ # {{ if eq .Cluster.ConfigItems.skipper_oauth2_ui_login "true" }} -# {{ $version := "main-13" }} +# {{ $image := "container-registry.zalando.net/gwproxy/hostname-credentials-controller:main-14" }} +# {{ $version := index (split $image ":") 1 }} apiVersion: v1 kind: ServiceAccount metadata: @@ -124,7 +125,7 @@ spec: restartPolicy: Never containers: - name: controller - image: "container-registry.zalando.net/gwproxy/hostname-credentials-controller:{{ $version }}" + image: "{{ $image }}" terminationMessagePolicy: FallbackToLogsOnError args: - -ingress-selector=application diff --git a/cluster/node-pools/master-default/userdata.yaml b/cluster/node-pools/master-default/userdata.yaml index 3b87c4144a..b87b22b19e 100644 --- a/cluster/node-pools/master-default/userdata.yaml +++ b/cluster/node-pools/master-default/userdata.yaml @@ -206,7 +206,7 @@ write_files: limits: memory: {{ .Values.InstanceInfo.MemoryFraction (parseInt64 .Cluster.ConfigItems.apiserver_memory_limit_percent)}} {{- end }} - - image: 926694233939.dkr.ecr.eu-central-1.amazonaws.com/production_namespace/teapot/admission-controller:master-211 + - image: 926694233939.dkr.ecr.eu-central-1.amazonaws.com/production_namespace/teapot/admission-controller:master-216 name: admission-controller lifecycle: preStop: