feat: add Kubernetes 1.33 support and upgrade Calico to 3.30.0

Dockerfile

@@ -1,39 +1,65 @@
 # Base layer
 FROM ubuntu:22.04 AS baseline
+
 RUN apt-get update && apt-get upgrade -y --no-install-recommends \
-  && apt-get install -y python3 python3-dev python3-pip curl unzip gnupg --no-install-recommends \
+  && apt-get install -y \
+      python3 python3-dev python3-pip \
+      curl unzip gnupg lsb-release ca-certificates software-properties-common \
+      --no-install-recommends \
   && update-alternatives --install /usr/bin/python python /usr/bin/python3 1 \
   && update-alternatives --install /usr/bin/pip pip /usr/bin/pip3 1 \
   && apt-get clean && rm -rf /var/lib/apt/lists/*
 
-# Layers used for building/downloading/installing tools
+
+# Tool building layer
 FROM baseline AS tool_builder
+
 ARG HELM_VERSION=3.17.1
-ARG KUBECTL_VERSION=1.30.10
-ARG TERRAFORM_VERSION=1.10.5-*
+ARG KUBECTL_VERSION=1.32.7
 
-WORKDIR /build
+ARG TERRAFORM_VERSION=1.10.5
 
+WORKDIR /build
 SHELL ["/bin/bash", "-o", "pipefail", "-c"]
-RUN curl -fsSL https://apt.releases.hashicorp.com/gpg | apt-key add - \
-  && echo "deb [arch=amd64] https://apt.releases.hashicorp.com focal main" > /etc/apt/sources.list.d/tf.list \
-  && apt-get update \
-  && curl -sLO https://dl.k8s.io/release/v$KUBECTL_VERSION/bin/linux/amd64/kubectl && chmod 755 ./kubectl \
-  && curl -ksLO https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 && chmod 755 get-helm-3 \
-  && ./get-helm-3 --version v$HELM_VERSION --no-sudo \
-  && apt-get install -y terraform=$TERRAFORM_VERSION --no-install-recommends \
+
+# Install kubectl
+RUN curl -sLO https://dl.k8s.io/release/v${KUBECTL_VERSION}/bin/linux/amd64/kubectl \
+  && chmod 755 ./kubectl
+
+# Install helm
+RUN curl -fsSL https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 -o get-helm-3 \
+  && chmod 755 get-helm-3 \
+  && ./get-helm-3 --version v${HELM_VERSION} --no-sudo
+
+# Install terraform (APT + fallback to binary)
+RUN set -e \
+  && curl -fsSL https://apt.releases.hashicorp.com/gpg | gpg --dearmor -o /usr/share/keyrings/hashicorp.gpg \
+  && echo "deb [signed-by=/usr/share/keyrings/hashicorp.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" > /etc/apt/sources.list.d/hashicorp.list \
+  && apt-get update || true \
+  && (apt-get install -y terraform=${TERRAFORM_VERSION} --no-install-recommends || \
+      (echo "APT install failed. Falling back to direct download..." && \
+       curl -fsSL https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_linux_amd64.zip -o terraform.zip \
+       && unzip terraform.zip \
+       && mv terraform /usr/bin/terraform \
+       && chmod +x /usr/bin/terraform \
+       && rm terraform.zip)) \
   && apt-get clean && rm -rf /var/lib/apt/lists/*
 
-# Installation steps
+
+# Final image with tools and dependencies
 FROM baseline
 
-RUN apt-get update && apt-get -y install git sshpass jq \
+# Install additional packages
+RUN apt-get update && apt-get install -y \
+      git sshpass jq \
   && apt-get clean && rm -rf /var/lib/apt/lists/*
 
+# Copy tools from builder stage
 COPY --from=tool_builder /usr/local/bin/helm /usr/local/bin/helm
 COPY --from=tool_builder /build/kubectl /usr/local/bin/kubectl
 COPY --from=tool_builder /usr/bin/terraform /usr/bin/terraform
 
+# Copy your source
 WORKDIR /viya4-iac-k8s
 COPY . /viya4-iac-k8s/
 
@@ -53,4 +79,4 @@ ENV TF_VAR_ansible_vars=/workspace/ansible-vars.yaml
 ENV ANSIBLE_CONFIG=/viya4-iac-k8s/ansible.cfg
 
 VOLUME ["/workspace"]
-ENTRYPOINT ["/viya4-iac-k8s/docker-entrypoint.sh"]
+ENTRYPOINT ["/viya4-iac-k8s/docker-entrypoint.sh"]

docs/CONFIG-VARS.md

@@ -69,9 +69,9 @@ Terraform input variables can be set in the following ways:
 
 | Name | Description | Type | Default | Notes |
 | :--- | :--- | :--- | :--- | :--- |
-| cluster_version        | Kubernetes version | string | "1.30.10" | Valid values are listed here: [SAS Viya platform Supported Kubernetes Versions](https://documentation.sas.com/?cdcId=itopscdc&cdcVersion=default&docsetId=itopssr&docsetTarget=n1ika6zxghgsoqn1mq4bck9dx695.htm#p03v0o4maa8oidn1awe0w4xlxcf6). |
+| cluster_version        | Kubernetes version | string | "1.32.7" | Valid values are listed here: [SAS Viya platform Supported Kubernetes Versions](https://documentation.sas.com/?cdcId=itopscdc&cdcVersion=default&docsetId=itopssr&docsetTarget=n1ika6zxghgsoqn1mq4bck9dx695.htm#p03v0o4maa8oidn1awe0w4xlxcf6). |
 | cluster_cni            | Kubernetes container network interface (CNI) | string | "calico" | |
-| cluster_cni_version    | Kubernetes Container Network Interface (CNI) Version | string | "3.29.0" | |
+| cluster_cni_version    | Kubernetes Container Network Interface (CNI) Version | string | "3.30.0" | |
 | cluster_cri            | Kubernetes container runtime interface (CRI) | string | "containerd" | |
 | cluster_cri_version    | Version of the CRI specifed by `cluster_cri` to be installed  | string | "1.7.24" | Set as an empty string to use the latest upstream version from the Docker APT repository. Currently only containerd is supported, see the [releases page](https://github.com/containerd/containerd/releases) for available versions |
 | cluster_service_subnet | Kubernetes service subnet | string | "10.43.0.0/16" | |

docs/REQUIREMENTS.md

@@ -215,9 +215,9 @@ vsphere_network       = "" # Name of the network to to use for the VMs
 system_ssh_keys_dir = "~/.ssh" # Directory holding public keys to be used on each machine
 
 # Kubernetes - Cluster
-cluster_version        = "1.30.10"                       # Kubernetes version
+cluster_version        = "1.32.7"                       # Kubernetes version
 cluster_cni            = "calico"                        # Kubernetes Container Network Interface (CNI)
-cluster_cni_version    = "3.29.0"                        # Kubernetes Container Network Interface (CNI) Version
+cluster_cni_version    = "3.30.0"                        # Kubernetes Container Network Interface (CNI) Version
 cluster_cri            = "containerd"                    # Kubernetes Container Runtime Interface (CRI)
 cluster_cri_version    = "1.7.24"                        # Kubernetes Container Runtime Interface (CRI) Version
 cluster_service_subnet = "10.35.0.0/16"                  # Kubernetes service subnet

docs/user/Dependencies.md

@@ -54,7 +54,7 @@ Example of using build arguments to control specific versions of dependencies in
 ```bash
 # Override kubectl version
 docker build \
-	--build-arg KUBECTL_VERSION=1.30.10 \
+ --build-arg KUBECTL_VERSION=1.32.7 \
 	-t viya4-iac-k8s .
 ```
 

examples/vsphere/sample-terraform-dhcp.tfvars

@@ -18,9 +18,9 @@ vsphere_network       = "" # Name of the network to to use for the VMs
 system_ssh_keys_dir = "~/.ssh/oss" # Directory holding public keys to be used on each system
 
 # Kubernetes - Cluster
-cluster_version        = "1.30.10"       # Kubernetes Version
+cluster_version        = "1.32.7"       # Kubernetes Version
 cluster_cni            = "calico"       # Kubernetes Container Network Interface (CNI)
-cluster_cni_version    = "3.29.0"       # Kubernetes Container Network Interface (CNI) Version
+cluster_cni_version    = "3.30.0"       # Kubernetes Container Network Interface (CNI) Version
 cluster_cri            = "containerd"   # Kubernetes Container Runtime Interface (CRI)
 cluster_cri_version    = "1.7.24"       # Kubernetes Container Runtime Interface (CRI) Version
 cluster_service_subnet = "10.43.0.0/16" # Kubernetes Service Subnet

examples/vsphere/sample-terraform-minimal.tfvars

@@ -18,9 +18,9 @@ vsphere_network       = "" # Name of the network to to use for the VMs
 system_ssh_keys_dir = "~/.ssh/oss" # Directory holding public keys to be used on each system
 
 # Kubernetes - Cluster
-cluster_version        = "1.30.10"       # Kubernetes Version
+cluster_version        = "1.32.7"       # Kubernetes Version
 cluster_cni            = "calico"       # Kubernetes Container Network Interface (CNI)
-cluster_cni_version    = "3.29.0"       # Kubernetes Container Network Interface (CNI) Version
+cluster_cni_version    = "3.30.0"       # Kubernetes Container Network Interface (CNI) Version
 cluster_cri            = "containerd"   # Kubernetes Container Runtime Interface (CRI)
 cluster_cri_version    = "1.7.24"       # Kubernetes Container Runtime Interface (CRI) Version
 cluster_service_subnet = "10.43.0.0/16" # Kubernetes Service Subnet

examples/vsphere/sample-terraform-static-ips.tfvars

@@ -18,9 +18,9 @@ vsphere_network       = "" # Name of the network to to use for the VMs
 system_ssh_keys_dir = "~/.ssh/oss" # Directory holding public keys to be used on each system
 
 # Kubernetes - Cluster
-cluster_version        = "1.30.10"       # Kubernetes Version
+cluster_version        = "1.32.7"       # Kubernetes Version
 cluster_cni            = "calico"       # Kubernetes Container Network Interface (CNI)
-cluster_cni_version    = "3.29.0"       # Kubernetes Container Network Interface (CNI) Version
+cluster_cni_version    = "3.30.0"       # Kubernetes Container Network Interface (CNI) Version
 cluster_cri            = "containerd"   # Kubernetes Container Runtime Interface (CRI)
 cluster_cri_version    = "1.7.24"       # Kubernetes Container Runtime Interface (CRI) Version
 cluster_service_subnet = "10.43.0.0/16" # Kubernetes Service Subnet

examples/vsphere/sample-terraform-static-singlestore.tfvars

@@ -18,9 +18,9 @@ vsphere_network       = "" # Name of the network to to use for the VMs
 system_ssh_keys_dir = "~/.ssh/oss" # Directory holding public keys to be used on each system
 
 # Kubernetes - Cluster
-cluster_version        = "1.30.10"       # Kubernetes Version
+cluster_version        = "1.32.7"       # Kubernetes Version
 cluster_cni            = "calico"       # Kubernetes Container Network Interface (CNI)
-cluster_cni_version    = "3.29.0"       # Kubernetes Container Network Interface (CNI) Version
+cluster_cni_version    = "3.30.0"       # Kubernetes Container Network Interface (CNI) Version
 cluster_cri            = "containerd"   # Kubernetes Container Runtime Interface (CRI)
 cluster_cri_version    = "1.7.24"       # Kubernetes Container Runtime Interface (CRI) Version
 cluster_service_subnet = "10.43.0.0/16" # Kubernetes Service Subnet

examples/vsphere/sample-terraform-vi.tfvars

@@ -18,9 +18,9 @@ vsphere_network       = "" # Name of the network to to use for the VMs
 system_ssh_keys_dir = "~/.ssh/oss" # Directory holding public keys to be used on each system
 
 # Kubernetes - Cluster
-cluster_version        = "1.30.10"       # Kubernetes Version
+cluster_version        = "1.32.7"       # Kubernetes Version
 cluster_cni            = "calico"       # Kubernetes Container Network Interface (CNI)
-cluster_cni_version    = "3.29.0"       # Kubernetes Container Network Interface (CNI) Version
+cluster_cni_version    = "3.30.0"       # Kubernetes Container Network Interface (CNI) Version
 cluster_cri            = "containerd"   # Kubernetes Container Runtime Interface (CRI)
 cluster_cri_version    = "1.7.24"       # Kubernetes Container Runtime Interface (CRI) Version
 cluster_service_subnet = "10.43.0.0/16" # Kubernetes Service Subnet

