Bump Kubernetes to v1.25.0

* Remove PodSecurityPolicies from k0s They were deprecated for a long time, and have been removed in Kubernetes 1.25. * Change to policy/v1/PodDisruptionBudget The old v1beta1 API Group has been removed in Kubernetes 1.25. * Update all versions in docs and tests Replace some real versions with fake versions in tests, so that they don't look real anymore and won't be bumped in the future. * Reword the docker-shim deprecation notice The wording sounded a anachronisitic, given that Kubernetes 1.25 is out. Signed-off-by: Tom Wieczorek <[email protected]>
wizpresso-steve-cy-fan · Sep 6, 2022 · 6743f9e · 6743f9e
1 parent 1ceeb35
commit 6743f9e
Show file tree

Hide file tree

Showing 49 changed files with 369 additions and 1,048 deletions.
diff --git a/.github/workflows/publish-docs-manual.yml b/.github/workflows/publish-docs-manual.yml
@@ -3,7 +3,7 @@ on:
   workflow_dispatch:
     inputs:
       version:
-        description: 'Version tag (e.g."v1.22.4+k0s.0")'
+        description: 'Version tag (e.g."v1.25.0+k0s.0")'
         required: true
 
 env:

diff --git a/cmd/controller/controller.go b/cmd/controller/controller.go
@@ -371,10 +371,6 @@ func (c *CmdOpts) startController(ctx context.Context) error {
 		))
 	}
 
-	if !slices.Contains(c.DisableComponents, constant.DefaultPspComponentName) {
-		c.ClusterComponents.Add(ctx, controller.NewDefaultPSP(c.K0sVars))
-	}
-
 	if !slices.Contains(c.DisableComponents, constant.KubeProxyComponentName) {
 		c.ClusterComponents.Add(ctx, controller.NewKubeProxy(c.K0sVars, c.NodeConfig))
 	}

diff --git a/docs/airgap-install.md b/docs/airgap-install.md
@@ -66,7 +66,7 @@ metadata:
   name: k0s-cluster
 spec:
   k0s:
-    version: 1.21.3+k0s.0
+    version: 1.25.0+k0s.0
   hosts:
     - role: controller
       ssh:

diff --git a/docs/autopilot-multicommand.md b/docs/autopilot-multicommand.md
@@ -62,20 +62,20 @@ processed by **autopilot**.
  6:  spec:
  7:    commands:
  8:    - airgapupdate:
- 9:        version: v1.24.3+k0s.0
+ 9:        version: v1.25.0+k0s.0
 10:        platforms:
 11:          linux-amd64:
-12:            url: https://github.com/k0sproject/k0s/releases/download/v1.24.3+k0s.0/k0s-airgap-bundle-v1.24.3+k0s.0-amd64
+12:            url: https://github.com/k0sproject/k0s/releases/download/v1.25.0+k0s.0/k0s-airgap-bundle-v1.25.0+k0s.0-amd64
 13:        workers:
 14:          discovery:
 15:            static:
 16:              nodes:
 17:              - worker0
 18:    - k0supdate:
-19:        version: v1.24.3+k0s.0
+19:        version: v1.25.0+k0s.0
 20:        platforms:
 21:          linux-amd64:
-22:            url: https://github.com/k0sproject/k0s/releases/download/v1.24.3+k0s.0/k0s-v1.24.3+k0s.0-amd64
+22:            url: https://github.com/k0sproject/k0s/releases/download/v1.25.0+k0s.0/k0s-v1.25.0+k0s.0-amd64
 23:        targets:
 24:          controllers:
 25:            discovery:

diff --git a/docs/autopilot.md b/docs/autopilot.md
@@ -104,10 +104,10 @@ spec:
 
   commands:
     - k0supdate:
-        version: v1.24.2+k0s.0
+        version: v1.25.0+k0s.0
         platforms:
           linux-amd64:
-            url: https://github.com/k0sproject/k0s/releases/download/v1.24.2+k0s.0/k0s-v1.24.2+k0s.0-amd64
+            url: https://github.com/k0sproject/k0s/releases/download/v1.25.0+k0s.0/k0s-v1.25.0+k0s.0-amd64
             sha256: 15469210b61da094c6783e65c15a4ac951e1c4c50ff9cf13f30437ada48f446b
         targets:
           controllers:

diff --git a/docs/configuration.md b/docs/configuration.md
@@ -67,8 +67,6 @@ spec:
     kubeProxy:
       disabled: false
       mode: iptables
-  podSecurityPolicy:
-    defaultPolicy: 00-k0s-privileged
   telemetry:
     enabled: true
   controllerManager:
@@ -91,7 +89,7 @@ spec:
       version: v0.5.0
     kubeproxy:
       image: k8s.gcr.io/kube-proxy
-      version: v1.24.4
+      version: v1.25.0
     coredns:
       image: k8s.gcr.io/coredns/coredns
       version: v1.7.0
@@ -184,19 +182,6 @@ spec:
 | `disabled`       | Disable kube-proxy altogether (default: `false`).                                                                                                       |
 | `mode`           | Kube proxy operating mode, supported modes `iptables`, `ipvs`, `userspace` (default: `iptables`) |
 
-### `spec.podSecurityPolicy`
-
-Use the `spec.podSecurityPolicy` key to configure the default [PSP](https://kubernetes.io/docs/concepts/policy/pod-security-policy/).
-
-k0s creates two PSPs out-of-the-box:
-
-| PSP                 | Description                                                                         |
-| ------------------- | ----------------------------------------------------------------------------------- |
-| `00-k0s-privileged` | Default; no restrictions; used also for Kubernetes/k0s level system pods.           |
-| `99-k0s-restricted` | Does not allow any host namespaces or root users, nor any bind mounts from the host |
-
-**Note**: Users can create supplemental PSPs and bind them to users / access accounts as necessary.
-
 ### `spec.controllerManager`
 
 | Element     | Description                                                                                                             |
@@ -374,7 +359,7 @@ spec:
 k0s allows completely disabling some of the system components. This allows the user to build a minimal Kubernetes control plane and use what ever components they need to fullfill their need for the controlplane. Disabling the system components happens through a commandline flag for the controller process:
 
 ```sh
---disable-components strings                     disable components (valid items: konnectivity-server,kube-scheduler,kube-controller-manager,control-api,csr-approver,default-psp,kube-proxy,coredns,network-provider,helm,metrics-server,kubelet-config,system-rbac)
+--disable-components strings                     disable components (valid items: konnectivity-server,kube-scheduler,kube-controller-manager,control-api,csr-approver,kube-proxy,coredns,network-provider,helm,metrics-server,kubelet-config,system-rbac)
 ```
 
 If you use k0sctl just add the flag when installing the cluster for the first controller at `spec.hosts.installFlags` in the config file like e.g.:

diff --git a/docs/docker-shim.md b/docs/docker-shim.md
@@ -1,6 +1,10 @@
 # Dockershim Deprecation - What Does It Mean For K0s?
 
-Back in December 2020, Kubernetes have anounced the [deprecation of the docker-shim from version 1.24 onwards](https://kubernetes.io/blog/2020/12/02/dockershim-faq/). Now that kubernetes 1.24 is out, the 1.24 release of k0s will no longer support the docker-shim as well.
+Back in December 2020, Kubernetes have announced the [deprecation of the
+docker-shim][deprecate-dockershim] from version 1.24 onwards. As a consequence,
+k0s 1.24 and above don't support the docker-shim as well.
+
+[deprecate-dockershim]: https://kubernetes.io/blog/2020/12/02/dockershim-faq/
 
 ## What Is Dockershim, and Why Was It Deprecated?
 
@@ -28,8 +32,8 @@ Get a list of all nodes (k0s is still version 1.23, which already includes the d
 sudo k0s kubectl get nodes -o wide
 
 NAME                                        STATUS   ROLES           AGE   VERSION       INTERNAL-IP   EXTERNAL-IP   OS-IMAGE             KERNEL-VERSION    CONTAINER-RUNTIME
-ip-10-0-49-188.eu-west-1.compute.internal   Ready    control-plane   52m   v1.23.8+k0s   10.0.49.188   <none>        Ubuntu 20.04.4 LTS   5.13.0-1022-aws   docker://20.10.16
-ip-10-0-62-250.eu-west-1.compute.internal   Ready    <none>          12s   v1.23.8+k0s   10.0.62.250   <none>        Ubuntu 20.04.4 LTS   5.13.0-1017-aws   docker://20.10.16
+ip-10-0-49-188.eu-west-1.compute.internal   Ready    control-plane   52m   v1.25.0+k0s   10.0.49.188   <none>        Ubuntu 20.04.4 LTS   5.13.0-1022-aws   docker://20.10.16
+ip-10-0-62-250.eu-west-1.compute.internal   Ready    <none>          12s   v1.25.0+k0s   10.0.62.250   <none>        Ubuntu 20.04.4 LTS   5.13.0-1017-aws   docker://20.10.16
 ```
 
 cordon and drain the nodes (migrate one by one):
@@ -43,8 +47,8 @@ sudo k0s kubectl drain ip-10-0-62-250.eu-west-1.compute.internal --ignore-daemon
 sudo k0s kubectl get nodes -o wide
 
 NAME                                        STATUS                     ROLES           AGE     VERSION       INTERNAL-IP   EXTERNAL-IP   OS-IMAGE             KERNEL-VERSION    CONTAINER-RUNTIME
-ip-10-0-49-188.eu-west-1.compute.internal   Ready                      control-plane   56m     v1.23.8+k0s   10.0.49.188   <none>        Ubuntu 20.04.4 LTS   5.13.0-1022-aws   docker://20.10.16
-ip-10-0-62-250.eu-west-1.compute.internal   Ready,SchedulingDisabled   <none>          3m40s   v1.23.8+k0s   10.0.62.250   <none>        Ubuntu 20.04.4 LTS   5.13.0-1017-aws   docker://20.10.16
+ip-10-0-49-188.eu-west-1.compute.internal   Ready                      control-plane   56m     v1.25.0+k0s   10.0.49.188   <none>        Ubuntu 20.04.4 LTS   5.13.0-1022-aws   docker://20.10.16
+ip-10-0-62-250.eu-west-1.compute.internal   Ready,SchedulingDisabled   <none>          3m40s   v1.25.0+k0s   10.0.62.250   <none>        Ubuntu 20.04.4 LTS   5.13.0-1017-aws   docker://20.10.16
 ```
 
 Stop k0s on the node:
@@ -139,8 +143,8 @@ On the controller, you'll be able to see the worker started with the new docker
 sudo k0s kubectl get nodes -o wide
 
 NAME                                        STATUS                     ROLES           AGE    VERSION       INTERNAL-IP   EXTERNAL-IP   OS-IMAGE             KERNEL-VERSION    CONTAINER-RUNTIME
-ip-10-0-49-188.eu-west-1.compute.internal   Ready                      control-plane   117m   v1.24.3+k0s   10.0.49.188   <none>        Ubuntu 20.04.4 LTS   5.13.0-1022-aws   docker://20.10.16
-ip-10-0-62-250.eu-west-1.compute.internal   Ready,SchedulingDisabled   <none>          64m    v1.24.3+k0s   10.0.62.250   <none>        Ubuntu 20.04.4 LTS   5.13.0-1017-aws   docker://20.10.16
+ip-10-0-49-188.eu-west-1.compute.internal   Ready                      control-plane   117m   v1.25.0+k0s   10.0.49.188   <none>        Ubuntu 20.04.4 LTS   5.13.0-1022-aws   docker://20.10.16
+ip-10-0-62-250.eu-west-1.compute.internal   Ready,SchedulingDisabled   <none>          64m    v1.25.0+k0s   10.0.62.250   <none>        Ubuntu 20.04.4 LTS   5.13.0-1017-aws   docker://20.10.16
 ```
 
 ### Uncordon the Node
@@ -157,6 +161,6 @@ You should now see the node Ready for scheduling with the docker Runtime:
 sudo k0s kubectl get nodes -o wide
 
 NAME                                        STATUS   ROLES           AGE    VERSION       INTERNAL-IP   EXTERNAL-IP   OS-IMAGE             KERNEL-VERSION    CONTAINER-RUNTIME
-ip-10-0-49-188.eu-west-1.compute.internal   Ready    control-plane   119m   v1.24.3+k0s   10.0.49.188   <none>        Ubuntu 20.04.4 LTS   5.13.0-1022-aws   docker://20.10.16
-ip-10-0-62-250.eu-west-1.compute.internal   Ready    <none>          66m    v1.24.3+k0s   10.0.62.250   <none>        Ubuntu 20.04.4 LTS   5.13.0-1017-aws   docker://20.10.16
+ip-10-0-49-188.eu-west-1.compute.internal   Ready    control-plane   119m   v1.25.0+k0s   10.0.49.188   <none>        Ubuntu 20.04.4 LTS   5.13.0-1022-aws   docker://20.10.16
+ip-10-0-62-250.eu-west-1.compute.internal   Ready    <none>          66m    v1.25.0+k0s   10.0.62.250   <none>        Ubuntu 20.04.4 LTS   5.13.0-1017-aws   docker://20.10.16
 ```
diff --git a/docs/install.md b/docs/install.md
@@ -61,7 +61,7 @@ Though the Quick Start material is written for Debian/Ubuntu, you can use it for
 
