Update ETCD to v3.5.11

Since after v3.5.6 etcd-io switched to a
distroless base image. Etcd anchor pods
are now using etcd-utility and etcd is
running a sidecar for health checks.

Change-Id: I198dca1209097de4d60a53a7568f0c4790679599

charts/etcd/templates/etc/_kubernetes-etcd.yaml.tpl

@@ -125,13 +125,34 @@ spec:
         - name: MANIFEST_PATH
           value: /manifests/{{ .Values.service.name }}.yaml
 {{ include "helm-toolkit.utils.to_k8s_env_vars" .Values.pod.env.etcd | indent 8 }}
-{{ dict "envAll" $envAll "component" "etcd" "container" "etcd" "type" "readiness" "probeTemplate" (include "etcdreadinessProbeTemplate" $envAll | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 6 }}
-{{ dict "envAll" $envAll "component" "etcd" "container" "etcd" "type" "liveness" "probeTemplate" (include "etcdlivenessProbeTemplate" $envAll | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 6 }}
       volumeMounts:
         - name: data
           mountPath: /var/lib/etcd
         - name: etc
           mountPath: /etc/etcd
+    - name: etcd-health-check
+      image: {{ .Values.images.tags.etcdctl }}
+      imagePullPolicy: {{ .Values.images.pull_policy }}
+{{ tuple $envAll $envAll.Values.pod.resources.etcd_pod | include "helm-toolkit.snippets.kubernetes_resources" | indent 6 }}
+{{ dict "envAll" $envAll "application" "etcd" "container" "etcd" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 6 }}
+      env:
+        - name: ETCDCTL_API
+          value: "{{ .Values.etcd.etcdctl_api }}"
+        - name: ETCDCTL_DIAL_TIMEOUT
+          value: "3s"
+        - name: ETCDCTL_ENDPOINTS
+          value: "https://127.0.0.1:{{ .Values.network.service_client.target_port }}"
+        - name: ETCDCTL_CACERT
+          value: "/etc/etcd/tls/client-ca.pem"
+        - name: ETCDCTL_CERT
+          value: "/etc/etcd/tls/etcd-client.pem"
+        - name: ETCDCTL_KEY
+          value: "/etc/etcd/tls/etcd-client-key.pem"
+      command: ["/bin/sh", "-c", "--"]
+      args: ["while true; do sleep 30; done;"]
+      volumeMounts:
+        - name: etc
+          mountPath: /etc/etcd
   volumes:
     - name: data
       hostPath:

charts/etcd/values.yaml

@@ -14,9 +14,9 @@
 
 images:
   tags:
-    etcd: quay.io/coreos/etcd:v3.5.6
-    etcdctl: quay.io/coreos/etcd:v3.5.6
-    etcdctl_backup: "quay.io/airshipit/porthole-etcdctl-utility:latest-ubuntu_focal"
+    etcd: quay.io/coreos/etcd:v3.5.11
+    etcdctl: quay.io/airshipit/porthole-etcdctl-utility:latest-ubuntu_focal
+    etcdctl_backup: quay.io/airshipit/porthole-etcdctl-utility:latest-ubuntu_focal
     dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1
     ks_user: docker.io/openstackhelm/heat:stein-ubuntu_bionic
   pull_policy: "IfNotPresent"

doc/source/configuration/genesis.rst

@@ -45,7 +45,8 @@ Here is a complete sample document:
         kubernetes:
           apiserver: registry.k8s.io/kube-apiserver-amd64:v1.29.0
           controller-manager: registry.k8s.io/kube-controller-manager-amd64:v1.29.0
-          etcd: quay.io/coreos/etcd:v3.5.6
+          etcd: quay.io/coreos/etcd:v3.5.11
+          etcdctl: quay.io/airshipit/porthole-etcdctl-utility:latest-ubuntu_focal
           scheduler: registry.k8s.io/kube-scheduler-amd64:v1.29.0
       files:
         - path: /var/lib/anchor/calico-etcd-bootstrap

examples/basic/Genesis.yaml

@@ -49,7 +49,8 @@ data:
     kubernetes:
       apiserver: registry.k8s.io/kube-apiserver-amd64:v1.29.0
       controller-manager: registry.k8s.io/kube-controller-manager-amd64:v1.29.0
-      etcd: quay.io/coreos/etcd:v3.5.6
+      etcd: quay.io/coreos/etcd:v3.5.11
+      etcdctl: quay.io/airshipit/porthole-etcdctl-utility:latest-ubuntu_focal
       scheduler: registry.k8s.io/kube-scheduler-amd64:v1.29.0
   files:
     - path: /var/lib/anchor/calico-etcd-bootstrap

