Skip to content

Commit

Permalink
Release 1.28.0 (#210)
Browse files Browse the repository at this point in the history 
* feat: moved eks infra/kube terraform folders from furyctl

* feat(encryption): added new security parameters in the OnPremises schema

* feat(encryption): moved encryption under advanced key

* docs: add WIP release for 1.28

* feat: update furyctl version on drone to 0.27.6

* feat: WIP partial kfd.yaml update

* feat: WIP update e2e tests

* feat: WIP testing and fixing new networking module, fixed a problem on cilium operator default tolerations

* feat: update e2e to 1.28

* feat: remove cerebro when using opensearch

* feat: remove cerebro on migrations

* feat: WIP update kfd.yaml versions

* feat: replace gangway with gangplank

* feat: replace gangway with gangplank

* feat: bump opa version on kfd.yaml

* feat: bump on-prem installer to v1.28.7-rev.1

* feat: regenerate pkg apis

* feat: put final version on kfd.yaml for logging module

* feat: put final auth version on kfd.yaml

* feat: update Furyfile.yaml with the same kfd.yaml versions

* docs: update release notes with all the correct package version updates

* docs: add furyctl on "standard way to deploy KFD"

* docs: prepare readme and compatibility matrix for versions 1.28.0, 1.27.5 and 1.26.6

* fix: minio tracing ingress disabled if backend is not minio

* fix: remove cerebro also on legacy kustomization.yaml file

* feat: add prometheus -> mimir migration as safe

* feat: add websocket support on grafana pomerium policy

* feat: rename loki config to loki-config.yaml.tpl

* feat: add node selectors for gangplank

* fix: minio monitoring node selector and tolerations only if backend is actually minio

* feat: update drone to use 0.28.0-rc.1

* fix: tfvars kubernetes phase

* fix(template/distribution/monitoring/mimir): set max_global_series_per_user to unlimited (#205)

Mimir limits by default the amount of time series a user can push to
150000 to protect from a single user DoSing the service.
In our installation we have just one "fury" user, used by Prometheus
to push all the time series to Mimir. So, as a maximum we will push all
the time series available in Prometheus, making it a practical limit.

Co-authored-by: Samuele Chiocca <samuele@nutellino.it>

* fix: minio monitoring node selectors only if storageclass exists

* feat: add entries to schema docs

* feat: fix spaces like 1.27.5

* feat: align schemas with 1.27.5

* chore: remove whitespaces

* feat: update furyctl version to v0.28.0-rc.2

* docs: update readme badge

* feat: update drone furyctl version to rc.4

* feat: add e2e test for upgrades

* fix: wrong configuration for the new upgrade pipelines

* fix: wrong path on kubeconfig export

* fix: e2e script, mising --upgrade flag

* docs: update release notes with the actual new features, removals and fixes

* feat: add release notes of 1.27.5 1.26.6

---------

Co-authored-by: Alessio Pragliola <alessio.pragliola@sighup.io>
Co-authored-by: Stefano Ghinelli <stefano.ghinelli@sighup.io>
Co-authored-by: Ramiro Algozino <ramiro@sighup.io>
  • Loading branch information
@nutellinoit @stefanoghinelli @ralgozino
4 people authored Apr 12, 2024
1 parent 93850ec commit 99aac36
Show file tree
Hide file tree
Showing 71 changed files with 1,936 additions and 313 deletions.
113 changes: 109 additions & 4 deletions .drone.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -93,7 +93,7 @@ steps:
- /pluto detect distribution.yml --ignore-deprecations --target-versions=k8s=v1.27.0

---
name: e2e-kubernetes-1.27
name: e2e-kubernetes-1.28
kind: pipeline
type: docker

