upgrade k3s to v1.24.4+k3s1 (techno-tim#64)

* feat(k3s): Upgrade to v1.24.4+k3s1 * feat(metallb): updated to v0.13.5
sethbrasile · Sep 2, 2022 · 6695d13 · 6695d13
1 parent 74e1dc1
commit 6695d13
Show file tree

Hide file tree

Showing 3 changed files with 5 additions and 83 deletions.
diff --git a/inventory/sample/group_vars/all.yml b/inventory/sample/group_vars/all.yml
@@ -1,5 +1,5 @@
 ---
-k3s_version: v1.24.3+k3s1
+k3s_version: v1.24.4+k3s1
 # this is the user that has ssh access to these machines
 ansible_user: ansibleuser
 systemd_dir: /etc/systemd/system
@@ -25,8 +25,8 @@ extra_agent_args: ""
 kube_vip_tag_version: "v0.5.0"
 
 # image tag for metal lb
-metal_lb_speaker_tag_version: "v0.13.4"
-metal_lb_controller_tag_version: "v0.13.4"
+metal_lb_speaker_tag_version: "v0.13.5"
+metal_lb_controller_tag_version: "v0.13.5"
 
 # metallb ip range for load balancer
 metal_lb_ip_range: "192.168.30.80-192.168.30.90"
diff --git a/roles/k3s/master/templates/metallb.crds.j2 b/roles/k3s/master/templates/metallb.crds.j2
@@ -1118,85 +1118,6 @@ metadata:
  name: speaker
  namespace: metallb-system
 ---
-apiVersion: policy/v1beta1
-kind: PodSecurityPolicy
-metadata:
- labels:
- app: metallb
- name: controller
-spec:
- allowPrivilegeEscalation: false
- allowedCapabilities: []
- allowedHostPaths: []
- defaultAddCapabilities: []
- defaultAllowPrivilegeEscalation: false
- fsGroup:
- ranges:
- - max: 65535
- min: 1
- rule: MustRunAs
- hostIPC: false
- hostNetwork: false
- hostPID: false
- privileged: false
- readOnlyRootFilesystem: true
- requiredDropCapabilities:
- - ALL
- runAsUser:
- ranges:
- - max: 65535
- min: 1
- rule: MustRunAs
- seLinux:
- rule: RunAsAny
- supplementalGroups:
- ranges:
- - max: 65535
- min: 1
- rule: MustRunAs
- volumes:
- - configMap
- - secret
- - emptyDir
----
-apiVersion: policy/v1beta1
-kind: PodSecurityPolicy
-metadata:
- labels:
- app: metallb
- name: speaker
-spec:
- allowPrivilegeEscalation: false
- allowedCapabilities:
- - NET_RAW
- allowedHostPaths: []
- defaultAddCapabilities: []
- defaultAllowPrivilegeEscalation: false
- fsGroup:
- rule: RunAsAny
- hostIPC: false
- hostNetwork: true
- hostPID: false
- hostPorts:
- - max: 7472
- min: 7472
- - max: 7946
- min: 7946
- privileged: true
- readOnlyRootFilesystem: true
- requiredDropCapabilities:
- - ALL
- runAsUser:
- rule: RunAsAny
- seLinux:
- rule: RunAsAny
- supplementalGroups:
- rule: RunAsAny
- volumes:
- - configMap
- - secret
- - emptyDir
----
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
@@ -1789,6 +1710,7 @@ webhooks:
  apiVersions:
  - v1beta1
  operations:
+ - CREATE
  - DELETE
  resources:
  - bfdprofiles

diff --git a/vagrant/Vagrantfile b/vagrant/Vagrantfile
@@ -50,7 +50,7 @@ Vagrant.configure("2") do |config|
  "master" => ["control1", "control2", "control3"],
  "node" => ["node1", "node2"],
  "k3s_cluster:children" => ["master", "node"],
- "k3s_cluster:vars" => {"k3s_version" => "v1.24.3+k3s1",
+ "k3s_cluster:vars" => {"k3s_version" => "v1.24.4+k3s1",
  "ansible_user" => "vagrant",
  "systemd_dir" => "/etc/systemd/system",
  "flannel_iface" => "eth1",