feat: release v1.31.0 (#319)

* feat: EXPERIMENTAL switch kubectl apply with kapp

* feat: update e2e tests to include kapp run

* chore: update to latest version of Go

* feat: bump KFD version to 1.31.0, update on-premises installer reference, kubectl version reference

* feat(on-premises): node labels and annotations
- Add the possibilty to set labels and annotations for both the control-plane nodes and the regular nodes.
- Added needed (optional) fields to the on-prem schema, with pattern validation.
- Added logic to the ansible playbook to set the labels and annotations on the nodes, and also remove them when deleted from the furyctl.yaml file. Checking against the saved state.

* docs(on-premises): improve node labels and annotations description

* Apply suggestions from code review

Co-authored-by: Riccardo Cannella <[email protected]>

* fix: move calico namespace creation on manifests/networking, remove custom additional kapp arg from apply script

* fix: apply script condition for kapp and gatekeeper apply

* feat: adding echo to print which plugin we are installing

* docs: add unreleased.md

* feat(on-prem): bump installer to v1.31.4-rc.0

* chore: removing unneeded files

* chore: removing unneded files x2

* chore: removing unneeded files x3

* chore: bump kapp to 0.64.0 (latest)

Bump kapp to the latest version that got release while we were working on this feature

* docs: add development faq docs

* feat(kfd.yaml): use installer 1.31.4 final

* fix(on-prem): prevent deleting label with default node role

Prevent the deletion of the lables that set the node role
(`control-plane` for the control-plane nodes and to `<node group name>`
for the rest of the nodes).

* feat(ci): update e2e tests for v1.31.0
- Update all e2e to use v1.31.0 (to be released) and test migration from 1.30.0
- Bump furyctl to v0.31.0-rc.0

* address comments

* address comments

* add docs about json patch

* add some details about furyctl state

* add more details about commands

* chroe(ci): run e2e pipelines in paralel

* docs: WIP update docs for release 1.31.0

* chore: remove unneeded files

* docs: fixing linting

* docs: update release doc with kapp infos

* feat: remove wrong test, increase nodes on kind clusters

* fix: add kapp ordering around Mutating and Validating webhook on AWS load balancer controller

* fix: add kapp ordering around Mutating and Validating webhooks in gatekeeper deployment

* chore: add more ignore folders on .gitignore

---------

Co-authored-by: Manuel Romei <[email protected]>
Co-authored-by: Ramiro Algozino <[email protected]>
Co-authored-by: Riccardo Cannella <[email protected]>
Co-authored-by: Alessio Dionisi <[email protected]>

.drone.yml

@@ -59,7 +59,7 @@ steps:
   #     - schema-check
 
   - name: test-schema
-    image: quay.io/sighup/e2e-testing:1.1.0_1.30.5_3.10.0_4.33.3
+    image: quay.io/sighup/e2e-testing:1.1.0_1.31.1_3.10.0_4.33.3
     pull: always
     depends_on:
       - license-check
@@ -72,15 +72,15 @@ steps:
       - bats -t tests/schema.sh
 
   - name: render
-    image: quay.io/sighup/e2e-testing:1.1.0_1.30.5_3.10.0_4.33.3
+    image: quay.io/sighup/e2e-testing:1.1.0_1.31.1_3.10.0_4.33.3
     pull: always
     depends_on:
       - license-check
       - schema-check
     environment:
       NETRC_FILE:
         from_secret: NETRC_FILE
-      FURYCTL_VERSION: v0.30.0-rc.1
+      FURYCTL_VERSION: v0.31.0-rc.0
       FURYCTL_CONFIG: tests/e2e/kfddistribution/furyctl-init-cluster.yaml
       FURYCTL_DISTRO_LOCATION: ./
       FURYCTL_OUTDIR: ./
@@ -103,10 +103,10 @@ steps:
       - render
     commands:
       # we use --ignore-deprecations because we don't want the CI to fail when the API has not been removed yet.
-      - /pluto detect distribution.yml --ignore-deprecations --target-versions=k8s=v1.30.0
+      - /pluto detect distribution.yml --ignore-deprecations --target-versions=k8s=v1.31.0
 
 ---
-name: e2e-kubernetes-1.30
+name: e2e-kubernetes-1.31
 kind: pipeline
 type: docker
 
