Skip to content

Commit da7fc01

Browse files
nutellinoitnutellinoit
authored
Merge pull request #171 from sighupio/develop
Release v1.27.2 - Add migrations on all modules, additional parameter to configure alertmanager configs and policy settings for kyverno and gatekeeper and containerd registry auth feature on OnPremises kind
2 parents 45861b1 + 5d1030c commit da7fc01

File tree

120 files changed

+9893
-5974
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

120 files changed

+9893
-5974
lines changed

.drone.yml

Lines changed: 11 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -151,7 +151,7 @@ steps:
151151
dockerhub_password:
152152
from_secret: dockerhub_password
153153

154-
- name: e2e
154+
- name: e2e-kfddistribution
155155
# KUBECTL 1.25.3 - KUSTOMIZE 3.5.3 - HELM 3.1.1 - YQ 4.21.1 - ISTIOCTL 1.9.4 - FURYCTL 0.9.0 - BATS 1.1.0
156156
image: quay.io/sighup/e2e-testing:1.1.0_0.11.0_3.1.1_1.9.4_1.26.3_3.5.3_4.33.3
157157
pull: always
@@ -160,22 +160,20 @@ steps:
160160
path: /shared
161161
depends_on: [init]
162162
commands:
163-
- ls -la /shared/
164-
- ls -la /shared/kube/
165-
- export KUBECONFIG=/shared/kube/kubeconfig-127
166-
- bats -t tests/install.sh
167-
- bats -t tests/networking.sh
168-
- bats -t tests/monitoring.sh
169-
- bats -t tests/logging.sh
170-
- bats -t tests/ingress.sh
171-
- bats -t tests/dr.sh
172-
- bats -t tests/opa.sh
173-
- bats -t tests/schema.sh
163+
- cp /shared/kube/kubeconfig-127 /tmp/kubeconfig
164+
- export KUBECONFIG=/tmp/kubeconfig
165+
- echo "Installing the correct furyctl version..."
166+
- curl -L "https://github.com/sighupio/furyctl/releases/download/v0.27.2-rc.3/furyctl-$(uname -s)-amd64.tar.gz" -o /tmp/furyctl.tar.gz && tar xfz /tmp/furyctl.tar.gz -C /tmp
167+
# TODO Release the new fixed furyctl version
168+
# - curl -L "https://github.com/sighupio/furyctl/releases/latest/download/furyctl-$(uname -s)-amd64.tar.gz" -o /tmp/furyctl.tar.gz && tar xfz /tmp/furyctl.tar.gz -C /tmp
169+
- chmod +x /tmp/furyctl
170+
- tests/e2e-kfddistribution.sh
174171

175172
- name: destroy
176173
image: quay.io/sighup/e2e-testing-drone-plugin:v2.0.0
177174
pull: always
178-
depends_on: [e2e]
175+
depends_on:
176+
- e2e-kfddistribution
179177
settings:
180178
action: destroy
181179
pipeline_id: cluster-127

.envrc renamed to .envrc.dist

File renamed without changes.

.gitignore

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -6,3 +6,4 @@ vendor
66

77
go.work
88
go.work.sum
9+
.envrc

Furyfile.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,7 @@ versions:
1010
ingress: v2.2.0
1111
logging: v3.3.1
1212
monitoring: v3.0.1
13-
opa: v1.11.0
13+
opa: v1.11.1
1414
networking: v1.15.0
1515
tracing: v1.0.2
1616

README.md

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -7,8 +7,8 @@
77
<p align="center">Kubernetes Fury Distribution (KFD) is a certified battle-tested Kubernetes distribution based purely on upstream Kubernetes.</p>
88
<!-- markdownlint-enable MD033 -->
99

