diff --git a/debian_iso_image.inc b/debian_iso_image.inc index 5b0dbf650..e5af41d28 100644 --- a/debian_iso_image.inc +++ b/debian_iso_image.inc @@ -1,8 +1,5 @@ # List of packages to be included/installed in ISO -#armada -armada - #base-passwd base-passwd diff --git a/debian_pkg_dirs b/debian_pkg_dirs index 81bfbdb1c..8b5cdf8ca 100644 --- a/debian_pkg_dirs +++ b/debian_pkg_dirs @@ -52,8 +52,6 @@ golang-github-dev/golang-github-networkplumbing-go-nft-dev grub/grub-efi grub/grub2 grub/grubby -kubernetes/armada -kubernetes/armada-helm-toolkit kubernetes/chartmuseum kubernetes/cni/bond-cni kubernetes/cni/plugins diff --git a/distroless_stable_docker_images.inc b/distroless_stable_docker_images.inc index 711155f09..654f802c6 100644 --- a/distroless_stable_docker_images.inc +++ b/distroless_stable_docker_images.inc @@ -1,2 +1 @@ -kubernetes/armada #kubernetes/plugins/intel-device-plugin diff --git a/kubernetes/armada-helm-toolkit/Readme.rst b/kubernetes/armada-helm-toolkit/Readme.rst deleted file mode 100644 index a04133259..000000000 --- a/kubernetes/armada-helm-toolkit/Readme.rst +++ /dev/null @@ -1,8 +0,0 @@ -This repo is for https://github.com/openstack/openstack-helm-infra - -Changes to this repo are needed for StarlingX and those changes are -not yet merged. -Rather than clone and diverge the repo, the repo is extracted at a particular -git SHA, and patches are applied on top. - -As those patches are merged, the SHA can be updated and the local patches removed. diff --git a/kubernetes/armada-helm-toolkit/centos/armada-helm-toolkit.spec b/kubernetes/armada-helm-toolkit/centos/armada-helm-toolkit.spec deleted file mode 100644 index 5b2cdd663..000000000 --- a/kubernetes/armada-helm-toolkit/centos/armada-helm-toolkit.spec +++ /dev/null @@ -1,65 +0,0 @@ -%global src_name openstack-helm-infra -%global sha c9d6676bf9a5aceb311dc31dadd07cba6a3d6392 -%global helm_folder /usr/lib/helm - -Summary: Openstack-Helm-Infra helm-toolkit chart -Name: armada-helm-toolkit -Version: 1.0 -Release: %{tis_patch_ver}%{?_tis_dist} -License: Apache-2.0 -Group: base -Packager: Wind River -URL: https://github.com/openstack/openstack-helm-infra - -Source0: %{src_name}-%{sha}.tar.gz - -BuildArch: noarch - -# Note patches 0003, 0005, 0007 through 0013 do not apply to helm-toolkit -Patch01: 0001-Allow-multiple-containers-per-daemonset-pod.patch -Patch02: 0002-Add-imagePullSecrets-in-service-account.patch -Patch04: 0004-Partial-revert-of-31e3469d28858d7b5eb6355e88b6f49fd6.patch -Patch06: 0006-Fix-pod-restarts-on-all-workers-when-worker-added-re.patch -Patch07: 0007-Update-apiVersion-to-networking.k8s.io.patch -Patch08: 0008-Update-apiVersion-authorization-to-v1.patch - -BuildRequires: helm -BuildRequires: chartmuseum - -%description -Openstack Helm Infra helm-toolkit chart - -%prep -%setup -n openstack-helm-infra -%patch01 -p1 -%patch02 -p1 -%patch04 -p1 -%patch06 -p1 -%patch07 -p1 -%patch08 -p1 - - -%build -# Host a server for the charts -chartmuseum --debug --port=8879 --context-path='/charts' --storage="local" --storage-local-rootdir="." & -sleep 2 -helm repo add local http://localhost:8879/charts - -# Make the charts. These produce tgz files -make helm-toolkit -# Both armada-helm-toolkit and openstack-helm-infra provide the same -# helm-toolkit tarball filename. Rename files with 'armada-' prefix -# to prevent 'Transaction check error'. -for filename in *.tgz; do mv -v "$filename" "armada-$filename"; done - -# terminate helm server (the last backgrounded task) -kill %1 - -%install -install -d -m 755 ${RPM_BUILD_ROOT}%{helm_folder} -install -p -D -m 755 *.tgz ${RPM_BUILD_ROOT}%{helm_folder} - -%files -%dir %attr(0755,root,root) %{helm_folder} -%defattr(-,root,root,-) -%{helm_folder}/* diff --git a/kubernetes/armada-helm-toolkit/centos/build_srpm.data b/kubernetes/armada-helm-toolkit/centos/build_srpm.data deleted file mode 100644 index 790bcdf97..000000000 --- a/kubernetes/armada-helm-toolkit/centos/build_srpm.data +++ /dev/null @@ -1,11 +0,0 @@ -# NOTE: This package and version is identical to -# stx/openstack-armada-app/openstack-helm-infra . -# This decouples distro build of armada chart from flock. -TAR_NAME=openstack-helm-infra -SHA=c9d6676bf9a5aceb311dc31dadd07cba6a3d6392 -VERSION=1.0.0 -TAR="$TAR_NAME-$SHA.tar.gz" - -COPY_LIST="${CGCS_BASE}/downloads/$TAR $PKG_BASE/files/*" - -TIS_PATCH_VER=PKG_GITREVCOUNT diff --git a/kubernetes/armada-helm-toolkit/debian/deb_folder/armada-helm-toolkit.lintian-overrides b/kubernetes/armada-helm-toolkit/debian/deb_folder/armada-helm-toolkit.lintian-overrides deleted file mode 100644 index 4a8ebc59c..000000000 --- a/kubernetes/armada-helm-toolkit/debian/deb_folder/armada-helm-toolkit.lintian-overrides +++ /dev/null @@ -1 +0,0 @@ -armada-helm-toolkit source: file-without-copyright-information diff --git a/kubernetes/armada-helm-toolkit/debian/deb_folder/changelog b/kubernetes/armada-helm-toolkit/debian/deb_folder/changelog deleted file mode 100644 index 0fbe7950a..000000000 --- a/kubernetes/armada-helm-toolkit/debian/deb_folder/changelog +++ /dev/null @@ -1,5 +0,0 @@ -armada-helm-toolkit (1.0-1) unstable; urgency=medium - - * Initial release. - - -- Daniel Safta Thu, 04 Nov 2021 14:00:42 +0000 diff --git a/kubernetes/armada-helm-toolkit/debian/deb_folder/control b/kubernetes/armada-helm-toolkit/debian/deb_folder/control deleted file mode 100644 index 7a3b4a456..000000000 --- a/kubernetes/armada-helm-toolkit/debian/deb_folder/control +++ /dev/null @@ -1,13 +0,0 @@ -Source: armada-helm-toolkit -Section: admin -Priority: optional -Maintainer: StarlingX Developers -Build-Depends: debhelper-compat (= 13), helm, chartmuseum, procps -Standards-Version: 4.4.1 -Homepage: https://www.starlingx.io - -Package: armada-helm-toolkit -Architecture: any -Depends: ${misc:Depends}, ${shlibs:Depends} -Description: Openstack-Helm-Infra helm-toolkit chart. - helm-toolkit used in building armada. diff --git a/kubernetes/armada-helm-toolkit/debian/deb_folder/copyright b/kubernetes/armada-helm-toolkit/debian/deb_folder/copyright deleted file mode 100644 index 54d426349..000000000 --- a/kubernetes/armada-helm-toolkit/debian/deb_folder/copyright +++ /dev/null @@ -1,29 +0,0 @@ - -Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ -Upstream-Name: openstack-helm-infra -Source: https://github.com/openstack/openstack-helm-infra -Files: * -Copyright: (c) 2013-2021 Wind River Systems, Inc -License: Apache-2 - -# If you want to use GPL v2 or later for the /debian/* files use -# the following clauses, or change it to suit. Delete these two lines -Files: debian/* -Copyright: 2021 Wind River Systems, Inc -License: Apache-2 - -License: Apache-2 - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - . - https://www.apache.org/licenses/LICENSE-2.0 - . - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. - . - On Debian-based systems the full text of the Apache version 2.0 license - can be found in `/usr/share/common-licenses/Apache-2.0'. diff --git a/kubernetes/armada-helm-toolkit/debian/deb_folder/rules b/kubernetes/armada-helm-toolkit/debian/deb_folder/rules deleted file mode 100644 index 0a4f9a05a..000000000 --- a/kubernetes/armada-helm-toolkit/debian/deb_folder/rules +++ /dev/null @@ -1,23 +0,0 @@ -#!/usr/bin/make -f - -export ROOT = debian/armada-helm-toolkit -export APP_FOLDER = $(ROOT)/usr/lib/helm -export APP_NAME = armada-helm-toolkit - -%: - dh $@ - -override_dh_auto_build: - # Host a server for the charts - chartmuseum --debug --port=8879 --context-path='/charts' --storage="local" --storage-local-rootdir="." & - sleep 2 - helm repo add local http://localhost:8879/charts - # Make the charts. These produce tgz files - make helm-toolkit - pkill chartmuseum - - -override_dh_auto_install: - # Install the app tar file. - install -d -m 755 $(APP_FOLDER) - install -p -D -m 755 helm-toolkit-0.1.0.tgz $(APP_FOLDER)/armada-helm-toolkit-0.1.0.tgz diff --git a/kubernetes/armada-helm-toolkit/debian/deb_folder/source/format b/kubernetes/armada-helm-toolkit/debian/deb_folder/source/format deleted file mode 100644 index 163aaf8d8..000000000 --- a/kubernetes/armada-helm-toolkit/debian/deb_folder/source/format +++ /dev/null @@ -1 +0,0 @@ -3.0 (quilt) diff --git a/kubernetes/armada-helm-toolkit/debian/deb_folder/source/options b/kubernetes/armada-helm-toolkit/debian/deb_folder/source/options deleted file mode 100644 index cb61fa526..000000000 --- a/kubernetes/armada-helm-toolkit/debian/deb_folder/source/options +++ /dev/null @@ -1 +0,0 @@ -extend-diff-ignore = "^[^/]*[.]egg-info/" diff --git a/kubernetes/armada-helm-toolkit/debian/meta_data.yaml b/kubernetes/armada-helm-toolkit/debian/meta_data.yaml deleted file mode 100644 index 4c33b62fe..000000000 --- a/kubernetes/armada-helm-toolkit/debian/meta_data.