From 8443e1411716bbf86ac92b6ec3ebe3e19324b381 Mon Sep 17 00:00:00 2001 From: Abhishek Kumar Date: Wed, 13 Aug 2025 14:59:44 +0530 Subject: [PATCH 1/6] feat: add Kubernetes 1.33 support and upgrade Calico to 3.30.0 --- docs/CONFIG-VARS.md | 4 ++-- docs/REQUIREMENTS.md | 4 ++-- docs/user/Dependencies.md | 2 +- examples/vsphere/sample-terraform-dhcp.tfvars | 4 ++-- examples/vsphere/sample-terraform-minimal.tfvars | 4 ++-- examples/vsphere/sample-terraform-static-ips.tfvars | 4 ++-- .../vsphere/sample-terraform-static-singlestore.tfvars | 4 ++-- examples/vsphere/sample-terraform-vi.tfvars | 4 ++-- tests/variable_defaults.tftest.hcl | 10 +++++----- variables.tf | 2 +- 10 files changed, 21 insertions(+), 21 deletions(-) diff --git a/docs/CONFIG-VARS.md b/docs/CONFIG-VARS.md index 637c016..8c07d97 100644 --- a/docs/CONFIG-VARS.md +++ b/docs/CONFIG-VARS.md @@ -69,9 +69,9 @@ Terraform input variables can be set in the following ways: | Name | Description | Type | Default | Notes | | :--- | :--- | :--- | :--- | :--- | -| cluster_version | Kubernetes version | string | "1.30.10" | Valid values are listed here: [SAS Viya platform Supported Kubernetes Versions](https://documentation.sas.com/?cdcId=itopscdc&cdcVersion=default&docsetId=itopssr&docsetTarget=n1ika6zxghgsoqn1mq4bck9dx695.htm#p03v0o4maa8oidn1awe0w4xlxcf6). | +| cluster_version | Kubernetes version | string | "1.32.7" | Valid values are listed here: [SAS Viya platform Supported Kubernetes Versions](https://documentation.sas.com/?cdcId=itopscdc&cdcVersion=default&docsetId=itopssr&docsetTarget=n1ika6zxghgsoqn1mq4bck9dx695.htm#p03v0o4maa8oidn1awe0w4xlxcf6). | | cluster_cni | Kubernetes container network interface (CNI) | string | "calico" | | -| cluster_cni_version | Kubernetes Container Network Interface (CNI) Version | string | "3.29.0" | | +| cluster_cni_version | Kubernetes Container Network Interface (CNI) Version | string | "3.30.0" | | | cluster_cri | Kubernetes container runtime interface (CRI) | string | "containerd" | | | cluster_cri_version | Version of the CRI specifed by `cluster_cri` to be installed | string | "1.7.24" | Set as an empty string to use the latest upstream version from the Docker APT repository. Currently only containerd is supported, see the [releases page](https://github.com/containerd/containerd/releases) for available versions | | cluster_service_subnet | Kubernetes service subnet | string | "10.43.0.0/16" | | diff --git a/docs/REQUIREMENTS.md b/docs/REQUIREMENTS.md index 9e1ffdf..53a3915 100644 --- a/docs/REQUIREMENTS.md +++ b/docs/REQUIREMENTS.md @@ -215,9 +215,9 @@ vsphere_network = "" # Name of the network to to use for the VMs system_ssh_keys_dir = "~/.ssh" # Directory holding public keys to be used on each machine # Kubernetes - Cluster -cluster_version = "1.30.10" # Kubernetes version +cluster_version = "1.32.7" # Kubernetes version cluster_cni = "calico" # Kubernetes Container Network Interface (CNI) -cluster_cni_version = "3.29.0" # Kubernetes Container Network Interface (CNI) Version +cluster_cni_version = "3.30.0" # Kubernetes Container Network Interface (CNI) Version cluster_cri = "containerd" # Kubernetes Container Runtime Interface (CRI) cluster_cri_version = "1.7.24" # Kubernetes Container Runtime Interface (CRI) Version cluster_service_subnet = "10.35.0.0/16" # Kubernetes service subnet diff --git a/docs/user/Dependencies.md b/docs/user/Dependencies.md index 51b6941..efa4eac 100644 --- a/docs/user/Dependencies.md +++ b/docs/user/Dependencies.md @@ -54,7 +54,7 @@ Example of using build arguments to control specific