airship
/
maas
Code Issues Proposed changes

Update chart to use stable Kubernetes APIs 

Update the MAAS chart to use non-deprecated APIs [0], specifically
addressing the following resource types:
* ClusterRole
* ClusterRoleBinding
* Ingress
* Role
* Rolebinding

The APIs being migrated to are available in v1.19 or earlier. As of this
change, v1.19 is the oldest supported Kubernetes version, slated for EOL
on 2021-10-28. [1]

Also includes an HTK uplift that includes updated Ingress templates. [2]

0: https://kubernetes.io/docs/reference/using-api/deprecation-guide/
1: https://kubernetes.io/releases/
2: https://review.opendev.org/c/openstack/openstack-helm-infra/+/813115

Change-Id: I5e78f1ab094666538ed419a78f6966a2ba295d6a
This commit is contained in:
Phil Sphicas 2021-10-15 10:39:06 -07:00
parent 760f1c97cf
commit 666567eae5
4 changed files with 34 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
charts/maas/templates/deployment-maas-ingress.yaml
View File

@ -24,7 +24,7 @@ limitations under the License.
{{ tuple $envAll "maas_ingress" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} {{ tuple $envAll "maas_ingress" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
--- ---
apiVersion: rbac.authorization.k8s.io/v1beta1 apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole kind: ClusterRole
metadata: metadata:
name: {{ $serviceAccountName }} name: {{ $serviceAccountName }}
@ -62,7 +62,6 @@ rules:
- create - create
- patch - patch
- apiGroups: - apiGroups:
- "extensions"
- "networking.k8s.io" - "networking.k8s.io"
resources: resources:
- ingresses - ingresses
@ -71,14 +70,13 @@ rules:
- list - list
- watch - watch
- apiGroups: - apiGroups:
- "extensions"
- "networking.k8s.io" - "networking.k8s.io"
resources: resources:
- ingresses/status - ingresses/status
verbs: verbs:
- update - update
--- ---
apiVersion: rbac.authorization.k8s.io/v1beta1 apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding kind: ClusterRoleBinding
metadata: metadata:
name: {{ $serviceAccountName }} name: {{ $serviceAccountName }}
@ -91,7 +89,7 @@ subjects:
name: {{ $serviceAccountName }} name: {{ $serviceAccountName }}
namespace: {{ $envAll.Release.Namespace }} namespace: {{ $envAll.Release.Namespace }}
--- ---
apiVersion: rbac.authorization.k8s.io/v1beta1 apiVersion: rbac.authorization.k8s.io/v1
kind: Role kind: Role
metadata: metadata:
name: {{ $serviceAccountName }} name: {{ $serviceAccountName }}
@ -130,7 +128,7 @@ rules:
- create - create
- update - update
--- ---
apiVersion: rbac.authorization.k8s.io/v1beta1 apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding kind: RoleBinding
metadata: metadata:
name: {{ $serviceAccountName }} name: {{ $serviceAccountName }}

40
charts/maas/templates/ingress-region.yaml
View File

@ -16,39 +16,53 @@
{{- if and .Values.manifests.ingress_region .Values.network.region_api.ingress.public }} {{- if and .Values.manifests.ingress_region .Values.network.region_api.ingress.public }}
--- ---
apiVersion: extensions/v1beta1 apiVersion: networking.k8s.io/v1
kind: Ingress kind: Ingress
metadata: metadata:
name: maas-region-api name: maas-region-api
annotations:
kubernetes.io/ingress.class: {{ .Values.network.region_api.ingress.classes.cluster | quote }}
spec: spec:
ingressClassName: {{ .Values.network.region_api.ingress.classes.cluster | quote }}
rules: rules:
- host: {{ tuple "maas_region" "public" . | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup" }} - host: {{ tuple "maas_region" "public" . | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup" }}
http: http:
paths: paths:
{{- if .Values.conf.maas.ingress_disable_gui }} {{- if .Values.conf.maas.ingress_disable_gui }}
- path: /MAAS/api - path: /MAAS/api
pathType: ImplementationSpecific
backend: backend:
serviceName: {{ tuple "maas_region" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} service:
servicePort: region-api name: {{ tuple "maas_region" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
port:
name: region-api
- path: /MAAS/images-stream - path: /MAAS/images-stream
pathType: ImplementationSpecific
backend: backend:
serviceName: {{ tuple "maas_region" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} service:
servicePort: region-api name: {{ tuple "maas_region" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
port:
name: region-api
- path: /MAAS/metadata - path: /MAAS/metadata
pathType: ImplementationSpecific
backend: backend:
serviceName: {{ tuple "maas_region" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} service:
servicePort: region-api name: {{ tuple "maas_region" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
port:
name: region-api
- path: /MAAS/rpc - path: /MAAS/rpc
pathType: ImplementationSpecific
backend: backend:
serviceName: {{ tuple "maas_region" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} service:
servicePort: region-api name: {{ tuple "maas_region" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
port:
name: region-api
{{- else }} {{- else }}
- path: / - path: /
pathType: ImplementationSpecific
backend: backend:
serviceName: {{ tuple "maas_region" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} service:
servicePort: region-api name: {{ tuple "maas_region" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
port:
name: region-api
{{- end }} {{- end }}
... ...
{{ end }} {{ end }}

4
charts/maas/templates/job-export-api-key.yaml
View File

@ -20,7 +20,7 @@ limitations under the License.
{{- $serviceAccountName := "maas-export-api-key" }} {{- $serviceAccountName := "maas-export-api-key" }}
{{ tuple $envAll "export_api_key" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} {{ tuple $envAll "export_api_key" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
--- ---
apiVersion: rbac.authorization.k8s.io/v1beta1 apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding kind: RoleBinding
metadata: metadata:
name: {{ $envAll.Release.Name }}-{{ $serviceAccountName }}-job name: {{ $envAll.Release.Name }}-{{ $serviceAccountName }}-job
@ -36,7 +36,7 @@ subjects:
name: {{ $serviceAccountName }} name: {{ $serviceAccountName }}
namespace: {{ $envAll.Release.Namespace }} namespace: {{ $envAll.Release.Namespace }}
--- ---
apiVersion: rbac.authorization.k8s.io/v1beta1 apiVersion: rbac.authorization.k8s.io/v1
kind: Role kind: Role
metadata: metadata:
name: {{ $envAll.Release.Name }}-{{ $envAll.Release.Namespace }}-{{ $serviceAccountName }}}-job name: {{ $envAll.Release.Name }}-{{ $envAll.Release.Namespace }}-{{ $serviceAccountName }}}-job

2
tools/helm_tk.sh
View File

@ -18,7 +18,7 @@
HELM=$1 HELM=$1
HTK_REPO=${HTK_REPO:-"https://github.com/openstack/openstack-helm-infra"} HTK_REPO=${HTK_REPO:-"https://github.com/openstack/openstack-helm-infra"}
HTK_PATH=${HTK_PATH:-""} HTK_PATH=${HTK_PATH:-""}
HTK_STABLE_COMMIT=${HTK_COMMIT:-"b1a247e7f54ab12d830ab74f7634457b4e43f3ef"} HTK_STABLE_COMMIT=${HTK_COMMIT:-"f4972121bcb41c8d74748917804d2b239ab757f9"}
DEP_UP_LIST=${DEP_UP_LIST:-"maas"} DEP_UP_LIST=${DEP_UP_LIST:-"maas"}
if [[ ! -z $(echo $http_proxy) ]] if [[ ! -z $(echo $http_proxy) ]]