Skip to content

Commit 08db483

Browse files
acornett21acornett21
authored
updating dependencies to k8s 1.31 (#6878)
* updating dependencies to k8s 1.31 Signed-off-by: Adam D. Cornett <[email protected]> * adding k8s 1.31 change document Signed-off-by: Adam D. Cornett <[email protected]> * fixing go mod tidy issue Signed-off-by: Adam D. Cornett <[email protected]> --------- Signed-off-by: Adam D. Cornett <[email protected]>
1 parent 53dd00c commit 08db483

34 files changed

+948
-692
lines changed

Makefile

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@ export IMAGE_VERSION = v1.38.0
99
export SIMPLE_VERSION = $(shell (test "$(shell git describe --tags)" = "$(shell git describe --tags --abbrev=0)" && echo $(shell git describe --tags)) || echo $(shell git describe --tags --abbrev=0)+git)
1010
export GIT_VERSION = $(shell git describe --dirty --tags --always)
1111
export GIT_COMMIT = $(shell git rev-parse HEAD)
12-
export K8S_VERSION = 1.30.0
12+
export K8S_VERSION = 1.31.0
1313

1414
# Build settings
1515
export TOOLS_DIR = tools/bin
@@ -176,12 +176,12 @@ cluster-create::
176176

177177
.PHONY: dev-install
178178
dev-install::
179-
$(SCRIPTS_DIR)/fetch kind 0.23.0
179+
$(SCRIPTS_DIR)/fetch kind 0.24.0
180180
$(SCRIPTS_DIR)/fetch kubectl $(K8S_VERSION) # Install kubectl AFTER envtest because envtest includes its own kubectl binary
181181

182182
.PHONY: test-e2e-teardown
183183
test-e2e-teardown:
184-
$(SCRIPTS_DIR)/fetch kind 0.23.0
184+
$(SCRIPTS_DIR)/fetch kind 0.24.0
185185
$(TOOLS_DIR)/kind delete cluster --name $(KIND_CLUSTER)
186186
rm -f $(KUBECONFIG)
187187

