Merge pull request #297 from sighupio/feat/release-v1.30.0

feat: release v1.30.0

.drone.yml

@@ -15,13 +15,13 @@ clone:
 
 steps:
   - name: license-check
-    image: quay.io/sighup/golang:1.21.5
+    image: quay.io/sighup/golang:1.23.3
     pull: always
     commands:
       - make license-check
 
   - name: schema-check
-    image: quay.io/sighup/golang:1.21.5
+    image: quay.io/sighup/golang:1.23.3
     pull: always
     commands:
       - |-
@@ -49,39 +49,52 @@ steps:
       - license-check
       - schema-check
 
-  - name: lint-go
-    image: quay.io/sighup/golang:1.21.5
-    pull: always
-    commands:
-      - make lint-go
-    depends_on:
-      - license-check
-      - schema-check
+  # - name: lint-go
+  #   image: quay.io/sighup/golang:1.23.3
+  #   pull: always
+  #   commands:
+  #     - make lint-go
+  #   depends_on:
+  #     - license-check
+  #     - schema-check
 
   - name: test-schema
-    # KUBECTL 1.25.3 - KUSTOMIZE 3.5.3 - HELM 3.1.1 - YQ 4.21.1 - ISTIOCTL 1.9.4 - FURYCTL 0.9.0 - BATS 1.1.0
-    image: quay.io/sighup/e2e-testing:1.1.0_0.9.0_3.1.1_1.9.4_1.25.3_3.5.3_4.21.1
+    image: quay.io/sighup/e2e-testing:1.1.0_1.30.5_3.10.0_4.33.3
     pull: always
     depends_on:
       - license-check
       - schema-check
+    environment:
+      JV_VERSION: 6.0.1
     commands:
+      # we need to download `jv` for running the JSON Schemas tests.
+      - curl -L https://github.com/santhosh-tekuri/jsonschema/releases/download/v$${JV_VERSION}/jv-v$${JV_VERSION}-linux-amd64.tar.gz | tar zx --directory /usr/local/bin/
       - bats -t tests/schema.sh
 
   - name: render
-    # KUBECTL 1.25.3 - KUSTOMIZE 3.5.3 - HELM 3.1.1 - YQ 4.21.1 - ISTIOCTL 1.9.4 - FURYCTL 0.9.0 - BATS 1.1.0
-    image: quay.io/sighup/e2e-testing:1.1.0_0.9.0_3.1.1_1.9.4_1.25.3_3.5.3_4.21.1
+    image: quay.io/sighup/e2e-testing:1.1.0_1.30.5_3.10.0_4.33.3
     pull: always
-    commands:
-      - echo $${NETRC_FILE} > /root/.netrc
-      - furyctl vendor -H
-      - kustomize build . > distribution.yml
-    environment:
-      NETRC_FILE:
-        from_secret: NETRC_FILE
     depends_on:
       - license-check
       - schema-check
+    environment:
+      NETRC_FILE:
+        from_secret: NETRC_FILE
+      FURYCTL_VERSION: v0.30.0-rc.1
+      FURYCTL_CONFIG: tests/e2e/kfddistribution/furyctl-init-cluster.yaml
+      FURYCTL_DISTRO_LOCATION: ./
+      FURYCTL_OUTDIR: ./
+      FURYCTL_DISABLE_ANALYTICS: "true"
+      KUBECONFIG: ./dummy
+    commands:
+      - echo $${NETRC_FILE} > /root/.netrc
+      - echo "Installing furyctl version $${FURYCTL_VERSION}..."
+      - curl -L "https://github.com/sighupio/furyctl/releases/download/$${FURYCTL_VERSION}/furyctl-$(uname -s)-amd64.tar.gz" | tar xz -C /usr/local/bin/
+      - furyctl download dependencies && furyctl dump template
+      # Move the folder with the manifests generated from the templates into the right path
+      - mv distribution $${FURYTCL_OUTDIR}.furyctl/$$(yq .metadata.name $FURYCTL_CONFIG)
+      # Build the whole distribution
+      - kustomize build $${FURYTCL_OUTDIR}.furyctl/$$(yq .metadata.name $FURYCTL_CONFIG)/distribution/manifests > distribution.yml
 
