sighupio · nutellinoit · Nov 27, 2023 · Aug 28, 2023 · Aug 28, 2023 · Aug 28, 2023
diff --git a/.drone.yml b/.drone.yml
diff --git a/README.md b/README.md
@@ -29,9 +29,9 @@ Kubernetes Fury Networking provides the following packages:
 
 | Package                    | Version  | Description                                                                                                                                          |
 | -------------------------- | -------- | ---------------------------------------------------------------------------------------------------------------------------------------------------- |
-| [calico](katalog/calico)   | `3.26.1` | [Calico][calico-page] CNI Plugin. For cluster with `< 50` nodes.                                                                                     |
-| [cilium](katalog/cilium)   | `1.13.3` | [Cilium][cilium-page] CNI Plugin. For cluster with `< 200` nodes.                                                                                    |
-| [tigera](katalog/tigera)   | `1.30.4` | [Tigera Operator][tigera-page], a Kubernetes Operator for Calico, provides pre-configured installations for on-prem and for EKS in policy-only mode. |
+| [calico](katalog/calico)   | `3.26.3` | [Calico][calico-page] CNI Plugin. For cluster with `< 50` nodes.                                                                                     |
+| [cilium](katalog/cilium)   | `1.14.3` | [Cilium][cilium-page] CNI Plugin. For cluster with `< 200` nodes.                                                                                    |
+| [tigera](katalog/tigera)   | `1.30.7` | [Tigera Operator][tigera-page], a Kubernetes Operator for Calico, provides pre-configured installations for on-prem and for EKS in policy-only mode. |
 | [ip-masq](katalog/ip-masq) | `2.8.0`  | The `ip-masq-agent` configures iptables rules to implement IP masquerading functionality                                                             |
 
 > The resources in these packages are going to be deployed in `kube-system` namespace. Except for the operator.
@@ -42,9 +42,10 @@ Click on each package to see its full documentation.
 
 | Kubernetes Version |   Compatibility    | Notes           |
 | ------------------ | :----------------: | --------------- |
-| `1.24.x`           | :white_check_mark: | No known issues |
 | `1.25.x`           | :white_check_mark: | No known issues |
 | `1.26.x`           | :white_check_mark: | No known issues |
+| `1.27.x`           | :white_check_mark: | No known issues |
+
 
 Check the [compatibility matrix][compatibility-matrix] for additional information on previous releases of the module.
 
@@ -59,14 +60,14 @@ Check the [compatibility matrix][compatibility-matrix] for additional informatio
 
 ### Deployment
 
-> ⚠️ please notice that the Calico packages is for cluster with less the 50 nodes. If your cluster has more than 50 nodes, you'll need to switch to [Calico + Typha](https://projectcalico.docs.tigera.io/archive/v3.23/getting-started/kubernetes/self-managed-onprem/onpremises#install-calico-with-kubernetes-api-datastore-more-than-50-nodes) or to the [Tigera Operator](katalog/tigera/README.md).
+> ⚠️  Please notice that the Calico packages is for cluster with less the 50 nodes. If your cluster has more than 50 nodes, you'll need to switch to [Calico + Typha](https://docs.tigera.io/calico/latest/getting-started/kubernetes/self-managed-onprem/onpremises) or to the [Tigera Operator](katalog/tigera/README.md).
 
 1. List the packages you want to deploy and their version in a `Furyfile.yml`
 
 ```yaml
 bases:
   - name: networking
-    version: "v1.14.0"
+    version: "v1.15.0"
 ```
 
 > See `furyctl` [documentation][furyctl-repo] for additional details about `Furyfile.yml` format.

diff --git a/docs/COMPATIBILITY_MATRIX.md b/docs/COMPATIBILITY_MATRIX.md
@@ -1,13 +1,14 @@
 # Compatibility Matrix
 
