fix: Incorrect indentation causing malformed PEM file

fix: Refactor kustomize templates
feat:Explicitly configure NTP servers (WIP)
2023-07-07 10:29:57 +02:00 · 2023-07-06 13:00:08 +02:00 · 2023-06-03 10:07:09 +02:00 · 2023-06-03 10:06:33 +02:00 · 2023-05-19 12:19:06 +02:00
10 changed files with 220 additions and 252 deletions
--- a/.drone.yml
+++ b/.drone.yml
@ -10,11 +10,6 @@ volumes:
  claim:
    name: flexvolsmb-drone-scratch
 trigger:
  event:
    exclude:
    - tag
 steps:
 - name: Debugging information
  image: bv11-cr01.bessems.eu/library/packer-extended
@ -37,44 +32,9 @@ steps:
      packer/preseed/UbuntuServer22.04/user-data \
      scripts
 - name: Semantic Release (Dry-run)
  depends_on:
  - Linting
  image: bv11-cr01.bessems.eu/proxy/library/node:20-slim
  pull: always
  commands:
  - |
    apt-get update
  - |
    apt-get install -y --no-install-recommends \
      git-core \
      ca-certificates
  - |
    npm install \
      semantic-release \
      @semantic-release/commit-analyzer \
      @semantic-release/exec \
  - |
    export GIT_CREDENTIALS=$${GIT_USERNAME}:$${GIT_APIKEY}
  - |
    npx semantic-release \
      --package @semantic-release/exec \
      --package semantic-release \
      --branches ${DRONE_BRANCH} \
      --tag-format "K8s_1.25.9-v\$${version}" \
      --dry-run \
      --plugins @semantic-release/commit-analyzer,@semantic-release/exec \
      --analyzeCommits @semantic-release/commit-analyzer \
      --verifyRelease @semantic-release/exec \
      --verifyReleaseCmd 'echo "$${nextRelease.version}" > .version'
  environment:
    GIT_APIKEY:
      from_secret: git_apikey
    GIT_USERNAME: djpbessems
 - name: Install Ansible Galaxy collections
  depends_on:
-  - Semantic Release (Dry-run)
+  - Linting
  image: bv11-cr01.bessems.eu/library/packer-extended
  pull: always
  commands:
@ -82,6 +42,9 @@ steps:
    ansible-galaxy collection install \
      -r ansible/requirements.yml \
      -p ./ansible/collections
  volumes:
  - name: scratch
    path: /scratch
 - name: Kubernetes Bootstrap Appliance
  depends_on:
@ -94,7 +57,6 @@ steps:
      packer/preseed/UbuntuServer22.04/user-data
  - |
    export K8S_VERSION=$(yq '.components.clusterapi.workload.version.k8s' < ./ansible/vars/metacluster.yml)
    export NEXT_RELEASE_VERSION=$(cat .version)
  - |
    packer init -upgrade \
      ./packer
@ -109,7 +71,6 @@ steps:
      -var ssh_password=$${SSH_PASSWORD} \
      -var vsphere_password=$${VSPHERE_PASSWORD} \
      -var k8s_version=$K8S_VERSION \
      -var next_release_version=$NEXT_RELEASE_VERSION \
      ./packer
  - |
    packer build \
@ -123,7 +84,6 @@ steps:
      -var ssh_password=$${SSH_PASSWORD} \
      -var vsphere_password=$${VSPHERE_PASSWORD} \
      -var k8s_version=$K8S_VERSION \
      -var next_release_version=$NEXT_RELEASE_VERSION \
      ./packer
  environment:
    DOCKER_USERNAME:
@ -156,7 +116,6 @@ steps:
      packer/preseed/UbuntuServer22.04/user-data
  - |
    export K8S_VERSION=$(yq '.components.clusterapi.workload.version.k8s' < ./ansible/vars/metacluster.yml)
    export NEXT_RELEASE_VERSION=$(cat .version)
  - |
    packer init -upgrade \
      ./packer
@ -171,7 +130,6 @@ steps:
      -var ssh_password=$${SSH_PASSWORD} \
      -var vsphere_password=$${VSPHERE_PASSWORD} \
      -var k8s_version=$K8S_VERSION \
      -var next_release_version=$NEXT_RELEASE_VERSION \
      ./packer
  - |
    packer build \
@ -185,7 +143,6 @@ steps:
      -var ssh_password=$${SSH_PASSWORD} \
      -var vsphere_password=$${VSPHERE_PASSWORD} \
      -var k8s_version=$K8S_VERSION \