changelog/fragments/01-document-k8s-1-31-changes.yaml

Lines changed: 164 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,164 @@
1+
# entries is a list of entries to include in
2+
# release notes and/or the migration guide
3+
entries:
4+
- description: >
5+
For Go-based, Helm-based and Ansible-based operators this release moves to Kubernetes 1.31 API's and Kubebuilder
6+
v4 Scaffolding, specifically utilizing the v4.2.0 version. The update to Kubebuiler results in some scaffolding
7+
changes which more information can be found below:
8+
- Add support to protect project with [network policies](https://kubernetes.io/docs/concepts/services-networking/network-policies/) ([#3853](https://github.com/kubernetes-sigs/kubebuilder/pull/3853))
9+
10+
# kind is one of:
11+
# - addition
12+
# - change
13+
# - deprecation
14+
# - removal
15+
# - bugfix
16+
kind: "change"
17+
18+
# Is this a breaking change?
19+
breaking: false
20+
21+
# NOTE: ONLY USE `pull_request_override` WHEN ADDING THIS
22+
# FILE FOR A PREVIOUSLY MERGED PULL_REQUEST!
23+
#
24+
# The generator auto-detects the PR number from the commit
25+
# message in which this file was originally added.
26+
#
27+
# What is the pull request number (without the "#")?
28+
# pull_request_override: 0
29+
30+
31+
# Migration can be defined to automatically add a section to
32+
# the migration guide. This is required for breaking changes.
33+
migration:
34+
header: Upgrade K8s versions to use 1.31 and Kubebuilder network-policy scaffolding
35+
body: |
36+
This release contains a decent amount of migrations, but not nearly as many as the [previous versions migrations](https://sdk.operatorframework.io/docs/upgrading-sdk-version/v1.38.0/)
37+
so this release should be easier to follow.
38+
39+
1) [helm/v1, ansible/v1] Update the kustomize version in your Makefile
40+
```diff
41+
- curl -sSLo - https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize/v5.3.2/kustomize_v5.3.0_$(OS)_$(ARCH).tar.gz | \
42+
+ curl -sSLo - https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize/v5.4.3/kustomize_v5.4.2_$(OS)_$(ARCH).tar.gz | \
43+
```
44+
45+
2) [go/v4] Update your `go.mod` file to upgrade the dependencies and run `go mod tidy` to download them
46+
```go
47+
github.com/onsi/ginkgo/v2 v2.17.1
48+
github.com/onsi/gomega v1.32.0
49+
k8s.io/api v0.30.1
50+
k8s.io/apimachinery v0.30.1
51+
k8s.io/client-go v0.30.1
52+
sigs.k8s.io/controller-runtime v0.18.4
53+
github.com/onsi/ginkgo/v2 v2.19.0
54+
github.com/onsi/gomega v1.33.1
55+
k8s.io/api v0.31.0
56+
k8s.io/apimachinery v0.31.0
57+
k8s.io/client-go v0.31.0
58+
sigs.k8s.io/controller-runtime v0.19.0
59+
```
60+
61+
3) [go/v4] Update your `Makefile` with the below changes:
62+
```diff
63+
- ENVTEST_K8S_VERSION = 1.30.0
64+
+ ENVTEST_K8S_VERSION = 1.31.0
65+
```
66+
67+
```diff
68+
- KUSTOMIZE_VERSION ?= v5.4.2
69+
- CONTROLLER_TOOLS_VERSION ?= v0.15.0
70+
- ENVTEST_VERSION ?= release-0.18
71+
+ KUSTOMIZE_VERSION ?= v5.4.3
72+
+ CONTROLLER_TOOLS_VERSION ?= v0.16.1
73+
+ ENVTEST_VERSION ?= release-0.19
74+
```
75+
76+
4) [go/v4] Update your `main.go` file with the below changes:
77+
```diff
78+
- // - https://pkg.go.dev/sigs.k8s.io/[email protected]/pkg/metrics/server
79+
+ // - https://pkg.go.dev/sigs.k8s.io/[email protected]/pkg/metrics/server
80+
81+
- // https://pkg.go.dev/sigs.k8s.io/[email protected]/pkg/metrics/filters#WithAuthenticationAndAuthorization
82+
+ // https://pkg.go.dev/sigs.k8s.io/[email protected]/pkg/metrics/filters#WithAuthenticationAndAuthorization
83+
```
84+
85+
5) [go/v4, helm/v1, ansible/v1] Update your `/config/default/kustomization.yaml` file with the below changes:
86+
```diff
87+
+# [NETWORK POLICY] Protect the /metrics endpoint and Webhook Server with NetworkPolicy.
88+
+# Only Pod(s) running a namespace labeled with 'metrics: enabled' will be able to gather the metrics.
89+
+# Only CR(s) which requires webhooks and are applied on namespaces labeled with 'webhooks: enabled' will
90+
+# be able to communicate with the Webhook Server.
91+
+#- ../network-policy
92+
```
93+
94+
6) [go/v4, helm/v1, ansible/v1] Add `/config/network-policy/allow-metrics-traffic.yaml`
95+
```diff
96+
+ # This NetworkPolicy allows ingress traffic
97+
+ # with Pods running on namespaces labeled with 'metrics: enabled'. Only Pods on those
98+
+ # namespaces are able to gathering data from the metrics endpoint.
99+
+ apiVersion: networking.k8s.io/v1
100+
+ kind: NetworkPolicy
101+
+ metadata:
102+
+ labels:
103+
+ app.kubernetes.io/name: memcached-operator
104+
+ app.kubernetes.io/managed-by: kustomize
105+
+ name: allow-metrics-traffic
106+
+ namespace: system
107+
+ spec:
108+
+ podSelector:
109+
+ matchLabels:
110+
+ control-plane: controller-manager
111+
+ policyTypes:
112+
+ - Ingress
113+
+ ingress:
114+
+ # This allows ingress traffic from any namespace with the label metrics: enabled
115+
+ - from:
116+
+ - namespaceSelector:
117+
+ matchLabels:
118+
+ metrics: enabled # Only from namespaces with this label
119+
+ ports:
120+
+ - port: 8443
121+
+ protocol: TCP
122+
```
123+
124+
7) [helm/v1, ansible/v1] Add `/config/network-policy/kustomization.yaml`
125+
```diff
126+
+ resources:
127+
+ - allow-metrics-traffic.yaml
128+
129+
8) [go/v4] Add `/config/network-policy/allow-webhook-traffic.yaml`
130+
```diff
131+
+ # This NetworkPolicy allows ingress traffic to your webhook server running
132+
+ # as part of the controller-manager from specific namespaces and pods. CR(s) which uses webhooks
133+
+ # will only work when applied in namespaces labeled with 'webhook: enabled'
134+
+ apiVersion: networking.k8s.io/v1
135+
+ kind: NetworkPolicy
136+
+ metadata:
137+
+ labels:
138+
+ app.kubernetes.io/name: memcached-operator
139+
+ app.kubernetes.io/managed-by: kustomize
140+
+ name: allow-webhook-traffic
141+
+ namespace: system
142+
+ spec:
143+
+ podSelector:
144+
+ matchLabels:
145+
+ control-plane: controller-manager
146+
+ policyTypes:
147+
+ - Ingress
148+
+ ingress:
149+
+ # This allows ingress traffic from any namespace with the label webhook: enabled
150+
+ - from:
151+
+ - namespaceSelector:
152+
+ matchLabels:
153+
+ webhook: enabled # Only from namespaces with this label
154+
+ ports:
155+
+ - port: 443
156+
+ protocol: TCP
157+
```
158+
159+
9) [go/v4] Add `/config/network-policy/kustomization.yaml`
160+
```diff
161+
+ resources:
162+
+ - allow-webhook-traffic.yaml
163+
+ - allow-metrics-traffic.yaml
164+
```

0 commit comments

Comments
 (0)