10-
[![Build Status](http://ci.sighup.io/api/badges/sighupio/fury-distribution/status.svg?ref=refs/tags/v1.27.1)](http://ci.sighup.io/sighupio/fury-distribution)
11-
[![Release](https://img.shields.io/badge/release-v1.27.1-blue?label=FuryDistributionRelease)](https://github.com/sighupio/fury-distribution/releases/latest)
10+
[![Build Status](http://ci.sighup.io/api/badges/sighupio/fury-distribution/status.svg?ref=refs/tags/v1.27.2)](http://ci.sighup.io/sighupio/fury-distribution)
11+
[![Release](https://img.shields.io/badge/release-v1.27.2-blue?label=FuryDistributionRelease)](https://github.com/sighupio/fury-distribution/releases/latest)
1212
[![Slack](https://img.shields.io/badge/slack-@kubernetes/fury-yellow.svg?logo=slack)](https://kubernetes.slack.com/archives/C0154HYTAQH)
1313
[![License](https://img.shields.io/github/license/sighupio/fury-distribution)](https://github.com/sighupio/fury-distribution/blob/main/LICENSE)
1414

@@ -96,7 +96,7 @@ Current supported versions of KFD are:
9696

9797
| KFD Version | Kubernetes Version |
9898
| :----------------------------------------------------------------------------: | :----------------: |
99-
| [`1.27.1`](https://github.com/sighupio/fury-distribution/releases/tag/v1.27.1) | `1.27.x` |
99+
| [`1.27.2`](https://github.com/sighupio/fury-distribution/releases/tag/v1.27.2) | `1.27.x` |
100100
| [`1.26.4`](https://github.com/sighupio/fury-distribution/releases/tag/v1.26.4) | `1.26.x` |
101101
| [`1.25.9`](https://github.com/sighupio/fury-distribution/releases/tag/v1.25.9) | `1.25.x` |
102102

defaults/ekscluster-kfd-v1alpha2.yaml

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -142,6 +142,7 @@ data:
142142
retentionSize: 120GB
143143
storageSize: 150Gi
144144
alertmanager:
145+
installDefaultRules: true
145146
deadManSwitchWebhookUrl: ""
146147
slackWebhookUrl: ""
147148
mimir:
@@ -210,9 +211,13 @@ data:
210211
gatekeeper:
211212
# this configuration adds namespaces to the excluded list, actually whitelisting them
212213
additionalExcludedNamespaces: []
214+
enforcementAction: deny
215+
installDefaultPolicies: true
213216
kyverno:
214217
# this configuration adds namespaces to the excluded list, actually whitelisting them
215218
additionalExcludedNamespaces: []
219+
validationFailureAction: enforce
220+
installDefaultPolicies: true
216221
# dr module configuration
217222
dr:
218223
type: none

defaults/kfddistribution-kfd-v1alpha2.yaml

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -135,6 +135,7 @@ data:
135135
retentionSize: 120GB
136136
storageSize: 150Gi
137137
alertmanager:
138+
installDefaultRules: true
138139
deadManSwitchWebhookUrl: ""
139140
slackWebhookUrl: ""
140141
mimir:
@@ -202,9 +203,13 @@ data:
202203
gatekeeper:
203204
# this configuration adds namespaces to the excluded list, actually whitelisting them
204205
additionalExcludedNamespaces: []
206+
enforcementAction: deny
207+
installDefaultPolicies: true
205208
kyverno:
206209
# this configuration adds namespaces to the excluded list, actually whitelisting them
207210
additionalExcludedNamespaces: []
211+
validationFailureAction: enforce
212+
installDefaultPolicies: true
208213
# dr module configuration
209214
dr:
210215
type: none

defaults/onpremises-kfd-v1alpha2.yaml

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -135,6 +135,7 @@ data:
135135
retentionSize: 120GB
136136
storageSize: 150Gi
137137
alertmanager:
138+
installDefaultRules: true
138139
deadManSwitchWebhookUrl: ""
139140
slackWebhookUrl: ""
140141
mimir:
@@ -202,9 +203,13 @@ data:
202203
gatekeeper:
203204
# this configuration adds namespaces to the excluded list, actually whitelisting them
204205
additionalExcludedNamespaces: []
206+
enforcementAction: deny
207+
installDefaultPolicies: true
205208
kyverno:
206209
# this configuration adds namespaces to the excluded list, actually whitelisting them
207210
additionalExcludedNamespaces: []
211+
validationFailureAction: enforce
212+
installDefaultPolicies: true
208213
# dr module configuration
209214
dr:
210215
type: none

docs/COMPATIBILITY_MATRIX.md

Lines changed: 17 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -10,6 +10,7 @@ For a complete list of all KFD releases and their compatibility with Kubernetes
1010