Expand Down Expand Up @@ -124,7 +124,7 @@ steps:
- name: dockersock
path: /var/run/docker.sock
environment:
CLUSTER_VERSION: v1.27.3
CLUSTER_VERSION: v1.28.0
CLUSTER_NAME: ${DRONE_REPO_NAME}-${DRONE_BUILD_NUMBER}
# /drone/src is the default workdir for the pipeline
# using this folder we don't need to mount another
Expand Down Expand Up @@ -159,7 +159,7 @@ steps:
environment:
CLUSTER_NAME: ${DRONE_REPO_NAME}-${DRONE_BUILD_NUMBER}
KUBECONFIG: /drone/src/kubeconfig
FURYCTL_VERSION: v0.27.6
FURYCTL_VERSION: v0.28.0-rc.4
depends_on: [create Kind cluster]
commands:
- export KUBECONFIG=/drone/src/kubeconfig
Expand Down Expand Up @@ -197,14 +197,119 @@ volumes:
- name: dockersock
host:
path: /var/run/docker.sock
---
name: e2e-kubernetes-1.27.4-1.28.0
kind: pipeline
type: docker

depends_on:
- qa

clone:
depth: 1

platform:
os: linux
arch: amd64

trigger:
ref:
include:
- refs/tags/**
- refs/heads/main
- refs/heads/release-v**
exclude:
- refs/tags/**-docs*

steps:
- name: create Kind cluster
image: quay.io/sighup/dind-kind-kubectl-kustomize:0.20.0_1.29.1_3.10.0
pull: always
volumes:
- name: dockersock
path: /var/run/docker.sock
environment:
CLUSTER_VERSION: v1.28.0
CLUSTER_NAME: ${DRONE_REPO_NAME}-${DRONE_BUILD_NUMBER}-upgrades
# /drone/src is the default workdir for the pipeline
# using this folder we don't need to mount another
# shared volume between the steps
KUBECONFIG: /drone/src/kubeconfig-upgrades
commands:
# create a custom config to disable Kind's default CNI so
# we can test using KFD's networking module.
- |
cat <<EOF > kind-config.yaml
kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
networking:
disableDefaultCNI: true
nodes:
- role: control-plane
- role: worker
EOF
# NOTE: kind's `--wait` flag that waits for the control-plane ot be ready
# does not work when disabling the default CNI. It will always go in timeout.
- kind create cluster --name $${CLUSTER_NAME} --image registry.sighup.io/fury/kindest/node:$${CLUSTER_VERSION} --config kind-config.yaml
# save the kubeconfig so we can use it from other steps.
- kind get kubeconfig --name $${CLUSTER_NAME} > $${KUBECONFIG}

- name: e2e-kfddistribution
# KUBECTL_KUSTOMIZE_HELM_YQ_ISTIOCTL_FURYCTL_BATS
image: quay.io/sighup/e2e-testing:1.1.0_0.11.0_3.1.1_1.9.4_1.26.3_3.5.3_4.33.3
pull: always
# we need to use host network to access Kind API port that is listening on the worker's loopback
# beacuse we mount the host's Docker socket to run Kind.
network_mode: host
environment:
CLUSTER_NAME: ${DRONE_REPO_NAME}-${DRONE_BUILD_NUMBER}-upgrades
KUBECONFIG: /drone/src/kubeconfig-upgrades
FURYCTL_VERSION: v0.28.0-rc.4
depends_on: [create Kind cluster]
commands:
- export KUBECONFIG=/drone/src/kubeconfig-upgrades
# We change the loopback IP in the kubeconfig to use the service hostname and keep the port.
# - 'sed -Ei "s#(server: https://)(.*)(:.*)#\1kind-cluster\3#" $${KUBECONFIG}'
- echo "Installing the correct furyctl version..."
- curl -L "https://github.com/sighupio/furyctl/releases/download/$${FURYCTL_VERSION}/furyctl-$(uname -s)-amd64.tar.gz" -o /tmp/furyctl.tar.gz && tar xfz /tmp/furyctl.tar.gz -C /tmp
# to use furyctl latest, use the following instead:
# - curl -L "https://github.com/sighupio/furyctl/releases/latest/download/furyctl-$(uname -s)-amd64.tar.gz" -o /tmp/furyctl.tar.gz && tar xfz /tmp/furyctl.tar.gz -C /tmp
- chmod +x /tmp/furyctl
# check that the kind cluster is ready before we move on
# - kubectl wait --timeout=180s --for=condition=ready pod --all -n kube-system
- until kubectl get serviceaccount default > /dev/null 2>&1; do echo "waiting for control-plane" && sleep 1; done
# finally, run the e2e tests
- tests/e2e-kfddistribution-upgrades.sh

