Remove code for no-longer-supported k8s releases

k8s/crds/kops.k8s.io_clusters.yaml

@@ -631,7 +631,7 @@ spec:
                       description: Name is the name of the etcd cluster (main, events etc)
                       type: string
                     provider:
-                      description: 'Provider is the provider used to run etcd: standalone, manager. We default to manager for kubernetes 1.11 or if the manager is configured; otherwise standalone.'
+                      description: 'Provider is the provider used to run etcd: Manager, Legacy. Defaults to Manager.'
                       type: string
                     version:
                       description: Version is the version of etcd to run i.e. 2.1.2, 3.0.17 etcd

nodeup/pkg/model/BUILD.bazel

@@ -112,7 +112,6 @@ go_test(
         "//pkg/testutils:go_default_library",
         "//upup/pkg/fi:go_default_library",
         "//upup/pkg/fi/cloudup:go_default_library",
-        "//upup/pkg/fi/nodeup/nodetasks:go_default_library",
         "//util/pkg/architectures:go_default_library",
         "//util/pkg/distributions:go_default_library",
         "//util/pkg/exec:go_default_library",

nodeup/pkg/model/kube_apiserver.go

@@ -64,11 +64,7 @@ func (b *KubeAPIServerBuilder) Build(c *fi.ModelBuilderContext) error {
 		if *b.Cluster.Spec.EncryptionConfig {
 			encryptionConfigPath := fi.String(filepath.Join(b.PathSrvKubernetes(), "encryptionconfig.yaml"))
 
-			if b.IsKubernetesGTE("1.13") {
-				b.Cluster.Spec.KubeAPIServer.EncryptionProviderConfig = encryptionConfigPath
-			} else {
-				b.Cluster.Spec.KubeAPIServer.ExperimentalEncryptionProviderConfig = encryptionConfigPath
-			}
+			b.Cluster.Spec.KubeAPIServer.EncryptionProviderConfig = encryptionConfigPath
 
 			key := "encryptionconfig"
 			encryptioncfg, err := b.SecretStore.Secret(key)
@@ -375,11 +371,6 @@ func (b *KubeAPIServerBuilder) buildPod() (*v1.Pod, error) {
 		}
 	}
 
-	//remove elements from the spec that are not enabled yet
-	if b.Cluster.Spec.KubeAPIServer.AuditDynamicConfiguration != nil && !b.IsKubernetesGTE("1.13") {
-		b.Cluster.Spec.KubeAPIServer.AuditDynamicConfiguration = nil
-	}
-
 	// build the kube-apiserver flags for the service
 	flags, err := flagbuilder.BuildFlagsList(b.Cluster.Spec.KubeAPIServer)
 	if err != nil {

nodeup/pkg/model/kube_apiserver_test.go

@@ -17,54 +17,14 @@ limitations under the License.
 package model
 
 import (
-	"bytes"
-	"strings"
 	"testing"
 
 	"k8s.io/kops/pkg/apis/kops"
 	"k8s.io/kops/pkg/flagbuilder"
 	"k8s.io/kops/upup/pkg/fi"
-	"k8s.io/kops/upup/pkg/fi/nodeup/nodetasks"
 	"k8s.io/kops/util/pkg/architectures"
 )
 
-func Test_KubeAPIServer_Builder(t *testing.T) {
-	basedir := "tests/apiServer/auditDynamicConfiguration"
-
-	context := &fi.ModelBuilderContext{
-		Tasks: make(map[string]fi.Task),
-	}
-
-	nodeUpModelContext, err := BuildNodeupModelContext(basedir)
-	if err != nil {
-		t.Fatalf("error loading model %q: %v", basedir, err)
-		return
-	}
-	keystore := &fakeCAStore{}
-	keystore.T = t
-	nodeUpModelContext.KeyStore = keystore
-
-	builder := KubeAPIServerBuilder{NodeupModelContext: nodeUpModelContext}
-
-	err = builder.Build(context)
-	if err != nil {
-		t.Fatalf("error from KubeAPIServerBuilder buildKubeletConfig: %v", err)
-		return
-	}
-	if task, ok := context.Tasks["File//etc/kubernetes/manifests/kube-apiserver.manifest"]; !ok {
-		t.Error("did not find the kubernetes API manifest after the build")
-	} else {
-		nodeTask, _ := task.(*nodetasks.File)
-		reader, _ := nodeTask.Contents.Open()
-		buf := new(bytes.Buffer)
-		buf.ReadFrom(reader)
-		s := buf.String()
-		if strings.Contains(s, "--audit-dynamic-configuration") {
-			t.Error("Older versions of k8s should not have --audit-dynamic-configuration flag")
-		}
-	}
-}
-
 func Test_KubeAPIServer_BuildFlags(t *testing.T) {
 	grid := []struct {
 		config   kops.KubeAPIServerConfig

