From 7ce7301476b47a66b30c95537f3e2a220f511821 Mon Sep 17 00:00:00 2001 From: "SPEARS, DUSTIN (ds443n)" Date: Mon, 5 Feb 2024 10:32:50 -0500 Subject: [PATCH] Update ETCD to v3.5.11 Since after v3.5.6 etcd-io switched to a distroless base image. Etcd anchor pods are now using etcd-utility and etcd is running a sidecar for health checks. Change-Id: I198dca1209097de4d60a53a7568f0c4790679599 --- .../templates/etc/_kubernetes-etcd.yaml.tpl | 25 +++++++++++++++++-- charts/etcd/values.yaml | 6 ++--- doc/source/configuration/genesis.rst | 3 ++- examples/basic/Genesis.yaml | 3 ++- examples/basic/armada-resources.yaml | 10 ++++---- examples/complete/Genesis.yaml | 3 ++- examples/complete/armada-resources.yaml | 10 ++++---- examples/containerd/Genesis.yaml | 3 ++- examples/containerd/armada-resources.yaml | 10 ++++---- examples/gate/Genesis.yaml | 3 ++- examples/gate/armada-resources.yaml | 10 ++++---- promenade/schemas/Genesis.yaml | 3 +++ .../manifests/auxiliary-kubernetes-etcd.yaml | 2 +- tests/unit/api/test_validatedesign.py | 2 +- tests/unit/builder_data/simple/Genesis.yaml | 3 ++- .../builder_data/simple/armada-resources.yaml | 8 +++--- .../bootstrap-armada-config.yaml | 4 +-- .../gate/config-templates/genesis-config.yaml | 1 + tools/gate/default-config-env | 3 ++- tools/registry/IMAGES | 3 ++- 20 files changed, 74 insertions(+), 41 deletions(-) diff --git a/charts/etcd/templates/etc/_kubernetes-etcd.yaml.tpl b/charts/etcd/templates/etc/_kubernetes-etcd.yaml.tpl index c4850bc1..aef76222 100644 --- a/charts/etcd/templates/etc/_kubernetes-etcd.yaml.tpl +++ b/charts/etcd/templates/etc/_kubernetes-etcd.yaml.tpl @@ -125,13 +125,34 @@ spec: - name: MANIFEST_PATH value: /manifests/{{ .Values.service.name }}.yaml {{ include "helm-toolkit.utils.to_k8s_env_vars" .Values.pod.env.etcd | indent 8 }} -{{ dict "envAll" $envAll "component" "etcd" "container" "etcd" "type" "readiness" "probeTemplate" (include "etcdreadinessProbeTemplate" $envAll | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 6 }} -{{ dict "envAll" $envAll "component" "etcd" "container" "etcd" "type" "liveness" "probeTemplate" (include "etcdlivenessProbeTemplate" $envAll | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 6 }} volumeMounts: - name: data mountPath: /var/lib/etcd - name: etc mountPath: /etc/etcd + - name: etcd-health-check + image: {{ .Values.images.tags.etcdctl }} + imagePullPolicy: {{ .Values.images.pull_policy }} +{{ tuple $envAll $envAll.Values.pod.resources.etcd_pod | include "helm-toolkit.snippets.kubernetes_resources" | indent 6 }} +{{ dict "envAll" $envAll "application" "etcd" "container" "etcd" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 6 }} + env: + - name: ETCDCTL_API + value: "{{ .Values.etcd.etcdctl_api }}" + - name: ETCDCTL_DIAL_TIMEOUT + value: "3s" + - name: ETCDCTL_ENDPOINTS + value: "https://127.0.0.1:{{ .Values.network.service_client.target_port }}" + - name: ETCDCTL_CACERT + value: "/etc/etcd/tls/client-ca.pem" + - name: ETCDCTL_CERT + value: "/etc/etcd/tls/etcd-client.pem" + - name: ETCDCTL_KEY + value: "/etc/etcd/tls/etcd-client-key.pem" + command: ["/bin/sh", "-c", "--"] + args: ["while true; do sleep 30; done;"] + volumeMounts: + - name: etc + mountPath: /etc/etcd volumes: - name: data hostPath: diff --git a/charts/etcd/values.yaml b/charts/etcd/values.yaml index 13f68342..2bbede89 100644 --- a/charts/etcd/values.yaml +++ b/charts/etcd/values.yaml @@ -14,9 +14,9 @@ images: tags: - etcd: quay.io/coreos/etcd:v3.5.6 - etcdctl: quay.io/coreos/etcd:v3.5.6 - etcdctl_backup: "quay.io/airshipit/porthole-etcdctl-utility:latest-ubuntu_focal" + etcd: quay.io/coreos/etcd:v3.5.11 + etcdctl: quay.io/airshipit/porthole-etcdctl-utility:latest-ubuntu_focal + etcdctl_backup: quay.io/airshipit/porthole-etcdctl-utility:latest-ubuntu_focal dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1 ks_user: docker.io/openstackhelm/heat:stein-ubuntu_bionic pull_policy: "IfNotPresent" diff --git a/doc/source/configuration/genesis.rst b/doc/source/configuration/genesis.rst index 3544640a..b0906b48 100644 --- a/doc/source/configuration/genesis.rst +++ b/doc/source/configuration/genesis.rst @@ -45,7 +45,8 @@ Here is a complete sample document: kubernetes: apiserver: registry.k8s.io/kube-apiserver-amd64:v1.29.0 controller-manager: registry.k8s.io/kube-controller-manager-amd64:v1.29.0 - etcd: quay.io/coreos/etcd:v3.5.6 + etcd: quay.io/coreos/etcd:v3.5.11 + etcdctl: quay.io/airshipit/porthole-etcdctl-utility:latest-ubuntu_focal scheduler: registry.k8s.io/kube-scheduler-amd64:v1.29.0 files: - path: /var/lib/anchor/calico-etcd-bootstrap diff --git a/examples/basic/Genesis.yaml b/examples/basic/Genesis.yaml index 7aa260ec..59dc3f9f 100644 --- a/examples/basic/Genesis.yaml +++ b/examples/basic/Genesis.yaml @@ -49,7 +49,8 @@ data: kubernetes: apiserver: registry.k8s.io/kube-apiserver-amd64:v1.29.0 controller-manager: registry.k8s.io/kube-controller-manager-amd64:v1.29.0 - etcd: quay.io/coreos/etcd:v3.5.6 + etcd: quay.io/coreos/etcd:v3.5.11 + etcdctl: quay.io/airshipit/porthole-etcdctl-utility:latest-ubuntu_focal scheduler: registry.k8s.io/kube-scheduler-amd64:v1.29.0 files: - path: /var/lib/anchor/calico-etcd-bootstrap diff --git a/examples/basic/armada-resources.yaml b/examples/basic/armada-resources.yaml index c9de117d..2ccd030c 100644 --- a/examples/basic/armada-resources.yaml +++ b/examples/basic/armada-resources.yaml @@ -363,8 +363,8 @@ data: filename: calico-etcd-bootstrap images: tags: - etcd: quay.io/coreos/etcd:v3.5.6 - etcdctl: quay.io/coreos/etcd:v3.5.6 + etcd: quay.io/coreos/etcd:v3.5.11 + etcdctl: quay.io/airshipit/porthole-etcdctl-utility:latest-ubuntu_focal nodes: - name: n0 tls: @@ -519,7 +519,7 @@ data: images: tags: - calico_etcd: quay.io/coreos/etcd:v3.5.6 + calico_etcd: quay.io/coreos/etcd:v3.5.11 calico_node: quay.io/calico/node:v3.4.0 calico_cni: quay.io/calico/cni:v3.4.0 calico_ctl: quay.io/calico/ctl:v3.4.0 @@ -1071,8 +1071,8 @@ data: host_etc_path: /etc/etcd/kubernetes images: tags: - etcd: quay.io/coreos/etcd:v3.5.6 - etcdctl: quay.io/coreos/etcd:v3.5.6 + etcd: quay.io/coreos/etcd:v3.5.11 + etcdctl: quay.io/airshipit/porthole-etcdctl-utility:latest-ubuntu_focal nodes: - name: n0 tls: diff --git a/examples/complete/Genesis.yaml b/examples/complete/Genesis.yaml index 8f1f601c..259ae0a6 100644 --- a/examples/complete/Genesis.yaml +++ b/examples/complete/Genesis.yaml @@ -38,7 +38,8 @@ data: kubernetes: apiserver: registry.k8s.io/kube-apiserver-amd64:v1.29.0 controller-manager: registry.k8s.io/kube-controller-manager-amd64:v1.29.0 - etcd: quay.io/coreos/etcd:v3.5.6 + etcd: quay.io/coreos/etcd:v3.5.11 + etcdctl: quay.io/airshipit/porthole-etcdctl-utility:latest-ubuntu_focal scheduler: registry.k8s.io/kube-scheduler-amd64:v1.29.0 files: - path: /var/lib/anchor/calico-etcd-bootstrap diff --git a/examples/complete/armada-resources.yaml b/examples/complete/armada-resources.yaml index 07f310f7..06c8d16b 100644 --- a/examples/complete/armada-resources.yaml +++ b/examples/complete/armada-resources.yaml @@ -400,8 +400,8 @@ data: filename: calico-etcd-bootstrap images: tags: - etcd: quay.io/coreos/etcd:v3.5.6 - etcdctl: quay.io/coreos/etcd:v3.5.6 + etcd: quay.io/coreos/etcd:v3.5.11 + etcdctl: quay.io/airshipit/porthole-etcdctl-utility:latest-ubuntu_focal nodes: - name: n0 tls: @@ -540,7 +540,7 @@ data: images: tags: - calico_etcd: quay.io/coreos/etcd:v3.5.6 + calico_etcd: quay.io/coreos/etcd:v3.5.11 calico_node: quay.io/calico/node:v3.4.0 calico_cni: quay.io/calico/cni:v3.4.0 calico_ctl: quay.io/calico/ctl:v3.4.0 @@ -1082,8 +1082,8 @@ data: host_etc_path: /etc/etcd/kubernetes images: tags: - etcd: quay.io/coreos/etcd:v3.5.6 - etcdctl: quay.io/coreos/etcd:v3.5.6 + etcd: quay.io/coreos/etcd:v3.5.11 + etcdctl: quay.io/airshipit/porthole-etcdctl-utility:latest-ubuntu_focal nodes: - name: n0 tls: diff --git a/examples/containerd/Genesis.yaml b/examples/containerd/Genesis.yaml index e6ebcdf1..4e3a3831 100644 --- a/examples/containerd/Genesis.yaml +++ b/examples/containerd/Genesis.yaml @@ -49,7 +49,8 @@ data: kubernetes: apiserver: registry.k8s.io/kube-apiserver-amd64:v1.29.0 controller-manager: registry.k8s.io/kube-controller-manager-amd64:v1.29.0 - etcd: quay.io/coreos/etcd:v3.5.6 + etcd: quay.io/coreos/etcd:v3.5.11 + etcdctl: quay.io/airshipit/porthole-etcdctl-utility:latest-ubuntu_focal scheduler: registry.k8s.io/kube-scheduler-amd64:v1.29.0 files: - path: /var/lib/anchor/calico-etcd-bootstrap diff --git a/examples/containerd/armada-resources.yaml b/examples/containerd/armada-resources.yaml index 89c241cf..9c835ea3 100644 --- a/examples/containerd/armada-resources.yaml +++ b/examples/containerd/armada-resources.yaml @@ -276,8 +276,8 @@ data: filename: calico-etcd-bootstrap images: tags: - etcd: quay.io/coreos/etcd:v3.5.6 - etcdctl: quay.io/coreos/etcd:v3.5.6 + etcd: quay.io/coreos/etcd:v3.5.11 + etcdctl: quay.io/airshipit/porthole-etcdctl-utility:latest-ubuntu_focal nodes: - name: n0 tls: @@ -413,7 +413,7 @@ data: images: tags: - calico_etcd: quay.io/coreos/etcd:v3.5.6 + calico_etcd: quay.io/coreos/etcd:v3.5.11 calico_node: quay.io/calico/node:v3.4.0 calico_cni: quay.io/calico/cni:v3.4.0 calico_ctl: quay.io/calico/ctl:v3.4.0 @@ -883,8 +883,8 @@ data: host_etc_path: /etc/etcd/kubernetes images: tags: - etcd: quay.io/coreos/etcd:v3.5.6 - etcdctl: quay.io/coreos/etcd:v3.5.6 + etcd: quay.io/coreos/etcd:v3.5.11 + etcdctl: quay.io/airshipit/porthole-etcdctl-utility:latest-ubuntu_focal nodes: - name: n0 tls: diff --git a/examples/gate/Genesis.yaml b/examples/gate/Genesis.yaml index e6ebcdf1..4e3a3831 100644 --- a/examples/gate/Genesis.yaml +++ b/examples/gate/Genesis.yaml @@ -49,7 +49,8 @@ data: kubernetes: apiserver: registry.k8s.io/kube-apiserver-amd64:v1.29.0 controller-manager: registry.k8s.io/kube-controller-manager-amd64:v1.29.0 - etcd: quay.io/coreos/etcd:v3.5.6 + etcd: quay.io/coreos/etcd:v3.5.11 + etcdctl: quay.io/airshipit/porthole-etcdctl-utility:latest-ubuntu_focal scheduler: registry.k8s.io/kube-scheduler-amd64:v1.29.0 files: - path: /var/lib/anchor/calico-etcd-bootstrap diff --git a/examples/gate/armada-resources.yaml b/examples/gate/armada-resources.yaml index ed71d90e..e222aba3 100644 --- a/examples/gate/armada-resources.yaml +++ b/examples/gate/armada-resources.yaml @@ -282,8 +282,8 @@ data: filename: calico-etcd-bootstrap images: tags: - etcd: quay.io/coreos/etcd:v3.5.6 - etcdctl: quay.io/coreos/etcd:v3.5.6 + etcd: quay.io/coreos/etcd:v3.5.11 + etcdctl: quay.io/airshipit/porthole-etcdctl-utility:latest-ubuntu_focal nodes: - name: n0 tls: @@ -419,7 +419,7 @@ data: images: tags: - calico_etcd: quay.io/coreos/etcd:v3.5.6 + calico_etcd: quay.io/coreos/etcd:v3.5.11 calico_node: quay.io/calico/node:v3.4.0 calico_cni: quay.io/calico/cni:v3.4.0 calico_ctl: quay.io/calico/ctl:v3.4.0 @@ -889,8 +889,8 @@ data: host_etc_path: /etc/etcd/kubernetes images: tags: - etcd: quay.io/coreos/etcd:v3.5.6 - etcdctl: quay.io/coreos/etcd:v3.5.6 + etcd: quay.io/coreos/etcd:v3.5.11 + etcdctl: quay.io/airshipit/porthole-etcdctl-utility:latest-ubuntu_focal nodes: - name: n0 tls: diff --git a/promenade/schemas/Genesis.yaml b/promenade/schemas/Genesis.yaml