      -var next_release_version=$NEXT_RELEASE_VERSION \
      ./packer
  environment:
    DOCKER_USERNAME:
--- a/.releaserc.json.DISABLED
+++ b/.releaserc.json.DISABLED
@ -1,11 +0,0 @@
 {
    "plugins": [
        ["@semantic-release/commit-analyzer"],
        ["@semantic-release/release-notes-generator"],
        ["@semantic-release/exec", {
            "prepareCmd": "export SEMANTICRELEASE_NEXTRELEASEVERSION=${nextRelease.version}",
            "publishCmd": "echo $SEMANTICRELEASE_NEXTRELEASEVERSION"
        }],
        ["@semantic-release/git"]
    ]
 }
--- a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/filter_plugins/netaddr.py
+++ b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/filter_plugins/netaddr.py
@ -0,0 +1,14 @@
 import netaddr
 def netaddr_iter_iprange(ip_start, ip_end):
    return [str(ip) for ip in netaddr.iter_iprange(ip_start, ip_end)]
 class FilterModule(object):
        ''' Ansible filter. Interface to netaddr methods.
            https://pypi.org/project/netaddr/
        '''
        def filters(self):
            return {
                'netaddr_iter_iprange': netaddr_iter_iprange
            }
--- a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/git.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/git.yml
@ -55,6 +55,7 @@
        force_basic_auth: yes
        body:
          name: token_init_{{ lookup('password', '/dev/null length=5 chars=ascii_letters,digits') }}
          scopes: ["write:public_key","write:org"]
      register: gitea_api_token
    - name: Retrieve existing gitea configuration
--- a/ansible/roles/firstboot/files/ansible_payload/bootstrap/templates/kustomization.cluster-template.j2
+++ b/ansible/roles/firstboot/files/ansible_payload/bootstrap/templates/kustomization.cluster-template.j2
@ -3,8 +3,8 @@ kind: Kustomization
 resources:
 - cluster-template.yaml
-patchesStrategicMerge:
+patches:
-  - |-
+- patch: |-
    apiVersion: v1
    kind: Secret
    metadata:
@ -32,7 +32,7 @@ patchesStrategicMerge:
            [Network]
            public-network = "${VSPHERE_NETWORK}"
        type: Opaque
-  - |-
+- patch: |-
    apiVersion: controlplane.cluster.x-k8s.io/v1beta1
    kind: KubeadmControlPlane
    metadata:
@ -42,7 +42,12 @@ patchesStrategicMerge:
      kubeadmConfigSpec:
        clusterConfiguration:
          imageRepository: registry.{{ _template.network.fqdn }}/kubeadm
-  - |-
+        ntp:
          enabled: true
          servers:
            - 0.nl.pool.ntp.org
            - 1.nl.pool.ntp.org
 - patch: |-
    apiVersion: bootstrap.cluster.x-k8s.io/v1beta1
    kind: KubeadmConfigTemplate
    metadata:
@ -53,7 +58,12 @@ patchesStrategicMerge:
        spec:
          clusterConfiguration:
            imageRepository: registry.{{ _template.network.fqdn }}/kubeadm
-  - |-
+          ntp:
            enabled: true
            servers:
              - 0.nl.pool.ntp.org
              - 1.nl.pool.ntp.org
 - patch: |-
    apiVersion: bootstrap.cluster.x-k8s.io/v1beta1
    kind: KubeadmConfigTemplate
    metadata:
@ -86,7 +96,7 @@ patchesStrategicMerge:
              {{ _template.rootca | indent(width=14, first=False) | trim }}
            owner: root:root
            path: /usr/local/share/ca-certificates/root_ca.crt
-  - |-
+- patch: |-
    apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
    kind: VSphereMachineTemplate
    metadata:
@ -105,7 +115,7 @@ patchesStrategicMerge:
              nameservers:
              - {{ _template.network.dnsserver }}
              networkName: '${VSPHERE_NETWORK}'
-  - |-
+- patch: |-
    apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
    kind: VSphereMachineTemplate
    metadata:
@ -125,132 +135,131 @@ patchesStrategicMerge:
              - {{ _template.network.dnsserver }}
              networkName: '${VSPHERE_NETWORK}'
-patchesJson6902:
+- target:
-  - target:
+    group: controlplane.cluster.x-k8s.io
-      group: controlplane.cluster.x-k8s.io
+    version: v1beta1
-      version: v1beta1
+    kind: KubeadmControlPlane
-      kind: KubeadmControlPlane
+    name: .*
-      name: .*
+  patch: |-
-    patch: |-
+    - op: add
-      - op: add
+      path: /spec/kubeadmConfigSpec/files/-
-        path: /spec/kubeadmConfigSpec/files/-
+      value:
-        value:
+        content: |
-          content: |
+            [plugins."io.containerd.grpc.v1.cri".registry]
-              [plugins."io.containerd.grpc.v1.cri".registry]
+              config_path = "/etc/containerd/certs.d"
-                config_path = "/etc/containerd/certs.d"
+        append: true
-          append: true
+        path: /etc/containerd/config.toml
          path: /etc/containerd/config.toml
 {% for registry in _template.registries %}
-      - op: add
+    - op: add
-        path: /spec/kubeadmConfigSpec/files/-
+      path: /spec/kubeadmConfigSpec/files/-
-        value:
+      value:
-          content: |
+        content: |
-            server = "https://{{ registry }}"
+          server = "https://{{ registry }}"
-            [host."https://registry.{{ _template.network.fqdn }}/v2/library/{{ registry }}"]
+          [host."https://registry.{{ _template.network.fqdn }}/v2/library/{{ registry }}"]
-              capabilities = ["pull", "resolve"]
+            capabilities = ["pull", "resolve"]
-              override_path = true
+            override_path = true
-          owner: root:root
+        owner: root:root
-          path: /etc/containerd/certs.d/{{ registry }}/hosts.toml
+        path: /etc/containerd/certs.d/{{ registry }}/hosts.toml
 {% endfor %}
-      - op: add
+    - op: add
-        path: /spec/kubeadmConfigSpec/files/-
+      path: /spec/kubeadmConfigSpec/files/-
-        value:
+      value:
-          content: |
+        content: |
-            network: {config: disabled}
+          network: {config: disabled}
-          owner: root:root
+        owner: root:root
-          path: /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg
+        path: /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg
-      - op: add
+    - op: add
-        path: /spec/kubeadmConfigSpec/files/-
+      path: /spec/kubeadmConfigSpec/files/-
-        value:
+      value:
-          content: |
+        content: |
-            {{ _template.rootca | indent(width=12, first=False) | trim }}
+          {{ _template.rootca | indent(width=10, first=False) | trim }}
-          owner: root:root
+        owner: root:root
-          path: /usr/local/share/ca-certificates/root_ca.crt
+        path: /usr/local/share/ca-certificates/root_ca.crt
-  - target:
+- target:
-      group: bootstrap.cluster.x-k8s.io
+    group: bootstrap.cluster.x-k8s.io
-      version: v1beta1
+    version: v1beta1
-      kind: KubeadmConfigTemplate
+    kind: KubeadmConfigTemplate
-      name: .*
+    name: .*
-    patch: |-
+  patch: |-
 {% for cmd in _template.runcmds %}
-      - op: add
+    - op: add
-        path: /spec/template/spec/preKubeadmCommands/-
+      path: /spec/template/spec/preKubeadmCommands/-
-        value: {{ cmd }}
+      value: {{ cmd }}
 {% endfor %}
-  - target:
+- target:
-      group: controlplane.cluster.x-k8s.io
+    group: controlplane.cluster.x-k8s.io
-      version: v1beta1
+    version: v1beta1
-      kind: KubeadmControlPlane
+    kind: KubeadmControlPlane
-      name: .*
+    name: .*
-    patch: |-
+  patch: |-
 {% for cmd in _template.runcmds %}
-      - op: add
+    - op: add
-        path: /spec/kubeadmConfigSpec/preKubeadmCommands/-
+      path: /spec/kubeadmConfigSpec/preKubeadmCommands/-
-        value: {{ cmd }}
+      value: {{ cmd }}
 {% endfor %}
-  - target:
+- target:
-      group: infrastructure.cluster.x-k8s.io
+    group: infrastructure.cluster.x-k8s.io
-      version: v1beta1
+    version: v1beta1
-      kind: VSphereMachineTemplate
+    kind: VSphereMachineTemplate
-      name: \${CLUSTER_NAME}
+    name: \${CLUSTER_NAME}
-    patch: |-
+  patch: |-
-      - op: replace
+    - op: replace
-        path: /metadata/name
+      path: /metadata/name
-        value: ${CLUSTER_NAME}-master
+      value: ${CLUSTER_NAME}-master
-  - target:
+- target:
-      group: controlplane.cluster.x-k8s.io
+    group: controlplane.cluster.x-k8s.io
-      version: v1beta1
+    version: v1beta1
-      kind: KubeadmControlPlane
+    kind: KubeadmControlPlane
-      name: \${CLUSTER_NAME}
+    name: \${CLUSTER_NAME}
-    patch: |-
+  patch: |-
-      - op: replace
+    - op: replace
-        path: /metadata/name
+      path: /metadata/name
-        value: ${CLUSTER_NAME}-master
+      value: ${CLUSTER_NAME}-master
-      - op: replace
+    - op: replace
-        path: /spec/machineTemplate/infrastructureRef/name
+      path: /spec/machineTemplate/infrastructureRef/name
-        value: ${CLUSTER_NAME}-master
+      value: ${CLUSTER_NAME}-master
-  - target:
+- target:
-      group: cluster.x-k8s.io
+    group: cluster.x-k8s.io
-      version: v1beta1
+    version: v1beta1
-      kind: Cluster
+    kind: Cluster
-      name: \${CLUSTER_NAME}
+    name: \${CLUSTER_NAME}
-    patch: |-
+  patch: |-
-      - op: replace
+    - op: replace
-        path: /spec/controlPlaneRef/name
+      path: /spec/controlPlaneRef/name
-        value: ${CLUSTER_NAME}-master
+      value: ${CLUSTER_NAME}-master
-  - target:
+- target:
-      group: infrastructure.cluster.x-k8s.io
+    group: infrastructure.cluster.x-k8s.io
-      version: v1beta1
+    version: v1beta1
-      kind: VSphereMachineTemplate
+    kind: VSphereMachineTemplate
-      name: \${CLUSTER_NAME}-worker
+    name: \${CLUSTER_NAME}-worker
-    patch: |-
+  patch: |-
-      - op: replace
+    - op: replace
-        path: /spec/template/spec/numCPUs
+      path: /spec/template/spec/numCPUs
-        value: {{ _template.nodesize.cpu }}
+      value: {{ _template.nodesize.cpu }}
-      - op: replace
+    - op: replace
-        path: /spec/template/spec/memoryMiB
+      path: /spec/template/spec/memoryMiB
-        value: {{ _template.nodesize.memory }}
+      value: {{ _template.nodesize.memory }}
-  - target:
+- target:
-      group: cluster.x-k8s.io
+    group: cluster.x-k8s.io
-      version: v1beta1
+    version: v1beta1
-      kind: MachineDeployment
+    kind: MachineDeployment
-      name: \${CLUSTER_NAME}-md-0
+    name: \${CLUSTER_NAME}-md-0
-    patch: |-
+  patch: |-
-      - op: replace
+    - op: replace
-        path: /metadata/name
+      path: /metadata/name
-        value: ${CLUSTER_NAME}-worker
+      value: ${CLUSTER_NAME}-worker
-      - op: replace
+    - op: replace
-        path: /spec/template/spec/bootstrap/configRef/name
+      path: /spec/template/spec/bootstrap/configRef/name
-        value: ${CLUSTER_NAME}-worker
+      value: ${CLUSTER_NAME}-worker
-  - target:
+- target:
-      group: bootstrap.cluster.x-k8s.io
+    group: bootstrap.cluster.x-k8s.io
-      version: v1beta1
+    version: v1beta1
-      kind: KubeadmConfigTemplate
+    kind: KubeadmConfigTemplate
-      name: \${CLUSTER_NAME}-md-0
+    name: \${CLUSTER_NAME}-md-0
-    patch: |-
+  patch: |-
-      - op: replace
+    - op: replace
-        path: /metadata/name
+      path: /metadata/name
-        value: ${CLUSTER_NAME}-worker
+      value: ${CLUSTER_NAME}-worker
--- a/ansible/roles/firstboot/files/ansible_payload/bootstrap/templates/kustomization.nodepool.j2
+++ b/ansible/roles/firstboot/files/ansible_payload/bootstrap/templates/kustomization.nodepool.j2
@ -5,8 +5,8 @@ resources:
 - manifests/machinedeployment-{{ _template.cluster.name }}-worker.yaml
 - manifests/vspheremachinetemplate-{{ _template.cluster.name }}-worker.yaml
-patchesStrategicMerge:
+patches:
-  - |-
+- patch: |-
    apiVersion: bootstrap.cluster.x-k8s.io/v1beta1
    kind: KubeadmConfigTemplate
    metadata:
@ -31,7 +31,7 @@ patchesStrategicMerge:
          mounts:
          - - LABEL=blockstorage
            - /mnt/blockstorage
-  - |-
+- patch: |-
    apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
    kind: VSphereMachineTemplate
    metadata:
@ -43,42 +43,41 @@ patchesStrategicMerge:
          additionalDisksGiB:
          - {{ _template.nodepool.additionaldisk }}
-patchesJson6902:
+- target:
-  - target:
+    group: bootstrap.cluster.x-k8s.io
-      group: bootstrap.cluster.x-k8s.io
+    version: v1beta1
-      version: v1beta1
+    kind: KubeadmConfigTemplate
-      kind: KubeadmConfigTemplate
+    name: {{ _template.cluster.name }}-worker
-      name: {{ _template.cluster.name }}-worker
+  patch: |-
-    patch: |-
+    - op: replace
-      - op: replace
+      path: /metadata/name
-        path: /metadata/name
+      value: {{ _template.cluster.name }}-worker-storage
        value: {{ _template.cluster.name }}-worker-storage
-  - target:
+- target:
-      group: cluster.x-k8s.io
+    group: cluster.x-k8s.io
-      version: v1beta1
+    version: v1beta1
-      kind: MachineDeployment
+    kind: MachineDeployment
-      name: {{ _template.cluster.name }}-worker
+    name: {{ _template.cluster.name }}-worker
-    patch: |-
+  patch: |-
-      - op: replace
+    - op: replace
-        path: /metadata/name
+      path: /metadata/name
-        value: {{ _template.cluster.name }}-worker-storage
+      value: {{ _template.cluster.name }}-worker-storage
-      - op: replace
+    - op: replace
-        path: /spec/template/spec/bootstrap/configRef/name
+      path: /spec/template/spec/bootstrap/configRef/name
-        value: {{ _template.cluster.name }}-worker-storage
+      value: {{ _template.cluster.name }}-worker-storage
-      - op: replace
+    - op: replace
-        path: /spec/template/spec/infrastructureRef/name
+      path: /spec/template/spec/infrastructureRef/name
-        value: {{ _template.cluster.name }}-worker-storage
+      value: {{ _template.cluster.name }}-worker-storage
-      - op: replace
+    - op: replace
-        path: /spec/replicas
+      path: /spec/replicas
-        value: {{ _template.nodepool.size }}
+      value: {{ _template.nodepool.size }}
-  - target:
+- target:
-      group: infrastructure.cluster.x-k8s.io
+    group: infrastructure.cluster.x-k8s.io
-      version: v1beta1
+    version: v1beta1
-      kind: VSphereMachineTemplate
+    kind: VSphereMachineTemplate
-      name: {{ _template.cluster.name }}-worker
+    name: {{ _template.cluster.name }}-worker
-    patch: |-
+  patch: |-
