Upversion nginx helm chart to 4.5.4 (image 1.7.0)

In addition to staying current with the latest upstream helm-chart, this version also addresses most of CVE issues reported for v1.1.1. This version introduces one new image: registry.k8s.io/ingress-nginx/opentelemetry One new empty dir pod mount was configured, now for /tmp/nginx. Because of a change in the docker image where they now store temp files for nginx in /tmp/nginx dir instead of just /tmp. In stx we need to keep both mount points, because /tmp is required for the wr-openstack upload of big images. Test cases: PASS: Full build, system install, bootstrap and unlock. PASS: In a running system update the version with system application-update. PASS: Test the integration with cert-manager by creating certificates and https Ingress resources based on an ACME type ClusterIssuer. PASS: Test the integration with snmp by applying snmp and configuring helm overrides to enable the UDP port in nginx. Try snmpbulkget command and verify it runs successfully. Verify snmp pod logs for successful login and failures. PASS: Test the integration with wr-openstack by: - Apply wro with http only from start and verify it is applied successfully. - Enable https and verify wro can be re-applied successfully. - Apply wro with https enabled from start and verify it is applied successfully. - Use the openstack cli and verify it works. - Try to upload an image (exercises the /tmp dir mount) Story: 2010705 Task: 47844 Depends-on: https://review.opendev.org/c/starlingx/ansible-playbooks/+/882462 Change-Id: I72e560d4fe8d94064d0c84e0210f47a6dac7fe71 Signed-off-by: Rei Oliveira <Reinildes.JoseMateusOliveira@windriver.com>
2023-04-17 18:46:18 -03:00 · 2023-04-17 18:46:18 -03:00 · 118a64a347
commit 118a64a347
parent 1d243fe641
4 changed files with 19 additions and 12 deletions
--- a/stx-nginx-ingress-controller-helm/debian/deb_folder/rules
+++ b/stx-nginx-ingress-controller-helm/debian/deb_folder/rules
@ -13,7 +13,7 @@ export APP_VERSION = $(RELEASE)-$(REVISION)
 export APP_TARBALL_FLUXCD = $(APP_NAME)-$(APP_VERSION).tgz
 export HELM_REPO = stx-platform
 export STAGING_FLUXCD = staging-fluxcd
-export FLUXCD_NGINX_PKG = helm-charts-ingress-nginx-1.1.1.tar.gz
+export FLUXCD_NGINX_PKG = helm-charts-ingress-nginx-1.7.0.tar.gz

 %:
 	dh $@
--- a/stx-nginx-ingress-controller-helm/debian/meta_data.yaml
+++ b/stx-nginx-ingress-controller-helm/debian/meta_data.yaml
@ -3,10 +3,10 @@ debname: stx-nginx-ingress-controller-helm
 debver: 1.0-1
 src_path: stx-nginx-ingress-controller-helm
 dl_files:
-  helm-charts-ingress-nginx-1.1.1.tar.gz:
+  helm-charts-ingress-nginx-1.7.0.tar.gz:
    topdir: helm-charts
-    url: https://github.com/kubernetes/ingress-nginx/archive/controller-v1.1.1.tar.gz
-    md5sum: 9fa3de1800175a4f7dfa890bf9d376c9
+    url: https://github.com/kubernetes/ingress-nginx/archive/controller-v1.7.0.tar.gz
+    md5sum: e30e752d70740ca888792d534cc960f1
 revision:
  dist: $STX_DIST
  GITREVCOUNT:
--- a/stx-nginx-ingress-controller-helm/stx-nginx-ingress-controller-helm/fluxcd-manifests/ingress-nginx/helmrelease.yaml
+++ b/stx-nginx-ingress-controller-helm/stx-nginx-ingress-controller-helm/fluxcd-manifests/ingress-nginx/helmrelease.yaml
@ -1,5 +1,5 @@
 #
-# Copyright (c) 2022 Wind River Systems, Inc.
+# Copyright (c) 2022-2023 Wind River Systems, Inc.
 #
 # SPDX-License-Identifier: Apache-2.0
 #
@ -15,7 +15,7 @@ spec:
  chart:
    spec:
      chart: ingress-nginx
-      version: 4.0.15
+      version: 4.5.4
      sourceRef:
        kind: HelmRepository
        name: stx-platform
--- a/stx-nginx-ingress-controller-helm/stx-nginx-ingress-controller-helm/fluxcd-manifests/ingress-nginx/ingress-nginx-static-overrides.yaml
+++ b/stx-nginx-ingress-controller-helm/stx-nginx-ingress-controller-helm/fluxcd-manifests/ingress-nginx/ingress-nginx-static-overrides.yaml
@ -1,5 +1,5 @@
 #
-# Copyright (c) 2022 Wind River Systems, Inc.
+# Copyright (c) 2022-2023 Wind River Systems, Inc.
 #
 # SPDX-License-Identifier: Apache-2.0
 #
@ -10,8 +10,8 @@ controller:
  image:
    # cleans the default digest value since sysinv changes the digest when pushing the image to the local registry
    digest: ""
-    repository: k8s.gcr.io/ingress-nginx/controller
-    tag: v1.1.1
+    repository: registry.k8s.io/ingress-nginx/controller
+    tag: v1.7.0
  daemonset:
    useHostPort: false
  nodeSelector:
@ -40,8 +40,8 @@ controller:
    patch:
      image:
        digest: ""
-        repository: k8s.gcr.io/ingress-nginx/kube-webhook-certgen
-        tag: v1.1.1
+        repository: registry.k8s.io/ingress-nginx/kube-webhook-certgen
+        tag: v20230312-helm-chart-4.5.2-28-g66a760794
      tolerations:
        - key: "node-role.kubernetes.io/master"
          operator: "Exists"
@ -60,13 +60,20 @@ controller:
  extraVolumes:
    - name: pod-tmp
      emptyDir: {}
+    - name: pod-tmp-nginx
+      emptyDir: {}
  extraVolumeMounts:
    - name: pod-tmp
      mountPath: /tmp
+    - name: pod-tmp-nginx
+      mountPath: /tmp/nginx
+  opentelemetry:
+    enabled: false
+    image: registry.k8s.io/ingress-nginx/opentelemetry:v20230312-helm-chart-4.5.2-28-g66a760794
 defaultBackend:
  image:
    digest: ""
-    repository: k8s.gcr.io/defaultbackend-amd64
+    repository: registry.k8s.io/defaultbackend-amd64
    tag: "1.5"
  nodeSelector:
    node-role.kubernetes.io/control-plane: ""