1111
| KFD / Kubernetes Version | v1.27.X | v1.26.X | 1.25.X | 1.24.X |
1212
| ----------------------------------------------------------------------------- | ------------------ | ------------------ | ------------------ | ------------------ |
13+
| [v1.27.2](https://github.com/sighupio/fury-distribution/releases/tag/v1.27.2) | :white_check_mark: | | | |
1314
| [v1.27.1](https://github.com/sighupio/fury-distribution/releases/tag/v1.27.1) | :white_check_mark: | | | |
1415
| [v1.27.0](https://github.com/sighupio/fury-distribution/releases/tag/v1.27.0) | :white_check_mark: | | | |
1516
| [v1.26.4](https://github.com/sighupio/fury-distribution/releases/tag/v1.26.4) | | :white_check_mark: | | |
@@ -42,18 +43,20 @@ For a complete list of all KFD releases and their compatibility with Kubernetes
4243

4344
### Furyctl and KFD compatibility
4445

45-
| Furyctl / KFD | 1.27.1 | 1.27.0 | 1.26.4 | 1.26.3 | 1.26.2 | 1.26.1 | 1.26.0 | 1.25.9 | 1.25.8 | 1.25.7 | 1.25.6 | 1.25.5 | 1.25.4 | 1.25.3 | 1.25.2 |
46-
| -------------- | ------------------ | ------------------ | ------------------ | ------------------ | ------------------ | ------------------ | ------------------ | ------------------ | ------------------ | ------------------ | ------------------ | ------------------ | ------------------ | ------------------ | ------------------ |
47-
| 0.27.0 | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | | | | :white_check_mark: | :white_check_mark: | | | | | | |
48-
| 0.26.3 | | | | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | | :white_check_mark: | | | | | | |
49-
| 0.26.2 | | | | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | | :white_check_mark: | | | | | | |
50-
| 0.26.1 | | | | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | | | | | | | | |
51-
| 0.26.0 | | | | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | | | | | | | | |
52-
| 0.25.2 | | | | :warning: | :warning: | :warning: | :warning: | | | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | | |
53-
| 0.25.1 | | | | | | | | | | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | | |
54-
| 0.25.0 | | | | | | | | | | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | | |
55-
| 0.25.0-beta.0 | | | | | | | | | | | | | | :white_check_mark: | |
56-
| 0.25.0-alpha.1 | | | | | | | | | | | | | | | :white_check_mark: |
46+
| Furyctl / KFD | 1.27.2 | 1.27.1 | 1.27.0 | 1.26.4 | 1.26.3 | 1.26.2 | 1.26.1 | 1.26.0 | 1.25.9 | 1.25.8 | 1.25.7 | 1.25.6 | 1.25.5 | 1.25.4 | 1.25.3 | 1.25.2 |
47+
| -------------- | ------------------ | ------------------ | ------------------ | ------------------ | ------------------ | ------------------ | ------------------ | ------------------ | ------------------ | ------------------ | ------------------ | ------------------ | ------------------ | ------------------ | ------------------ | ------------------ |
48+
| 0.27.2 | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | | | | :white_check_mark: | :white_check_mark: | | | | | | |
49+
| 0.27.1 | | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | | | | :white_check_mark: | :white_check_mark: | | | | | | |
50+
| 0.27.0 | | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | | | | :white_check_mark: | :white_check_mark: | | | | | | |
51+
| 0.26.3 | | | | | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | | :white_check_mark: | | | | | | |
52+
| 0.26.2 | | | | | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | | :white_check_mark: | | | | | | |
53+
| 0.26.1 | | | | | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | | | | | | | | |
54+
| 0.26.0 | | | | | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | | | | | | | | |
55+
| 0.25.2 | | | | | :warning: | :warning: | :warning: | :warning: | | | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | | |
56+
| 0.25.1 | | | | | | | | | | | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | | |
57+
| 0.25.0 | | | | | | | | | | | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | | |
58+
| 0.25.0-beta.0 | | | | | | | | | | | | | | | :white_check_mark: | |
59+
| 0.25.0-alpha.1 | | | | | | | | | | | | | | | | :white_check_mark: |
5760

