Support K8s 1.22.0 and newer.

The rbac.authorization.k8s.io/v1beta1 API was deprecated and replaced
with rbac.authorization.k8s.io/v1. Version 1.22.0 of Kuberenetes removes
the deprecated API which means Nodepool needs to stop using it.
According to the docs [0] version 1.8 and newer support the new APIs.

To address this we update our RBAC client instance to use the non beta
version client and update our version specification in the manifests to
drop the beta version.

Add a release note indicating that K8s 1.8 and newer is now required.
Additionally we unpin minikube in testing to ensure we have test
coverage of this change against newer Kuberentes.

[0] https://kubernetes.io/docs/reference/using-api/deprecation-guide/#rbac-resources-v122

Story: 2009974
Change-Id: Ic21725efc8088e7dfb0777c2c96c742182cdbf93

.zuul.yaml

@@ -7,8 +7,6 @@
     post-run: playbooks/nodepool-functional-k8s/post.yaml
     required-projects:
       - zuul/nodepool
-    vars:
-      minikube_version: v1.22.0  # NOTE(corvus): 1.23.0 failed with 404 on create_namespaced_role
 
 - job:
     description: |

nodepool/driver/kubernetes/provider.py

@@ -39,7 +39,7 @@ class KubernetesProvider(Provider, QuotaSupport):
         self._zk = None
         self.ready = False
         _, _, self.k8s_client, self.rbac_client = get_client(
-            self.log, provider.context, k8s_client.RbacAuthorizationV1beta1Api)
+            self.log, provider.context, k8s_client.RbacAuthorizationV1Api)
         self.namespace_names = set()
         for pool in provider.pools.values():
             self.namespace_names.add(pool.name)
@@ -181,7 +181,7 @@ class KubernetesProvider(Provider, QuotaSupport):
             role_name = "zuul-restricted"
             role_body = {
                 'kind': 'Role',
-                'apiVersion': 'rbac.authorization.k8s.io/v1beta1',
+                'apiVersion': 'rbac.authorization.k8s.io/v1',
                 'metadata': {
                     'name': role_name,
                 },
@@ -207,7 +207,7 @@ class KubernetesProvider(Provider, QuotaSupport):
             role_name = "zuul"
             role_body = {
                 'kind': 'Role',
-                'apiVersion': 'rbac.authorization.k8s.io/v1beta1',
+                'apiVersion': 'rbac.authorization.k8s.io/v1',
                 'metadata': {
                     'name': role_name,
                 },
@@ -225,7 +225,7 @@ class KubernetesProvider(Provider, QuotaSupport):
 
         # Give service account admin access
         role_binding_body = {
-            'apiVersion': 'rbac.authorization.k8s.io/v1beta1',
+            'apiVersion': 'rbac.authorization.k8s.io/v1',
             'kind': 'RoleBinding',
             'metadata': {'name': 'zuul-role'},
             'roleRef': {

releasenotes/notes/handle-new-k8s-rbac-api-a2fa70f67c4b5362.yaml

@@ -0,0 +1,6 @@
+---
+other:
+  - |
+    Kubernetes 1.8 or newer is required by the Kubernetes driver.
+    This was necessary to support Kubernetes 1.22.0 and newer which
+    requires using APIs that are not supported before version 1.8.