fcos-k8s: Update to v1.22

* change rbac.authorization.k8s.io/v1beta1 to v1 * update metrics-server * change storage.k8s.io/v1beta1 to v1 * drop kubelet-https * update to FCOS 35 story: 2009828 task: 44416 Signed-off-by: Spyros <strigazi@gmail.com> Change-Id: I24b89366a4a8e8bc4c90f6a85ef6de2ac77dae1d
1 year ago · c1c9942f8b
parent 91024195a5
commit c1c9942f8b
15 changed files with 25 additions and 24 deletions
--- a/devstack/plugin.sh
+++ b/devstack/plugin.sh
@ -13,7 +13,7 @@ if is_service_enabled magnum-api magnum-cond; then
        echo_summary "Installing magnum"
        install_magnum

-        MAGNUM_GUEST_IMAGE_URL=${MAGNUM_GUEST_IMAGE_URL:-"https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/31.20200323.3.2/x86_64/fedora-coreos-31.20200323.3.2-openstack.x86_64.qcow2.xz"}
+        MAGNUM_GUEST_IMAGE_URL=${MAGNUM_GUEST_IMAGE_URL:-"https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/35.20220116.3.0/x86_64/fedora-coreos-35.20220116.3.0-openstack.x86_64.qcow2.xz"}
        IMAGE_URLS+=",${MAGNUM_GUEST_IMAGE_URL}"

        LIBS_FROM_GIT="${LIBS_FROM_GIT},python-magnumclient"
--- a/doc/source/contributor/quickstart.rst
+++ b/doc/source/contributor/quickstart.rst
@ -267,7 +267,7 @@ Fedora CoreOS
 ::

    openstack coe cluster template create k8s-cluster-template \
-        --image fedora-coreos-31.20200323.3.2-openstack.x86_64 \
+        --image fedora-coreos-35.20220116.3.0-openstack.x86_64 \
        --keypair testkey \
        --external-network public \
        --dns-nameserver 8.8.8.8 \
--- a/doc/source/user/monitoring.rst
+++ b/doc/source/user/monitoring.rst
@ -52,6 +52,7 @@ _`metrics_server_chart_tag`
  Add metrics_server_chart_tag to select the version of the
  stable/metrics-server chart to install.
  Ussuri default: v2.8.8
+  Yoga default: v3.7.0

