diff --git a/.github/actions/molecule-test/action.yml b/.github/actions/molecule-test/action.yml index 914a7a81..8ed3c7d9 100644 --- a/.github/actions/molecule-test/action.yml +++ b/.github/actions/molecule-test/action.yml @@ -15,7 +15,7 @@ inputs: runs: using: "composite" steps: - - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # 5.2.0 + - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # 5.3.0 with: python-version: "3.x" - uses: syphar/restore-virtualenv@e536692e76315a068b4905f792e25febfe6d4391 # 1.3 diff --git a/.github/actions/vagrant-setup/action.yml b/.github/actions/vagrant-setup/action.yml index 97946d6c..93409303 100644 --- a/.github/actions/vagrant-setup/action.yml +++ b/.github/actions/vagrant-setup/action.yml @@ -12,7 +12,7 @@ runs: using: "composite" steps: - name: Cache Vagrant boxes - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # 4.0.2 + uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # 4.1.2 with: path: ~/.vagrant.d/boxes key: ${{ runner.os }}-vagrant-ubuntu-bionic-${{ hashFiles('distros_supported.yml') }} diff --git a/.github/workflows/diagram.yml b/.github/workflows/diagram.yml index 62fc526e..9104cce4 100644 --- a/.github/workflows/diagram.yml +++ b/.github/workflows/diagram.yml @@ -23,7 +23,7 @@ jobs: pull-requests: write runs-on: ubuntu-latest steps: - - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # 4.2.0 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # 4.2.2 - name: Update diagram uses: githubocto/repo-visualizer@a999615bdab757559bf94bda1fe6eef232765f85 # 0.9.1 with: diff --git a/.github/workflows/distros.yml b/.github/workflows/distros.yml index 6b20077f..ce1e8fef 100644 --- a/.github/workflows/distros.yml +++ b/.github/workflows/distros.yml @@ -20,8 +20,8 @@ jobs: pull-requests: write # for technote-space/create-pr-action to create a PR runs-on: macos-12 steps: - - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # 4.2.0 - - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # 4.0.2 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # 4.2.2 + - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # 4.1.2 with: path: ~/.vagrant.d/boxes key: ${{ runner.os }}-vagrant-${{ hashFiles('distros_supported.yml') }} diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml index 623f9b46..975ab490 100644 --- a/.github/workflows/linter.yml +++ b/.github/workflows/linter.yml @@ -17,9 +17,9 @@ jobs: name: Count Lines of Code runs-on: ubuntu-latest steps: - - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # 4.2.0 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # 4.2.2 - name: Setup Go - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # 5.0.2 + uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # 5.1.0 with: go-version: ">=1.20.0" - name: Install dependencies @@ -30,14 +30,14 @@ jobs: name: Check documentation external links runs-on: ubuntu-latest steps: - - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # 4.2.0 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # 4.2.2 - name: Check broken links uses: gaurav-nelson/github-action-markdown-link-check@d53a906aa6b22b8979d33bc86170567e619495ec # 1.0.15 check-super-linter: name: Check syntax (super-linter) runs-on: ubuntu-latest steps: - - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # 4.2.0 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # 4.2.2 - name: Run super-linter validation uses: github/super-linter@b807e99ddd37e444d189cfd2c2ca1274d8ae8ef1 # 7 env: @@ -52,7 +52,7 @@ jobs: name: Check syntax (tox) runs-on: ubuntu-latest steps: - - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # 4.2.0 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # 4.2.2 - name: Install tox run: pip install tox - name: Run tox lint validation diff --git a/.github/workflows/on-demand_ci.yml b/.github/workflows/on-demand_ci.yml index d6c723db..68c3dc56 100644 --- a/.github/workflows/on-demand_ci.yml +++ b/.github/workflows/on-demand_ci.yml @@ -52,7 +52,7 @@ jobs: int_tests: "virtink" cert_manager_enabled: true steps: - - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # 4.2.0 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # 4.2.2 - uses: ./.github/actions/vagrant-up with: container-runtime: ${{ matrix.runtime }} @@ -72,7 +72,7 @@ jobs: outputs: scripts: ${{ steps.filter.outputs.scripts }} steps: - - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # 4.2.0 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # 4.2.2 - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # 3.0.2 if: ${{ !env.ACT }} id: filter @@ -87,7 +87,7 @@ jobs: needs: changes runs-on: ubuntu-latest steps: - - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # 4.2.0 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # 4.2.2 - name: Run the sh-checker uses: luizm/action-sh-checker@17bd25a6ee188d2b91f677060038f4ba37ba14b2 # 0.9.0 env: @@ -102,7 +102,7 @@ jobs: needs: changes runs-on: ubuntu-latest steps: - - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # 4.2.0 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # 4.2.2 - name: Install ShellSpec run: curl -fsSL https://github.com/shellspec/shellspec/releases/latest/download/shellspec-dist.tar.gz | tar -xz -C .. - name: Run Shellspec diff --git a/.github/workflows/on-demand_corner.yml b/.github/workflows/on-demand_corner.yml index c0860c5d..e98c8766 100644 --- a/.github/workflows/on-demand_corner.yml +++ b/.github/workflows/on-demand_corner.yml @@ -38,7 +38,7 @@ jobs: - test: kubewarden cert-mgr: true steps: - - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # 4.2.0 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # 4.2.2 - uses: ./.github/actions/vagrant-up with: cert-manager-enabled: ${{ matrix.cert-mgr }} diff --git a/.github/workflows/on-demand_molecule.yml b/.github/workflows/on-demand_molecule.yml index a2ce4271..e8903013 100644 --- a/.github/workflows/on-demand_molecule.yml +++ b/.github/workflows/on-demand_molecule.yml @@ -23,8 +23,8 @@ jobs: name: Pull python dependencies runs-on: macos-12 steps: - - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # 4.2.0 - - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # 5.2.0 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # 4.2.2 + - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # 5.3.0 with: python-version: "3.x" - uses: syphar/restore-virtualenv@e536692e76315a068b4905f792e25febfe6d4391 # 1.3 @@ -46,7 +46,7 @@ jobs: outputs: environments: ${{ steps.filter.outputs.changes }} steps: - - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # 4.2.0 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # 4.2.2 - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # 3.0.2 if: ${{ !env.ACT }} id: filter @@ -84,7 +84,7 @@ jobs: environment: ${{ fromJSON(needs.changes.outputs.environments) }} runs-on: macos-12 steps: - - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # 4.2.0 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # 4.2.2 if: matrix.environment != 'reqs' - uses: ./.github/actions/molecule-test if: matrix.environment != 'reqs' diff --git a/.github/workflows/on-demand_multus.yml b/.github/workflows/on-demand_multus.yml index 0e073446..01aaf419 100644 --- a/.github/workflows/on-demand_multus.yml +++ b/.github/workflows/on-demand_multus.yml @@ -35,7 +35,7 @@ jobs: KRD_MULTUS_ENABLED: true PKG_KREW_PLUGINS_LIST: "cert-manager" steps: - - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # 4.2.0 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # 4.2.2 - name: Deploy services run: KRD_FOLDER=$(git rev-parse --show-toplevel) ./aio.sh - name: Run Sonobuoy tool diff --git a/.github/workflows/on-demand_virtlet.yml b/.github/workflows/on-demand_virtlet.yml index 782c0bff..11d55cce 100644 --- a/.github/workflows/on-demand_virtlet.yml +++ b/.github/workflows/on-demand_virtlet.yml @@ -25,7 +25,7 @@ jobs: ( github.event_name == 'pull_request_review' && github.event.review.state == 'approved' ) || github.event_name != 'pull_request_review' runs-on: macos-12 steps: - - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # 4.2.0 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # 4.2.2 - uses: ./.github/actions/vagrant-up with: kube-version: v1.18.17 diff --git a/.github/workflows/rebase.yml b/.github/workflows/rebase.yml index cc320e4f..8367ef39 100644 --- a/.github/workflows/rebase.yml +++ b/.github/workflows/rebase.yml @@ -19,7 +19,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout the latest code - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # 4.2.0 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # 4.2.2 with: token: ${{ secrets.GITHUB_TOKEN }} fetch-depth: 0 diff --git a/.github/workflows/scheduled_ci.yml b/.github/workflows/scheduled_ci.yml index a82e29c5..c742b477 100644 --- a/.github/workflows/scheduled_ci.yml +++ b/.github/workflows/scheduled_ci.yml @@ -23,7 +23,7 @@ jobs: KRD_ANSIBLE_DEBUG: true KRD_CONTAINER_RUNTIME: crio steps: - - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # 4.2.0 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # 4.2.2 - name: Deploy services run: KRD_FOLDER=$(git rev-parse --show-toplevel) ./aio.sh - name: Run Dashboard test diff --git a/.github/workflows/scheduled_distros.yml b/.github/workflows/scheduled_distros.yml index be59c88a..73702d97 100644 --- a/.github/workflows/scheduled_distros.yml +++ b/.github/workflows/scheduled_distros.yml @@ -17,7 +17,7 @@ jobs: generate-json-matrix: runs-on: ubuntu-latest steps: - - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # 4.2.0 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # 4.2.2 - name: Get matrix values id: set-matrix run: | @@ -45,7 +45,7 @@ jobs: matrix: include: ${{ fromJson(needs.generate-json-matrix.outputs.matrix) }} steps: - - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # 4.2.0 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # 4.2.2 - name: Running Flannel CNI with ContainerD runtime if: ${{ always() }} uses: ./.github/actions/vagrant-up diff --git a/.github/workflows/spell.yml b/.github/workflows/spell.yml index 2522d84c..f2b9c68b 100644 --- a/.github/workflows/spell.yml +++ b/.github/workflows/spell.yml @@ -22,7 +22,7 @@ jobs: name: Check spelling (reviewdog) runs-on: ubuntu-latest steps: - - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # 4.2.0 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # 4.2.2 - uses: reviewdog/action-misspell@1de44e0dd5efaaddf131937e4892afd8a0dc4b13 # 1.23.0 with: github_token: ${{ secrets.github_token }} @@ -30,6 +30,6 @@ jobs: name: Check spelling (pyspelling) runs-on: ubuntu-latest steps: - - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # 4.2.0 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # 4.2.2 - uses: igsekor/pyspelling-any@155eb06641bb9259cab59b5126a40be943ecb4f7 # 1.0.4 name: Spellcheck diff --git a/.github/workflows/update.yml b/.github/workflows/update.yml index 0eae1cdf..4425da03 100644 --- a/.github/workflows/update.yml +++ b/.github/workflows/update.yml @@ -20,7 +20,7 @@ jobs: pull-requests: write # for technote-space/create-pr-action to create a PR runs-on: ubuntu-latest steps: - - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # 4.2.0 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # 4.2.2 - uses: technote-space/create-pr-action@91114507cf92349bec0a9a501c2edf1635427bc5 # 2.1.4 with: EXECUTE_COMMANDS: | @@ -34,7 +34,7 @@ jobs: check-dictionary: runs-on: ubuntu-latest steps: - - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # 4.2.0 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # 4.2.2 - uses: technote-space/create-pr-action@91114507cf92349bec0a9a501c2edf1635427bc5 # 2.1.4 with: EXECUTE_COMMANDS: | diff --git a/_chart_installers.sh b/_chart_installers.sh index e0ea3ed2..53083f14 100755 --- a/_chart_installers.sh +++ b/_chart_installers.sh @@ -105,7 +105,7 @@ function _install_chart { eval "$cmd" "$name" "$chart" fi - [[ $wait == "true" ]] && wait_for_pods "$namespace" + [[ $wait != "true" ]] || wait_for_pods "$namespace" } function _add_helm_repo { @@ -279,9 +279,8 @@ function _install_arc_controller { function install_chart_arc { ! kubectl get crds autoscalinglisteners.actions.github.com >/dev/null && _install_arc_controller - namespace="${KRD_ARC_GITHUB_URL##*/}-runners" + namespace="default" KRD_CHART_VALUES="githubConfigUrl=$KRD_ARC_GITHUB_URL,githubConfigSecret=gh-runners-token" - ! kubectl get namespaces "${namespace}" && kubectl create namespace "${namespace}" ! kubectl get secrets -n "${namespace}" gh-runners-token && kubectl -n "${namespace}" create secret generic gh-runners-token --from-literal=github_token="$KRD_ARC_TOKEN" ! helm get metadata arc-runner-set -n "${namespace}" >/dev/null && _install_chart arc-runner-set oci://ghcr.io/actions/actions-runner-controller-charts/gha-runner-scale-set "$namespace" "false" if kubectl get crds virtualmachines.kubevirt.io >/dev/null; then diff --git a/ci/update_versions.sh b/ci/update_versions.sh index 4f202859..2bc77f3b 100755 --- a/ci/update_versions.sh +++ b/ci/update_versions.sh @@ -223,8 +223,10 @@ wget -q -O ./resources/checkov-job.yaml https://raw.githubusercontent.com/bridge sed -i "s|image.tag=.*|image.tag=v$(get_version docker_tag rancher/metrics-server),args[0]='--kubelet-insecure-tls',args[1]='--kubelet-preferred-address-types=InternalIP'\" _install_chart metrics-server metrics-server/metrics-server default|g" _chart_installers.sh # Update Rook test resources -wget -q -O ./tests/resources/rook/toolbox.yaml https://raw.githubusercontent.com/rook/rook/master/deploy/examples/toolbox.yaml -wget -q -O ./tests/resources/rook/cluster-test.yaml https://raw.githubusercontent.com/rook/rook/master/deploy/examples/cluster-test.yaml +rook_version=$(get_version github_tag rook/rook) +wget -q -O ./tests/resources/rook/toolbox.yaml "https://raw.githubusercontent.com/rook/rook/refs/tags/v$rook_version/deploy/examples/toolbox.yaml" +wget -q -O ./tests/resources/rook/cluster-test.yaml "https://raw.githubusercontent.com/rook/rook/refs/tags/v$rook_version/deploy/examples/cluster-test.yaml" +wget -q -O ./resources/storageclass.yml "https://raw.githubusercontent.com/rook/rook/refs/tags/v$rook_version/deploy/examples/csi/rbd/storageclass.yaml" # Update K8sGPT resources sed -i "s/version: .*/version: v$(get_version github_release k8sgpt-ai/k8sgpt)/g" resources/k8sgpt-local.yml diff --git a/defaults.env b/defaults.env index 33dfd306..5e07c966 100755 --- a/defaults.env +++ b/defaults.env @@ -59,7 +59,7 @@ export KRD_KNATIVE_SERVING_ENABLED=${KRD_KNATIVE_SERVING_ENABLED:-true} export KRD_KNATIVE_SERVING_CERT_MANAGER_ENABLED=${KRD_KNATIVE_SERVING_CERT_MANAGER_ENABLED:-false} export KRD_KNATIVE_EVENTING_ENABLED=${KRD_KNATIVE_EVENTING_ENABLED:-false} # TODO: Remove KRD_CERT_MANAGER_VERSION variable once the update is available in upstream (https://github.com/kubernetes-sigs/kubespray/pull/8377) -export KRD_CERT_MANAGER_VERSION=${KRD_CERT_MANAGER_VERSION:-v1.16.0} +export KRD_CERT_MANAGER_VERSION=${KRD_CERT_MANAGER_VERSION:-v1.16.2} export