     ```shell
     $ sudo k0s status
-    Version: v1.24.4+k0s.0
+    Version: v1.25.0+k0s.0
     Process ID: 436
     Role: controller
     Workloads: true
@@ -77,7 +77,7 @@ Though the Quick Start material is written for Debian/Ubuntu, you can use it for
     ```shell
     $ sudo k0s kubectl get nodes
     NAME   STATUS   ROLES    AGE    VERSION
-    k0s    Ready    <none>   4m6s   v1.23.6+k0s
+    k0s    Ready    <none>   4m6s   v1.25.0+k0s
     ```
 
 ## Uninstall k0s

diff --git a/docs/k0s-in-docker.md b/docs/k0s-in-docker.md
@@ -13,7 +13,7 @@ The k0s containers are published both on Docker Hub and GitHub. For reasons of s
 - docker.io/k0sproject/k0s:latest
 - docker.pkg.github.com/k0sproject/k0s/k0s:"version"
 
-**Note:** Due to Docker Hub tag validation scheme, we have to use `-` as the k0s version separator instead of the usual `+`. So for example k0s version `v1.24.4+k0s.0` is tagged as `docker.io/k0sproject/k0s:v1.24.4-k0s.0`.
+**Note:** Due to Docker Hub tag validation scheme, we have to use `-` as the k0s version separator instead of the usual `+`. So for example k0s version `v1.25.0+k0s.0` is tagged as `docker.io/k0sproject/k0s:v1.25.0-k0s.0`.
 
 ## Start k0s
 

diff --git a/docs/k0s-multi-node.md b/docs/k0s-multi-node.md
@@ -22,15 +22,15 @@ curl -sSLf https://get.k0s.sh | sudo sh
 
 The download script accepts the following environment variables:
 
-| Variable                   | Purpose                                           |
-|:---------------------------|:--------------------------------------------------|
-| `K0S_VERSION=v1.24.4+k0s.0` | Select the version of k0s to be installed         |
-| `DEBUG=true`               | Output commands and their arguments at execution. |
+| Variable                    | Purpose                                           |
+|:----------------------------|:--------------------------------------------------|
+| `K0S_VERSION=v1.25.0+k0s.0` | Select the version of k0s to be installed         |
+| `DEBUG=true`                | Output commands and their arguments at execution. |
 
 **Note**: If you require environment variables and use sudo, you can do:
 
 ```shell
-curl -sSLf https://get.k0s.sh | sudo K0S_VERSION=v1.24.4+k0s.0 sh
+curl -sSLf https://get.k0s.sh | sudo K0S_VERSION=v1.25.0+k0s.0 sh
 ```
 
 ### 2. Bootstrap a controller node
@@ -126,7 +126,7 @@ To get general information about your k0s instance's status:
 ```
 
 ```shell
-Version: v1.24.4+k0s.0
+Version: v1.25.0+k0s.0
 Process ID: 2769
 Parent Process ID: 1
 Role: controller
@@ -144,7 +144,7 @@ sudo k0s kubectl get nodes
 
 ```shell
 NAME   STATUS   ROLES    AGE    VERSION
-k0s    Ready    <none>   4m6s   v1.23.6+k0s
+k0s    Ready    <none>   4m6s   v1.25.0+k0s
 ```
 
