upgrade Kubernetes to patch versions 1.28.12, 1.27.16, 1.26.15
This MR upgrades our Kubernetes versions to:
- 1.26.15
- 1.27.16
- 1.28.12
This MR updates the Sylva diskimage-builder version accordingly (integrates sylva-projects/sylva-elements/diskimage-builder!243 (merged)). This replaces renovate MR !2686 (closed).
This MR also updates the ingress-nginx and calico Helm chart versions to sync them with what is used in these new RKE2 version. We also remove from the code the unused versions.
One change that was necessary to upgrade ingress-nginx is to adapt to the fact that newer versions of the chart change the default value for Ingress watchIngressWithoutClass from true to false. The old behavior we were rely on (ingress-nginx processes Ingresses that do not specify any specific IngressClass) does not work anymore. I could have fixed this by explicitly setting watchIngressWithoutClass: true in chart values, but I opted for explicitly making the nginx IngressClass the default one. (When troubleshooting this, I ended up enriching debug-on-exit.sh and improving get-wc-kubeconfig-from-rancher.sh, and ultimately kept those changes in the MR, as separate commits).
Additionally, this MR adds test values to ensure that the computations made for ingress-nginx and calico are inconsistent (avoid hitting "unit has 'true' set on more than one version inside 'helm_chart_versions'" errors, or "no version set to true"). This is done for Kubernetes 1.27, and 1.28 (even though it's tested in default values today, it won't be the case when we add 1.29). This is not done for 1.26 because it will be removed soon (but I checked 1.26 manually with helm template charts/sylva-units --values charts/sylva-units/management.values.yaml --set k8s_version_short=1.26).
We expect that the RKE2 upgrades will address #1347 (closed) (which was introduced in !2268 (merged), leading us to revert the upgrade to RKE2 1.28.9) and #1157 (closed).
Closes #1426 (closed)
Closes #1155 (closed)