Add support for k8s v1.30 and deprecate v1.26

[CyberHippo]

Similar to #125

Kubernetes v1.26 is EOL since 2024-02-28 and v1.27 since 2024-07-16

Needed for nestybox/sysbox#814

[ctalledo]

Thanks @CyberHippo for the contribution!

A couple of comments:

• Let's keep K8s v1.27 since it was just EOL'd, and there may be folks still transitioning out of it.

• The CRI-O version updates look fine here, but we need a corresponding change in the nestybox/cri-o fork. I don't believe you've had a chance do that correct?

[ctalledo]

Update regarding:

The CRI-O version updates look fine here, but we need a corresponding change in the nestybox/cri-o fork. I don't believe you've had a chance do that correct?

I've just done this (i.e., created the v1.30-sysbox branch in the nestybox/cri-o fork, with the patches required for CRI-O to properly allocated user-namespace IDs per pod).

With this change, you should be able to build and test sysbox-deploy-k8s for K8s v1.30.

Let me know if you need help with this please.

[CyberHippo]

Hi @ctalledo,

Thanks for considering my PR and for your comments.

Let's keep K8s v1.27 since it was just EOL'd, and there may be folks still transitioning out of it.

I reverted the deprecation of k8s v1.27 in dafedda.

Thanks as well for the changes made in the nestybox/cri-o fork.

I'll let take time to test it on k8s v1.30 next week and will get back to you if I need help.

[CyberHippo]

Hi @ctalledo,

I finally had time to test sysbox-deploy-k8s for K8s v1.30.

I followed the docs and built the docker image using make sysbox-deploy-k8s-image.
I had to make a quick fix to build the image : #135
Then I deployed sysbox with the newly created image on a GKE cluster (1.30.5-gke.1014000) running Ubuntu with Containerd nodes.

The sysbox daemonset pod does not start and logs the following error:

Detected Kubernetes version v1.30
Adding K8s taint "sysbox-runtime=not-running:NoSchedule" to node ...
node/gke-beta-sysbox-792284c7-qbdz modified
Adding K8s label "crio-runtime=installing" to node ...
node/gke-beta-sysbox-792284c7-qbdz not labeled
Deploying CRI-O installer agent on the host (v1.30) ...
Running CRI-O installer agent on the host (may take several seconds) ...
Job for crio-installer.service failed because the control process exited with error code. See "systemctl status crio-installer.service" and "journalctl -xe" for details.

I noticed that the node has a FrequentContainerdRestart alert and the node description shows:

Events:
  Type     Reason                     Age                  From             Message
  ----     ------                     ----                 ----             -------
  Warning  FrequentContainerdRestart  13m                  systemd-monitor  Node condition FrequentContainerdRestart is now: True, reason: FrequentContainerdRestart, message: "Found 7 matching logs, which meets the threshold of 5"
  Warning  ContainerdStart            116s (x15 over 88m)  systemd-monitor  Starting containerd container runtime...
  Warning  OOMKilling                 86s (x174 over 66m)  kernel-monitor   (combined from similar events): Memory cgroup out of memory: Killed process 254252 (sh) total-vm:2392kB, anon-rss:68kB, file-rss:632kB, shmem-rss:0kB, UID:0 pgtables:40kB oom_score_adj:975

I might need some of your help to debug further.

[rodnymolina]

@CyberHippo, just FYI, I'm looking into this issue now with your changes merged into a dev branch. I'm seeing problems, too, and I'm hoping we can fix them before our next release.

[CyberHippo]

Well, good luck @rodnymolina. Let me know if I can be of help.

[choon94]

any progress?

[rodnymolina]

@CyberHippo, your commits have been moved to this other integration-branch/pr we have been testing over the last few weeks, so I'll go ahead and close this PR now. Thanks again for your help.