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -debname: armada-helm-toolkit -debver: 1.0-1 -dl_path: - name: openstack-helm-infra-c9d6676bf9a5aceb311dc31dadd07cba6a3d6392.tar.gz - url: https://github.com/openstack/openstack-helm-infra/archive/c9d6676bf9a5aceb311dc31dadd07cba6a3d6392.tar.gz - md5sum: 6b4ad40b343c346ee54443337edd2be3 - sha256sum: e3c9899489b17305dd324ad1fe78df4752eb0fe5c622abba31e67f50bdca378c -revision: - dist: $STX_DIST - GITREVCOUNT: - BASE_SRCREV: db16f48a952e3c5da8b2efea7acc723107b2c0a2 - SRC_DIR: ${MY_REPO}/stx/integ/kubernetes/armada-helm-toolkit diff --git a/kubernetes/armada-helm-toolkit/debian/patches/0001-Allow-multiple-containers-per-daemonset-pod.patch b/kubernetes/armada-helm-toolkit/debian/patches/0001-Allow-multiple-containers-per-daemonset-pod.patch deleted file mode 100644 index c138f58f1..000000000 --- a/kubernetes/armada-helm-toolkit/debian/patches/0001-Allow-multiple-containers-per-daemonset-pod.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 47315e28d44cff586f6fff026dd00e61c2c77bcd Mon Sep 17 00:00:00 2001 -From: Gerry Kopec -Date: Wed, 9 Jan 2019 20:11:33 -0500 -Subject: [PATCH 1/4] Allow multiple containers per daemonset pod - -Remove code that restricted daemonset pods to single containers. -Container names will default to name from helm chart template. -Required for nova cold migrations to work. - -Story: 2003876 -Task: 26735 -Change-Id: Icce660415d43baefbbf768a785c5dedf04ea2930 -Signed-off-by: Gerry Kopec -(cherry picked from commit 7ca30319f418cd39db5ecf44cce5fb5fe39c458e) -Signed-off-by: Robert Church ---- - helm-toolkit/templates/utils/_daemonset_overrides.tpl | 7 ------- - 1 file changed, 7 deletions(-) - -diff --git a/helm-toolkit/templates/utils/_daemonset_overrides.tpl b/helm-toolkit/templates/utils/_daemonset_overrides.tpl -index e352bc9..10ab166 100644 ---- a/helm-toolkit/templates/utils/_daemonset_overrides.tpl -+++ b/helm-toolkit/templates/utils/_daemonset_overrides.tpl -@@ -225,13 +225,6 @@ limitations under the License. - {{- if not $context.Values.__daemonset_yaml.metadata.name }}{{- $_ := set $context.Values.__daemonset_yaml.metadata "name" dict }}{{- end }} - {{- $_ := set $context.Values.__daemonset_yaml.metadata "name" $current_dict.dns_1123_name }} - -- {{/* set container name -- assume not more than one container is defined */}} -- {{- $container := first $context.Values.__daemonset_yaml.spec.template.spec.containers }} -- {{- $_ := set $container "name" $current_dict.dns_1123_name }} -- {{- $cont_list := list $container }} -- {{- $_ := set $context.Values.__daemonset_yaml.spec.template.spec "containers" $cont_list }} -- - {{/* cross-reference configmap name to container volume definitions */}} - {{- $_ := set $context.Values "__volume_list" list }} - {{- range $current_volume := $context.Values.__daemonset_yaml.spec.template.spec.volumes }} --- -2.7.4 - diff --git a/kubernetes/armada-helm-toolkit/debian/patches/0002-Add-imagePullSecrets-in-service-account.patch b/kubernetes/armada-helm-toolkit/debian/patches/0002-Add-imagePullSecrets-in-service-account.patch deleted file mode 100644 index 07e2dd398..000000000 --- a/kubernetes/armada-helm-toolkit/debian/patches/0002-Add-imagePullSecrets-in-service-account.patch +++ /dev/null @@ -1,26 +0,0 @@ -From ac3f9db5ac1a19af71136752f5709ba1da55d201 Mon Sep 17 00:00:00 2001 -From: Angie Wang -Date: Mon, 11 Feb 2019 11:29:03 -0500 -Subject: [PATCH 2/4] Add imagePullSecrets in service account - -Signed-off-by: Robert Church ---- - helm-toolkit/templates/snippets/_kubernetes_pod_rbac_serviceaccount.tpl | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/helm-toolkit/templates/snippets/_kubernetes_pod_rbac_serviceaccount.tpl b/helm-toolkit/templates/snippets/_kubernetes_pod_rbac_serviceaccount.tpl -index