Browse Source

Add nginx_ingress_controller_chart_tag

Additioanlly, bumping up the Chart version to 1.24.7 without which the
ingress controller fails to deploy on 1.16.x.

Additionally, bump up nginx_ingress_controller_tag version to 0.26.1.
This is to ensure that we are running an up to date nginx ingress
controller with fixes for known CVEs.

Story: 2006853
Task: 37444

Change-Id: Ibf045a06d19b02095e19d9a21d14a91a39a3751c
changes/86/694286/7
Bharat Kunwar 3 years ago
parent
commit
7d6e344f1a
  1. 1
      magnum/drivers/common/templates/kubernetes/fragments/write-heat-params-master.sh
  2. 3
      magnum/drivers/common/templates/kubernetes/helm/ingress-nginx.sh
  3. 1
      magnum/drivers/heat/k8s_fedora_template_def.py
  4. 8
      magnum/drivers/k8s_fedora_atomic_v1/templates/kubecluster.yaml
  5. 5
      magnum/drivers/k8s_fedora_atomic_v1/templates/kubemaster.yaml
  6. 8
      magnum/drivers/k8s_fedora_coreos_v1/templates/kubecluster.yaml
  7. 5
      magnum/drivers/k8s_fedora_coreos_v1/templates/kubemaster.yaml
  8. 8
      magnum/tests/unit/drivers/test_template_definition.py

1
magnum/drivers/common/templates/kubernetes/fragments/write-heat-params-master.sh

@ -97,6 +97,7 @@ HEAT_PARAMS=/etc/sysconfig/heat-params
TILLER_NAMESPACE="$TILLER_NAMESPACE"
NODE_PROBLEM_DETECTOR_TAG="$NODE_PROBLEM_DETECTOR_TAG"
NGINX_INGRESS_CONTROLLER_TAG="$NGINX_INGRESS_CONTROLLER_TAG"
NGINX_INGRESS_CONTROLLER_CHART_TAG="$NGINX_INGRESS_CONTROLLER_CHART_TAG"
AUTO_HEALING_ENABLED="$AUTO_HEALING_ENABLED"
AUTO_HEALING_CONTROLLER="$AUTO_HEALING_CONTROLLER"
AUTO_SCALING_ENABLED="$AUTO_SCALING_ENABLED"

3
magnum/drivers/common/templates/kubernetes/helm/ingress-nginx.sh

@ -10,7 +10,6 @@ printf "Starting to run ${step}\n"
### Configuration
###############################################################################
CHART_NAME="nginx-ingress"
CHART_VERSION="1.4.0"
if [ "$(echo ${INGRESS_CONTROLLER} | tr '[:upper:]' '[:lower:]')" = "nginx" ]; then
@ -46,7 +45,7 @@ data:
echo "${CHART_NAME} already installed on server. Continue..."
exit 0
else
helm install stable/${CHART_NAME} --namespace kube-system --name ${CHART_NAME} --version v${CHART_VERSION} --values /opt/magnum/install-${CHART_NAME}-values.yaml
helm install stable/${CHART_NAME} --namespace kube-system --name ${CHART_NAME} --version ${NGINX_INGRESS_CONTROLLER_CHART_TAG} --values /opt/magnum/install-${CHART_NAME}-values.yaml
fi
install-${CHART_NAME}-values.yaml: |

1
magnum/drivers/heat/k8s_fedora_template_def.py

@ -93,6 +93,7 @@ class K8sFedoraTemplateDefinition(k8s_template_def.K8sTemplateDefinition):
'traefik_ingress_controller_tag',
'node_problem_detector_tag',
'nginx_ingress_controller_tag',
'nginx_ingress_controller_chart_tag',
'auto_healing_enabled', 'auto_scaling_enabled',
'auto_healing_controller', 'magnum_auto_healer_tag',
'draino_tag', 'autoscaler_tag',

8
magnum/drivers/k8s_fedora_atomic_v1/templates/kubecluster.yaml

@ -719,7 +719,12 @@ parameters:
nginx_ingress_controller_tag:
type: string
description: nginx ingress controller docker image tag
default: 0.23.0
default: 0.26.1
nginx_ingress_controller_chart_tag:
type: string
description: nginx ingress controller helm chart tag
default: v1.24.7
draino_tag:
type: string
@ -1077,6 +1082,7 @@ resources:
tiller_namespace: {get_param: tiller_namespace}
node_problem_detector_tag: {get_param: node_problem_detector_tag}
nginx_ingress_controller_tag: {get_param: nginx_ingress_controller_tag}
nginx_ingress_controller_chart_tag: {get_param: nginx_ingress_controller_chart_tag}
auto_healing_enabled: {get_param: auto_healing_enabled}
auto_healing_controller: {get_param: auto_healing_controller}
magnum_auto_healer_tag: {get_param: magnum_auto_healer_tag}