 _`prometheus_operator_chart_tag`
  Add prometheus_operator_chart_tag to select version of the
--- a/magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-master.sh
+++ b/magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-master.sh
@ -312,7 +312,7 @@ KUBE_API_ARGS="$KUBE_API_ARGS --client-ca-file=$CERT_DIR/ca.crt"
 KUBE_API_ARGS="$KUBE_API_ARGS --service-account-key-file=${CERT_DIR}/service_account.key"
 KUBE_API_ARGS="$KUBE_API_ARGS --service-account-signing-key-file=${CERT_DIR}/service_account_private.key"
 KUBE_API_ARGS="$KUBE_API_ARGS --service-account-issuer=https://kubernetes.default.svc.cluster.local"
-KUBE_API_ARGS="$KUBE_API_ARGS --kubelet-certificate-authority=${CERT_DIR}/ca.crt --kubelet-client-certificate=${CERT_DIR}/server.crt --kubelet-client-key=${CERT_DIR}/server.key --kubelet-https=true"
+KUBE_API_ARGS="$KUBE_API_ARGS --kubelet-certificate-authority=${CERT_DIR}/ca.crt --kubelet-client-certificate=${CERT_DIR}/server.crt --kubelet-client-key=${CERT_DIR}/server.key"
 # Allow for metrics-server/aggregator communication
 KUBE_API_ARGS="${KUBE_API_ARGS} \
    --proxy-client-cert-file=${CERT_DIR}/front-proxy/server.crt \
--- a/magnum/drivers/common/templates/kubernetes/fragments/enable-cinder-csi.sh
+++ b/magnum/drivers/common/templates/kubernetes/fragments/enable-cinder-csi.sh
@ -509,7 +509,7 @@ spec:
            path: /etc/kubernetes/ca-bundle.crt
            type: File
 ---
-apiVersion: storage.k8s.io/v1beta1
+apiVersion: storage.k8s.io/v1
 kind: CSIDriver
 metadata:
  name: cinder.csi.openstack.org
--- a/magnum/drivers/common/templates/kubernetes/fragments/enable-ingress-traefik.sh
+++ b/magnum/drivers/common/templates/kubernetes/fragments/enable-ingress-traefik.sh
@ -128,7 +128,7 @@ spec:
      targetPort: metrics
 ---
 kind: ClusterRole
-apiVersion: rbac.authorization.k8s.io/v1beta1
+apiVersion: rbac.authorization.k8s.io/v1
 metadata:
  name: ingress-traefik
 rules:
@ -152,7 +152,7 @@ rules:
      - watch
 ---
 kind: ClusterRoleBinding
-apiVersion: rbac.authorization.k8s.io/v1beta1
+apiVersion: rbac.authorization.k8s.io/v1
 metadata:
  name: ingress-traefik
 roleRef:
--- a/magnum/drivers/common/templates/kubernetes/fragments/enable-keystone-auth.sh
+++ b/magnum/drivers/common/templates/kubernetes/fragments/enable-keystone-auth.sh
@ -21,7 +21,7 @@ metadata:
  name: k8s-keystone-auth
  namespace: kube-system
 ---
-apiVersion: rbac.authorization.k8s.io/v1beta1
+apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
  labels:
@ -39,7 +39,7 @@ rules:
  - list
  - watch
 ---
-apiVersion: rbac.authorization.k8s.io/v1beta1
+apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
  annotations:
--- a/magnum/drivers/common/templates/kubernetes/fragments/enable-prometheus-monitoring.sh
+++ b/magnum/drivers/common/templates/kubernetes/fragments/enable-prometheus-monitoring.sh
@ -249,7 +249,7 @@ spec:
        configMap:
          name: prometheus
 ---
-apiVersion: rbac.authorization.k8s.io/v1beta1
+apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
  name: prometheus
@ -276,7 +276,7 @@ metadata:
  name: prometheus
  namespace: prometheus-monitoring
 ---
-apiVersion: rbac.authorization.k8s.io/v1beta1
+apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
  name: prometheus
--- a/magnum/drivers/common/templates/kubernetes/fragments/flannel-service.sh
+++ b/magnum/drivers/common/templates/kubernetes/fragments/flannel-service.sh
@ -62,7 +62,7 @@ spec:
    rule: 'RunAsAny'
 ---
 kind: ClusterRole
-apiVersion: rbac.authorization.k8s.io/v1beta1
+apiVersion: rbac.authorization.k8s.io/v1
 metadata:
  name: flannel
 rules:
@ -91,7 +91,7 @@ rules:
      - patch
 ---
 kind: ClusterRoleBinding
-apiVersion: rbac.authorization.k8s.io/v1beta1
+apiVersion: rbac.authorization.k8s.io/v1
 metadata:
  name: flannel
 roleRef:
--- a/magnum/drivers/common/templates/kubernetes/fragments/kube-apiserver-to-kubelet-role.sh
+++ b/magnum/drivers/common/templates/kubernetes/fragments/kube-apiserver-to-kubelet-role.sh
@ -12,7 +12,7 @@ do
 done

 cat <<EOF | kubectl apply --validate=false -f -
-apiVersion: rbac.authorization.k8s.io/v1beta1
+apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
  annotations:
@ -34,7 +34,7 @@ rules:
 EOF