-      - op: replace
+    - op: replace
-        path: /metadata/name
+      path: /metadata/name
-        value: {{ _template.cluster.name }}-worker-storage
+      value: {{ _template.cluster.name }}-worker-storage
--- a/ansible/vars/metacluster.yml
+++ b/ansible/vars/metacluster.yml
@ -1,7 +1,7 @@
 platform:
  k3s:
-    version: v1.25.9+k3s1
+    version: v1.26.5+k3s1
  packaged_components:
    - name: traefik
@ -56,7 +56,7 @@ components:
  argo-cd:
    helm:
-      version: 5.27.4  # (= ArgoCD v2.6.7)
+      version: 5.34.6  # (= ArgoCD v2.7.3)
      chart: argo/argo-cd
      parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /'
      chart_values: !unsafe |
@ -99,7 +99,7 @@ components:
  cert-manager:
    helm:
-      version: 1.11.0
+      version: 1.12.1
      chart: jetstack/cert-manager
      parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /'
      # chart_values: !unsafe |
@ -109,19 +109,19 @@ components:
    management:
      version:
        # Must match the version referenced at `dependencies.static_binaries[.filename==clusterctl].url`
-        base: v1.4.0
+        base: v1.4.1
        # Must match the version referenced at `components.cert-manager.helm.version`
-        cert_manager: v1.11.0
+        cert_manager: v1.11.1
-        infrastructure_vsphere: v1.6.0
+        infrastructure_vsphere: v1.6.1
        ipam_incluster: v0.1.0-alpha.2
        # Refer to `https://console.cloud.google.com/gcr/images/cloud-provider-vsphere/GLOBAL/cpi/release/manager` for available tags
-        cpi_vsphere: v1.25.2
+        cpi_vsphere: v1.26.2
    workload:
      version:
-        calico: v3.25.0
+        calico: v3.26.0
-        k8s: v1.25.9
+        k8s: v1.26.5
      node_template:
-        url: https://{{ repo_username }}:{{ repo_password }}@sn.itch.fyi/Repository/rel/ubuntu-2204-kube-v1.25.9.ova
+        url: https://{{ repo_username }}:{{ repo_password }}@sn.itch.fyi/Repository/rel/ubuntu-2204-kube-v1.26.5.ova
  # dex:
  #   helm:
@ -173,7 +173,7 @@ components:
  gitea:
    helm:
-      version: v7.0.2 # (= Gitea v1.18.3)
+      version: v8.3.0 # (= Gitea v1.19.3)
      chart: gitea-charts/gitea
      parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | sed '/:/!s/$/:latest/'
      chart_values: !unsafe |
@ -204,7 +204,7 @@ components:
  harbor:
    helm:
-      version: 1.11.0  # (= Harbor v2.7.0)
+      version: 1.12.1  # (= Harbor v2.8.1)
      chart: harbor/harbor
      parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /'
      chart_values: !unsafe |
@ -259,7 +259,7 @@ components:
  kube-prometheus-stack:
    helm:
-      version: 45.2.0
+      version: 46.5.0  # (= Prometheus version v0.65.1)
      chart: prometheus-community/kube-prometheus-stack
      parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /'
      chart_values: !unsafe |
@ -270,11 +270,11 @@ components:
  kubevip:
    # Must match the version referenced at `dependencies.container_images`
-    version: v0.5.8
+    version: v0.6.0
  longhorn:
    helm:
-      version: 1.4.1
+      version: 1.4.2
      chart: longhorn/longhorn
      parse_logic: cat values.yaml | yq eval '.. | select(has("repository")) | .repository + ":" + .tag'
      chart_values: !unsafe |
@ -290,7 +290,7 @@ components:
  step-certificates:
    helm:
-      version: 1.23.0
+      version: 1.23.2+5  # (= step-ca v0.23.2)
      chart: smallstep/step-certificates
      parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sed '/:/!s/$/:latest/' | sort -u
      chart_values: !unsafe |
@ -320,7 +320,7 @@ dependencies:
  container_images:
    # This should match the image tag referenced at `platform.packaged_components[.name==traefik].config`
    - busybox:1
-    - ghcr.io/kube-vip/kube-vip:v0.5.8
+    - ghcr.io/kube-vip/kube-vip:v0.6.0
    # The following list is generated by running the following commands:
    #   $ clusterctl init -i vsphere:<version> [...]
    #   $ clusterctl generate cluster <name> [...] | yq eval '.data.data' | yq --no-doc eval '.. | .image? | select(.)' | sort -u
@ -334,25 +334,25 @@ dependencies:
  static_binaries:
    - filename: clusterctl
-      url: https://github.com/kubernetes-sigs/cluster-api/releases/download/v1.4.0/clusterctl-linux-amd64
+      url: https://github.com/kubernetes-sigs/cluster-api/releases/download/v1.4.1/clusterctl-linux-amd64
    - filename: govc
-      url: https://github.com/vmware/govmomi/releases/download/v0.29.0/govc_Linux_x86_64.tar.gz
+      url: https://github.com/vmware/govmomi/releases/download/v0.30.4/govc_Linux_x86_64.tar.gz
      archive: compressed
    - filename: helm
-      url: https://get.helm.sh/helm-v3.10.2-linux-amd64.tar.gz
+      url: https://get.helm.sh/helm-v3.12.0-linux-amd64.tar.gz
      archive: compressed
      extra_opts: --strip-components=1
    - filename: kubectl-slice
-      url: https://github.com/patrickdappollonio/kubectl-slice/releases/download/v1.2.5/kubectl-slice_linux_x86_64.tar.gz
+      url: https://github.com/patrickdappollonio/kubectl-slice/releases/download/v1.2.6/kubectl-slice_linux_x86_64.tar.gz
      archive: compressed
    - filename: skopeo
      url: https://code.spamasaurus.com/api/packages/djpbessems/generic/skopeo/v1.12.0/skopeo_linux_amd64
    - filename: step
-      url: https://dl.step.sm/gh-release/cli/gh-release-header/v0.23.0/step_linux_0.23.0_amd64.tar.gz
+      url: https://dl.step.sm/gh-release/cli/gh-release-header/v0.23.2/step_linux_0.23.2_amd64.tar.gz
      archive: compressed
      extra_opts: --strip-components=2
    - filename: yq
-      url: http://github.com/mikefarah/yq/releases/download/v4.30.5/yq_linux_amd64
+      url: http://github.com/mikefarah/yq/releases/download/v4.34.1/yq_linux_amd64
  packages:
    apt:
--- a/ansible/vars/workloadcluster.yml
+++ b/ansible/vars/workloadcluster.yml
@ -9,7 +9,7 @@ downstream:
  helm_charts:
    longhorn:
-      version: 1.4.1
+      version: 1.4.2
      chart: longhorn/longhorn
      namespace: longhorn-system
      parse_logic: cat values.yaml | yq eval '.. | select(has("repository")) | .repository + ":" + .tag'
@ -19,7 +19,7 @@ downstream:
          defaultDataPath: /mnt/blockstorage
    sealed-secrets:
-      version: 2.8.1  # (= Sealed Secrets v0.20.2)
+      version: 2.9.0  # (= Sealed Secrets v0.21.0)
      chart: sealed-secrets/sealed-secrets
      namespace: sealed-secrets
      parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /'
--- a/packer/build.pkr.hcl
+++ b/packer/build.pkr.hcl
@ -45,7 +45,7 @@ build {
      " -ManifestFileName '/scratch/bld_${var.vm_name}_${source.name}.mf'",
      "ovftool --acceptAllEulas --allowExtraConfig --overwrite \\",
      " '/scratch/bld_${var.vm_name}_${source.name}.ovf' \\",
-      " /output/airgapped-k8s-${var.next_release_version}+${var.k8s_version}-${source.name}.ova"
+      " /output/airgapped-k8s-${var.k8s_version}.${source.name}.ova"
    ]
  }
 }
--- a/packer/variables.pkr.hcl
+++ b/packer/variables.pkr.hcl
@ -35,4 +35,3 @@ variable "docker_password" {
 }
 variable "k8s_version" {}
 variable "next_release_version" {}
Author	SHA1	Message	Date
Danny Bessems	8fba1c410e	fix: Incorrect indentation causing malformed PEM file Some checks failed continuous-integration/drone/push Build is failing Details	2023-07-07 10:29:57 +02:00
Danny Bessems	e2e009aa3c	fix: Refactor kustomize templates All checks were successful continuous-integration/drone/push Build is passing Details	2023-07-06 13:00:08 +02:00
Danny Bessems	ef81cbfe6a	feat:Explicitly configure NTP servers (WIP) All checks were successful continuous-integration/drone/push Build is passing Details	2023-06-03 10:07:09 +02:00
Danny Bessems	43095c5a1e	feat:Upgrade components	2023-06-03 10:06:33 +02:00
Danny Bessems	2addda3f06	Upgrade node template OS version;Upgrade K8s minor version All checks were successful continuous-integration/drone/push Build is passing Details	2023-05-19 12:19:06 +02:00