- name: delete-kind-cluster
image: quay.io/sighup/dind-kind-kubectl-kustomize:0.20.0_1.29.1_3.10.0
volumes:
- name: dockersock
path: /var/run/docker.sock
environment:
CLUSTER_NAME: ${DRONE_REPO_NAME}-${DRONE_BUILD_NUMBER}-upgrades
commands:
# does not matter if the command fails
- kind delete cluster --name $${CLUSTER_NAME} || true
depends_on:
- e2e-kfddistribution
when:
status:
- success
- failure

volumes:
- name: dockersock
host:
path: /var/run/docker.sock
---
name: release
kind: pipeline
type: docker

depends_on:
- e2e-kubernetes-1.27
- e2e-kubernetes-1.28
- e2e-kubernetes-1.27.4-1.28.0

platform:
os: linux
Expand Down
18 changes: 9 additions & 9 deletions Furyfile.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,15 +4,15 @@

---
versions:
auth: v0.1.0
aws: v4.1.0
dr: v2.2.0
ingress: v2.2.0
logging: v3.3.1
monitoring: v3.0.1
opa: v1.11.1
networking: v1.15.0
tracing: v1.0.2
auth: v0.2.0
aws: v4.2.0
dr: v2.3.0
ingress: v2.3.0
logging: v3.4.0
monitoring: v3.1.0
opa: v1.12.0
networking: v1.16.0
tracing: v1.0.3

bases:
- name: auth
Expand Down
12 changes: 6 additions & 6 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
<!-- markdownlint-enable MD033 MD045 -->

[![Build Status](http://ci.sighup.io/api/badges/sighupio/fury-distribution/status.svg?ref=refs/tags/v1.27.4)](http://ci.sighup.io/sighupio/fury-distribution)
[![Release](https://img.shields.io/badge/release-v1.27.4-blue?label=FuryDistributionRelease)](https://github.com/sighupio/fury-distribution/releases/latest)
[![Release](https://img.shields.io/badge/release-v1.28.0-blue?label=FuryDistributionRelease)](https://github.com/sighupio/fury-distribution/releases/latest)
[![Slack](https://img.shields.io/badge/slack-@kubernetes/fury-yellow.svg?logo=slack)](https://kubernetes.slack.com/archives/C0154HYTAQH)
[![License](https://img.shields.io/github/license/sighupio/fury-distribution)](https://github.com/sighupio/fury-distribution/blob/main/LICENSE)

Expand Down Expand Up @@ -46,8 +46,8 @@ Kubernetes Fury Distribution is structured on modules, and each module has a set
The standard way to deploy KFD is to:

- Deploy all the [Core Modules](#core-modules-) of the distribution
- Deploy (if needed) any of the [Addon modules](#add-on-modules-)
- Deploy all the [Core Modules](#core-modules-) of the distribution using furyctl providers
- Deploy (if needed) any of the [Addon modules](#add-on-modules-) using furyctl plugin feature

### Recommended Hardware Requirements

Expand Down Expand Up @@ -128,9 +128,9 @@ Current supported versions of KFD are:

| KFD Version | Kubernetes Version |
| :------------------------------------------------------------------------------: | :----------------: |
| [`1.27.4`](https://github.com/sighupio/fury-distribution/releases/tag/v1.27.4) | `1.27.x` |
| [`1.26.5`](https://github.com/sighupio/fury-distribution/releases/tag/v1.26.5) | `1.26.x` |
| [`1.25.10`](https://github.com/sighupio/fury-distribution/releases/tag/v1.25.10) | `1.25.x` |
| [`1.28.0`](https://github.com/sighupio/fury-distribution/releases/tag/v1.28.0) | `1.28.x` |
| [`1.27.5`](https://github.com/sighupio/fury-distribution/releases/tag/v1.27.5) | `1.27.x` |
| [`1.26.6`](https://github.com/sighupio/fury-distribution/releases/tag/v1.26.6) | `1.26.x` |

Check the [compatibility matrix][compatibility-matrix] for additional information about previous releases of the Distribution and the compatibility with `furyctl`.

