.devcontainer/README.md

@@ -0,0 +1,38 @@
+# devcontainer
+
+
+For format details, see https://aka.ms/devcontainer.json. 
+
+For config options, see the README at:
+https://github.com/microsoft/vscode-dev-containers/tree/v0.140.1/containers/puppet
+
+``` json
+{
+	"name": "Puppet Development Kit (Community)",
+	"dockerFile": "Dockerfile",
+
+	// Set *default* container specific settings.json values on container create.
+	"settings": {
+		"terminal.integrated.profiles.linux": {
+			"bash": {
+				"path": "bash",
+			}
+		}
+	},
+
+	// Add the IDs of extensions you want installed when the container is created.
+	"extensions": [
+		"puppet.puppet-vscode",
+		"rebornix.Ruby"
+	],
+
+	// Use 'forwardPorts' to make a list of ports inside the container available locally.
+	"forwardPorts": [],
+
+	// Use 'postCreateCommand' to run commands after the container is created.
+	"postCreateCommand": "pdk --version",
+}
+```
+
+
+

.devcontainer/devcontainer.json

@@ -1,23 +1,17 @@
-// For format details, see https://aka.ms/devcontainer.json. For config options, see the README at:
-// https://github.com/microsoft/vscode-dev-containers/tree/v0.140.1/containers/puppet
 {
 	"name": "Puppet Development Kit (Community)",
 	"dockerFile": "Dockerfile",
 
-	// Set *default* container specific settings.json values on container create.
 	"settings": {
-		"terminal.integrated.shell.linux": "/bin/bash"
+		"terminal.integrated.profiles.linux": {
+			"bash": {
+				"path": "bash",
+			}
+		}
 	},
 
-	// Add the IDs of extensions you want installed when the container is created.
 	"extensions": [
 		"puppet.puppet-vscode",
 		"rebornix.Ruby"
 	]
-
-	// Use 'forwardPorts' to make a list of ports inside the container available locally.
-	// "forwardPorts": [],
-
-	// Use 'postCreateCommand' to run commands after the container is created.
-	// "postCreateCommand": "pdk --version",
 }

.fixtures.yml

@@ -6,13 +6,13 @@ fixtures:
     archive: "puppet-archive"
     augeasproviders_sysctl: "herculesteam-augeasproviders_sysctl"
     augeasproviders_core: "herculesteam-augeasproviders_core"
-    kmod: "camptocamp-kmod"
+    kmod: "puppet-kmod"
     helm: 'puppetlabs-helm'
     rook: 'puppetlabs-rook'
   repositories:
-    facts: 'git://github.com/puppetlabs/puppetlabs-facts.git'
-    puppet_agent: 'git://github.com/puppetlabs/puppetlabs-puppet_agent.git'
-    provision: 'git://github.com/puppetlabs/provision.git'
+    facts: 'https://github.com/puppetlabs/puppetlabs-facts.git'
+    puppet_agent: 'https://github.com/puppetlabs/puppetlabs-puppet_agent.git'
+    provision: 'https://github.com/puppetlabs/provision.git'
     yumrepo_core:
       repo: https://github.com/puppetlabs/puppetlabs-yumrepo_core.git
       puppet_version: ">= 6.0.0"

.github/workflows/auto_release.yml

@@ -14,6 +14,7 @@ jobs:
     runs-on: ubuntu-20.04
 
     steps:
+
     - name: "Honeycomb: Start recording"
       uses: puppetlabs/kvrhdn-gha-buildevents@pdk-templates-v1
       with:
@@ -25,7 +26,6 @@ jobs:
       run: |
         echo STEP_ID="auto-release" >> $GITHUB_ENV
         echo STEP_START=$(date +%s) >> $GITHUB_ENV
-
     - name: "Checkout Source"
       if: ${{ github.repository_owner == 'puppetlabs' }}
       uses: actions/checkout@v2
@@ -46,8 +46,14 @@ jobs:
       run: |
         echo "::set-output name=ver::$(jq --raw-output .version metadata.json)"
 
