Purpose: For operators, provides supported Kubernetes, OS, Python, and Terraform provider versions.
Overview
This matrix lists tested version combinations for opencenter-airgap builds. Using versions outside this matrix may work but is not validated.
Kubernetes and Runtime
| Component | Supported versions | Default (versions.env) | Notes |
|---|
| Kubernetes | 1.29.x – 1.34.x | v1.34.3 | Deployed via Kubespray |
| containerd | 1.7.x – 2.1.x | 2.1.5 | Container runtime |
| runc | 1.1.x – 1.3.x | 1.3.4 | OCI runtime |
| Calico | v3.27.x – v3.31.x | v3.31.3 | CNI plugin |
| CNI plugins | 1.4.x – 1.8.x | 1.8.0 | Standard CNI binaries |
Operating System
| Component | Supported versions | Notes |
|---|
| Build host OS | Ubuntu 22.04, 24.04 | Zone A |
| Target node OS | Ubuntu 24.04 | Zone C cluster nodes |
| Bastion OS | Ubuntu 24.04 | Zone C bastion |
Other Debian-based distributions may work but are not tested.
Python and Ansible
| Component | Supported versions | Default | Notes |
|---|
| Python | 3.10 – 3.12 | 3.12 | Build host and bastion |
| Ansible | 8.x – 10.x | Latest via wheels | Installed from bundled wheels |
| Kubespray | master (pinned SHA) | master | Pin KUBESPRAY_COMMIT_SHA for reproducibility |
| Service | Supported versions | Default | Notes |
|---|
| FluxCD | v2.2.x – v2.7.x | v2.7.5 | GitOps controller |
| Gitea | 1.21.x – 1.25.x | v1.25.4 | Git server for Zone C |
| cert-manager | v1.13.x – v1.16.x | v1.16.2 | TLS certificate management |
| ingress-nginx | v1.9.x – v1.12.x | v1.9.0 | Ingress controller |
| Keycloak | 21.x – 26.x | 26.0.7 | Identity and access management |
| Prometheus | v2.48.x – v3.0.x | v3.0.1 | Monitoring |
| Grafana | 10.x – 11.x | 11.4.0 | Dashboards |
| Provider | Supported versions | Default | Notes |
|---|
| Terraform CLI | 1.5.x – 1.14.x | 1.14.0 | Infrastructure provisioning |
| OpenStack | 1.54.x – 2.1.x | 2.1.0 | OpenStack deployments only |
| local | 2.4.x – 2.5.x | 2.5.2 | File operations |
| null | 3.2.x | 3.2.3 | Provisioner triggers |
| random | 3.5.x – 3.6.x | 3.6.3 | Random resource generation |
| tls | 4.0.x | 4.0.6 | TLS key generation |
Terraform providers are only included when --template openstack is used or terraform-providers component is enabled.
| Tool | Supported versions | Default |
|---|
| Helm | v3.14.x – v4.0.x | v4.0.5 |
| k9s | v0.30.x – v0.50.x | v0.50.9 |
| stern | v1.28.x – v1.33.x | v1.33.1 |
| kubectx | v0.9.x | v0.9.5 |
| yq | v4.40.x – v4.47.x | v4.47.2 |
| jq | 1.7.x – 1.8.x | 1.8.1 |
Architecture
| Architecture | Status |
|---|
| amd64 | Supported (default) |
| arm64 | Planned |
Container Registry and Nginx
| Component | Version | Notes |
|---|
| registry | 2.8.3 | OCI distribution registry on bastion |
| nginx | 1.27.3 | File server on bastion |
Version Pinning
All versions are controlled through config/versions.env. See Reproducible Builds for guidance on pinning commit SHAs and image digests.