Merge tag 'refs/tags/v0.11.12' into fork-on-premise

metal-stack · Apr 17, 2024 · c0b6992 · c0b6992
2 parents 76a0385 + 5992212
commit c0b6992
Show file tree

Hide file tree

Showing 9 changed files with 572 additions and 164 deletions.
diff --git a/control-plane/roles/gardener/defaults/main/gardener.yaml b/control-plane/roles/gardener/defaults/main/gardener.yaml
@@ -46,6 +46,10 @@ gardener_gardenlet_shoot_concurrent_syncs: 20
 gardener_gardenlet_shoot_reconcile_in_maintenance_only: false
 gardener_gardenlet_shoot_respect_sync_period_overwrite: true
 
+gardener_gardenlet_feature_gates:
+  HVPA: false
+  HVPAForShootedSeed: false
+
 gardener_shooted_seeds: []
 # - name: shoot-1
 #   project_id: 00000000-0000-0000-0000-000000000001

diff --git a/control-plane/roles/gardener/files/10-crd-autoscaling.k8s.io_verticalpodautoscalers.yaml b/control-plane/roles/gardener/files/10-crd-autoscaling.k8s.io_verticalpodautoscalers.yaml
diff --git a/control-plane/roles/gardener/tasks/main.yaml b/control-plane/roles/gardener/tasks/main.yaml
@@ -56,13 +56,19 @@
       - gardener_dns_provider is not none
       - gardener_cloud_profile_metal_api_url is not none
       - gardener_cloud_profile_metal_api_hmac is not none
-# Gardener expects a VPA to be present, otherwise VPA enabled and soil bootstrapping do not work
-# maybe this can be removed in a future version of Gardener?
-- name: Deploy VerticalPodAutoscaler CRD if required
+
+- name: Deploy required Seed CRDs
   k8s:
-    definition: "{{ lookup('template', 'vpa.yaml') }}"
+    definition: "{{ item.definition }}"
     apply: yes
-  when: not lookup('k8s', api_version='apiextensions.k8s.io/v1', kind='CustomResourceDefinition', resource_name='verticalpodautoscalers.autoscaling.k8s.io')
+  loop:
+    - name: hvpas
+      definition: "{{ (lookup('url', 'https://raw.githubusercontent.com/gardener/gardener/' + gardener_repo_ref + '/example/seed-crds/10-crd-autoscaling.k8s.io_hvpas.yaml', split_lines=False) | from_yaml_all | list)[0] }}"
+    # TODO: starting from g/g 1.82, this resource will be located in seed-crds, too
+    - name: vpas
+      definition: "{{ lookup('file', '10-crd-autoscaling.k8s.io_verticalpodautoscalers.yaml') }}"
+  loop_control:
+    label: "{{ item.name }}"
 
 - name: Create garden namespace
   k8s:

diff --git a/control-plane/roles/gardener/templates/30-cloud-profile-metal.yaml b/control-plane/roles/gardener/templates/30-cloud-profile-metal.yaml
@@ -30,6 +30,9 @@ spec:
 {% for id, partition_config in gardener_cloud_profile_partitions.items() %}
           {{ id }}:
             firewallTypes: {{ partition_config.get('default-machine-types', {}).get('firewall', []) | to_json }}
+{% if 'network-isolation' in partition_config %}
+            networkIsolation: {{ partition_config.get('network-isolation') | to_json }}
+{% endif %}
 {% endfor %}
   kubernetes: {{ gardener_cloud_profile_kubernetes | to_json }}
   machineImages: {{ gardener_cloud_profile_machine_images | machine_images_for_cloud_profile(cris=gardener_os_cri_mapping) | to_json }}

diff --git a/control-plane/roles/gardener/templates/gardener-control-plane-values.j2 b/control-plane/roles/gardener/templates/gardener-control-plane-values.j2
@@ -51,38 +51,8 @@ global:
     shootViewerKubeconfigMaxExpiration: {{ gardener_apiserver_shoot_kubeconfig_max_expiration }}
 
     vpa: {{ gardener_apiserver_vpa }}
-    # this requires the Hvpa resource in autoscaling.k8s.io/v1alpha1, which is not in the GKE cluster... how to actually use this?
-    # hvpa:
-    #   enabled: true
-    #   maxReplicas: 4
-    #   minReplicas: 1
-    #   targetAverageUtilizationCpu: 400
-    #   targetAverageUtilizationMemory: 400
-    #   vpaScaleUpStabilization:
-    #     stabilizationDuration: "3m"
-    #     minChange:
-    #       cpu:
-    #         value: 300m
-    #         percentage: 80
-    #       memory:
-    #         value: 600M
-    #         percentage: 80
-    #   vpaScaleDownStabilization:
-    #     stabilizationDuration: "15m"
-    #     minChange:
-    #       cpu:
-    #         value: 200m
-    #         percentage: 80
-    #       memory:
-    #         value: 300M
-    #         percentage: 80
-    #   limitsRequestsGapScaleParams:
-    #     cpu:
-    #       value: "1"
-    #       percentage: 40
-    #     memory:
-    #       value: "2G"
-    #       percentage: 40
+    hvpa:
+      enabled: true
 
   scheduler:
     resources: {{ gardener_scheduler_resources | to_json }}

diff --git a/control-plane/roles/gardener/templates/gardenlet-values.j2 b/control-plane/roles/gardener/templates/gardenlet-values.j2
@@ -66,9 +66,7 @@ config:
       - key: seed.gardener.cloud/invisible
       - key: seed.gardener.cloud/disable-capacity-reservation
 
-  featureGates:
-    HVPA: false
-    HVPAForShootedSeed: false
+  featureGates: {{ gardener_gardenlet_feature_gates | to_json }}
 
 vpa: {{ gardener_soil_vertical_pod_autoscaler_enabled }}
 

diff --git a/control-plane/roles/gardener/templates/kube-apiserver-values.j2 b/control-plane/roles/gardener/templates/kube-apiserver-values.j2
@@ -8,8 +8,12 @@ apiServer:
   serviceName: garden-kube-apiserver
 
 oidc:
+{% if gardener_virtual_api_oidc_issuer_url %}
   issuerURL: {{ gardener_virtual_api_oidc_issuer_url }}
+{% endif %}
+{% if gardener_virtual_api_oidc_client_id %}
   clientID: {{ gardener_virtual_api_oidc_client_id }}
+{% endif %}
 {% if gardener_virtual_api_oidc_username_claim %}
   usernameClaim: {{ gardener_virtual_api_oidc_username_claim }}
 {% endif %}

diff --git a/control-plane/roles/gardener/templates/vpa.yaml b/control-plane/roles/gardener/templates/vpa.yaml
diff --git a/control-plane/roles/isolated-clusters/defaults/main/images.yaml b/control-plane/roles/isolated-clusters/defaults/main/images.yaml
@@ -117,6 +117,10 @@ isolated_clusters_registry_oci_mirror_config:
       destination: http://registry:5000/coredns/coredns
       match:
         semver: ">= v1.10.0"
+    - source: registry.k8s.io/dns/k8s-dns-node-cache
+      destination: http://registry:5000/dns/k8s-dns-node-cache
+      match:
+        semver: ">= 1.22.23"
     - source: r.metal-stack.io/csi-lvm-controller
       destination: http://registry:5000/csi-lvm-controller
       match: