[kubernetes] Support kubernetes 1.29 (#10820)

* [kubernetes] Make kubernetes 1.29.1 default

* [cri-o]: support cri-o 1.29

Use "crio status" instead of "crio-status" for cri-o >=1.29.0

* Remove GAed feature gates SecCompDefault

The SecCompDefault feature gate was removed since k8s 1.29
https://github.com/kubernetes/kubernetes/pull/121246

roles/container-engine/cri-o/defaults/main.yml

@@ -78,13 +78,6 @@ crio_subuid_length: 16777216
 crio_subgid_start: 2130706432
 crio_subgid_length: 16777216
 
-# cri-o binary files
-crio_bin_files:
-  - conmon
-  - crio
-  - crio-status
-  - pinns
-
 # cri-o manual files
 crio_man_files:
   5:

roles/container-engine/cri-o/tasks/load_vars.yml

@@ -0,0 +1,8 @@
+---
+- name: Cri-o | include vars/v1.28.yml
+  include_vars: v1.28.yml
+  when: crio_version is version("v1.29.0", operator="<")
+
+- name: Cri-o | include vars/v1.29.yml
+  include_vars: v1.29.yml
+  when: crio_version is version("v1.29.0", operator=">=")

roles/container-engine/cri-o/tasks/main.yaml

@@ -1,4 +1,7 @@
 ---
+- name: Cri-o | load vars
+  import_tasks: load_vars.yml
+
 - name: Cri-o | check if fedora coreos
   stat:
     path: /run/ostree-booted
@@ -203,7 +206,7 @@
     - not service_start.changed
 
 - name: Cri-o | verify that crio is running
-  command: "{{ bin_dir }}/crio-status info"
+  command: "{{ bin_dir }}/{{ crio_status_command }} info"
   register: get_crio_info
   until: get_crio_info is succeeded
   changed_when: false

roles/container-engine/cri-o/tasks/reset.yml

@@ -1,4 +1,7 @@
 ---
+- name: Cri-o | load vars
+  import_tasks: load_vars.yml
+
 - name: CRI-O | Kubic repo name for debian os family
   set_fact:
     crio_kubic_debian_repo_name: "{{ ((ansible_distribution == 'Ubuntu') | ternary('x', '')) ~ ansible_distribution ~ '_' ~ ansible_distribution_version }}"

roles/container-engine/cri-o/vars/v1.28.yml

@@ -0,0 +1,9 @@
+---
+# cri-o binary files
+crio_bin_files:
+  - conmon
+  - crio
+  - crio-status
+  - pinns
+
+crio_status_command: crio-status

roles/container-engine/cri-o/vars/v1.29.yml

@@ -0,0 +1,9 @@
+---
+# cri-o binary files
+crio_bin_files:
+  - conmon
+  - conmonrs
+  - crio
+  - pinns
+
+crio_status_command: crio status

roles/kubernetes/node/tasks/facts.yml

@@ -18,7 +18,7 @@
   when: container_manager == 'crio'
   block:
   - name: Look up crio cgroup driver
-    shell: "set -o pipefail && {{ bin_dir }}/crio-status info | grep 'cgroup driver' | awk -F': ' '{ print $2; }'"
+    shell: "set -o pipefail && {{ bin_dir }}/{{ crio_status_command }} info | grep 'cgroup driver' | awk -F': ' '{ print $2; }'"
     args:
       executable: /bin/bash
     register: crio_cgroup_driver_result

roles/kubespray-defaults/defaults/main/download.yml

@@ -133,9 +133,9 @@ skopeo_version: "v1.13.2"
 kube_major_version: "{{ kube_version | regex_replace('^v([0-9])+\\.([0-9]+)\\.[0-9]+', 'v\\1.\\2') }}"
 
 pod_infra_supported_versions:
+  v1.29: "3.9"
   v1.28: "3.9"
   v1.27: "3.9"
-  v1.26: "3.9"
 pod_infra_version: "{{ pod_infra_supported_versions[kube_major_version] }}"
 
 etcd_supported_versions:
@@ -158,9 +158,9 @@ crio_version: "{{ crio_supported_versions[kube_major_version] }}"
 
 # Scheduler plugins doesn't build for K8s 1.28 yet
 scheduler_plugins_supported_versions:
+  v1.29: 0
   v1.28: 0
   v1.27: v0.27.8
-  v1.26: v0.26.7
 scheduler_plugins_version: "{{ scheduler_plugins_supported_versions[kube_major_version] }}"
 
 yq_version: "v4.35.2"

roles/kubespray-defaults/defaults/main/main.yml

@@ -16,7 +16,7 @@ kubelet_fail_swap_on: true
 kubelet_swap_behavior: LimitedSwap
 
 ## Change this to use another Kubernetes version, e.g. a current beta release
-kube_version: v1.28.6
+kube_version: v1.29.1
 
 ## The minimum version working
 kube_version_min_required: v1.27.0