From 4cd75e26a0946505f32eab672cd525665a0b5d6f Mon Sep 17 00:00:00 2001 From: Doug Aaser Date: Thu, 7 Nov 2019 14:59:27 -0500 Subject: [PATCH] Uplift etcd to v3.4.2 Uplift etcd to v3.4.2 Also uplifts calico in the gate so that it works with etcd v3 Change-Id: Iac93cadfad813223f9364e513fae00afa178113e --- .../etcd/templates/cron-job-etcd-backup.yaml | 2 +- charts/etcd/templates/daemonset-anchor.yaml | 2 +- .../templates/etc/_kubernetes-etcd.yaml.tpl | 2 +- .../templates/tests/test-etcd-health.yaml | 2 +- charts/etcd/values.yaml | 5 +- doc/source/configuration/genesis.rst | 2 +- examples/basic/Genesis.yaml | 2 +- examples/basic/armada-resources.yaml | 57 ++++++++++------- examples/complete/Genesis.yaml | 2 +- examples/complete/armada-resources.yaml | 13 ++-- examples/gate/Genesis.yaml | 2 +- examples/gate/armada-resources.yaml | 63 ++++++++++++------- tests/unit/api/test_validatedesign.py | 2 +- tests/unit/builder_data/simple/Genesis.yaml | 2 +- .../builder_data/simple/armada-resources.yaml | 8 +-- tools/gate/default-config-env | 2 +- tools/registry/IMAGES | 2 +- 17 files changed, 104 insertions(+), 66 deletions(-) diff --git a/charts/etcd/templates/cron-job-etcd-backup.yaml b/charts/etcd/templates/cron-job-etcd-backup.yaml index 7d06e527..aa9481e7 100644 --- a/charts/etcd/templates/cron-job-etcd-backup.yaml +++ b/charts/etcd/templates/cron-job-etcd-backup.yaml @@ -79,7 +79,7 @@ spec: {{ tuple $envAll $envAll.Values.pod.resources.jobs.etcd_backup | include "helm-toolkit.snippets.kubernetes_resources" | indent 14 }} env: - name: ETCDCTL_API - value: '3' + value: "{{ .Values.etcd.etcdctl_api }}" - name: ETCDCTL_DIAL_TIMEOUT value: {{ .Values.backup.etcdctl_dial_timeout }} - name: ETCDCTL_ENDPOINTS diff --git a/charts/etcd/templates/daemonset-anchor.yaml b/charts/etcd/templates/daemonset-anchor.yaml index 6c4050df..9be2b7f6 100644 --- a/charts/etcd/templates/daemonset-anchor.yaml +++ b/charts/etcd/templates/daemonset-anchor.yaml @@ -78,7 +78,7 @@ spec: fieldRef: fieldPath: status.podIP - name: ETCDCTL_API - value: '3' + value: "{{ .Values.etcd.etcdctl_api }}" - name: ETCDCTL_DIAL_TIMEOUT value: 3s - name: ETCDCTL_ENDPOINTS diff --git a/charts/etcd/templates/etc/_kubernetes-etcd.yaml.tpl b/charts/etcd/templates/etc/_kubernetes-etcd.yaml.tpl index 297b421c..8a5d2c36 100644 --- a/charts/etcd/templates/etc/_kubernetes-etcd.yaml.tpl +++ b/charts/etcd/templates/etc/_kubernetes-etcd.yaml.tpl @@ -106,7 +106,7 @@ spec: - name: ETCD_INITIAL_CLUSTER value: _ETCD_INITIAL_CLUSTER_ - name: ETCDCTL_API - value: '3' + value: "{{ .Values.etcd.etcdctl_api }}" - name: ETCDCTL_DIAL_TIMEOUT value: 3s - name: ETCDCTL_ENDPOINTS diff --git a/charts/etcd/templates/tests/test-etcd-health.yaml b/charts/etcd/templates/tests/test-etcd-health.yaml index bd76fd59..36915f5e 100644 --- a/charts/etcd/templates/tests/test-etcd-health.yaml +++ b/charts/etcd/templates/tests/test-etcd-health.yaml @@ -59,7 +59,7 @@ spec: - name: "{{ .Release.Name }}-etcd-test" env: - name: ETCDCTL_API - value: '3' + value: "{{ .Values.etcd.etcdctl_api }}" - name: ETCDCTL_DIAL_TIMEOUT value: 3s - name: ETCDCTL_ENDPOINTS diff --git a/charts/etcd/values.yaml b/charts/etcd/values.yaml index 931d59fa..eedffc71 100644 --- a/charts/etcd/values.yaml +++ b/charts/etcd/values.yaml @@ -14,8 +14,8 @@ images: tags: - etcd: quay.io/coreos/etcd:v3.4.0 - etcdctl: quay.io/coreos/etcd:v3.4.0 + etcd: quay.io/coreos/etcd:v3.4.2 + etcdctl: quay.io/coreos/etcd:v3.4.2 pull_policy: "IfNotPresent" labels: @@ -41,6 +41,7 @@ etcd: host_etc_path: /etc/etcd-example host_data_path: /var/lib/etcd/example cleanup_data: true + etcdctl_api: "3" logging: # Set individual etcd subpackages to specific log levels. # An example being etcdserver=WARNING,security=DEBUG diff --git a/doc/source/configuration/genesis.rst b/doc/source/configuration/genesis.rst index 02bdb906..178fab88 100644 --- a/doc/source/configuration/genesis.rst +++ b/doc/source/configuration/genesis.rst @@ -50,7 +50,7 @@ Here is a complete sample document: kubernetes: apiserver: gcr.io/google_containers/hyperkube-amd64:v1.11.6 controller-manager: gcr.io/google_containers/hyperkube-amd64:v1.11.6 - etcd: quay.io/coreos/etcd:v3.0.17 + etcd: quay.io/coreos/etcd:v3.4.2 scheduler: gcr.io/google_containers/hyperkube-amd64:v1.11.6 files: - path: /var/lib/anchor/calico-etcd-bootstrap diff --git a/examples/basic/Genesis.yaml b/examples/basic/Genesis.yaml index b569335e..ecdef60b 100644 --- a/examples/basic/Genesis.yaml +++ b/examples/basic/Genesis.yaml @@ -55,7 +55,7 @@ data: kubernetes: apiserver: gcr.io/google_containers/hyperkube-amd64:v1.11.6 controller-manager: gcr.io/google_containers/hyperkube-amd64:v1.11.6 - etcd: quay.io/coreos/etcd:v3.3.12 + etcd: quay.io/coreos/etcd:v3.4.2 scheduler: gcr.io/google_containers/hyperkube-amd64:v1.11.6 files: - path: /var/lib/anchor/calico-etcd-bootstrap diff --git a/examples/basic/armada-resources.yaml b/examples/basic/armada-resources.yaml index 8ad265b0..ec59d033 100644 --- a/examples/basic/armada-resources.yaml +++ b/examples/basic/armada-resources.yaml @@ -112,7 +112,7 @@ data: type: git location: https://git.openstack.org/openstack/openstack-helm-infra subpath: helm-toolkit - reference: b7e2d6839ce600a7c1e2103f55d208ad3f5029ca + reference: b50fae62a4ad0992ce877cd632800e1eed5f71a9 dependencies: [] --- schema: armada/Chart/v1 @@ -136,7 +136,7 @@ data: type: git location: https://git.openstack.org/openstack/openstack-helm-infra subpath: helm-toolkit - reference: b7e2d6839ce600a7c1e2103f55d208ad3f5029ca + reference: b50fae62a4ad0992ce877cd632800e1eed5f71a9 dependencies: [] --- schema: armada/Chart/v1 @@ -364,8 +364,8 @@ data: filename: calico-etcd-bootstrap images: tags: - etcd: quay.io/coreos/etcd:v3.3.12 - etcdctl: quay.io/coreos/etcd:v3.3.12 + etcd: quay.io/coreos/etcd:v3.4.2 + etcdctl: quay.io/coreos/etcd:v3.4.2 nodes: - name: n0 tls: @@ -429,28 +429,42 @@ metadata: layer: site storagePolicy: cleartext substitutions: - - - src: + - src: schema: deckhand/CertificateAuthority/v1 name: calico-etcd path: . dest: path: '.values.endpoints.etcd.auth.client.tls.ca' - - - src: + - src: schema: deckhand/Certificate/v1 name: calico-node path: . dest: path: '.values.endpoints.etcd.auth.client.tls.crt' - - - src: + - src: schema: deckhand/CertificateKey/v1 name: calico-node path: . dest: path: '.values.endpoints.etcd.auth.client.tls.key' - + - src: + schema: deckhand/CertificateAuthority/v1 + name: calico-etcd + path: . + dest: + path: '.values.conf.etcd.credentials.ca' + - src: + schema: deckhand/Certificate/v1 + name: calico-node + path: . + dest: + path: '.values.conf.etcd.credentials.certificate' + - src: + schema: deckhand/CertificateKey/v1 + name: calico-node + path: . + dest: + path: '.values.conf.etcd.credentials.key' data: chart_name: calico release: calico @@ -484,7 +498,7 @@ data: K8S_API: "https://10.96.0.1:443" node: - CALICO_STARTUP_LOGLEVEL: INFO + CALICO_STARTUP_LOGLEVEL: DEBUG CLUSTER_TYPE: - k8s - bgp @@ -506,12 +520,13 @@ data: images: tags: - calico_node: quay.io/calico/node:v2.6.5 - calico_cni: quay.io/calico/cni:v1.11.2 - calico_ctl: quay.io/calico/ctl:v1.6.2 - calico_settings: quay.io/calico/ctl:v1.6.2 - calico_kube_policy_controller: quay.io/calico/kube-policy-controller:v0.7.0 - dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.2.1 + calico_etcd: quay.io/coreos/etcd:v3.4.2 + calico_node: quay.io/calico/node:v3.4.0 + calico_cni: quay.io/calico/cni:v3.4.0 + calico_ctl: quay.io/calico/ctl:v3.4.0 + calico_settings: quay.io/calico/ctl:v3.4.0 + calico_kube_controllers: quay.io/calico/kube-controllers:v3.4.0 + dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1 manifests: daemonset_calico_etcd: false @@ -520,7 +535,7 @@ data: source: type: git location: https://git.openstack.org/openstack/openstack-helm-infra - reference: 681dee71b7befd199509b17852b3385d359a15a5 + reference: b50fae62a4ad0992ce877cd632800e1eed5f71a9 subpath: calico dependencies: - infra-helm-toolkit @@ -1051,8 +1066,8 @@ data: host_etc_path: /etc/etcd/kubernetes images: tags: - etcd: quay.io/coreos/etcd:v3.3.12 - etcdctl: quay.io/coreos/etcd:v3.3.12 + etcd: quay.io/coreos/etcd:v3.4.2 + etcdctl: quay.io/coreos/etcd:v3.4.2 nodes: - name: n0 tls: diff --git a/examples/complete/Genesis.yaml b/examples/complete/Genesis.yaml index 25c37cf5..699e9f5b 100644 --- a/examples/complete/Genesis.yaml +++ b/examples/complete/Genesis.yaml @@ -41,7 +41,7 @@ data: kubernetes: apiserver: gcr.io/google_containers/hyperkube-amd64:v1.11.6 controller-manager: gcr.io/google_containers/hyperkube-amd64:v1.11.6 - etcd: quay.io/coreos/etcd:v3.3.12 + etcd: quay.io/coreos/etcd:v3.4.2 scheduler: gcr.io/google_containers/hyperkube-amd64:v1.11.6 files: - path: /var/lib/anchor/calico-etcd-bootstrap diff --git a/examples/complete/armada-resources.yaml b/examples/complete/armada-resources.yaml index 1d0caf8a..ed9d9170 100644 --- a/examples/complete/armada-resources.yaml +++ b/examples/complete/armada-resources.yaml @@ -153,7 +153,7 @@ data: type: git location: https://git.openstack.org/openstack/openstack-helm-infra subpath: helm-toolkit - reference: master + reference: b50fae62a4ad0992ce877cd632800e1eed5f71a9 dependencies: [] --- schema: armada/Chart/v1 @@ -178,7 +178,7 @@ data: type: git location: https://git.openstack.org/openstack/openstack-helm-infra subpath: helm-toolkit - reference: b7e2d6839ce600a7c1e2103f55d208ad3f5029ca + reference: b50fae62a4ad0992ce877cd632800e1eed5f71a9 dependencies: [] --- schema: armada/Chart/v1 @@ -401,8 +401,8 @@ data: filename: calico-etcd-bootstrap images: tags: - etcd: quay.io/coreos/etcd:v3.3.12 - etcdctl: quay.io/coreos/etcd:v3.3.12 + etcd: quay.io/coreos/etcd:v3.4.2 + etcdctl: quay.io/coreos/etcd:v3.4.2 nodes: - name: n0 tls: @@ -541,6 +541,7 @@ data: images: tags: + calico_etcd: quay.io/coreos/etcd:v3.4.2 calico_node: quay.io/calico/node:v2.6.5 calico_cni: quay.io/calico/cni:v1.11.2 calico_ctl: quay.io/calico/ctl:v1.6.2 @@ -1077,8 +1078,8 @@ data: host_etc_path: /etc/etcd/kubernetes images: tags: - etcd: quay.io/coreos/etcd:v3.3.12 - etcdctl: quay.io/coreos/etcd:v3.3.12 + etcd: quay.io/coreos/etcd:v3.4.2 + etcdctl: quay.io/coreos/etcd:v3.4.2 nodes: - name: n0 tls: diff --git a/examples/gate/Genesis.yaml b/examples/gate/Genesis.yaml index 5f433dfa..b2207ae3 100644 --- a/examples/gate/Genesis.yaml +++ b/examples/gate/Genesis.yaml @@ -55,7 +55,7 @@ data: kubernetes: apiserver: gcr.io/google_containers/hyperkube-amd64:v1.11.6 controller-manager: gcr.io/google_containers/hyperkube-amd64:v1.11.6 - etcd: quay.io/coreos/etcd:v3.3.12 + etcd: quay.io/coreos/etcd:v3.4.2 scheduler: gcr.io/google_containers/hyperkube-amd64:v1.11.6 files: - path: /var/lib/anchor/calico-etcd-bootstrap diff --git a/examples/gate/armada-resources.yaml b/examples/gate/armada-resources.yaml index b1363379..d3b2d16f 100644 --- a/examples/gate/armada-resources.yaml +++ b/examples/gate/armada-resources.yaml @@ -112,7 +112,7 @@ data: type: git location: https://opendev.org/openstack/openstack-helm-infra.git subpath: helm-toolkit - reference: b7e2d6839ce600a7c1e2103f55d208ad3f5029ca + reference: b50fae62a4ad0992ce877cd632800e1eed5f71a9 dependencies: [] --- schema: armada/Chart/v1 @@ -136,7 +136,7 @@ data: type: git location: https://opendev.org/openstack/openstack-helm-infra.git subpath: helm-toolkit - reference: 681dee71b7befd199509b17852b3385d359a15a5 + reference: b50fae62a4ad0992ce877cd632800e1eed5f71a9 dependencies: [] --- schema: armada/Chart/v1 @@ -277,8 +277,8 @@ data: filename: calico-etcd-bootstrap images: tags: - etcd: quay.io/coreos/etcd:v3.3.12 - etcdctl: quay.io/coreos/etcd:v3.3.12 + etcd: quay.io/coreos/etcd:v3.4.2 + etcdctl: quay.io/coreos/etcd:v3.4.2 nodes: - name: n0 tls: @@ -317,28 +317,42 @@ metadata: layer: site storagePolicy: cleartext substitutions: - - - src: + - src: schema: deckhand/CertificateAuthority/v1 name: calico-etcd path: . dest: path: '.values.endpoints.etcd.auth.client.tls.ca' - - - src: + - src: schema: deckhand/Certificate/v1 name: calico-node path: . dest: path: '.values.endpoints.etcd.auth.client.tls.crt' - - - src: + - src: schema: deckhand/CertificateKey/v1 name: calico-node path: . dest: path: '.values.endpoints.etcd.auth.client.tls.key' - + - src: + schema: deckhand/CertificateAuthority/v1 + name: calico-etcd + path: . + dest: + path: '.values.conf.etcd.credentials.ca' + - src: + schema: deckhand/Certificate/v1 + name: calico-node + path: . + dest: + path: '.values.conf.etcd.credentials.certificate' + - src: + schema: deckhand/CertificateKey/v1 + name: calico-node + path: . + dest: + path: '.values.conf.etcd.credentials.key' data: chart_name: calico release: calico @@ -350,6 +364,12 @@ data: upgrade: no_hooks: true values: + pod: + # Disables AppArmor in the gate + mandatory_access_control: + type: apparmor + calico-node: + calico-node: null conf: cni_network_config: name: k8s-pod-network @@ -372,7 +392,7 @@ data: K8S_API: "https://10.96.0.1:443" node: - CALICO_STARTUP_LOGLEVEL: INFO + CALICO_STARTUP_LOGLEVEL: DEBUG CLUSTER_TYPE: - k8s - bgp @@ -394,12 +414,13 @@ data: images: tags: - calico_node: quay.io/calico/node:v2.6.5 - calico_cni: quay.io/calico/cni:v1.11.2 - calico_ctl: quay.io/calico/ctl:v1.6.2 - calico_settings: quay.io/calico/ctl:v1.6.2 - calico_kube_policy_controller: quay.io/calico/kube-policy-controller:v0.7.0 - dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.2.1 + calico_etcd: quay.io/coreos/etcd:v3.4.2 + calico_node: quay.io/calico/node:v3.4.0 + calico_cni: quay.io/calico/cni:v3.4.0 + calico_ctl: quay.io/calico/ctl:v3.4.0 + calico_settings: quay.io/calico/ctl:v3.4.0 + calico_kube_controllers: quay.io/calico/kube-controllers:v3.4.0 + dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1 manifests: daemonset_calico_etcd: false @@ -408,7 +429,7 @@ data: source: type: git location: https://opendev.org/openstack/openstack-helm-infra.git - reference: 681dee71b7befd199509b17852b3385d359a15a5 + reference: b50fae62a4ad0992ce877cd632800e1eed5f71a9 subpath: calico dependencies: - infra-helm-toolkit @@ -856,8 +877,8 @@ data: host_etc_path: /etc/etcd/kubernetes images: tags: - etcd: quay.io/coreos/etcd:v3.3.12 - etcdctl: quay.io/coreos/etcd:v3.3.12 + etcd: quay.io/coreos/etcd:v3.4.2 + etcdctl: quay.io/coreos/etcd:v3.4.2 nodes: - name: n0 