versions of dependencies in ```bash # Override kubectl version docker build \ - --build-arg KUBECTL_VERSION=1.30.10 \ + --build-arg KUBECTL_VERSION=1.32.7 \ -t viya4-iac-k8s . ``` diff --git a/examples/vsphere/sample-terraform-dhcp.tfvars b/examples/vsphere/sample-terraform-dhcp.tfvars index 4b8f01d..a765942 100644 --- a/examples/vsphere/sample-terraform-dhcp.tfvars +++ b/examples/vsphere/sample-terraform-dhcp.tfvars @@ -18,9 +18,9 @@ vsphere_network = "" # Name of the network to to use for the VMs system_ssh_keys_dir = "~/.ssh/oss" # Directory holding public keys to be used on each system # Kubernetes - Cluster -cluster_version = "1.30.10" # Kubernetes Version +cluster_version = "1.32.7" # Kubernetes Version cluster_cni = "calico" # Kubernetes Container Network Interface (CNI) -cluster_cni_version = "3.29.0" # Kubernetes Container Network Interface (CNI) Version +cluster_cni_version = "3.30.0" # Kubernetes Container Network Interface (CNI) Version cluster_cri = "containerd" # Kubernetes Container Runtime Interface (CRI) cluster_cri_version = "1.7.24" # Kubernetes Container Runtime Interface (CRI) Version cluster_service_subnet = "10.43.0.0/16" # Kubernetes Service Subnet diff --git a/examples/vsphere/sample-terraform-minimal.tfvars b/examples/vsphere/sample-terraform-minimal.tfvars index 233c595..50dab3d 100644 --- a/examples/vsphere/sample-terraform-minimal.tfvars +++ b/examples/vsphere/sample-terraform-minimal.tfvars @@ -18,9 +18,9 @@ vsphere_network = "" # Name of the network to to use for the VMs system_ssh_keys_dir = "~/.ssh/oss" # Directory holding public keys to be used on each system # Kubernetes - Cluster -cluster_version = "1.30.10" # Kubernetes Version +cluster_version = "1.32.7" # Kubernetes Version cluster_cni = "calico" # Kubernetes Container Network Interface (CNI) -cluster_cni_version = "3.29.0" # Kubernetes Container Network Interface (CNI) Version +cluster_cni_version = "3.30.0" # Kubernetes Container Network Interface (CNI) Version cluster_cri = "containerd" # Kubernetes Container Runtime Interface (CRI) cluster_cri_version = "1.7.24" # Kubernetes Container Runtime Interface (CRI) Version cluster_service_subnet = "10.43.0.0/16" # Kubernetes Service Subnet diff --git a/examples/vsphere/sample-terraform-static-ips.tfvars b/examples/vsphere/sample-terraform-static-ips.tfvars index 0cbfc43..5f3f07b 100644 --- a/examples/vsphere/sample-terraform-static-ips.tfvars +++ b/examples/vsphere/sample-terraform-static-ips.tfvars @@ -18,9 +18,9 @@ vsphere_network = "" # Name of the network to to use for the VMs system_ssh_keys_dir = "~/.ssh/oss" # Directory holding public keys to be used on each system # Kubernetes - Cluster -cluster_version = "1.30.10" # Kubernetes Version +cluster_version = "1.32.7" # Kubernetes Version cluster_cni = "calico" # Kubernetes Container Network Interface (CNI) -cluster_cni_version = "3.29.0" # Kubernetes Container Network Interface (CNI) Version +cluster_cni_version = "3.30.0" # Kubernetes Container Network Interface (CNI) Version cluster_cri = "containerd" # Kubernetes Container Runtime Interface (CRI) cluster_cri_version = "1.7.24" # Kubernetes Container Runtime Interface (CRI) Version cluster_service_subnet = "10.43.0.0/16" # Kubernetes Service Subnet diff --git a/examples/vsphere/sample-terraform-static-singlestore.tfvars b/examples/vsphere/sample-terraform-static-singlestore.tfvars index 00b0a9c..c078304 100644 --- a/examples/vsphere/sample-terraform-static-singlestore.tfvars +++ b/examples/vsphere/sample-terraform-static-singlestore.tfvars @@ -18,9 +18,9 @@ vsphere_network = "" # Name of the network to to use for the VMs system_ssh_keys_dir = "~/.ssh/oss" # Directory holding public keys to be used on each system # Kubernetes - Cluster -cluster_version = "1.30.10" # Kubernetes Version +cluster_version = "1.32.7" # Kubernetes Version cluster_cni = "calico" # Kubernetes Container Network Interface (CNI) -cluster_cni_version = "3.29.0" # Kubernetes Container Network Interface (CNI) Version +cluster_cni_version = "3.30.0" # Kubernetes Container Network Interface (CNI) Version cluster_cri = "containerd" # Kubernetes Container Runtime Interface (CRI) cluster_cri_version = "1.7.24" # Kubernetes Container Runtime Interface (CRI) Version cluster_service_subnet = "10.43.0.0/16" # Kubernetes Service Subnet diff --git a/examples/vsphere/sample-terraform-vi.tfvars b/examples/vsphere/sample-terraform-vi.tfvars index d622083..70f00a7 100644 --- a/examples/vsphere/sample-terraform-vi.tfvars +++ b/examples/vsphere/sample-terraform-vi.tfvars @@ -18,9 +18,9 @@ vsphere_network = "" # Name of the network to to use for the VMs system_ssh_keys_dir = "~/.ssh/oss" # Directory holding public keys to be used on each system # Kubernetes - Cluster -cluster_version = "1.30.10" # Kubernetes Version +cluster_version = "1.32.7" # Kubernetes Version cluster_cni = "calico" # Kubernetes Container Network Interface (CNI) -cluster_cni_version = "3.29.0" # Kubernetes Container Network Interface (CNI) Version +cluster_cni_version = "3.30.0" # Kubernetes Container Network Interface (CNI) Version cluster_cri = "containerd" # Kubernetes Container Runtime Interface (CRI) cluster_cri_version = "1.7.24" # Kubernetes Container Runtime Interface (CRI) Version cluster_service_subnet = "10.43.0.0/16" # Kubernetes Service Subnet diff --git a/tests/variable_defaults.tftest.hcl b/tests/variable_defaults.tftest.hcl index eedd56f..9f9adec 100644 --- a/tests/variable_defaults.tftest.hcl +++ b/tests/variable_defaults.tftest.hcl @@ -10,7 +10,7 @@ # # The expected values are: # - cluster_cni: "calico" -# - cluster_cni_version: "3.29.0" +# - cluster_cni_version: "3.30.0" # # In order to run this test, the following environment variables must be exported to the shell where the test is run: # - vsphere_server @@ -54,10 +54,10 @@ vsphere_network = "IACdhcp" # Name of the network to to use for the VMs system_ssh_keys_dir = "/workspace/.ssh" # Directory holding public keys to be used on each system, TODO REPLACE ME your path may differ # Kubernetes - Cluster -cluster_version = "1.30.4" # Kubernetes Version + cluster_version = "1.32.7" # Kubernetes Version # The next two lines are intentionally commented out to test the assigned default values #cluster_cni = "calico" # Kubernetes Container Network Interface (CNI) -#cluster_cni_version = "3.29.0" # Kubernetes Container Network Interface (CNI) Version + #cluster_cni_version = "3.30.0" # Kubernetes Container Network Interface (CNI) Version cluster_cri = "containerd" # Kubernetes Container Runtime Interface (CRI) cluster_cri_version = "1.7.24" # Kubernetes Container Runtime Interface (CRI) Version cluster_service_subnet = "10.43.0.0/16" # Kubernetes Service Subnet @@ -243,7 +243,7 @@ run "cluster_cni_should_default_to_calico" { } } -run "cluster_cni_version_should_default_to_3_29_0" { +run "cluster_cni_version_should_default_to_3_30_0" { command = plan @@ -251,7 +251,7 @@ run "cluster_cni_version_should_default_to_3_29_0" { } assert { - condition = var.cluster_cni_version == "3.29.0" + condition = var.cluster_cni_version == "3.30.0" error_message = "A default value of \"${var.cluster_cni_version}\" for