nodeup/pkg/model/kube_scheduler.go

@@ -66,9 +66,8 @@ func (b *KubeSchedulerBuilder) Build(c *fi.ModelBuilderContext) error {
 	if !b.IsMaster {
 		return nil
 	}
-	useConfigFile := b.IsKubernetesGTE("1.12")
 	{
-		pod, err := b.buildPod(useConfigFile)
+		pod, err := b.buildPod()
 		if err != nil {
 			return fmt.Errorf("error building kube-scheduler pod: %v", err)
 		}
@@ -95,7 +94,7 @@ func (b *KubeSchedulerBuilder) Build(c *fi.ModelBuilderContext) error {
 			Mode:     s("0400"),
 		})
 	}
-	if useConfigFile {
+	{
 		var config *SchedulerConfig
 		if b.IsKubernetesGTE("1.19") {
 			config = NewSchedulerConfig("kubescheduler.config.k8s.io/v1beta1")
@@ -142,19 +141,15 @@ func NewSchedulerConfig(apiVersion string) *SchedulerConfig {
 }
 
 // buildPod is responsible for constructing the pod specification
-func (b *KubeSchedulerBuilder) buildPod(useConfigFile bool) (*v1.Pod, error) {
+func (b *KubeSchedulerBuilder) buildPod() (*v1.Pod, error) {
 	c := b.Cluster.Spec.KubeScheduler
 
 	flags, err := flagbuilder.BuildFlagsList(c)
 	if err != nil {
 		return nil, fmt.Errorf("error building kube-scheduler flags: %v", err)
 	}
-	if useConfigFile {
-		flags = append(flags, "--config="+"/var/lib/kube-scheduler/config.yaml")
-	} else {
-		// Add kubeconfig flag
-		flags = append(flags, "--kubeconfig="+defaultKubeConfig)
-	}
+
+	flags = append(flags, "--config="+"/var/lib/kube-scheduler/config.yaml")
 
 	if c.UsePolicyConfigMap != nil {
 		flags = append(flags, "--policy-configmap=scheduler-policy", "--policy-configmap-namespace=kube-system")

nodeup/pkg/model/networking/calico.go

@@ -17,8 +17,6 @@ limitations under the License.
 package networking
 
 import (
-	"path/filepath"
-
 	"k8s.io/kops/nodeup/pkg/model"
 	"k8s.io/kops/upup/pkg/fi"
 	"k8s.io/kops/upup/pkg/fi/nodeup/nodetasks"
@@ -43,24 +41,5 @@ func (b *CalicoBuilder) Build(c *fi.ModelBuilderContext) error {
 		c.AddTask(&nodetasks.Package{Name: "wireguard"})
 	}
 
-	// @check if tls is enabled and if so, we need to download the client certificates
-	if b.IsKubernetesLT("1.12") && !b.UseEtcdManager() && b.UseEtcdTLS() {
-		name := "calico-client"
-		dirname := "calico"
-		ca := filepath.Join(dirname, "ca.pem")
-		certificate := filepath.Join(dirname, name+".pem")
-		key := filepath.Join(dirname, name+"-key.pem")
-
-		if err := b.BuildCertificateTask(c, name, certificate, nil); err != nil {
-			return err
-		}
-		if err := b.BuildPrivateKeyTask(c, name, key, nil); err != nil {
-			return err
-		}
-		if err := b.BuildCertificateTask(c, fi.CertificateIDCA, ca, nil); err != nil {
-			return err
-		}
-	}
-
 	return nil
 }

