From 01d4c1b751b62592af4ab7c4e5a100976fea09e2 Mon Sep 17 00:00:00 2001 From: Sergiy Markin Date: Fri, 23 Aug 2024 23:40:52 +0000 Subject: [PATCH] Ingres-nginx upgrade This PS bumps up ingress-nginx version to 1.11.2 due to critical CVE Also we bump up helm to 3.15.4 Change-Id: Id8e40bbbd10fb5aa525cc666f938f3803823ea48 --- .zuul.yaml | 10 +++++---- global/software/config/versions.yaml | 22 +++++++++---------- .../developer/000-clone-dependencies.sh | 8 +++---- .../airskiff/developer/000-sleep.sh | 7 ++++++ .../airskiff/developer/010-deploy-k8s.sh | 2 +- tools/gate/playbooks/prepare-hosts.yaml | 1 + .../airship-run-script-set/defaults/main.yaml | 2 +- .../airship-run-script-set/tasks/main.yaml | 2 +- .../airship-run-script/defaults/main.yaml | 2 +- .../roles/airship-run-script/tasks/main.yaml | 2 +- 10 files changed, 34 insertions(+), 24 deletions(-) create mode 100755 tools/deployment/airskiff/developer/000-sleep.sh diff --git a/.zuul.yaml b/.zuul.yaml index 9011c3dcb..49b22eaaa 100644 --- a/.zuul.yaml +++ b/.zuul.yaml @@ -175,7 +175,7 @@ voting: true vars: site: airskiff - HELM_ARTIFACT_URL: https://get.helm.sh/helm-v3.13.2-linux-amd64.tar.gz + HELM_ARTIFACT_URL: https://get.helm.sh/helm-v3.15.4-linux-amd64.tar.gz HTK_COMMIT: 05f2f45971abcf483189358d663e2b46c3fc2fe8 OSH_INFRA_COMMIT: 05f2f45971abcf483189358d663e2b46c3fc2fe8 OSH_COMMIT: 049e679939fbd3b0c659dd0977911b8dc3b5a015 @@ -192,6 +192,7 @@ - ./tools/deployment/airskiff/developer/100-deploy-osh.sh - ./tools/deployment/airskiff/common/os-env.sh - ./tools/gate/wait-for-shipyard.sh + # - ./tools/deployment/airskiff/common/sleep.sh - job: name: treasuremap-airskiff-1node-reduced-site @@ -203,7 +204,7 @@ voting: true vars: site: airskiff - HELM_ARTIFACT_URL: https://get.helm.sh/helm-v3.13.2-linux-amd64.tar.gz + HELM_ARTIFACT_URL: https://get.helm.sh/helm-v3.15.4-linux-amd64.tar.gz HTK_COMMIT: 05f2f45971abcf483189358d663e2b46c3fc2fe8 OSH_INFRA_COMMIT: 05f2f45971abcf483189358d663e2b46c3fc2fe8 OSH_COMMIT: 049e679939fbd3b0c659dd0977911b8dc3b5a015 @@ -218,6 +219,7 @@ - ./tools/deployment/airskiff/developer/017-make-all-images.sh - ./tools/deployment/airskiff/developer/025-start-artifactory.sh - ./tools/deployment/airskiff/developer/026-reduce-site.sh + - ./tools/deployment/airskiff/developer/020-setup-client.sh - ./tools/deployment/airskiff/developer/030-armada-bootstrap.sh - ./tools/deployment/airskiff/developer/100-deploy-osh.sh - ./tools/deployment/airskiff/common/os-env.sh @@ -234,7 +236,7 @@ voting: true vars: site: airskiff - HELM_ARTIFACT_URL: https://get.helm.sh/helm-v3.13.2-linux-amd64.tar.gz + HELM_ARTIFACT_URL: https://get.helm.sh/helm-v3.15.4-linux-amd64.tar.gz HTK_COMMIT: 05f2f45971abcf483189358d663e2b46c3fc2fe8 OSH_INFRA_COMMIT: 05f2f45971abcf483189358d663e2b46c3fc2fe8 OSH_COMMIT: 049e679939fbd3b0c659dd0977911b8dc3b5a015 @@ -382,7 +384,7 @@ post-run: tools/gate/playbooks/debug-report.yaml vars: site: airskiff - HELM_ARTIFACT_URL: https://get.helm.sh/helm-v3.13.2-linux-amd64.tar.gz + HELM_ARTIFACT_URL: https://get.helm.sh/helm-v3.15.4-linux-amd64.tar.gz HTK_COMMIT: 05f2f45971abcf483189358d663e2b46c3fc2fe8 OSH_INFRA_COMMIT: 05f2f45971abcf483189358d663e2b46c3fc2fe8 OSH_COMMIT: 