upgrade k3s to v1.24.4+k3s1 (#64)

* feat(k3s): Upgrade to v1.24.4+k3s1 * feat(metallb): updated to v0.13.5
2022-09-01 21:20:25 -05:00 · 2022-09-01 21:20:25 -05:00 · 6695d13683
commit 6695d13683
parent 74e1dc1dfe
3 changed files with 5 additions and 83 deletions
--- a/inventory/sample/group_vars/all.yml
+++ b/inventory/sample/group_vars/all.yml
@ -1,5 +1,5 @@
 ---
-k3s_version: v1.24.3+k3s1
+k3s_version: v1.24.4+k3s1
 # this is the user that has ssh access to these machines
 ansible_user: ansibleuser
 systemd_dir: /etc/systemd/system
@ -25,8 +25,8 @@ extra_agent_args: ""
 kube_vip_tag_version: "v0.5.0"

 # image tag for metal lb
-metal_lb_speaker_tag_version: "v0.13.4"
-metal_lb_controller_tag_version: "v0.13.4"
+metal_lb_speaker_tag_version: "v0.13.5"
+metal_lb_controller_tag_version: "v0.13.5"

 # metallb ip range for load balancer
 metal_lb_ip_range: "192.168.30.80-192.168.30.90"
--- a/roles/k3s/master/templates/metallb.crds.j2
+++ b/roles/k3s/master/templates/metallb.crds.j2
@ -1118,85 +1118,6 @@ metadata:
  name: speaker
  namespace: metallb-system
 ---
-apiVersion: policy/v1beta1
-kind: PodSecurityPolicy
-metadata:
-  labels:
-    app: metallb
-  name: controller
-spec:
-  allowPrivilegeEscalation: false
-  allowedCapabilities: []
-  allowedHostPaths: []
-  defaultAddCapabilities: []
-  defaultAllowPrivilegeEscalation: false
-  fsGroup:
-    ranges:
-    - max: 65535
-      min: 1
-    rule: MustRunAs
-  hostIPC: false
-  hostNetwork: false
-  hostPID: false
-  privileged: false
-  readOnlyRootFilesystem: true
-  requiredDropCapabilities:
-  - ALL
-  runAsUser:
-    ranges:
-    - max: 65535
-      min: 1
-    rule: MustRunAs
-  seLinux:
-    rule: RunAsAny
-  supplementalGroups:
-    ranges:
-    - max: 65535
-      min: 1
-    rule: MustRunAs
-  volumes:
-  - configMap
-  - secret
-  - emptyDir
---
-apiVersion: policy/v1beta1
-kind: PodSecurityPolicy
-metadata:
-  labels:
-    app: metallb
-  name: speaker
-spec:
-  allowPrivilegeEscalation: false
-  allowedCapabilities:
-  - NET_RAW
-  allowedHostPaths: []
-  defaultAddCapabilities: []
-  defaultAllowPrivilegeEscalation: false
-  fsGroup:
-    rule: RunAsAny
-  hostIPC: false
-  hostNetwork: true
-  hostPID: false
-  hostPorts:
-  - max: 7472
-    min: 7472
-  - max: 7946
-    min: 7946
-  privileged: true
-  readOnlyRootFilesystem: true
-  requiredDropCapabilities:
-  - ALL
-  runAsUser:
-    rule: RunAsAny
-  seLinux:
-    rule: RunAsAny
-  supplementalGroups:
-    rule: RunAsAny
-  volumes:
-  - configMap
-  - secret
-  - emptyDir
---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
@ -1789,6 +1710,7 @@ webhooks:
    apiVersions:
    - v1beta1
    operations:
+    - CREATE
    - DELETE
    resources:
    - bfdprofiles
--- a/vagrant/Vagrantfile
+++ b/vagrant/Vagrantfile
@ -50,7 +50,7 @@ Vagrant.configure("2") do |config|
          "master" => ["control1", "control2", "control3"],
          "node" => ["node1", "node2"],
          "k3s_cluster:children" => ["master", "node"],
-          "k3s_cluster:vars" => {"k3s_version" => "v1.24.3+k3s1",
+          "k3s_cluster:vars" => {"k3s_version" => "v1.24.4+k3s1",
                                 "ansible_user" => "vagrant",
                                 "systemd_dir" => "/etc/systemd/system",
                                 "flannel_iface" => "eth1",