feat: DNF5 support + upgrade deps (#38)

README.md

@@ -69,9 +69,9 @@ and check the access by viewing the created cluster nodes:
 ```cmd
 $ kubectl get nodes --kubeconfig=kubeconfig.conf
 NAME                  STATUS   ROLES           AGE   VERSION
-k8s-control-plane-0   Ready    control-plane   31m   v1.31.1
-k8s-worker-0          Ready    <none>          31m   v1.31.1
-k8s-worker-1          Ready    <none>          31m   v1.31.1
+k8s-control-plane-0   Ready    control-plane   31m   v1.31.3
+k8s-worker-0          Ready    <none>          31m   v1.31.3
+k8s-worker-1          Ready    <none>          31m   v1.31.3
 ```
 
 ## Supported base images
@@ -83,6 +83,7 @@ The module should work on most major RPM and DEB distros. It been tested on thes
 - Centos Stream 9 (`centos-stream-9`)
 - Rocky Linux 9 (`rocky-9`)
 - Fedora 40 (`fedora-40`)
+- Fedora 41 (`fedora-41`)
 
 Others may work as well, but have not been tested.
 

modules/kubernetes-node/scripts/prepare-node.sh.tpl

@@ -45,15 +45,23 @@ install_prerequisites() {
 			exclude=kubelet kubeadm kubectl cri-tools kubernetes-cni
 			EOF
 
+		addrepo() {
+			if dnf --version | grep -q dnf5; then
+				dnf -qy config-manager addrepo "--from-repofile=$1"
+			else
+				dnf -qy config-manager --add-repo "$1"
+			fi
+		}
+
 		if [ "$os_id" == "fedora" ]; then
-			dnf -qy config-manager --add-repo https://download.docker.com/linux/fedora/docker-ce.repo
+			addrepo https://download.docker.com/linux/fedora/docker-ce.repo
 			dnf -qy install containerd.io ipvsadm wireguard-tools iproute-tc
 		elif [ "$(. /etc/os-release && echo $PLATFORM_ID)" = "platform:el9" ]; then
 			# Wireguard is installed by default on EL9-like systems
-			dnf -qy config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
+			addrepo https://download.docker.com/linux/centos/docker-ce.repo
 			dnf -qy install containerd.io ipvsadm wireguard-tools iproute-tc
 		else
-			dnf -qy config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
+			addrepo https://download.docker.com/linux/centos/docker-ce.repo
 			dnf -qy install elrepo-release epel-release
 			dnf -qy install containerd.io ipvsadm kmod-wireguard wireguard-tools iproute-tc
 		fi
@@ -124,7 +132,11 @@ install_kubernetes() {
 		fi
 
 		echo 'KUBELET_EXTRA_ARGS=--cloud-provider=external --node-ip=::' > /etc/sysconfig/kubelet
-		dnf -qy install kubelet-${kubernetes_version}-* kubeadm-${kubernetes_version}-* kubectl-${kubernetes_version}-* --disableexcludes=kubernetes
+		if dnf --version | grep -q dnf5; then
+			dnf -qy install kubelet-${kubernetes_version}-* kubeadm-${kubernetes_version}-* kubectl-${kubernetes_version}-* --setopt=disable_excludes=kubernetes
+		else
+			dnf -qy install kubelet-${kubernetes_version}-* kubeadm-${kubernetes_version}-* kubectl-${kubernetes_version}-* --disableexcludes=kubernetes
+		fi
 		systemctl enable --now containerd kubelet
 	fi
 }

modules/worker-node/variables.tf

@@ -51,7 +51,7 @@ variable "labels" {
 variable "kubernetes_version" {
   description = "Kubernetes version"
   type        = string
-  default     = "1.31.1"
+  default     = "1.31.3"
 
   validation {
     condition     = can(regex("^1\\.([0-9]+)\\.([0-9]+)$", var.kubernetes_version))

templates/hetzner_ccm.yaml.tpl

@@ -54,14 +54,12 @@ spec:
         - key: "node-role.kubernetes.io/control-plane"
           effect: NoSchedule
           operator: Exists
-
         - key: "node.kubernetes.io/not-ready"
           effect: "NoExecute"
-      hostNetwork: true
+
       containers:
         - name: hcloud-cloud-controller-manager
-          command:
-            - "/bin/hcloud-cloud-controller-manager"
+          args:
             - "--allow-untagged-cloud"
             - "--cloud-provider=hcloud"
             - "--route-reconciliation-period=30s"
@@ -90,7 +88,7 @@ spec:
 %{ endif ~}
             - name: HCLOUD_INSTANCES_ADDRESS_FAMILY
               value: dualstack
-          image: docker.io/hetznercloud/hcloud-cloud-controller-manager:v1.20.0 # x-release-please-version
+          image: docker.io/hetznercloud/hcloud-cloud-controller-manager:v1.21.0 # x-releaser-pleaser-version
           ports:
             - name: metrics
               containerPort: 8233

