Skip to content

Commit

Permalink
Merge pull request #171 from sighupio/develop
Browse files Browse the repository at this point in the history 
Release v1.27.2 - Add migrations on all modules, additional parameter to configure alertmanager configs and policy settings for kyverno and gatekeeper and containerd registry auth feature on OnPremises kind
  • Loading branch information
@nutellinoit
nutellinoit committed Jan 23, 2024
2 parents 45861b1 + 5d1030c commit da7fc01
Show file tree
Hide file tree
Showing 120 changed files with 9,893 additions and 5,974 deletions.
24 changes: 11 additions & 13 deletions .drone.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -151,7 +151,7 @@ steps:
dockerhub_password:
from_secret: dockerhub_password

- name: e2e
- name: e2e-kfddistribution
# KUBECTL 1.25.3 - KUSTOMIZE 3.5.3 - HELM 3.1.1 - YQ 4.21.1 - ISTIOCTL 1.9.4 - FURYCTL 0.9.0 - BATS 1.1.0
image: quay.io/sighup/e2e-testing:1.1.0_0.11.0_3.1.1_1.9.4_1.26.3_3.5.3_4.33.3
pull: always
Expand All @@ -160,22 +160,20 @@ steps:
path: /shared
depends_on: [init]
commands:
- ls -la /shared/
- ls -la /shared/kube/
- export KUBECONFIG=/shared/kube/kubeconfig-127
- bats -t tests/install.sh
- bats -t tests/networking.sh
- bats -t tests/monitoring.sh
- bats -t tests/logging.sh
- bats -t tests/ingress.sh
- bats -t tests/dr.sh
- bats -t tests/opa.sh
- bats -t tests/schema.sh
- cp /shared/kube/kubeconfig-127 /tmp/kubeconfig
- export KUBECONFIG=/tmp/kubeconfig
- echo "Installing the correct furyctl version..."
- curl -L "https://github.com/sighupio/furyctl/releases/download/v0.27.2-rc.3/furyctl-$(uname -s)-amd64.tar.gz" -o /tmp/furyctl.tar.gz && tar xfz /tmp/furyctl.tar.gz -C /tmp
# TODO Release the new fixed furyctl version
# - curl -L "https://github.com/sighupio/furyctl/releases/latest/download/furyctl-$(uname -s)-amd64.tar.gz" -o /tmp/furyctl.tar.gz && tar xfz /tmp/furyctl.tar.gz -C /tmp
- chmod +x /tmp/furyctl
- tests/e2e-kfddistribution.sh

- name: destroy
image: quay.io/sighup/e2e-testing-drone-plugin:v2.0.0
pull: always
depends_on: [e2e]
depends_on:
- e2e-kfddistribution
settings:
action: destroy
pipeline_id: cluster-127
Expand Down
0 .envrc → .envrc.dist
View file
File renamed without changes.
1 change: 1 addition & 0 deletions .gitignore
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,3 +6,4 @@ vendor

go.work
go.work.sum
.envrc
2 changes: 1 addition & 1 deletion Furyfile.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ versions:
ingress: v2.2.0
logging: v3.3.1
monitoring: v3.0.1
opa: v1.11.0
opa: v1.11.1
networking: v1.15.0
tracing: v1.0.2

Expand Down
6 changes: 3 additions & 3 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,8 +7,8 @@
<p align="center">Kubernetes Fury Distribution (KFD) is a certified battle-tested Kubernetes distribution based purely on upstream Kubernetes.</p>
<!-- markdownlint-enable MD033 -->

[![Build Status](http://ci.sighup.io/api/badges/sighupio/fury-distribution/status.svg?ref=refs/tags/v1.27.1)](http://ci.sighup.io/sighupio/fury-distribution)
[![Release](https://img.shields.io/badge/release-v1.27.1-blue?label=FuryDistributionRelease)](https://github.com/sighupio/fury-distribution/releases/latest)
[![Build Status](http://ci.sighup.io/api/badges/sighupio/fury-distribution/status.svg?ref=refs/tags/v1.27.2)](http://ci.sighup.io/sighupio/fury-distribution)
[![Release](https://img.shields.io/badge/release-v1.27.2-blue?label=FuryDistributionRelease)](https://github.com/sighupio/fury-distribution/releases/latest)
[![Slack](https://img.shields.io/badge/slack-@kubernetes/fury-yellow.svg?logo=slack)](https://kubernetes.slack.com/archives/C0154HYTAQH)
[![License](https://img.shields.io/github/license/sighupio/fury-distribution)](https://github.com/sighupio/fury-distribution/blob/main/LICENSE)

Expand Down Expand Up @@ -96,7 +96,7 @@ Current supported versions of KFD are:

| KFD Version | Kubernetes Version |
| :----------------------------------------------------------------------------: | :----------------: |
| [`1.27.1`](https://github.com/sighupio/fury-distribution/releases/tag/v1.27.1) | `1.27.x` |
| [`1.27.2`](https://github.com/sighupio/fury-distribution/releases/tag/v1.27.2) | `1.27.x` |
| [`1.26.4`](https://github.com/sighupio/fury-distribution/releases/tag/v1.26.4) | `1.26.x` |
| [`1.25.9`](https://github.com/sighupio/fury-distribution/releases/tag/v1.25.9) | `1.25.x` |

