From bf3a5e01190e1cf80769343cf94af4c1bfb80318 Mon Sep 17 00:00:00 2001 From: Andrey Smirnov Date: Fri, 11 Aug 2023 16:08:07 +0400 Subject: [PATCH] chore: add version compatibility for Talos 1.6 This will be backported to 1.5, so that Talos 1.5 machinery will still provide compatibility for (future) Talos 1.6. Signed-off-by: Andrey Smirnov --- .../compatibility/kubernetes_version.go | 3 ++ .../compatibility/kubernetes_version_test.go | 33 +++++++++++- .../compatibility/talos16/talos16.go | 28 ++++++++++ pkg/machinery/compatibility/talos_version.go | 4 ++ .../compatibility/talos_version_test.go | 53 +++++++++++++++++-- pkg/machinery/config/contract.go | 1 + pkg/machinery/config/contract_test.go | 24 +++++++++ 7 files changed, 140 insertions(+), 6 deletions(-) create mode 100644 pkg/machinery/compatibility/talos16/talos16.go diff --git a/pkg/machinery/compatibility/kubernetes_version.go b/pkg/machinery/compatibility/kubernetes_version.go index ab07f2a096..089a02799e 100644 --- a/pkg/machinery/compatibility/kubernetes_version.go +++ b/pkg/machinery/compatibility/kubernetes_version.go @@ -14,6 +14,7 @@ import ( "github.com/siderolabs/talos/pkg/machinery/compatibility/talos13" "github.com/siderolabs/talos/pkg/machinery/compatibility/talos14" "github.com/siderolabs/talos/pkg/machinery/compatibility/talos15" + "github.com/siderolabs/talos/pkg/machinery/compatibility/talos16" ) // KubernetesVersion embeds Kubernetes version. @@ -50,6 +51,8 @@ func (v *KubernetesVersion) SupportedWith(target *TalosVersion) error { minK8sVersion, maxK8sVersion = talos14.MinimumKubernetesVersion, talos14.MaximumKubernetesVersion case talos15.MajorMinor: // upgrades to 1.5.x minK8sVersion, maxK8sVersion = talos15.MinimumKubernetesVersion, talos15.MaximumKubernetesVersion + case talos16.MajorMinor: // upgrades to 1.6.x + minK8sVersion, maxK8sVersion = talos16.MinimumKubernetesVersion, talos16.MaximumKubernetesVersion default: return fmt.Errorf("compatibility with version %s is not supported", target.String()) } diff --git a/pkg/machinery/compatibility/kubernetes_version_test.go b/pkg/machinery/compatibility/kubernetes_version_test.go index 68e9fc8bc0..dd66738966 100644 --- a/pkg/machinery/compatibility/kubernetes_version_test.go +++ b/pkg/machinery/compatibility/kubernetes_version_test.go @@ -154,12 +154,41 @@ func TestKubernetesCompatibility15(t *testing.T) { } } +func TestKubernetesCompatibility16(t *testing.T) { + for _, tt := range []kubernetesVersionTest{ + { + kubernetesVersion: "1.27.1", + target: "1.6.0", + }, + { + kubernetesVersion: "1.28.3", + target: "1.6.0-beta.0", + }, + { + kubernetesVersion: "1.29.0-rc.0", + target: "1.6.7", + }, + { + kubernetesVersion: "1.30.0-alpha.0", + target: "1.6.0", + expectedError: "version of Kubernetes 1.30.0-alpha.0 is too new to be used with Talos 1.6.0", + }, + { + kubernetesVersion: "1.26.1", + target: "1.6.0", + expectedError: "version of Kubernetes 1.26.1 is too old to be used with Talos 1.6.0", + }, + } { + runKubernetesVersionTest(t, tt) + } +} + func TestKubernetesCompatibilityUnsupported(t *testing.T) { for _, tt := range []kubernetesVersionTest{ { kubernetesVersion: "1.25.0", - target: "1.6.0-alpha.0", - expectedError: "compatibility with version 1.6.0-alpha.0 is not supported", + target: "1.7.0-alpha.0", + expectedError: "compatibility with version 1.7.0-alpha.0 is not supported", }, { kubernetesVersion: "1.25.0", diff --git a/pkg/machinery/compatibility/talos16/talos16.go b/pkg/machinery/compatibility/talos16/talos16.go new file mode 100644 index 0000000000..15dbc1b327 --- /dev/null +++ b/pkg/machinery/compatibility/talos16/talos16.go @@ -0,0 +1,28 @@ +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this +// file, You can obtain one at http://mozilla.org/MPL/2.0/. + +// Package talos16 provides compatibility constants for Talos 1.6. +package talos16 + +import ( + "github.com/blang/semver/v4" +) + +// MajorMinor is the major.minor version of Talos 1.6. +var MajorMinor = [2]uint64{1, 6} + +// MinimumHostUpgradeVersion is the minimum version of Talos that can be upgraded to 1.6. +var MinimumHostUpgradeVersion = semver.MustParse("1.3.0") + +// MaximumHostDowngradeVersion is the maximum (not inclusive) version of Talos that can be downgraded to 1.6. +var MaximumHostDowngradeVersion = semver.MustParse("1.8.0") + +// DeniedHostUpgradeVersions are the versions of Talos that cannot be upgraded to 1.6. +var DeniedHostUpgradeVersions = []semver.Version{} + +// MinimumKubernetesVersion is the minimum version of Kubernetes is supported with 1.6. +var MinimumKubernetesVersion = semver.MustParse("1.27.0") + +// MaximumKubernetesVersion is the maximum version of Kubernetes is supported with 1.6. +var MaximumKubernetesVersion = semver.MustParse("1.29.99") diff --git a/pkg/machinery/compatibility/talos_version.go b/pkg/machinery/compatibility/talos_version.go index cf97477a61..df7845b882 100644 --- a/pkg/machinery/compatibility/talos_version.go +++ b/pkg/machinery/compatibility/talos_version.go @@ -15,6 +15,7 @@ import ( "github.com/siderolabs/talos/pkg/machinery/compatibility/talos13" "github.com/siderolabs/talos/pkg/machinery/compatibility/talos14" "github.com/siderolabs/talos/pkg/machinery/compatibility/talos15" + "github.com/siderolabs/talos/pkg/machinery/compatibility/talos16" ) // TalosVersion embeds Talos version. @@ -69,6 +70,9 @@ func (v *TalosVersion) UpgradeableFrom(host *TalosVersion) error { case talos15.MajorMinor: // upgrades to 1.5.x minHostUpgradeVersion, maxHostDowngradeVersion = talos15.MinimumHostUpgradeVersion, talos15.MaximumHostDowngradeVersion deniedHostUpgradeVersions = talos15.DeniedHostUpgradeVersions + case talos16.MajorMinor: // upgrades to 1.6.x + minHostUpgradeVersion, maxHostDowngradeVersion = talos16.MinimumHostUpgradeVersion, talos16.MaximumHostDowngradeVersion + deniedHostUpgradeVersions = talos16.DeniedHostUpgradeVersions default: return fmt.Errorf("upgrades to version %s are not supported", v.version.String()) } diff --git a/pkg/machinery/compatibility/talos_version_test.go b/pkg/machinery/compatibility/talos_version_test.go index c996b62d7e..248d193888 100644 --- a/pkg/machinery/compatibility/talos_version_test.go +++ b/pkg/machinery/compatibility/talos_version_test.go @@ -163,17 +163,58 @@ func TestTalosUpgradeCompatibility15(t *testing.T) { } } +func TestTalosUpgradeCompatibility16(t *testing.T) { + for _, tt := range []talosVersionTest{ + { + host: "1.4.0", + target: "1.6.0", + }, + { + host: "1.3.0-alpha.0", + target: "1.6.0", + }, + { + host: "1.3.0", + target: "1.6.0-alpha.0", + }, + { + host: "1.6.0", + target: "1.6.1", + }, + { + host: "1.6.0-beta.0", + target: "1.6.0", + }, + { + host: "1.7.5", + target: "1.6.3", + }, + { + host: "1.2.0", + target: "1.6.0", + expectedError: `host version 1.2.0 is too old to upgrade to Talos 1.6.0`, + }, + { + host: "1.8.0-alpha.0", + target: "1.6.0", + expectedError: `host version 1.8.0-alpha.0 is too new to downgrade to Talos 1.6.0`, + }, + } { + runTalosVersionTest(t, tt) + } +} + func TestTalosUpgradeCompatibilityUnsupported(t *testing.T) { for _, tt := range []talosVersionTest{ { host: "1.3.0", - target: "1.7.0-alpha.0", - expectedError: `upgrades to version 1.7.0-alpha.0 are not supported`, + target: "1.8.0-alpha.0", + expectedError: `upgrades to version 1.8.0-alpha.0 are not supported`, }, { host: "1.4.0", - target: "1.6.0-alpha.0", - expectedError: `upgrades to version 1.6.0-alpha.0 are not supported`, + target: "1.7.0-alpha.0", + expectedError: `upgrades to version 1.7.0-alpha.0 are not supported`, }, } { runTalosVersionTest(t, tt) @@ -201,6 +242,10 @@ func TestDisablePredictableNetworkInterfaces(t *testing.T) { host: "1.6.0", expected: false, }, + { + host: "1.7.0", + expected: false, + }, } { tt := tt diff --git a/pkg/machinery/config/contract.go b/pkg/machinery/config/contract.go index f06e4587e6..6c2ba595c8 100644 --- a/pkg/machinery/config/contract.go +++ b/pkg/machinery/config/contract.go @@ -24,6 +24,7 @@ type VersionContract struct { // Well-known Talos version contracts. var ( TalosVersionCurrent = (*VersionContract)(nil) + TalosVersion1_6 = &VersionContract{1, 6} TalosVersion1_5 = &VersionContract{1, 5} TalosVersion1_4 = &VersionContract{1, 4} TalosVersion1_3 = &VersionContract{1, 3} diff --git a/pkg/machinery/config/contract_test.go b/pkg/machinery/config/contract_test.go index 9bc6088a16..3fa8eb33d6 100644 --- a/pkg/machinery/config/contract_test.go +++ b/pkg/machinery/config/contract_test.go @@ -68,6 +68,30 @@ func TestContractCurrent(t *testing.T) { assert.True(t, contract.DiskQuotaSupportEnabled()) } +func TestContract1_6(t *testing.T) { + contract := config.TalosVersion1_6 + + assert.True(t, contract.SupportsAggregatorCA()) + assert.True(t, contract.SupportsECDSAKeys()) + assert.True(t, contract.SupportsServiceAccount()) + assert.True(t, contract.SupportsRBACFeature()) + assert.True(t, contract.SupportsDynamicCertSANs()) + assert.True(t, contract.SupportsECDSASHA256()) + assert.True(t, contract.ClusterDiscoveryEnabled()) + assert.False(t, contract.PodSecurityPolicyEnabled()) + assert.True(t, contract.PodSecurityAdmissionEnabled()) + assert.True(t, contract.StableHostnameEnabled()) + assert.True(t, contract.KubeletDefaultRuntimeSeccompProfileEnabled()) + assert.False(t, contract.KubernetesAlternateImageRegistries()) + assert.True(t, contract.KubernetesAllowSchedulingOnControlPlanes()) + assert.True(t, contract.KubernetesDiscoveryBackendDisabled()) + assert.True(t, contract.ApidExtKeyUsageCheckEnabled()) + assert.True(t, contract.APIServerAuditPolicySupported()) + assert.True(t, contract.KubeletManifestsDirectoryDisabled()) + assert.True(t, contract.SecretboxEncryptionSupported()) + assert.True(t, contract.DiskQuotaSupportEnabled()) +} + func TestContract1_5(t *testing.T) { contract := config.TalosVersion1_5