b4cf1a6..2f4113b 100644 ---- a/helm-toolkit/templates/snippets/_kubernetes_pod_rbac_serviceaccount.tpl -+++ b/helm-toolkit/templates/snippets/_kubernetes_pod_rbac_serviceaccount.tpl -@@ -44,6 +44,8 @@ kind: ServiceAccount - metadata: - name: {{ $saName }} - namespace: {{ $saNamespace }} -+imagePullSecrets: -+ - name: default-registry-key - {{- range $k, $v := $deps -}} - {{- if eq $k "services" }} - {{- range $serv := $v }} --- -2.16.5 - diff --git a/kubernetes/armada-helm-toolkit/debian/patches/0004-Partial-revert-of-31e3469d28858d7b5eb6355e88b6f49fd6.patch b/kubernetes/armada-helm-toolkit/debian/patches/0004-Partial-revert-of-31e3469d28858d7b5eb6355e88b6f49fd6.patch deleted file mode 100644 index 113d8fb91..000000000 --- a/kubernetes/armada-helm-toolkit/debian/patches/0004-Partial-revert-of-31e3469d28858d7b5eb6355e88b6f49fd6.patch +++ /dev/null @@ -1,65 +0,0 @@ -From b3829fef30e76fdf498fa1d0d35185f642dce5f6 Mon Sep 17 00:00:00 2001 -From: Robert Church -Date: Mon, 8 Apr 2019 02:12:39 -0400 -Subject: [PATCH 4/4] Partial revert of - 31e3469d28858d7b5eb6355e88b6f49fd62032be - -Suspect that new use of mergeOverwrite vs. merge is breaking the -per-host DaemonSet overrides. - -Signed-off-by: Robert Church ---- - helm-toolkit/templates/utils/_daemonset_overrides.tpl | 12 ++++++------ - 1 file changed, 6 insertions(+), 6 deletions(-) - -diff --git a/helm-toolkit/templates/utils/_daemonset_overrides.tpl b/helm-toolkit/templates/utils/_daemonset_overrides.tpl -index 10ab166..ab1177a 100644 ---- a/helm-toolkit/templates/utils/_daemonset_overrides.tpl -+++ b/helm-toolkit/templates/utils/_daemonset_overrides.tpl -@@ -49,10 +49,10 @@ limitations under the License. - {{- $override_conf_copy := $host_data.conf }} - {{/* Deep copy to prevent https://storyboard.openstack.org/#!/story/2005936 */}} - {{- $root_conf_copy := omit ($context.Values.conf | toYaml | fromYaml) "overrides" }} -- {{- $merged_dict := mergeOverwrite $root_conf_copy $override_conf_copy }} -+ {{- $merged_dict := merge $override_conf_copy $root_conf_copy }} - {{- $root_conf_copy2 := dict "conf" $merged_dict }} - {{- $context_values := omit (omit ($context.Values | toYaml | fromYaml) "conf") "__daemonset_list" }} -- {{- $root_conf_copy3 := mergeOverwrite $context_values $root_conf_copy2 }} -+ {{- $root_conf_copy3 := merge $context_values $root_conf_copy2 }} - {{- $root_conf_copy4 := dict "Values" $root_conf_copy3 }} - {{- $_ := set $current_dict "nodeData" $root_conf_copy4 }} - -@@ -89,10 +89,10 @@ limitations under the License. - {{- $override_conf_copy := $label_data.conf }} - {{/* Deep copy to prevent https://storyboard.openstack.org/#!/story/2005936 */}} - {{- $root_conf_copy := omit ($context.Values.conf | toYaml | fromYaml) "overrides" }} -- {{- $merged_dict := mergeOverwrite $root_conf_copy $override_conf_copy }} -+ {{- $merged_dict := merge $override_conf_copy $root_conf_copy }} - {{- $root_conf_copy2 := dict "conf" $merged_dict }} - {{- $context_values := omit (omit ($context.Values | toYaml | fromYaml) "conf") "__daemonset_list" }} -- {{- $root_conf_copy3 := mergeOverwrite $context_values $root_conf_copy2 }} -+ {{- $root_conf_copy3 := merge $context_values $root_conf_copy2 }} - {{- $root_conf_copy4 := dict "Values" $root_conf_copy3 }} - {{- $_ := set $context.Values.__current_label "nodeData" $root_conf_copy4 }} - -@@ -187,7 +187,7 @@ limitations under the License. - {{- $root_conf_copy1 := omit $context.Values.conf "overrides" }} - {{- $root_conf_copy2 := dict "conf" $root_conf_copy1 }} - {{- $context_values := omit $context.Values "conf" }} -- {{- $root_conf_copy3 := mergeOverwrite $context_values $root_conf_copy2 }} -+ {{- $root_conf_copy3 := merge $context_values $root_conf_copy2 }} - {{- $root_conf_copy4 := dict "Values" $root_conf_copy3 }} - {{- $_ := set $context.Values.__default "nodeData" $root_conf_copy4 }} - -@@ -198,7 +198,7 @@ limitations under the License. - {{- range $current_dict := $context.Values.