cluster_cni_version was not expected." } } diff --git a/variables.tf b/variables.tf index 6acec57..ff1b1df 100644 --- a/variables.tf +++ b/variables.tf @@ -307,7 +307,7 @@ variable "cluster_cni" { variable "cluster_cni_version" { type = string - default = "3.29.0" + default = "3.30.0" } variable "cluster_cri" { From ef090ce1193bdae86077a04911471b3d748310b8 Mon Sep 17 00:00:00 2001 From: Abhishek Kumar Date: Wed, 13 Aug 2025 17:01:58 +0530 Subject: [PATCH 2/6] feat: add Kubernetes 1.33 support and upgrade Calico to 3.30.0 --- .github/workflows/linter-analysis.yaml | 2 +- Dockerfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/linter-analysis.yaml b/.github/workflows/linter-analysis.yaml index 07f6ac1..6968c11 100644 --- a/.github/workflows/linter-analysis.yaml +++ b/.github/workflows/linter-analysis.yaml @@ -94,6 +94,6 @@ jobs: run: ansible-galaxy install -r ./requirements.yaml - name: Run ansible-lint Action - uses: ansible/ansible-lint-action@v6.17.0 + uses: ansible/ansible-lint@v6.17.0 env: ANSIBLE_ROLES_PATH: "./roles" diff --git a/Dockerfile b/Dockerfile index bb30c7e..3fb9801 100644 --- a/Dockerfile +++ b/Dockerfile @@ -9,7 +9,7 @@ RUN apt-get update && apt-get upgrade -y --no-install-recommends \ # Layers used for building/downloading/installing tools FROM baseline AS tool_builder ARG HELM_VERSION=3.17.1 -ARG KUBECTL_VERSION=1.30.10 +ARG KUBECTL_VERSION=1.32.7 ARG TERRAFORM_VERSION=1.10.5-* WORKDIR /build From 4a9d248edf73d827a96ec6906dea3682cdcdd038 Mon Sep 17 00:00:00 2001 From: Abhishek Kumar Date: Wed, 13 Aug 2025 17:51:55 +0530 Subject: [PATCH 3/6] feat: add Kubernetes 1.33 support and upgrade Calico to 3.30.0 --- .github/workflows/linter-analysis.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/linter-analysis.yaml b/.github/workflows/linter-analysis.yaml index 6968c11..d2d777e 100644 --- a/.github/workflows/linter-analysis.yaml +++ b/.github/workflows/linter-analysis.yaml @@ -77,7 +77,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Repo - uses: actions/checkout@v3 + uses: actions/checkout@v4 # The latest ansible/ansible-lint-action removed the # ability to specify configs from other dirs From 02d5148e97840ca72ac5cded89ee9a921edcd32d Mon Sep 17 00:00:00 2001 From: Abhishek Kumar Date: Wed, 13 Aug 2025 18:09:59 +0530 Subject: [PATCH 4/6] feat: add Kubernetes 1.33 support and upgrade Calico to 3.30.0 --- .github/workflows/linter-analysis.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/linter-analysis.yaml b/.github/workflows/linter-analysis.yaml index d2d777e..07f6ac1 100644 --- a/.github/workflows/linter-analysis.yaml +++ b/.github/workflows/linter-analysis.yaml @@ -77,7 +77,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Repo - uses: actions/checkout@v4 + uses: actions/checkout@v3 # The latest ansible/ansible-lint-action removed the # ability to specify configs from other dirs @@ -94,6 +94,6 @@ jobs: run: ansible-galaxy install -r ./requirements.yaml - name: Run ansible-lint Action - uses: ansible/ansible-lint@v6.17.0 + uses: ansible/ansible-lint-action@v6.17.0 env: ANSIBLE_ROLES_PATH: "./roles" From 1d8ecd0735c59cd2cb93a49621515a4c40f7d83d Mon Sep 17 00:00:00 2001 From: Abhishek Kumar Date: Tue, 23 Sep 2025 11:29:53 +0530 Subject: [PATCH 5/6] fix(ansible/docker): improve unattended-upgrades handling and Dockerfile tooling --- Dockerfile | 56 ++++++++++++++----- .../init/primary/templates/kubeadm-config.j2 | 23 ++++++-- roles/systems/common/tasks/main.yaml | 10 +++- 3 files changed, 68 insertions(+), 21 deletions(-) diff --git a/Dockerfile b/Dockerfile index 