-| Module Version / Kubernetes Version | 1.24.X             | 1.25.X             | 1.26.X             |
-| ----------------------------------- | ------------------ | ------------------ | ------------------ |
-| v1.10.0                             | :white_check_mark: |                    |                    |
-| v1.11.0                             | :white_check_mark: | :white_check_mark: |                    |
-| v1.12.0                             | :white_check_mark: | :white_check_mark: |                    |
-| v1.12.1                             | :white_check_mark: | :white_check_mark: |                    |
-| v1.12.2                             | :white_check_mark: | :white_check_mark: |                    |
-| v1.14.0                             | :white_check_mark: | :white_check_mark: | :white_check_mark: |
+| Module Version / Kubernetes Version | 1.24.X             | 1.25.X             | 1.26.X             | 1.27.X             |
+| ----------------------------------- | ------------------ | ------------------ | ------------------ | ------------------ |
+| v1.10.0                             | :white_check_mark: |                    |                    |                    |
+| v1.11.0                             | :white_check_mark: | :white_check_mark: |                    |                    |
+| v1.12.0                             | :white_check_mark: | :white_check_mark: |                    |                    |
+| v1.12.1                             | :white_check_mark: | :white_check_mark: |                    |                    |
+| v1.12.2                             | :white_check_mark: | :white_check_mark: |                    |                    |
+| v1.14.0                             | :white_check_mark: | :white_check_mark: | :white_check_mark: |                    |
+| v1.15.0                             |                    | :white_check_mark: | :white_check_mark: | :white_check_mark: |
 
 
 :white_check_mark: Compatible
@@ -41,4 +42,4 @@
 | v1.8.0                              |                    |                    |                    |                    |                    |                    |        :x:         |        :x:         |        :x:         | :x:                |
 | v1.8.1                              |                    |                    |                    |                    |                    |                    |        :x:         |        :x:         |        :x:         | :x:                |
 | v1.8.2                              |                    |                    |                    |                    |                    |                    | :white_check_mark: |        :x:         |        :x:         | :x:                |
-| v1.9.0                              |                    |                    |                    |                    |                    |                    |        :x:         | :white_check_mark: | :white_check_mark: | :white_check_mark: |
+| v1.9.0                              |                    |                    |                    |                    |                    |                    |        :x:         | :white_check_mark: | :white_check_mark: | :white_check_mark: |
diff --git a/docs/releases/v1.15.0.md b/docs/releases/v1.15.0.md
@@ -0,0 +1,64 @@
+# Networking Core Module Release 1.15.0
+
+Welcome to the latest release of the `Networking` module of [`Kubernetes Fury Distribution`](https://github.com/sighupio/fury-distribution) maintained by team SIGHUP.
+
+This minor release updates some components and adds support to Kubernetes 1.27.
+
+## Component Images 🚢
+
