diff --git a/roles/container-engine/cri-o/defaults/main.yml b/roles/container-engine/cri-o/defaults/main.yml index 2ff6d73e9..6724b7424 100644 --- a/roles/container-engine/cri-o/defaults/main.yml +++ b/roles/container-engine/cri-o/defaults/main.yml @@ -37,7 +37,7 @@ crio_signature_policy: "{% if ansible_os_family == 'ClearLinux' %}/usr/share/def crio_stream_port: "10010" -crio_required_version: "{{ kube_version | regex_replace('^v(?P\\d+).(?P\\d+).(?P\\d+)$', '\\g.\\g') }}" +crio_required_version: "{{ kube_version | regex_replace('^(?P\\d+).(?P\\d+).(?P\\d+)$', '\\g.\\g') }}" crio_root: "/var/lib/containers/storage" diff --git a/roles/container-engine/cri-o/tasks/load_vars.yml b/roles/container-engine/cri-o/tasks/load_vars.yml index b7f902f20..99fc9647c 100644 --- a/roles/container-engine/cri-o/tasks/load_vars.yml +++ b/roles/container-engine/cri-o/tasks/load_vars.yml @@ -1,8 +1,8 @@ --- - name: Cri-o | include vars/v1.29.yml include_vars: v1.29.yml - when: crio_version is version("v1.29.0", operator=">=") + when: crio_version is version("1.29.0", operator=">=") - name: Cri-o | include vars/v1.31.yml include_vars: v1.31.yml - when: crio_version is version("v1.31.0", operator=">=") + when: crio_version is version("1.31.0", operator=">=") diff --git a/roles/container-engine/cri-o/tasks/reset.yml b/roles/container-engine/cri-o/tasks/reset.yml index 7f573ead4..485352fb7 100644 --- a/roles/container-engine/cri-o/tasks/reset.yml +++ b/roles/container-engine/cri-o/tasks/reset.yml @@ -19,7 +19,7 @@ - name: CRI-O | Remove cri-o apt repo apt_repository: - repo: "deb {{ crio_download_crio }}{{ crio_version }}/{{ crio_kubic_debian_repo_name }}/ /" + repo: "deb {{ crio_download_crio }}v{{ crio_version }}/{{ crio_kubic_debian_repo_name }}/ /" state: absent filename: devel-kubic-libcontainers-stable-cri-o when: crio_kubic_debian_repo_name is defined @@ -36,7 +36,7 @@ - name: CRI-O | Remove CRI-O kubic yum repo yum_repository: - name: "devel_kubic_libcontainers_stable_cri-o_{{ crio_version }}" + name: "devel_kubic_libcontainers_stable_cri-o_v{{ crio_version }}" state: absent when: - ansible_os_family == "RedHat" diff --git a/roles/container-engine/cri-o/templates/crio.conf.j2 b/roles/container-engine/cri-o/templates/crio.conf.j2 index a54daa79c..46b04cfe6 100644 --- a/roles/container-engine/cri-o/templates/crio.conf.j2 +++ b/roles/container-engine/cri-o/templates/crio.conf.j2 @@ -374,7 +374,7 @@ enable_metrics = {{ crio_enable_metrics | bool | lower }} # The port on which the metrics server will listen. metrics_port = {{ crio_metrics_port }} -{% if nri_enabled and crio_version is version('v1.26.0', operator='>=') %} +{% if nri_enabled and crio_version is version('1.26.0', operator='>=') %} [crio.nri] enable_nri=true diff --git a/roles/download/templates/kubeadm-images.yaml.j2 b/roles/download/templates/kubeadm-images.yaml.j2 index b40f2269b..edf99cf2b 100644 --- a/roles/download/templates/kubeadm-images.yaml.j2 +++ b/roles/download/templates/kubeadm-images.yaml.j2 @@ -6,7 +6,7 @@ nodeRegistration: apiVersion: kubeadm.k8s.io/{{ kubeadm_config_api_version }} kind: ClusterConfiguration imageRepository: {{ kube_image_repo }} -kubernetesVersion: {{ kube_version }} +kubernetesVersion: v{{ kube_version }} etcd: {% if etcd_deployment_type == "kubeadm" %} local: diff --git a/roles/etcd/tasks/install_host.yml b/roles/etcd/tasks/install_host.yml index eb67952ea..8dca96546 100644 --- a/roles/etcd/tasks/install_host.yml +++ b/roles/etcd/tasks/install_host.yml @@ -3,6 +3,7 @@ command: "{{ bin_dir }}/etcd --version" register: etcd_current_host_version # There's a chance this play could run before etcd is installed at all + # TODO: figure out whether this happens. "A chance" is not enough information ignore_errors: true when: etcd_cluster_setup @@ -11,18 +12,18 @@ notify: Restart etcd when: - etcd_cluster_setup - - etcd_version.lstrip('v') not in etcd_current_host_version.stdout | default('') + - etcd_version not in etcd_current_host_version.stdout | default('') - name: Restart etcd-events