Prepare for Antelope branch (#1147)
This change contains a big bump of versions for many components
but some are not fully bumped to the latest which are:
Keycloak (in order to go to 23.X first, then B will go to 24.X)
RabbitMQ (In order to go to 3.11 first, then B will go to 3.12)
OVN (24.03 LTS packages don't exist yet)
Once we merge this, we should run some upgrade tests from the last
branch (in this case, stable/zed) to main before we branch
this out to stable/2023.1.
Closes: #1004
Reviewed-by: Mohammed Naser <mnaser@vexxhost.com>
Reviewed-by: Rico Lin <ricolin@ricolky.com>
diff --git a/roles/defaults/vars/main.yml b/roles/defaults/vars/main.yml
index 780e210..dc90bfb 100644
--- a/roles/defaults/vars/main.yml
+++ b/roles/defaults/vars/main.yml
@@ -39,12 +39,12 @@
cluster_api_kubeadm_bootstrap_controller: registry.k8s.io/cluster-api/kubeadm-bootstrap-controller:v1.6.0
cluster_api_kubeadm_control_plane_controller: registry.k8s.io/cluster-api/kubeadm-control-plane-controller:v1.6.0
cluster_api_openstack_controller: registry.k8s.io/capi-openstack/capi-openstack-controller:v0.9.0
- csi_node_driver_registrar: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.4.0
- csi_rbd_attacher: registry.k8s.io/sig-storage/csi-attacher:v3.4.0
- csi_rbd_plugin: quay.io/cephcsi/cephcsi:v3.5.1
- csi_rbd_provisioner: registry.k8s.io/sig-storage/csi-provisioner:v3.1.0
- csi_rbd_resizer: registry.k8s.io/sig-storage/csi-resizer:v1.3.0
- csi_rbd_snapshotter: registry.k8s.io/sig-storage/csi-snapshotter:v4.2.0
+ csi_node_driver_registrar: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.10.0
+ csi_rbd_attacher: registry.k8s.io/sig-storage/csi-attacher:v4.5.0
+ csi_rbd_plugin: quay.io/cephcsi/cephcsi:v3.11.0
+ csi_rbd_provisioner: registry.k8s.io/sig-storage/csi-provisioner:v4.0.0
+ csi_rbd_resizer: registry.k8s.io/sig-storage/csi-resizer:v1.10.0
+ csi_rbd_snapshotter: registry.k8s.io/sig-storage/csi-snapshotter:v7.0.0
db_drop: "registry.atmosphere.dev/library/heat:{{ atmosphere_release }}"
db_init: "registry.atmosphere.dev/library/heat:{{ atmosphere_release }}"
dep_check: "registry.atmosphere.dev/library/kubernetes-entrypoint:{{ atmosphere_release }}"
@@ -72,11 +72,11 @@
heat_purge_deleted: "registry.atmosphere.dev/library/heat:{{ atmosphere_release }}"
horizon_db_sync: "registry.atmosphere.dev/library/horizon:{{ atmosphere_release }}"
horizon: "registry.atmosphere.dev/library/horizon:{{ atmosphere_release }}"
- ingress_nginx_controller: registry.k8s.io/ingress-nginx/controller:v1.1.1
+ ingress_nginx_controller: registry.k8s.io/ingress-nginx/controller:v1.10.0
ingress_nginx_default_backend: registry.k8s.io/defaultbackend-amd64:1.5
- ingress_nginx_kube_webhook_certgen: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1
+ ingress_nginx_kube_webhook_certgen: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.0
keepalived: "registry.atmosphere.dev/library/keepalived:{{ atmosphere_release }}"
- keycloak: quay.io/keycloak/keycloak:22.0.1-0
+ keycloak: quay.io/keycloak/keycloak:23.0.7-0
keystone_api: "registry.atmosphere.dev/library/keystone:{{ atmosphere_release }}"
keystone_credential_cleanup: "registry.atmosphere.dev/library/heat:{{ atmosphere_release }}"
keystone_credential_rotate: "registry.atmosphere.dev/library/keystone:{{ atmosphere_release }}"
