Bump Kubernetes version from 1.8.6 to 1.10.2

* Updates version references
* Increase memory of test VMs due to higher usage with bump
* Move etcd chart scripts from /tmp to /tmp/bin
* Remove certificate signing options for controller manager
* Remove -a from `kubectl get pods`, since that is deprecated in 1.10
* Shorten liveness/readiness probe times for CoreDNS

Change-Id: I16db0370f1c619e16002dd58e29025eb1538691f

charts/apiserver/values.yaml

@@ -16,8 +16,8 @@ release_group: null
 
 images:
   tags:
-    anchor: gcr.io/google_containers/hyperkube-amd64:v1.8.6
+    anchor: gcr.io/google_containers/hyperkube-amd64:v1.10.2
-    apiserver: gcr.io/google_containers/hyperkube-amd64:v1.8.6
+    apiserver: gcr.io/google_containers/hyperkube-amd64:v1.10.2
     dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.2.1
   pull_policy: "IfNotPresent"
 

charts/controller_manager/values.yaml

@@ -16,8 +16,8 @@ release_group: null
 
 images:
   tags:
-    anchor: gcr.io/google_containers/hyperkube-amd64:v1.8.6
+    anchor: gcr.io/google_containers/hyperkube-amd64:v1.10.2
-    controller_manager: gcr.io/google_containers/hyperkube-amd64:v1.8.6
+    controller_manager: gcr.io/google_containers/hyperkube-amd64:v1.10.2
     dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.2.1
   pull_policy: "IfNotPresent"
 

charts/coredns/templates/deployment.yaml

@@ -76,7 +76,7 @@ spec:
             path: /health
             port: 8080
             scheme: HTTP
-          initialDelaySeconds: 5
+          initialDelaySeconds: 2
           timeoutSeconds: 5
           successThreshold: 1
         livenessProbe:
@@ -84,10 +84,10 @@ spec:
             path: /health
             port: 8080
             scheme: HTTP
-          initialDelaySeconds: 60
+          initialDelaySeconds: 10
           timeoutSeconds: 5
           successThreshold: 1
-          failureThreshold: 5
+          failureThreshold: 3
       dnsPolicy: Default
       volumes:
         - name: config-volume

charts/etcd/templates/daemonset-anchor.yaml

@@ -49,7 +49,7 @@ spec:
           imagePullPolicy: {{ .Values.images.pull_policy }}
 {{ tuple $envAll $envAll.Values.pod.resources.daemonset_anchor | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
           command:
-            - /tmp/etcdctl_anchor
+            - /tmp/bin/etcdctl_anchor
           env:
             - name: ETCD_NAME
               valueFrom:
@@ -80,17 +80,17 @@ spec:
           readinessProbe:
             exec:
               command:
-                - /tmp/readiness
+                - /tmp/bin/readiness
             initialDelaySeconds: 15
             periodSeconds: 30
           lifecycle:
             preStop:
               exec:
                 command:
-                  - /tmp/pre_stop
+                  - /tmp/bin/pre_stop
           volumeMounts:
             - name: {{ .Values.service.name }}-bin
-              mountPath: /tmp
+              mountPath: /tmp/bin
             {{- if .Values.bootstrapping.enabled }}
             - name: bootstrapping
               mountPath: /bootstrapping

charts/haproxy/values.yaml

@@ -59,7 +59,7 @@ conf:
 
 images:
   tags:
-    anchor: gcr.io/google_containers/hyperkube-amd64:v1.8.6
+    anchor: gcr.io/google_containers/hyperkube-amd64:v1.10.2
     haproxy: haproxy:1.8.3
     test: busybox:1.28.3
   pull_policy: "IfNotPresent"

charts/promenade/templates/tests/test-promenade-api.yaml

@@ -16,6 +16,8 @@
 {{/*
 Test that the API is up and the health endpoint returns a 2XX code */}}
 {{- if .Values.manifests.test_promenade_api }}
+{{- $envAll := . }}
+{{- $dependencies := .Values.dependencies.test }}
 ---
 apiVersion: v1
 kind: Pod
@@ -25,6 +27,8 @@ metadata:
     "helm.sh/hook": "test-success"
 spec:
   restartPolicy: Never
+  initContainers:
+{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 4 }}
   containers:
     - name: "{{ .Release.Name }}-api-test"
       env:

charts/promenade/values.yaml

@@ -40,6 +40,11 @@ images:
     ks_endpoints: docker.io/openstackhelm/heat:newton
   pull_policy: IfNotPresent
 
+dependencies:
+  test:
+    services:
+      - service: promenade-api
+
 labels:
   node_selector_key: ucp-control-plane
   node_selector_value: enabled

charts/proxy/values.yaml

@@ -41,7 +41,7 @@ pod:
 
 images:
   tags:
-    proxy: gcr.io/google_containers/hyperkube-amd64:v1.8.6
+    proxy: gcr.io/google_containers/hyperkube-amd64:v1.10.2
   pull_policy: "IfNotPresent"
 
 command_prefix:

charts/scheduler/values.yaml

@@ -63,8 +63,8 @@ secrets:
 
 images:
   tags:
-    anchor: gcr.io/google_containers/hyperkube-amd64:v1.8.6
+    anchor: gcr.io/google_containers/hyperkube-amd64:v1.10.2
-    scheduler: gcr.io/google_containers/hyperkube-amd64:v1.8.6
+    scheduler: gcr.io/google_containers/hyperkube-amd64:v1.10.2
   pull_policy: "IfNotPresent"
 
 network:

docs/source/configuration/genesis.rst

@@ -41,10 +41,10 @@ Here is a complete sample document:
         helm:
           tiller: gcr.io/kubernetes-helm/tiller:v2.7.2
         kubernetes:
-          apiserver: gcr.io/google_containers/hyperkube-amd64:v1.8.6
+          apiserver: gcr.io/google_containers/hyperkube-amd64:v1.10.2
-          controller-manager: gcr.io/google_containers/hyperkube-amd64:v1.8.6
+          controller-manager: gcr.io/google_containers/hyperkube-amd64:v1.10.2
           etcd: quay.io/coreos/etcd:v3.0.17
-          scheduler: gcr.io/google_containers/hyperkube-amd64:v1.8.6
+          scheduler: gcr.io/google_containers/hyperkube-amd64:v1.10.2
       files:
         - path: /var/lib/anchor/calico-etcd-bootstrap
           content: ""

docs/source/configuration/host-system.rst

@@ -16,7 +16,7 @@ Sample Document
     data:
       files:
         - path: /opt/kubernetes/bin/kubelet
-          tar_url: https://dl.k8s.io/v1.8.6/kubernetes-node-linux-amd64.tar.gz
+          tar_url: https://dl.k8s.io/v1.10.2/kubernetes-node-linux-amd64.tar.gz
           tar_path: kubernetes/node/bin/kubelet
           mode: 0555
       images:
@@ -24,7 +24,7 @@ Sample Document
         helm:
           helm: lachlanevenson/k8s-helm:v2.7.2
         kubernetes:
-          kubectl: gcr.io/google_containers/hyperkube-amd64:v1.8.6
+          kubectl: gcr.io/google_containers/hyperkube-amd64:v1.10.2
       packages:
         repositories:
           - deb http://apt.dockerproject.org/repo ubuntu-xenial main

examples/basic/Genesis.yaml

@@ -26,10 +26,10 @@ data:
     helm:
       tiller: gcr.io/kubernetes-helm/tiller:v2.7.2
     kubernetes:
-      apiserver: gcr.io/google_containers/hyperkube-amd64:v1.8.6
+      apiserver: gcr.io/google_containers/hyperkube-amd64:v1.10.2
-      controller-manager: gcr.io/google_containers/hyperkube-amd64:v1.8.6
+      controller-manager: gcr.io/google_containers/hyperkube-amd64:v1.10.2
       etcd: quay.io/coreos/etcd:v3.2.14
-      scheduler: gcr.io/google_containers/hyperkube-amd64:v1.8.6
+      scheduler: gcr.io/google_containers/hyperkube-amd64:v1.10.2
   files:
     - path: /var/lib/anchor/calico-etcd-bootstrap
       content: "# placeholder for triggering calico etcd bootstrapping"

examples/basic/HostSystem.yaml

@@ -9,7 +9,7 @@ metadata:
 data:
   files:
     - path: /opt/kubernetes/bin/kubelet
-      tar_url: https://dl.k8s.io/v1.8.6/kubernetes-node-linux-amd64.tar.gz
+      tar_url: https://dl.k8s.io/v1.10.2/kubernetes-node-linux-amd64.tar.gz
       tar_path: kubernetes/node/bin/kubelet
       mode: 0555
     - path: /etc/logrotate.d/json-logrotate
@@ -34,7 +34,7 @@ data:
     helm:
       helm: lachlanevenson/k8s-helm:v2.7.2
     kubernetes:
-      kubectl: gcr.io/google_containers/hyperkube-amd64:v1.8.6
+      kubectl: gcr.io/google_containers/hyperkube-amd64:v1.10.2
   packages:
     repositories:
       - deb http://apt.dockerproject.org/repo ubuntu-xenial main

examples/basic/armada-resources.yaml

@@ -161,7 +161,7 @@ data:
   values:
     images:
       tags:
-        proxy: gcr.io/google_containers/hyperkube-amd64:v1.8.6
+        proxy: gcr.io/google_containers/hyperkube-amd64:v1.10.2
     network:
       kubernetes_netloc: 127.0.0.1:6553
   source:
@@ -611,7 +611,7 @@ data:
 
     images:
       tags:
-        anchor: gcr.io/google_containers/hyperkube-amd64:v1.8.6
+        anchor: gcr.io/google_containers/hyperkube-amd64:v1.10.2
         haproxy: haproxy:1.8.3
         test: busybox:1.28.3
 
@@ -697,8 +697,8 @@ data:
         endpoints: https://127.0.0.1:2378
     images:
       tags:
-        anchor: gcr.io/google_containers/hyperkube-amd64:v1.8.6
+        anchor: gcr.io/google_containers/hyperkube-amd64:v1.10.2
-        apiserver: gcr.io/google_containers/hyperkube-amd64:v1.8.6
+        apiserver: gcr.io/google_containers/hyperkube-amd64:v1.10.2
     secrets:
       service_account:
         public_key: placeholder
@@ -774,8 +774,8 @@ data:
   values:
     images:
       tags:
-        anchor: gcr.io/google_containers/hyperkube-amd64:v1.8.6
+        anchor: gcr.io/google_containers/hyperkube-amd64:v1.10.2
-        controller_manager: gcr.io/google_containers/hyperkube-amd64:v1.8.6
+        controller_manager: gcr.io/google_containers/hyperkube-amd64:v1.10.2
     secrets:
       service_account:
         private_key: placeholder
@@ -847,8 +847,8 @@ data:
 
     images:
       tags:
-        anchor: gcr.io/google_containers/hyperkube-amd64:v1.8.6
+        anchor: gcr.io/google_containers/hyperkube-amd64:v1.10.2
-        scheduler: gcr.io/google_containers/hyperkube-amd64:v1.8.6
+        scheduler: gcr.io/google_containers/hyperkube-amd64:v1.10.2
 
   source:
     type: local

examples/complete/Genesis.yaml

@@ -32,10 +32,10 @@ data:
     helm:
       tiller: gcr.io/kubernetes-helm/tiller:v2.7.2
     kubernetes:
-      apiserver: gcr.io/google_containers/hyperkube-amd64:v1.8.6
+      apiserver: gcr.io/google_containers/hyperkube-amd64:v1.10.2
-      controller-manager: gcr.io/google_containers/hyperkube-amd64:v1.8.6
+      controller-manager: gcr.io/google_containers/hyperkube-amd64:v1.10.2
       etcd: quay.io/coreos/etcd:v3.2.14
-      scheduler: gcr.io/google_containers/hyperkube-amd64:v1.8.6
+      scheduler: gcr.io/google_containers/hyperkube-amd64:v1.10.2
   files:
     - path: /var/lib/anchor/calico-etcd-bootstrap
       content: "# placeholder for triggering calico etcd bootstrapping"

examples/complete/HostSystem.yaml

@@ -10,7 +10,7 @@ metadata:
 data:
   files:
     - path: /opt/kubernetes/bin/kubelet
-      tar_url: https://dl.k8s.io/v1.8.6/kubernetes-node-linux-amd64.tar.gz
+      tar_url: https://dl.k8s.io/v1.10.2/kubernetes-node-linux-amd64.tar.gz
       tar_path: kubernetes/node/bin/kubelet
       mode: 0555
     - path: /etc/logrotate.d/json-logrotate
@@ -35,7 +35,7 @@ data:
     helm:
       helm: lachlanevenson/k8s-helm:v2.7.2
     kubernetes:
-      kubectl: gcr.io/google_containers/hyperkube-amd64:v1.8.6
+      kubectl: gcr.io/google_containers/hyperkube-amd64:v1.10.2
   packages:
     repositories:
       - deb http://apt.dockerproject.org/repo ubuntu-xenial main

examples/complete/armada-resources.yaml

@@ -201,7 +201,7 @@ data:
   values:
     images:
       tags:
-        proxy: gcr.io/google_containers/hyperkube-amd64:v1.8.6
+        proxy: gcr.io/google_containers/hyperkube-amd64:v1.10.2
     network:
       kubernetes_netloc: 127.0.0.1:6553
   source:
@@ -645,7 +645,7 @@ data:
 
     images:
       tags:
-        anchor: gcr.io/google_containers/hyperkube-amd64:v1.8.6
+        anchor: gcr.io/google_containers/hyperkube-amd64:v1.10.2
         haproxy: haproxy:1.8.3
         test: busybox:1.28.3
 
@@ -731,8 +731,8 @@ data:
         endpoints: https://127.0.0.1:2378
     images:
       tags:
-        anchor: gcr.io/google_containers/hyperkube-amd64:v1.8.6
+        anchor: gcr.io/google_containers/hyperkube-amd64:v1.10.2
-        apiserver: gcr.io/google_containers/hyperkube-amd64:v1.8.6
+        apiserver: gcr.io/google_containers/hyperkube-amd64:v1.10.2
     secrets:
       service_account:
         public_key: placeholder
@@ -808,8 +808,8 @@ data:
   values:
     images:
       tags:
-        anchor: gcr.io/google_containers/hyperkube-amd64:v1.8.6
+        anchor: gcr.io/google_containers/hyperkube-amd64:v1.10.2
-        controller_manager: gcr.io/google_containers/hyperkube-amd64:v1.8.6
+        controller_manager: gcr.io/google_containers/hyperkube-amd64:v1.10.2
     secrets:
       service_account:
         private_key: placeholder
@@ -881,8 +881,8 @@ data:
 
     images:
       tags:
-        anchor: gcr.io/google_containers/hyperkube-amd64:v1.8.6
+        anchor: gcr.io/google_containers/hyperkube-amd64:v1.10.2
-        scheduler: gcr.io/google_containers/hyperkube-amd64:v1.8.6
+        scheduler: gcr.io/google_containers/hyperkube-amd64:v1.10.2
 