tls: diff --git a/tests/unit/api/test_validatedesign.py b/tests/unit/api/test_validatedesign.py index d4a6ab0c..a5df75df 100644 --- a/tests/unit/api/test_validatedesign.py +++ b/tests/unit/api/test_validatedesign.py @@ -111,7 +111,7 @@ VALID_DOCS = [ 'controller-manager': 'gcr.io/google_containers/hyperkube-amd64:v1.11.6', 'etcd': - 'quay.io/coreos/etcd:v3.3.12', + 'quay.io/coreos/etcd:v3.4.2', 'scheduler': 'gcr.io/google_containers/hyperkube-amd64:v1.11.6' } diff --git a/tests/unit/builder_data/simple/Genesis.yaml b/tests/unit/builder_data/simple/Genesis.yaml index bfa98124..00f5e862 100644 --- a/tests/unit/builder_data/simple/Genesis.yaml +++ b/tests/unit/builder_data/simple/Genesis.yaml @@ -38,7 +38,7 @@ data: kubernetes: apiserver: gcr.io/google_containers/hyperkube-amd64:v1.11.6 controller-manager: gcr.io/google_containers/hyperkube-amd64:v1.11.6 - etcd: quay.io/coreos/etcd:v3.3.12 + etcd: quay.io/coreos/etcd:v3.4.2 scheduler: gcr.io/google_containers/hyperkube-amd64:v1.11.6 files: - path: /var/lib/anchor/calico-etcd-bootstrap diff --git a/tests/unit/builder_data/simple/armada-resources.yaml b/tests/unit/builder_data/simple/armada-resources.yaml index 0440930b..d60e860a 100644 --- a/tests/unit/builder_data/simple/armada-resources.yaml +++ b/tests/unit/builder_data/simple/armada-resources.yaml @@ -304,8 +304,8 @@ data: filename: calico-etcd-bootstrap images: tags: - etcd: quay.io/coreos/etcd:v3.3.12 - etcdctl: quay.io/coreos/etcd:v3.3.12 + etcd: quay.io/coreos/etcd:v3.4.2 + etcdctl: quay.io/coreos/etcd:v3.4.2 nodes: - name: n0 tls: @@ -918,8 +918,8 @@ data: host_etc_path: /etc/etcd/kubernetes images: tags: - etcd: quay.io/coreos/etcd:v3.3.12 - etcdctl: quay.io/coreos/etcd:v3.3.12 + etcd: quay.io/coreos/etcd:v3.4.2 + etcdctl: quay.io/coreos/etcd:v3.4.2 nodes: - name: n0 tls: diff --git a/tools/gate/default-config-env b/tools/gate/default-config-env index e3d116e2..8dca38bb 100644 --- a/tools/gate/default-config-env +++ b/tools/gate/default-config-env @@ -5,7 +5,7 @@ IMAGE_CALICO_KUBE_CONTROLLERS=quay.io/calico/kube-controllers:v1.0.2 IMAGE_CALICO_NODE=quay.io/calico/node:v2.6.5 IMAGE_COREDNS=coredns/coredns:1.6.4 IMAGE_DEP_CHECK=quay.io/stackanetes/kubernetes-entrypoint:v0.3.1 -IMAGE_ETCD=quay.io/coreos/etcd:v3.3.12 +IMAGE_ETCD=quay.io/coreos/etcd:v3.4.2 IMAGE_HAPROXY=haproxy:1.8.3 IMAGE_HELM=lachlanevenson/k8s-helm:v2.14.0 IMAGE_HYPERKUBE=gcr.io/google_containers/hyperkube-amd64:v1.11.6 diff --git a/tools/registry/IMAGES b/tools/registry/IMAGES index 40604930..675a774d 100644 --- a/tools/registry/IMAGES +++ b/tools/registry/IMAGES @@ -11,4 +11,4 @@ quay.io/calico/cni,v1.11.0,calico-cni quay.io/calico/ctl,v1.6.1,calico-ctl quay.io/calico/kube-controllers,v1.0.0,calico-kube-controllers quay.io/calico/node,v2.6.1,calico-node -quay.io/coreos/etcd,v3.0.17,etcd +quay.io/coreos/etcd,v3.4.2,etcd