5861
See [Furyctl](https://github.com/sighupio/furyctl) repository for more informations on it's usage.
5962

@@ -63,6 +66,8 @@ See [Furyctl](https://github.com/sighupio/furyctl) repository for more informati
6366

6467
| Furyctl / Providers | EKSCluster | KFDDistribution | OnPremises |
6568
| ------------------- | ------------------ | ------------------ | ------------------ |
69+
| 0.27.2 | :white_check_mark: | :white_check_mark: | :white_check_mark: |
70+
| 0.27.1 | :white_check_mark: | :white_check_mark: | :white_check_mark: |
6671
| 0.27.0 | :white_check_mark: | :white_check_mark: | :white_check_mark: |
6772
| 0.26.3 | :white_check_mark: | :white_check_mark: | :white_check_mark: |
6873
| 0.26.2 | :white_check_mark: | :white_check_mark: | :white_check_mark: |

docs/releases/v1.27.2.md

Lines changed: 33 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,33 @@
1+
# Kubernetes Fury Distribution Release v1.27.2
2+
3+
Welcome to KFD release `v1.27.2`.
4+
5+
The distribution is maintained with ❤️ by the team [SIGHUP](https://sighup.io/) it is battle tested in production environments.
6+
7+
## New Features since `v1.27.1`
8+
9+
This is a maintenance release enabling new features in furyctl automations. Changes include:
10+
11+
- Add: fields to manage the configuration on Kyverno and Gatekeeper to enable and disable the default included policies and also to change the enforcement mode on them (e.g. dryrun instead of deny).
12+
- Add: use latest on-premises installer versions that includes new features for containerd (support for NVIDIA container toolkit and custom registries configurations).
13+
- Add: field to opt-out from alertmanager's default configuration and use a custom one instead. The new supported field of the configuration file is:
14+
- `.spec.distribution.modules.monitoring.alertmanager.installDefaultRules`
15+
- Add: support for field migrations to trigger automatic reconfiguration of the distribution. The new supported fields of the configuration file are:
16+
- `.spec.distribution.modules.auth.provider.type`
17+
- `.spec.distribution.modules.dr.type`
18+
- `.spec.distribution.modules.dr.velero.backend`
19+
- `.spec.distribution.modules.ingress.nginx.type`
20+
- `.spec.distribution.modules.monitoring.type`
21+
- `.spec.distribution.modules.policy.gatekeeper.installDefaultPolicies`
22+
- `.spec.distribution.modules.policy.kyverno.installDefaultPolicies`
23+
- `.spec.distribution.modules.policy.type`
24+
- `.spec.distribution.modules.tracing.tempo.backend`
25+
- `.spec.distribution.modules.tracing.type`
26+
- Enhancement: improved and added new end-to-end tests to cover migrations using the KFDDistribution kind.
27+
- Enhancement: avoid errors when applying manifests due to Prometheus CRDs not being present when Monitoring type is none.
28+
- Enhancement: don't warn the user and don't ask for confirmation when migrations are safe to apply.
29+
- Fix: additional excluded namespaces option for Kyverno is now working as expected.
30+
31+
## Upgrade procedure
32+
33+
Check the [upgrade docs](https://github.com/sighupio/furyctl/tree/main/docs/upgrades/kfd) for the detailed procedure.

0 commit comments

Comments
 (0)