airship/airshipctl
Code Issues Proposed changes

Update flux components

Browse Source 
helm-controller: v0.11.1
source-controller: v0.15.3

This brings in an increase in the default leader election
deadlines, in order to hopefully reduce the impact of any
cluster instability during reconciliations, particularly
with helm releases getting stuck in pending state:

[0]: https://github.com/fluxcd/pkg/issues/94
[1]: https://github.com/fluxcd/helm-controller/issues/149

Signed-off-by: Sean Eagan <seaneagan1@gmail.com>
Change-Id: I8e989aead88ffde7812a19e66ee039326d7c3fee
This commit is contained in:
Sean Eagan 2021-07-09 14:57:27 -05:00
parent 852a75246e
commit 7c4e6c3036
18 changed files with 372 additions and 96 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
manifests/function/airshipctl-base-catalogues/versions-airshipctl.yaml
View File

@ -141,10 +141,10 @@ spec:
flux:
helm_controller: # helm-controller Deployment
manager:
image: ghcr.io/fluxcd/helm-controller:v0.4.3
image: ghcr.io/fluxcd/helm-controller:v0.11.1
source_controller: # source-controller Deployment
manager:
image: ghcr.io/fluxcd/source-controller:v0.5.3
image: ghcr.io/fluxcd/source-controller:v0.15.3
cert-manager:
cainjector:
manager:

4
manifests/function/flux/helm-controller/Kptfile
View File

@ -5,9 +5,9 @@ dependencies:
git:
repo: "https://github.com/fluxcd/helm-controller"
directory: "config/crd"
ref: "v0.4.3"
ref: "v0.11.1"
- name: upstream/manager
git:
repo: "https://github.com/fluxcd/helm-controller"
directory: "config/manager"
ref: "v0.4.3"
ref: "v0.11.1"

4
manifests/function/flux/helm-controller/upstream/crd/Kptfile
View File

@ -3,10 +3,10 @@ kind: Kptfile
upstream:
type: git
git:
commit: a09ab789782adde93419b324c7374aa92049b868
commit: 9e983b746eb58201a46d8be77ddf58d903ce2e9d
repo: https://github.com/fluxcd/helm-controller
directory: config/crd
ref: v0.4.3
ref: v0.11.1
dependencies:
- name: upstream/crd
git:

203
manifests/function/flux/helm-controller/upstream/crd/bases/helm.toolkit.fluxcd.io_helmreleases.yaml
View File

