Update k8s v1.25.2 and helm 3.10.1

This patch updates the k8s version to 1.25.2 and helm version to 3.10.1.

The following changes have been made in kubernetes 1.24, so this patch
supports them.
  - Dockershim Removed from kubelet
    -> Changed from Dockershim to CRIO
  - Service account tokens are no longer auto-generated
    for every ServiceAccount
    -> Changed secrets to be created manually

Also fixes the following API versions that have already been removed
in kubernetes 1.25.
  - autoscaling/v2beta1
  - extensions/v1beta1

Implements: blueprint update-k8s-helm-prometheus
Change-Id: Ic9c2f66251c5d11a652184be5908d91e0ee3fb7d
changes/33/860633/37
Ai Hamano 4 months ago
parent ec835c33a5
commit 3a1ccca97d

@ -455,12 +455,12 @@
KURYR_K8S_API_URL: "https://{{ hostvars['controller-k8s']['nodepool']['private_ipv4'] }}:${KURYR_K8S_API_PORT}"
KURYR_K8S_CONTAINERIZED_DEPLOYMENT: false
KURYR_NEUTRON_DEFAULT_SUBNETPOOL_ID: shared-default-subnetpool-v4
# TODO(YiFeng): At present, the version of kubernetes should be
# 1.23.3, and the returned response can pass the verification of
# kubernetes-client (1.23.3). This configuration will be removed
# after kuryr-kubernetes fixes the following bug.
# https://bugs.launchpad.net/kuryr-kubernetes/+bug/1968960
KURYR_KUBERNETES_VERSION: 1.23.3
# NOTES:
# - In Atelope cycle, Kubernetes version is updated to 1.25.
# https://blueprints.launchpad.net/tacker/+spec/update-k8s-helm-prometheus
KURYR_KUBERNETES_VERSION: 1.25.2
CONTAINER_ENGINE: crio
CRIO_VERSION: 1.25
MYSQL_HOST: "{{ hostvars['controller']['nodepool']['private_ipv4'] }}"
OCTAVIA_AMP_IMAGE_FILE: "/tmp/test-only-amphora-x64-haproxy-ubuntu-bionic.qcow2"
OCTAVIA_AMP_IMAGE_NAME: "test-only-amphora-x64-haproxy-ubuntu-bionic"
@ -520,7 +520,10 @@
amp_active_retries: 9999
kuryr_k8s_api_url: "https://{{ hostvars['controller-k8s']['nodepool']['private_ipv4'] }}:6443"
k8s_ssl_verify: true
helm_version: "3.5.4"
# NOTES:
# - In Atelope cycle, Helm version is updated to 3.10.
# https://blueprints.launchpad.net/tacker/+spec/update-k8s-helm-prometheus
helm_version: "3.10.1"
test_matrix_configs: [neutron]
zuul_work_dir: src/opendev.org/openstack/tacker
zuul_copy_output:

@ -60,8 +60,15 @@ enable_service n-cauth
disable_service tempest
# Enable kuryr-kubernetes, docker, octavia
# Enable kuryr-kubernetes, crio, octavia
KUBERNETES_VIM=True
# It is necessary to specify the patch version
# because it is the version used when executing "apt-get install" command.
KURYR_KUBERNETES_VERSION="1.25.2"
CONTAINER_ENGINE="crio"
# It is not necessary to specify the patch version
# because it is the version used when adding the apt repository.
CRIO_VERSION="1.25"
enable_plugin kuryr-kubernetes https://opendev.org/openstack/kuryr-kubernetes master
enable_plugin octavia https://opendev.org/openstack/octavia master
enable_plugin devstack-plugin-container https://opendev.org/openstack/devstack-plugin-container master

@ -1,6 +1,7 @@
- hosts: all
roles:
- ensure-db-cli-installed
- setup-k8s-nodes
- orchestrate-devstack
- modify-heat-policy
- setup-k8s-oidc

@ -20,4 +20,13 @@ metadata:
namespace: kube-system
labels:
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
addonmanager.kubernetes.io/mode: Reconcile
---
apiVersion: v1
kind: Secret
metadata:
name: admin-token-k8svim
namespace: kube-system
annotations:
kubernetes.io/service-account.name: "admin"
type: kubernetes.io/service-account-token

@ -0,0 +1,24 @@
- block:
- name: load kernel module
modprobe:
name: "{{ item }}"
state: present
with_items:
- overlay
- br_netfilter
become: yes
- name: configure network(iptables/ip_forward) kernel parameter
sysctl:
name: "{{ item }}"
value: '1'
sysctl_set: yes
state: present
reload: yes
with_items:
- net.bridge.bridge-nf-call-ip6tables
- net.bridge.bridge-nf-call-iptables
- net.ipv4.ip_forward
become: yes
when:
- inventory_hostname == 'controller-k8s'
- kuryr_k8s_api_url is defined

