Debian: Add missing patches to armada-helm-toolkit

This change adds missing patches to debian armada-helm-toolkit
package which are already present for its CentOS equivalent.

These patches are particularly important because Kubernetes 1.22
deprecated below k8s apiversions that armada-helm-toolkit uses.

- 'extensions/v1beta1' for 'Ingress' kind
- 'rbac.authorization.k8s.io/v1beta1' for 'Role' and 'RoleBinding'
- 'extensions/v1beta1' for kind 'PodSecurityPolicy'

'Ingress' should now use apiversion 'networking.k8s.io/v1'.
'Role' and 'RoleBinding' should now use apiversion
'rbac.authorization.k8s.io/v1'.
'PodSecurityPolicy' should now use apiversion 'policy/v1beta1'.

Reference: https://kubernetes.io/docs/reference/using-api/deprecation-guide/#migrate-to-non-deprecated-apis

Test Plan:
PASS: Package builds successfully
PASS: Image builds successfully
PASS: Armada helm chart gets installed successfully during ansible
      bootstrap for k8s 1.23.1

Story: 2009888
Task: 44649

Signed-off-by: Kaustubh Dhokte <kaustubh.dhokte@windriver.com>
Change-Id: Ic2b6a982e53b01ec24f4ab1bcf61025c59acf86e
This commit is contained in:
Kaustubh Dhokte 2022-06-04 01:28:04 +00:00
parent 444c6ac72e
commit 1b5ece880b
3 changed files with 274 additions and 0 deletions

View File

@ -0,0 +1,219 @@
From 751dff849dfcd9d68ba065571dc8251dbfc16cb2 Mon Sep 17 00:00:00 2001
From: Daniel Safta <daniel.safta@windriver.com>
Date: Wed, 2 Feb 2022 12:07:18 +0000
Subject: [PATCH 1/2] Update apiVersion to networking.k8s.io/v1
These are the changes needed to upgrade
the apiVersion in the resources used by armada.
This is a subset of the upstream commit:
https://github.com/openstack/openstack-helm-infra/commit/f4972121bcb41c8d74748917804d2b239ab757f9
Signed-off-by: Daniel Safta <daniel.safta@windriver.com>
---
helm-toolkit/templates/manifests/_ingress.tpl | 75 +++++++++++++------
ingress/templates/ingress.yaml | 14 +++-
2 files changed, 62 insertions(+), 27 deletions(-)
diff --git a/helm-toolkit/templates/manifests/_ingress.tpl b/helm-toolkit/templates/manifests/_ingress.tpl
index f0c37fd..5c54c34 100644
--- a/helm-toolkit/templates/manifests/_ingress.tpl
+++ b/helm-toolkit/templates/manifests/_ingress.tpl
@@ -64,7 +64,7 @@ examples:
{{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" ) -}}
return: |
---
- apiVersion: extensions/v1beta1
+ apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: barbican
@@ -78,25 +78,34 @@ examples:
http:
paths:
- path: /
+ pathType: ImplementationSpecific
backend:
- serviceName: barbican-api
- servicePort: b-api
+ service:
+ name: barbican-api
+ port:
+ name: b-api
- host: barbican.default
http:
paths:
- path: /
+ pathType: ImplementationSpecific
backend:
- serviceName: barbican-api
- servicePort: b-api
+ service:
+ name: barbican-api
+ port:
+ name: b-api
- host: barbican.default.svc.cluster.local
http:
paths:
- path: /
+ pathType: ImplementationSpecific
backend:
- serviceName: barbican-api
- servicePort: b-api
+ service:
+ name: barbican-api
+ port:
+ name: b-api
---
- apiVersion: extensions/v1beta1
+ apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: barbican-namespace-fqdn
@@ -114,11 +123,14 @@ examples:
http:
paths:
- path: /
+ pathType: ImplementationSpecific
backend:
- serviceName: barbican-api
- servicePort: b-api
+ service:
+ name: barbican-api
+ port:
+ name: b-api
---
- apiVersion: extensions/v1beta1
+ apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: barbican-cluster-fqdn
@@ -136,9 +148,12 @@ examples:
http:
paths:
- path: /
+ pathType: ImplementationSpecific
backend:
- serviceName: barbican-api
- servicePort: b-api
+ service:
+ name: barbican-api
+ port:
+ name: b-api
- values: |
network:
api:
@@ -184,7 +199,7 @@ examples:
{{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" ) -}}
return: |
---
- apiVersion: extensions/v1beta1
+ apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: barbican
@@ -204,23 +219,32 @@ examples:
http:
paths:
- path: /
+ pathType: ImplementationSpecific
backend:
- serviceName: barbican-api
- servicePort: b-api
+ service:
+ name: barbican-api
+ port:
+ name: b-api
- host: barbican.default
http:
paths:
- path: /
+ pathType: ImplementationSpecific
backend:
- serviceName: barbican-api
- servicePort: b-api
+ service:
+ name: barbican-api
+ port:
+ name: b-api
- host: barbican.default.svc.cluster.local
http:
paths:
- path: /
+ pathType: ImplementationSpecific
backend:
- serviceName: barbican-api
- servicePort: b-api
+ service:
+ name: barbican-api
+ port:
+ name: b-api
*/}}
{{- define "helm-toolkit.manifests.ingress._host_rules" -}}
@@ -231,9 +255,12 @@ examples:
http:
paths:
- path: /
+ pathType: ImplementationSpecific
backend:
- serviceName: {{ $backendName }}
- servicePort: {{ $backendPort }}
+ service:
+ name: {{ $backendName }}
+ port:
+ name: {{ $backendPort }}
{{- end }}
{{- define "helm-toolkit.manifests.ingress" -}}
@@ -247,7 +274,7 @@ examples:
{{- $hostName := tuple $backendServiceType $endpoint $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
{{- $hostNameFull := tuple $backendServiceType $endpoint $envAll | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup" }}
---
-apiVersion: extensions/v1beta1
+apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ $ingressName }}
@@ -282,7 +309,7 @@ spec:
{{- range $key2, $ingressController := tuple "namespace" "cluster" }}
{{- $hostNameFullRules := dict "vHost" $hostNameFull "backendName" $backendName "backendPort" $backendPort }}
---
-apiVersion: extensions/v1beta1
+apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ printf "%s-%s-%s" $ingressName $ingressController "fqdn" }}
diff --git a/ingress/templates/ingress.yaml b/ingress/templates/ingress.yaml
index 16ebaab..10ffac7 100644
--- a/ingress/templates/ingress.yaml
+++ b/ingress/templates/ingress.yaml
@@ -21,7 +21,7 @@ limitations under the License.
{{- $_ := set .Values.network.ingress.annotations "kubernetes.io/ingress.class" .Values.deployment.cluster.class -}}
{{- end -}}
---
-apiVersion: extensions/v1beta1
+apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ .Release.Namespace }}-{{ .Release.Name }}
@@ -33,8 +33,16 @@ spec:
http:
paths:
- path: /
+ pathType: ImplementationSpecific
backend:
- serviceName: {{ tuple "ingress" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
- servicePort: {{ tuple "ingress" "internal" "http" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
+ service:
+ name: {{ $serviceName }}
+ port:
+{{- if or (kindIs "int" $servicePort) (regexMatch "^[0-9]{1,5}$" $servicePort) }}
+ number: {{ $servicePort | int }}
+{{- else }}
+ name: {{ $servicePort | quote }}
+{{- end }}
+
{{- end }}
{{- end }}
--
2.31.1

