Merge branch 'kubernetes-sigs:master' into cilium-update

.gitlab-ci.yml

@@ -27,6 +27,7 @@ variables:
   ANSIBLE_INVENTORY: ./inventory/sample/${CI_JOB_NAME}-${BUILD_NUMBER}.ini
   IDEMPOT_CHECK: "false"
   RESET_CHECK: "false"
+  REMOVE_NODE_CHECK: "false"
   UPGRADE_TEST: "false"
   MITOGEN_ENABLE: "false"
   ANSIBLE_LOG_LEVEL: "-vv"
@@ -80,3 +81,4 @@ include:
   - .gitlab-ci/terraform.yml
   - .gitlab-ci/packet.yml
   - .gitlab-ci/vagrant.yml
+  - .gitlab-ci/molecule.yml

.gitlab-ci/molecule.yml

@@ -0,0 +1,93 @@
+---
+
+.molecule:
+  tags: [c3.small.x86]
+  only: [/^pr-.*$/]
+  except: ['triggers']
+  image: quay.io/kubespray/vagrant:$KUBESPRAY_VERSION
+  services: []
+  stage: deploy-part1
+  before_script:
+    - tests/scripts/rebase.sh
+    - apt-get update && apt-get install -y python3-pip
+    - update-alternatives --install /usr/bin/python python /usr/bin/python3 10
+    - python -m pip uninstall -y ansible ansible-base ansible-core
+    - python -m pip install -r tests/requirements.txt
+    - ./tests/scripts/vagrant_clean.sh
+  script:
+    - ./tests/scripts/molecule_run.sh
+  after_script:
+    - chronic ./tests/scripts/molecule_logs.sh
+  artifacts:
+    when: always
+    paths:
+      - molecule_logs/
+
+# CI template for periodic CI jobs
+# Enabled when PERIODIC_CI_ENABLED var is set
+.molecule_periodic:
+  only:
+    variables:
+      - $PERIODIC_CI_ENABLED
+  allow_failure: true
+  extends: .molecule
+
+molecule_full:
+  extends: .molecule_periodic
+
+molecule_no_container_engines:
+  extends: .molecule
+  script:
+    - ./tests/scripts/molecule_run.sh -e container-engine
+  when: on_success
+
+molecule_docker:
+  extends: .molecule
+  script:
+    - ./tests/scripts/molecule_run.sh -i container-engine/docker
+  when: on_success
+
+molecule_containerd:
+  extends: .molecule
+  script:
+    - ./tests/scripts/molecule_run.sh -i container-engine/containerd
+  when: on_success
+
+molecule_cri-o:
+  extends: .molecule
+  stage: deploy-part2
+  script:
+    - ./tests/scripts/molecule_run.sh -i container-engine/cri-o
+  when: on_success
+
+molecule_cri-dockerd:
+  extends: .molecule
+  stage: deploy-part2
+  script:
+    - ./tests/scripts/molecule_run.sh -i container-engine/cri-dockerd
+  when: on_success
+
+# Stage 3 container engines don't get as much attention so allow them to fail
+molecule_kata:
+  extends: .molecule
+  stage: deploy-part3
+  allow_failure: true
+  script:
+    - ./tests/scripts/molecule_run.sh -i container-engine/kata-containers
+  when: on_success
+
+molecule_gvisor:
+  extends: .molecule
+  stage: deploy-part3
+  allow_failure: true
+  script:
+    - ./tests/scripts/molecule_run.sh -i container-engine/gvisor
+  when: on_success
+
+molecule_youki:
+  extends: .molecule
+  stage: deploy-part3
+  allow_failure: true
+  script:
+    - ./tests/scripts/molecule_run.sh -i container-engine/youki
+  when: on_success

.gitlab-ci/packet.yml

@@ -263,6 +263,13 @@ packet_centos7-docker-weave-upgrade-ha:
   variables:
     UPGRADE_TEST: basic
 
+packet_ubuntu20-calico-etcd-kubeadm-upgrade-ha:
+  stage: deploy-part3
+  extends: .packet_periodic
+  when: on_success
+  variables:
+    UPGRADE_TEST: basic
+
 # Calico HA Wireguard
 packet_ubuntu20-calico-ha-wireguard:
   stage: deploy-part2
@@ -276,6 +283,14 @@ packet_debian10-calico-upgrade:
   variables:
     UPGRADE_TEST: graceful
 
+packet_almalinux8-calico-remove-node:
+  stage: deploy-part3
+  extends: .packet_pr
+  when: on_success
+  variables:
+    REMOVE_NODE_CHECK: "true"
+    REMOVE_NODE_NAME: "instance-3"
+
 packet_debian10-calico-upgrade-once:
   stage: deploy-part3
   extends: .packet_periodic

.gitlab-ci/terraform.yml

@@ -60,11 +60,11 @@ tf-validate-openstack:
     PROVIDER: openstack
     CLUSTER: $CI_COMMIT_REF_NAME
 
