Gitiles
Code Review Sign In
gerrit-dev.monogon.dev / monogon / 6211e4dc404a285d858e1ecc69ac488c9cabb96b
commit6211e4dc404a285d858e1ecc69ac488c9cabb96b[log] [tgz]
authorLorenz Brun <lorenz@monogon.tech>Tue Nov 14 19:09:40 2023 +0100
committerLorenz Brun <lorenz@monogon.tech>Mon Apr 15 14:45:53 2024 +0000
treeff3b84efffb58982e0e55e61ed7fceb5df9609dc
parent2ac249bf8e571ae7fd134b586ff9c87dce520956 [diff]
treewide: k8s 1.28 and lots related updates

First, this contains a bunch of dependency updates. Important ones in no
particular order:
Kubernetes 1.24.2 -> 1.28.8
etcd 3.5.4 -> 3.5.13
Protobuf 1.32.0 -> 1.33.0
OpenTelemetry 0.20.0 -> 1.20.0
containerd 1.6.6 -> 1.7.15
CoreDNS 1.9.2 -> 1.11.1

With Kubernetes 1.25 PodSecurityPolicies are removed, this replaces them
with a static PodSecurity admission configuration which behaves the same
or is slightly more permissive in most ways. Only known exceptions are
that NET_RAW is no longer an allowed permission and non-standard SELinux
labels are no longer permitted (but these never did anything anyways).
The RBAC policies are intentionally not removed yet as we do not yet
have the capability to actually update these, so they will be removed
when that is available (#288), until then they will stay in-place but
do nothing.

With the containerd upgrade the deprecated option for ignoring
preseeded/pinned images for garbage collection in Kubelet can be
removed.

This change also contains some drive-by fixes to the controller-manager,
like passing the Service IP net and disabling cloud-related control
loops which generate spurious warnings if enabled.

The containerd tracing patch is removed as we can now use OTel v1, thus
that patch is no longer necessary.

An actual upgrade test will be part of a future CL as this one is
already quite large and it works stand-alone.

Co-authored-by: Tim Windelschmidt <tim@monogon.tech>
Change-Id: I8e5f51e6e6240a1b67590458b2f1c24d58c8e91e
Reviewed-on: https://review.monogon.dev/c/monogon/+/2315
Tested-by: Jenkins CI
Reviewed-by: Tim Windelschmidt <tim@monogon.tech>
31 files changed
tree: ff3b84efffb58982e0e55e61ed7fceb5df9609dc
  1. .github/
  2. build/
  3. cloud/
  4. go/
  5. intellij/
  6. metropolis/
  7. net/
  8. third_party/
  9. tools/
  10. version/
  11. .bazelignore
  12. .bazelproject
  13. .bazelrc
  14. .bazelrc.ci
  15. .bazelrc.sandboxroot
  16. .bazelversion
  17. .git-ignore-revs
  18. .gitignore
  19. BUILD.bazel
  20. CODING_STANDARDS.md
  21. go.mod
  22. go.sum
  23. LICENSE
  24. MODULE.bazel
  25. MODULE.bazel.lock
  26. README.md
  27. SETUP.md
  28. shell.nix
  29. WORKSPACE
README.md

Monogon Monorepo

This is the main repository containing the source code for the Monogon Platform.

This is pre-release software - take a look, and check back later! In the meantime, join us on Matrix: #monogon-os-community:matrix.org.

Environment

Our build environment is self-contained and requires only minimal host dependencies:

  • A Linux machine or VM.
  • Bazelisk >= v1.15.0 (or a working Nix environment).
  • A reasonably recent kernel with user namespaces enabled.
  • Working KVM with access to /dev/kvm (if you want to run tests).

Our docs assume that Bazelisk is available as bazel on your PATH.

Refer to SETUP.md for detailed instructions.

Monogon OS

The source code lives in //metropolis (Metropolis is the codename of Monogon OS).

See the //metropolis/README.md for a developer quick start guide, or see the Monogon OS Handbook for user documentation.