__daemonset_list }} - - {{- $context_novalues := omit $context "Values" }} -- {{- $merged_dict := mergeOverwrite $context_novalues $current_dict.nodeData }} -+ {{- $merged_dict := merge $current_dict.nodeData $context_novalues }} - {{- $_ := set $current_dict "nodeData" $merged_dict }} - {{/* Deep copy original daemonset_yaml */}} - {{- $_ := set $context.Values "__daemonset_yaml" ($daemonset_yaml | toYaml | fromYaml) }} --- -2.7.4 - diff --git a/kubernetes/armada-helm-toolkit/debian/patches/0006-Fix-pod-restarts-on-all-workers-when-worker-added-re.patch b/kubernetes/armada-helm-toolkit/debian/patches/0006-Fix-pod-restarts-on-all-workers-when-worker-added-re.patch deleted file mode 100644 index 272b3046b..000000000 --- a/kubernetes/armada-helm-toolkit/debian/patches/0006-Fix-pod-restarts-on-all-workers-when-worker-added-re.patch +++ /dev/null @@ -1,46 +0,0 @@ -From 326fcd76f54d7c099f4c3da6c31eefe0eef2e236 Mon Sep 17 00:00:00 2001 -From: Ovidiu Poncea -Date: Mon, 29 Jul 2019 08:00:01 -0400 -Subject: [PATCH] Fix pod restarts on all workers when worker added/removed - ---- - helm-toolkit/templates/utils/_daemonset_overrides.tpl | 4 ++-- - helm-toolkit/templates/utils/_hash.tpl | 2 +- - 2 files changed, 3 insertions(+), 3 deletions(-) - -diff --git a/helm-toolkit/templates/utils/_daemonset_overrides.tpl b/helm-toolkit/templates/utils/_daemonset_overrides.tpl -index ab1177a..e564869 100644 ---- a/helm-toolkit/templates/utils/_daemonset_overrides.tpl -+++ b/helm-toolkit/templates/utils/_daemonset_overrides.tpl -@@ -215,7 +215,7 @@ limitations under the License. - name uniqueness */}} - {{- $_ := set $current_dict "dns_1123_name" dict }} - {{- if hasKey $current_dict "matchExpressions" }} -- {{- $_ := set $current_dict "dns_1123_name" (printf (print $name_format2 "-" ($current_dict.matchExpressions | quote | sha256sum | trunc 8))) }} -+ {{- $_ := set $current_dict "dns_1123_name" (printf (print $name_format2 "-" ($current_dict.matchExpressions | toJson | sha256sum | trunc 8))) }} - {{- else }} - {{- $_ := set $current_dict "dns_1123_name" $name_format2 }} - {{- end }} -@@ -258,7 +258,7 @@ limitations under the License. - {{- if not $context.Values.__daemonset_yaml.spec.template.metadata }}{{- $_ := set $context.Values.__daemonset_yaml.spec.template "metadata" dict }}{{- end }} - {{- if not $context.Values.__daemonset_yaml.spec.template.metadata.annotations }}{{- $_ := set $context.Values.__daemonset_yaml.spec.template.metadata "annotations" dict }}{{- end }} - {{- $cmap := list $current_dict.dns_1123_name $current_dict.nodeData | include $configmap_include }} -- {{- $values_hash := $cmap | quote | sha256sum }} -+ {{- $values_hash := $cmap | toJson | sha256sum }} - {{- $_ := set $context.Values.__daemonset_yaml.spec.template.metadata.annotations "configmap-etc-hash" $values_hash }} - - {{/* generate configmap */}} -diff --git a/helm-toolkit/templates/utils/_hash.tpl b/helm-toolkit/templates/utils/_hash.tpl -index 1041ec0..e419e3b 100644 ---- a/helm-toolkit/templates/utils/_hash.tpl -+++ b/helm-toolkit/templates/utils/_hash.tpl -@@ -19,5 +19,5 @@ limitations under the License. - {{- $context := index . 1 -}} - {{- $last := base $context.Template.Name }} - {{- $wtf := $context.Template.Name | replace $last $name -}} --{{- include $wtf $context | sha256sum | quote -}} -+{{- include $wtf $context | toJson | sha256sum | quote -}} - {{- end -}} --- -2.7.4 - diff --git a/kubernetes/armada-helm-toolkit/debian/patches/0007-Update-apiVersion-to-networking.k8s.io.patch b/kubernetes/armada-helm-toolkit/debian/patches/0007-Update-apiVersion-to-networking.k8s.io.patch deleted file mode 100644 index dc43fcdcc..000000000 --- a/kubernetes/armada-helm-toolkit/debian/patches/0007-Update-apiVersion-to-networking.k8s.io.patch +++ /dev/null @@ -1,219 +0,0 @@ -From 751dff849dfcd9d68ba065571dc8251dbfc16cb2 Mon Sep 17 00:00:00 2001 -From: Daniel Safta -Date: Wed, 2 Feb 2022 12:07:18 +0000 -Subject: [PATCH 1/2] Update apiVersion to networking.k8s.io/v1 - -These are the changes needed to upgrade -the apiVersion in the resources used by armada. -This is a subset of the upstream commit: -https://github.com/openstack/openstack-helm-infra/commit/f4972121bcb41c8d74748917804d2b239ab757f9 -Signed-off-by: Daniel Safta ---- - helm-toolkit/templates/manifests/_ingress.tpl | 75 +++++++++++++------ - ingress/templates/ingress.yaml | 14 +++- - 2 files changed, 62 insertions(+), 