 cat <<EOF | kubectl apply --validate=false -f -
-apiVersion: rbac.authorization.k8s.io/v1beta1
+apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
  name: system:kube-apiserver
@ -62,7 +62,7 @@ metadata:
  name: admin
  namespace: kube-system
 ---
-apiVersion: rbac.authorization.k8s.io/v1beta1
+apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
  name: admin
--- a/magnum/drivers/common/templates/kubernetes/fragments/kube-dashboard-service.sh
+++ b/magnum/drivers/common/templates/kubernetes/fragments/kube-dashboard-service.sh
@ -548,7 +548,7 @@ spec:
    k8s-app: heapster
 ---
 kind: ClusterRoleBinding
-apiVersion: rbac.authorization.k8s.io/v1beta1
+apiVersion: rbac.authorization.k8s.io/v1
 metadata:
  name: heapster
 roleRef:
@ -560,7 +560,7 @@ subjects:
  name: heapster
  namespace: kube-system
 ---
-apiVersion: rbac.authorization.k8s.io/v1beta1
+apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
  annotations:
@ -580,7 +580,7 @@ rules:
    verbs:
      - "*"
 ---
-apiVersion: rbac.authorization.k8s.io/v1beta1
+apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
  name: system:heapter-kubelet
--- a/magnum/drivers/common/templates/kubernetes/helm/metrics-server.sh
+++ b/magnum/drivers/common/templates/kubernetes/helm/metrics-server.sh
@ -13,13 +13,13 @@ if [ "$(echo ${METRICS_SERVER_ENABLED} | tr '[:upper:]' '[:lower:]')" = "true" ]
    cat << EOF >> ${HELM_CHART_DIR}/requirements.yaml
 - name: ${CHART_NAME}
  version: ${METRICS_SERVER_CHART_TAG}
-  repository: https://charts.helm.sh/stable
+  repository: https://kubernetes-sigs.github.io/metrics-server/
 EOF

    cat << EOF >> ${HELM_CHART_DIR}/values.yaml
 metrics-server:
  image:
-    repository: ${CONTAINER_INFRA_PREFIX:-gcr.io/google_containers/}metrics-server-${ARCH}
+    repository: ${CONTAINER_INFRA_PREFIX:-k8s.gcr.io/metrics-server/}metrics-server
  resources:
    requests:
      cpu: 100m
--- a/magnum/drivers/k8s_fedora_atomic_v1/templates/kubecluster.yaml
+++ b/magnum/drivers/k8s_fedora_atomic_v1/templates/kubecluster.yaml
@ -135,7 +135,7 @@ parameters:
  metrics_server_chart_tag:
    type: string
    description: tag of the stable/metrics-server chart to install
-    default: v2.8.8
+    default: v3.7.0

  minion_flavor:
    type: string
--- a/magnum/drivers/k8s_fedora_coreos_v1/templates/kubecluster.yaml
+++ b/magnum/drivers/k8s_fedora_coreos_v1/templates/kubecluster.yaml
@ -139,7 +139,7 @@ parameters:
  metrics_server_chart_tag:
    type: string
    description: tag of the stable/metrics-server chart to install
-    default: v2.8.8
+    default: v3.7.0

  minion_flavor:
    type: string
--- a/magnum/tests/contrib/gate_hook.sh
+++ b/magnum/tests/contrib/gate_hook.sh
@ -86,8 +86,8 @@ elif [ "${coe}${special}" = "k8s-ironic" ]; then
    export DEVSTACK_LOCAL_CONFIG+=$'\n'"IRONIC_VM_SPECS_DISK=10"
    export DEVSTACK_LOCAL_CONFIG+=$'\n'"IRONIC_VM_EPHEMERAL_DISK=5"
 else
-    export DEVSTACK_LOCAL_CONFIG+=$'\n'"MAGNUM_GUEST_IMAGE_URL='https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/31.20200323.3.2/x86_64/fedora-coreos-31.20200323.3.2-openstack.x86_64.qcow2.xz'"
-    export DEVSTACK_LOCAL_CONFIG+=$'\n'"MAGNUM_IMAGE_NAME='fedora-coreos-31.20200323.3.2-openstack.x86_64'"
+    export DEVSTACK_LOCAL_CONFIG+=$'\n'"MAGNUM_GUEST_IMAGE_URL='https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/35.20220116.3.0/x86_64/fedora-coreos-35.20220116.3.0-openstack.x86_64.qcow2.xz'"
+    export DEVSTACK_LOCAL_CONFIG+=$'\n'"MAGNUM_IMAGE_NAME='fedora-coreos-35.20220116.3.0-openstack.x86_64'"
 fi

 # Enable magnum plugin in the last step