index 1731945f..ecd0de28 100644 --- a/promenade/schemas/Genesis.yaml +++ b/promenade/schemas/Genesis.yaml @@ -168,12 +168,15 @@ data: $ref: '#/definitions/image' etcd: $ref: '#/definitions/image' + etcdctl: + $ref: '#/definitions/image' scheduler: $ref: '#/definitions/image' required: - apiserver - controller-manager - etcd + - etcdctl - scheduler additionalProperties: false required: diff --git a/promenade/templates/roles/genesis/etc/kubernetes/manifests/auxiliary-kubernetes-etcd.yaml b/promenade/templates/roles/genesis/etc/kubernetes/manifests/auxiliary-kubernetes-etcd.yaml index 1d967c13..6ee6e770 100644 --- a/promenade/templates/roles/genesis/etc/kubernetes/manifests/auxiliary-kubernetes-etcd.yaml +++ b/promenade/templates/roles/genesis/etc/kubernetes/manifests/auxiliary-kubernetes-etcd.yaml @@ -20,7 +20,7 @@ spec: {%- endwith %} - name: monitor - image: {{ config['Genesis:images.kubernetes.etcd'] }} + image: {{ config['Genesis:images.kubernetes.etcdctl'] }} command: - /bin/sh - -c diff --git a/tests/unit/api/test_validatedesign.py b/tests/unit/api/test_validatedesign.py index 703e042f..b96567f7 100644 --- a/tests/unit/api/test_validatedesign.py +++ b/tests/unit/api/test_validatedesign.py @@ -107,7 +107,7 @@ VALID_DOCS = [ 'registry.k8s.io/kube-apiserver-amd64:v1.29.0', 'controller-manager': 'registry.k8s.io/kube-controller-manager-amd64:v1.29.0', - 'etcd': 'quay.io/coreos/etcd:v3.5.6', + 'etcd': 'quay.io/coreos/etcd:v3.5.11', 'scheduler': 'registry.k8s.io/kube-scheduler-amd64:v1.29.0' } }, diff --git a/tests/unit/builder_data/simple/Genesis.yaml b/tests/unit/builder_data/simple/Genesis.yaml index e276d410..0d5618ce 100644 --- a/tests/unit/builder_data/simple/Genesis.yaml +++ b/tests/unit/builder_data/simple/Genesis.yaml @@ -35,7 +35,8 @@ data: kubernetes: apiserver: registry.k8s.io/kube-apiserver-amd64:v1.29.0 controller-manager: registry.k8s.io/kube-controller-manager-amd64:v1.29.0 - etcd: quay.io/coreos/etcd:v3.5.6 + etcd: quay.io/coreos/etcd:v3.5.11 + etcdctl: quay.io/airshipit/porthole-etcdctl-utility:latest-ubuntu_focal scheduler: registry.k8s.io/kube-scheduler-amd64:v1.29.0 files: - path: /var/lib/anchor/calico-etcd-bootstrap diff --git a/tests/unit/builder_data/simple/armada-resources.yaml b/tests/unit/builder_data/simple/armada-resources.yaml index 518a0969..233fa63b 100644 --- a/tests/unit/builder_data/simple/armada-resources.yaml +++ b/tests/unit/builder_data/simple/armada-resources.yaml @@ -303,8 +303,8 @@ data: filename: calico-etcd-bootstrap images: tags: - etcd: quay.io/coreos/etcd:v3.5.6 - etcdctl: quay.io/coreos/etcd:v3.5.6 + etcd: quay.io/coreos/etcd:v3.5.11 + etcdctl: quay.io/airshipit/porthole-etcdctl-utility:latest-ubuntu_focal nodes: - name: n0 tls: @@ -923,8 +923,8 @@ data: host_etc_path: /etc/etcd/kubernetes