27 deletions(-) - -diff --git a/helm-toolkit/templates/manifests/_ingress.tpl b/helm-toolkit/templates/manifests/_ingress.tpl -index f0c37fd..5c54c34 100644 ---- a/helm-toolkit/templates/manifests/_ingress.tpl -+++ b/helm-toolkit/templates/manifests/_ingress.tpl -@@ -64,7 +64,7 @@ examples: - {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" ) -}} - return: | - --- -- apiVersion: extensions/v1beta1 -+ apiVersion: networking.k8s.io/v1 - kind: Ingress - metadata: - name: barbican -@@ -78,25 +78,34 @@ examples: - http: - paths: - - path: / -+ pathType: ImplementationSpecific - backend: -- serviceName: barbican-api -- servicePort: b-api -+ service: -+ name: barbican-api -+ port: -+ name: b-api - - host: barbican.default - http: - paths: - - path: / -+ pathType: ImplementationSpecific - backend: -- serviceName: barbican-api -- servicePort: b-api -+ service: -+ name: barbican-api -+ port: -+ name: b-api - - host: barbican.default.svc.cluster.local - http: - paths: - - path: / -+ pathType: ImplementationSpecific - backend: -- serviceName: barbican-api -- servicePort: b-api -+ service: -+ name: barbican-api -+ port: -+ name: b-api - --- -- apiVersion: extensions/v1beta1 -+ apiVersion: networking.k8s.io/v1 - kind: Ingress - metadata: - name: barbican-namespace-fqdn -@@ -114,11 +123,14 @@ examples: - http: - paths: - - path: / -+ pathType: ImplementationSpecific - backend: -- serviceName: barbican-api -- servicePort: b-api -+ service: -+ name: barbican-api -+ port: -+ name: b-api - --- -- apiVersion: extensions/v1beta1 -+ apiVersion: networking.k8s.io/v1 - kind: Ingress - metadata: - name: barbican-cluster-fqdn -@@ -136,9 +148,12 @@ examples: - http: - paths: - - path: / -+ pathType: ImplementationSpecific - backend: -- serviceName: barbican-api -- servicePort: b-api -+ service: -+ name: barbican-api -+ port: -+ name: b-api - - values: | - network: - api: -@@ -184,7 +199,7 @@ examples: - {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" ) -}} - return: | - --- -- apiVersion: extensions/v1beta1 -+ apiVersion: networking.k8s.io/v1 - kind: Ingress - metadata: - name: barbican -@@ -204,23 +219,32 @@ examples: - http: - paths: - - path: / -+ pathType: ImplementationSpecific - backend: -- serviceName: barbican-api -- servicePort: b-api -+ service: -+ name: barbican-api -+ port: -+ name: b-api - - host: barbican.default - http: - paths: - - path: / -+ pathType: ImplementationSpecific - backend: -- serviceName: barbican-api -- servicePort: b-api -+ service: -+ name: barbican-api -+ port: -+ name: b-api - - host: barbican.default.svc.cluster.local - http: - paths: - - path: / -+ pathType: ImplementationSpecific - backend: -- serviceName: barbican-api -- servicePort: b-api -+ service: -+ name: barbican-api -+ port: -+ name: b-api - */}} - - {{- define "helm-toolkit.manifests.ingress._host_rules" -}} -@@ -231,9 +255,12 @@ examples: - http: - paths: - - path: / -+ pathType: ImplementationSpecific - backend: -- serviceName: {{ $backendName }} -- servicePort: {{ $backendPort }} -+ service: -+ name: {{ $backendName }} -+ port: -+ name: {{ $backendPort }} - {{- end }} - - {{- define "helm-toolkit.manifests.ingress" -}} -@@ -247,7 +274,7 @@ examples: - {{- $hostName := tuple $backendServiceType $endpoint $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} - {{- $hostNameFull := tuple $backendServiceType $endpoint $envAll | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup" }} - --- --apiVersion: extensions/v1beta1 -+apiVersion: networking.k8s.io/v1 - kind: Ingress - metadata: - name: {{ $ingressName }} -@@ -282,7 +309,7 @@ spec: - {{- range $key2, $ingressController := tuple "namespace" "cluster" }} - {{- $hostNameFullRules := dict "vHost" $hostNameFull "backendName" $backendName "backendPort" $backendPort }} - --- --apiVersion: extensions/v1beta1 -+apiVersion: networking.k8s.io/v1 - kind: Ingress - metadata: - name: {{ printf "%s-%s-%s" $ingressName $ingressController "fqdn" }} -diff --git a/ingress/templates/ingress.yaml b/ingress/templates/ingress.yaml -index 16ebaab..10ffac7 100644 ---- a/ingress/templates/ingress.yaml -+++ b/ingress/templates/ingress.yaml -@@ -21,7 +21,7 @@ limitations under