@ -1,11 +1,8 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.3.0
creationTimestamp: null
controller-gen.kubebuilder.io/version: v0.5.0
name: helmreleases.helm.toolkit.fluxcd.io
spec:
group: helm.toolkit.fluxcd.io
@ -94,8 +91,19 @@ spec:
valuesFile:
description: Alternative values file to use as the default
chart values, expected to be a relative path in the SourceRef.
Deprecated in favor of ValuesFiles, for backwards compatibility
the file defined here is merged before the ValuesFiles items.
Ignored when omitted.
type: string
valuesFiles:
description: Alternative list of values files to use as the
chart values (values.yaml is not included by default), expected
to be a relative path in the SourceRef. Values files are
merged in the order of this list with the last file overriding
the first. Ignored when omitted.
items:
type: string
type: array
version:
default: '*'
description: Version semver expression, ignored for charts
@ -131,6 +139,24 @@ spec:
description: Install holds the configuration for Helm install actions
for this HelmRelease.
properties:
crds:
description: "CRDs upgrade CRDs from the Helm Chart's crds directory
according to the CRD upgrade policy provided here. Valid values
are `Skip`, `Create` or `CreateReplace`. Default is `Create`
and if omitted CRDs are installed but not updated. \n Skip:
do neither install nor replace (update) any CRDs. \n Create:
new CRDs are created, existing CRDs are neither updated nor
deleted. \n CreateReplace: new CRDs are created, existing CRDs
are updated (replaced) but not deleted. \n By default, CRDs
are applied (installed) during Helm install action. With this
option users can opt-in to CRD replace existing CRDs on Helm
install actions, which is not (yet) natively supported by Helm.
https://helm.sh/docs/chart_best_practices/custom_resource_definitions."
enum:
- Skip
- Create
- CreateReplace
type: string
createNamespace:
description: CreateNamespace tells the Helm install action to
create the HelmReleaseSpec.TargetNamespace if it does not exist
@ -149,6 +175,10 @@ spec:
description: DisableWait disables the waiting for resources to
be ready after a Helm install has been performed.
type: boolean
disableWaitForJobs:
description: DisableWaitForJobs disables waiting for jobs to complete
after a Helm install has been performed.
type: boolean
remediation:
description: Remediation holds the remediation configuration for
when the Helm install action for the HelmRelease fails. The
@ -177,8 +207,10 @@ spec:
remains in the history.
type: boolean
skipCRDs:
description: SkipCRDs tells the Helm install action to not install
description: "SkipCRDs tells the Helm install action to not install
any CRDs. By default, CRDs are installed if not already present.
\n Deprecated use CRD policy (`crds`) attribute with value `Skip`
instead."
type: boolean
timeout:
description: Timeout is the time to wait for any individual Kubernetes
@ -204,9 +236,10 @@ spec:
for reconciling the HelmRelease.
properties:
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
description: Name of the referent
type: string
required:
- name
type: object
type: object
maxHistory:
@ -214,6 +247,131 @@ spec:
this HelmRelease. Use '0' for an unlimited number of revisions;
defaults to '10'.
type: integer
postRenderers:
description: PostRenderers holds an array of Helm PostRenderers, which
will be applied in order of their definition.
items:
description: PostRenderer contains a Helm PostRenderer specification.
properties:
kustomize:
description: Kustomization to apply as PostRenderer.
properties:
images:
description: Images is a list of (image name, new name,
new tag or digest) for changing image names, tags or digests.
This can also be achieved with a patch, but this operator
is simpler to specify.
items:
description: Image contains an image name, a new name,
a new tag or digest, which will replace the original
name and tag.
properties:
digest:
description: Digest is the value used to replace the
original image tag. If digest is present NewTag
value is ignored.
type: string
name:
description: Name is a tag-less image name.
type: string
newName:
description: NewName is the value used to replace
the original name.
type: string
newTag:
description: NewTag is the value used to replace the
original tag.
type: string
required:
- name
type: object
type: array
patchesJson6902:
description: JSON 6902 patches, defined as inline YAML objects.
items:
description: JSON6902Patch contains a JSON6902 patch and
the target the patch should be applied to.
properties:
patch:
description: Patch contains the JSON6902 patch document
with an array of operation objects.
items:
description: JSON6902 is a JSON6902 operation object.
https://tools.ietf.org/html/rfc6902#section-4
properties:
from:
type: string
op:
enum:
- test
- remove
- add
- replace
- move
- copy
type: string
path:
type: string
value:
x-kubernetes-preserve-unknown-fields: true
required:
- op
- path
type: object
type: array
target:
description: Target points to the resources that the
patch document should be applied to.
properties:
annotationSelector:
description: AnnotationSelector is a string that
follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
It matches with the resource annotations.
type: string
group:
description: Group is the API group to select
resources from. Together with Version and Kind
it is capable of unambiguously identifying and/or
selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
type: string
kind:
description: Kind of the API Group to select resources
from. Together with Group and Version it is
capable of unambiguously identifying and/or
selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
type: string
labelSelector:
description: LabelSelector is a string that follows
the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api
It matches with the resource labels.
type: string
name:
description: Name to match resources with.
type: string
namespace:
description: Namespace to select resources from.
type: string
version:
description: Version of the API Group to select
resources from. Together with Group and Kind
it is capable of unambiguously identifying and/or
selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
type: string
type: object
required:
- patch
- target
type: object
type: array
patchesStrategicMerge:
description: Strategic merge patches, defined as inline
YAML objects.
items:
x-kubernetes-preserve-unknown-fields: true
type: array
type: object
type: object
type: array
releaseName:
description: ReleaseName used for the Helm release. Defaults to a
composition of '[TargetNamespace-]Name'.
@ -236,6 +394,10 @@ spec:
description: DisableWait disables the waiting for resources to
be ready after a Helm rollback has been performed.
type: boolean
disableWaitForJobs:
description: DisableWaitForJobs disables waiting for jobs to complete
after a Helm rollback has been performed.
type: boolean
force:
description: Force forces resource updates through a replacement
strategy.
@ -254,6 +416,12 @@ spec:
description: The name of the Kubernetes service account to impersonate
when reconciling this HelmRelease.
type: string
storageNamespace:
description: StorageNamespace used for the Helm storage. Defaults
to the namespace of the HelmRelease.
maxLength: 63
minLength: 1
type: string
suspend:
description: Suspend tells the controller to suspend reconciliation
for this HelmRelease, it does not apply to already started reconciliations.
@ -316,6 +484,23 @@ spec:
description: CleanupOnFail allows deletion of new resources created
during the Helm upgrade action when it fails.
type: boolean
crds:
description: "CRDs upgrade CRDs from the Helm Chart's crds directory
according to the CRD upgrade policy provided here. Valid values
are `Skip`, `Create` or `CreateReplace`. Default is `Skip` and
if omitted CRDs are neither installed nor upgraded. \n Skip:
do neither install nor replace (update) any CRDs. \n Create:
new CRDs are created, existing CRDs are neither updated nor
deleted. \n CreateReplace: new CRDs are created, existing CRDs
are updated (replaced) but not deleted. \n By default, CRDs
are not applied during Helm upgrade action. With this option
users can opt-in to CRD upgrade, which is not (yet) natively
supported by Helm. https://helm.sh/docs/chart_best_practices/custom_resource_definitions."
enum:
- Skip
- Create
- CreateReplace
type: string
disableHooks:
description: DisableHooks prevents hooks from running during the
Helm upgrade action.
@ -329,6 +514,10 @@ spec:
description: DisableWait disables the waiting for resources to
be ready after a Helm upgrade has been performed.
type: boolean
disableWaitForJobs:
description: DisableWaitForJobs disables waiting for jobs to complete
after a Helm upgrade has been performed.
type: boolean
force:
description: Force forces resource updates through a replacement
strategy.