@@ -129,13 +129,13 @@ trigger:
 
 steps:
   - name: create Kind cluster
-    image: quay.io/sighup/dind-kind-kubectl-kustomize:0.24.0_1.30.5_3.10.0
+    image: quay.io/sighup/dind-kind-kubectl-kustomize:0.24.0_1.31.1_3.10.0
     pull: always
     volumes:
       - name: dockersock
         path: /var/run/docker.sock
     environment:
-      CLUSTER_VERSION: v1.30.6
+      CLUSTER_VERSION: v1.31.0
       CLUSTER_NAME: ${DRONE_REPO_NAME}-${DRONE_BUILD_NUMBER}
       # /drone/src is the default workdir for the pipeline
       # using this folder we don't need to mount another
@@ -153,6 +153,7 @@ steps:
         nodes:
           - role: control-plane
           - role: worker
+          - role: worker
         EOF
       # NOTE: kind's `--wait` flag that waits for the control-plane ot be ready
       # does not work when disabling the default CNI. It will always go in timeout.
@@ -161,15 +162,15 @@ steps:
       - kind get kubeconfig --name $${CLUSTER_NAME} > $${KUBECONFIG}
 
   - name: e2e-kfddistribution
-    image: quay.io/sighup/e2e-testing:1.1.0_1.30.5_3.10.0_4.33.3
+    image: quay.io/sighup/e2e-testing:1.1.0_1.31.1_3.10.0_4.33.3
     pull: always
     # we need to use host network to access Kind API port that is listening on the worker's loopback
     # beacuse we mount the host's Docker socket to run Kind.
     network_mode: host
     environment:
       CLUSTER_NAME: ${DRONE_REPO_NAME}-${DRONE_BUILD_NUMBER}
       KUBECONFIG: /drone/src/kubeconfig
-      FURYCTL_VERSION: v0.30.0-rc.1
+      FURYCTL_VERSION: v0.31.0-rc.0
     depends_on: [create Kind cluster]
     commands:
       - export KUBECONFIG=/drone/src/kubeconfig
@@ -187,7 +188,7 @@ steps:
       - tests/e2e-kfddistribution.sh
 
   - name: delete-kind-cluster
-    image: quay.io/sighup/dind-kind-kubectl-kustomize:0.24.0_1.30.5_3.10.0
+    image: quay.io/sighup/dind-kind-kubectl-kustomize:0.24.0_1.31.1_3.10.0
     volumes:
       - name: dockersock
         path: /var/run/docker.sock
@@ -208,13 +209,14 @@ volumes:
     host:
       path: /var/run/docker.sock
 ---
-name: e2e-kubernetes-1.29.4-to-1.30.0
+name: e2e-kubernetes-1.30.0-to-1.31.0
 kind: pipeline
 type: docker
 
 depends_on:
   - qa
-  - e2e-kubernetes-1.30
+  #  I comment out the following dependency because we have now 2 workers, so we can run both pipelines in paralel.
+  # - e2e-kubernetes-1.31
 
 clone:
   depth: 1
@@ -232,13 +234,13 @@ trigger:
 
 steps:
   - name: create Kind cluster
-    image: quay.io/sighup/dind-kind-kubectl-kustomize:0.24.0_1.30.5_3.10.0
+    image: quay.io/sighup/dind-kind-kubectl-kustomize:0.24.0_1.31.1_3.10.0
     pull: always
     volumes:
       - name: dockersock
         path: /var/run/docker.sock
     environment:
-      CLUSTER_VERSION: v1.30.6
+      CLUSTER_VERSION: v1.31.0
       CLUSTER_NAME: ${DRONE_REPO_NAME}-${DRONE_BUILD_NUMBER}-upgrades
       # /drone/src is the default workdir for the pipeline
       # using this folder we don't need to mount another
@@ -256,6 +258,7 @@ steps:
         nodes:
           - role: control-plane
           - role: worker
+          - role: worker
         EOF
       # NOTE: kind's `--wait` flag that waits for the control-plane ot be ready
       # does not work when disabling the default CNI. It will always go in timeout.
@@ -264,15 +267,15 @@ steps:
       - kind get kubeconfig --name $${CLUSTER_NAME} > $${KUBECONFIG}
 
   - name: e2e-kfddistribution
-    image: quay.io/sighup/e2e-testing:1.1.0_1.30.5_3.10.0_4.33.3
+    image: quay.io/sighup/e2e-testing:1.1.0_1.31.1_3.10.0_4.33.3
     pull: always
     # we need to use host network to access Kind API port that is listening on the worker's loopback
     # beacuse we mount the host's Docker socket to run Kind.
     network_mode: host
     environment:
       CLUSTER_NAME: ${DRONE_REPO_NAME}-${DRONE_BUILD_NUMBER}-upgrades
       KUBECONFIG: /drone/src/kubeconfig-upgrades
-      FURYCTL_VERSION: v0.30.0-rc.1
+      FURYCTL_VERSION: v0.31.0-rc.0
     depends_on: [create Kind cluster]
     commands:
       - export KUBECONFIG=/drone/src/kubeconfig-upgrades
@@ -290,7 +293,7 @@ steps:
       - tests/e2e-kfddistribution-upgrades.sh
 