images: tags: - etcd: quay.io/coreos/etcd:v3.5.6 - etcdctl: quay.io/coreos/etcd:v3.5.6 + etcd: quay.io/coreos/etcd:v3.5.11 + etcdctl: quay.io/airshipit/porthole-etcdctl-utility:latest-ubuntu_focal nodes: - name: n0 tls: diff --git a/tools/gate/config-templates/bootstrap-armada-config.yaml b/tools/gate/config-templates/bootstrap-armada-config.yaml index 431870cd..82868de5 100644 --- a/tools/gate/config-templates/bootstrap-armada-config.yaml +++ b/tools/gate/config-templates/bootstrap-armada-config.yaml @@ -329,7 +329,7 @@ data: images: tags: etcd: ${IMAGE_ETCD} - etcdctl: ${IMAGE_ETCD} + etcdctl: ${IMAGE_ETCDCTL} nodes: - name: ${GENESIS_HOSTNAME} tls: @@ -965,7 +965,7 @@ data: images: tags: etcd: ${IMAGE_ETCD} - etcdctl: ${IMAGE_ETCD} + etcdctl: ${IMAGE_ETCDCTL} nodes: - name: ${GENESIS_HOSTNAME} tls: diff --git a/tools/gate/config-templates/genesis-config.yaml b/tools/gate/config-templates/genesis-config.yaml index 8d7f93a7..e42fee13 100644 --- a/tools/gate/config-templates/genesis-config.yaml +++ b/tools/gate/config-templates/genesis-config.yaml @@ -35,6 +35,7 @@ data: apiserver: ${IMAGE_APISERVER} controller-manager: ${IMAGE_CONTROLLER_MANAGER} etcd: ${IMAGE_ETCD} + etcdctl: ${IMAGE_ETCDCTL} scheduler: ${IMAGE_SCHEDULER} enable_operator: false files: diff --git a/tools/gate/default-config-env b/tools/gate/default-config-env index 62c66d88..6f58c5ac 100644 --- a/tools/gate/default-config-env +++ b/tools/gate/default-config-env @@ -6,7 +6,8 @@ IMAGE_CALICO_KUBE_CONTROLLERS=quay.io/calico/kube-controllers:v3.4.0 IMAGE_CALICO_NODE=quay.io/calico/node:v3.4.0 IMAGE_COREDNS=coredns/coredns:1.9.4 IMAGE_DEP_CHECK=quay.io/stackanetes/kubernetes-entrypoint:v0.3.1 -IMAGE_ETCD=quay.io/coreos/etcd:v3.5.6 +IMAGE_ETCD=quay.io/coreos/etcd:v3.5.11 +IMAGE_ETCDCTL=quay.io/airshipit/porthole-etcdctl-utility:latest-ubuntu_focal IMAGE_HAPROXY=haproxy:1.8.3 IMAGE_HELM=lachlanevenson/k8s-helm:v3.13.2 IMAGE_APISERVER=registry.k8s.io/kube-apiserver-amd64:v1.29.0 diff --git a/tools/registry/IMAGES b/tools/registry/IMAGES index 1b25d73b..3437238d 100644 --- a/tools/registry/IMAGES +++ b/tools/registry/IMAGES @@ -1,6 +1,7 @@ # source_name, tag, cache_name coredns/coredns,1.9.4,coredns quay.io/airshipit/porthole-compute-utility,latest-ubuntu_focal,kubectl +quay.io/airshipit/porthole-etcdctl-utility,latest-ubuntu_focal registry.k8s.io/kube-apiserver-amd64,v1.29.0,apiserver registry.k8s.io/kube-controller-manager-amd64,v1.29.0,controller-manager registry.k8s.io/kube-scheduler-amd64,v1.29.0,scheduler @@ -12,4 +13,4 @@ quay.io/calico/cni,v3.4.0,calico-cni quay.io/calico/ctl,v3.4.0,calico-ctl quay.io/calico/kube-controllers,v3.4.0,calico-kube-controllers quay.io/calico/node,v3.4.0,calico-node -quay.io/coreos/etcd,v3.5.6,etcd +quay.io/coreos/etcd,v3.5.11,etcd