-    - name: "Commit changes"
+    - name: "Check if a release is necessary"
       if: ${{ github.repository_owner == 'puppetlabs' }}
+      id: check
+      run: |
+        git diff --quiet CHANGELOG.md && echo "::set-output name=release::false" || echo "::set-output name=release::true"
+
+    - name: "Commit changes"
+      if: ${{ github.repository_owner == 'puppetlabs' && steps.check.outputs.release == 'true' }}
       run: |
         git config --local user.email "${{ github.repository_owner }}@users.noreply.github.com"
         git config --local user.name "GitHub Action"
@@ -57,7 +63,7 @@ jobs:
     - name: Create Pull Request
       id: cpr
       uses: puppetlabs/peter-evans-create-pull-request@v3
-      if: ${{ github.repository_owner == 'puppetlabs' }}
+      if: ${{ github.repository_owner == 'puppetlabs' && steps.check.outputs.release == 'true' }}
       with:
         token: ${{ secrets.GITHUB_TOKEN }}
         commit-message: "Release prep v${{ steps.gv.outputs.ver }}"
@@ -73,11 +79,11 @@ jobs:
         labels: "maintenance"
 
     - name: PR outputs
-      if: ${{ github.repository_owner == 'puppetlabs' }}
+      if: ${{ github.repository_owner == 'puppetlabs' && steps.check.outputs.release == 'true' }}
       run: |
         echo "Pull Request Number - ${{ steps.cpr.outputs.pull-request-number }}"
         echo "Pull Request URL - ${{ steps.cpr.outputs.pull-request-url }}"
-
+ 
     - name: "Honeycomb: Record finish step"
       if: ${{ always() }}
       run: |

.github/workflows/labeller.yml

@@ -0,0 +1,22 @@
+name: community-labeller
+
+on:
+  issues:
+    types:
+      - opened
+  pull_request_target:
+    types:
+      - opened
+
+jobs:
+  label:
+    runs-on: ubuntu-latest
+    steps:
+
+      - uses: puppetlabs/community-labeller@v0
+        name: Label issues or pull requests
+        with:
+          label_name: community
+          label_color: '5319e7'
+          org_membership: puppetlabs
+          token: ${{ secrets.IAC_COMMUNITY_LABELER }}

.github/workflows/nightly.yml

@@ -201,5 +201,5 @@ jobs:
           repo_token: ${{ secrets.GITHUB_TOKEN }}
           slack_webhook_url: ${{ secrets.SLACK_WEBHOOK }}
           # Optional Input
-          channel: '#team-ia-bots'
+          channel: '#team-cat-bots'
           name: 'GABot'

.github/workflows/spec.yml

@@ -6,6 +6,7 @@ on:
   workflow_dispatch:
   pull_request:
 
+
 env:
   HONEYCOMB_WRITEKEY: 7f3c63a70eecc61d635917de46bea4e6
   HONEYCOMB_DATASET: litmus tests
@@ -18,6 +19,7 @@ jobs:
       spec_matrix: ${{ steps.get-matrix.outputs.spec_matrix }}
 
     steps:
+
       - name: "Honeycomb: Start recording"
         uses: puppetlabs/kvrhdn-gha-buildevents@pdk-templates-v1
         with:
@@ -29,7 +31,6 @@ jobs:
         run: |
           echo STEP_ID=setup-environment >> $GITHUB_ENV
           echo STEP_START=$(date +%s) >> $GITHUB_ENV
-
       - name: Checkout Source
         uses: actions/checkout@v2
         if: ${{ github.repository_owner == 'puppetlabs' }}
@@ -47,13 +48,16 @@ jobs:
           echo ::group::bundler environment
           buildevents cmd $TRACE_ID $STEP_ID 'bundle env' -- bundle env
           echo ::endgroup::
-
       - name: "Honeycomb: Record Setup Environment time"
         if: ${{ github.repository_owner == 'puppetlabs' }}
         run: |
           buildevents step $TRACE_ID $STEP_ID $STEP_START 'Setup Environment'
           echo STEP_ID=Setup-Acceptance-Test-Matrix >> $GITHUB_ENV
           echo STEP_START=$(date +%s) >> $GITHUB_ENV
+      - name: Run Static & Syntax Tests
+        if: ${{ github.repository_owner == 'puppetlabs' }}
+        run: |
+          buildevents cmd $TRACE_ID $STEP_ID 'static_syntax_checks' -- bundle exec rake syntax lint metadata_lint check:symlinks check:git_ignore check:dot_underscore check:test_file rubocop
 