KRD_YOUKI_ENABLED=${KRD_YOUKI_ENABLED:-false} export KRD_CALICO_IPIP_MODE=${KRD_CALICO_IPIP_MODE:-Never} export KRD_CALICO_VXLAN_MODE=${KRD_CALICO_VXLAN_MODE:-Never} diff --git a/galaxy-requirements.yml b/galaxy-requirements.yml index b3175bb0..b379dd4d 100644 --- a/galaxy-requirements.yml +++ b/galaxy-requirements.yml @@ -9,7 +9,7 @@ ############################################################################## roles: - name: geerlingguy.docker - version: 7.4.1 + version: 7.4.3 - name: geerlingguy.repo-epel version: 3.1.1 - name: andrewrothstein.gcc-toolbox @@ -17,13 +17,13 @@ roles: - name: andrewrothstein.kind version: v1.2.12 - name: andrewrothstein.kubectl - version: v1.4.0 + version: v1.4.1 collections: - name: kubernetes.core version: 5.0.0 - name: community.docker - version: 3.13.0 + version: 4.1.0 - name: ansible.posix - version: 1.6.0 + version: 1.6.2 - name: community.general - version: 9.4.0 + version: 10.0.1 diff --git a/playbooks/krd-vars.yml b/playbooks/krd-vars.yml index 029ed800..63bf9030 100644 --- a/playbooks/krd-vars.yml +++ b/playbooks/krd-vars.yml @@ -10,28 +10,28 @@ kpt_version: 1.0.0-beta.55 go_version: 1.15.3 kubespray_version: v2.26.0 -istio_version: 1.23.2 +istio_version: 1.24.1 cfssl_version: 1.6.5 sonobuoy_version: 0.57.2 mitogen_version: 0.2.10 # Knative versions -kn_version: knative-v1.15.0 -knative_serving_version: knative-v1.15.2 -knative_eventing_version: v0.42.1 +kn_version: knative-v1.16.0 +knative_serving_version: knative-v1.16.0 +knative_eventing_version: v0.43.2 ## Knative Sandbox versions -net_kourier_version: knative-v1.15.1 -net_istio_version: vknative-v1.15.1 +net_kourier_version: knative-v1.16.0 +net_istio_version: vknative-v1.16.0 net_certmanager_version: vknative-v1.14.0 octant_version: 0.25.1 -kube-ovn_version: vkube-ovn-v1.12.26 -prometheus-operator_version: v0.77.1 -kubevirt_version: v1.3.1 -containerized_data_importer_version: v1.60.3 +kube-ovn_version: vkube-ovn-1.13.0 +prometheus-operator_version: v0.78.2 +kubevirt_version: v1.4.0 +containerized_data_importer_version: v1.60.4 virtink_version: v0.16.0 kubesphere_version: v4.1.2 metallb_version: v0.14.8 qat_plugin_mode: "{{ lookup('env', 'KRD_QAT_PLUGIN_MODE') | default('dpdk') }}" qat_plugin_version: "0.15.0" -argocd_version: v2.12.5 -tekton_version: v0.73.1 +argocd_version: v2.13.1 +tekton_version: v0.74.0 kubevirt_tekton_tasks_version: v0.22.0 diff --git a/playbooks/roles/nfd/defaults/main.yml b/playbooks/roles/nfd/defaults/main.yml index 4c84a1ee..d694fad3 100644 --- a/playbooks/roles/nfd/defaults/main.yml +++ b/playbooks/roles/nfd/defaults/main.yml @@ -8,4 +8,4 @@ # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## nfd_template_folder: "/tmp/nfd_k8s" -nfd_version: v0.16.4 +nfd_version: v0.16.6 diff --git a/resources/checkov-job.yaml b/resources/checkov-job.yaml index f66a6e33..a94d41d1 100644 --- a/resources/checkov-job.yaml +++ b/resources/checkov-job.yaml @@ -169,7 +169,6 @@ spec: template: metadata: annotations: - seccomp.security.alpha.kubernetes.io/pod: runtime/default checkov.io/skip1: CKV_K8S_22=Checkov requires filesystem write access to dump resource definitions checkov.io/skip2: CKV_K8S_38=Service Account is required for read-only API access checkov.io/skip3: CKV_K8S_14=Preferring latest rules every run - image pull always @@ -178,6 +177,8 @@ spec: securityContext: runAsUser: 12000 runAsNonRoot: true + seccompProfile: + type: RuntimeDefault restartPolicy: Never serviceAccountName: checkov containers: diff --git a/resources/k8sgpt-local.yml b/resources/k8sgpt-local.yml index 9ee8f74a..b8703ee1 100644 --- a/resources/k8sgpt-local.yml +++ b/resources/k8sgpt-local.yml @@ -18,5 +18,5 @@ spec: backend: localai baseUrl: http://local-ai.local-ai-system.svc.cluster.local:8080/v1 enabled: true - version: v0.3.41 + version: v0.3.46 noCache: false diff --git a/resources/kubevirt-runner.yml b/resources/kubevirt-runner.yml index 4a38f6c1..f6001e04 100644 --- a/resources/kubevirt-runner.yml +++ b/resources/kubevirt-runner.yml @@ -12,12 +12,19 @@ kind: VirtualMachine metadata: name: vm-template spec: + dataVolumeTemplates: + - metadata: + name: ubuntu-dv + spec: + storage: {} + source: + pvc: + name: ubuntu-img-jammy runStrategy: Manual template: metadata: name: runner spec: - architecture: amd64 terminationGracePeriodSeconds: 30 domain: devices: @@ -25,7 +32,7 @@ spec: - name: runner-info virtiofs: {} disks: - - name: containerdisk + - name: os disk: bus: virtio - name: cloudinitdisk @@ -35,35 +42,24 @@ spec: - name: default masquerade: {} cpu: - cores: 3 + cores: 2 resources: requests: - memory: 14Gi + memory: 8G networks: - name: default pod: {} volumes: - - name: containerdisk - containerDisk: - image: quay.io/containerdisks/fedora:latest + - dataVolume: + name: ubuntu-dv + name: os - name: cloudinitdisk cloudInitNoCloud: userData: |- #cloud-config - users: - - name: runner - homedir: /home/runner - sudo: ["ALL=(ALL) NOPASSWD:ALL"] mounts: - [ runner-info, /runner-info/, virtiofs, "rw,relatime,user=runner" ] - packages: - - jq - bootcmd: - - "sudo mkdir /opt/runner" - - "curl -sL https://github.com/actions/runner/releases/download/v2.320.0/actions-runner-linux-x64-2.320.0.tar.gz | sudo tar -xz -C /opt/runner" - - "sudo /opt/runner/bin/installdependencies.sh" runcmd: - - "sudo chown -R runner: /opt/runner" - "sudo runuser -l runner -c '/opt/runner/run.sh --jitconfig $(jq -r '.jitconfig' /runner-info/runner-info.json)'" power_state: delay: now diff --git a/resources/storageclass.yml b/resources/storageclass.yml index 16fcf9b1..af3ae21e 100644 --- a/resources/storageclass.yml +++ b/resources/storageclass.yml @@ -1,38 +1,89 @@ --- -# SPDX-license-identifier: Apache-2.0 -############################################################################## -# Copyright (c) 2021 -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## apiVersion: ceph.rook.io/v1 kind: CephBlockPool metadata: name: replicapool - namespace: rook-ceph + namespace: rook-ceph # namespace:cluster spec: + failureDomain: host replicated: size: 3 + # Disallow setting pool with replica 1, this could lead to data loss without recovery. + # Make sure you're *ABSOLUTELY CERTAIN* that is what you want + requireSafeReplicaSize: true + # gives a hint (%) to Ceph in terms of expected consumption of the total cluster capacity of a given pool + # for more info: https://docs.ceph.com/docs/master/rados/operations/placement-groups/#specifying-expected-pool-size + #targetSizeRatio: .5 --- apiVersion: storage.k8s.io/v1 kind: StorageClass metadata: name: rook-ceph-block -provisioner: ceph.rook.io/block -# Works for Kubernetes 1.14+ -allowVolumeExpansion: true +provisioner: rook-ceph.rbd.csi.ceph.com # csi-provisioner-name parameters: - blockPool: replicapool - # Specify the namespace of the rook cluster from which to create volumes. - # If not specified, it will use `rook` as the default namespace of the cluster. - # This is also the namespace where the cluster will be - clusterNamespace: rook-ceph - # Specify the filesystem type of the volume. If not specified, it will use `ext4`. - fstype: ext4 - # (Optional) Specify an existing Ceph user that will be used for mounting storage with this StorageClass. - # mountUser: user1 - # (Optional) Specify an existing Kubernetes secret name containing just one key holding the Ceph user secret. - # The secret must exist in each namespace(s) where the storage will be consumed. - # mountSecret: ceph-user1-secret + # clusterID is the namespace where the