if necessary command: /bin/true notify: Restart etcd-events when: - etcd_events_cluster_setup - - etcd_version.lstrip('v') not in etcd_current_host_version.stdout | default('') + - etcd_version not in etcd_current_host_version.stdout | default('') - name: Install | Copy etcd binary from download dir copy: - src: "{{ local_release_dir }}/etcd-{{ etcd_version }}-linux-{{ host_architecture }}/{{ item }}" + src: "{{ local_release_dir }}/etcd-v{{ etcd_version }}-linux-{{ host_architecture }}/{{ item }}" dest: "{{ bin_dir }}/{{ item }}" mode: "0755" remote_src: true diff --git a/roles/etcdctl_etcdutl/tasks/main.yml b/roles/etcdctl_etcdutl/tasks/main.yml index 053e14295..cf4d4ea38 100644 --- a/roles/etcdctl_etcdutl/tasks/main.yml +++ b/roles/etcdctl_etcdutl/tasks/main.yml @@ -29,7 +29,7 @@ - name: Copy etcdctl and etcdutl binary from download dir copy: - src: "{{ local_release_dir }}/etcd-{{ etcd_version }}-linux-{{ host_architecture }}/{{ item }}" + src: "{{ local_release_dir }}/etcd-v{{ etcd_version }}-linux-{{ host_architecture }}/{{ item }}" dest: "{{ bin_dir }}/{{ item }}" mode: "0755" remote_src: true diff --git a/roles/kubernetes-apps/argocd/defaults/main.yml b/roles/kubernetes-apps/argocd/defaults/main.yml index b164b624f..99c2e2daa 100644 --- a/roles/kubernetes-apps/argocd/defaults/main.yml +++ b/roles/kubernetes-apps/argocd/defaults/main.yml @@ -1,6 +1,6 @@ --- argocd_enabled: false -argocd_version: v2.11.0 +argocd_version: 2.11.0 argocd_namespace: argocd # argocd_admin_password: -argocd_install_url: "https://raw.githubusercontent.com/argoproj/argo-cd/{{ argocd_version }}/manifests/install.yaml" +argocd_install_url: "https://raw.githubusercontent.com/argoproj/argo-cd/v{{ argocd_version }}/manifests/install.yaml" diff --git a/roles/kubernetes-apps/gateway_api/defaults/main.yml b/roles/kubernetes-apps/gateway_api/defaults/main.yml index 9896bbf0f..e04500887 100644 --- a/roles/kubernetes-apps/gateway_api/defaults/main.yml +++ b/roles/kubernetes-apps/gateway_api/defaults/main.yml @@ -1,4 +1,4 @@ --- gateway_api_enabled: false -gateway_api_version: v1.1.0 +gateway_api_version: 1.1.0 gateway_api_experimental_channel: false diff --git a/roles/kubernetes-apps/meta/main.yml b/roles/kubernetes-apps/meta/main.yml index 17b33d005..01cf315f3 100644 --- a/roles/kubernetes-apps/meta/main.yml +++ b/roles/kubernetes-apps/meta/main.yml @@ -121,7 +121,7 @@ dependencies: - role: kubernetes-apps/scheduler_plugins when: - scheduler_plugins_enabled - - kube_major_version is version('v1.29', '<') + - kube_major_version is version('1.29', '<') - inventory_hostname == groups['kube_control_plane'][0] tags: - scheduler_plugins diff --git a/roles/kubernetes-apps/metallb/templates/metallb.yaml.j2 b/roles/kubernetes-apps/metallb/templates/metallb.yaml.j2 index ebdea51e3..5ea89e944 100644 --- a/roles/kubernetes-apps/metallb/templates/metallb.yaml.j2 +++ b/roles/kubernetes-apps/metallb/templates/metallb.yaml.j2 @@ -1716,7 +1716,7 @@ spec: value: memberlist - name: METALLB_DEPLOYMENT value: controller - image: "{{ metallb_controller_image_repo }}:{{ metallb_version }}" + image: "{{ metallb_controller_image_repo }}:v{{ metallb_version }}" livenessProbe: failureThreshold: 3 httpGet: @@ -1824,7 +1824,7 @@ spec: secretKeyRef: key: secretkey name: memberlist - image: "{{ metallb_speaker_image_repo }}:{{ metallb_version }}" + image: "{{ metallb_speaker_image_repo }}:v{{ metallb_version }}" livenessProbe: failureThreshold: 3 httpGet: diff --git a/roles/kubernetes/control-plane/defaults/main/main.yml b/roles/kubernetes/control-plane/defaults/main/main.yml index 1a201aee7..e5291d137 100644 --- a/roles/kubernetes/control-plane/defaults/main/main.yml +++ b/roles/kubernetes/control-plane/defaults/main/main.yml @@ -110,11 +110,11 @@ kube_apiserver_admission_event_rate_limits: {} ## PodSecurityAdmission plugin configuration kube_pod_security_use_default: false kube_pod_security_default_enforce: baseline -kube_pod_security_default_enforce_version: "{{ kube_major_version }}" +kube_pod_security_default_enforce_version: "v{{ kube_major_version }}" kube_pod_security_default_audit: restricted -kube_pod_security_default_audit_version: "{{ kube_major_version }}" +kube_pod_security_default_audit_version: "v{{ kube_major_version }}" kube_pod_security_default_warn: restricted -kube_pod_security_default_warn_version: "{{ kube_major_version }}" +kube_pod_security_default_warn_version: "v{{ kube_major_version }}" kube_pod_security_exemptions_usernames: [] kube_pod_security_exemptions_runtime_class_names: [] kube_pod_security_exemptions_namespaces: diff --git a/roles/kubernetes/control-plane/tasks/kubeadm-upgrade.yml b/roles/kubernetes/control-plane/tasks/kubeadm-upgrade.yml index cc7987be4..241c2333b 100644 --- a/roles/kubernetes/control-plane/tasks/kubeadm-upgrade.yml +++ b/roles/kubernetes/control-plane/tasks/kubeadm-upgrade.yml @@ -13,7 +13,7 @@ command: >- timeout -k 600s 600s {{ bin_dir }}/kubeadm - upgrade apply -y {{ kube_version }} + upgrade apply -y v{{ kube_version }} --certificate-renewal={{ kubeadm_upgrade_auto_cert_renewal }} --ignore-preflight-errors={{ kubeadm_ignore_preflight_errors | join(',') }} --allow-experimental-upgrades @@ -34,7 +34,7 @@ command: >- timeout -k 600s 600s {{ bin_dir }}/kubeadm - upgrade apply -y {{ kube_version }} + upgrade apply -y v{{ kube_version }} --certificate-renewal={{ kubeadm_upgrade_auto_cert_renewal }} --ignore-preflight-errors={{ kubeadm_ignore_preflight_errors | join(',') }} --allow-experimental-upgrades diff --git a/roles/kubernetes/control-plane/tasks/main.yml b/roles/kubernetes/control-plane/tasks/main.yml index d9647150c..fce71db93 100644 --- a/roles/kubernetes/control-plane/tasks/main.yml +++ b/roles/kubernetes/control-plane/tasks/main.yml @@ -25,7 +25,7 @@ mode: "0640" vars: authz_config: - apiVersion: apiserver.config.k8s.io/{{ 'v1alpha1' if kube_version is version('v1.30.0', '<') else 'v1beta1' if kube_version is version('v1.32.0', '<') else 'v1' }} + apiVersion: apiserver.config.k8s.io/{{ 'v1alpha1' if kube_version is version('1.30.0', '<') else 'v1beta1' if kube_version is version('1.32.0', '<') else 'v1' }} kind: AuthorizationConfiguration authorizers: "{{ kube_apiserver_authorization_config_authorizers }}" when: kube_apiserver_use_authorization_config_file diff --git a/roles/kubernetes/control-plane/templates/kubeadm-config.v1beta3.yaml.j2 b/roles/kubernetes/control-plane/templates/kubeadm-config.v1beta3.yaml.j2 index 349942044..e8af50964 100644 --- a/roles/kubernetes/control-plane/templates/kubeadm-config.v1beta3.yaml.j2 +++ b/roles/kubernetes/control-plane/templates/kubeadm-config.v1beta3.yaml.j2 @@ -104,7 +104,7 @@ featureGates: {{ feature | replace("=", ": ") }} {% endfor %} {% endif %} -kubernetesVersion: {{ kube_version }} +kubernetesVersion: v{{ kube_version }} {% if kubeadm_config_api_fqdn is defined %} controlPlaneEndpoint: "{{ kubeadm_config_api_fqdn }}:{{ loadbalancer_apiserver.port | default(kube_apiserver_port) }}" {% else %} diff --git a/roles/kubernetes/control-plane/templates/kubeadm-config.v1beta4.yaml.j2 b/roles/kubernetes/control-plane/templates/kubeadm-config.v1beta4.yaml.j2 index dce73ad3b..2bd984b59 100644 --- a/roles/kubernetes/control-plane/templates/kubeadm-config.v1beta4.yaml.j2 +++ b/roles/kubernetes/control-plane/templates/kubeadm-config.v1beta4.yaml.j2 @@ -116,7 +116,7 @@ featureGates: {{ feature | replace("=", ": ") }} {% endfor %} {% endif %} -kubernetesVersion: {{ kube_version }} +kubernetesVersion: v{{ kube_version }} {% if kubeadm_config_api_fqdn is defined %} controlPlaneEndpoint: "{{ kubeadm_config_api_fqdn }}:{{ loadbalancer_apiserver.port | default(kube_apiserver_port) }}" {% else %} diff --git a/roles/kubernetes/node/defaults/main.yml b/roles/kubernetes/node/defaults/main.yml index 7bd4a9c4a..9ad0ab0e4 100644 --- a/roles/kubernetes/node/defaults/main.yml +++ b/roles/kubernetes/node/defaults/main.yml @@ -61,7 +61,7 @@ eviction_hard_control_plane: {} kubelet_status_update_frequency: 10s # kube-vip -kube_vip_version: v0.8.0 +kube_vip_version: 0.8.0 kube_vip_arp_enabled: false