3fb9801..d265ce4 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,39 +1,65 @@ # Base layer FROM ubuntu:22.04 AS baseline + RUN apt-get update && apt-get upgrade -y --no-install-recommends \ - && apt-get install -y python3 python3-dev python3-pip curl unzip gnupg --no-install-recommends \ + && apt-get install -y \ + python3 python3-dev python3-pip \ + curl unzip gnupg lsb-release ca-certificates software-properties-common \ + --no-install-recommends \ && update-alternatives --install /usr/bin/python python /usr/bin/python3 1 \ && update-alternatives --install /usr/bin/pip pip /usr/bin/pip3 1 \ && apt-get clean && rm -rf /var/lib/apt/lists/* -# Layers used for building/downloading/installing tools + +# Tool building layer FROM baseline AS tool_builder + ARG HELM_VERSION=3.17.1 -ARG KUBECTL_VERSION=1.32.7 -ARG TERRAFORM_VERSION=1.10.5-* +ARG KUBECTL_VERSION=1.32.7fix(ansible/docker): improve unattended-upgrades handling and Dockerfile tooling -WORKDIR /build +ARG TERRAFORM_VERSION=1.10.5 +WORKDIR /build SHELL ["/bin/bash", "-o", "pipefail", "-c"] -RUN curl -fsSL https://apt.releases.hashicorp.com/gpg | apt-key add - \ - && echo "deb [arch=amd64] https://apt.releases.hashicorp.com focal main" > /etc/apt/sources.list.d/tf.list \ - && apt-get update \ - && curl -sLO https://dl.k8s.io/release/v$KUBECTL_VERSION/bin/linux/amd64/kubectl && chmod 755 ./kubectl \ - && curl -ksLO https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 && chmod 755 get-helm-3 \ - && ./get-helm-3 --version v$HELM_VERSION --no-sudo \ - && apt-get install -y terraform=$TERRAFORM_VERSION --no-install-recommends \ + +# Install kubectl +RUN curl -sLO https://dl.k8s.io/release/v${KUBECTL_VERSION}/bin/linux/amd64/kubectl \ + && chmod 755 ./kubectl + +# Install helm +RUN curl -fsSL https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 -o get-helm-3 \ + && chmod 755 get-helm-3 \ + && ./get-helm-3 --version v${HELM_VERSION} --no-sudo + +# Install terraform (APT + fallback to binary) +RUN set -e \ + && curl -fsSL https://apt.releases.hashicorp.com/gpg | gpg --dearmor -o /usr/share/keyrings/hashicorp.gpg \ + && echo "deb [signed-by=/usr/share/keyrings/hashicorp.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" > /etc/apt/sources.list.d/hashicorp.list \ + && apt-get update || true \ + && (apt-get install -y terraform=${TERRAFORM_VERSION} --no-install-recommends || \ + (echo "APT install failed. Falling back to direct download..." && \ + curl -fsSL https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_linux_amd64.zip -o terraform.zip \ + && unzip terraform.zip \ + && mv terraform /usr/bin/terraform \ + && chmod +x /usr/bin/terraform \ + && rm terraform.zip)) \ && apt-get clean && rm -rf /var/lib/apt/lists/* -# Installation steps + +# Final image with tools and dependencies FROM baseline -RUN apt-get update && apt-get -y install git sshpass jq \ +# Install additional packages +RUN apt-get update && apt-get install -y \ + git sshpass jq \ && apt-get clean && rm -rf /var/lib/apt/lists/* +# Copy tools from builder stage COPY --from=tool_builder /usr/local/bin/helm /usr/local/bin/helm COPY --from=tool_builder /build/kubectl /usr/local/bin/kubectl COPY --from=tool_builder /usr/bin/terraform /usr/bin/terraform +# Copy your source WORKDIR /viya4-iac-k8s COPY . /viya4-iac-k8s/ @@ -53,4 +79,4 @@ ENV TF_VAR_ansible_vars=/workspace/ansible-vars.yaml ENV ANSIBLE_CONFIG=/viya4-iac-k8s/ansible.cfg VOLUME ["/workspace"] -ENTRYPOINT ["/viya4-iac-k8s/docker-entrypoint.sh"] +ENTRYPOINT ["/viya4-iac-k8s/docker-entrypoint.sh"] \ No newline at end of file diff --git a/roles/kubernetes/control_plane/init/primary/templates/kubeadm-config.j2 b/roles/kubernetes/control_plane/init/primary/templates/kubeadm-config.j2 index c24965e..93cb23b 100644 --- a/roles/kubernetes/control_plane/init/primary/templates/kubeadm-config.j2 +++ b/roles/kubernetes/control_plane/init/primary/templates/kubeadm-config.j2 @@ -7,14 +7,21 @@ # # kubeadm Configuration : https://kubernetes.io/docs/reference/config-api/kubeadm-config.v1beta2/ # -{% if kubernetes_version is version('1.26.0', 'lt', version_type='semver') %} -apiVersion: kubeadm.k8s.io/v1beta2 -{% else %} +{% if kubernetes_version is version('1.31.0', 'lt', version_type='semver') %} apiVersion: kubeadm.k8s.io/v1beta3 +{% elif kubernetes_version is version('1.33.0', 'lt', version_type='semver') %} +apiVersion: kubeadm.k8s.io/v1beta4 +{% else %} +apiVersion: kubeadm.k8s.io/v1 {% endif %} kind: ClusterConfiguration certificatesDir: /etc/kubernetes/pki kubernetesVersion: v{{ kubernetes_version }} +clusterName: "{{ kubernetes_cluster_name }}" +controlPlaneEndpoint: "{{ kubernetes_vip_fqdn }}:6443" + +imageRepository: registry.k8s.io + apiServer: certSANs: - "{{ kubernetes_vip_fqdn }}" @@ -37,7 +44,11 @@ clusterName: "{{ kubernetes_cluster_name }}" # # Kubelet Configuration : https://kubernetes.io/docs/reference/config-api/kubelet-config.v1beta1/ # +{% if kubernetes_version is version('1.31.0', 'lt', version_type='semver') %} apiVersion: kubelet.config.k8s.io/v1beta1 +{% else %} +apiVersion: kubelet.config.k8s.io/v1beta2 +{% endif %} kind: KubeletConfiguration authentication: anonymous: @@ -51,11 +62,15 @@ cgroupDriver: systemd # # kube-proxy Configuration : https://kubernetes.io/docs/reference/config-api/kube-proxy-config.v1alpha1/ # +{% if kubernetes_version is version('1.31.0', 'lt', version_type='semver') %} apiVersion: kubeproxy.config.k8s.io/v1alpha1 +{% else %} +apiVersion: kubeproxy.config.k8s.io/v1beta1 +{% endif %} kind: KubeProxyConfiguration mode: "ipvs" ipvs: strictARP: true metricsBindAddress: "0.0.0.0:10249" enableProfiling: true -clusterCIDR: "{{ kubernetes_pod_subnet }}" +clusterCIDR: "{{ kubernetes_pod_subnet }}" \ No newline at end of file diff --git a/roles/systems/common/tasks/main.yaml b/roles/systems/common/tasks/main.yaml index f148668..475afda 100644 --- a/roles/systems/common/tasks/main.yaml +++ b/roles/systems/common/tasks/main.yaml @@ -47,8 +47,9 @@ # - name: Kill the unattended-upgrade task if it's running ansible.builtin.shell: | - killall -q -9 unattended-upgrade 2>&1 /dev/null - ignore_errors: true + if pgrep -x unattended-upgrade >/dev/null; then + killall -q -9 unattended-upgrade + fi tags: - install - update @@ -57,7 +58,12 @@ ansible.builtin.apt: name: unattended-upgrades state: absent + purge: true + register: apt_remove_result + until: apt_remove_result is succeeded + retries: 5 # retry up to 5 times + delay: 30 # wait 30s between retries tags: - install - update From eb7042e577822044df99743f1ddc922b24cbdd35 Mon Sep 17 00:00:00 2001 From: Abhishek Kumar Date: Tue, 23 Sep 2025 11:30:18 +0530 Subject: [PATCH 6/6] fix(ansible/docker): improve unattended-upgrades handling and Dockerfile tooling --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index d265ce4..ea2e6c2 100644 --- a/Dockerfile +++ b/Dockerfile @@ -15,7 +15,7 @@ RUN apt-get update && apt-get upgrade -y --no-install-recommends \ FROM baseline AS tool_builder ARG HELM_VERSION=3.17.1 -ARG KUBECTL_VERSION=1.32.7fix(ansible/docker): improve unattended-upgrades handling and Dockerfile tooling +ARG KUBECTL_VERSION=1.32.7 ARG TERRAFORM_VERSION=1.10.5