 You can also access your cluster easily with [Lens](https://k8slens.dev/), simply by copying the kubeconfig and pasting it to Lens:

diff --git a/docs/podsecurity.md b/docs/podsecurity.md
@@ -1,6 +1,7 @@
 # Pod Security Standards
 
-Since Pod Security Policies are deprecated as of Kubernetes v1.21, and will be removed in v1.25, Kubernetes offers [Pod Security Standards](https://kubernetes.io/docs/concepts/security/pod-security-standards/) – a new way to enhance cluster security.
+Since Pod Security Policies have been removed in Kubernetes v1.25, Kubernetes
+offers [Pod Security Standards] – a new way to enhance cluster security.
 
 To enable PSS in k0s you need to create an admission controller config file:
 
@@ -19,7 +20,7 @@ To enable PSS in k0s you need to create an admission controller config file:
         exemptions:
           # Don't forget to exempt namespaces or users that are responsible for deploying
           # cluster components, because they need to run privileged containers
-          usernames: ["admin"] 
+          usernames: ["admin"]
           namespaces: ["kube-system"]
     ```
 
@@ -31,14 +32,7 @@ Add these extra arguments to the k0s configuration:
     spec:
       api:
         extraArgs:
-          disable-admission-plugins: PodSecurityPolicy # if you want to disable PodSecurityPolicy admission controller, not required
-          enable-admission-plugins: PodSecurity        # only for Kubernetes 1.22, since 1.23 it's enabled by default
-          feature-gates: "PodSecurity=true"            # only for Kubernetes 1.22, since 1.23 it's enabled by default
           admission-control-config-file: /path/to/admission/control/config.yaml
     ```
 
-And finally, install k0s with the PodSecurityPolicy component disabled.
-
-    ```shell
-    $ k0s install controller --disable-components=default-psp
-    ```
+[Pod Security Standards]: https://kubernetes.io/docs/concepts/security/pod-security-standards/
diff --git a/docs/raspberry-pi4.md b/docs/raspberry-pi4.md
@@ -125,7 +125,7 @@ Download a [k0s release](https://github.com/k0sproject/k0s/releases/latest). For
 example:
 
 ```shell
-wget -O /tmp/k0s https://github.com/k0sproject/k0s/releases/download/v1.24.4+k0s.0/k0s-v1.24.4+k0s.0-arm64 # replace version number!
+wget -O /tmp/k0s https://github.com/k0sproject/k0s/releases/download/v1.25.0+k0s.0/k0s-v1.25.0+k0s.0-arm64 # replace version number!
 sudo install /tmp/k0s /usr/local/bin/k0s
 ```
 
@@ -142,7 +142,7 @@ At this point you can run `k0s`:
 
 ```console
 ubuntu@ubuntu:~$ k0s version
-v1.24.4+k0s.0
+v1.25.0+k0s.0
 ```
 
 To check if k0s's [system requirements](system-requirements.md) and [external
@@ -288,7 +288,7 @@ When the cluster is up, try to have a look:
 ```console
 ubuntu@ubuntu:~$ sudo k0s kc get nodes -owide
 NAME     STATUS   ROLES           AGE     VERSION       INTERNAL-IP    EXTERNAL-IP   OS-IMAGE             KERNEL-VERSION      CONTAINER-RUNTIME
-ubuntu   Ready    control-plane   4m41s   v1.24.3+k0s   10.152.56.54   <none>        Ubuntu 22.04.1 LTS   5.15.0-1013-raspi   containerd://1.6.6
+ubuntu   Ready    control-plane   4m41s   v1.25.0+k0s   10.152.56.54   <none>        Ubuntu 22.04.1 LTS   5.15.0-1013-raspi   containerd://1.6.8
 ubuntu@ubuntu:~$ sudo k0s kc get pod -owide -A
 NAMESPACE     NAME                              READY   STATUS    RESTARTS   AGE     IP             NODE     NOMINATED NODE   READINESS GATES
 kube-system   kube-proxy-kkv2l                  1/1     Running   0          4m44s   10.152.56.54   ubuntu   <none>           <none>
@@ -445,7 +445,7 @@ As this is a worker node, we cannot access the Kubernetes API via the builtin
 