kube_vip_interface: diff --git a/roles/kubespray-defaults/vars/main.yml b/roles/kubespray-defaults/vars/main.yml index 3b8be9465..6737b8efa 100644 --- a/roles/kubespray-defaults/vars/main.yml +++ b/roles/kubespray-defaults/vars/main.yml @@ -4,7 +4,7 @@ kube_proxy_deployed: "{{ 'addon/kube-proxy' not in kubeadm_init_phases_skip }}" # The lowest version allowed to upgrade from (same as calico_version in the previous branch) -calico_min_version_required: "v3.19.4" +calico_min_version_required: "3.27.0" containerd_min_version_required: "1.3.7" diff --git a/roles/network_plugin/calico/tasks/check.yml b/roles/network_plugin/calico/tasks/check.yml index 0991d5551..a93fe1f73 100644 --- a/roles/network_plugin/calico/tasks/check.yml +++ b/roles/network_plugin/calico/tasks/check.yml @@ -65,7 +65,7 @@ - name: Assert that current calico version is enough for upgrade assert: that: - - calico_version_on_server.stdout is version(calico_min_version_required, '>=') + - calico_version_on_server.stdout.removeprefix('v') is version(calico_min_version_required, '>=') msg: > Your version of calico is not fresh enough for upgrade. Minimum version is {{ calico_min_version_required }} supported by the previous kubespray release. diff --git a/roles/network_plugin/calico/tasks/install.yml b/roles/network_plugin/calico/tasks/install.yml index 70cdc1d00..52bd5c452 100644 --- a/roles/network_plugin/calico/tasks/install.yml +++ b/roles/network_plugin/calico/tasks/install.yml @@ -128,18 +128,18 @@ block: - name: Calico | Check if extra directory is needed stat: - path: "{{ local_release_dir }}/calico-{{ calico_version }}-kdd-crds/{{ 'kdd' if (calico_version is version('v3.22.3', '<')) else 'crd' }}" + path: "{{ local_release_dir }}/calico-{{ calico_version }}-kdd-crds/{{ 'kdd' if (calico_version is version('3.22.3', '<')) else 'crd' }}" register: kdd_path - name: Calico | Set kdd path when calico < v3.22.3 set_fact: calico_kdd_path: "{{ local_release_dir }}/calico-{{ calico_version }}-kdd-crds{{ '/kdd' if kdd_path.stat.exists is defined and kdd_path.stat.exists }}" when: - - calico_version is version('v3.22.3', '<') - - name: Calico | Set kdd path when calico > v3.22.2 + - calico_version is version('3.22.3', '<') + - name: Calico | Set kdd path when calico > 3.22.2 set_fact: calico_kdd_path: "{{ local_release_dir }}/calico-{{ calico_version }}-kdd-crds{{ '/crd' if kdd_path.stat.exists is defined and kdd_path.stat.exists }}" when: - - calico_version is version('v3.22.2', '>') + - calico_version is version('3.22.2', '>') - name: Calico | Create calico manifests for kdd assemble: src: "{{ calico_kdd_path }}" diff --git a/roles/network_plugin/calico/tasks/peer_with_router.yml b/roles/network_plugin/calico/tasks/peer_with_router.yml index 333494724..ec4104bbe 100644 --- a/roles/network_plugin/calico/tasks/peer_with_router.yml +++ b/roles/network_plugin/calico/tasks/peer_with_router.yml @@ -97,10 +97,10 @@ "asNumber": "{{ item.as }}", "node": "{{ inventory_hostname }}", "peerIP": "{{ item.router_id }}", - {% if calico_version is version('v3.26.0', '>=') and (item.filters | default([]) | length > 0) %} + {% if calico_version is version('3.26.0', '>=') and (item.filters | default([]) | length > 0) %} "filters": {{ item.filters }}, {% endif %} - {% if calico_version is version('v3.23.0', '>=') and (item.numallowedlocalasnumbers | default(0) > 0) %} + {% if calico_version is version('3.23.0', '>=') and (item.numallowedlocalasnumbers | default(0) > 0) %} "numAllowedLocalASNumbers": {{ item.numallowedlocalasnumbers }}, {% endif %} "sourceAddress": "{{ item.sourceaddress | default('UseNodeIP') }}" diff --git a/roles/network_plugin/calico/templates/calico-apiserver.yml.j2 b/roles/network_plugin/calico/templates/calico-apiserver.yml.j2 index 837dd23b2..e49c2b2d0 100644 --- a/roles/network_plugin/calico/templates/calico-apiserver.yml.j2 +++ b/roles/network_plugin/calico/templates/calico-apiserver.yml.j2 @@ -72,7 +72,7 @@ spec: initialDelaySeconds: 90 periodSeconds: 10 name: calico-apiserver -{% if calico_version