   - name: check-deprecated-apis
     image: us-docker.pkg.dev/fairwinds-ops/oss/pluto:v5
@@ -90,10 +103,10 @@ steps:
       - render
     commands:
       # we use --ignore-deprecations because we don't want the CI to fail when the API has not been removed yet.
-      - /pluto detect distribution.yml --ignore-deprecations --target-versions=k8s=v1.29.0
+      - /pluto detect distribution.yml --ignore-deprecations --target-versions=k8s=v1.30.0
 
 ---
-name: e2e-kubernetes-1.29
+name: e2e-kubernetes-1.30
 kind: pipeline
 type: docker
 
@@ -116,13 +129,13 @@ trigger:
 
 steps:
   - name: create Kind cluster
-    image: quay.io/sighup/dind-kind-kubectl-kustomize:0.20.0_1.29.1_3.10.0
+    image: quay.io/sighup/dind-kind-kubectl-kustomize:0.24.0_1.30.5_3.10.0
     pull: always
     volumes:
       - name: dockersock
         path: /var/run/docker.sock
     environment:
-      CLUSTER_VERSION: v1.29.0
+      CLUSTER_VERSION: v1.30.6
       CLUSTER_NAME: ${DRONE_REPO_NAME}-${DRONE_BUILD_NUMBER}
       # /drone/src is the default workdir for the pipeline
       # using this folder we don't need to mount another
@@ -148,16 +161,15 @@ steps:
       - kind get kubeconfig --name $${CLUSTER_NAME} > $${KUBECONFIG}
 
   - name: e2e-kfddistribution
-    # KUBECTL_KUSTOMIZE_HELM_YQ_ISTIOCTL_FURYCTL_BATS
-    image: quay.io/sighup/e2e-testing:1.1.0_0.11.0_3.1.1_1.9.4_1.26.3_3.5.3_4.33.3
+    image: quay.io/sighup/e2e-testing:1.1.0_1.30.5_3.10.0_4.33.3
     pull: always
     # we need to use host network to access Kind API port that is listening on the worker's loopback
     # beacuse we mount the host's Docker socket to run Kind.
     network_mode: host
     environment:
       CLUSTER_NAME: ${DRONE_REPO_NAME}-${DRONE_BUILD_NUMBER}
       KUBECONFIG: /drone/src/kubeconfig
-      FURYCTL_VERSION: v0.29.7-rc.0
+      FURYCTL_VERSION: v0.30.0-rc.1
     depends_on: [create Kind cluster]
     commands:
       - export KUBECONFIG=/drone/src/kubeconfig
@@ -175,7 +187,7 @@ steps:
       - tests/e2e-kfddistribution.sh
 
   - name: delete-kind-cluster
-    image: quay.io/sighup/dind-kind-kubectl-kustomize:0.20.0_1.29.1_3.10.0
+    image: quay.io/sighup/dind-kind-kubectl-kustomize:0.24.0_1.30.5_3.10.0
     volumes:
       - name: dockersock
         path: /var/run/docker.sock
@@ -196,13 +208,13 @@ volumes:
     host:
       path: /var/run/docker.sock
 ---
-name: e2e-kubernetes-1.29.0-1.29.1-1.29.2-1.29.3-1.29.4
+name: e2e-kubernetes-1.29.4-to-1.30.0
 kind: pipeline
 type: docker
 
 depends_on:
   - qa
-  - e2e-kubernetes-1.29
+  - e2e-kubernetes-1.30
 
 clone:
   depth: 1
@@ -220,13 +232,13 @@ trigger:
 
 steps:
   - name: create Kind cluster
-    image: quay.io/sighup/dind-kind-kubectl-kustomize:0.20.0_1.29.1_3.10.0
+    image: quay.io/sighup/dind-kind-kubectl-kustomize:0.24.0_1.30.5_3.10.0
     pull: always
     volumes:
       - name: dockersock
         path: /var/run/docker.sock
     environment:
-      CLUSTER_VERSION: v1.29.0
+      CLUSTER_VERSION: v1.30.6
       CLUSTER_NAME: ${DRONE_REPO_NAME}-${DRONE_BUILD_NUMBER}-upgrades
       # /drone/src is the default workdir for the pipeline
       # using this folder we don't need to mount another
@@ -252,16 +264,15 @@ steps:
       - kind get kubeconfig --name $${CLUSTER_NAME} > $${KUBECONFIG}
 
