k8s 1.25 (#741)

* k8s 1.25 * delete PSP files
giantswarm · May 2, 2024 · ba298d5 · ba298d5
1 parent 1441a9b
commit ba298d5
Show file tree

Hide file tree

Showing 10 changed files with 10 additions and 96 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -7,6 +7,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+### Changed
+
+- Bump kubernetes to `1.25.15`.
+
 ## [15.0.1] - 2024-04-30
 
 ### Fixed

diff --git a/platforms/aws/giantnetes/variables.tf b/platforms/aws/giantnetes/variables.tf
@@ -173,7 +173,7 @@ variable "docker_registry_mirror" {
 
 variable "hyperkube_version" {
   type    = string
-  default = "1.24.17"
+  default = "1.25.15"
 }
 
 ### DNS ###

diff --git a/platforms/azure/giantnetes/variables.tf b/platforms/azure/giantnetes/variables.tf
@@ -138,7 +138,7 @@ variable "flatcar_linux_channel" {
 variable "flatcar_linux_version" {
   description = "Flatcar linux version."
   type        = string
-  default     = "3602.2.1"
+  default     = "3602.2.2"
 }
 
 variable "vault_image_publisher" {
@@ -168,7 +168,7 @@ variable "docker_registry_mirror" {
 
 variable "hyperkube_version" {
   type    = string
-  default = "1.24.17"
+  default = "1.25.15"
 }
 
 variable "pod_infra_image" {

diff --git a/templates/files/conf/k8s-addons b/templates/files/conf/k8s-addons
@@ -39,10 +39,7 @@ do
 done
 
 # apply Security bootstrap (RBAC and PSP)
-SECURITY_FILES="rbac-bindings.yaml
- psp-policies.yaml
- psp-roles.yaml
- psp-bindings.yaml"
+SECURITY_FILES="rbac-bindings.yaml"
 for manifest in $SECURITY_FILES
 do
     while

diff --git a/templates/files/k8s-resource/psp-bindings.yaml b/templates/files/k8s-resource/psp-bindings.yaml
diff --git a/templates/files/k8s-resource/psp-policies.yaml b/templates/files/k8s-resource/psp-policies.yaml
diff --git a/templates/files/k8s-resource/psp-roles.yaml b/templates/files/k8s-resource/psp-roles.yaml
diff --git a/templates/files/manifests/controller-manager.yaml b/templates/files/manifests/controller-manager.yaml
@@ -24,7 +24,7 @@ spec:
       - --profiling=false
       - --terminated-pod-gc-threshold=10
       - --use-service-account-credentials=true
-      - --feature-gates=ExpandPersistentVolumes=true,TTLAfterFinished=true
+      - --feature-gates=ExpandPersistentVolumes=true
       - --kubeconfig=/etc/kubernetes/kubeconfig/controller-manager.yaml
       - --root-ca-file=/etc/kubernetes/ssl/apiserver-ca.pem
       - --service-account-private-key-file=/etc/kubernetes/ssl/service-account-key.pem

diff --git a/templates/files/manifests/k8s-api-server.yaml.tmpl b/templates/files/manifests/k8s-api-server.yaml.tmpl
@@ -27,7 +27,7 @@ spec:
       - --bind-address=0.0.0.0
       - --etcd-prefix=giantswarm.io
       - --authorization-mode=RBAC
-      - --enable-admission-plugins=NamespaceLifecycle,LimitRanger,ServiceAccount,ResourceQuota,PodSecurityPolicy,PersistentVolumeClaimResize,DefaultStorageClass,Priority,DefaultTolerationSeconds,MutatingAdmissionWebhook,ValidatingAdmissionWebhook
+      - --enable-admission-plugins=NamespaceLifecycle,LimitRanger,ServiceAccount,ResourceQuota,PersistentVolumeClaimResize,DefaultStorageClass,Priority,DefaultTolerationSeconds,MutatingAdmissionWebhook,ValidatingAdmissionWebhook
       - --service-cluster-ip-range={{ .K8SServiceCIDR }}
       - --etcd-servers=https://{{if eq .Provider "azure" }}127.0.0.1{{else}}{{ .ETCDDomainName }}{{end}}:2379
       - --etcd-cafile=/etc/kubernetes/ssl/etcd/server-ca.pem
@@ -45,7 +45,6 @@ spec:
       - --service-account-signing-key-file=/etc/kubernetes/ssl/service-account-key.pem
       - --service-account-issuer=https://{{ .APIDomainName }}
       - --api-audiences=https://{{ .APIDomainName }}
-      - --feature-gates=TTLAfterFinished=true
       - --audit-log-path=/var/log/apiserver/audit.log
       - --audit-log-maxage=30
       - --audit-log-maxbackup=30

diff --git a/templates/master.yaml.tmpl b/templates/master.yaml.tmpl
@@ -91,36 +91,6 @@ storage:
       contents:
         source: "data:text/plain;charset=utf-8;base64,{{ index .Files "k8s-resource/rbac-bindings.yaml" }}"
 
-    - path: /srv/psp-policies.yaml
-      filesystem: root
-      mode: 420
-      user:
-        id: 0
-      group:
-        id: 0
-      contents:
-        source: "data:text/plain;charset=utf-8;base64,{{ index .Files "k8s-resource/psp-policies.yaml" }}"
-
-    - path: /srv/psp-roles.yaml
-      filesystem: root
-      mode: 420
-      user:
-        id: 0
-      group:
-        id: 0
-      contents:
-        source: "data:text/plain;charset=utf-8;base64,{{ index .Files "k8s-resource/psp-roles.yaml" }}"
-
-    - path: /srv/psp-bindings.yaml
-      filesystem: root
-      mode: 420
-      user:
-        id: 0
-      group:
-        id: 0
-      contents:
-        source: "data:text/plain;charset=utf-8;base64,{{ index .Files "k8s-resource/psp-bindings.yaml" }}"
-
     - path: /srv/vault-token-reviewer.yaml
       filesystem: root
       mode: 420