Migrate CronJob resources to batch/v1 and PodDisruptionBudget resources to policy/v1

This change updates the following charts to migrate CronJob resources to the batch/v1 API version, available since v1.21. [0] and to migrate PodDisruptionBudget to the policy/v1 API version, also available since v1.21. [1] This also uplift ingress controller to 1.1.3 - ceph-client (CronJob) - cert-rotation (CronJob) - elasticsearch (CronJob) - mariadb (CronJob & PodDisruptionBudget) - postgresql (CronJob) 0: https://kubernetes.io/docs/reference/using-api/deprecation-guide/#cronjob-v125 1: https://kubernetes.io/docs/reference/using-api/deprecation-guide/#poddisruptionbudget-v125 Change-Id: Ia6189b98a86b3f7575dc4678bb3a0cce69562c93
2022-05-05 11:38:52 -04:00 · 2022-05-05 11:38:52 -04:00 · 753a32c33d
parent 1eeb05397e
commit 753a32c33d
28 changed files with 70 additions and 39 deletions
--- a/ceph-client/Chart.yaml
+++ b/ceph-client/Chart.yaml
@ -15,6 +15,6 @@ apiVersion: v1
 appVersion: v1.0.0
 description: OpenStack-Helm Ceph Client
 name: ceph-client
-version: 0.1.33
+version: 0.1.34
 home: https://github.com/ceph/ceph-client
 ...
--- a/ceph-client/templates/cronjob-checkPGs.yaml
+++ b/ceph-client/templates/cronjob-checkPGs.yaml
@ -47,7 +47,7 @@ subjects:
    name: {{ $serviceAccountName }}
    namespace: {{ $envAll.Release.Namespace }}
 ---
-apiVersion: batch/v1beta1
+apiVersion: batch/v1
 kind: CronJob
 metadata:
  name: {{ $serviceAccountName }}
--- a/ceph-client/templates/cronjob-defragosds.yaml
+++ b/ceph-client/templates/cronjob-defragosds.yaml
@ -47,7 +47,7 @@ subjects:
    name: {{ $serviceAccountName }}
    namespace: {{ $envAll.Release.Namespace }}
 ---
-apiVersion: batch/v1beta1
+apiVersion: batch/v1
 kind: CronJob
 metadata:
  name: {{ $serviceAccountName }}
--- a/ceph-provisioners/Chart.yaml
+++ b/ceph-provisioners/Chart.yaml
@ -15,6 +15,6 @@ apiVersion: v1
 appVersion: v1.0.0
 description: OpenStack-Helm Ceph Provisioner
 name: ceph-provisioners
-version: 0.1.17
+version: 0.1.18
 home: https://github.com/ceph/ceph
 ...
--- a/ceph-provisioners/templates/deployment-csi-rbd-provisioner.yaml
+++ b/ceph-provisioners/templates/deployment-csi-rbd-provisioner.yaml
@ -56,6 +56,9 @@ rules:
  - apiGroups: ["storage.k8s.io"]
    resources: ["volumeattachments"]
    verbs: ["get", "list", "watch", "update", "patch"]
+  - apiGroups: ["storage.k8s.io"]
+    resources: ["volumeattachments/status"]
+    verbs: ["update", "patch"]
  - apiGroups: ["storage.k8s.io"]
    resources: ["csinodes"]
    verbs: ["get", "list", "watch"]
@ -152,8 +155,6 @@ spec:
            - "--v=0"
            - "--timeout=150s"
            - "--retry-interval-start=500ms"
-            - "--enable-leader-election=true"
-            - "--leader-election-type=leases"
            - "--leader-election-namespace=$(DEPLOYMENT_NAMESPACE)"
          volumeMounts:
            - name: socket-dir
@ -205,7 +206,6 @@ spec:
          args:
            - "--csi-address=$(ADDRESS)"
            - "--v=0"
-            - "--csiTimeout=150s"
            - "--leader-election"
            - "--leader-election-namespace=$(DEPLOYMENT_NAMESPACE)"
          env:
--- a/ceph-provisioners/values.yaml
+++ b/ceph-provisioners/values.yaml
@ -34,12 +34,12 @@ images:
    ceph_cephfs_provisioner: 'docker.io/openstackhelm/ceph-cephfs-provisioner:ubuntu_bionic-20200521'
    ceph_config_helper: 'docker.io/openstackhelm/ceph-config-helper:change_770201_ubuntu_bionic-20210113'
    ceph_rbd_provisioner: 'docker.io/openstackhelm/ceph-rbd-provisioner:change_770201_ubuntu_bionic-20210113'
-    csi_provisioner: 'quay.io/k8scsi/csi-provisioner:v1.6.0'
-    csi_snapshotter: 'quay.io/k8scsi/csi-snapshotter:v2.1.1'
-    csi_attacher: 'quay.io/k8scsi/csi-attacher:v2.1.1'
-    csi_resizer: 'quay.io/k8scsi/csi-resizer:v0.4.0'
-    csi_registrar: 'quay.io/k8scsi/csi-node-driver-registrar:v1.2.0'
-    cephcsi: 'quay.io/cephcsi/cephcsi:v3.4.0'
+    csi_provisioner: 'quay.io/k8scsi/csi-provisioner:v2.1.2'
+    csi_snapshotter: 'quay.io/k8scsi/csi-snapshotter:v2.1.5'
+    csi_attacher: 'quay.io/k8scsi/csi-attacher:v3.1.0'
+    csi_resizer: 'quay.io/k8scsi/csi-resizer:v1.1.0'
+    csi_registrar: 'quay.io/k8scsi/csi-node-driver-registrar:v2.1.0'
+    cephcsi: 'quay.io/cephcsi/cephcsi:v3.6.1'
    dep_check: 'quay.io/airshipit/kubernetes-entrypoint:v1.0.0'
    image_repo_sync: 'docker.io/library/docker:17.07.0'
  local_registry:
--- a/cert-rotation/Chart.yaml
+++ b/cert-rotation/Chart.yaml
@ -16,5 +16,5 @@ appVersion: "1.0"
 description: Rotate the certificates generated by cert-manager
 home: https://cert-manager.io/
 name: cert-rotation
-version: 0.1.4
+version: 0.1.5
 ...
--- a/cert-rotation/templates/cron-job-cert-rotate.yaml
+++ b/cert-rotation/templates/cron-job-cert-rotate.yaml
@ -61,7 +61,7 @@ subjects:
    name: {{ $serviceAccountName }}
    namespace: {{ $envAll.Release.Namespace }}
 ---
-apiVersion: batch/v1beta1
+apiVersion: batch/v1
 kind: CronJob
 metadata:
  name: cert-rotate
--- a/elasticsearch/Chart.yaml
+++ b/elasticsearch/Chart.yaml
@ -15,7 +15,7 @@ apiVersion: v1
 appVersion: v7.6.2
 description: OpenStack-Helm ElasticSearch
 name: elasticsearch
-version: 0.2.18
+version: 0.2.19
 home: https://www.elastic.co/
 sources:
  - https://github.com/elastic/elasticsearch
--- a/elasticsearch/templates/cron-job-curator.yaml
+++ b/elasticsearch/templates/cron-job-curator.yaml
@ -20,7 +20,7 @@ limitations under the License.
 {{- $serviceAccountName := "elastic-curator" }}
 {{ tuple $envAll "curator" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
 ---
-apiVersion: batch/v1beta1
+apiVersion: batch/v1
 kind: CronJob
 metadata:
  name: elastic-curator
--- a/elasticsearch/templates/cron-job-verify-repositories.yaml
+++ b/elasticsearch/templates/cron-job-verify-repositories.yaml
@ -20,7 +20,7 @@ limitations under the License.
 {{- $serviceAccountName := "verify-repositories" }}
 {{ tuple $envAll "verify_repositories" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
 ---
-apiVersion: batch/v1beta1
+apiVersion: batch/v1
 kind: CronJob
 metadata:
  name: elasticsearch-verify-repositories
--- a/ingress/Chart.yaml
+++ b/ingress/Chart.yaml
@ -15,7 +15,7 @@ apiVersion: v1
 appVersion: v0.42.0
 description: OpenStack-Helm Ingress Controller
 name: ingress
-version: 0.2.7
+version: 0.2.8
 home: https://github.com/kubernetes/ingress
 sources:
  - https://github.com/kubernetes/ingress
--- a/ingress/values.yaml
+++ b/ingress/values.yaml
@ -25,7 +25,7 @@ deployment:
 images:
  tags:
    entrypoint: quay.io/airshipit/kubernetes-entrypoint:v1.0.0
-    ingress: k8s.gcr.io/ingress-nginx/controller:v0.42.0
+    ingress: k8s.gcr.io/ingress-nginx/controller:v1.1.3
    ingress_module_init: docker.io/openstackhelm/neutron:stein-ubuntu_bionic
    ingress_routed_vip: docker.io/openstackhelm/neutron:stein-ubuntu_bionic
    error_pages: k8s.gcr.io/defaultbackend:1.4
--- a/mariadb/Chart.yaml
+++ b/mariadb/Chart.yaml
@ -15,7 +15,7 @@ apiVersion: v1
 appVersion: v10.2.31
 description: OpenStack-Helm MariaDB
 name: mariadb
-version: 0.2.19
+version: 0.2.20
 home: https://mariadb.com/kb/en/
 icon: http://badges.mariadb.org/mariadb-badge-180x60.png
 sources:
--- a/mariadb/files/nginx.tmpl
+++ b/mariadb/files/nginx.tmpl
@ -280,12 +280,22 @@ http {
    client_header_buffer_size       {{ $cfg.ClientHeaderBufferSize }};
    client_header_timeout           {{ $cfg.ClientHeaderTimeout }}s;
    large_client_header_buffers     {{ $cfg.LargeClientHeaderBuffers }};
-    client_body_buffer_size         {{ $cfg.ClientBodyBufferSize }};
+
+    # NOTE: obsolete directive. removed.
+    #client_body_buffer_size         {{ $cfg.ClientBodyBufferSize }};
    client_body_timeout             {{ $cfg.ClientBodyTimeout }}s;

-    http2_max_field_size            {{ $cfg.HTTP2MaxFieldSize }};
-    http2_max_header_size           {{ $cfg.HTTP2MaxHeaderSize }};
-    http2_max_requests              {{ $cfg.HTTP2MaxRequests }};
+    # NOTE: the "http2_max_field_size" directive is obsolete,
+    # use the "large_client_header_buffers" directive instead
+    #http2_max_field_size            {{ $cfg.HTTP2MaxFieldSize }};
+
+    # NOTE: the "http2_max_header_size" directive is obsolete,
+    # use the "large_client_header_buffers" directive instead
+    #http2_max_header_size           {{ $cfg.HTTP2MaxHeaderSize }};
+
+    # NOTE: the "http2_max_requests" directive is obsolete,
+    # use the "keepalive_requests" directive instead
+    #http2_max_requests              {{ $cfg.HTTP2MaxRequests }};
    http2_max_concurrent_streams    {{ $cfg.HTTP2MaxConcurrentStreams }};

    types_hash_max_size             2048;
@ -669,8 +679,11 @@ http {
        }

        location /configuration {
-            client_max_body_size                    {{ luaConfigurationRequestBodySize $cfg }}m;
-            client_body_buffer_size                 {{ luaConfigurationRequestBodySize $cfg }}m;
+            # NOTE: obsolete directive. removed.
+            #client_max_body_size                    {{ luaConfigurationRequestBodySize $cfg }}m;
+
+            # NOTE: obsolete directive. removed.
+            #client_body_buffer_size                 {{ luaConfigurationRequestBodySize $cfg }}m;
            proxy_buffering                         off;

            content_by_lua_block {
@ -1053,10 +1066,13 @@ stream {
            proxy_ssl_server_name       on;
            proxy_pass_request_headers  on;
            {{ if isValidByteSize $location.Proxy.BodySize true }}
-            client_max_body_size        {{ $location.Proxy.BodySize }};
+            # NOTE: obsolete directive. removed.
+            #client_max_body_size        {{ $location.Proxy.BodySize }};
            {{ end }}
            {{ if isValidByteSize $location.ClientBodyBufferSize false }}
-            client_body_buffer_size     {{ $location.ClientBodyBufferSize }};
+
+            # NOTE: obsolete directive. removed.
+            #client_body_buffer_size     {{ $location.ClientBodyBufferSize }};
            {{ end }}

            # Pass the extracted client certificate to the auth provider
@ -1102,7 +1118,7 @@ stream {
            set $service_port   {{ $ing.ServicePort | quote }};
            set $location_path  {{ $ing.Path | escapeLiteralDollar | quote }};

-            {{ buildOpentracingForLocation $all.Cfg.EnableOpentracing $location }}
+            {{ buildOpentracingForLocation $all.Cfg.EnableOpentracing true $location }}

            {{ if $location.Mirror.Source }}
            mirror {{ $location.Mirror.Source }};
@ -1217,10 +1233,13 @@ stream {
            {{ buildInfluxDB $location.InfluxDB }}

            {{ if isValidByteSize $location.Proxy.BodySize true }}
-            client_max_body_size                    {{ $location.Proxy.BodySize }};
+            # NOTE: obsolete directive. removed.
+            #client_max_body_size                    {{ $location.Proxy.BodySize }};
            {{ end }}
            {{ if isValidByteSize $location.ClientBodyBufferSize false }}
-            client_body_buffer_size                 {{ $location.ClientBodyBufferSize }};
+
+            # NOTE: obsolete directive. removed.
+            #client_body_buffer_size                 {{ $location.ClientBodyBufferSize }};
            {{ end }}

            {{/* By default use vhost as Host to upstream, but allow overrides */}}
--- a/mariadb/templates/cron-job-backup-mariadb.yaml
+++ b/mariadb/templates/cron-job-backup-mariadb.yaml
@ -18,7 +18,7 @@ limitations under the License.
 {{- $serviceAccountName := "mariadb-backup" }}
 {{ tuple $envAll "mariadb_backup" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
 ---
-apiVersion: batch/v1beta1
+apiVersion: batch/v1
 kind: CronJob
 metadata:
  name: mariadb-backup
--- a/mariadb/templates/pdb-mariadb.yaml
+++ b/mariadb/templates/pdb-mariadb.yaml
@ -15,7 +15,7 @@ limitations under the License.
 {{- if .Values.manifests.pdb_server }}
 {{- $envAll := . }}
 ---
-apiVersion: policy/v1beta1
+apiVersion: policy/v1
 kind: PodDisruptionBudget
 metadata:
  name: mariadb-server
--- a/mariadb/values.yaml
+++ b/mariadb/values.yaml
@ -21,7 +21,7 @@ release_group: null
 images:
  tags:
    mariadb: docker.io/openstackhelm/mariadb:latest-ubuntu_focal
-    ingress: k8s.gcr.io/ingress-nginx/controller:v0.42.0
+    ingress: k8s.gcr.io/ingress-nginx/controller:v1.1.3
    error_pages: k8s.gcr.io/defaultbackend:1.4
    prometheus_create_mysql_user: docker.io/library/mariadb:10.5.9-focal
    prometheus_mysql_exporter: docker.io/prom/mysqld-exporter:v0.12.1
--- a/postgresql/Chart.yaml
+++ b/postgresql/Chart.yaml
@ -15,7 +15,7 @@ apiVersion: v1
 appVersion: v9.6
 description: OpenStack-Helm PostgreSQL
 name: postgresql
-version: 0.1.14
+version: 0.1.15
 home: https://www.postgresql.org
 sources:
  - https://github.com/postgres/postgres
--- a/postgresql/templates/cron-job-backup-postgres.yaml
+++ b/postgresql/templates/cron-job-backup-postgres.yaml
@ -18,7 +18,7 @@ limitations under the License.
 {{- $serviceAccountName := "postgresql-backup" }}
 {{ tuple $envAll "postgresql_backup" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
 ---
-apiVersion: batch/v1beta1
+apiVersion: batch/v1
 kind: CronJob
 metadata:
  name: postgresql-backup
--- a/releasenotes/notes/ceph-client.yaml
+++ b/releasenotes/notes/ceph-client.yaml
@ -34,4 +34,5 @@ ceph-client:
  - 0.1.31 Consolidate mon_endpoints discovery
  - 0.1.32 Simplify test rules for ceph-mgr deployment
  - 0.1.33 More robust naming of clusterrole-checkdns
+  - 0.1.34 Migrated CronJob resource to batch/v1 API version
 ...
--- a/releasenotes/notes/ceph-provisioners.yaml
+++ b/releasenotes/notes/ceph-provisioners.yaml
@ -17,4 +17,5 @@ ceph-provisioners:
  - 0.1.15 Add support to connect to rook-ceph cluster
  - 0.1.16 Update htk requirements
  - 0.1.17 Consolidate mon_endpoints discovery
+  - 0.1.18 Update CSI images & fix ceph csi provisioner RBAC
 ...
--- a/releasenotes/notes/cert-rotation.yaml
+++ b/releasenotes/notes/cert-rotation.yaml
@ -5,4 +5,5 @@ cert-rotation:
  - 0.1.2 Correct and enhance the rotation script
  - 0.1.3 Update htk requirements
  - 0.1.4 Consider initContainers when restarting resources
+  - 0.1.5 Migrated CronJob resource to batch/v1 API version
 ...
--- a/releasenotes/notes/elasticsearch.yaml
+++ b/releasenotes/notes/elasticsearch.yaml
@ -28,4 +28,5 @@ elasticsearch:
  - 0.2.16 Use python3 for helm tests when possible
  - 0.2.17 Annotate ES master/data sts with S3 secret hash
  - 0.2.18 Update default image value to Wallaby
+  - 0.2.19 Migrated CronJob resource to batch/v1 API version
 ...
--- a/releasenotes/notes/ingress.yaml
+++ b/releasenotes/notes/ingress.yaml
@ -11,4 +11,5 @@ ingress:
  - 0.2.5 Migrate Ingress resources to networking.k8s.io/v1
  - 0.2.6 Add option to assign VIP as externalIP
  - 0.2.7 Enable taint toleration for Openstack services jobs
+  - 0.2.8 Uplift ingress to 1.1.3
 ...
--- a/releasenotes/notes/mariadb.yaml
+++ b/releasenotes/notes/mariadb.yaml
@ -35,4 +35,5 @@ mariadb:
  - 0.2.17 Enable taint toleration for Openstack services jobs
  - 0.2.18 Updated naming for subchart compatibility
  - 0.2.19 Update default image value to Wallaby
+  - 0.2.20 Migrated CronJob resource to batch/v1 API version & PodDisruptionBudget to policy/v1; Uplift Mariadb-ingress to 1.1.3
 ...
--- a/releasenotes/notes/postgresql.yaml
+++ b/releasenotes/notes/postgresql.yaml
@ -15,4 +15,5 @@ postgresql:
  - 0.1.12 Enhance postgresql backup
  - 0.1.13 Remove set -x
  - 0.1.14 Fix invalid fields in values
+  - 0.1.15 Migrated CronJob resource to batch/v1 API version
 ...
--- a/tools/gate/deploy-k8s.sh
+++ b/tools/gate/deploy-k8s.sh
@ -14,8 +14,8 @@
 set -ex

 : "${HELM_VERSION:="v3.6.3"}"
-: "${KUBE_VERSION:="v1.19.16"}"
-: "${MINIKUBE_VERSION:="v1.22.0"}"
+: "${KUBE_VERSION:="v1.23.0"}"
+: "${MINIKUBE_VERSION:="v1.23.0"}"
 : "${CALICO_VERSION:="v3.20"}"
 : "${YQ_VERSION:="v4.6.0"}"
 : "${KUBE_DNS_IP="10.96.0.10"}"
@ -162,6 +162,10 @@ rm -rf "${TMP_DIR}"
 sudo -E minikube config set kubernetes-version "${KUBE_VERSION}"
 sudo -E minikube config set vm-driver none

+# NOTE: set RemoveSelfLink to false, to enable it as it is required by the ceph-rbd-provisioner.
+# SelfLinks were deprecated in k8s v1.16, and in k8s v1.20, they are
+# disabled by default.
+# https://github.com/kubernetes/enhancements/issues/1164
 export CHANGE_MINIKUBE_NONE_USER=true
 export MINIKUBE_IN_STYLE=false
 sudo -E minikube start \
@ -177,6 +181,7 @@ sudo -E minikube start \
  --extra-config=apiserver.service-node-port-range=1-65535 \
  --extra-config=kubelet.cgroup-driver=systemd \
  --extra-config=kubelet.resolv-conf=/run/systemd/resolve/resolv.conf \
+  --feature-gates=RemoveSelfLink=false \
  --embed-certs
 sudo -E systemctl enable --now kubelet