pkg/apis/kops/cluster.go

@@ -453,8 +453,8 @@ var SupportedEtcdProviderTypes = []string{
 type EtcdClusterSpec struct {
 	// Name is the name of the etcd cluster (main, events etc)
 	Name string `json:"name,omitempty"`
-	// Provider is the provider used to run etcd: standalone, manager.
-	// We default to manager for kubernetes 1.11 or if the manager is configured; otherwise standalone.
+	// Provider is the provider used to run etcd: Manager, Legacy.
+	// Defaults to Manager.
 	Provider EtcdProviderType `json:"provider,omitempty"`
 	// Members stores the configurations for each member of the cluster (including the data volume)
 	Members []EtcdMemberSpec `json:"etcdMembers,omitempty"`

pkg/apis/kops/v1alpha2/cluster.go

@@ -450,8 +450,8 @@ const (
 type EtcdClusterSpec struct {
 	// Name is the name of the etcd cluster (main, events etc)
 	Name string `json:"name,omitempty"`
-	// Provider is the provider used to run etcd: standalone, manager.
-	// We default to manager for kubernetes 1.11 or if the manager is configured; otherwise standalone.
+	// Provider is the provider used to run etcd: Manager, Legacy.
+	// Defaults to Manager.
 	Provider EtcdProviderType `json:"provider,omitempty"`
 	// Members stores the configurations for each member of the cluster (including the data volume)
 	Members []EtcdMemberSpec `json:"etcdMembers,omitempty"`

pkg/apis/kops/validation/openstack.go

@@ -34,8 +34,5 @@ func openstackValidateCluster(c *kops.Cluster) (errList field.ErrorList) {
 			errList = append(errList, field.Forbidden(field.NewPath("spec", "topology", "masters"), "Public topology requires an external network"))
 		}
 	}
-	if c.Spec.ExternalCloudControllerManager != nil && !c.IsKubernetesGTE("1.13") {
-		errList = append(errList, field.Forbidden(field.NewPath("spec", "cloudControllerManager"), "External cloud controller manager for OpenStack is only supported as of kubernetes 1.13"))
-	}
 	return errList
 }

pkg/apis/kops/validation/validation.go

@@ -702,15 +702,12 @@ func validateNetworkingCilium(cluster *kops.Cluster, v *kops.CiliumNetworkingSpe
 			allErrs = append(allErrs, field.Invalid(versionFld, v.Version, "Only versions 1.6 through 1.8 are supported"))
 		}
 
-		if version.Minor == 6 && (!cluster.IsKubernetesGTE("1.11") || cluster.IsKubernetesGTE("1.16")) {
-			allErrs = append(allErrs, field.Forbidden(versionFld, "Version 1.6 requires kubernetesVersion between 1.11 and 1.16"))
+		if version.Minor == 6 && cluster.IsKubernetesGTE("1.16") {
+			allErrs = append(allErrs, field.Forbidden(versionFld, "Version 1.6 requires kubernetesVersion before 1.16"))
 		}
 
-		if version.Minor == 7 && (!cluster.IsKubernetesGTE("1.12") || cluster.IsKubernetesGTE("1.17")) {
-			allErrs = append(allErrs, field.Forbidden(versionFld, "Version 1.7 requires kubernetesVersion between 1.12 and 1.17"))
-		}
-		if version.Minor == 8 && !cluster.IsKubernetesGTE("1.12") {
-			allErrs = append(allErrs, field.Forbidden(versionFld, "Version 1.8 requires kubernetesVersion 1.12 or newer"))
+		if version.Minor == 7 && cluster.IsKubernetesGTE("1.17") {
+			allErrs = append(allErrs, field.Forbidden(versionFld, "Version 1.7 requires kubernetesVersion before 1.17"))
 		}
 
 		if v.Hubble != nil && fi.BoolValue(v.Hubble.Enabled) {
@@ -894,23 +891,23 @@ func validateEtcdVersion(spec kops.EtcdClusterSpec, fieldPath *field.Path, minim
 
 	version := spec.Version
 	if spec.Version == "" {
-		version = components.DefaultEtcd2Version
+		version = components.DefaultEtcd3Version_1_13
 	}
 
 	sem, err := semver.Parse(strings.TrimPrefix(version, "v"))
 	if err != nil {
 		return field.ErrorList{field.Invalid(fieldPath.Child("version"), version, "the storage version is invalid")}
 	}
 
-	// we only support v3 and v2 for now
-	if sem.Major == 3 || sem.Major == 2 {
+	// we only support v3 for now
+	if sem.Major == 3 {
 		if sem.LT(*minimalVersion) {
 			return field.ErrorList{field.Invalid(fieldPath.Child("version"), version, fmt.Sprintf("minimum version required is %s", minimalVersion.String()))}
 		}
 		return nil
 	}
 