+| Component         | Supported Version                                                                | Previous Version |
+| ----------------- | -------------------------------------------------------------------------------- | ---------------- |
+| `calico`          | [`v3.26.3`](https://projectcalico.docs.tigera.io/archive/v3.26/release-notes/)   | `v3.26.1`        |
+| `cilium`          | [`v1.14.3`](https://github.com/cilium/cilium/releases/tag/v1.14.3)               | `v1.13.1`        |
+| `ip-masq`         | [`v2.8.0`](https://github.com/kubernetes-sigs/ip-masq-agent/releases/tag/v2.5.0) | No update        |
+| `tigera-operator` | [`v1.30.7`](https://github.com/tigera/operator/releases/tag/v1.30.7)             | `v1.30.4`        |
+
+> Please refer the individual release notes to get detailed information on each release.
+
+## Update Guide 🦮
+
+### Process
+
+If you are using Cilium, read the steps [below](#cilium-upgrade) before proceeding.
+
+1. Just deploy as usual:
+
+```bash
+kustomize build katalog/calico | kubectl apply -f -
+# OR
+kustomize build katalog/tigera/on-prem | kubectl apply -f -
+# OR
+kustomize build katalog/cilium | kubectl apply -f -
+```
+
+#### Cilium upgrade
+Cilium suggested path expect a pre-flight check to be run before any upgrade.
+
+1. Create the resources for the check
+```bash
+kubectl create -f katalog/cilium/tasks/preflight.yaml
+```
+
+2. Make sure that the number of READY pods is the same as the number of RUNNING Cilium pods.
+```text
+kubectl get daemonset -n kube-system | sed -n '1p;/cilium/p'
+NAME                      DESIRED   CURRENT   READY   UP-TO-DATE   AVAILABLE   NODE SELECTOR   AGE
+cilium                    2         2         2       2            2           <none>          1h20m
+cilium-pre-flight-check   2         2         2       2            2           <none>          7m15s
+```
+
+3. Once the number of READY pods is equal, make sure the Cilium pre-flight deployment is also marked as READY 1/1.
+If it shows READY 0/1, consult the [CNP Validation](https://docs.cilium.io/en/stable/operations/upgrade/#cnp-validation) section in the official docs and resolve issues with the deployment before continuing with the upgrade.
+```text
+kubectl get deployment -n kube-system cilium-pre-flight-check -w
+NAME                      READY   UP-TO-DATE   AVAILABLE   AGE
+cilium-pre-flight-check   1/1     1            0           12s
+```
+
+4. Once the number of READY for the preflight DaemonSet is the same as the number of cilium pods running and the preflight Deployment is marked as READY 1/1 you can delete the cilium-preflight and proceed with the upgrade.
+```bash
+kubectl delete -f cilium-preflight.yaml
+```
+
+
+If you are upgrading from previous versions, please refer to the [`v1.14.0` release notes](https://github.com/sighupio/fury-kubernetes-networking/releases/tag/v1.14.0).
diff --git a/katalog/calico/MAINTENANCE.md b/katalog/calico/MAINTENANCE.md
@@ -20,12 +20,10 @@ Compare the `deploy.yaml` file with the downloaded `calico-${CALICO_VERSION}` fi
 3. Update the `kustomization.yaml` file with the right image versions.
 
 ```bash
-export CALICO_IMAGE_TAG=v3.26.1
+export CALICO_IMAGE_TAG=v3.26.3
 kustomize edit set image docker.io/calico/kube-controllers=registry.sighup.io/fury/calico/kube-controllers:${CALICO_IMAGE_TAG}
 kustomize edit set image docker.io/calico/cni=registry.sighup.io/fury/calico/cni:${CALICO_IMAGE_TAG}
 kustomize edit set image docker.io/calico/node=registry.sighup.io/fury/calico/node:${CALICO_IMAGE_TAG}
-# Not present anymore in 3.23:
-# kustomize edit set image docker.io/calico/pod2daemon-flexvol=registry.sighup.io/fury/calico/pod2daemon-flexvol:${CALICO_IMAGE_TAG}
 ```
 