rook cluster is running + # If you change this namespace, also change the namespace below where the secret namespaces are defined + clusterID: rook-ceph # namespace:cluster + # If you want to use erasure coded pool with RBD, you need to create + # two pools. one erasure coded and one replicated. + # You need to specify the replicated pool here in the `pool` parameter, it is + # used for the metadata of the images. + # The erasure coded pool must be set as the `dataPool` parameter below. + #dataPool: ec-data-pool + pool: replicapool + # (optional) mapOptions is a comma-separated list of map options. + # For krbd options refer + # https://docs.ceph.com/docs/master/man/8/rbd/#kernel-rbd-krbd-options + # For nbd options refer + # https://docs.ceph.com/docs/master/man/8/rbd-nbd/#options + # mapOptions: lock_on_read,queue_depth=1024 + + # (optional) unmapOptions is a comma-separated list of unmap options. + # For krbd options refer + # https://docs.ceph.com/docs/master/man/8/rbd/#kernel-rbd-krbd-options + # For nbd options refer + # https://docs.ceph.com/docs/master/man/8/rbd-nbd/#options + # unmapOptions: force + + # (optional) Set it to true to encrypt each volume with encryption keys + # from a key management system (KMS) + # encrypted: "true" + + # (optional) Use external key management system (KMS) for encryption key by + # specifying a unique ID matching a KMS ConfigMap. The ID is only used for + # correlation to configmap entry. + # encryptionKMSID: + + # RBD image format. Defaults to "2". + imageFormat: "2" + # RBD image features + # Available for imageFormat: "2". Older releases of CSI RBD + # support only the `layering` feature. The Linux kernel (KRBD) supports the + # full complement of features as of 5.4 + # `layering` alone corresponds to Ceph's bitfield value of "2" ; + # `layering` + `fast-diff` + `object-map` + `deep-flatten` + `exclusive-lock` together + # correspond to Ceph's OR'd bitfield value of "63". Here we use + # a symbolic, comma-separated format: + # For 5.4 or later kernels: + #imageFeatures: layering,fast-diff,object-map,deep-flatten,exclusive-lock + # For 5.3 or earlier kernels: + imageFeatures: layering + # The secrets contain Ceph admin credentials. These are generated automatically by the operator + # in the same namespace as the cluster. + csi.storage.k8s.io/provisioner-secret-name: rook-csi-rbd-provisioner + csi.storage.k8s.io/provisioner-secret-namespace: rook-ceph # namespace:cluster + csi.storage.k8s.io/controller-expand-secret-name: rook-csi-rbd-provisioner + csi.storage.k8s.io/controller-expand-secret-namespace: rook-ceph # namespace:cluster + csi.storage.k8s.io/node-stage-secret-name: rook-csi-rbd-node + csi.storage.k8s.io/node-stage-secret-namespace: rook-ceph # namespace:cluster + # Specify the filesystem type of the volume. If not specified, csi-provisioner + # will set default as `ext4`. Note that `xfs` is not recommended due to potential deadlock + # in hyperconverged settings where the volume is mounted on the same node as the osds. + csi.storage.k8s.io/fstype: ext4 +# uncomment the following to use rbd-nbd as mounter on supported nodes +# **IMPORTANT**: CephCSI v3.4.0 onwards a volume healer functionality is added to reattach +# the PVC to application pod if nodeplugin pod restart. +# Its still in Alpha support. Therefore, this option is not recommended for production use. +#mounter: rbd-nbd +allowVolumeExpansion: true +reclaimPolicy: Delete diff --git a/test-requirements.txt b/test-requirements.txt index 03100866..8e7445c7 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -8,7 +8,7 @@ ansible-compat==24.9.1 # via # ansible-lint # molecule -ansible-core==2.17.5 +ansible-core==2.17.7 # via # ansible-compat # ansible-lint