Expand Down
5 changes: 5 additions & 0 deletions defaults/ekscluster-kfd-v1alpha2.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -142,6 +142,7 @@ data:
retentionSize: 120GB
storageSize: 150Gi
alertmanager:
installDefaultRules: true
deadManSwitchWebhookUrl: ""
slackWebhookUrl: ""
mimir:
Expand Down Expand Up @@ -210,9 +211,13 @@ data:
gatekeeper:
# this configuration adds namespaces to the excluded list, actually whitelisting them
additionalExcludedNamespaces: []
enforcementAction: deny
installDefaultPolicies: true
kyverno:
# this configuration adds namespaces to the excluded list, actually whitelisting them
additionalExcludedNamespaces: []
validationFailureAction: enforce
installDefaultPolicies: true
# dr module configuration
dr:
type: none
Expand Down
5 changes: 5 additions & 0 deletions defaults/kfddistribution-kfd-v1alpha2.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -135,6 +135,7 @@ data:
retentionSize: 120GB
storageSize: 150Gi
alertmanager:
installDefaultRules: true
deadManSwitchWebhookUrl: ""
slackWebhookUrl: ""
mimir:
Expand Down Expand Up @@ -202,9 +203,13 @@ data:
gatekeeper:
# this configuration adds namespaces to the excluded list, actually whitelisting them
additionalExcludedNamespaces: []
enforcementAction: deny
installDefaultPolicies: true
kyverno:
# this configuration adds namespaces to the excluded list, actually whitelisting them
additionalExcludedNamespaces: []
validationFailureAction: enforce
installDefaultPolicies: true
# dr module configuration
dr:
type: none
Expand Down
5 changes: 5 additions & 0 deletions defaults/onpremises-kfd-v1alpha2.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -135,6 +135,7 @@ data:
retentionSize: 120GB
storageSize: 150Gi
alertmanager:
installDefaultRules: true
deadManSwitchWebhookUrl: ""
slackWebhookUrl: ""
mimir:
Expand Down Expand Up @@ -202,9 +203,13 @@ data:
gatekeeper:
# this configuration adds namespaces to the excluded list, actually whitelisting them
additionalExcludedNamespaces: []
enforcementAction: deny
installDefaultPolicies: true
kyverno:
# this configuration adds namespaces to the excluded list, actually whitelisting them
additionalExcludedNamespaces: []
validationFailureAction: enforce
installDefaultPolicies: true
# dr module configuration
dr:
type: none
Expand Down
29 changes: 17 additions & 12 deletions docs/COMPATIBILITY_MATRIX.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ For a complete list of all KFD releases and their compatibility with Kubernetes

| KFD / Kubernetes Version | v1.27.X | v1.26.X | 1.25.X | 1.24.X |
| ----------------------------------------------------------------------------- | ------------------ | ------------------ | ------------------ | ------------------ |
| [v1.27.2](https://github.com/sighupio/fury-distribution/releases/tag/v1.27.2) | :white_check_mark: | | | |
| [v1.27.1](https://github.com/sighupio/fury-distribution/releases/tag/v1.27.1) | :white_check_mark: | | | |
| [v1.27.0](https://github.com/sighupio/fury-distribution/releases/tag/v1.27.0) | :white_check_mark: | | | |
| [v1.26.4](https://github.com/sighupio/fury-distribution/releases/tag/v1.26.4) | | :white_check_mark: | | |
Expand Down Expand Up @@ -42,18 +43,20 @@ For a complete list of all KFD releases and their compatibility with Kubernetes

