From a56f50126b3bb598d6eef4c0734fa3f252192c58 Mon Sep 17 00:00:00 2001 From: Daniel Safta Date: Thu, 24 Feb 2022 06:36:43 -0500 Subject: [PATCH] update armada-helm-toolkit for k8s 1.22.5 helm-toolkit's resources need to be updated to use the new apiVersion and changes proposed in: https://kubernetes.io/docs/reference/using-api/deprecation-guide This commit addresses just the changes needed for running the armada chart. It was deployed successfully on k8s 1.22.5. Story: 2009888 Task: 44649 Change-Id: If38f62d178412f8a0974ec0af8ff2475800876be Signed-off-by: Daniel Safta --- .../centos/armada-helm-toolkit.spec | 4 + ...date-apiVersion-to-networking.k8s.io.patch | 219 ++++++++++++++++++ ...pdate-apiVersion-authorization-to-v1.patch | 53 +++++ 3 files changed, 276 insertions(+) create mode 100644 kubernetes/armada-helm-toolkit/files/0007-Update-apiVersion-to-networking.k8s.io.patch create mode 100644 kubernetes/armada-helm-toolkit/files/0008-Update-apiVersion-authorization-to-v1.patch diff --git a/kubernetes/armada-helm-toolkit/centos/armada-helm-toolkit.spec b/kubernetes/armada-helm-toolkit/centos/armada-helm-toolkit.spec index 1b8ee5477..5b2cdd663 100644 --- a/kubernetes/armada-helm-toolkit/centos/armada-helm-toolkit.spec +++ b/kubernetes/armada-helm-toolkit/centos/armada-helm-toolkit.spec @@ -20,6 +20,8 @@ Patch01: 0001-Allow-multiple-containers-per-daemonset-pod.patch Patch02: 0002-Add-imagePullSecrets-in-service-account.patch Patch04: 0004-Partial-revert-of-31e3469d28858d7b5eb6355e88b6f49fd6.patch Patch06: 0006-Fix-pod-restarts-on-all-workers-when-worker-added-re.patch +Patch07: 0007-Update-apiVersion-to-networking.k8s.io.patch +Patch08: 0008-Update-apiVersion-authorization-to-v1.patch BuildRequires: helm BuildRequires: chartmuseum @@ -33,6 +35,8 @@ Openstack Helm Infra helm-toolkit chart %patch02 -p1 %patch04 -p1 %patch06 -p1 +%patch07 -p1 +%patch08 -p1 %build diff --git a/kubernetes/armada-helm-toolkit/files/0007-Update-apiVersion-to-networking.k8s.io.patch b/kubernetes/armada-helm-toolkit/files/0007-Update-apiVersion-to-networking.k8s.io.patch new file mode 100644 index 000000000..dc43fcdcc --- /dev/null +++ b/kubernetes/armada-helm-toolkit/files/0007-Update-apiVersion-to-networking.k8s.io.patch @@ -0,0 +1,219 @@ +From 751dff849dfcd9d68ba065571dc8251dbfc16cb2 Mon Sep 17 00:00:00 2001 +From: Daniel Safta +Date: Wed, 2 Feb 2022 12:07:18 +0000 +Subject: [PATCH 1/2] Update apiVersion to networking.k8s.io/v1 + +These are the changes needed to upgrade +the apiVersion in the resources used by armada. +This is a subset of the upstream commit: +https://github.com/openstack/openstack-helm-infra/commit/f4972121bcb41c8d74748917804d2b239ab757f9 +Signed-off-by: Daniel Safta +--- + helm-toolkit/templates/manifests/_ingress.tpl | 75 +++++++++++++------ + ingress/templates/ingress.yaml | 14 +++- + 2 files changed, 62 insertions(+), 27 deletions(-) + +diff --git a/helm-toolkit/templates/manifests/_ingress.tpl b/helm-toolkit/templates/manifests/_ingress.tpl +index f0c37fd..5c54c34 100644 +--- a/helm-toolkit/templates/manifests/_ingress.tpl ++++ b/helm-toolkit/templates/manifests/_ingress.tpl +@@ -64,7 +64,7 @@ examples: + {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" ) -}} + return: | + --- +- apiVersion: extensions/v1beta1 ++ apiVersion: networking.k8s.io/v1 + kind: Ingress + metadata: + name: barbican +@@ -78,25 +78,34 @@ examples: + http: + paths: + - path: / ++ pathType: ImplementationSpecific + backend: +- serviceName: barbican-api +- servicePort: b-api ++ service: ++ name: barbican-api ++ port: ++ name: b-api + - host: barbican.default + http: + paths: + - path: / ++ pathType: ImplementationSpecific + backend: +- serviceName: barbican-api +- servicePort: b-api ++ service: ++ name: barbican-api ++ port: ++ name: b-api + - host: barbican.default.svc.cluster.local + http: + paths: + - path: / ++ pathType: ImplementationSpecific + backend: +- serviceName: barbican-api +- servicePort: b-api ++ service: ++ name: barbican-api ++ port: ++ name: b-api + --- +- apiVersion: extensions/v1beta1 ++ apiVersion: networking.k8s.io/v1 + kind: Ingress + metadata: + name: barbican-namespace-fqdn +@@ -114,11 +123,14 @@ examples: + http: + paths: + - path: / ++ pathType: ImplementationSpecific + backend: +- serviceName: barbican-api +- servicePort: b-api ++ service: ++ name: barbican-api ++ port: ++ name: b-api + --- +- apiVersion: extensions/v1beta1 ++ apiVersion: networking.k8s.io/v1 + kind: Ingress + metadata: + name: barbican-cluster-fqdn +@@ -136,9 +148,12 @@ examples: + http: + paths: + - path: / ++ pathType: ImplementationSpecific + backend: +- serviceName: barbican-api +- servicePort: b-api ++ service: ++ name: barbican-api ++ port: ++ name: b-api + - values: | + network: + api: +@@ -184,7 +199,7 @@ examples: + {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" ) -}} + return: | + --- +- apiVersion: extensions/v1beta1 ++ apiVersion: networking.k8s.io/v1 + kind: Ingress + metadata: + name: barbican +@@ -204,23 +219,32 @@ examples: + http: + paths: + - path: / ++ pathType: ImplementationSpecific + backend: +- serviceName: barbican-api +- servicePort: b-api ++ service: ++ name: barbican-api ++ port: ++ name: b-api + - host: barbican.default + http: + paths: + - path: / ++ pathType: ImplementationSpecific + backend: +- serviceName: barbican-api +- servicePort: b-api ++ service: ++ name: barbican-api ++ port: ++ name: b-api + - host: barbican.default.svc.cluster.local + http: + paths: + - path: / ++ pathType: ImplementationSpecific + backend: +- serviceName: barbican-api +- servicePort: b-api ++ service: ++ name: barbican-api ++ port: ++ name: b-api + */}} + + {{- define "helm-toolkit.manifests.ingress._host_rules" -}} +@@ -231,9 +255,12 @@ examples: + http: + paths: + - path: / ++ pathType: ImplementationSpecific + backend: +- serviceName: {{ $backendName }} +- servicePort: {{ $backendPort }} ++ service: ++ name: {{ $backendName }} ++ port: ++ name: {{ $backendPort }} + {{- end }} + + {{- define "helm-toolkit.manifests.ingress" -}} +@@ -247,7 +274,7 @@ examples: + {{- $hostName := tuple $backendServiceType $endpoint $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} + {{- $hostNameFull := tuple $backendServiceType $endpoint $envAll | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup" }} + --- +-apiVersion: extensions/v1beta1 ++apiVersion: networking.k8s.io/v1 + kind: Ingress + metadata: + name: {{ $ingressName }} +@@ -282,7 +309,7 @@ spec: + {{- range $key2, $ingressController := tuple "namespace" "cluster" }} + {{- $hostNameFullRules := dict "vHost" $hostNameFull "backendName" $backendName "backendPort" $backendPort }} + --- +-apiVersion: extensions/v1beta1 ++apiVersion: networking.k8s.io/v1 + kind: Ingress + metadata: + name: {{ printf "%s-%s-%s" $ingressName $ingressController "fqdn" }} +diff --git a/ingress/templates/ingress.yaml b/ingress/templates/ingress.yaml +index 16ebaab..10ffac7 100644 +--- a/ingress/templates/ingress.yaml ++++ b/ingress/templates/ingress.yaml +@@ -21,7 +21,7 @@ limitations under the License. + {{- $_ := set .Values.network.ingress.annotations "kubernetes.io/ingress.class" .Values.deployment.cluster.class -}} + {{- end -}} + --- +-apiVersion: extensions/v1beta1 ++apiVersion: networking.k8s.io/v1 + kind: Ingress + metadata: + name: {{ .Release.Namespace }}-{{ .Release.Name }} +@@ -33,8 +33,16 @@ spec: + http: + paths: + - path: / ++ pathType: ImplementationSpecific + backend: +- serviceName: {{ tuple "ingress" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} +- servicePort: {{ tuple "ingress" "internal" "http" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} ++ service: ++ name: {{ $serviceName }} ++ port: ++{{- if or (kindIs "int" $servicePort) (regexMatch "^[0-9]{1,5}$" $servicePort) }} ++ number: {{ $servicePort | int }} ++{{- else }} ++ name: {{ $servicePort | quote }} ++{{- end }} ++ + {{- end }} + {{- end }} +-- +2.31.1 + diff --git a/kubernetes/armada-helm-toolkit/files/0008-Update-apiVersion-authorization-to-v1.patch b/kubernetes/armada-helm-toolkit/files/0008-Update-apiVersion-authorization-to-v1.patch new file mode 100644 index 000000000..be3d6ba85 --- /dev/null +++ b/kubernetes/armada-helm-toolkit/files/0008-Update-apiVersion-authorization-to-v1.patch @@ -0,0 +1,53 @@ +From d5d3e40baedaba10335bc2f0ea801e9118e05d1c Mon Sep 17 00:00:00 2001 +From: Daniel Safta +Date: Wed, 2 Feb 2022 12:07:51 +0000 +Subject: [PATCH 2/2] Update apiVersion authorization to v1 + +These are the changes needed to upgrade +the apiVersion in the resources used by armada. +This is a subset of the upstream commit: +https://github.com/openstack/openstack-helm-infra/commit/f4972121bcb41c8d74748917804d2b239ab757f9 +Signed-off-by: Daniel Safta +--- + .../templates/snippets/_kubernetes_pod_rbac_roles.tpl | 4 ++-- + podsecuritypolicy/templates/podsecuritypolicy.yaml | 2 +- + 2 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/helm-toolkit/templates/snippets/_kubernetes_pod_rbac_roles.tpl b/helm-toolkit/templates/snippets/_kubernetes_pod_rbac_roles.tpl +index f9f48ef..44a31fd 100644 +--- a/helm-toolkit/templates/snippets/_kubernetes_pod_rbac_roles.tpl ++++ b/helm-toolkit/templates/snippets/_kubernetes_pod_rbac_roles.tpl +@@ -21,7 +21,7 @@ limitations under the License. + {{- $saNamespace := index . 3 -}} + {{- $releaseName := $envAll.Release.Name }} + --- +-apiVersion: rbac.authorization.k8s.io/v1beta1 ++apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: {{ $releaseName }}-{{ $saName }} +@@ -35,7 +35,7 @@ subjects: + name: {{ $saName }} + namespace: {{ $saNamespace }} + --- +-apiVersion: rbac.authorization.k8s.io/v1beta1 ++apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + name: {{ $releaseName }}-{{ $saNamespace }}-{{ $saName }} +diff --git a/podsecuritypolicy/templates/podsecuritypolicy.yaml b/podsecuritypolicy/templates/podsecuritypolicy.yaml +index 741c9a8..9e22c6e 100644 +--- a/podsecuritypolicy/templates/podsecuritypolicy.yaml ++++ b/podsecuritypolicy/templates/podsecuritypolicy.yaml +@@ -20,7 +20,7 @@ limitations under the License. + {{/* Create one ClusterRole and PSP per PSP definition in values */}} + {{- range $pspName, $pspDetails := .Values.data }} + --- +-apiVersion: extensions/v1beta1 ++apiVersion: policy/v1beta1 + kind: PodSecurityPolicy + metadata: + name: {{ $pspName }} +-- +2.31.1 +