examples/basic/armada-resources.yaml

@@ -363,8 +363,8 @@ data:
       filename: calico-etcd-bootstrap
     images:
       tags:
-        etcd: quay.io/coreos/etcd:v3.5.6
-        etcdctl: quay.io/coreos/etcd:v3.5.6
+        etcd: quay.io/coreos/etcd:v3.5.11
+        etcdctl: quay.io/airshipit/porthole-etcdctl-utility:latest-ubuntu_focal
     nodes:
       - name: n0
         tls:
@@ -519,7 +519,7 @@ data:
 
     images:
       tags:
-        calico_etcd: quay.io/coreos/etcd:v3.5.6
+        calico_etcd: quay.io/coreos/etcd:v3.5.11
         calico_node: quay.io/calico/node:v3.4.0
         calico_cni: quay.io/calico/cni:v3.4.0
         calico_ctl: quay.io/calico/ctl:v3.4.0
@@ -1071,8 +1071,8 @@ data:
       host_etc_path: /etc/etcd/kubernetes
     images:
       tags:
-        etcd: quay.io/coreos/etcd:v3.5.6
-        etcdctl: quay.io/coreos/etcd:v3.5.6
+        etcd: quay.io/coreos/etcd:v3.5.11
+        etcdctl: quay.io/airshipit/porthole-etcdctl-utility:latest-ubuntu_focal
     nodes:
       - name: n0
         tls:

examples/complete/Genesis.yaml

@@ -38,7 +38,8 @@ data:
     kubernetes:
       apiserver: registry.k8s.io/kube-apiserver-amd64:v1.29.0
       controller-manager: registry.k8s.io/kube-controller-manager-amd64:v1.29.0
-      etcd: quay.io/coreos/etcd:v3.5.6
+      etcd: quay.io/coreos/etcd:v3.5.11
+      etcdctl: quay.io/airshipit/porthole-etcdctl-utility:latest-ubuntu_focal
       scheduler: registry.k8s.io/kube-scheduler-amd64:v1.29.0
   files:
     - path: /var/lib/anchor/calico-etcd-bootstrap

examples/complete/armada-resources.yaml

@@ -400,8 +400,8 @@ data:
       filename: calico-etcd-bootstrap
     images:
       tags:
-        etcd: quay.io/coreos/etcd:v3.5.6
-        etcdctl: quay.io/coreos/etcd:v3.5.6
+        etcd: quay.io/coreos/etcd:v3.5.11
+        etcdctl: quay.io/airshipit/porthole-etcdctl-utility:latest-ubuntu_focal
     nodes:
       - name: n0
         tls:
@@ -540,7 +540,7 @@ data:
 
     images:
       tags:
-        calico_etcd: quay.io/coreos/etcd:v3.5.6
+        calico_etcd: quay.io/coreos/etcd:v3.5.11
         calico_node: quay.io/calico/node:v3.4.0
         calico_cni: quay.io/calico/cni:v3.4.0
         calico_ctl: quay.io/calico/ctl:v3.4.0
@@ -1082,8 +1082,8 @@ data:
       host_etc_path: /etc/etcd/kubernetes
     images:
       tags:
-        etcd: quay.io/coreos/etcd:v3.5.6
-        etcdctl: quay.io/coreos/etcd:v3.5.6
+        etcd: quay.io/coreos/etcd:v3.5.11
+        etcdctl: quay.io/airshipit/porthole-etcdctl-utility:latest-ubuntu_focal
     nodes:
       - name: n0
         tls:

examples/containerd/Genesis.yaml

@@ -49,7 +49,8 @@ data:
     kubernetes:
       apiserver: registry.k8s.io/kube-apiserver-amd64:v1.29.0
       controller-manager: registry.k8s.io/kube-controller-manager-amd64:v1.29.0
-      etcd: quay.io/coreos/etcd:v3.5.6
+      etcd: quay.io/coreos/etcd:v3.5.11
+      etcdctl: quay.io/airshipit/porthole-etcdctl-utility:latest-ubuntu_focal
       scheduler: registry.k8s.io/kube-scheduler-amd64:v1.29.0
   files:
     - path: /var/lib/anchor/calico-etcd-bootstrap

examples/containerd/armada-resources.yaml

@@ -276,8 +276,8 @@ data:
       filename: calico-etcd-bootstrap
     images:
       tags:
-        etcd: quay.io/coreos/etcd:v3.5.6
-        etcdctl: quay.io/coreos/etcd:v3.5.6
+        etcd: quay.io/coreos/etcd:v3.5.11
+        etcdctl: quay.io/airshipit/porthole-etcdctl-utility:latest-ubuntu_focal
     nodes:
       - name: n0
         tls:
@@ -413,7 +413,7 @@ data:
 