   - name: e2e-kfddistribution
-    # KUBECTL_KUSTOMIZE_HELM_YQ_ISTIOCTL_FURYCTL_BATS
-    image: quay.io/sighup/e2e-testing:1.1.0_0.11.0_3.1.1_1.9.4_1.26.3_3.5.3_4.33.3
+    image: quay.io/sighup/e2e-testing:1.1.0_1.30.5_3.10.0_4.33.3
     pull: always
     # we need to use host network to access Kind API port that is listening on the worker's loopback
     # beacuse we mount the host's Docker socket to run Kind.
     network_mode: host
     environment:
       CLUSTER_NAME: ${DRONE_REPO_NAME}-${DRONE_BUILD_NUMBER}-upgrades
       KUBECONFIG: /drone/src/kubeconfig-upgrades
-      FURYCTL_VERSION: v0.29.7-rc.0
+      FURYCTL_VERSION: v0.30.0-rc.1
     depends_on: [create Kind cluster]
     commands:
       - export KUBECONFIG=/drone/src/kubeconfig-upgrades
@@ -279,7 +290,7 @@ steps:
       - tests/e2e-kfddistribution-upgrades.sh
 
   - name: delete-kind-cluster
-    image: quay.io/sighup/dind-kind-kubectl-kustomize:0.20.0_1.29.1_3.10.0
+    image: quay.io/sighup/dind-kind-kubectl-kustomize:0.24.0_1.30.5_3.10.0
     volumes:
       - name: dockersock
         path: /var/run/docker.sock
@@ -305,8 +316,8 @@ kind: pipeline
 type: docker
 
 depends_on:
-  - e2e-kubernetes-1.29
-  - e2e-kubernetes-1.29.0-1.29.1-1.29.2-1.29.3-1.29.4
+  - e2e-kubernetes-1.30
+  - e2e-kubernetes-1.29.4-to-1.30.0
 
 platform:
   os: linux
@@ -320,22 +331,6 @@ trigger:
       - refs/tags/**-docs*
 
 steps:
-  - name: prepare-release-manifests
-    image: quay.io/sighup/e2e-testing:1.1.0_0.7.0_3.1.1_1.9.4_1.24.1_3.8.7_4.21.1
-    pull: always
-    depends_on: [clone]
-    environment:
-      RELEASE_MANIFESTS_PATH: fury-distribution-${DRONE_TAG}.yml
-    commands:
-      - furyctl vendor -H
-      - kustomize build . > $${RELEASE_MANIFESTS_PATH}
-    when:
-      ref:
-        include:
-          - refs/tags/**
-        exclude:
-          - refs/tags/**-docs*
-
   - name: prepare-release-notes
     image: quay.io/sighup/fury-release-notes-plugin:3.7_2.8.4
     depends_on: [clone]
@@ -352,16 +347,12 @@ steps:
     image: plugins/github-release
     pull: always
     depends_on:
-      - prepare-release-manifests
       - prepare-release-notes
     settings:
       api_key:
         from_secret: github_token
       file_exists: skip
       files:
-        - fury-distribution-${DRONE_TAG}.yml
-        - Furyfile.yaml
-        - kustomization.yaml
         - kfd.yaml
       prerelease: true
       overwrite: true
@@ -381,16 +372,12 @@ steps:
     image: plugins/github-release
     pull: always
     depends_on:
-      - prepare-release-manifests
       - prepare-release-notes
     settings:
       api_key:
         from_secret: github_token
       file_exists: skip
       files:
-        - fury-distribution-${DRONE_TAG}.yml
-        - Furyfile.yaml
-        - kustomization.yaml
         - kfd.yaml
       prerelease: false
       overwrite: true

.tool-versions

@@ -1,7 +1,7 @@
 bats 1.9.0
 drone 1.7.0
-golang 1.21.5
-golangci-lint 1.55.2
+golang 1.23.3
+golangci-lint 1.62.0
 yq 4.33.3
 jq 1.6
 make 4.4.1

