Change repository for k8s, cri-o

The legacy k8s repository was retired on March 26, 2024 [1].
The cri-o project followed k8s lead and moved the build to a new
repository [2].

This patch changes the location of k8s, cri-o installed packages
for Ubuntu based deployments only. Changes the value of the
apiversion parameter in the kubeadm configuration because the new
repository can also install 1.27.x and later versions of k8s that
no longer support v1beta2 and earlier APIs.

The version of the package to be installed can be specified using
the K8S_VERSION and CRIO_VERSION variables.
Also, the default values of K8S_VERSION and CRIO_VERSION have been
changed, and it has been confirmed that tacker project FT works fine
with the changed version.

[1]https://kubernetes.io/blog/2023/08/31/legacy-package-repository-deprecation/
[2]https://kubernetes.io/blog/2023/10/10/cri-o-community-package-infrastructure/

Change-Id: I0ce9fd2bcb5d79ebad2cecafabf8c9f33b106647

devstack/lib/crio

@@ -27,7 +27,7 @@ CRIO_ALLOW_ICMP=$(trueorfalse True CRIO_ALLOW_ICMP)
 
 function check_crio {
     if is_ubuntu; then
-        dpkg -l | grep crio-o > /dev/null 2>&1
+        dpkg -l | grep cri-o > /dev/null 2>&1
     else
         false
         # TODO: CentOS/Fedora support.
@@ -40,23 +40,21 @@ function install_crio {
     fi
 
     local lsb_dist=${os_VENDOR,,}
-    local dist_version=${os_CODENAME}
-    local kubic_obs_project_key="2472d6d0d2f66af87aba8da34d64390375060aa4"
-    local os="x${os_VENDOR}_${os_RELEASE}"
     if is_ubuntu; then
+        local stream="https://pkgs.k8s.io/addons:/cri-o:/stable:/v${CRIO_VERSION%.*}"
+        local key_path="/etc/apt/keyrings/cri-o-apt-keyring.gpg"
+
         apt_get install apt-transport-https ca-certificates \
-            software-properties-common
+            software-properties-common curl
-        sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 \
+        curl -fsSL "${stream}/deb/Release.key" | sudo gpg --dearmor -o "${key_path}"
-            --recv ${kubic_obs_project_key}
+        echo "deb [signed-by=${key_path}] ${stream}/deb/ /" | \
-        sudo apt-add-repository -y "deb https://download.opensuse.org/"`
+            sudo tee /etc/apt/sources.list.d/cri-o.list
-            `"repositories/devel:/kubic:/libcontainers:/stable/${os}/ /"
-        sudo apt-add-repository -y "deb http://download.opensuse.org/"`
-            `"repositories/devel:/kubic:/libcontainers:/stable:/cri-o:/"`
-            `"${CRIO_VERSION}/${os}/ /"
 
         # Installing podman and containerd will get us compatible versions of
-        # cri-o and runc. And we need podman to manage container images anyway.
+        # cri-o. And we need podman to manage container images anyway.
-        apt_get install podman buildah cri-o-runc cri-o
+        REPOS_UPDATED=False apt_get_update
+        crio_pkg_version=$(sudo apt-cache show cri-o | grep "Version: $CRIO_VERSION-" | awk '{ print $2 }' | head -n 1)
+        apt_get install podman buildah cri-o="${crio_pkg_version}"
         sudo systemctl enable crio
     elif is_fedora; then
         if [[ "$lsb_dist" = "centos" ]]; then

devstack/lib/k8s

@@ -27,7 +27,7 @@ K8S_NODE_IP=${K8S_NODE_IP:-$HOST_IP}
 K8S_API_SERVER_PORT=${K8S_API_SERVER_PORT:-6443}
 K8S_POD_NETWORK_CIDR=${K8S_POD_NETWORK_CIDR:-10.244.0.0/16}
 K8S_SERVICE_NETWORK_CIDR=${K8S_SERVICE_NETWORK_CIDR:-10.96.0.0/12}
-K8S_VERSION=${K8S_VERSION:-1.23.16-00}
+K8S_VERSION=${K8S_VERSION:-"1.30.5"}
 K8S_NETWORK_ADDON=${K8S_NETWORK_ADDON:-flannel}
 
