From 6695d1368344d8a1e85de7de53a66c026df117eb Mon Sep 17 00:00:00 2001 From: Techno Tim Date: Thu, 1 Sep 2022 21:20:25 -0500 Subject: [PATCH] upgrade k3s to v1.24.4+k3s1 (#64) * feat(k3s): Upgrade to v1.24.4+k3s1 * feat(metallb): updated to v0.13.5 --- inventory/sample/group_vars/all.yml | 6 +- roles/k3s/master/templates/metallb.crds.j2 | 80 +--------------------- vagrant/Vagrantfile | 2 +- 3 files changed, 5 insertions(+), 83 deletions(-) diff --git a/inventory/sample/group_vars/all.yml b/inventory/sample/group_vars/all.yml index e794748..0e910fa 100644 --- a/inventory/sample/group_vars/all.yml +++ b/inventory/sample/group_vars/all.yml @@ -1,5 +1,5 @@ --- -k3s_version: v1.24.3+k3s1 +k3s_version: v1.24.4+k3s1 # this is the user that has ssh access to these machines ansible_user: ansibleuser systemd_dir: /etc/systemd/system @@ -25,8 +25,8 @@ extra_agent_args: "" kube_vip_tag_version: "v0.5.0" # image tag for metal lb -metal_lb_speaker_tag_version: "v0.13.4" -metal_lb_controller_tag_version: "v0.13.4" +metal_lb_speaker_tag_version: "v0.13.5" +metal_lb_controller_tag_version: "v0.13.5" # metallb ip range for load balancer metal_lb_ip_range: "192.168.30.80-192.168.30.90" diff --git a/roles/k3s/master/templates/metallb.crds.j2 b/roles/k3s/master/templates/metallb.crds.j2 index cf324e0..3b42307 100644 --- a/roles/k3s/master/templates/metallb.crds.j2 +++ b/roles/k3s/master/templates/metallb.crds.j2 @@ -1118,85 +1118,6 @@ metadata: name: speaker namespace: metallb-system --- -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - labels: - app: metallb - name: controller -spec: - allowPrivilegeEscalation: false - allowedCapabilities: [] - allowedHostPaths: [] - defaultAddCapabilities: [] - defaultAllowPrivilegeEscalation: false - fsGroup: - ranges: - - max: 65535 - min: 1 - rule: MustRunAs - hostIPC: false - hostNetwork: false - hostPID: false - privileged: false - readOnlyRootFilesystem: true - requiredDropCapabilities: - - ALL - runAsUser: - ranges: - - max: 65535 - min: 1 - rule: MustRunAs - seLinux: - rule: RunAsAny - supplementalGroups: - ranges: - - max: 65535 - min: 1 - rule: MustRunAs - volumes: - - configMap - - secret - - emptyDir ---- -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - labels: - app: metallb - name: speaker -spec: - allowPrivilegeEscalation: false - allowedCapabilities: - - NET_RAW - allowedHostPaths: [] - defaultAddCapabilities: [] - defaultAllowPrivilegeEscalation: false - fsGroup: - rule: RunAsAny - hostIPC: false - hostNetwork: true - hostPID: false - hostPorts: - - max: 7472 - min: 7472 - - max: 7946 - min: 7946 - privileged: true - readOnlyRootFilesystem: true - requiredDropCapabilities: - - ALL - runAsUser: - rule: RunAsAny - seLinux: - rule: RunAsAny - supplementalGroups: - rule: RunAsAny - volumes: - - configMap - - secret - - emptyDir ---- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: @@ -1789,6 +1710,7 @@ webhooks: apiVersions: - v1beta1 operations: + - CREATE - DELETE resources: - bfdprofiles diff --git a/vagrant/Vagrantfile b/vagrant/Vagrantfile index 9c1b884..5b7b24c 100755 --- a/vagrant/Vagrantfile +++ b/vagrant/Vagrantfile @@ -50,7 +50,7 @@ Vagrant.configure("2") do |config| "master" => ["control1", "control2", "control3"], "node" => ["node1", "node2"], "k3s_cluster:children" => ["master", "node"], - "k3s_cluster:vars" => {"k3s_version" => "v1.24.3+k3s1", + "k3s_cluster:vars" => {"k3s_version" => "v1.24.4+k3s1", "ansible_user" => "vagrant", "systemd_dir" => "/etc/systemd/system", "flannel_iface" => "eth1",