 > ⚠️ Remember to check if images have been added to or dropped from upstream.
@@ -36,12 +34,12 @@ kustomize edit set image docker.io/calico/node=registry.sighup.io/fury/calico/no
 
 The resources needed to provide monitoring features are not included in the default upstream manifests. There are some additional steps to perform.
 
-See <https://projectcalico.docs.tigera.io/archive/v3.23/maintenance/monitor/monitor-component-metrics> for details. Note that we are adding an environment variable to the DaemonSet instead of modifing the `default` instance of the `felixconfigurations.crd.projectcalico.org` CRD as the docs say. Modifing the CRD is not possible using Kustomize patches.
+See <https://docs.tigera.io/calico/latest/operations/monitor/monitor-component-metrics> for details. Note that we are adding an environment variable to the DaemonSet instead of modifing the `default` instance of the `felixconfigurations.crd.projectcalico.org` CRD as the docs say. Modifing the CRD is not possible using Kustomize patches.
 
 1. Download the dashboard from upstream:
 
 ```bash
-export CALICO_VERSION=3.26.1
+export CALICO_VERSION=3.26.3
 # ⚠️ Assuming $PWD == root of the project
 # We take the `felix-dashboard.json` from the downloaded yaml, we are not deploying `typha`, so we don't need its dashboard.
 curl -L https://raw.githubusercontent.com/projectcalico/calico/v${CALICO_VERSION}/manifests/grafana-dashboards.yaml | yq '.data["felix-dashboard.json"]' | sed 's/calico-demo-prometheus/prometheus/g' | jq > ./monitoring/dashboards/felix-dashboard.json

diff --git a/katalog/calico/README.md b/katalog/calico/README.md
@@ -7,6 +7,7 @@ Calico supports a broad range of platforms including Kubernetes, OpenShift, Dock
 
 > For more information about Calico refer to [calico documentation][calico-documentation]
 
+## Components and features
 The deployment of Calico consists of a daemon set running on every node (including the control-plane) and a controller that implements:
 
 - *policy controller* watches network policies and programs Calico policies.
@@ -20,18 +21,18 @@ The deployment of Calico consists of a daemon set running on every node (includi
 ## Image repository and tag
 
 - calico images:
-  - `calico/kube-controllers:v3.25.0`.
-  - `calico/cni:v3.25.0`.
-  - `calico/node:v3.25.0`.
+  - `calico/kube-controllers:v3.26.3`.
+  - `calico/cni:v3.26.3`.
+  - `calico/node:v3.26.3`.
 - calico repositories:
-  - [https://github.com/projectcalico/kube-controllers](https://github.com/projectcalico/kube-controllers).
-  - [https://github.com/projectcalico/cni-plugin](https://github.com/projectcalico/cni-plugin).
-  - [https://github.com/projectcalico/node](https://github.com/projectcalico/node).
+  - [https://github.com/projectcalico/kube-controllers](https://github.com/projectcalico/calico/tree/master/kube-controllers).
+  - [https://github.com/projectcalico/cni-plugin](https://github.com/projectcalico/calico/tree/master/cni-plugin).
+  - [https://github.com/projectcalico/node](https://github.com/projectcalico/calico/tree/master/node).
 
 ## Requirements
 
-- Tested with Kubernetes >= `1.23.X`.
-- Tested with Kustomize >= `v3.3.X`.
+- Tested with Kubernetes >= `1.25.X`.
+- Tested with Kustomize >= `v3.5.3`.
 - Prometheus Operator, optional if you want to have metrics.
 
 ## Configuration

diff --git a/katalog/calico/deploy.yaml b/katalog/calico/deploy.yaml
@@ -4643,7 +4643,7 @@ spec:
         # It can be deleted if this is a fresh installation, or if you have already
         # upgraded to use calico-ipam.
         - name: upgrade-ipam
-          image: docker.io/calico/cni:v3.26.1
+          image: docker.io/calico/cni:v3.26.3
           imagePullPolicy: IfNotPresent
           command: ["/opt/cni/bin/calico-ipam", "-upgrade"]
           envFrom:
@@ -4671,7 +4671,7 @@ spec:
         # This container installs the CNI binaries
         # and CNI network config file on each node.
         - name: install-cni
-          image: docker.io/calico/cni:v3.26.1
+          image: docker.io/calico/cni:v3.26.3
           imagePullPolicy: IfNotPresent
           command: ["/opt/cni/bin/install"]
           envFrom:
@@ -4714,7 +4714,7 @@ spec:
         # i.e. bpf at /sys/fs/bpf and cgroup2 at /run/calico/cgroup. Calico-node initialisation is executed
         # in best effort fashion, i.e. no failure for errors, to not disrupt pod creation in iptable mode.
         - name: "mount-bpffs"
-          image: docker.io/calico/node:v3.26.1
+          image: docker.io/calico/node:v3.26.3
           imagePullPolicy: IfNotPresent
           command: ["calico-node", "-init", "-best-effort"]
           volumeMounts:
@@ -4740,7 +4740,7 @@ spec:
         # container programs network policy and routes on each
         # host.
         - name: calico-node
-          image: docker.io/calico/node:v3.26.1
+          image: docker.io/calico/node:v3.26.3
           imagePullPolicy: IfNotPresent
           envFrom:
           - configMapRef:
@@ -4957,7 +4957,7 @@ spec:
       priorityClassName: system-cluster-critical
       containers:
         - name: calico-kube-controllers
-          image: docker.io/calico/kube-controllers:v3.26.1
+          image: docker.io/calico/kube-controllers:v3.26.3
           imagePullPolicy: IfNotPresent
           env:
             # Choose which controllers to run.

diff --git a/katalog/calico/kustomization.yaml b/katalog/calico/kustomization.yaml
@@ -10,15 +10,13 @@ namespace: kube-system
 images:
 - name: docker.io/calico/cni
   newName: registry.sighup.io/fury/calico/cni
-  newTag: v3.26.1
+  newTag: v3.26.3
 - name: docker.io/calico/kube-controllers
   newName: registry.sighup.io/fury/calico/kube-controllers
-  newTag: v3.26.1
+  newTag: v3.26.3
 - name: docker.io/calico/node
   newName: registry.sighup.io/fury/calico/node
-  newTag: v3.26.1
-- name: docker.io/calico/pod2daemon-flexvol
-  newName: registry.sighup.io/fury/calico/pod2daemon-flexvol
+  newTag: v3.26.3
 
   # Resources needed for Monitoring
 resources: