fcos-k8s: Update to v1.22

* change rbac.authorization.k8s.io/v1beta1 to v1
  * update metrics-server
* change storage.k8s.io/v1beta1 to v1
* drop kubelet-https
* update to FCOS 35

story: 2009828
task: 44416

Signed-off-by: Spyros <strigazi@gmail.com>
Change-Id: I24b89366a4a8e8bc4c90f6a85ef6de2ac77dae1d
This commit is contained in:
Spyros 2022-02-03 13:52:26 +00:00
parent 91024195a5
commit c1c9942f8b
15 changed files with 25 additions and 24 deletions

View File

@ -13,7 +13,7 @@ if is_service_enabled magnum-api magnum-cond; then
echo_summary "Installing magnum"
install_magnum
MAGNUM_GUEST_IMAGE_URL=${MAGNUM_GUEST_IMAGE_URL:-"https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/31.20200323.3.2/x86_64/fedora-coreos-31.20200323.3.2-openstack.x86_64.qcow2.xz"}
MAGNUM_GUEST_IMAGE_URL=${MAGNUM_GUEST_IMAGE_URL:-"https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/35.20220116.3.0/x86_64/fedora-coreos-35.20220116.3.0-openstack.x86_64.qcow2.xz"}
IMAGE_URLS+=",${MAGNUM_GUEST_IMAGE_URL}"
LIBS_FROM_GIT="${LIBS_FROM_GIT},python-magnumclient"

View File

@ -267,7 +267,7 @@ Fedora CoreOS
::
openstack coe cluster template create k8s-cluster-template \
--image fedora-coreos-31.20200323.3.2-openstack.x86_64 \
--image fedora-coreos-35.20220116.3.0-openstack.x86_64 \
--keypair testkey \
--external-network public \
--dns-nameserver 8.8.8.8 \

View File

@ -52,6 +52,7 @@ _`metrics_server_chart_tag`
Add metrics_server_chart_tag to select the version of the
stable/metrics-server chart to install.
Ussuri default: v2.8.8
Yoga default: v3.7.0
_`prometheus_operator_chart_tag`
Add prometheus_operator_chart_tag to select version of the

View File

@ -312,7 +312,7 @@ KUBE_API_ARGS="$KUBE_API_ARGS --client-ca-file=$CERT_DIR/ca.crt"
KUBE_API_ARGS="$KUBE_API_ARGS --service-account-key-file=${CERT_DIR}/service_account.key"
KUBE_API_ARGS="$KUBE_API_ARGS --service-account-signing-key-file=${CERT_DIR}/service_account_private.key"
KUBE_API_ARGS="$KUBE_API_ARGS --service-account-issuer=https://kubernetes.default.svc.cluster.local"
KUBE_API_ARGS="$KUBE_API_ARGS --kubelet-certificate-authority=${CERT_DIR}/ca.crt --kubelet-client-certificate=${CERT_DIR}/server.crt --kubelet-client-key=${CERT_DIR}/server.key --kubelet-https=true"
KUBE_API_ARGS="$KUBE_API_ARGS --kubelet-certificate-authority=${CERT_DIR}/ca.crt --kubelet-client-certificate=${CERT_DIR}/server.crt --kubelet-client-key=${CERT_DIR}/server.key"
# Allow for metrics-server/aggregator communication
KUBE_API_ARGS="${KUBE_API_ARGS} \
--proxy-client-cert-file=${CERT_DIR}/front-proxy/server.crt \

View File

@ -509,7 +509,7 @@ spec:
path: /etc/kubernetes/ca-bundle.crt
type: File
---
apiVersion: storage.k8s.io/v1beta1
apiVersion: storage.k8s.io/v1
kind: CSIDriver
metadata:
name: cinder.csi.openstack.org

View File

@ -128,7 +128,7 @@ spec:
targetPort: metrics
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: ingress-traefik
rules:
@ -152,7 +152,7 @@ rules:
- watch
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: ingress-traefik
roleRef:

View File

@ -21,7 +21,7 @@ metadata:
name: k8s-keystone-auth
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1beta1
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
@ -39,7 +39,7 @@ rules:
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1beta1
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
annotations:

View File

@ -249,7 +249,7 @@ spec:
configMap:
name: prometheus
---
apiVersion: rbac.authorization.k8s.io/v1beta1
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: prometheus
@ -276,7 +276,7 @@ metadata:
name: prometheus
namespace: prometheus-monitoring
---
apiVersion: rbac.authorization.k8s.io/v1beta1
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: prometheus

View File

@ -62,7 +62,7 @@ spec:
rule: 'RunAsAny'
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: flannel
rules:
@ -91,7 +91,7 @@ rules:
- patch
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: flannel
roleRef:

View File

@ -12,7 +12,7 @@ do
done
cat <<EOF | kubectl apply --validate=false -f -
apiVersion: rbac.authorization.k8s.io/v1beta1
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
annotations:
@ -34,7 +34,7 @@ rules:
EOF
cat <<EOF | kubectl apply --validate=false -f -
apiVersion: rbac.authorization.k8s.io/v1beta1
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: system:kube-apiserver
@ -62,7 +62,7 @@ metadata:
name: admin
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1beta1
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin

View File

@ -548,7 +548,7 @@ spec:
k8s-app: heapster
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: heapster
roleRef:
@ -560,7 +560,7 @@ subjects:
name: heapster
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1beta1
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
annotations:
@ -580,7 +580,7 @@ rules:
verbs:
- "*"
---
apiVersion: rbac.authorization.k8s.io/v1beta1
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: system:heapter-kubelet

View File

@ -13,13 +13,13 @@ if [ "$(echo ${METRICS_SERVER_ENABLED} | tr '[:upper:]' '[:lower:]')" = "true" ]
cat << EOF >> ${HELM_CHART_DIR}/requirements.yaml
- name: ${CHART_NAME}
version: ${METRICS_SERVER_CHART_TAG}
repository: https://charts.helm.sh/stable
repository: https://kubernetes-sigs.github.io/metrics-server/
EOF
cat << EOF >> ${HELM_CHART_DIR}/values.yaml
metrics-server:
image:
repository: ${CONTAINER_INFRA_PREFIX:-gcr.io/google_containers/}metrics-server-${ARCH}
repository: ${CONTAINER_INFRA_PREFIX:-k8s.gcr.io/metrics-server/}metrics-server
resources:
requests:
cpu: 100m

View File

@ -135,7 +135,7 @@ parameters:
metrics_server_chart_tag:
type: string
description: tag of the stable/metrics-server chart to install
default: v2.8.8
default: v3.7.0
minion_flavor:
type: string

View File

@ -139,7 +139,7 @@ parameters:
metrics_server_chart_tag:
type: string
description: tag of the stable/metrics-server chart to install
default: v2.8.8
default: v3.7.0
minion_flavor:
type: string

View File

@ -86,8 +86,8 @@ elif [ "${coe}${special}" = "k8s-ironic" ]; then
export DEVSTACK_LOCAL_CONFIG+=$'\n'"IRONIC_VM_SPECS_DISK=10"
export DEVSTACK_LOCAL_CONFIG+=$'\n'"IRONIC_VM_EPHEMERAL_DISK=5"
else
export DEVSTACK_LOCAL_CONFIG+=$'\n'"MAGNUM_GUEST_IMAGE_URL='https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/31.20200323.3.2/x86_64/fedora-coreos-31.20200323.3.2-openstack.x86_64.qcow2.xz'"
export DEVSTACK_LOCAL_CONFIG+=$'\n'"MAGNUM_IMAGE_NAME='fedora-coreos-31.20200323.3.2-openstack.x86_64'"
export DEVSTACK_LOCAL_CONFIG+=$'\n'"MAGNUM_GUEST_IMAGE_URL='https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/35.20220116.3.0/x86_64/fedora-coreos-35.20220116.3.0-openstack.x86_64.qcow2.xz'"
export DEVSTACK_LOCAL_CONFIG+=$'\n'"MAGNUM_IMAGE_NAME='fedora-coreos-35.20220116.3.0-openstack.x86_64'"
fi
# Enable magnum plugin in the last step