is version('v3.28.0', '>=') %} +{% if calico_version is version('3.28.0', '>=') %} readinessProbe: httpGet: path: /readyz @@ -184,7 +184,7 @@ rules: - create - update - delete -{% if calico_version is version('v3.28.0', '>=') %} +{% if calico_version is version('3.28.0', '>=') %} - apiGroups: - policy resourceNames: diff --git a/roles/network_plugin/cilium/defaults/main.yml b/roles/network_plugin/cilium/defaults/main.yml index 535d576bd..9b754b856 100644 --- a/roles/network_plugin/cilium/defaults/main.yml +++ b/roles/network_plugin/cilium/defaults/main.yml @@ -11,7 +11,7 @@ cilium_enable_ipv6: "{{ ipv6_stack }}" cilium_l2announcements: false # Cilium agent health port -cilium_agent_health_port: "{%- if cilium_version | regex_replace('v') is version('1.11.6', '>=') -%}9879{%- else -%}9876{%- endif -%}" +cilium_agent_health_port: "{%- if cilium_version is version('1.11.6', '>=') -%}9879{%- else -%}9876{%- endif -%}" # Identity allocation mode selects how identities are shared between cilium # nodes by setting how they are stored. The options are "crd" or "kvstore". @@ -307,9 +307,9 @@ cilium_rolling_restart_wait_retries_count: 30 cilium_rolling_restart_wait_retries_delay_seconds: 10 # Cilium changed the default metrics exporter ports in 1.12 -cilium_agent_scrape_port: "{{ cilium_version | regex_replace('v') is version('1.12', '>=') | ternary('9962', '9090') }}" -cilium_operator_scrape_port: "{{ cilium_version | regex_replace('v') is version('1.12', '>=') | ternary('9963', '6942') }}" -cilium_hubble_scrape_port: "{{ cilium_version | regex_replace('v') is version('1.12', '>=') | ternary('9965', '9091') }}" +cilium_agent_scrape_port: "{{ cilium_version is version('1.12', '>=') | ternary('9962', '9090') }}" +cilium_operator_scrape_port: "{{ cilium_version is version('1.12', '>=') | ternary('9963', '6942') }}" +cilium_hubble_scrape_port: "{{ cilium_version is version('1.12', '>=') | ternary('9965', '9091') }}" # Cilium certgen args for generate certificate for hubble mTLS cilium_certgen_args: diff --git a/roles/network_plugin/cilium/tasks/check.yml b/roles/network_plugin/cilium/tasks/check.yml index 34a5afebb..11fcb23fb 100644 --- a/roles/network_plugin/cilium/tasks/check.yml +++ b/roles/network_plugin/cilium/tasks/check.yml @@ -48,9 +48,9 @@ msg: "cilium_encryption_type must be either 'ipsec' or 'wireguard'" when: cilium_encryption_enabled -- name: Stop if cilium_version is < v1.10.0 +- name: Stop if cilium_version is < 1.10.0 assert: - that: cilium_version | regex_replace('v') is version(cilium_min_version_required, '>=') + that: cilium_version is version(cilium_min_version_required, '>=') msg: "cilium_version is too low. Minimum version {{ cilium_min_version_required }}" # TODO: Clean this task up when we drop backward compatibility support for `cilium_ipsec_enabled` diff --git a/roles/network_plugin/cilium/templates/cilium-operator/cr.yml.j2 b/roles/network_plugin/cilium/templates/cilium-operator/cr.yml.j2 index ff88b2034..038d25fa8 100644 --- a/roles/network_plugin/cilium/templates/cilium-operator/cr.yml.j2 +++ b/roles/network_plugin/cilium/templates/cilium-operator/cr.yml.j2 @@ -88,22 +88,22 @@ rules: - ciliumlocalredirectpolicies - ciliumlocalredirectpolicies/status - ciliumlocalredirectpolicies/finalizers -{% if cilium_version | regex_replace('v') is version('1.11', '>=') %} +{% if cilium_version is version('1.11', '>=') %} - ciliumendpointslices {% endif %} -{% if cilium_version | regex_replace('v') is version('1.12', '>=') %} +{% if cilium_version is version('1.12', '>=') %} - ciliumbgploadbalancerippools - ciliumloadbalancerippools - ciliumloadbalancerippools/status - ciliumbgppeeringpolicies - ciliumenvoyconfigs {% endif %} -{% if cilium_version | regex_replace('v') is version('1.15', '>=') %} +{% if cilium_version is version('1.15', '>=') %} - ciliumbgppeerconfigs - ciliumbgpadvertisements - ciliumbgpnodeconfigs {% endif %} -{% if cilium_version | regex_replace('v') is version('1.16', '>=') %} +{% if cilium_version is version('1.16', '>=') %} - ciliumbgpclusterconfigs - ciliumbgpclusterconfigs/status - ciliumbgpnodeconfigoverrides @@ -134,7 +134,7 @@ rules: - create - get - update -{% if cilium_version | regex_replace('v') is version('1.12', '>=') %} +{% if cilium_version is version('1.12', '>=') %} - apiGroups: - apiextensions.k8s.io resources: @@ -156,14 +156,14 @@ rules: - ciliumlocalredirectpolicies.cilium.io - ciliumnetworkpolicies.cilium.io - ciliumnodes.cilium.io -{% if cilium_version | regex_replace('v') is version('1.14', '>=') %} +{% if cilium_version is version('1.14', '>=') %} - ciliumnodeconfigs.cilium.io - ciliumcidrgroups.cilium.io - ciliuml2announcementpolicies.cilium.io - ciliumpodippools.cilium.io - ciliumloadbalancerippools.cilium.io {% endif %} -{% if cilium_version | regex_replace('v') is version('1.15', '>=') %} +{% if cilium_version is version('1.15', '>=') %} - ciliumbgpclusterconfigs.cilium.io - ciliumbgppeerconfigs.cilium.io - ciliumbgpadvertisements.cilium.io diff --git a/roles/network_plugin/cilium/templates/cilium/config.yml.j2 b/roles/network_plugin/cilium/templates/cilium/config.yml.j2 index 9cae26795..df3c8414a 100644 --- a/roles/network_plugin/cilium/templates/cilium/config.yml.j2 +++ b/roles/network_plugin/cilium/templates/cilium/config.yml.j2 @@ -69,7 +69,7 @@ data: # custom-cni-conf to "true", otherwise Cilium may overwrite the configuration. custom-cni-conf: "false" -{% if cilium_version | regex_replace('v') is version('1.14.0', '>=') %} +{% if cilium_version is version('1.14.0', '>=') %} # Tell the agent to generate and write a CNI configuration file write-cni-conf-when-ready: /host/etc/cni/net.d/05-cilium.conflist cni-exclusive: "{{ cilium_cni_exclusive }}" @@ -122,11 +122,11 @@ data: # - disabled # - vxlan (default) # - geneve -{% if cilium_version | regex_replace('v') is version('1.14.0', '<') %} +{% if cilium_version is version('1.14.0', '<') %} tunnel: "{{ cilium_tunnel_mode }}" -{% elif cilium_version | regex_replace('v') is version('1.14.0', '>=') and cilium_tunnel_mode == 'disabled' %} +{% elif cilium_version is version('1.14.0', '>=') and cilium_tunnel_mode == 'disabled' %} routing-mode: 'native' -{% elif cilium_version | regex_replace('v') is version('1.14.0', '>=') and cilium_tunnel_mode != 'disabled' %} +{% elif cilium_version is version('1.14.0', '>=') and cilium_tunnel_mode != 'disabled' %} routing-mode: 'tunnel' tunnel-protocol: "{{ cilium_tunnel_mode }}" {% endif %} @@ -162,7 +162,7 @@ data: # `wait-bpf-mount` is removed after v1.10.4 # https://github.com/cilium/cilium/commit/d2217045cb3726a7f823174e086913b69b8090da -{% if cilium_version | regex_replace('v') is version('1.10.4', '<') %} +{% if cilium_version is version('1.10.4', '<') %} # wait-bpf-mount makes init container wait until bpf filesystem is mounted wait-bpf-mount: "false" {% endif %} @@ -170,7 +170,7 @@ data: # `kube-proxy-replacement=partial|strict|disabled` is deprecated since january 2024 and unsupported in 1.16. # Replaced by `kube-proxy-replacement=true|false` # https://github.com/cilium/cilium/pull/31286 -{% if cilium_version | regex_replace('v') is version('1.16', '<') %} +{% if cilium_version is version('1.16', '<') %} kube-proxy-replacement: "{{ cilium_kube_proxy_replacement }}" {% else %} kube-proxy-replacement: "{% if (cilium_kube_proxy_replacement == 'strict') or (cilium_kube_proxy_replacement | bool) or (cilium_kube_proxy_replacement | string | lower == 'true') %}true{% else %}false{% endif %}" @@ -179,7 +179,7 @@ data: # `native-routing-cidr` is deprecated in 1.10, removed in 1.12. # Replaced by `ipv4-native-routing-cidr` # https://github.com/cilium/cilium/pull/16695 -{% if cilium_version | regex_replace('v') is version('1.12', '<') %} +{% if cilium_version is version('1.12', '<') %} native-routing-cidr: "{{ cilium_native_routing_cidr }}" {% else %} {% if cilium_native_routing_cidr | length %} @@ -253,7 +253,7 @@ data: agent-health-port: "{{ cilium_agent_health_port }}" -{% if cilium_version | regex_replace('v') is version('1.11', '>=') and cilium_cgroup_host_root != '' %} +{% if