       - name: Setup Spec Test Matrix
         id: get-matrix
@@ -63,12 +67,10 @@ jobs:
           else
             echo  "::set-output name=spec_matrix::{}"
           fi
-
       - name: "Honeycomb: Record Setup Test Matrix time"
         if: ${{ always() }}
         run: |
           buildevents step $TRACE_ID $STEP_ID $STEP_START 'Setup Test Matrix'
-
   Spec:
     name: "Spec Tests (Puppet: ${{matrix.puppet_version}}, Ruby Ver: ${{matrix.ruby_version}})"
     needs:
@@ -91,7 +93,6 @@ jobs:
 
       - run: |
           echo 'puppet_version=${{ env.SANITIZED_PUPPET_VERSION }}' >> $BUILDEVENT_FILE
-
       - name: "Honeycomb: Start first step"
         run: |
           echo "STEP_ID=${{ env.SANITIZED_PUPPET_VERSION }}-spec" >> $GITHUB_ENV
@@ -104,7 +105,6 @@ jobs:
           dataset: ${{ env.HONEYCOMB_DATASET }}
           job-status: ${{ job.status }}
           matrix-key: ${{ env.SANITIZED_PUPPET_VERSION }}
-
       - name: Checkout Source
         uses: actions/checkout@v2
 
@@ -120,10 +120,7 @@ jobs:
           buildevents cmd $TRACE_ID $STEP_ID 'bundle env' -- bundle env
           echo ::endgroup::
 
-      - name: Run Static & Syntax Tests
-        run: |
-          buildevents cmd $TRACE_ID $STEP_ID 'static_syntax_checks Puppet ${{ matrix.puppet_version }}, Ruby ${{ matrix.ruby_version }}' -- bundle exec rake syntax lint metadata_lint check:symlinks check:git_ignore check:dot_underscore check:test_file rubocop
-      
+
       - name: Run parallel_spec tests
         run: |
           buildevents cmd $TRACE_ID $STEP_ID 'rake parallel_spec Puppet ${{ matrix.puppet_version }}, Ruby ${{ matrix.ruby_version }}' -- bundle exec rake parallel_spec

.puppet-lint.rc

@@ -1 +1,5 @@
 --relative
+--no-parameter_documentation-check
+--no-params_empty_string_assignment-check
+--no-file_ensure-check
+--no-variables_not_enclosed-check

.sync.yml

@@ -22,6 +22,11 @@ Rakefile:
           t.rspec_opts = "--tag integration"
         end
       end
+  extra_disabled_lint_checks:
+    - parameter_documentation
+    - params_empty_string_assignment
+    - file_ensure
+    - variables_not_enclosed
 
 .rubocop.yml:
   include_todos:

CHANGELOG.md

@@ -2,6 +2,43 @@
 
 All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org).
 
+## [v7.0.0](https://github.com/puppetlabs/puppetlabs-kubernetes/tree/v7.0.0) (2022-12-15)
+
+[Full Changelog](https://github.com/puppetlabs/puppetlabs-kubernetes/compare/v6.3.0...v7.0.0)
+
+### Changed
+
+- Validate namespace parameter as DNS subdomain name [\#602](https://github.com/puppetlabs/puppetlabs-kubernetes/pull/602) ([deric](https://github.com/deric))
+- \(MAINT\) Fixing codebase hardening issues [\#590](https://github.com/puppetlabs/puppetlabs-kubernetes/pull/590) ([LukasAud](https://github.com/LukasAud))
+
+### Added
+
+- Support overriding containerd socket path \(\#596\) [\#597](https://github.com/puppetlabs/puppetlabs-kubernetes/pull/597) ([deric](https://github.com/deric))
+- Rewrite command line arguments parsing [\#593](https://github.com/puppetlabs/puppetlabs-kubernetes/pull/593) ([deric](https://github.com/deric))
+- add new parameter containerd\_sandbox\_image [\#587](https://github.com/puppetlabs/puppetlabs-kubernetes/pull/587) ([BaronMsk](https://github.com/BaronMsk))
+- Add RedHat family as supported OS \(\#563\) [\#577](https://github.com/puppetlabs/puppetlabs-kubernetes/pull/577) ([deric](https://github.com/deric))
+- Support Debian 11 [\#568](https://github.com/puppetlabs/puppetlabs-kubernetes/pull/568) ([deric](https://github.com/deric))
+- Support changing bits used for generating certificates [\#566](https://github.com/puppetlabs/puppetlabs-kubernetes/pull/566) ([deric](https://github.com/deric))
+- Add proxy support to docker, cri\_containerd and kubelet [\#561](https://github.com/puppetlabs/puppetlabs-kubernetes/pull/561) ([nickperry](https://github.com/nickperry))
+- Remove cgroup-driver arg to avoid deprecation warnings [\#540](https://github.com/puppetlabs/puppetlabs-kubernetes/pull/540) ([treydock](https://github.com/treydock))
+
+### Fixed
+
+- Stronger type checking for $node\_name [\#600](https://github.com/puppetlabs/puppetlabs-kubernetes/pull/600) ([deric](https://github.com/deric))
+- \(MAINT\) Revert hardening changes [\#599](https://github.com/puppetlabs/puppetlabs-kubernetes/pull/599) ([chelnak](https://github.com/chelnak))
+- Fix executing CNI addons commands \(fixes \#594\) [\#598](https://github.com/puppetlabs/puppetlabs-kubernetes/pull/598) ([deric](https://github.com/deric))
+- Addressing wrong type for unless execs [\#592](https://github.com/puppetlabs/puppetlabs-kubernetes/pull/592) ([LukasAud](https://github.com/LukasAud))
+- Fix Build docker image tooling [\#589](https://github.com/puppetlabs/puppetlabs-kubernetes/pull/589) ([BaronMsk](https://github.com/BaronMsk))
+- \(CONT-217\) Correct Kubernetes etcd\_data\_dir spec tests [\#582](https://github.com/puppetlabs/puppetlabs-kubernetes/pull/582) ([GSPatton](https://github.com/GSPatton))
+- etcd data dir path configurable by hiera [\#581](https://github.com/puppetlabs/puppetlabs-kubernetes/pull/581) ([GSPatton](https://github.com/GSPatton))
+- Hardening manifest classes [\#575](https://github.com/puppetlabs/puppetlabs-kubernetes/pull/575) ([LukasAud](https://github.com/LukasAud))
+- Master role has been deprecated since kubernetes v1.20.0 [\#571](https://github.com/puppetlabs/puppetlabs-kubernetes/pull/571) ([deric](https://github.com/deric))
+- Don't try to guess docker\_version \(\#564\) [\#565](https://github.com/puppetlabs/puppetlabs-kubernetes/pull/565) ([deric](https://github.com/deric))
+- fix: anchor regex for determining config\_version [\#554](https://github.com/puppetlabs/puppetlabs-kubernetes/pull/554) ([TheMeier](https://github.com/TheMeier))
+- pdksync - \(GH-iac-334\) Remove Support for Ubuntu 16.04 [\#548](https://github.com/puppetlabs/puppetlabs-kubernetes/pull/548) ([david22swan](https://github.com/david22swan))
+- Fix \#541 [\#542](https://github.com/puppetlabs/puppetlabs-kubernetes/pull/542) ([nickperry](https://github.com/nickperry))
+- Update Debian-family docker repo location and key id [\#535](https://github.com/puppetlabs/puppetlabs-kubernetes/pull/535) ([jorhett](https://github.com/jorhett))
+
 ## [v6.3.0](https://github.com/puppetlabs/puppetlabs-kubernetes/tree/v6.3.0) (2021-09-06)
 