-tf-validate-packet:
+tf-validate-metal:
   extends: .terraform_validate
   variables:
     TF_VERSION: $TERRAFORM_VERSION
-    PROVIDER: packet
+    PROVIDER: metal
     CLUSTER: $CI_COMMIT_REF_NAME
 
 tf-validate-aws:

.gitlab-ci/vagrant.yml

@@ -1,28 +1,5 @@
 ---
 
-molecule_tests:
-  tags: [c3.small.x86]
-  only: [/^pr-.*$/]
-  except: ['triggers']
-  image: quay.io/kubespray/vagrant:$KUBESPRAY_VERSION
-  services: []
-  stage: deploy-part1
-  before_script:
-    - tests/scripts/rebase.sh
-    - apt-get update && apt-get install -y python3-pip
-    - update-alternatives --install /usr/bin/python python /usr/bin/python3 10
-    - python -m pip uninstall -y ansible ansible-base ansible-core
-    - python -m pip install -r tests/requirements.txt
-    - ./tests/scripts/vagrant_clean.sh
-  script:
-    - ./tests/scripts/molecule_run.sh
-  after_script:
-    - chronic ./tests/scripts/molecule_logs.sh
-  artifacts:
-    when: always
-    paths:
-      - molecule_logs/
-
 .vagrant:
   extends: .testcases
   variables:

README.md

@@ -131,17 +131,17 @@ Note: Upstart/SysV init based OS types are not supported.
 ## Supported Components
 
 - Core
-  - [kubernetes](https://github.com/kubernetes/kubernetes) v1.23.5
-  - [etcd](https://github.com/etcd-io/etcd) v3.5.1
+  - [kubernetes](https://github.com/kubernetes/kubernetes) v1.23.6
+  - [etcd](https://github.com/etcd-io/etcd) v3.5.3
   - [docker](https://www.docker.com/) v20.10 (see note)
-  - [containerd](https://containerd.io/) v1.6.2
+  - [containerd](https://containerd.io/) v1.6.4
   - [cri-o](http://cri-o.io/) v1.22 (experimental: see [CRI-O Note](docs/cri-o.md). Only on fedora, ubuntu and centos based OS)
 - Network Plugin
   - [cni-plugins](https://github.com/containernetworking/plugins) v1.0.1
   - [calico](https://github.com/projectcalico/calico) v3.21.4
   - [canal](https://github.com/projectcalico/canal) (given calico/flannel versions)
   - [cilium](https://github.com/cilium/cilium) v1.11.1
-  - [flanneld](https://github.com/flannel-io/flannel) v0.15.1
+  - [flanneld](https://github.com/flannel-io/flannel) v0.17.0
   - [kube-ovn](https://github.com/alauda/kube-ovn) v1.8.1
   - [kube-router](https://github.com/cloudnativelabs/kube-router) v1.4.0
   - [multus](https://github.com/intel/multus-cni) v3.8

contrib/terraform/packet/README.md → contrib/terraform/metal/README.md

@@ -60,9 +60,9 @@ Terraform will be used to provision all of the Equinix Metal resources with base
 Create an inventory directory for your cluster by copying the existing sample and linking the `hosts` script (used to build the inventory based on Terraform state):
 
 ```ShellSession
-cp -LRp contrib/terraform/packet/sample-inventory inventory/$CLUSTER
+cp -LRp contrib/terraform/metal/sample-inventory inventory/$CLUSTER
 cd inventory/$CLUSTER
-ln -s ../../contrib/terraform/packet/hosts
+ln -s ../../contrib/terraform/metal/hosts
 ```
 
 This will be the base for subsequent Terraform commands.
@@ -101,7 +101,7 @@ This helps when identifying which hosts are associated with each cluster.
 While the defaults in variables.tf will successfully deploy a cluster, it is recommended to set the following values:
 
 - cluster_name = the name of the inventory directory created above as $CLUSTER
-- packet_project_id = the Equinix Metal Project ID associated with the Equinix Metal API token above
+- metal_project_id = the Equinix Metal Project ID associated with the Equinix Metal API token above
 
 #### Enable localhost access
 
@@ -119,7 +119,7 @@ Once the Kubespray playbooks are run, a Kubernetes configuration file will be wr
 
 In the cluster's inventory folder, the following files might be created (either by Terraform
 or manually), to prevent you from pushing them accidentally they are in a
-`.gitignore` file in the `terraform/packet` directory :
+`.gitignore` file in the `terraform/metal` directory :
 
 - `.terraform`
 - `.tfvars`
@@ -135,7 +135,7 @@ plugins. This is accomplished as follows:
 
 ```ShellSession
 cd inventory/$CLUSTER
-terraform init ../../contrib/terraform/packet
+terraform init ../../contrib/terraform/metal
 ```
 
 This should finish fairly quickly telling you Terraform has successfully initialized and loaded necessary modules.
@@ -146,7 +146,7 @@ You can apply the Terraform configuration to your cluster with the following com
 issued from your cluster's inventory directory (`inventory/$CLUSTER`):
 
 ```ShellSession
-terraform apply -var-file=cluster.tfvars ../../contrib/terraform/packet
+terraform apply -var-file=cluster.tfvars ../../contrib/terraform/metal
 export ANSIBLE_HOST_KEY_CHECKING=False
 ansible-playbook -i hosts ../../cluster.yml
 ```
@@ -156,7 +156,7 @@ ansible-playbook -i hosts ../../cluster.yml
 You can destroy your new cluster with the following command issued from the cluster's inventory directory:
 
 ```ShellSession
-terraform destroy -var-file=cluster.tfvars ../../contrib/terraform/packet
+terraform destroy -var-file=cluster.tfvars ../../contrib/terraform/metal
 ```
 
 If you've started the Ansible run, it may also be a good idea to do some manual cleanup:

contrib/terraform/packet/kubespray.tf → contrib/terraform/metal/kubespray.tf

@@ -1,63 +1,62 @@
 # Configure the Equinix Metal Provider
-provider "packet" {
-  version = "~> 2.0"
+provider "metal" {
 }
 
-resource "packet_ssh_key" "k8s" {
+resource "metal_ssh_key" "k8s" {
   count      = var.public_key_path != "" ? 1 : 0
   name       = "kubernetes-${var.cluster_name}"
   public_key = chomp(file(var.public_key_path))
 }
 
-resource "packet_device" "k8s_master" {
-  depends_on = [packet_ssh_key.k8s]
+resource "metal_device" "k8s_master" {
+  depends_on = [metal_ssh_key.k8s]
 
   count            = var.number_of_k8s_masters
   hostname         = "${var.cluster_name}-k8s-master-${count.index + 1}"
   plan             = var.plan_k8s_masters
   facilities       = [var.facility]
   operating_system = var.operating_system
   billing_cycle    = var.billing_cycle
-  project_id       = var.packet_project_id
+  project_id       = var.metal_project_id
   tags             = ["cluster-${var.cluster_name}", "k8s_cluster", "kube_control_plane", "etcd", "kube_node"]
 }
 
-resource "packet_device" "k8s_master_no_etcd" {
-  depends_on = [packet_ssh_key.k8s]
+resource "metal_device" "k8s_master_no_etcd" {
+  depends_on = [metal_ssh_key.k8s]
 
   count            = var.number_of_k8s_masters_no_etcd
   hostname         = "${var.cluster_name}-k8s-master-${count.index + 1}"
   plan             = var.plan_k8s_masters_no_etcd
   facilities       = [var.facility]
   operating_system = var.operating_system
   billing_cycle    = var.billing_cycle
-  project_id       = var.packet_project_id
+  project_id       = var.metal_project_id
   tags             = ["cluster-${var.cluster_name}", "k8s_cluster", "kube_control_plane"]
 }
 
-resource "packet_device" "k8s_etcd" {
-  depends_on = [packet_ssh_key.k8s]
+resource "metal_device" "k8s_etcd" {
+  depends_on = [metal_ssh_key.k8s]
 
   count            = var.number_of_etcd
   hostname         = "${var.cluster_name}-etcd-${count.index + 1}"
   plan             = var.plan_etcd
   facilities       = [var.facility]
   operating_system = var.operating_system
   billing_cycle    = var.billing_cycle
-  project_id       = var.packet_project_id
+  project_id       = var.metal_project_id
   tags             = ["cluster-${var.cluster_name}", "etcd"]
 }
 
-resource "packet_device" "k8s_node" {
-  depends_on = [packet_ssh_key.k8s]
+resource "metal_device" "k8s_node" {
+  depends_on = [metal_ssh_key.k8s]
 
   count            = var.number_of_k8s_nodes
   hostname         = "${var.cluster_name}-k8s-node-${count.index + 1}"
   plan             = var.plan_k8s_nodes
   facilities       = [var.facility]
   operating_system = var.operating_system
   billing_cycle    = var.billing_cycle
-  project_id       = var.packet_project_id
+  project_id       = var.metal_project_id
   tags             = ["cluster-${var.cluster_name}", "k8s_cluster", "kube_node"]
 }
 

contrib/terraform/metal/output.tf

@@ -0,0 +1,16 @@
+output "k8s_masters" {
+  value = metal_device.k8s_master.*.access_public_ipv4
+}
+
+output "k8s_masters_no_etc" {
+  value = metal_device.k8s_master_no_etcd.*.access_public_ipv4
+}
+
+output "k8s_etcds" {
+  value = metal_device.k8s_etcd.*.access_public_ipv4
+}
+
+output "k8s_nodes" {
+  value = metal_device.k8s_node.*.access_public_ipv4
+}
+

contrib/terraform/packet/sample-inventory/cluster.tfvars → contrib/terraform/metal/sample-inventory/cluster.tfvars

@@ -2,7 +2,7 @@
 cluster_name = "mycluster"
 
 # Your Equinix Metal project ID. See hhttps://metal.equinix.com/developers/docs/accounts/
-packet_project_id = "Example-API-Token"
+metal_project_id = "Example-API-Token"
 
 # The public SSH key to be uploaded into authorized_keys in bare metal Equinix Metal nodes provisioned
 # leave this value blank if the public key is already setup in the Equinix Metal project