Browse Source

Update chart to use stable Kubernetes APIs

Update the MAAS chart to use non-deprecated APIs [0], specifically
addressing the following resource types:
* ClusterRole
* ClusterRoleBinding
* Ingress
* Role
* Rolebinding

The APIs being migrated to are available in v1.19 or earlier. As of this
change, v1.19 is the oldest supported Kubernetes version, slated for EOL
on 2021-10-28. [1]

Also includes an HTK uplift that includes updated Ingress templates. [2]

0: https://kubernetes.io/docs/reference/using-api/deprecation-guide/
1: https://kubernetes.io/releases/
2: https://review.opendev.org/c/openstack/openstack-helm-infra/+/813115

Change-Id: I5e78f1ab094666538ed419a78f6966a2ba295d6a
changes/11/814211/2
Phil Sphicas 7 months ago
parent
commit
666567eae5
  1. 10
      charts/maas/templates/deployment-maas-ingress.yaml
  2. 40
      charts/maas/templates/ingress-region.yaml
  3. 4
      charts/maas/templates/job-export-api-key.yaml
  4. 2
      tools/helm_tk.sh

10
charts/maas/templates/deployment-maas-ingress.yaml

@ -24,7 +24,7 @@ limitations under the License.
{{ tuple $envAll "maas_ingress" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
---
apiVersion: rbac.authorization.k8s.io/v1beta1
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ $serviceAccountName }}
@ -62,7 +62,6 @@ rules:
- create
- patch
- apiGroups:
- "extensions"
- "networking.k8s.io"
resources:
- ingresses
@ -71,14 +70,13 @@ rules:
- list
- watch
- apiGroups:
- "extensions"
- "networking.k8s.io"
resources:
- ingresses/status
verbs:
- update
---
apiVersion: rbac.authorization.k8s.io/v1beta1
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ $serviceAccountName }}
@ -91,7 +89,7 @@ subjects:
name: {{ $serviceAccountName }}
namespace: {{ $envAll.Release.Namespace }}
---
apiVersion: rbac.authorization.k8s.io/v1beta1
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ $serviceAccountName }}
@ -130,7 +128,7 @@ rules:
- create
- update
---
apiVersion: rbac.authorization.k8s.io/v1beta1
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ $serviceAccountName }}

40
charts/maas/templates/ingress-region.yaml

@ -16,39 +16,53 @@
{{- if and .Values.manifests.ingress_region .Values.network.region_api.ingress.public }}
---
apiVersion: extensions/v1beta1
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: maas-region-api
annotations:
kubernetes.io/ingress.class: {{ .Values.network.region_api.ingress.classes.cluster | quote }}
spec:
ingressClassName: {{ .Values.network.region_api.ingress.classes.cluster | quote }}
rules:
- host: {{ tuple "maas_region" "public" . | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup" }}
http:
paths:
{{- if .Values.conf.maas.ingress_disable_gui }}
- path: /MAAS/api
pathType: ImplementationSpecific
backend:
serviceName: {{ tuple "maas_region" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
servicePort: region-api
service:
name: {{ tuple "maas_region" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
port:
name: region-api
- path: /MAAS/images-stream
pathType: ImplementationSpecific
backend:
serviceName: {{ tuple "maas_region" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
servicePort: region-api
service:
name: {{ tuple "maas_region" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
port:
name: region-api
- path: /MAAS/metadata
pathType: ImplementationSpecific
backend:
serviceName: {{ tuple "maas_region" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
servicePort: region-api
service:
name: {{ tuple "maas_region" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
port:
name: region-api
- path: /MAAS/rpc
pathType: ImplementationSpecific
backend:
serviceName: {{ tuple "maas_region" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
servicePort: region-api
service:
name: {{ tuple "maas_region" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
port:
name: region-api
{{- else }}
- path: /
pathType: ImplementationSpecific
backend:
serviceName: {{ tuple "maas_region" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
servicePort: region-api
service:
name: {{ tuple "maas_region" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
port:
name: region-api
{{- end }}
...
{{ end }}

4
charts/maas/templates/job-export-api-key.yaml

@ -20,7 +20,7 @@ limitations under the License.
{{- $serviceAccountName := "maas-export-api-key" }}
{{ tuple $envAll "export_api_key" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
---
apiVersion: rbac.authorization.k8s.io/v1beta1
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ $envAll.Release.Name }}-{{ $serviceAccountName }}-job
@ -36,7 +36,7 @@ subjects:
name: {{ $serviceAccountName }}
namespace: {{ $envAll.Release.Namespace }}
---
apiVersion: rbac.authorization.k8s.io/v1beta1
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ $envAll.Release.Name }}-{{ $envAll.Release.Namespace }}-{{ $serviceAccountName }}}-job

2
tools/helm_tk.sh

@ -18,7 +18,7 @@
HELM=$1
HTK_REPO=${HTK_REPO:-"https://github.com/openstack/openstack-helm-infra"}
HTK_PATH=${HTK_PATH:-""}
HTK_STABLE_COMMIT=${HTK_COMMIT:-"b1a247e7f54ab12d830ab74f7634457b4e43f3ef"}
HTK_STABLE_COMMIT=${HTK_COMMIT:-"f4972121bcb41c8d74748917804d2b239ab757f9"}
DEP_UP_LIST=${DEP_UP_LIST:-"maas"}
if [[ ! -z $(echo $http_proxy) ]]

Loading…
Cancel
Save