049e679939fbd3b0c659dd0977911b8dc3b5a015 diff --git a/global/software/config/versions.yaml b/global/software/config/versions.yaml index 243ca6fca..8479c3043 100644 --- a/global/software/config/versions.yaml +++ b/global/software/config/versions.yaml @@ -32,7 +32,7 @@ data: subpath: haproxy type: tar ingress: - location: https://github.com/kubernetes/ingress-nginx/releases/download/helm-chart-4.8.3/ingress-nginx-4.8.3.tgz + location: https://github.com/kubernetes/ingress-nginx/releases/download/helm-chart-4.11.2/ingress-nginx-4.11.2.tgz subpath: ingress-nginx type: tar proxy: @@ -75,7 +75,7 @@ data: subpath: helm-toolkit type: git ingress: - location: https://github.com/kubernetes/ingress-nginx/releases/download/helm-chart-4.8.3/ingress-nginx-4.8.3.tgz + location: https://github.com/kubernetes/ingress-nginx/releases/download/helm-chart-4.11.2/ingress-nginx-4.11.2.tgz subpath: ingress-nginx type: tar keystone: @@ -267,7 +267,7 @@ data: subpath: drydock type: tar ingress: - location: https://github.com/kubernetes/ingress-nginx/releases/download/helm-chart-4.8.3/ingress-nginx-4.8.3.tgz + location: https://github.com/kubernetes/ingress-nginx/releases/download/helm-chart-4.11.2/ingress-nginx-4.11.2.tgz subpath: ingress-nginx type: tar keystone: @@ -488,7 +488,7 @@ data: anchor: gcr.io/google-containers/hyperkube-amd64:v1.17.3 controller_manager: gcr.io/google-containers/hyperkube-amd64:v1.17.3 coredns: - coredns: coredns/coredns:1.9.4 + coredns: coredns/coredns:1.11.1 test: quay.io/airshipit/promenade:latest etcd: etcd: quay.io/coreos/etcd:v3.5.11 @@ -499,9 +499,9 @@ data: test: docker.io/library/python:3.6 hyperkube: gcr.io/google-containers/hyperkube-amd64:v1.17.3 ingress: - controller: registry.k8s.io/ingress-nginx/controller:v1.9.4 + controller: registry.k8s.io/ingress-nginx/controller:v1.11.2 defaultBackend: k8s.gcr.io/defaultbackend-amd64:1.5 - patch: k8s.gcr.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343 + patch: k8s.gcr.io/ingress-nginx/kube-webhook-certgen:v1.4.3 pause: gcr.io/google-containers/pause-amd64:3.1 proxy: proxy: gcr.io/google-containers/hyperkube-amd64:v1.17.3 @@ -584,9 +584,9 @@ data: horizon_db_sync: docker.io/openstackhelm/horizon:ocata-ubuntu_xenial-20200513 test: docker.io/openstackhelm/osh-selenium:latest-ubuntu_bionic ingress: - controller: registry.k8s.io/ingress-nginx/controller:v1.9.4 + controller: registry.k8s.io/ingress-nginx/controller:v1.11.2 defaultBackend: k8s.gcr.io/defaultbackend-amd64:1.5 - patch: k8s.gcr.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343 + patch: k8s.gcr.io/ingress-nginx/kube-webhook-certgen:v1.4.3 keystone: bootstrap: docker.io/openstackhelm/heat:wallaby-ubuntu_focal test: docker.io/xrally/xrally-openstack:2.0.0 @@ -822,7 +822,7 @@ data: drydock_db_cleanup: quay.io/airshipit/drydock:master drydock_db_sync: quay.io/airshipit/drydock:master ingress: - controller: registry.k8s.io/ingress-nginx/controller:v1.9.4 + controller: registry.k8s.io/ingress-nginx/controller:v1.11.2 defaultBackend: k8s.gcr.io/defaultbackend-amd64:1.5 patch: k8s.gcr.