@@ -102,7 +102,7 @@
local_path_provisioner_helper: docker.io/library/busybox:1.36.0
local_path_provisioner: docker.io/rancher/local-path-provisioner:v0.0.24
loki_gateway: docker.io/nginxinc/nginx-unprivileged:1.24-alpine
- loki: docker.io/grafana/loki:2.9.6
+ loki: docker.io/grafana/loki:3.0.0
magnum_api: "registry.atmosphere.dev/library/magnum:{{ atmosphere_release }}"
magnum_cluster_api_proxy: "registry.atmosphere.dev/library/magnum:{{ atmosphere_release }}"
magnum_conductor: "registry.atmosphere.dev/library/magnum:{{ atmosphere_release }}"
@@ -113,11 +113,11 @@
manila_db_sync: "registry.atmosphere.dev/library/manila:{{ atmosphere_release }}"
manila_scheduler: "registry.atmosphere.dev/library/manila:{{ atmosphere_release }}"
manila_share: "registry.atmosphere.dev/library/manila:{{ atmosphere_release }}"
- memcached: docker.io/library/memcached:1.6.17
+ memcached: docker.io/library/memcached:1.6.26
netoffload: "registry.atmosphere.dev/library/netoffload:{{ atmosphere_release }}"
neutron_bagpipe_bgp: "registry.atmosphere.dev/library/neutron:{{ atmosphere_release }}"
neutron_bgp_dragent: "registry.atmosphere.dev/library/neutron:{{ atmosphere_release }}"
- neutron_coredns: docker.io/coredns/coredns:1.9.3
+ neutron_coredns: docker.io/coredns/coredns:1.11.1
neutron_db_sync: "registry.atmosphere.dev/library/neutron:{{ atmosphere_release }}"
neutron_dhcp: "registry.atmosphere.dev/library/neutron:{{ atmosphere_release }}"
neutron_ironic_agent: "registry.atmosphere.dev/library/neutron:{{ atmosphere_release }}"
@@ -131,7 +131,7 @@
neutron_server: "registry.atmosphere.dev/library/neutron:{{ atmosphere_release }}"
neutron_sriov_agent_init: "registry.atmosphere.dev/library/neutron:{{ atmosphere_release }}"
neutron_sriov_agent: "registry.atmosphere.dev/library/neutron:{{ atmosphere_release }}"
- node_feature_discovery: registry.k8s.io/nfd/node-feature-discovery:v0.11.2
+ node_feature_discovery: registry.k8s.io/nfd/node-feature-discovery:v0.15.4
nova_api: "registry.atmosphere.dev/library/nova:{{ atmosphere_release }}"
nova_archive_deleted_rows: "registry.atmosphere.dev/library/nova:{{ atmosphere_release }}"
nova_cell_setup_init: "registry.atmosphere.dev/library/heat:{{ atmosphere_release }}"
@@ -164,29 +164,29 @@
ovn_ovsdb_nb: "registry.atmosphere.dev/library/ovn-central:{{ atmosphere_release }}"
ovn_ovsdb_sb: "registry.atmosphere.dev/library/ovn-central:{{ atmosphere_release }}"
pause: registry.k8s.io/pause:3.9
- percona_xtradb_cluster_haproxy: docker.io/percona/percona-xtradb-cluster-operator:1.13.0-haproxy
- percona_xtradb_cluster_operator: docker.io/percona/percona-xtradb-cluster-operator:1.13.0
- percona_xtradb_cluster: docker.io/percona/percona-xtradb-cluster:8.0.32-24.2
- percona_version_service: docker.io/perconalab/version-service:main-3325140
+ percona_xtradb_cluster_haproxy: docker.io/percona/percona-xtradb-cluster-operator:1.14.0-haproxy
+ percona_xtradb_cluster_operator: docker.io/percona/percona-xtradb-cluster-operator:1.14.0
+ percona_xtradb_cluster: docker.io/percona/percona-xtradb-cluster:8.0.36-28.1
+ percona_version_service: docker.io/perconalab/version-service:production-2048c1f
placement_db_sync: "registry.atmosphere.dev/library/placement:{{ atmosphere_release }}"
placement: "registry.atmosphere.dev/library/placement:{{ atmosphere_release }}"