   - name: delete-kind-cluster
-    image: quay.io/sighup/dind-kind-kubectl-kustomize:0.24.0_1.30.5_3.10.0
+    image: quay.io/sighup/dind-kind-kubectl-kustomize:0.24.0_1.31.1_3.10.0
     volumes:
       - name: dockersock
         path: /var/run/docker.sock
@@ -316,8 +319,8 @@ kind: pipeline
 type: docker
 
 depends_on:
-  - e2e-kubernetes-1.30
-  - e2e-kubernetes-1.29.4-to-1.30.0
+  - e2e-kubernetes-1.31
+  - e2e-kubernetes-1.30.0-to-1.31.0
 
 platform:
   os: linux

.gitignore

@@ -6,4 +6,6 @@ vendor
 
 go.work
 go.work.sum
-.envrc
+.envrc
+.local
+.furyctl

README.md

@@ -7,8 +7,8 @@
 <p align="center">Kubernetes Fury Distribution (KFD) is a certified battle-tested Kubernetes distribution based purely on upstream Kubernetes.</p>
 <!-- markdownlint-enable MD033 MD045 -->
 
-[![Build Status](http://ci.sighup.io/api/badges/sighupio/fury-distribution/status.svg?ref=refs/tags/v1.30.0)](http://ci.sighup.io/sighupio/fury-distribution)
-[![Release](https://img.shields.io/badge/release-v1.30.0-blue?label=FuryDistributionRelease)](https://github.com/sighupio/fury-distribution/releases/latest)
+[![Build Status](http://ci.sighup.io/api/badges/sighupio/fury-distribution/status.svg?ref=refs/tags/v1.31.0)](http://ci.sighup.io/sighupio/fury-distribution)
+[![Release](https://img.shields.io/badge/release-v1.31.0-blue?label=FuryDistributionRelease)](https://github.com/sighupio/fury-distribution/releases/latest)
 [![Slack](https://img.shields.io/badge/slack-@kubernetes/fury-yellow.svg?logo=slack)](https://kubernetes.slack.com/archives/C0154HYTAQH)
 [![License](https://img.shields.io/github/license/sighupio/fury-distribution)](https://github.com/sighupio/fury-distribution/blob/main/LICENSE)
 
@@ -75,13 +75,13 @@ A KFD production grade cluster will be composed of 3 node pools:
 Some modules rely on persistent storage via PersistentVolumeClaims, by default (but configurable) the following capacity will be used:
 
 | Description                                | Size (GB) |
-| ------------------------------------------ | --------- |
-| Prometheus (metrics storage)               | 150       |
-| MinIO Monitoring (metrics storage, 20GBx6) | 120       |
-| MinIO Logging (logs storage, 20GBx6)       | 120       |
-| OpenSearch (logs storage)                  | 30        |
-| MinIO Tracing (traces storage)             | 120       |
-| **Total**                                  | **540**   |
+| ------------------------------------------ | --------: |
+| Prometheus (metrics storage)               |       150 |
+| MinIO Monitoring (metrics storage, 20GBx6) |       120 |
+| MinIO Logging (logs storage, 20GBx6)       |       120 |
+| OpenSearch (logs storage)                  |        30 |
+| MinIO Tracing (traces storage)             |       120 |
+| **Total**                                  |   **540** |
 
 ### Core Modules 📦
 
@@ -130,10 +130,15 @@ Current supported versions of KFD are:
 
 |                                  KFD Version                                   | Kubernetes Version |
 | :----------------------------------------------------------------------------: | :----------------: |
+| [`1.31.0`](https://github.com/sighupio/fury-distribution/releases/tag/v1.31.0) |      `1.31.x`      |
 | [`1.30.0`](https://github.com/sighupio/fury-distribution/releases/tag/v1.30.0) |      `1.30.x`      |
 | [`1.29.5`](https://github.com/sighupio/fury-distribution/releases/tag/v1.29.5) |      `1.29.x`      |
 | [`1.28.5`](https://github.com/sighupio/fury-distribution/releases/tag/v1.28.5) |      `1.28.x`      |
 
+> [!NOTE]
+> Usually, KFD supports 3 versions simultaneously that compatible with 3 different underlying Kubernetes versions. With KFD v1.31.0 the support for KFD v1.28.x will be extended for some time, effectively providing support for 4 versions (1.28, 1.29, 1.30 and 1.31).
+> See the [versioning](docs/VERSIONING.md) document for more details on KFD's version skew policy.
+
 Check the [compatibility matrix][compatibility-matrix] for additional information about previous releases of the Distribution and the compatibility with `furyctl`.
 
 Also, check the [versioning documentation file][versioning] to know more about the versioning scheme of the distribution and the upgrade path.