🌱 Update Containerd, Runc, Kubernetes Version, Packages. Remove unsupported parts. (#1542)

Author: guettli

.envrc.sample

@@ -1,17 +1,21 @@
-export TTS_TOKEN=...
 export CLUSTER_NAME=caph-${USER}
 export KUBECONFIG=$PWD/.mgt-cluster-kubeconfig.yaml
 export HCLOUD_TOKEN=...
 export SSH_KEY_NAME=my-caph-ssh-key
 export HCLOUD_REGION=fsn1
 export CONTROL_PLANE_MACHINE_COUNT=1
 export WORKER_MACHINE_COUNT=1
-export KUBERNETES_VERSION=v1.29.4
-export HCLOUD_IMAGE_NAME=1.29.4-ubuntu-22.04-containerd
+export KUBERNETES_VERSION=v1.31.6
 export HCLOUD_CONTROL_PLANE_MACHINE_TYPE=cpx31
 export HCLOUD_WORKER_MACHINE_TYPE=cpx31
 export SSH_KEY=$HOME/.ssh/my-caph-ssh-key.pub
 export HETZNER_SSH_PUB_PATH=$HOME/.ssh/my-caph-ssh-key.pub
 export HETZNER_SSH_PRIV_PATH=$HOME/.ssh/my-caph-ssh-key
 export HETZNER_ROBOT_USER=
 export HETZNER_ROBOT_PASSWORD=
+
+HETZNER_SSH_PUB=$(base64 -w0 "$HETZNER_SSH_PUB_PATH")
+HETZNER_SSH_PRIV=$(base64 -w0 "$HETZNER_SSH_PRIV_PATH")
+export HETZNER_SSH_PUB HETZNER_SSH_PRIV
+
+export PATH="$PWD/hack/tools/bin:$PATH"

.github/actions/e2e/action.yaml

@@ -76,7 +76,7 @@ runs:
         HETZNER_SSH_PUB: ${{ inputs.e2e_ssh_pub }}
         HETZNER_SSH_PRIV: ${{ inputs.e2e_ssh_priv }}
         SKIP_IMAGE_BUILD: "1"
-        CAPH_LATEST_VERSION: "v1.0.0"
+        CAPH_LATEST_VERSION: "v1.0.1"
       run: make ${{ inputs.e2e_make_target }}
     - name: Upload artifact
       uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4

.github/workflows/e2e-basic-packer.yaml

@@ -46,5 +46,5 @@ jobs:
         uses: ./.github/actions/e2e
         with:
           e2e_name: hcloud-basic
-          e2e_make_target: test-e2e
+          e2e_make_target: test-e2e-hcloud
           e2e_hcloud_token: ${{ secrets.HCLOUD_TOKEN }}

.github/workflows/e2e-basic.yaml

@@ -46,7 +46,7 @@ jobs:
         uses: ./.github/actions/e2e
         with:
           e2e_name: hcloud-basic
-          e2e_make_target: test-e2e
+          e2e_make_target: test-e2e-hcloud
           e2e_hcloud_token: ${{ secrets.HCLOUD_TOKEN }}
 
   e2e-hcloud-feature:
@@ -69,28 +69,6 @@ jobs:
           e2e_name: hcloud-feature
           e2e_make_target: test-e2e-feature
           e2e_hcloud_token: ${{ secrets.HCLOUD_TOKEN }}
-
-  e2e-hcloud-feature-packer:
-    name: Test Hcloud Feature Packer Image
-    concurrency: ci-${{ github.ref }}-e2e-feature-packer
-    runs-on: ubuntu-latest
-    permissions:
-      # Required for hcloud TPS
-      id-token: write
-    needs:
-      - manager-image
-      - test-release
-    steps:
-      - name: checkout
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
-      - name: Run e2e Test
-        id: e2e
-        uses: ./.github/actions/e2e
-        with:
-          e2e_name: hcloud-feature-packer
-          e2e_make_target: test-e2e-feature-packer
-          e2e_hcloud_token: ${{ secrets.HCLOUD_TOKEN }}
-
   e2e-hcloud-lifecycle:
     name: Test Hcloud Lifecycle
     concurrency: ci-${{ github.ref }}-e2e-lifecycle

.github/workflows/e2e-periodic.yaml

@@ -63,7 +63,7 @@ jobs:
         uses: ./.github/actions/e2e
         with:
           e2e_name: hcloud-basic
-          e2e_make_target: test-e2e
+          e2e_make_target: test-e2e-hcloud
           e2e_hcloud_token: ${{ secrets.HCLOUD_TOKEN }}
 
   e2e-hetzner-basic:

.github/workflows/pr-e2e.yaml

@@ -73,3 +73,9 @@ tmp_*
 
 # baremetal hosts
 baremetalhosts*yaml
+
+# https://github.com/guettli/watchall
+watchall-output*
+
+/*.kubeconfig
+/*.log

.gitignore

@@ -14,7 +14,6 @@ linters:
     - errchkjson
     - errname
     - errorlint
-    - exportloopref
     - forcetypeassert
     - gci
     - goconst

.golangci-suggestions.yaml

@@ -11,7 +11,7 @@ linters:
     - durationcheck
     - errcheck
     - errchkjson
-    - exportloopref
+    - copyloopvar
     - gci
     - gocritic
     - godot

.golangci.yaml

@@ -25,6 +25,9 @@ SHELL = /usr/bin/env bash -o pipefail
 .DEFAULT_GOAL:=help
 GOTEST ?= go test
 
+# https://github.com/syself/hetzner-cloud-controller-manager#networks-support
+PRIVATE_NETWORK ?= false
+
 ##@ General
 
 
@@ -79,8 +82,8 @@ MGT_CLUSTER_KUBECONFIG ?= ".mgt-cluster-kubeconfig.yaml"
 
 # Kubebuilder.
 # go install sigs.k8s.io/controller-runtime/tools/setup-envtest@latest
-# setup-envtest list
-export KUBEBUILDER_ENVTEST_KUBERNETES_VERSION ?= 1.29.3
+# The command `setup-envtest list` shows the available versions.
+export KUBEBUILDER_ENVTEST_KUBERNETES_VERSION ?= 1.31.0
 
 ##@ Binaries
 ############
@@ -110,7 +113,7 @@ $(ENVSUBST): # Build envsubst from tools folder.
 SETUP_ENVTEST := $(abspath $(TOOLS_BIN_DIR)/setup-envtest)
 setup-envtest: $(SETUP_ENVTEST) ## Build a local copy of setup-envtest
 $(SETUP_ENVTEST): # Build setup-envtest from tools folder.
-	go install sigs.k8s.io/controller-runtime/tools/[email protected]20240507051437-479b723944e3
+	go install sigs.k8s.io/controller-runtime/tools/[email protected]20250310021545-f80bc5dbf8f7
 
 CTLPTL := $(abspath $(TOOLS_BIN_DIR)/ctlptl)
 ctlptl: $(CTLPTL) ## Build a local copy of ctlptl
@@ -120,8 +123,7 @@ $(CTLPTL):
 CLUSTERCTL := $(abspath $(TOOLS_BIN_DIR)/clusterctl)
 clusterctl: $(CLUSTERCTL) ## Build a local copy of clusterctl
 $(CLUSTERCTL):
-	curl -sSLf https://github.com/kubernetes-sigs/cluster-api/releases/download/v1.7.5/clusterctl-$$(go env GOOS)-$$(go env GOARCH) -o $(CLUSTERCTL)
-	chmod a+rx $(CLUSTERCTL)
+	go install sigs.k8s.io/cluster-api/cmd/[email protected]
 
 HELM := $(abspath $(TOOLS_BIN_DIR)/helm)
 helm: $(HELM) ## Build a local copy of helm
@@ -143,7 +145,7 @@ $(KIND):
 KUBECTL := $(abspath $(TOOLS_BIN_DIR)/kubectl)
 kubectl: $(KUBECTL) ## Build a local copy of kubectl
 $(KUBECTL):
-	curl -fsSL "https://dl.k8s.io/release/v1.29.4/bin/$$(go env GOOS)/$$(go env GOARCH)/kubectl" -o $(KUBECTL)
+	curl -fsSL "https://dl.k8s.io/release/v1.31.6/bin/$$(go env GOOS)/$$(go env GOARCH)/kubectl" -o $(KUBECTL)
 	chmod a+rx $(KUBECTL)
 