prometheus_config_reloader: quay.io/prometheus-operator/prometheus-config-reloader:v0.73.0
prometheus_ipmi_exporter: us-docker.pkg.dev/vexxhost-infra/openstack/ipmi-exporter:1.4.0
- prometheus_memcached_exporter: quay.io/prometheus/memcached-exporter:v0.10.0
- prometheus_mysqld_exporter: quay.io/prometheus/mysqld-exporter:v0.14.0
+ prometheus_memcached_exporter: quay.io/prometheus/memcached-exporter:v0.14.3
+ prometheus_mysqld_exporter: quay.io/prometheus/mysqld-exporter:v0.15.1
prometheus_node_exporter: quay.io/prometheus/node-exporter:v1.7.0
prometheus_openstack_database_exporter: ghcr.io/vexxhost/openstack-database-exporter:v0.3.0
prometheus_openstack_exporter: ghcr.io/openstack-exporter/openstack-exporter:1.7.0
prometheus_operator_kube_webhook_certgen: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20221220-controller-v1.5.1-58-g787ea74b6
- prometheus_operator: quay.io/prometheus-operator/prometheus-operator:v0.73.1
- prometheus_pushgateway: docker.io/prom/pushgateway:v1.4.2
+ prometheus_operator: quay.io/prometheus-operator/prometheus-operator:v0.73.0
+ prometheus_pushgateway: docker.io/prom/pushgateway:v1.8.0
prometheus: quay.io/prometheus/prometheus:v2.51.2
- rabbit_init: docker.io/library/rabbitmq:3.10.2-management
- rabbitmq_cluster_operator: docker.io/rabbitmqoperator/cluster-operator:1.13.1
- rabbitmq_credential_updater: docker.io/rabbitmqoperator/default-user-credential-updater:1.0.2
- rabbitmq_server: docker.io/library/rabbitmq:3.10.2-management
- rabbitmq_topology_operator: docker.io/rabbitmqoperator/messaging-topology-operator:1.6.0
- rook_ceph: docker.io/rook/ceph:v1.10.10
+ rabbit_init: docker.io/library/rabbitmq:3.11.28-management
+ rabbitmq_cluster_operator: docker.io/rabbitmqoperator/cluster-operator:2.8.0
+ rabbitmq_credential_updater: docker.io/rabbitmqoperator/default-user-credential-updater:1.0.4
+ rabbitmq_server: docker.io/library/rabbitmq:3.11.28-management
+ rabbitmq_topology_operator: docker.io/rabbitmqoperator/messaging-topology-operator:1.13.0
+ rook_ceph: docker.io/rook/ceph:v1.14.2
secretgen_controller: ghcr.io/carvel-dev/secretgen-controller@sha256:59ec05ce5847bfd70c8e04f08b5195e918c8f6fbb947ffc91b456494a2958fd5
senlin_api: "registry.atmosphere.dev/library/senlin:{{ atmosphere_release }}"
senlin_conductor: "registry.atmosphere.dev/library/senlin:{{ atmosphere_release }}"
@@ -198,7 +198,7 @@
staffeln_conductor: "registry.atmosphere.dev/library/staffeln:{{ atmosphere_release }}"
staffeln_api: "registry.atmosphere.dev/library/staffeln:{{ atmosphere_release }}"
tempest_run_tests: "registry.atmosphere.dev/library/tempest:{{ atmosphere_release }}"
- vector: docker.io/timberio/vector:0.37.0-debian
+ vector: docker.io/timberio/vector:0.37.1-debian
atmosphere_images: '{{ _atmosphere_images | combine(atmosphere_image_overrides, recursive=True)
}}'
diff --git a/roles/keycloak/vars/main.yml b/roles/keycloak/vars/main.yml
index 0081962..b4bbf26 100644
--- a/roles/keycloak/vars/main.yml
+++ b/roles/keycloak/vars/main.yml
@@ -13,6 +13,12 @@
# under the License.
_keycloak_helm_values:
+ # NOTE(mnaser): These workarounds below are needed to allow the Bitnami Helm chart to work with
+ # the upstream image.
+ enableDefaultInitContainers: false
+ containerSecurityContext:
+ readOnlyRootFilesystem: false
+ runAsUser: 1000
# Note(okozachenko1203): Mysql vendor is not supported by bitnami helm chart. As a workaround,
# we have to define jdbc connection string explicitly along side
# `externalDatabase` helm values.
@@ -34,7 +40,6 @@
- /opt/keycloak/bin/kc.sh
- --verbose
- start
- - --auto-build
- --health-enabled=true
- --http-enabled=true
- --http-port=8080
diff --git a/roles/loki/tasks/main.yml b/roles/loki/tasks/main.yml
index cead7b4..01e2048 100644
--- a/roles/loki/tasks/main.yml
+++ b/roles/loki/tasks/main.yml
@@ -20,4 +20,4 @@
release_namespace: "{{ loki_helm_release_namespace }}"
create_namespace: true
kubeconfig: /etc/kubernetes/admin.conf
- values: "{{ _loki_helm_values | combine(loki_helm_values, recursive=True) }}"
+ values: "{{ _loki_helm_values | combine(loki_helm_values, recursive=True) | to_json }}"
diff --git a/roles/loki/vars/main.yml b/roles/loki/vars/main.yml
index dbefa79..d4df3fd 100644
--- a/roles/loki/vars/main.yml
+++ b/roles/loki/vars/main.yml
@@ -13,6 +13,7 @@
# under the License.
_loki_helm_values:
+ deploymentMode: SingleBinary
loki:
server:
log_level: warn
@@ -25,21 +26,29 @@
replication_factor: 1
storage:
type: filesystem
+ schemaConfig:
+ configs:
+ - from: 2024-04-01
+ store: tsdb
+ object_store: filesystem
+ schema: v13
+ index:
+ prefix: index_
+ period: 24h
test:
enabled: false
- monitoring:
- selfMonitoring:
- enabled: false
- grafanaAgent:
- installOperator: false
- lokiCanary:
- enabled: false
singleBinary:
replicas: 1
nodeSelector:
openstack-control-plane: enabled
persistence:
size: 256Gi
+ write:
+ replicas: 0
+ read:
+ replicas: 0
+ backend:
+ replicas: 0
gateway:
image:
registry: "{{ atmosphere_images['loki_gateway'] | vexxhost.kubernetes.docker_image('domain') }}"
@@ -47,3 +56,5 @@
tag: "{{ atmosphere_images['loki_gateway'] | vexxhost.kubernetes.docker_image('tag') }}"
nodeSelector:
openstack-control-plane: enabled
+ lokiCanary:
+ enabled: false
diff --git a/roles/magnum/vars/main.yml b/roles/magnum/vars/main.yml
index eeee431..61fd18b 100644
--- a/roles/magnum/vars/main.yml
+++ b/roles/magnum/vars/main.yml
@@ -78,10 +78,4 @@
ingress_api: false
service_ingress_api: false
-_magnum_registry_ingress_annotations:
- # NOTE(mnaser): We only want to allow GET/HEAD requests to the registry
- # to make sure it's read-only.
- nginx.ingress.kubernetes.io/configuration-snippet: |
- if ($request_method !~* "^(GET|HEAD)$") {
- return 403;
- }
+_magnum_registry_ingress_annotations: {}
diff --git a/roles/percona_xtradb_cluster/vars/main.yml b/roles/percona_xtradb_cluster/vars/main.yml
index 5a99be1..c21d748 100644
--- a/roles/percona_xtradb_cluster/vars/main.yml
+++ b/roles/percona_xtradb_cluster/vars/main.yml
@@ -15,14 +15,14 @@
sidecars:
- name: exporter
image: "{{ atmosphere_images['prometheus_mysqld_exporter'] | vexxhost.kubernetes.docker_image('ref') }}"
+ args:
+ - --mysqld.username=monitor
env:
- - name: MONITOR_PASSWORD
+ - name: MYSQLD_EXPORTER_PASSWORD
valueFrom:
secretKeyRef:
name: percona-xtradb
key: monitor
- - name: DATA_SOURCE_NAME
- value: "monitor:$(MONITOR_PASSWORD)@(localhost:3306)/"
ports:
- name: metrics
containerPort: 9104
diff --git a/roles/rabbitmq/vars/main.yml b/roles/rabbitmq/vars/main.yml
index 67d9c13..fbef12f 100644
--- a/roles/rabbitmq/vars/main.yml
+++ b/roles/rabbitmq/vars/main.yml
@@ -13,6 +13,7 @@
# under the License.
_rabbitmq_spec:
+ delayStartSeconds: 0
image: "{{ atmosphere_images['rabbitmq_server'] | vexxhost.kubernetes.docker_image('ref') }}"
affinity:
nodeAffinity:
@@ -34,7 +35,8 @@
requests:
cpu: 500m
memory: 1Gi
- secretBackend: {}
+ secretBackend:
+ externalSecret: {}
service:
type: ClusterIP
terminationGracePeriodSeconds: 15