Expand Down
2 changes: 1 addition & 1 deletion defaults/ekscluster-kfd-v1alpha2.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -252,7 +252,7 @@ data:
dex:
host: ""
ingressClass: ""
gangway: # only needed as default
gangplank: # only needed as default
host: ""
ingressClass: ""
tolerations: null
Expand Down
2 changes: 1 addition & 1 deletion defaults/kfddistribution-kfd-v1alpha2.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -239,7 +239,7 @@ data:
dex:
host: ""
ingressClass: ""
gangway: # only needed as default
gangplank: # only needed as default
host: ""
ingressClass: ""
tolerations: null
Expand Down
2 changes: 1 addition & 1 deletion defaults/onpremises-kfd-v1alpha2.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -239,7 +239,7 @@ data:
dex:
host: ""
ingressClass: ""
gangway:
gangplank:
host: ""
ingressClass: ""
tolerations: null
Expand Down
54 changes: 29 additions & 25 deletions docs/COMPATIBILITY_MATRIX.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,31 +8,35 @@ For a complete list of all KFD releases and their compatibility with Kubernetes

ℹ️ **Use the latest patch release for your desired version whenever it's possible**. See [the versioning file](VERSIONING.md) for more information.

| KFD / Kubernetes Version | v1.27.X | v1.26.X | 1.25.X | 1.24.X |
| ------------------------------------------------------------------------------- | ------------------ | ------------------ | ------------------ | ------------------ |
| [v1.27.3](https://github.com/sighupio/fury-distribution/releases/tag/v1.27.3) | :white_check_mark: | | | |
| [v1.27.2](https://github.com/sighupio/fury-distribution/releases/tag/v1.27.2) | :white_check_mark: | | | |
| [v1.27.1](https://github.com/sighupio/fury-distribution/releases/tag/v1.27.1) | :white_check_mark: | | | |
| [v1.27.0](https://github.com/sighupio/fury-distribution/releases/tag/v1.27.0) | :white_check_mark: | | | |
| [v1.26.5](https://github.com/sighupio/fury-distribution/releases/tag/v1.26.5) | | :white_check_mark: | | |
| [v1.26.4](https://github.com/sighupio/fury-distribution/releases/tag/v1.26.4) | | :white_check_mark: | | |
| [v1.26.3](https://github.com/sighupio/fury-distribution/releases/tag/v1.26.3) | | :white_check_mark: | | |
| [v1.26.2](https://github.com/sighupio/fury-distribution/releases/tag/v1.26.2) | | :white_check_mark: | | |
| [v1.26.1](https://github.com/sighupio/fury-distribution/releases/tag/v1.26.1) | | :white_check_mark: | | |
| [v1.26.0](https://github.com/sighupio/fury-distribution/releases/tag/v1.26.0) | | :white_check_mark: | | |
| [v1.25.10](https://github.com/sighupio/fury-distribution/releases/tag/v1.25.10) | | | :white_check_mark: | |
| [v1.25.9](https://github.com/sighupio/fury-distribution/releases/tag/v1.25.9) | | | :white_check_mark: | |
| [v1.25.8](https://github.com/sighupio/fury-distribution/releases/tag/v1.25.8) | | | :white_check_mark: | |
| [v1.25.7](https://github.com/sighupio/fury-distribution/releases/tag/v1.25.7) | | | :white_check_mark: | |
| [v1.25.6](https://github.com/sighupio/fury-distribution/releases/tag/v1.25.6) | | | :white_check_mark: | |
| [v1.25.5](https://github.com/sighupio/fury-distribution/releases/tag/v1.25.5) | | | :white_check_mark: | |
| [v1.25.4](https://github.com/sighupio/fury-distribution/releases/tag/v1.25.4) | | | :white_check_mark: | |
| [v1.25.3](https://github.com/sighupio/fury-distribution/releases/tag/v1.25.3) | | | :white_check_mark: | |
| [v1.25.2](https://github.com/sighupio/fury-distribution/releases/tag/v1.25.2) | | | :white_check_mark: | |
| [v1.25.1](https://github.com/sighupio/fury-distribution/releases/tag/v1.25.1) | | | :white_check_mark: | |