-	return field.ErrorList{field.Invalid(fieldPath.Child("version"), version, "unsupported storage version, we only support major versions 2 and 3")}
+	return field.ErrorList{field.Invalid(fieldPath.Child("version"), version, "unsupported storage version, we only support major version 3")}
 }
 
 // validateEtcdMemberSpec is responsible for validate the cluster member
@@ -1172,10 +1169,6 @@ func validateNodeLocalDNS(spec *kops.ClusterSpec, fldpath *field.Path) field.Err
 }
 
 func validateClusterAutoscaler(cluster *kops.Cluster, spec *kops.ClusterAutoscalerConfig, fldPath *field.Path) (allErrs field.ErrorList) {
-	if !cluster.IsKubernetesGTE("1.12") {
-		allErrs = append(allErrs, field.Forbidden(fldPath, "Cluster autoscaler requires kubernetesVersion 1.12 or higher"))
-	}
-
 	allErrs = append(allErrs, IsValidValue(fldPath.Child("expander"), spec.Expander, []string{"least-waste", "random", "most-pods"})...)
 
 	if kops.CloudProviderID(cluster.Spec.CloudProvider) == kops.CloudProviderOpenstack {

pkg/apis/kops/validation/validation_test.go

@@ -618,28 +618,10 @@ func Test_Validate_Cilium(t *testing.T) {
 				Version: "v1.0.0",
 			},
 			Spec: kops.ClusterSpec{
-				KubernetesVersion: "1.11.0",
+				KubernetesVersion: "1.18.0",
 			},
 			ExpectedErrors: []string{"Invalid value::cilium.version"},
 		},
-		{
-			Cilium: kops.CiliumNetworkingSpec{
-				Version: "v1.7.0",
-			},
-			Spec: kops.ClusterSpec{
-				KubernetesVersion: "1.11.0",
-			},
-			ExpectedErrors: []string{"Forbidden::cilium.version"},
-		},
-		{
-			Cilium: kops.CiliumNetworkingSpec{
-				Version: "v1.7.0-rc1",
-			},
-			Spec: kops.ClusterSpec{
-				KubernetesVersion: "1.11.0",
-			},
-			ExpectedErrors: []string{"Forbidden::cilium.version"},
-		},
 		{
 			Cilium: kops.CiliumNetworkingSpec{
 				Version: "v1.7.0",
@@ -683,7 +665,7 @@ func Test_Validate_Cilium(t *testing.T) {
 			Cilium: &g.Cilium,
 		}
 		if g.Spec.KubernetesVersion == "" {
-			g.Spec.KubernetesVersion = "1.12.0"
+			g.Spec.KubernetesVersion = "1.15.0"
 		}
 		cluster := &kops.Cluster{
 			Spec: g.Spec,

pkg/model/components/apiserver.go

@@ -171,25 +171,7 @@ func (b *KubeAPIServerOptionsBuilder) BuildOptions(o interface{}) error {
 	// TODO: We can probably rewrite these more clearly in descending order
 	// Based on recommendations from:
 	// https://kubernetes.io/docs/admin/admission-controllers/#is-there-a-recommended-set-of-admission-controllers-to-use
-	if b.IsKubernetesLT("1.12") {
-		c.EnableAdmissionPlugins = []string{
-			"Initializers",
-			"NamespaceLifecycle",
-			"LimitRanger",
-			"ServiceAccount",
-			"PersistentVolumeLabel",
-			"DefaultStorageClass",
-			"DefaultTolerationSeconds",
-			"MutatingAdmissionWebhook",
-			"ValidatingAdmissionWebhook",
-			"NodeRestriction",
-			"ResourceQuota",
-		}
-		c.EnableAdmissionPlugins = append(c.EnableAdmissionPlugins, c.AppendAdmissionPlugins...)
-	}
-	// Based on recommendations from:
-	// https://kubernetes.io/docs/admin/admission-controllers/#is-there-a-recommended-set-of-admission-controllers-to-use
-	if b.IsKubernetesGTE("1.12") {
+	{
 		c.EnableAdmissionPlugins = []string{
 			"NamespaceLifecycle",
 			"LimitRanger",