5
magnum/drivers/k8s_fedora_atomic_v1/templates/kubemaster.yaml

@ -505,6 +505,10 @@ parameters:
type: string
description: nginx ingress controller docker image tag
nginx_ingress_controller_chart_tag:
type: string
description: nginx ingress controller helm chart tag
draino_tag:
type: string
description: tag of the draino container
@ -694,6 +698,7 @@ resources:
"$TILLER_NAMESPACE": {get_param: tiller_namespace}
"$NODE_PROBLEM_DETECTOR_TAG": {get_param: node_problem_detector_tag}
"$NGINX_INGRESS_CONTROLLER_TAG": {get_param: nginx_ingress_controller_tag}
"$NGINX_INGRESS_CONTROLLER_CHART_TAG": {get_param: nginx_ingress_controller_chart_tag}
"$AUTO_HEALING_ENABLED": {get_param: auto_healing_enabled}
"$AUTO_HEALING_CONTROLLER": {get_param: auto_healing_controller}
"$MAGNUM_AUTO_HEALER_TAG": {get_param: magnum_auto_healer_tag}

8
magnum/drivers/k8s_fedora_coreos_v1/templates/kubecluster.yaml

@ -719,7 +719,12 @@ parameters:
nginx_ingress_controller_tag:
type: string
description: nginx ingress controller docker image tag
default: 0.23.0
default: 0.26.1
nginx_ingress_controller_chart_tag:
type: string
description: nginx ingress controller helm chart tag
default: v1.24.7
draino_tag:
type: string
@ -1080,6 +1085,7 @@ resources:
tiller_namespace: {get_param: tiller_namespace}
node_problem_detector_tag: {get_param: node_problem_detector_tag}
nginx_ingress_controller_tag: {get_param: nginx_ingress_controller_tag}
nginx_ingress_controller_chart_tag: {get_param: nginx_ingress_controller_chart_tag}
auto_healing_enabled: {get_param: auto_healing_enabled}
auto_healing_controller: {get_param: auto_healing_controller}
magnum_auto_healer_tag: {get_param: magnum_auto_healer_tag}

5
magnum/drivers/k8s_fedora_coreos_v1/templates/kubemaster.yaml

@ -509,6 +509,10 @@ parameters:
type: string
description: nginx ingress controller docker image tag
nginx_ingress_controller_chart_tag:
type: string
description: nginx ingress controller helm chart tag
draino_tag:
type: string
description: tag of the draino container
@ -700,6 +704,7 @@ resources:
"$TILLER_NAMESPACE": {get_param: tiller_namespace}
"$NODE_PROBLEM_DETECTOR_TAG": {get_param: node_problem_detector_tag}
"$NGINX_INGRESS_CONTROLLER_TAG": {get_param: nginx_ingress_controller_tag}
"$NGINX_INGRESS_CONTROLLER_CHART_TAG": {get_param: nginx_ingress_controller_chart_tag}
"$AUTO_HEALING_ENABLED": {get_param: auto_healing_enabled}
"$AUTO_HEALING_CONTROLLER": {get_param: auto_healing_controller}
"$MAGNUM_AUTO_HEALER_TAG": {get_param: magnum_auto_healer_tag}

8
magnum/tests/unit/drivers/test_template_definition.py

@ -514,6 +514,8 @@ class AtomicK8sTemplateDefinitionTestCase(BaseK8sTemplateDefinitionTestCase):
'octavia_ingress_controller_tag')
nginx_ingress_controller_tag = mock_cluster.labels.get(
'nginx_ingress_controller_tag')
nginx_ingress_controller_chart_tag = mock_cluster.labels.get(
'nginx_ingress_controller_chart_tag')
kubelet_options = mock_cluster.labels.get(
'kubelet_options')
kubeapi_options = mock_cluster.labels.get(
@ -624,6 +626,8 @@ class AtomicK8sTemplateDefinitionTestCase(BaseK8sTemplateDefinitionTestCase):
'ingress_controller_role': ingress_controller_role,
'octavia_ingress_controller_tag': octavia_ingress_controller_tag,
'nginx_ingress_controller_tag': nginx_ingress_controller_tag,
'nginx_ingress_controller_chart_tag':
nginx_ingress_controller_chart_tag,
'octavia_enabled': False,
'kube_service_account_key': 'public_key',
'kube_service_account_private_key': 'private_key',
@ -956,6 +960,8 @@ class AtomicK8sTemplateDefinitionTestCase(BaseK8sTemplateDefinitionTestCase):
'octavia_ingress_controller_tag')
nginx_ingress_controller_tag = mock_cluster.labels.get(
'nginx_ingress_controller_tag')
nginx_ingress_controller_chart_tag = mock_cluster.labels.get(
'nginx_ingress_controller_chart_tag')
kubelet_options = mock_cluster.labels.get(
'kubelet_options')
kubeapi_options = mock_cluster.labels.get(
@ -1068,6 +1074,8 @@ class AtomicK8sTemplateDefinitionTestCase(BaseK8sTemplateDefinitionTestCase):
'ingress_controller_role': ingress_controller_role,
'octavia_ingress_controller_tag': octavia_ingress_controller_tag,
'nginx_ingress_controller_tag': nginx_ingress_controller_tag,
'nginx_ingress_controller_chart_tag':
nginx_ingress_controller_chart_tag,
'octavia_enabled': False,
'kube_service_account_key': 'public_key',
'kube_service_account_private_key': 'private_key',

Loading…
Cancel
Save