Makefile

@@ -52,10 +52,10 @@ lint-go:
 
 .PHONY: tools-go
 tools-go:
-	@go install github.com/evanphx/json-patch/cmd/json-patch@v5.6.0
+	@go install github.com/evanphx/json-patch/v5/cmd/json-patch@v5.9.0
 	@go install github.com/google/addlicense@v1.1.1
-	@go install mvdan.cc/gofumpt@v0.5.0
-	@go install golang.org/x/tools/cmd/goimports@v0.9.3
+	@go install mvdan.cc/gofumpt@v0.7.0
+	@go install golang.org/x/tools/cmd/goimports@v0.26.0
 	@go install github.com/daixiang0/gci@v0.10.1
 	@go install github.com/momaek/formattag@v0.0.9
 	@go install github.com/santhosh-tekuri/jsonschema/cmd/jv@v0.4.0
@@ -94,6 +94,20 @@ generate-docs:
 	@md-gen gen --input schemas/public/kfddistribution-kfd-v1alpha2.json --output docs/schemas/kfddistribution-kfd-v1alpha2.md --overwrite --banner banners/kfddistribution.md
 	@md-gen gen --input schemas/public/ekscluster-kfd-v1alpha2.json --output docs/schemas/ekscluster-kfd-v1alpha2.md --overwrite --banner banners/ekscluster.md
 
+.PHONY: generate-np-diagrams
+generate-np-diagrams:
+	docker run --rm -v $(PWD)/docs/network-policies:/workdir minlag/mermaid-cli:latest -i "/workdir/overview.md" -o "/workdir/overview.png" -w 2048 -H 1536 -b white
+	docker run --rm -v $(PWD)/docs/network-policies/modules/auth:/workdir minlag/mermaid-cli:latest -i "/workdir/sso.md" -o "/workdir/sso.png" -w 2048 -H 1536 -b white
+	docker run --rm -v $(PWD)/docs/network-policies/modules/ingress:/workdir minlag/mermaid-cli:latest -i "/workdir/single.md" -o "/workdir/single.png" -w 2048 -H 1536 -b white
+	docker run --rm -v $(PWD)/docs/network-policies/modules/ingress:/workdir minlag/mermaid-cli:latest -i "/workdir/dual.md" -o "/workdir/dual.png" -w 2048 -H 1536 -b white
+	docker run --rm -v $(PWD)/docs/network-policies/modules/logging:/workdir minlag/mermaid-cli:latest -i "/workdir/loki.md" -o "/workdir/loki.png" -w 2048 -H 1536 -b white
+	docker run --rm -v $(PWD)/docs/network-policies/modules/logging:/workdir minlag/mermaid-cli:latest -i "/workdir/opensearch.md" -o "/workdir/opensearch.png" -w 2048 -H 1536 -b white
+	docker run --rm -v $(PWD)/docs/network-policies/modules/monitoring:/workdir minlag/mermaid-cli:latest -i "/workdir/mimir.md" -o "/workdir/mimir.png" -w 2048 -H 1536 -b white
+	docker run --rm -v $(PWD)/docs/network-policies/modules/monitoring:/workdir minlag/mermaid-cli:latest -i "/workdir/prometheus.md" -o "/workdir/prometheus.png" -w 2048 -H 1536 -b white
+	docker run --rm -v $(PWD)/docs/network-policies/modules/opa:/workdir minlag/mermaid-cli:latest -i "/workdir/gatekeeper.md" -o "/workdir/gatekeeper.png" -w 2048 -H 1536 -b white
+	docker run --rm -v $(PWD)/docs/network-policies/modules/opa:/workdir minlag/mermaid-cli:latest -i "/workdir/kyverno.md" -o "/workdir/kyverno.png" -w 2048 -H 1536 -b white
+	docker run --rm -v $(PWD)/docs/network-policies/modules/tracing:/workdir minlag/mermaid-cli:latest -i "/workdir/tempo.md" -o "/workdir/tempo.png" -w 2048 -H 1536 -b white
+
 .PHONY: dump-private-schema
 dump-private-schema:
 	@cat schemas/public/ekscluster-kfd-v1alpha2.json | \