cilium_version is version('1.11', '>=') and cilium_cgroup_host_root != '' %} cgroup-root: "{{ cilium_cgroup_host_root }}" {% endif %} diff --git a/roles/network_plugin/cilium/templates/cilium/cr.yml.j2 b/roles/network_plugin/cilium/templates/cilium/cr.yml.j2 index fd3a4b7c2..055c0f43c 100644 --- a/roles/network_plugin/cilium/templates/cilium/cr.yml.j2 +++ b/roles/network_plugin/cilium/templates/cilium/cr.yml.j2 @@ -38,7 +38,7 @@ rules: - secrets verbs: - get -{% if cilium_version | regex_replace('v') is version('1.12', '<') %} +{% if cilium_version is version('1.12', '<') %} - apiGroups: - "" resources: @@ -98,17 +98,17 @@ rules: - ciliumlocalredirectpolicies - ciliumlocalredirectpolicies/status - ciliumegressnatpolicies -{% if cilium_version | regex_replace('v') is version('1.11', '>=') %} +{% if cilium_version is version('1.11', '>=') %} - ciliumendpointslices {% endif %} -{% if cilium_version | regex_replace('v') is version('1.12', '>=') %} +{% if cilium_version is version('1.12', '>=') %} - ciliumbgploadbalancerippools - ciliumbgppeeringpolicies -{% if cilium_version | regex_replace('v') is version('1.13', '>=') %} +{% if cilium_version is version('1.13', '>=') %} - ciliumloadbalancerippools {% endif %} {% endif %} -{% if cilium_version | regex_replace('v') is version('1.11.5', '<') %} +{% if cilium_version is version('1.11.5', '<') %} - ciliumnetworkpolicies/finalizers - ciliumclusterwidenetworkpolicies/finalizers - ciliumendpoints/finalizers @@ -116,21 +116,21 @@ rules: - ciliumidentities/finalizers - ciliumlocalredirectpolicies/finalizers {% endif %} -{% if cilium_version | regex_replace('v') is version('1.14', '>=') %} +{% if cilium_version is version('1.14', '>=') %} - ciliuml2announcementpolicies/status {% endif %} -{% if cilium_version | regex_replace('v') is version('1.15', '>=') %} +{% if cilium_version is version('1.15', '>=') %} - ciliumbgpnodeconfigs - ciliumbgpnodeconfigs/status - ciliumbgpadvertisements - ciliumbgppeerconfigs {% endif %} -{% if cilium_version | regex_replace('v') is version('1.16', '>=') %} +{% if cilium_version is version('1.16', '>=') %} - ciliumbgpclusterconfigs {% endif %} verbs: - '*' -{% if cilium_version | regex_replace('v') is version('1.12', '>=') %} +{% if cilium_version is version('1.12', '>=') %} - apiGroups: - cilium.io resources: @@ -141,7 +141,7 @@ rules: - list - watch {% endif %} -{% if cilium_version | regex_replace('v') is version('1.14', '>=') %} +{% if cilium_version is version('1.14', '>=') %} - apiGroups: - cilium.io resources: @@ -153,7 +153,6 @@ rules: verbs: - list - watch -{% if cilium_version %} - apiGroups: - coordination.k8s.io resources: @@ -165,4 +164,3 @@ rules: - list - delete {% endif %} -{% endif %} diff --git a/roles/network_plugin/cilium/templates/cilium/ds.yml.j2 b/roles/network_plugin/cilium/templates/cilium/ds.yml.j2 index fcbec8577..8371d85d1 100644 --- a/roles/network_plugin/cilium/templates/cilium/ds.yml.j2 +++ b/roles/network_plugin/cilium/templates/cilium/ds.yml.j2 @@ -106,13 +106,13 @@ spec: - {{ env_var | to_nice_yaml(indent=2) | indent(10) }} {% endfor %} lifecycle: -{% if cilium_version | regex_replace('v') is version('1.14', '<') %} +{% if cilium_version is version('1.14', '<') %} postStart: exec: command: - "/cni-install.sh" - "--cni-exclusive={{ cilium_cni_exclusive | string | lower }}" -{% if cilium_version | regex_replace('v') is version('1.12', '>=') %} +{% if cilium_version is version('1.12', '>=') %} - "--enable-debug={{ cilium_debug | string | lower }}" - "--log-file={{ cilium_cni_log_file }}" {% endif %} @@ -151,7 +151,7 @@ spec: mountPropagation: Bidirectional - name: cilium-run mountPath: /var/run/cilium -{% if cilium_version | regex_replace('v') is version('1.13.1', '<') %} +{% if cilium_version is version('1.13.1', '<') %} - name: cni-path mountPath: /host/opt/cni/bin {% endif %} @@ -201,7 +201,7 @@ spec: {% endif %} hostNetwork: true initContainers: -{% if cilium_version | regex_replace('v') is version('1.11', '>=') and cilium_cgroup_auto_mount %} +{% if