 go-binsize-treemap := $(abspath $(TOOLS_BIN_DIR)/go-binsize-treemap)
@@ -234,17 +236,7 @@ create-workload-cluster-hcloud: env-vars-for-wl-cluster $(KUSTOMIZE) $(ENVSUBST)
 	cat templates/cluster-templates/cluster-template-hcloud.yaml | $(ENVSUBST) - | $(KUBECTL) apply -f -
 	$(MAKE) wait-and-get-secret
 	$(MAKE) install-cilium-in-wl-cluster
-	$(MAKE) install-ccm-in-wl-cluster PRIVATE_NETWORK=false
-
-create-workload-cluster-hcloud-packer: env-vars-for-wl-cluster $(KUSTOMIZE) $(ENVSUBST) ## Creates a workload-cluster.
-	# Create workload Cluster.
-	./hack/ensure-env-variables.sh HCLOUD_TOKEN
-	$(KUBECTL) create secret generic $(INFRA_PROVIDER) --from-literal=hcloud=$(HCLOUD_TOKEN) --save-config --dry-run=client -o yaml | $(KUBECTL) apply -f -
-	$(KUSTOMIZE) build templates/cluster-templates/hcloud-packer --load-restrictor LoadRestrictionsNone  > templates/cluster-templates/cluster-template-hcloud-packer.yaml
-	cat templates/cluster-templates/cluster-template-hcloud-packer.yaml | $(ENVSUBST) - | $(KUBECTL) apply -f -
-	$(MAKE) wait-and-get-secret
-	$(MAKE) install-cilium-in-wl-cluster
-	$(MAKE) install-ccm-in-wl-cluster PRIVATE_NETWORK=false
+	$(MAKE) install-ccm-in-wl-cluster
 
 create-workload-cluster-hcloud-network: env-vars-for-wl-cluster $(KUSTOMIZE) $(ENVSUBST) ## Creates a workload-cluster.
 	# Create workload Cluster.
@@ -256,16 +248,6 @@ create-workload-cluster-hcloud-network: env-vars-for-wl-cluster $(KUSTOMIZE) $(E
 	$(MAKE) install-cilium-in-wl-cluster
 	$(MAKE) install-ccm-in-wl-cluster PRIVATE_NETWORK=true
 
-create-workload-cluster-hcloud-network-packer: env-vars-for-wl-cluster $(KUSTOMIZE) $(ENVSUBST) ## Creates a workload-cluster.
-	# Create workload Cluster.
-	./hack/ensure-env-variables.sh HCLOUD_TOKEN
-	$(KUBECTL) create secret generic $(INFRA_PROVIDER) --from-literal=hcloud=$(HCLOUD_TOKEN) --save-config --dry-run=client -o yaml | $(KUBECTL) apply -f -
-	$(KUSTOMIZE) build templates/cluster-templates/hcloud-network-packer --load-restrictor LoadRestrictionsNone  > templates/cluster-templates/cluster-template-hcloud-network-packer.yaml
-	cat templates/cluster-templates/cluster-template-hcloud-network-packer.yaml | $(ENVSUBST) - | $(KUBECTL) apply -f -
-	$(MAKE) wait-and-get-secret
-	$(MAKE) install-cilium-in-wl-cluster
-	$(MAKE) install-ccm-in-wl-cluster PRIVATE_NETWORK=true
-
 create-workload-cluster-hetzner-hcloud-control-plane: env-vars-for-wl-cluster $(KUSTOMIZE) $(ENVSUBST) ## Creates a workload-cluster.
 	# Create workload Cluster.
 	./hack/ensure-env-variables.sh HCLOUD_TOKEN HETZNER_ROBOT_USER HETZNER_ROBOT_PASSWORD HETZNER_SSH_PRIV_PATH HETZNER_SSH_PUB_PATH SSH_KEY_NAME
@@ -275,7 +257,7 @@ create-workload-cluster-hetzner-hcloud-control-plane: env-vars-for-wl-cluster $(
 	cat templates/cluster-templates/cluster-template-$(INFRA_PROVIDER)-hcloud-control-planes.yaml | $(ENVSUBST) - | $(KUBECTL) apply -f -
 	$(MAKE) wait-and-get-secret
 	$(MAKE) install-cilium-in-wl-cluster
-	$(MAKE) install-ccm-in-wl-cluster PRIVATE_NETWORK=false
+	$(MAKE) install-ccm-in-wl-cluster
 
 create-workload-cluster-hetzner-baremetal-control-plane: env-vars-for-wl-cluster $(KUSTOMIZE) $(ENVSUBST) ## Creates a workload-cluster.
 	# Create workload Cluster.
@@ -286,7 +268,7 @@ create-workload-cluster-hetzner-baremetal-control-plane: env-vars-for-wl-cluster
 	cat templates/cluster-templates/cluster-template-$(INFRA_PROVIDER)-baremetal-control-planes.yaml | $(ENVSUBST) - | $(KUBECTL) apply -f -
 	$(MAKE) wait-and-get-secret
 	$(MAKE) install-cilium-in-wl-cluster
-	$(MAKE) install-ccm-in-wl-cluster PRIVATE_NETWORK=false
+	$(MAKE) install-ccm-in-wl-cluster
 