View File

@ -0,0 +1,53 @@
From d5d3e40baedaba10335bc2f0ea801e9118e05d1c Mon Sep 17 00:00:00 2001
From: Daniel Safta <daniel.safta@windriver.com>
Date: Wed, 2 Feb 2022 12:07:51 +0000
Subject: [PATCH 2/2] Update apiVersion authorization to v1
These are the changes needed to upgrade
the apiVersion in the resources used by armada.
This is a subset of the upstream commit:
https://github.com/openstack/openstack-helm-infra/commit/f4972121bcb41c8d74748917804d2b239ab757f9
Signed-off-by: Daniel Safta <daniel.safta@windriver.com>
---
.../templates/snippets/_kubernetes_pod_rbac_roles.tpl | 4 ++--
podsecuritypolicy/templates/podsecuritypolicy.yaml | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/helm-toolkit/templates/snippets/_kubernetes_pod_rbac_roles.tpl b/helm-toolkit/templates/snippets/_kubernetes_pod_rbac_roles.tpl
index f9f48ef..44a31fd 100644
--- a/helm-toolkit/templates/snippets/_kubernetes_pod_rbac_roles.tpl
+++ b/helm-toolkit/templates/snippets/_kubernetes_pod_rbac_roles.tpl
@@ -21,7 +21,7 @@ limitations under the License.
{{- $saNamespace := index . 3 -}}
{{- $releaseName := $envAll.Release.Name }}
---
-apiVersion: rbac.authorization.k8s.io/v1beta1
+apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ $releaseName }}-{{ $saName }}
@@ -35,7 +35,7 @@ subjects:
name: {{ $saName }}
namespace: {{ $saNamespace }}
---
-apiVersion: rbac.authorization.k8s.io/v1beta1
+apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ $releaseName }}-{{ $saNamespace }}-{{ $saName }}
diff --git a/podsecuritypolicy/templates/podsecuritypolicy.yaml b/podsecuritypolicy/templates/podsecuritypolicy.yaml
index 741c9a8..9e22c6e 100644
--- a/podsecuritypolicy/templates/podsecuritypolicy.yaml
+++ b/podsecuritypolicy/templates/podsecuritypolicy.yaml
@@ -20,7 +20,7 @@ limitations under the License.
{{/* Create one ClusterRole and PSP per PSP definition in values */}}
{{- range $pspName, $pspDetails := .Values.data }}
---
-apiVersion: extensions/v1beta1
+apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: {{ $pspName }}
--
2.31.1

View File

@ -2,3 +2,5 @@
0002-Add-imagePullSecrets-in-service-account.patch
0004-Partial-revert-of-31e3469d28858d7b5eb6355e88b6f49fd6.patch
0006-Fix-pod-restarts-on-all-workers-when-worker-added-re.patch
0007-Update-apiVersion-to-networking.k8s.io.patch
0008-Update-apiVersion-authorization-to-v1.patch