templates/hetzner_csi.yaml.tpl

@@ -149,7 +149,7 @@ metadata:
     app.kubernetes.io/name: hcloud-csi
     app.kubernetes.io/instance: hcloud-csi
     app.kubernetes.io/component: node
-    app: hcloud-csi
+    app: hcloud-csi 
 spec:
   updateStrategy:
     type: RollingUpdate
@@ -164,7 +164,7 @@ spec:
         app.kubernetes.io/component: node
         app: hcloud-csi
     spec:
-
+      
       affinity:
         nodeAffinity:
           requiredDuringSchedulingIgnoredDuringExecution:
@@ -174,6 +174,10 @@ spec:
                 operator: NotIn
                 values:
                 - "true"
+              - key: instance.hetzner.cloud/provided-by
+                operator: NotIn
+                values:
+                - robot
       tolerations:
         - effect: NoExecute
           operator: Exists
@@ -186,7 +190,7 @@ spec:
       initContainers:
       containers:
         - name: csi-node-driver-registrar
-          image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.11.1
+          image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.12.0
           imagePullPolicy: IfNotPresent
           args:
             - --kubelet-registration-path=/var/lib/kubelet/plugins/csi.hetzner.cloud/socket
@@ -199,7 +203,7 @@ spec:
             limits: {}
             requests: {}
         - name: liveness-probe
-          image: registry.k8s.io/sig-storage/livenessprobe:v2.13.1
+          image: registry.k8s.io/sig-storage/livenessprobe:v2.14.0
           imagePullPolicy: IfNotPresent
           volumeMounts:
           - mountPath: /run/csi
@@ -208,7 +212,7 @@ spec:
             limits: {}
             requests: {}
         - name: hcloud-csi-driver
-          image: docker.io/hetznercloud/hcloud-csi-driver:v2.9.0 # x-release-please-version
+          image: docker.io/hetznercloud/hcloud-csi-driver:v2.11.0 # x-releaser-pleaser-version
           imagePullPolicy: IfNotPresent
           command: [/bin/hcloud-csi-driver-node]
           volumeMounts:
@@ -274,7 +278,7 @@ metadata:
     app.kubernetes.io/name: hcloud-csi
     app.kubernetes.io/instance: hcloud-csi
     app.kubernetes.io/component: controller
-    app: hcloud-csi-controller
+    app: hcloud-csi-controller 
 spec:
   replicas: 1
   strategy:
@@ -291,13 +295,23 @@ spec:
         app: hcloud-csi-controller
     spec:
       serviceAccountName: hcloud-csi-controller
-
+
+      affinity:
+        nodeAffinity:
+          preferredDuringSchedulingIgnoredDuringExecution:
+          - preference:
+              matchExpressions:
+              - key: instance.hetzner.cloud/provided-by
+                operator: In
+                values:
+                - cloud
+            weight: 1
       securityContext:
         fsGroup: 1001
       initContainers:
       containers:
         - name: csi-attacher
-          image: registry.k8s.io/sig-storage/csi-attacher:v4.6.1
+          image: registry.k8s.io/sig-storage/csi-attacher:v4.7.0
           imagePullPolicy: IfNotPresent
           resources:
             limits: {}
@@ -309,7 +323,7 @@ spec:
             mountPath: /run/csi
 
         - name: csi-resizer
-          image: registry.k8s.io/sig-storage/csi-resizer:v1.11.2
+          image: registry.k8s.io/sig-storage/csi-resizer:v1.12.0
           imagePullPolicy: IfNotPresent
           resources:
             limits: {}
@@ -319,7 +333,7 @@ spec:
             mountPath: /run/csi
 
         - name: csi-provisioner
-          image: registry.k8s.io/sig-storage/csi-provisioner:v5.0.2
+          image: registry.k8s.io/sig-storage/csi-provisioner:v5.1.0
           imagePullPolicy: IfNotPresent
           resources:
             limits: {}
@@ -332,7 +346,7 @@ spec:
             mountPath: /run/csi
 
         - name: liveness-probe
-          image: registry.k8s.io/sig-storage/livenessprobe:v2.13.1
+          image: registry.k8s.io/sig-storage/livenessprobe:v2.14.0
           imagePullPolicy: IfNotPresent
           resources:
             limits: {}
@@ -342,7 +356,7 @@ spec:
             name: socket-dir
 
         - name: hcloud-csi-driver
-          image: docker.io/hetznercloud/hcloud-csi-driver:v2.9.0 # x-release-please-version
+          image: docker.io/hetznercloud/hcloud-csi-driver:v2.11.0 # x-releaser-pleaser-version
           imagePullPolicy: IfNotPresent
           command: [/bin/hcloud-csi-driver-controller]
           env:
@@ -397,5 +411,6 @@ spec:
   attachRequired: true
   fsGroupPolicy: File
   podInfoOnMount: true
+  seLinuxMount: true
   volumeLifecycleModes:
   - Persistent

templates/wigglenet.yaml.tpl

@@ -54,7 +54,7 @@ spec:
       serviceAccountName: wigglenet
       containers:
       - name: wigglenet
-        image: ghcr.io/tibordp/wigglenet:v0.4.2
+        image: ghcr.io/tibordp/wigglenet:v0.4.4
         imagePullPolicy: IfNotPresent
         env:
         - name: NODE_NAME

variables.tf

@@ -116,9 +116,9 @@ variable "primary_ip_family" {
 }
 
 variable "kubernetes_version" {
-  description = "Version of Kubernetes to install (default: 1.31.1)"
+  description = "Version of Kubernetes to install (default: 1.31.3)"
   type        = string
-  default     = "1.31.1"
+  default     = "1.31.3"
 
   validation {
     condition     = can(regex("^1\\.([0-9]+)\\.([0-9]+)$", var.kubernetes_version))