the License. - {{- $_ := set .Values.network.ingress.annotations "kubernetes.io/ingress.class" .Values.deployment.cluster.class -}} - {{- end -}} - --- --apiVersion: extensions/v1beta1 -+apiVersion: networking.k8s.io/v1 - kind: Ingress - metadata: - name: {{ .Release.Namespace }}-{{ .Release.Name }} -@@ -33,8 +33,16 @@ spec: - http: - paths: - - path: / -+ pathType: ImplementationSpecific - backend: -- serviceName: {{ tuple "ingress" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} -- servicePort: {{ tuple "ingress" "internal" "http" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} -+ service: -+ name: {{ $serviceName }} -+ port: -+{{- if or (kindIs "int" $servicePort) (regexMatch "^[0-9]{1,5}$" $servicePort) }} -+ number: {{ $servicePort | int }} -+{{- else }} -+ name: {{ $servicePort | quote }} -+{{- end }} -+ - {{- end }} - {{- end }} --- -2.31.1 - diff --git a/kubernetes/armada-helm-toolkit/debian/patches/0008-Update-apiVersion-authorization-to-v1.patch b/kubernetes/armada-helm-toolkit/debian/patches/0008-Update-apiVersion-authorization-to-v1.patch deleted file mode 100644 index be3d6ba85..000000000 --- a/kubernetes/armada-helm-toolkit/debian/patches/0008-Update-apiVersion-authorization-to-v1.patch +++ /dev/null @@ -1,53 +0,0 @@ -From d5d3e40baedaba10335bc2f0ea801e9118e05d1c Mon Sep 17 00:00:00 2001 -From: Daniel Safta -Date: Wed, 2 Feb 2022 12:07:51 +0000 -Subject: [PATCH 2/2] Update apiVersion authorization to v1 - -These are the changes needed to upgrade -the apiVersion in the resources used by armada. -This is a subset of the upstream commit: -https://github.com/openstack/openstack-helm-infra/commit/f4972121bcb41c8d74748917804d2b239ab757f9 -Signed-off-by: Daniel Safta ---- - .../templates/snippets/_kubernetes_pod_rbac_roles.tpl | 4 ++-- - podsecuritypolicy/templates/podsecuritypolicy.yaml | 2 +- - 2 files changed, 3 insertions(+), 3 deletions(-) - -diff --git a/helm-toolkit/templates/snippets/_kubernetes_pod_rbac_roles.tpl b/helm-toolkit/templates/snippets/_kubernetes_pod_rbac_roles.tpl -index f9f48ef..44a31fd 100644 ---- a/helm-toolkit/templates/snippets/_kubernetes_pod_rbac_roles.tpl -+++ b/helm-toolkit/templates/snippets/_kubernetes_pod_rbac_roles.tpl -@@ -21,7 +21,7 @@ limitations under the License. - {{- $saNamespace := index . 3 -}} - {{- $releaseName := $envAll.Release.Name }} - --- --apiVersion: rbac.authorization.k8s.io/v1beta1 -+apiVersion: rbac.authorization.k8s.io/v1 - kind: RoleBinding - metadata: - name: {{ $releaseName }}-{{ $saName }} -@@ -35,7 +35,7 @@ subjects: - name: {{ $saName }} - namespace: {{ $saNamespace }} - --- --apiVersion: rbac.authorization.k8s.io/v1beta1 -+apiVersion: rbac.authorization.k8s.io/v1 - kind: Role - metadata: - name: {{ $releaseName }}-{{ $saNamespace }}-{{ $saName }} -diff --git a/podsecuritypolicy/templates/podsecuritypolicy.yaml b/podsecuritypolicy/templates/podsecuritypolicy.yaml -index 741c9a8..9e22c6e 100644 ---- a/podsecuritypolicy/templates/podsecuritypolicy.yaml -+++ b/podsecuritypolicy/templates/podsecuritypolicy.yaml -@@ -20,7 +20,7 @@ limitations under the License. - {{/* Create one ClusterRole and PSP per PSP definition in values */}} - {{- range $pspName, $pspDetails := .Values.data }} - --- --apiVersion: extensions/v1beta1 -+apiVersion: policy/v1beta1 - kind: PodSecurityPolicy - metadata: - name: {{ $pspName }} --- -2.31.1 - diff --git a/kubernetes/armada-helm-toolkit/debian/patches/series b/kubernetes/armada-helm-toolkit/debian/patches/series deleted file mode 100644 index c57e57177..000000000 --- a/kubernetes/armada-helm-toolkit/debian/patches/series +++ /dev/null @@ -1,6 +0,0 @@ -0001-Allow-multiple-containers-per-daemonset-pod.patch -0002-Add-imagePullSecrets-in-service-account.patch -0004-Partial-revert-of-31e3469d28858d7b5eb6355e88b6f49fd6.patch -0006-Fix-pod-restarts-on-all-workers-when-worker-added-re.patch -0007-Update-apiVersion-to-networking.k8s.io.patch -0008-Update-apiVersion-authorization-to-v1.patch diff --git a/kubernetes/armada-helm-toolkit/files/0001-Allow-multiple-containers-per-daemonset-pod.patch b/kubernetes/armada-helm-toolkit/files/0001-Allow-multiple-containers-per-daemonset-pod.patch deleted file mode 100644 index c138f58f1..000000000 --- a/kubernetes/armada-helm-toolkit/files/0001-Allow-multiple-containers-per-daemonset-pod.