2
manifests/function/flux/helm-controller/upstream/crd/kustomization.yaml
View File

@ -1,5 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- bases/helm.toolkit.fluxcd.io_helmreleases.yaml
- bases/helm.toolkit.fluxcd.io_helmreleases.yaml
# +kubebuilder:scaffold:crdkustomizeresource

4
manifests/function/flux/helm-controller/upstream/manager/Kptfile
View File

@ -3,10 +3,10 @@ kind: Kptfile
upstream:
type: git
git:
commit: a09ab789782adde93419b324c7374aa92049b868
commit: 9e983b746eb58201a46d8be77ddf58d903ce2e9d
repo: https://github.com/fluxcd/helm-controller
directory: config/manager
ref: v0.4.3
ref: v0.11.1
dependencies:
- name: upstream/crd
git:

36
manifests/function/flux/helm-controller/upstream/manager/deployment.yaml
View File

@ -17,7 +17,7 @@ spec:
prometheus.io/scrape: "true"
prometheus.io/port: "8080"
spec:
terminationGracePeriodSeconds: 10
terminationGracePeriodSeconds: 600
containers:
- name: manager
image: fluxcd/helm-controller
@ -26,21 +26,21 @@ spec:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
ports:
- containerPort: 8080
name: http-prom
- containerPort: 9440
name: healthz
protocol: TCP
- containerPort: 8080
name: http-prom
- containerPort: 9440
name: healthz
protocol: TCP
env:
- name: RUNTIME_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: RUNTIME_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
args:
- --watch-all-namespaces
- --log-level=info
- --log-json
- --enable-leader-election
- --watch-all-namespaces
- --log-level=info
- --log-encoding=json
- --enable-leader-election
readinessProbe:
httpGet:
path: /readyz
@ -57,8 +57,8 @@ spec:
cpu: 100m
memory: 64Mi
volumeMounts:
- name: temp
mountPath: /tmp
volumes:
- name: temp
emptyDir: {}
mountPath: /tmp
volumes:
- name: temp
emptyDir: {}

6
manifests/function/flux/helm-controller/upstream/manager/kustomization.yaml
View File

@ -3,6 +3,6 @@ kind: Kustomization
resources:
- deployment.yaml
images:
- name: fluxcd/helm-controller
newName: fluxcd/helm-controller
newTag: v0.4.3
- name: fluxcd/helm-controller
newName: fluxcd/helm-controller
newTag: v0.11.1

4
manifests/function/flux/source-controller/Kptfile
View File

@ -5,9 +5,9 @@ dependencies:
git:
repo: "https://github.com/fluxcd/source-controller"
directory: "config/crd"
ref: "v0.5.3"
ref: "v0.15.3"
- name: upstream/manager
git:
repo: "https://github.com/fluxcd/source-controller"
directory: "config/manager"
ref: "v0.5.3"
ref: "v0.15.3"