 # Functions
@@ -40,12 +40,17 @@ function is_k8s_enabled {
 
 function install_kubeadm {
     if is_ubuntu; then
-        apt_get install apt-transport-https curl
+        local stream="https://pkgs.k8s.io/core:/stable:/v${K8S_VERSION%.*}"
-        curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add -
+        local key_path="/etc/apt/keyrings/kubernetes-apt-keyring.gpg"
-        sudo add-apt-repository -y \
+
-            "deb https://apt.kubernetes.io/ kubernetes-xenial main"
+        apt_get install apt-transport-https ca-certificates curl gpg
+        curl -fsSL "${stream}/deb/Release.key" | sudo gpg --dearmor -o "${key_path}"
+        echo "deb [signed-by=${key_path}] ${stream}/deb/ /" | \
+            sudo tee /etc/apt/sources.list.d/kubernetes.list
+
         REPOS_UPDATED=False apt_get_update
-        apt_get install kubelet=$K8S_VERSION kubeadm=$K8S_VERSION kubectl=$K8S_VERSION
+        kube_pkg_version=$(sudo apt-cache show kubeadm | grep "Version: $K8S_VERSION-" | awk '{ print $2 }' | head -n 1)
+        apt_get install kubelet="${kube_pkg_version}" kubeadm="${kube_pkg_version}" kubectl="${kube_pkg_version}"
         sudo apt-mark hold kubelet kubeadm kubectl
         # NOTE(hongbin): This work-around an issue that kubelet pick a wrong
         # IP address if the node has multiple network interfaces.
@@ -71,7 +76,7 @@ function kubeadm_init {
     fi
 
     cat <<EOF | tee $kubeadm_config_file >/dev/null
-apiVersion: kubeadm.k8s.io/v1beta2
+apiVersion: kubeadm.k8s.io/v1beta3
 kind: ClusterConfiguration
 imageRepository: "${KUBEADMIN_IMAGE_REPOSITORY}"
 etcd:
@@ -82,7 +87,7 @@ networking:
   podSubnet: "${K8S_POD_NETWORK_CIDR}"
   serviceSubnet: "${K8S_SERVICE_NETWORK_CIDR}"
 ---
-apiVersion: kubeadm.k8s.io/v1beta2
+apiVersion: kubeadm.k8s.io/v1beta3
 bootstrapTokens:
 - token: "${K8S_TOKEN}"
   ttl: 0s
@@ -131,7 +136,7 @@ function kubeadm_join {
     fi
 
     cat <<EOF | tee $kubeadm_config_file >/dev/null
-apiVersion: kubeadm.k8s.io/v1beta2
+apiVersion: kubeadm.k8s.io/v1beta3
 kind: JoinConfiguration
 discovery:
   bootstrapToken:

devstack/settings

@@ -9,7 +9,7 @@ ENABLE_LIVE_RESTORE=${ENABLE_LIVE_RESTORE:-false}
 ENABLE_IPV6=${ENABLE_IPV6:-false}
 K8S_NETWORK_ADDON=${K8S_NETWORK_ADDON:-flannel}
 ENABLE_CONTAINERD_CRI=${ENABLE_CONTAINERD_CRI:-false}
-CRIO_VERSION=${CRIO_VERSION:-"1.23:/1.23.0"}
+CRIO_VERSION=${CRIO_VERSION:-"1.30.5"}
 CRIO_ALLOW_ICMP=${CRIO_ALLOW_ICMP:-true}
 CNI_CONF_DIR=${CNI_CONF_DIR:-}
 CNI_PLUGIN_DIR=${CNI_PLUGIN_DIR:-}