roles/kubernetes/control_plane/init/primary/templates/kubeadm-config.j2

@@ -7,14 +7,21 @@
 #
 # kubeadm Configuration : https://kubernetes.io/docs/reference/config-api/kubeadm-config.v1beta2/
 #
-{% if kubernetes_version is version('1.26.0', 'lt', version_type='semver') %}
-apiVersion: kubeadm.k8s.io/v1beta2
-{% else %}
+{% if kubernetes_version is version('1.31.0', 'lt', version_type='semver') %}
 apiVersion: kubeadm.k8s.io/v1beta3
+{% elif kubernetes_version is version('1.33.0', 'lt', version_type='semver') %}
+apiVersion: kubeadm.k8s.io/v1beta4
+{% else %}
+apiVersion: kubeadm.k8s.io/v1
 {% endif %}
 kind: ClusterConfiguration
 certificatesDir: /etc/kubernetes/pki
 kubernetesVersion: v{{ kubernetes_version }}
+clusterName: "{{ kubernetes_cluster_name }}"
+controlPlaneEndpoint: "{{ kubernetes_vip_fqdn }}:6443"
+
+imageRepository: registry.k8s.io
+
 apiServer:
   certSANs:
   - "{{ kubernetes_vip_fqdn }}"
@@ -37,7 +44,11 @@ clusterName: "{{ kubernetes_cluster_name }}"
 #
 # Kubelet Configuration : https://kubernetes.io/docs/reference/config-api/kubelet-config.v1beta1/
 #
+{% if kubernetes_version is version('1.31.0', 'lt', version_type='semver') %}
 apiVersion: kubelet.config.k8s.io/v1beta1
+{% else %}
+apiVersion: kubelet.config.k8s.io/v1beta2
+{% endif %}
 kind: KubeletConfiguration
 authentication:
   anonymous:
@@ -51,11 +62,15 @@ cgroupDriver: systemd
 #
 # kube-proxy Configuration : https://kubernetes.io/docs/reference/config-api/kube-proxy-config.v1alpha1/
 #
+{% if kubernetes_version is version('1.31.0', 'lt', version_type='semver') %}
 apiVersion: kubeproxy.config.k8s.io/v1alpha1
+{% else %}
+apiVersion: kubeproxy.config.k8s.io/v1beta1
+{% endif %}
 kind: KubeProxyConfiguration
 mode: "ipvs"
 ipvs:
   strictARP: true
 metricsBindAddress: "0.0.0.0:10249"
 enableProfiling: true
-clusterCIDR: "{{ kubernetes_pod_subnet }}"
+clusterCIDR: "{{ kubernetes_pod_subnet }}"

roles/systems/common/tasks/main.yaml

@@ -47,8 +47,9 @@
 #
 - name: Kill the unattended-upgrade task if it's running
   ansible.builtin.shell: |
-    killall -q -9 unattended-upgrade 2>&1 /dev/null
-  ignore_errors: true
+    if pgrep -x unattended-upgrade >/dev/null; then
+      killall -q -9 unattended-upgrade
+    fi
   tags:
     - install
     - update
@@ -57,7 +58,12 @@
   ansible.builtin.apt:
     name: unattended-upgrades
     state: absent
+
     purge: true
+  register: apt_remove_result
+  until: apt_remove_result is succeeded
+  retries: 5       # retry up to 5 times
+  delay: 30        # wait 30s between retries
   tags:
     - install
     - update

tests/variable_defaults.tftest.hcl

@@ -10,7 +10,7 @@
 #
 # The expected values are:
 # - cluster_cni: "calico"
-# - cluster_cni_version: "3.29.0"
+# - cluster_cni_version: "3.30.0"
 # 
 # In order to run this test, the following environment variables must be exported to the shell where the test is run:
 # - vsphere_server
@@ -54,10 +54,10 @@ vsphere_network       = "IACdhcp" # Name of the network to to use for the VMs
 system_ssh_keys_dir = "/workspace/.ssh" # Directory holding public keys to be used on each system, TODO REPLACE ME your path may differ
 
 # Kubernetes - Cluster
-cluster_version        = "1.30.4"       # Kubernetes Version
+  cluster_version = "1.32.7" # Kubernetes Version
 # The next two lines are intentionally commented out to test the assigned default values
 #cluster_cni            = "calico"       # Kubernetes Container Network Interface (CNI)
-#cluster_cni_version    = "3.29.0"       # Kubernetes Container Network Interface (CNI) Version
+  #cluster_cni_version    = "3.30.0"       # Kubernetes Container Network Interface (CNI) Version
 cluster_cri            = "containerd"   # Kubernetes Container Runtime Interface (CRI)
 cluster_cri_version    = "1.7.24"       # Kubernetes Container Runtime Interface (CRI) Version
 cluster_service_subnet = "10.43.0.0/16" # Kubernetes Service Subnet
@@ -243,15 +243,15 @@ run "cluster_cni_should_default_to_calico" {
   }
 }
 
-run "cluster_cni_version_should_default_to_3_29_0" {
+run "cluster_cni_version_should_default_to_3_30_0" {
 
   command = plan
 
   variables {
   }
 
   assert {
-    condition     = var.cluster_cni_version == "3.29.0"
+    condition     = var.cluster_cni_version == "3.30.0"
     error_message = "A default value of \"${var.cluster_cni_version}\" for cluster_cni_version was not expected."
   }
 }

variables.tf

@@ -307,7 +307,7 @@ variable "cluster_cni" {
 
 variable "cluster_cni_version" {
   type    = string
-  default = "3.29.0"
+  default = "3.30.0"
 }
 
 variable "cluster_cri" {