4
manifests/function/flux/source-controller/upstream/crd/Kptfile
View File

@ -3,10 +3,10 @@ kind: Kptfile
upstream:
type: git
git:
commit: c602c5d85093a8e38fae993fee0ed743c8615e46
commit: 5c170bfdc3cfba2b34e2be543ef2b6f3630e873b
repo: https://github.com/fluxcd/source-controller
directory: config/crd
ref: v0.5.2
ref: v0.15.3
dependencies:
- name: upstream/crd
git:

10
manifests/function/flux/source-controller/upstream/crd/bases/source.toolkit.fluxcd.io_buckets.yaml
View File

@ -1,11 +1,8 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.3.0
creationTimestamp: null
controller-gen.kubebuilder.io/version: v0.5.0
name: buckets.source.toolkit.fluxcd.io
spec:
group: source.toolkit.fluxcd.io
@ -83,9 +80,10 @@ spec:
for the Bucket.
properties:
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
description: Name of the referent
type: string
required:
- name
type: object
suspend:
description: This flag tells the controller to suspend the reconciliation

79
manifests/function/flux/source-controller/upstream/crd/bases/source.toolkit.fluxcd.io_gitrepositories.yaml
View File

@ -1,11 +1,8 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.3.0
creationTimestamp: null
controller-gen.kubebuilder.io/version: v0.5.0
name: gitrepositories.source.toolkit.fluxcd.io
spec:
group: source.toolkit.fluxcd.io
@ -14,6 +11,8 @@ spec:
listKind: GitRepositoryList
plural: gitrepositories
singular: gitrepository
shortNames:
- gitrepo
scope: Namespaced
versions:
- additionalPrinterColumns:
@ -63,9 +62,41 @@ spec:
a default will be used, consult the documentation for your version
to find out what those are.
type: string
include:
description: Extra git repositories to map into the repository
items:
description: GitRepositoryInclude defines a source with a from and
to path.
properties:
fromPath:
description: The path to copy contents from, defaults to the
root directory.
type: string
repository:
description: Reference to a GitRepository to include.
properties:
name:
description: Name of the referent
type: string
required:
- name
type: object
toPath:
description: The path to copy contents to, defaults to the name
of the source ref.
type: string
required:
- repository
type: object
type: array
interval:
description: The interval at which to check for repository updates.
type: string
recurseSubmodules:
description: When enabled, after the clone is created, initializes
all submodules within, using their default settings. This option
is available only when using the 'go-git' GitImplementation.
type: boolean
ref:
description: The Git reference to checkout and monitor for changes,
defaults to master branch.
@ -93,9 +124,10 @@ spec:
and known_hosts fields.
properties:
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
description: Name of the referent
type: string
required:
- name
type: object
suspend:
description: This flag tells the controller to suspend the reconciliation
@ -125,9 +157,10 @@ spec:
trusted Git authors.
properties:
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
description: Name of the referent
type: string
required:
- name
type: object
required:
- mode
@ -236,6 +269,36 @@ spec:
- type
type: object
type: array
includedArtifacts:
description: IncludedArtifacts represents the included artifacts from
the last successful repository sync.
items:
description: Artifact represents the output of a source synchronisation.
properties:
checksum:
description: Checksum is the SHA1 checksum of the artifact.
type: string
lastUpdateTime:
description: LastUpdateTime is the timestamp corresponding to
the last update of this artifact.
format: date-time
type: string
path:
description: Path is the relative file path of this artifact.
type: string
revision:
description: Revision is a human readable identifier traceable
in the origin source system. It can be a Git commit SHA, Git
tag, a Helm index timestamp, a Helm chart version, etc.
type: string
url:
description: URL is the HTTP address of this artifact.
type: string
required:
- path
- url
type: object
type: array
lastHandledReconcileAt:
description: LastHandledReconcileAt holds the value of the most recent
reconcile request value, so a change can be detected.

20
manifests/function/flux/source-controller/upstream/crd/bases/source.toolkit.fluxcd.io_helmcharts.yaml
View File

@ -1,11 +1,8 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.3.0
creationTimestamp: null
controller-gen.kubebuilder.io/version: v0.5.0
name: helmcharts.source.toolkit.fluxcd.io
spec:
group: source.toolkit.fluxcd.io
@ -14,6 +11,8 @@ spec:
listKind: HelmChartList
plural: helmcharts
singular: helmchart
shortNames:
- hc
scope: Namespaced
versions:
- additionalPrinterColumns:
@ -92,8 +91,19 @@ spec:
type: boolean
valuesFile:
description: Alternative values file to use as the default chart values,
expected to be a relative path in the SourceRef. Ignored when omitted.
expected to be a relative path in the SourceRef. Deprecated in favor
of ValuesFiles, for backwards compatibility the file defined here
is merged before the ValuesFiles items. Ignored when omitted.
type: string
valuesFiles:
description: Alternative list of values files to use as the chart
values (values.yaml is not included by default), expected to be
a relative path in the SourceRef. Values files are merged in the
order of this list with the last file overriding the first. Ignored
when omitted.
items:
type: string
type: array
version:
default: '*'
description: The chart version semver expression, ignored for charts