 create-workload-cluster-hetzner-baremetal-control-plane-remediation: env-vars-for-wl-cluster $(KUSTOMIZE) $(ENVSUBST) ## Creates a workload-cluster.
 	# Create workload Cluster.
@@ -297,7 +279,7 @@ create-workload-cluster-hetzner-baremetal-control-plane-remediation: env-vars-fo
 	cat templates/cluster-templates/cluster-template-$(INFRA_PROVIDER)-baremetal-control-planes-remediation.yaml | $(ENVSUBST) - | $(KUBECTL) apply -f -
 	$(MAKE) wait-and-get-secret
 	$(MAKE) install-cilium-in-wl-cluster
-	$(MAKE) install-ccm-in-wl-cluster PRIVATE_NETWORK=false
+	$(MAKE) install-ccm-in-wl-cluster
 
 move-to-workload-cluster: $(CLUSTERCTL)
 	$(CLUSTERCTL) init --kubeconfig=$(WORKER_CLUSTER_KUBECONFIG) --core cluster-api --bootstrap kubeadm --control-plane kubeadm --infrastructure $(INFRA_PROVIDER)
@@ -339,6 +321,10 @@ delete-mgt-cluster-registry: $(CTLPTL) ## Deletes Kind-dev Cluster and the local
 	$(CTLPTL) delete registry $(INFRA_SHORT)-registry
 
 generate-hcloud-token:
+	@if [ -n "$${TTS_TOKEN}" ]; then \
+		echo "Error: TTS_TOKEN is set. Please remove the deprecated variable (.envrc ?)."; \
+		exit 1; \
+	fi
 	./hack/ensure-env-variables.sh TPS_TOKEN
 	./hack/ci-e2e-get-token.sh
 
@@ -349,6 +335,7 @@ generate-hcloud-token:
 .PHONY: clean
 clean: ## Remove all generated files
 	$(MAKE) clean-bin
+	rm -rf test/e2e/data/infrastructure-hetzner/*/cluster-template*.yaml
 
 .PHONY: clean-bin
 clean-bin: ## Remove all generated helper binaries
@@ -472,16 +459,15 @@ ssh-first-control-plane: ## ssh into the first control-plane
 	@hack/ssh-first-control-plane.sh
 
 
-KUBEBUILDER_ASSETS ?= $(shell $(SETUP_ENVTEST) use --use-env --bin-dir $(abspath $(TOOLS_BIN_DIR)) -p path $(KUBEBUILDER_ENVTEST_KUBERNETES_VERSION))
-
 E2E_DIR ?= $(ROOT_DIR)/test/e2e
 E2E_CONF_FILE_SOURCE ?= $(E2E_DIR)/config/$(INFRA_PROVIDER).yaml
 E2E_CONF_FILE ?= $(E2E_DIR)/config/$(INFRA_PROVIDER).tmp.yaml
 
+
 .PHONY: test-unit
 test-unit: $(SETUP_ENVTEST) $(GOTESTSUM) ## Run unit and integration tests
-	@mkdir -p $(shell pwd)/.coverage
-	KUBEBUILDER_ASSETS="$(KUBEBUILDER_ASSETS)" $(GOTESTSUM) --junitfile=.coverage/junit.xml --format testname -- -covermode=atomic -coverprofile=.coverage/cover.out -p=4 -timeout 5m ./controllers/... ./pkg/... ./api/...
+	echo  $(SETUP_ENVTEST) $(GOTESTSUM)
+	./hack/test-unit.sh
 
 .PHONY: e2e-image
 e2e-image: ## Build the e2e manager image
@@ -494,18 +480,21 @@ $(E2E_CONF_FILE): $(ENVSUBST) $(E2E_CONF_FILE_SOURCE) ./hack/create-e2e-conf-fil
 		E2E_CONF_FILE=$(E2E_CONF_FILE) ./hack/create-e2e-conf-file.sh
 
 .PHONY: test-e2e
-test-e2e: $(E2E_CONF_FILE) $(if $(SKIP_IMAGE_BUILD),,e2e-image) $(ARTIFACTS)
+test-e2e: test-e2e-hcloud
+
+.PHONY: test-e2e-hcloud
+test-e2e-hcloud: $(E2E_CONF_FILE) $(if $(SKIP_IMAGE_BUILD),,e2e-image) $(ARTIFACTS)
 	rm -f $(WORKER_CLUSTER_KUBECONFIG)
-	GINKGO_FOKUS="'\[Basic\]'" GINKGO_NODES=2 E2E_CONF_FILE=$(E2E_CONF_FILE) ./hack/ci-e2e-capi.sh
+	HETZNER_SSH_PUB= HETZNER_SSH_PRIV= \
+	HETZNER_SSH_PUB_PATH= HETZNER_SSH_PRIV_PATH= \
+	HETZNER_ROBOT_PASSWORD= HETZNER_ROBOT_USER= \
+	GINKGO_FOKUS="'\[Basic\]'" GINKGO_NODES=2 E2E_CONF_FILE=$(E2E_CONF_FILE) \
+		./hack/ci-e2e-capi.sh
 