| [v1.25.0](https://github.com/sighupio/fury-distribution/releases/tag/v1.25.0) | | | :white_check_mark: | |
| [v1.24.1](https://github.com/sighupio/fury-distribution/releases/tag/v1.24.1) | | | | :white_check_mark: |
| [v1.24.0](https://github.com/sighupio/fury-distribution/releases/tag/v1.24.0) | | | | :white_check_mark: |
| KFD / Kubernetes Version | v1.28.X | v1.27.X | v1.26.X | 1.25.X | 1.24.X |
| ------------------------------------------------------------------------------- | ------------------ | ------------------ | ------------------ | ------------------ | ------------------ |
| [v1.28.0](https://github.com/sighupio/fury-distribution/releases/tag/v1.28.0) | :white_check_mark: | | | | |
| [v1.27.5](https://github.com/sighupio/fury-distribution/releases/tag/v1.27.5) | | :white_check_mark: | | | |
| [v1.27.4](https://github.com/sighupio/fury-distribution/releases/tag/v1.27.4) | | :white_check_mark: | | | |
| [v1.27.3](https://github.com/sighupio/fury-distribution/releases/tag/v1.27.3) | | :white_check_mark: | | | |
| [v1.27.2](https://github.com/sighupio/fury-distribution/releases/tag/v1.27.2) | | :white_check_mark: | | | |
| [v1.27.1](https://github.com/sighupio/fury-distribution/releases/tag/v1.27.1) | | :white_check_mark: | | | |
| [v1.27.0](https://github.com/sighupio/fury-distribution/releases/tag/v1.27.0) | | :white_check_mark: | | | |
| [v1.26.6](https://github.com/sighupio/fury-distribution/releases/tag/v1.26.6) | | | :white_check_mark: | | |
| [v1.26.5](https://github.com/sighupio/fury-distribution/releases/tag/v1.26.5) | | | :white_check_mark: | | |
| [v1.26.4](https://github.com/sighupio/fury-distribution/releases/tag/v1.26.4) | | | :white_check_mark: | | |
| [v1.26.3](https://github.com/sighupio/fury-distribution/releases/tag/v1.26.3) | | | :white_check_mark: | | |
| [v1.26.2](https://github.com/sighupio/fury-distribution/releases/tag/v1.26.2) | | | :white_check_mark: | | |
| [v1.26.1](https://github.com/sighupio/fury-distribution/releases/tag/v1.26.1) | | | :white_check_mark: | | |
| [v1.26.0](https://github.com/sighupio/fury-distribution/releases/tag/v1.26.0) | | | :white_check_mark: | | |
| [v1.25.10](https://github.com/sighupio/fury-distribution/releases/tag/v1.25.10) | | | | :white_check_mark: | |
| [v1.25.9](https://github.com/sighupio/fury-distribution/releases/tag/v1.25.9) | | | | :white_check_mark: | |
| [v1.25.8](https://github.com/sighupio/fury-distribution/releases/tag/v1.25.8) | | | | :white_check_mark: | |
| [v1.25.7](https://github.com/sighupio/fury-distribution/releases/tag/v1.25.7) | | | | :white_check_mark: | |
| [v1.25.6](https://github.com/sighupio/fury-distribution/releases/tag/v1.25.6) | | | | :white_check_mark: | |
| [v1.25.5](https://github.com/sighupio/fury-distribution/releases/tag/v1.25.5) | | | | :white_check_mark: | |
| [v1.25.4](https://github.com/sighupio/fury-distribution/releases/tag/v1.25.4) | | | | :white_check_mark: | |
| [v1.25.3](https://github.com/sighupio/fury-distribution/releases/tag/v1.25.3) | | | | :white_check_mark: | |
| [v1.25.2](https://github.com/sighupio/fury-distribution/releases/tag/v1.25.2) | | | | :white_check_mark: | |
| [v1.25.1](https://github.com/sighupio/fury-distribution/releases/tag/v1.25.1) | | | | :white_check_mark: | |
| [v1.25.0](https://github.com/sighupio/fury-distribution/releases/tag/v1.25.0) | | | | :white_check_mark: | |
| [v1.24.1](https://github.com/sighupio/fury-distribution/releases/tag/v1.24.1) | | | | | :white_check_mark: |
| [v1.24.0](https://github.com/sighupio/fury-distribution/releases/tag/v1.24.0) | | | | | :white_check_mark: |

| Legend | Meaning |
| :----------------: | ---------------- |
Expand Down
Loading

0 comments on commit 99aac36

Please sign in to comment.