20
manifests/function/flux/source-controller/upstream/crd/bases/source.toolkit.fluxcd.io_helmrepositories.yaml
View File

@ -1,11 +1,8 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.3.0
creationTimestamp: null
controller-gen.kubebuilder.io/version: v0.5.0
name: helmrepositories.source.toolkit.fluxcd.io
spec:
group: source.toolkit.fluxcd.io
@ -14,6 +11,8 @@ spec:
listKind: HelmRepositoryList
plural: helmrepositories
singular: helmrepository
shortNames:
- helmrepo
scope: Namespaced
versions:
- additionalPrinterColumns:
@ -52,6 +51,14 @@ spec:
interval:
description: The interval at which to check the upstream for updates.
type: string
passCredentials:
description: PassCredentials allows the credentials from the SecretRef
to be passed on to a host that does not match the host as defined
in URL. This may be required if the host of the advertised chart
URLs in the index differ from the defined URL. Enabling this should
be done with caution, as it can potentially result in credentials
getting stolen in a MITM-attack.
type: boolean
secretRef:
description: The name of the secret containing authentication credentials
for the Helm repository. For HTTP/S basic auth the secret must contain
@ -59,9 +66,10 @@ spec:
certFile and keyFile, and/or caCert fields.
properties:
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
description: Name of the referent
type: string
required:
- name
type: object
suspend:
description: This flag tells the controller to suspend the reconciliation

4
manifests/function/flux/source-controller/upstream/manager/Kptfile
View File

@ -3,10 +3,10 @@ kind: Kptfile
upstream:
type: git
git:
commit: c602c5d85093a8e38fae993fee0ed743c8615e46
commit: 5c170bfdc3cfba2b34e2be543ef2b6f3630e873b
repo: https://github.com/fluxcd/source-controller
directory: config/manager
ref: v0.5.2
ref: v0.15.3
dependencies:
- name: upstream/crd
git:

54
manifests/function/flux/source-controller/upstream/manager/deployment.yaml
View File

@ -26,26 +26,28 @@ spec:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
ports:
- containerPort: 9090
name: http
- containerPort: 8080
name: http-prom
- containerPort: 9090
name: http
- containerPort: 8080
name: http-prom
- containerPort: 9440
name: healthz
env:
- name: RUNTIME_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: RUNTIME_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
args:
- --watch-all-namespaces
- --log-level=info
- --log-json
- --enable-leader-election
- --storage-path=/data
- --storage-adv-addr=source-controller.$(RUNTIME_NAMESPACE).svc.cluster.local.
- --watch-all-namespaces
- --log-level=info
- --log-encoding=json
- --enable-leader-election
- --storage-path=/data
- --storage-adv-addr=source-controller.$(RUNTIME_NAMESPACE).svc.cluster.local.
livenessProbe:
httpGet:
port: http
path: /
port: healthz
path: /healthz
readinessProbe:
httpGet:
port: http
@ -58,12 +60,18 @@ spec:
cpu: 50m
memory: 64Mi
volumeMounts:
- name: data
mountPath: /data
- name: tmp
mountPath: /tmp
volumes:
- name: data
emptyDir: {}
mountPath: /data
- name: tmp
emptyDir: {}
mountPath: /tmp
volumes:
- name: data
emptyDir: {}
- name: tmp
emptyDir: {}
# Required for AWS IAM Role bindings
# https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts-technical-overview.html
securityContext:
fsGroup: 1337
strategy:
type: Recreate

2
manifests/function/flux/source-controller/upstream/manager/kustomization.yaml
View File

@ -6,4 +6,4 @@ resources:
images:
- name: fluxcd/source-controller
newName: fluxcd/source-controller
newTag: v0.5.2
newTag: v0.15.3

8
manifests/function/flux/source-controller/upstream/manager/service.yaml
View File

@ -9,7 +9,7 @@ spec:
selector:
app: source-controller
ports:
- name: http
port: 80
protocol: TCP
targetPort: http
- name: http
port: 80
protocol: TCP
targetPort: http