 [Full Changelog](https://github.com/puppetlabs/puppetlabs-kubernetes/compare/v6.2.0...v6.3.0)

Gemfile

@@ -13,22 +13,28 @@ def location_for(place_or_version, fake_version = nil)
   end
 end
 
-ruby_version_segments = Gem::Version.new(RUBY_VERSION.dup).segments
-minor_version = ruby_version_segments[0..1].join('.')
-
 group :development do
-  gem "json", '= 2.0.4',                                         require: false if Gem::Requirement.create('~> 2.4.2').satisfied_by?(Gem::Version.new(RUBY_VERSION.dup))
-  gem "json", '= 2.1.0',                                         require: false if Gem::Requirement.create(['>= 2.5.0', '< 2.7.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup))
-  gem "json", '= 2.3.0',                                         require: false if Gem::Requirement.create(['>= 2.7.0', '< 2.8.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup))
-  gem "puppet-module-posix-default-r#{minor_version}", '~> 1.0', require: false, platforms: [:ruby]
-  gem "puppet-module-posix-dev-r#{minor_version}", '~> 1.0',     require: false, platforms: [:ruby]
-  gem "puppet-module-win-default-r#{minor_version}", '~> 1.0',   require: false, platforms: [:mswin, :mingw, :x64_mingw]
-  gem "puppet-module-win-dev-r#{minor_version}", '~> 1.0',       require: false, platforms: [:mswin, :mingw, :x64_mingw]
-  gem "github_changelog_generator",                              require: false
+  gem "json", '~> 2.0',                                require: false
+  gem "voxpupuli-puppet-lint-plugins", '~> 3.0',       require: false
+  gem "facterdb", '~> 1.18',                           require: false
+  gem "metadata-json-lint", '>= 2.0.2', '< 4.0.0',     require: false
+  gem "puppetlabs_spec_helper", '>= 3.0.0', '< 5.0.0', require: false
+  gem "rspec-puppet-facts", '~> 2.0',                  require: false
+  gem "codecov", '~> 0.2',                             require: false
+  gem "dependency_checker", '~> 0.2',                  require: false
+  gem "parallel_tests", '~> 3.4',                      require: false
+  gem "pry", '~> 0.10',                                require: false
+  gem "simplecov-console", '~> 0.5',                   require: false
+  gem "puppet-debugger", '~> 1.0',                     require: false
+  gem "rubocop", '= 1.6.1',                            require: false
+  gem "rubocop-performance", '= 1.9.1',                require: false
+  gem "rubocop-rspec", '= 2.0.1',                      require: false
+  gem "rb-readline", '= 0.5.5',                        require: false, platforms: [:mswin, :mingw, :x64_mingw]
+  gem "github_changelog_generator",                    require: false
 end
 group :system_tests do
-  gem "puppet-module-posix-system-r#{minor_version}", '~> 1.0', require: false, platforms: [:ruby]
-  gem "puppet-module-win-system-r#{minor_version}", '~> 1.0',   require: false, platforms: [:mswin, :mingw, :x64_mingw]
+  gem "puppet_litmus", '< 1.0.0', require: false, platforms: [:ruby]
+  gem "serverspec", '~> 2.41',    require: false
 end
 
 puppet_version = ENV['PUPPET_GEM_VERSION']