cilium_version is version('1.11', '>=') and cilium_cgroup_auto_mount %} - name: mount-cgroup image: "{{ cilium_image_repo }}:{{ cilium_image_tag }}" imagePullPolicy: {{ k8s_image_pull_policy }} @@ -230,7 +230,7 @@ spec: securityContext: privileged: true {% endif %} -{% if cilium_version | regex_replace('v') is version('1.11.7', '>=') %} +{% if cilium_version is version('1.11.7', '>=') %} - name: apply-sysctl-overwrites image: "{{ cilium_image_repo }}:{{ cilium_image_tag }}" imagePullPolicy: {{ k8s_image_pull_policy }} @@ -277,7 +277,7 @@ spec: optional: true # Removed in 1.11 and up. # https://github.com/cilium/cilium/commit/f7a3f59fd74983c600bfce9cac364b76d20849d9 -{% if cilium_version | regex_replace('v') is version('1.11', '<') %} +{% if cilium_version is version('1.11', '<') %} - name: CILIUM_WAIT_BPF_MOUNT valueFrom: configMapKeyRef: @@ -296,7 +296,7 @@ spec: volumeMounts: - name: bpf-maps mountPath: /sys/fs/bpf -{% if cilium_version | regex_replace('v') is version('1.11', '>=') %} +{% if cilium_version is version('1.11', '>=') %} # Required to mount cgroup filesystem from the host to cilium agent pod - name: cilium-cgroup mountPath: {{ cilium_cgroup_host_root }} @@ -308,7 +308,7 @@ spec: requests: cpu: 100m memory: 100Mi -{% if cilium_version | regex_replace('v') is version('1.13.1', '>=') %} +{% if cilium_version is version('1.13.1', '>=') %} # Install the CNI binaries in an InitContainer so we don't have a writable host mount in the agent - name: install-cni-binaries image: "{{ cilium_image_repo }}:{{ cilium_image_tag }}" @@ -356,7 +356,7 @@ spec: hostPath: path: /sys/fs/bpf type: DirectoryOrCreate -{% if cilium_version | regex_replace('v') is version('1.11', '>=') %} +{% if cilium_version is version('1.11', '>=') %} # To mount cgroup2 filesystem on the host - name: hostproc hostPath: diff --git a/scripts/Dockerfile.j2 b/scripts/Dockerfile.j2 index c22f3fe4b..46d3b9abf 100644 --- a/scripts/Dockerfile.j2 +++ b/scripts/Dockerfile.j2 @@ -35,8 +35,8 @@ RUN --mount=type=bind,source=requirements.txt,target=requirements.txt \ SHELL ["/bin/bash", "-o", "pipefail", "-c"] RUN OS_ARCHITECTURE=$(dpkg --print-architecture) \ - && curl -L "https://dl.k8s.io/release/{{ kube_version }}/bin/linux/${OS_ARCHITECTURE}/kubectl" -o /usr/local/bin/kubectl \ - && echo "$(curl -L "https://dl.k8s.io/release/{{ kube_version }}/bin/linux/${OS_ARCHITECTURE}/kubectl.sha256")" /usr/local/bin/kubectl | sha256sum --check \ + && curl -L "https://dl.k8s.io/release/v{{ kube_version }}/bin/linux/${OS_ARCHITECTURE}/kubectl" -o /usr/local/bin/kubectl \ + && echo "$(curl -L "https://dl.k8s.io/release/v{{ kube_version }}/bin/linux/${OS_ARCHITECTURE}/kubectl.sha256")" /usr/local/bin/kubectl | sha256sum --check \ && chmod a+x /usr/local/bin/kubectl COPY *.yml ./ diff --git a/scripts/pipeline.Dockerfile.j2 b/scripts/pipeline.Dockerfile.j2 index a6148f67b..0cea37441 100644 --- a/scripts/pipeline.Dockerfile.j2 +++ b/scripts/pipeline.Dockerfile.j2 @@ -47,8 +47,8 @@ RUN update-alternatives --install /usr/bin/python python /usr/bin/python3 1 \ && pip install --no-compile --no-cache-dir pip -U \ && pip install --no-compile --no-cache-dir -r tests/requirements.txt \ && pip install --no-compile --no-cache-dir -r requirements.txt \ - && curl -L https://dl.k8s.io/release/{{ kube_version }}/bin/linux/$(dpkg --print-architecture)/kubectl -o /usr/local/bin/kubectl \ - && echo $(curl -L https://dl.k8s.io/release/{{ kube_version }}/bin/linux/$(dpkg --print-architecture)/kubectl.sha256) /usr/local/bin/kubectl | sha256sum --check \ + && curl -L https://dl.k8s.io/release/v{{ kube_version }}/bin/linux/$(dpkg --print-architecture)/kubectl -o /usr/local/bin/kubectl \ + && echo $(curl -L https://dl.k8s.io/release/v{{ kube_version }}/bin/linux/$(dpkg --print-architecture)/kubectl.sha256) /usr/local/bin/kubectl | sha256sum --check \ && chmod a+x /usr/local/bin/kubectl \ # Install Vagrant && curl -LO https://releases.hashicorp.com/vagrant/${VAGRANT_VERSION}/vagrant_${VAGRANT_VERSION}-1_$(dpkg --print-architecture).deb \