@ -1,6 +1,6 @@
#!/bin/bash
docker run -d \
podman run -d \
--net=host \
-e KEYCLOAK_ADMIN=admin -e KEYCLOAK_ADMIN_PASSWORD=admin \
-e KC_HTTP_PORT=8080 -e KC_HTTPS_PORT=8443 \

@ -7,7 +7,7 @@ spec:
maxReplicas: 3
minReplicas: 1
scaleTargetRef:
apiVersion: extensions/v1beta1
apiVersion: apps/v1
kind: Deployment
name: curry-svc-vdu001
targetCPUUtilizationPercentage: 40

@ -36,7 +36,7 @@ Hash: 80f160c9bdd9daa6d0111c8d40b5575946b8c0f23696aa8d91d20f313adae087
Name: Files/kubernetes/horizontal-pod-autoscaler.yaml
Content-Type: test-data
Algorithm: SHA-256
Hash: aa95058d04ef61159712e7c567220b3f5c275251d78b0000bc04575f23c55894
Hash: e0fcd3fe107ede4c21d436afbc28455a9c60909bf67f27886c88b379ca529e09
Name: Files/kubernetes/job.yaml
Content-Type: test-data

@ -1,11 +1,5 @@
1. Get the application URL by running these commands:
{{- if .Values.ingress.enabled }}
{{- range $host := .Values.ingress.hosts }}
{{- range .paths }}
http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }}
{{- end }}
{{- end }}
{{- else if contains "NodePort" .Values.service.type }}
{{- if contains "NodePort" .Values.service.type }}
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "test-chart.fullname" . }})
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP:$NODE_PORT

@ -5,9 +5,7 @@ metadata:
labels:
{{- include "test-chart.labels" . | nindent 4 }}
spec:
{{- if not .Values.autoscaling.enabled }}
replicas: {{ .Values.replicaCountVdu1 }}
{{- end }}
selector:
matchLabels:
{{- include "test-chart.selectorLabels" . | nindent 6 }}

@ -5,9 +5,7 @@ metadata:
labels:
{{- include "test-chart.labels" . | nindent 4 }}
spec:
{{- if not .Values.autoscaling.enabled }}
replicas: {{ .Values.replicaCountVdu2 }}
{{- end }}
selector:
matchLabels:
{{- include "test-chart.selectorLabels" . | nindent 6 }}

@ -1,28 +0,0 @@
{{- if .Values.autoscaling.enabled }}
apiVersion: autoscaling/v2beta1
kind: HorizontalPodAutoscaler
metadata:
name: {{ include "test-chart.fullname" . }}
labels:
{{- include "test-chart.labels" . | nindent 4 }}
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: {{ include "test-chart.fullname" . }}
minReplicas: {{ .Values.autoscaling.minReplicas }}
maxReplicas: {{ .Values.autoscaling.maxReplicas }}
metrics:
{{- if .Values.autoscaling.targetCPUUtilizationPercentage }}
- type: Resource
resource:
name: cpu
targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }}
{{- end }}
{{- if .Values.autoscaling.targetMemoryUtilizationPercentage }}
- type: Resource
resource:
name: memory
targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }}
{{- end }}
{{- end }}

@ -1,61 +0,0 @@
{{- if .Values.ingress.enabled -}}
{{- $fullName := include "test-chart.fullname" . -}}
{{- $svcPort := .Values.service.port -}}
{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }}
{{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }}
{{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}}
{{- end }}
{{- end }}
{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
apiVersion: networking.k8s.io/v1
{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
apiVersion: networking.k8s.io/v1beta1
{{- else -}}
apiVersion: extensions/v1beta1
{{- end }}
kind: Ingress
metadata:
name: {{ $fullName }}
labels:
{{- include "test-chart.labels" . | nindent 4 }}
{{- with .Values.ingress.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
ingressClassName: {{ .Values.ingress.className }}
{{- end }}
{{- if .Values.ingress.tls }}
tls:
{{- range .Values.ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ . | quote }}
{{- end }}
secretName: {{ .secretName }}
{{- end }}
{{- end }}
rules:
{{- range .Values.ingress.hosts }}
- host: {{ .host | quote }}
http:
paths:
{{- range .paths }}
- path: {{ .path }}
{{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }}
pathType: {{ .pathType }}
{{- end }}
backend:
{{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }}
service:
name: {{ $fullName }}
port:
number: {{ $svcPort }}
{{- else }}
serviceName: {{ $fullName }}
servicePort: {{ $svcPort }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}

@ -1,15 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: "{{ include "test-chart.fullname" . }}-test-connection"
labels:
{{- include "test-chart.labels" . | nindent 4 }}
annotations:
"helm.sh/hook": test
spec:
containers:
- name: wget
image: busybox
command: ['wget']
args: ['{{ include "test-chart.fullname" . }}:{{ .Values.service.port }}']
restartPolicy: Never

@ -41,22 +41,6 @@ service:
type: ClusterIP
port: 80
ingress:
enabled: false
className: ""
annotations: {}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
hosts:
- host: chart-example.local
paths:
- path: /
pathType: ImplementationSpecific
tls: []
# - secretName: chart-example-tls
# hosts:
# - chart-example.local
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
@ -69,13 +53,6 @@ resources: {}
# cpu: 100m
# memory: 128Mi
autoscaling:
enabled: false
minReplicas: 1
maxReplicas: 100
targetCPUUtilizationPercentage: 80
# targetMemoryUtilizationPercentage: 80
nodeSelector: {}
tolerations: []

@ -6,4 +6,4 @@ Entry-Definitions: Definitions/sample_cnf_top.vnfd.yaml
Name: Files/kubernetes/test-chart-0.1.1.tgz
Content-Type: test-data
Algorithm: SHA-256
Hash: 0af8bdd875d80896585e75f55b7fda2d291a8152e49f26816203d7d94bcdfe9f
Hash: 388dbd7b96024d9800de46dfdf9b2a9c829e9d74f256321727170d28eff2fd8b

@ -1,11 +1,5 @@
1. Get the application URL by running these commands:
{{- if .Values.ingress.enabled }}
{{- range $host := .Values.ingress.hosts }}
{{- range .paths }}
http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }}
{{- end }}
{{- end }}
{{- else if contains "NodePort" .Values.service.type }}
{{- if contains "NodePort" .Values.service.type }}
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "test-chart.fullname" . }})
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP:$NODE_PORT

@ -5,9 +5,7 @@ metadata:
labels:
{{- include "test-chart.labels" . | nindent 4 }}
spec:
{{- if not .Values.autoscaling.enabled }}
replicas: {{ .Values.replicaCountVdu1 }}
{{- end }}
selector:
matchLabels:
{{- include "test-chart.selectorLabels" . | nindent 6 }}

@ -5,9 +5,7 @@ metadata:
labels:
{{- include "test-chart.labels" . | nindent 4 }}
spec:
{{- if not .Values.autoscaling.enabled }}
replicas: {{ .Values.replicaCountVdu2 }}
{{- end }}
selector:
matchLabels:
{{- include "test-chart.selectorLabels" . | nindent 6 }}

@ -1,28 +0,0 @@
{{- if .Values.autoscaling.enabled }}
apiVersion: autoscaling/v2beta1
kind: HorizontalPodAutoscaler
metadata:
name: {{ include "test-chart.fullname" . }}
labels:
{{- include "test-chart.labels" . | nindent 4 }}
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: {{ include "test-chart.fullname" . }}
minReplicas: {{ .Values.autoscaling.minReplicas }}
maxReplicas: {{ .Values.autoscaling.maxReplicas }}
metrics:
{{- if .Values.autoscaling.targetCPUUtilizationPercentage }}
- type: Resource
resource:
name: cpu
targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }}
{{- end }}
{{- if .Values.autoscaling.targetMemoryUtilizationPercentage }}
- type: Resource
resource:
name: memory
targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }}
{{- end }}
{{- end }}

@ -1,61 +0,0 @@
{{- if .Values.ingress.enabled -}}
{{- $fullName := include "test-chart.fullname" . -}}
{{- $svcPort := .Values.service.port -}}
{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }}
{{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }}
{{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}}
{{- end }}
{{- end }}
{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
apiVersion: networking.k8s.io/v1
{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
apiVersion: networking.k8s.io/v1beta1
{{- else -}}
apiVersion: extensions/v1beta1
{{- end }}
kind: Ingress
metadata:
name: {{ $fullName }}
labels:
{{- include "test-chart.labels" . | nindent 4 }}
{{- with .Values.ingress.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
ingressClassName: {{ .Values.ingress.className }}
{{- end }}
{{- if .Values.ingress.tls }}
tls:
{{- range .Values.ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ . | quote }}
{{- end }}
secretName: {{ .secretName }}
{{- end }}
{{- end }}
rules:
{{- range .Values.ingress.hosts }}
- host: {{ .host | quote }}
http:
paths:
{{- range .paths }}
- path: {{ .path }}
{{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }}
pathType: {{ .pathType }}
{{- end }}
backend:
{{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }}
service:
name: {{ $fullName }}
port:
number: {{ $svcPort }}
{{- else }}
serviceName: {{ $fullName }}
servicePort: {{ $svcPort }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}

@ -1,15 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: "{{ include "test-chart.fullname" . }}-test-connection"
labels:
{{- include "test-chart.labels" . | nindent 4 }}
annotations:
"helm.sh/hook": test
spec:
containers:
- name: wget
image: busybox
command: ['wget']
args: ['{{ include "test-chart.fullname" . }}:{{ .Values.service.port }}']
restartPolicy: Never

@ -41,22 +41,6 @@ service:
type: ClusterIP
port: 80
ingress:
enabled: false
className: ""
annotations: {}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
hosts:
- host: chart-example.local
paths:
- path: /
pathType: ImplementationSpecific
tls: []
# - secretName: chart-example-tls
# hosts:
# - chart-example.local
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
@ -69,13 +53,6 @@ resources: {}
# cpu: 100m
# memory: 128Mi
autoscaling:
enabled: false
minReplicas: 1
maxReplicas: 100
targetCPUUtilizationPercentage: 80
# targetMemoryUtilizationPercentage: 80
nodeSelector: {}
tolerations: []

@ -6,4 +6,4 @@ Entry-Definitions: Definitions/sample_cnf_top.vnfd.yaml
Name: Files/kubernetes/test-chart-0.1.0.tgz
Content-Type: test-data
Algorithm: SHA-256
Hash: 96851c4f3e566d7e94eaa3f7a6ada7fcede501316ffc35b0e27bfdab7f23d4fc
Hash: fa05dd35f45adb43ff1c6c77675ac82c477c5a55a3ad14a87a6b542c21cf4f7c

@ -7,7 +7,7 @@ spec:
maxReplicas: 3
minReplicas: 1
scaleTargetRef:
apiVersion: extensions/v1beta1
apiVersion: apps/v1
kind: Deployment
name: curry-svc-vdu001
targetCPUUtilizationPercentage: 40

@ -41,7 +41,7 @@ Hash: 2a83656567410141fb50086cdd3e73bd9fb9721bee444872c22338258dd076e0
Name: Files/kubernetes/horizontal-pod-autoscaler.yaml
Content-Type: test-data
Algorithm: SHA-256
Hash: aa95058d04ef61159712e7c567220b3f5c275251d78b0000bc04575f23c55894
Hash: e0fcd3fe107ede4c21d436afbc28455a9c60909bf67f27886c88b379ca529e09
Name: Files/kubernetes/job.yaml
Content-Type: test-data

@ -7,7 +7,7 @@ spec:
maxReplicas: 3
minReplicas: 1
scaleTargetRef:
apiVersion: extensions/v1beta1
apiVersion: apps/v1
kind: Deployment
name: curry-svc-vdu001
targetCPUUtilizationPercentage: 40

@ -41,7 +41,7 @@ Hash: f8ed04536a8795af4828b2f731225abc34986f9ea30237d9652669ca57d9d217
Name: Files/kubernetes/horizontal-pod-autoscaler.yaml
Content-Type: test-data
Algorithm: SHA-256
Hash: aa95058d04ef61159712e7c567220b3f5c275251d78b0000bc04575f23c55894
Hash: e0fcd3fe107ede4c21d436afbc28455a9c60909bf67f27886c88b379ca529e09
Name: Files/kubernetes/job.yaml
Content-Type: test-data

@ -7,7 +7,7 @@ spec:
maxReplicas: 3
minReplicas: 1
scaleTargetRef:
apiVersion: extensions/v1beta1
apiVersion: apps/v1
kind: Deployment
name: curry-svc-vdu001
targetCPUUtilizationPercentage: 40

@ -30,6 +30,20 @@ VIMC_DEFAULT_OUTPUT=vim_config.yaml
# Secret token retrieved from kubectl.
#######################################
function k8s_token() {
# NOTES:
# - Service account tokens are no longer automatically generated
# for each ServiceAccount in Kubernetes 1.24,
# so it is necessary to manually register Secret.
kubectl create -f - <<EOF &>/dev/null
apiVersion: v1
kind: Secret
metadata:
name: default-token-k8svim
annotations:
kubernetes.io/service-account.name: "default"
type: kubernetes.io/service-account-token
EOF
local _secret=$(kubectl get secret -o jsonpath="{.items[0].metadata.name}")
echo $(kubectl get secret ${_secret} -o jsonpath="{.data.token}" |
base64 --decode)

Loading…
Cancel
Save