 .PHONY: test-e2e-feature
 test-e2e-feature: $(E2E_CONF_FILE) $(if $(SKIP_IMAGE_BUILD),,e2e-image) $(ARTIFACTS)
 	GINKGO_FOKUS="'\[Feature\]'" GINKGO_NODES=3 ./hack/ci-e2e-capi.sh
 
-.PHONY: test-e2e-feature-packer
-test-e2e-feature-packer: $(if $(SKIP_IMAGE_BUILD),,e2e-image) $(ARTIFACTS)
-	GINKGO_FOKUS="'\[Feature Packer\]'" GINKGO_NODES=1 PACKER_IMAGE_NAME=templates/node-image/1.29.4-ubuntu-22-04-containerd ./hack/ci-e2e-capi.sh
-
 .PHONY: test-e2e-lifecycle
 test-e2e-lifecycle: $(E2E_CONF_FILE) $(if $(SKIP_IMAGE_BUILD),,e2e-image) $(ARTIFACTS)
 	GINKGO_FOKUS="'\[Lifecycle\]'" GINKGO_NODES=3 ./hack/ci-e2e-capi.sh
@@ -516,7 +505,7 @@ test-e2e-upgrade-$(INFRA_SHORT): $(E2E_CONF_FILE) $(if $(SKIP_IMAGE_BUILD),,e2e-
 
 .PHONY: test-e2e-upgrade-kubernetes
 test-e2e-upgrade-kubernetes: $(if $(SKIP_IMAGE_BUILD),,e2e-image) $(ARTIFACTS)
-	GINKGO_FOKUS="'\[Upgrade Kubernetes\]'" GINKGO_NODES=2 PACKER_KUBERNETES_UPGRADE_FROM=templates/node-image/1.28.9-ubuntu-22-04-containerd PACKER_KUBERNETES_UPGRADE_TO=templates/node-image/1.29.4-ubuntu-22-04-containerd ./hack/ci-e2e-capi.sh
+	GINKGO_FOKUS="'\[Upgrade Kubernetes\]'" GINKGO_NODES=2 ./hack/ci-e2e-capi.sh
 
 .PHONY: test-e2e-conformance
 test-e2e-conformance: $(E2E_CONF_FILE) $(if $(SKIP_IMAGE_BUILD),,e2e-image) $(ARTIFACTS)
@@ -632,9 +621,7 @@ generate-api-ci: generate-manifests generate-go-deepcopy
 cluster-templates: $(KUSTOMIZE)
 	$(KUSTOMIZE) build templates/cluster-templates/hcloud --load-restrictor LoadRestrictionsNone  > templates/cluster-templates/cluster-template.yaml
 	$(KUSTOMIZE) build templates/cluster-templates/hcloud --load-restrictor LoadRestrictionsNone  > templates/cluster-templates/cluster-template-hcloud.yaml
-	$(KUSTOMIZE) build templates/cluster-templates/hcloud-packer --load-restrictor LoadRestrictionsNone  > templates/cluster-templates/cluster-template-hcloud-packer.yaml
 	$(KUSTOMIZE) build templates/cluster-templates/hcloud-network --load-restrictor LoadRestrictionsNone  > templates/cluster-templates/cluster-template-hcloud-network.yaml
-	$(KUSTOMIZE) build templates/cluster-templates/hcloud-network-packer --load-restrictor LoadRestrictionsNone  > templates/cluster-templates/cluster-template-hcloud-network-packer.yaml
 	$(KUSTOMIZE) build templates/cluster-templates/hetzner-hcloud-control-planes --load-restrictor LoadRestrictionsNone  > templates/cluster-templates/cluster-template-hetzner-hcloud-control-planes.yaml
 	$(KUSTOMIZE) build templates/cluster-templates/hetzner-baremetal-control-planes --load-restrictor LoadRestrictionsNone  > templates/cluster-templates/cluster-template-hetzner-baremetal-control-planes.yaml
 	$(KUSTOMIZE) build templates/cluster-templates/hetzner-baremetal-control-planes-remediation --load-restrictor LoadRestrictionsNone  > templates/cluster-templates/cluster-template-hetzner-baremetal-control-planes-remediation.yaml