   source:
     type: local

promenade/templates/include/utils.sh

@@ -195,19 +195,19 @@ function wait_for_pod_termination {
 
     end=$(($(date +%s) + $SEC))
     while true; do
-        POD_PHASE=$(kubectl --request-timeout 10s --namespace $NAMESPACE get -a -o jsonpath="${POD_PHASE_JSONPATH}" pod $POD_NAME)
+        POD_PHASE=$(kubectl --request-timeout 10s --namespace $NAMESPACE get -o jsonpath="${POD_PHASE_JSONPATH}" pod $POD_NAME)
         if [ "x$POD_PHASE" = "xSucceeded" ]; then
             log Pod $POD_NAME succeeded.
             break
         elif [ "x$POD_PHASE" = "xFailed" ]; then
             log Pod $POD_NAME failed.
-            kubectl --request-timeout 10s --namespace $NAMESPACE get -a -o yaml pod $POD_NAME 1>&2
+            kubectl --request-timeout 10s --namespace $NAMESPACE get -o yaml pod $POD_NAME 1>&2
             fail
         else
             now=$(date +%s)
             if [ $now -gt $end ]; then
                 log Pod did not terminate before timeout.
-                kubectl --request-timeout 10s --namespace $NAMESPACE get -a -o yaml pod $POD_NAME 1>&2
+                kubectl --request-timeout 10s --namespace $NAMESPACE get -o yaml pod $POD_NAME 1>&2
                 fail
             fi
             sleep 1

promenade/templates/roles/genesis/etc/kubernetes/manifests/kubernetes-controller-manager.yaml

@@ -18,8 +18,6 @@ spec:
       - kube-controller-manager
       - --allocate-node-cidrs=true
       - --cluster-cidr={{ config['KubernetesNetwork:kubernetes.pod_cidr'] }}
-      - --cluster-signing-cert-file=/etc/kubernetes/controller-manager/pki/cluster-ca.pem
-      - --cluster-signing-key-file=/etc/kubernetes/controller-manager/pki/cluster-ca-key.pem
       - --configure-cloud-routes=false
       - --leader-elect=true
       - --kubeconfig=/etc/kubernetes/controller-manager/kubeconfig.yaml

tools/g2/manifests/resiliency.json

@@ -117,7 +117,7 @@
     }
   ],
   "vm": {
-    "memory": 2048,
+    "memory": 3072,
     "names": [
       "n0",
       "n1",

tools/gate/default-config-env

@@ -8,6 +8,6 @@ IMAGE_DEP_CHECK=quay.io/stackanetes/kubernetes-entrypoint:v0.2.1
 IMAGE_ETCD=quay.io/coreos/etcd:v3.2.14
 IMAGE_HAPROXY=haproxy:1.8.3
 IMAGE_HELM=lachlanevenson/k8s-helm:v2.7.2
-IMAGE_HYPERKUBE=gcr.io/google_containers/hyperkube-amd64:v1.8.6
+IMAGE_HYPERKUBE=gcr.io/google_containers/hyperkube-amd64:v1.10.2
 IMAGE_TILLER=gcr.io/kubernetes-helm/tiller:v2.7.2
-KUBELET_URL=https://dl.k8s.io/v1.8.6/kubernetes-node-linux-amd64.tar.gz
+KUBELET_URL=https://dl.k8s.io/v1.10.2/kubernetes-node-linux-amd64.tar.gz

tools/registry/IMAGES

@@ -1,6 +1,6 @@
 # source_name, tag, cache_name
 coredns/coredns,0.9.9,coredns
-gcr.io/google_containers/hyperkube-amd64,v1.8.6,hyperkube
+gcr.io/google_containers/hyperkube-amd64,v1.10.2,hyperkube
 gcr.io/google_containers/k8s-dns-dnsmasq-nanny-amd64,1.14.4,k8s-dns-dnsmasq-nanny-amd64
 gcr.io/google_containers/k8s-dns-kube-dns-amd64,1.14.4,k8s-dns-kube-dns-amd64
 gcr.io/google_containers/k8s-dns-sidecar-amd64,1.14.4,k8s-dns-sidecar-amd64