 ```console
 ubuntu@ubuntu:~$ sudo k0s status
-Version: v1.24.3+k0s.0
+Version: v1.25.0+k0s.0
 Process ID: 1631
 Role: worker
 Workloads: true
@@ -497,7 +497,7 @@ Using the above kubeconfig, you can now access and use the cluster:
 ```console
 ubuntu@ubuntu:~$ KUBECONFIG=/path/to/kubeconfig kubectl get nodes,deployments,pods -owide -A
 NAME          STATUS   ROLES    AGE    VERSION       INTERNAL-IP    EXTERNAL-IP   OS-IMAGE             KERNEL-VERSION      CONTAINER-RUNTIME
-node/ubuntu   Ready    <none>   5m1s   v1.24.3+k0s   10.152.56.54   <none>        Ubuntu 22.04.1 LTS   5.15.0-1013-raspi   containerd://1.6.6
+node/ubuntu   Ready    <none>   5m1s   v1.25.0+k0s   10.152.56.54   <none>        Ubuntu 22.04.1 LTS   5.15.0-1013-raspi   containerd://1.6.8
 
 NAMESPACE     NAME                             READY   UP-TO-DATE   AVAILABLE   AGE   CONTAINERS       IMAGES                                            SELECTOR
 kube-system   deployment.apps/coredns          1/1     1            1           33m   coredns          k8s.gcr.io/coredns/coredns:v1.7.0                 k8s-app=kube-dns

diff --git a/docs/releases.md b/docs/releases.md
@@ -12,6 +12,6 @@ The biggest new k0s features will typically only be delivered on top of the late
 
 The k0s version string consists of the Kubernetes version and the k0s version. For example:
 
-- v1.24.4+k0s.0
+- v1.25.0+k0s.0
 
-The Kubernetes version (1.24.4) is the first part, and the last part (k0s.0) reflects the k0s version, which is built on top of the certain Kubernetes version.
+The Kubernetes version (1.25.0) is the first part, and the last part (k0s.0) reflects the k0s version, which is built on top of the certain Kubernetes version.
diff --git a/docs/reset.md b/docs/reset.md
@@ -50,8 +50,8 @@ k0sctl can be used to connect each node and remove all k0s-related files and pro
     INFO ==> Running phase: Prepare hosts    
     INFO ==> Running phase: Gather k0s facts 
     INFO [ssh] 13.53.43.63:22: found existing configuration 
-    INFO [ssh] 13.53.43.63:22: is running k0s controller version 1.21.3+k0s.0
-    INFO [ssh] 13.53.218.149:22: is running k0s worker version 1.21.3+k0s.0
+    INFO [ssh] 13.53.43.63:22: is running k0s controller version 1.25.0+k0s.0
+    INFO [ssh] 13.53.218.149:22: is running k0s worker version 1.25.0+k0s.0
     INFO [ssh] 13.53.43.63:22: checking if worker  has joined 
     INFO ==> Running phase: Reset hosts      
     INFO [ssh] 13.53.43.63:22: stopping k0s           

diff --git a/docs/upgrade.md b/docs/upgrade.md
@@ -52,7 +52,7 @@ You can configure the desired cluster version in the k0sctl configuration by set
 ```yaml
 spec:
   k0s:
-    version: 1.21.3+k0s.0
+    version: 1.25.0+k0s.0
 ```
 
 If you do not specify a version, k0sctl checks online for the latest version and defaults to it.
@@ -75,7 +75,7 @@ INFO[0027] [ssh] 10.0.0.17:22: waiting for node to become ready again
 INFO[0027] [ssh] 10.0.0.17:22: upgrade successful
 INFO[0027] ==> Running phase: Disconnect from hosts
 INFO[0027] ==> Finished in 27s
-INFO[0027] k0s cluster version 1.21.3+k0s.0 is now installed
+INFO[0027] k0s cluster version 1.25.0+k0s.0 is now installed
 INFO[0027] Tip: To access the cluster you can now fetch the admin kubeconfig using:
 INFO[0027]      k0sctl kubeconfig
-```
+```