### Furyctl and KFD compatibility

| Furyctl / KFD | 1.27.1 | 1.27.0 | 1.26.4 | 1.26.3 | 1.26.2 | 1.26.1 | 1.26.0 | 1.25.9 | 1.25.8 | 1.25.7 | 1.25.6 | 1.25.5 | 1.25.4 | 1.25.3 | 1.25.2 |
| -------------- | ------------------ | ------------------ | ------------------ | ------------------ | ------------------ | ------------------ | ------------------ | ------------------ | ------------------ | ------------------ | ------------------ | ------------------ | ------------------ | ------------------ | ------------------ |
| 0.27.0 | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | | | | :white_check_mark: | :white_check_mark: | | | | | | |
| 0.26.3 | | | | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | | :white_check_mark: | | | | | | |
| 0.26.2 | | | | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | | :white_check_mark: | | | | | | |
| 0.26.1 | | | | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | | | | | | | | |
| 0.26.0 | | | | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | | | | | | | | |
| 0.25.2 | | | | :warning: | :warning: | :warning: | :warning: | | | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | | |
| 0.25.1 | | | | | | | | | | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | | |
| 0.25.0 | | | | | | | | | | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | | |
| 0.25.0-beta.0 | | | | | | | | | | | | | | :white_check_mark: | |
| 0.25.0-alpha.1 | | | | | | | | | | | | | | | :white_check_mark: |
| Furyctl / KFD | 1.27.2 | 1.27.1 | 1.27.0 | 1.26.4 | 1.26.3 | 1.26.2 | 1.26.1 | 1.26.0 | 1.25.9 | 1.25.8 | 1.25.7 | 1.25.6 | 1.25.5 | 1.25.4 | 1.25.3 | 1.25.2 |
| -------------- | ------------------ | ------------------ | ------------------ | ------------------ | ------------------ | ------------------ | ------------------ | ------------------ | ------------------ | ------------------ | ------------------ | ------------------ | ------------------ | ------------------ | ------------------ | ------------------ |
| 0.27.2 | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | | | | :white_check_mark: | :white_check_mark: | | | | | | |
| 0.27.1 | | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | | | | :white_check_mark: | :white_check_mark: | | | | | | |
| 0.27.0 | | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | | | | :white_check_mark: | :white_check_mark: | | | | | | |
| 0.26.3 | | | | | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | | :white_check_mark: | | | | | | |
| 0.26.2 | | | | | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | | :white_check_mark: | | | | | | |
| 0.26.1 | | | | | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | | | | | | | | |
| 0.26.0 | | | | | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | | | | | | | | |
| 0.25.2 | | | | | :warning: | :warning: | :warning: | :warning: | | | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | | |
| 0.25.1 | | | | | | | | | | | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | | |
| 0.25.0 | | | | | | | | | | | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | | |
| 0.25.0-beta.0 | | | | | | | | | | | | | | | :white_check_mark: | |
| 0.25.0-alpha.1 | | | | | | | | | | | | | | | | :white_check_mark: |

See [Furyctl](https://github.com/sighupio/furyctl) repository for more informations on it's usage.

Expand All @@ -63,6 +66,8 @@ See [Furyctl](https://github.com/sighupio/furyctl) repository for more informati

| Furyctl / Providers | EKSCluster | KFDDistribution | OnPremises |
| ------------------- | ------------------ | ------------------ | ------------------ |
| 0.27.2 | :white_check_mark: | :white_check_mark: | :white_check_mark: |
| 0.27.1 | :white_check_mark: | :white_check_mark: | :white_check_mark: |
| 0.27.0 | :white_check_mark: | :white_check_mark: | :white_check_mark: |
| 0.26.3 | :white_check_mark: | :white_check_mark: | :white_check_mark: |
| 0.26.2 | :white_check_mark: | :white_check_mark: | :white_check_mark: |
Expand Down
33 changes: 33 additions & 0 deletions docs/releases/v1.27.2.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
# Kubernetes Fury Distribution Release v1.27.2

Welcome to KFD release `v1.27.2`.

The distribution is maintained with ❤️ by the team [SIGHUP](https://sighup.io/) it is battle tested in production environments.

## New Features since `v1.27.1`

This is a maintenance release enabling new features in furyctl automations. Changes include:

- Add: fields to manage the configuration on Kyverno and Gatekeeper to enable and disable the default included policies and also to change the enforcement mode on them (e.g. dryrun instead of deny).
- Add: use latest on-premises installer versions that includes new features for containerd (support for NVIDIA container toolkit and custom registries configurations).
- Add: field to opt-out from alertmanager's default configuration and use a custom one instead. The new supported field of the configuration file is:
- `.spec.distribution.modules.monitoring.alertmanager.installDefaultRules`
- Add: support for field migrations to trigger automatic reconfiguration of the distribution. The new supported fields of the configuration file are:
- `.spec.distribution.modules.auth.provider.type`
- `.spec.distribution.modules.dr.type`
- `.spec.distribution.modules.dr.velero.backend`
- `.spec.distribution.modules.ingress.nginx.type`
- `.spec.distribution.modules.monitoring.type`
- `.spec.distribution.modules.policy.gatekeeper.installDefaultPolicies`
- `.spec.distribution.modules.policy.kyverno.installDefaultPolicies`
- `.spec.distribution.modules.policy.type`
- `.spec.distribution.modules.tracing.tempo.backend`
- `.spec.distribution.modules.tracing.type`
- Enhancement: improved and added new end-to-end tests to cover migrations using the KFDDistribution kind.
- Enhancement: avoid errors when applying manifests due to Prometheus CRDs not being present when Monitoring type is none.
- Enhancement: don't warn the user and don't ask for confirmation when migrations are safe to apply.
- Fix: additional excluded namespaces option for Kyverno is now working as expected.

## Upgrade procedure

Check the [upgrade docs](https://github.com/sighupio/furyctl/tree/main/docs/upgrades/kfd) for the detailed procedure.

0 comments on commit da7fc01

Please sign in to comment.