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343 keystone: @@ -857,8 +857,8 @@ data: maas_syslog: quay.io/airshipit/maas-region-controller:latest mariadb: mariadb: docker.io/openstackhelm/mariadb:latest-ubuntu_focal - ingress: registry.k8s.io/ingress-nginx/controller:v1.5.1 - error_pages: registry.k8s.io/defaultbackend:1.4 + ingress: registry.k8s.io/ingress-nginx/controller:v1.11.2 + error_pages: k8s.gcr.io/defaultbackend-amd64:1.5 prometheus_create_mysql_user: docker.io/library/mariadb:10.6.14-focal prometheus_mysql_exporter: docker.io/prom/mysqld-exporter:v0.12.1 prometheus_mysql_exporter_helm_tests: docker.io/openstackhelm/heat:wallaby-ubuntu_focal diff --git a/tools/deployment/airskiff/developer/000-clone-dependencies.sh b/tools/deployment/airskiff/developer/000-clone-dependencies.sh index 31e2f0df3..9107a7136 100755 --- a/tools/deployment/airskiff/developer/000-clone-dependencies.sh +++ b/tools/deployment/airskiff/developer/000-clone-dependencies.sh @@ -18,8 +18,8 @@ set -xe : "${INSTALL_PATH:="../"}" -: "${OSH_COMMIT:="176b412072969f982386db9560b6f50fcb7e0148"}" -: "${OSH_INFRA_COMMIT:="6ca83be78013446540b68fd28d0a75d5b2329f40"}" +: "${OSH_COMMIT:="049e679939fbd3b0c659dd0977911b8dc3b5a015"}" +: "${OSH_INFRA_COMMIT:="05f2f45971abcf483189358d663e2b46c3fc2fe8"}" : "${CLONE_ARMADA:=true}" : "${CLONE_ARMADA_GO:=true}" : "${CLONE_ARMADA_OPERATOR:=true}" @@ -87,14 +87,14 @@ if [[ ${CLONE_PORTHOLE} = true ]] ; then git clone "https://review.opendev.org/airship/porthole.git" fi if [[ ${CLONE_OSH} = true ]] ; then - git clone https://opendev.org/openstack/openstack-helm.git + git clone "https://opendev.org/openstack/openstack-helm.git" pushd openstack-helm git checkout "${OSH_COMMIT}" popd fi -git clone https://opendev.org/openstack/openstack-helm-infra.git +git clone "https://opendev.org/openstack/openstack-helm-infra.git" pushd openstack-helm-infra git checkout "${OSH_INFRA_COMMIT}" popd diff --git a/tools/deployment/airskiff/developer/000-sleep.sh b/tools/deployment/airskiff/developer/000-sleep.sh new file mode 100755 index 000000000..0e02e552e --- /dev/null +++ b/tools/deployment/airskiff/developer/000-sleep.sh @@ -0,0 +1,7 @@ +#!/bin/bash + +set -ex + +while true; do + echo "Sleeping for 100 seconds..." +done \ No newline at end of file diff --git a/tools/deployment/airskiff/developer/010-deploy-k8s.sh b/tools/deployment/airskiff/developer/010-deploy-k8s.sh index 623b6db6c..15d7772c9 100755 --- a/tools/deployment/airskiff/developer/010-deploy-k8s.sh +++ b/tools/deployment/airskiff/developer/010-deploy-k8s.sh @@ -25,7 +25,7 @@ if [ -n "${PROXY}" ]; then fi # Deploy K8s with Minikube -: "${HELM_VERSION:="v3.13.2"}" +: "${HELM_VERSION:="v3.15.4"}" : "${KUBE_VERSION:="v1.29.2"}" : "${MINIKUBE_VERSION:="v1.30.1"}" : "${CRICTL_VERSION:="v1.29.0"}" diff --git a/tools/gate/playbooks/prepare-hosts.yaml b/tools/gate/playbooks/prepare-hosts.yaml index c64aa0d65..8bc1892aa 100644 --- a/tools/gate/playbooks/prepare-hosts.yaml +++ b/tools/gate/playbooks/prepare-hosts.yaml @@ -14,4 +14,5 @@ - hosts: all roles: - start-zuul-console + ... diff --git a/tools/gate/playbooks/roles/airship-run-script-set/defaults/main.yaml b/tools/gate/playbooks/roles/airship-run-script-set/defaults/main.yaml index afaeb6f42..4fe6a579e 100644 --- a/tools/gate/playbooks/roles/airship-run-script-set/defaults/main.yaml +++ b/tools/gate/playbooks/roles/airship-run-script-set/defaults/main.yaml @@ -19,7 +19,7 @@ osh_params: container_distro_version: focal # feature_gates: site: airskiff -HELM_ARTIFACT_URL: https://get.helm.sh/helm-v3.13.2-linux-amd64.tar.gz +HELM_ARTIFACT_URL: https://get.helm.sh/helm-v3.15.4-linux-amd64.tar.gz HTK_COMMIT: 6ca83be78013446540b68fd28d0a75d5b2329f40 OSH_INFRA_COMMIT: 6ca83be78013446540b68fd28d0a75d5b2329f40 OSH_COMMIT: 176b412072969f982386db9560b6f50fcb7e0148 diff --git a/tools/gate/playbooks/roles/airship-run-script-set/tasks/main.yaml b/tools/gate/playbooks/roles/airship-run-script-set/tasks/main.yaml index ea8a62d1c..91f0b0567 100644 --- a/tools/gate/playbooks/roles/airship-run-script-set/tasks/main.yaml +++ b/tools/gate/playbooks/roles/airship-run-script-set/tasks/main.yaml @@ -35,7 +35,7 @@ FEATURE_GATES: "{{ osh_params.feature_gates | default('') }}" RUN_HELM_TESTS: "{{ run_helm_tests | default('yes') }}" PL_SITE: "{{ site | default('airskiff') }}" - HELM_ARTIFACT_URL: "{{ HELM_ARTIFACT_URL | default('https://get.helm.sh/helm-v3.13.2-linux-amd64.tar.gz') }}" + HELM_ARTIFACT_URL: "{{ HELM_ARTIFACT_URL | default('https://get.helm.sh/helm-v3.15.4-linux-amd64.tar.gz') }}" HTK_COMMIT: "{{ HTK_COMMIT | default('6ca83be78013446540b68fd28d0a75d5b2329f40') }}" OSH_INFRA_COMMIT: "{{ OSH_INFRA_COMMIT | default('6ca83be78013446540b68fd28d0a75d5b2329f40') }}" OSH_COMMIT: "{{ OSH_COMMIT | default('176b412072969f982386db9560b6f50fcb7e0148') }}" diff --git a/tools/gate/playbooks/roles/airship-run-script/defaults/main.yaml b/tools/gate/playbooks/roles/airship-run-script/defaults/main.yaml index 8b9a184d2..6d9f293cd 100644 --- a/tools/gate/playbooks/roles/airship-run-script/defaults/main.yaml +++ b/tools/gate/playbooks/roles/airship-run-script/defaults/main.yaml @@ -19,7 +19,7 @@ osh_params: container_distro_version: focal # feature_gates: site: airskiff -HELM_ARTIFACT_URL: https://get.helm.sh/helm-v3.13.2-linux-amd64.tar.gz +HELM_ARTIFACT_URL: https://get.helm.sh/helm-v3.15.4-linux-amd64.tar.gz HTK_COMMIT: 6ca83be78013446540b68fd28d0a75d5b2329f40 OSH_INFRA_COMMIT: 6ca83be78013446540b68fd28d0a75d5b2329f40 OSH_COMMIT: 176b412072969f982386db9560b6f50fcb7e0148 diff --git a/tools/gate/playbooks/roles/airship-run-script/tasks/main.yaml b/tools/gate/playbooks/roles/airship-run-script/tasks/main.yaml index b48f81520..340d8959a 100644 --- a/tools/gate/playbooks/roles/airship-run-script/tasks/main.yaml +++ b/tools/gate/playbooks/roles/airship-run-script/tasks/main.yaml @@ -32,7 +32,7 @@ FEATURE_GATES: "{{ osh_params.feature_gates | default('') }}" RUN_HELM_TESTS: "{{ run_helm_tests | default('yes') }}" PL_SITE: "{{ site | default('airskiff') }}" - HELM_ARTIFACT_URL: "{{ HELM_ARTIFACT_URL | default('https://get.helm.sh/helm-v3.13.2-linux-amd64.tar.gz') }}" + HELM_ARTIFACT_URL: "{{ HELM_ARTIFACT_URL | default('https://get.helm.sh/helm-v3.15.4-linux-amd64.tar.gz') }}" HTK_COMMIT: "{{ HTK_COMMIT | default('6ca83be78013446540b68fd28d0a75d5b2329f40') }}" OSH_INFRA_COMMIT: "{{ OSH_INFRA_COMMIT | default('6ca83be78013446540b68fd28d0a75d5b2329f40') }}" OSH_COMMIT: "{{ OSH_COMMIT | default('176b412072969f982386db9560b6f50fcb7e0148') }}"