     images:
       tags:
-        calico_etcd: quay.io/coreos/etcd:v3.5.6
+        calico_etcd: quay.io/coreos/etcd:v3.5.11
         calico_node: quay.io/calico/node:v3.4.0
         calico_cni: quay.io/calico/cni:v3.4.0
         calico_ctl: quay.io/calico/ctl:v3.4.0
@@ -883,8 +883,8 @@ data:
       host_etc_path: /etc/etcd/kubernetes
     images:
       tags:
-        etcd: quay.io/coreos/etcd:v3.5.6
-        etcdctl: quay.io/coreos/etcd:v3.5.6
+        etcd: quay.io/coreos/etcd:v3.5.11
+        etcdctl: quay.io/airshipit/porthole-etcdctl-utility:latest-ubuntu_focal
     nodes:
       - name: n0
         tls:

examples/gate/Genesis.yaml

@@ -49,7 +49,8 @@ data:
     kubernetes:
       apiserver: registry.k8s.io/kube-apiserver-amd64:v1.29.0
       controller-manager: registry.k8s.io/kube-controller-manager-amd64:v1.29.0
-      etcd: quay.io/coreos/etcd:v3.5.6
+      etcd: quay.io/coreos/etcd:v3.5.11
+      etcdctl: quay.io/airshipit/porthole-etcdctl-utility:latest-ubuntu_focal
       scheduler: registry.k8s.io/kube-scheduler-amd64:v1.29.0
   files:
     - path: /var/lib/anchor/calico-etcd-bootstrap

examples/gate/armada-resources.yaml

@@ -282,8 +282,8 @@ data:
       filename: calico-etcd-bootstrap
     images:
       tags:
-        etcd: quay.io/coreos/etcd:v3.5.6
-        etcdctl: quay.io/coreos/etcd:v3.5.6
+        etcd: quay.io/coreos/etcd:v3.5.11
+        etcdctl: quay.io/airshipit/porthole-etcdctl-utility:latest-ubuntu_focal
     nodes:
       - name: n0
         tls:
@@ -419,7 +419,7 @@ data:
 
     images:
       tags:
-        calico_etcd: quay.io/coreos/etcd:v3.5.6
+        calico_etcd: quay.io/coreos/etcd:v3.5.11
         calico_node: quay.io/calico/node:v3.4.0
         calico_cni: quay.io/calico/cni:v3.4.0
         calico_ctl: quay.io/calico/ctl:v3.4.0
@@ -889,8 +889,8 @@ data:
       host_etc_path: /etc/etcd/kubernetes
     images:
       tags:
-        etcd: quay.io/coreos/etcd:v3.5.6
-        etcdctl: quay.io/coreos/etcd:v3.5.6
+        etcd: quay.io/coreos/etcd:v3.5.11
+        etcdctl: quay.io/airshipit/porthole-etcdctl-utility:latest-ubuntu_focal
     nodes:
       - name: n0
         tls:

promenade/schemas/Genesis.yaml

@@ -168,12 +168,15 @@ data:
               $ref: '#/definitions/image'
             etcd:
               $ref: '#/definitions/image'
+            etcdctl:
+              $ref: '#/definitions/image'
             scheduler:
               $ref: '#/definitions/image'
           required:
             - apiserver
             - controller-manager
             - etcd
+            - etcdctl
             - scheduler
           additionalProperties: false
       required:

promenade/templates/roles/genesis/etc/kubernetes/manifests/auxiliary-kubernetes-etcd.yaml

@@ -20,7 +20,7 @@ spec:
 {%- endwith %}
 
     - name: monitor
-      image: {{ config['Genesis:images.kubernetes.etcd'] }}
+      image: {{ config['Genesis:images.kubernetes.etcdctl'] }}
       command:
         - /bin/sh
         - -c

tests/unit/api/test_validatedesign.py

@@ -107,7 +107,7 @@ VALID_DOCS = [
                     'registry.k8s.io/kube-apiserver-amd64:v1.29.0',
                     'controller-manager':
                     'registry.k8s.io/kube-controller-manager-amd64:v1.29.0',
-                    'etcd': 'quay.io/coreos/etcd:v3.5.6',
+                    'etcd': 'quay.io/coreos/etcd:v3.5.11',
                     'scheduler': 'registry.k8s.io/kube-scheduler-amd64:v1.29.0'
                 }
             },

tests/unit/builder_data/simple/Genesis.yaml

@@ -35,7 +35,8 @@ data:
     kubernetes:
       apiserver: registry.k8s.io/kube-apiserver-amd64:v1.29.0
       controller-manager: registry.k8s.io/kube-controller-manager-amd64:v1.29.0
-      etcd: quay.io/coreos/etcd:v3.5.6
+      etcd: quay.io/coreos/etcd:v3.5.11
+      etcdctl: quay.io/airshipit/porthole-etcdctl-utility:latest-ubuntu_focal
       scheduler: registry.k8s.io/kube-scheduler-amd64:v1.29.0
   files:
     - path: /var/lib/anchor/calico-etcd-bootstrap

tests/unit/builder_data/simple/armada-resources.yaml

@@ -303,8 +303,8 @@ data:
       filename: calico-etcd-bootstrap
     images:
       tags:
-        etcd: quay.io/coreos/etcd:v3.5.6
-        etcdctl: quay.io/coreos/etcd:v3.5.6
+        etcd: quay.io/coreos/etcd:v3.5.11
+        etcdctl: quay.io/airshipit/porthole-etcdctl-utility:latest-ubuntu_focal
     nodes:
       - name: n0
         tls:
@@ -923,8 +923,8 @@ data:
       host_etc_path: /etc/etcd/kubernetes
     images:
       tags:
-        etcd: quay.io/coreos/etcd:v3.5.6
-        etcdctl: quay.io/coreos/etcd:v3.5.6
+        etcd: quay.io/coreos/etcd:v3.5.11
+        etcdctl: quay.io/airshipit/porthole-etcdctl-utility:latest-ubuntu_focal
     nodes:
       - name: n0
         tls:

tools/gate/config-templates/bootstrap-armada-config.yaml

@@ -329,7 +329,7 @@ data:
     images:
       tags:
         etcd: ${IMAGE_ETCD}
-        etcdctl: ${IMAGE_ETCD}
+        etcdctl: ${IMAGE_ETCDCTL}
     nodes:
       - name: ${GENESIS_HOSTNAME}
         tls:
@@ -965,7 +965,7 @@ data:
     images:
       tags:
         etcd: ${IMAGE_ETCD}
-        etcdctl: ${IMAGE_ETCD}
+        etcdctl: ${IMAGE_ETCDCTL}
     nodes:
       - name: ${GENESIS_HOSTNAME}
         tls:

tools/gate/config-templates/genesis-config.yaml

@@ -35,6 +35,7 @@ data:
       apiserver: ${IMAGE_APISERVER}
       controller-manager: ${IMAGE_CONTROLLER_MANAGER}
       etcd: ${IMAGE_ETCD}
+      etcdctl: ${IMAGE_ETCDCTL}
       scheduler: ${IMAGE_SCHEDULER}
   enable_operator: false
   files:

tools/gate/default-config-env

@@ -6,7 +6,8 @@ IMAGE_CALICO_KUBE_CONTROLLERS=quay.io/calico/kube-controllers:v3.4.0
 IMAGE_CALICO_NODE=quay.io/calico/node:v3.4.0
 IMAGE_COREDNS=coredns/coredns:1.9.4
 IMAGE_DEP_CHECK=quay.io/stackanetes/kubernetes-entrypoint:v0.3.1
-IMAGE_ETCD=quay.io/coreos/etcd:v3.5.6
+IMAGE_ETCD=quay.io/coreos/etcd:v3.5.11
+IMAGE_ETCDCTL=quay.io/airshipit/porthole-etcdctl-utility:latest-ubuntu_focal
 IMAGE_HAPROXY=haproxy:1.8.3
 IMAGE_HELM=lachlanevenson/k8s-helm:v3.13.2
 IMAGE_APISERVER=registry.k8s.io/kube-apiserver-amd64:v1.29.0

tools/registry/IMAGES

@@ -1,6 +1,7 @@
 # source_name, tag, cache_name
 coredns/coredns,1.9.4,coredns
 quay.io/airshipit/porthole-compute-utility,latest-ubuntu_focal,kubectl
+quay.io/airshipit/porthole-etcdctl-utility,latest-ubuntu_focal
 registry.k8s.io/kube-apiserver-amd64,v1.29.0,apiserver
 registry.k8s.io/kube-controller-manager-amd64,v1.29.0,controller-manager
 registry.k8s.io/kube-scheduler-amd64,v1.29.0,scheduler
@@ -12,4 +13,4 @@ quay.io/calico/cni,v3.4.0,calico-cni
 quay.io/calico/ctl,v3.4.0,calico-ctl
 quay.io/calico/kube-controllers,v3.4.0,calico-kube-controllers
 quay.io/calico/node,v3.4.0,calico-node
-quay.io/coreos/etcd,v3.5.6,etcd
+quay.io/coreos/etcd,v3.5.11,etcd