README.md

@@ -7,8 +7,8 @@
 <p align="center">Kubernetes Fury Distribution (KFD) is a certified battle-tested Kubernetes distribution based purely on upstream Kubernetes.</p>
 <!-- markdownlint-enable MD033 MD045 -->
 
-[![Build Status](http://ci.sighup.io/api/badges/sighupio/fury-distribution/status.svg?ref=refs/tags/v1.29.4)](http://ci.sighup.io/sighupio/fury-distribution)
-[![Release](https://img.shields.io/badge/release-v1.29.4-blue?label=FuryDistributionRelease)](https://github.com/sighupio/fury-distribution/releases/latest)
+[![Build Status](http://ci.sighup.io/api/badges/sighupio/fury-distribution/status.svg?ref=refs/tags/v1.30.0)](http://ci.sighup.io/sighupio/fury-distribution)
+[![Release](https://img.shields.io/badge/release-v1.30.0-blue?label=FuryDistributionRelease)](https://github.com/sighupio/fury-distribution/releases/latest)
 [![Slack](https://img.shields.io/badge/slack-@kubernetes/fury-yellow.svg?logo=slack)](https://kubernetes.slack.com/archives/C0154HYTAQH)
 [![License](https://img.shields.io/github/license/sighupio/fury-distribution)](https://github.com/sighupio/fury-distribution/blob/main/LICENSE)
 
@@ -130,9 +130,9 @@ Current supported versions of KFD are:
 
 |                                  KFD Version                                   | Kubernetes Version |
 | :----------------------------------------------------------------------------: | :----------------: |
-| [`1.29.4`](https://github.com/sighupio/fury-distribution/releases/tag/v1.29.4) |      `1.29.x`      |
-| [`1.28.4`](https://github.com/sighupio/fury-distribution/releases/tag/v1.28.4) |      `1.28.x`      |
-| [`1.27.9`](https://github.com/sighupio/fury-distribution/releases/tag/v1.27.8) |      `1.27.x`      |
+| [`1.30.0`](https://github.com/sighupio/fury-distribution/releases/tag/v1.30.0) |      `1.30.x`      |
+| [`1.29.5`](https://github.com/sighupio/fury-distribution/releases/tag/v1.29.5) |      `1.29.x`      |
+| [`1.28.5`](https://github.com/sighupio/fury-distribution/releases/tag/v1.28.5) |      `1.28.x`      |
 
 Check the [compatibility matrix][compatibility-matrix] for additional information about previous releases of the Distribution and the compatibility with `furyctl`.
 
@@ -174,14 +174,14 @@ KFD is open-source software and it's released under the following [LICENSE](LICE
 [dr-module]: https://github.com/sighupio/fury-kubernetes-dr
 [opa-module]: https://github.com/sighupio/fury-kubernetes-opa
 [auth-module]: https://github.com/sighupio/fury-kubernetes-auth
-[networking-version]: https://img.shields.io/badge/release-v1.17.0-blue
-[ingress-version]: https://img.shields.io/badge/release-v2.3.3-blue
-[logging-version]: https://img.shields.io/badge/release-v3.4.1-blue
-[monitoring-version]: https://img.shields.io/badge/release-v3.2.0-blue
-[tracing-version]: https://img.shields.io/badge/release-v1.0.3-blue
-[dr-version]: https://img.shields.io/badge/release-v2.3.0-blue
-[opa-version]: https://img.shields.io/badge/release-v1.12.0-blue
-[auth-version]: https://img.shields.io/badge/release-v0.3.0-blue
+[networking-version]: https://img.shields.io/badge/release-v2.0.0-blue
+[ingress-version]: https://img.shields.io/badge/release-v3.0.1-blue
+[logging-version]: https://img.shields.io/badge/release-v4.0.0-blue
+[monitoring-version]: https://img.shields.io/badge/release-v3.3.0-blue
+[tracing-version]: https://img.shields.io/badge/release-v1.1.0-blue
+[dr-version]: https://img.shields.io/badge/release-v3.0.0-blue
+[opa-version]: https://img.shields.io/badge/release-v1.13.0-blue
+[auth-version]: https://img.shields.io/badge/release-v0.4.0-blue
 
 <!-- Addon Modules -->