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 47315e28d44cff586f6fff026dd00e61c2c77bcd Mon Sep 17 00:00:00 2001 -From: Gerry Kopec -Date: Wed, 9 Jan 2019 20:11:33 -0500 -Subject: [PATCH 1/4] Allow multiple containers per daemonset pod - -Remove code that restricted daemonset pods to single containers. -Container names will default to name from helm chart template. -Required for nova cold migrations to work. - -Story: 2003876 -Task: 26735 -Change-Id: Icce660415d43baefbbf768a785c5dedf04ea2930 -Signed-off-by: Gerry Kopec -(cherry picked from commit 7ca30319f418cd39db5ecf44cce5fb5fe39c458e) -Signed-off-by: Robert Church ---- - helm-toolkit/templates/utils/_daemonset_overrides.tpl | 7 ------- - 1 file changed, 7 deletions(-) - -diff --git a/helm-toolkit/templates/utils/_daemonset_overrides.tpl b/helm-toolkit/templates/utils/_daemonset_overrides.tpl -index e352bc9..10ab166 100644 ---- a/helm-toolkit/templates/utils/_daemonset_overrides.tpl -+++ b/helm-toolkit/templates/utils/_daemonset_overrides.tpl -@@ -225,13 +225,6 @@ limitations under the License. - {{- if not $context.Values.__daemonset_yaml.metadata.name }}{{- $_ := set $context.Values.__daemonset_yaml.metadata "name" dict }}{{- end }} - {{- $_ := set $context.Values.__daemonset_yaml.metadata "name" $current_dict.dns_1123_name }} - -- {{/* set container name -- assume not more than one container is defined */}} -- {{- $container := first $context.Values.__daemonset_yaml.spec.template.spec.containers }} -- {{- $_ := set $container "name" $current_dict.dns_1123_name }} -- {{- $cont_list := list $container }} -- {{- $_ := set $context.Values.__daemonset_yaml.spec.template.spec "containers" $cont_list }} -- - {{/* cross-reference configmap name to container volume definitions */}} - {{- $_ := set $context.Values "__volume_list" list }} - {{- range $current_volume := $context.Values.__daemonset_yaml.spec.template.spec.volumes }} --- -2.7.4 - diff --git a/kubernetes/armada-helm-toolkit/files/0002-Add-imagePullSecrets-in-service-account.patch b/kubernetes/armada-helm-toolkit/files/0002-Add-imagePullSecrets-in-service-account.patch deleted file mode 100644 index 07e2dd398..000000000 --- a/kubernetes/armada-helm-toolkit/files/0002-Add-imagePullSecrets-in-service-account.patch +++ /dev/null @@ -1,26 +0,0 @@ -From ac3f9db5ac1a19af71136752f5709ba1da55d201 Mon Sep 17 00:00:00 2001 -From: Angie Wang -Date: Mon, 11 Feb 2019 11:29:03 -0500 -Subject: [PATCH 2/4] Add imagePullSecrets in service account - -Signed-off-by: Robert Church ---- - helm-toolkit/templates/snippets/_kubernetes_pod_rbac_serviceaccount.tpl | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/helm-toolkit/templates/snippets/_kubernetes_pod_rbac_serviceaccount.tpl b/helm-toolkit/templates/snippets/_kubernetes_pod_rbac_serviceaccount.tpl -index b4cf1a6..2f4113b 100644 ---- a/helm-toolkit/templates/snippets/_kubernetes_pod_rbac_serviceaccount.tpl -+++ b/helm-toolkit/templates/snippets/_kubernetes_pod_rbac_serviceaccount.tpl -@@ -44,6 +44,8 @@ kind: ServiceAccount - metadata: - name: {{ $saName }} - namespace: {{ $saNamespace }} -+imagePullSecrets: -+ - name: default-registry-key - {{- range $k, $v := $deps -}} - {{- if eq $k "services" }} - {{- range $serv := $v }} --- -2.16.5 - diff --git a/kubernetes/armada-helm-toolkit/files/0004-Partial-revert-of-31e3469d28858d7b5eb6355e88b6f49fd6.patch b/kubernetes/armada-helm-toolkit/files/0004-Partial-revert-of-31e3469d28858d7b5eb6355e88b6f49fd6.patch deleted file mode 100644 index 113d8fb91..000000000 --- a/kubernetes/armada-helm-toolkit/files/0004-Partial-revert-of-31e3469d28858d7b5eb6355e88b6f49fd6.patch +++ /dev/null @@ -1,65 +0,0 @@ -From b3829fef30e76fdf498fa1d0d35185f642dce5f6 Mon Sep 17 00:00:00 2001 -From: Robert Church -Date: Mon, 8 Apr 2019 02:12:39 -0400 -Subject: [PATCH 4/4] Partial revert of - 31e3469d28858d7b5eb6355e88b6f49fd62032be - -Suspect that new use of mergeOverwrite vs. merge is breaking the -per-host DaemonSet overrides. - -Signed-off-by: Robert Church ---- - helm-toolkit/templates/utils/_daemonset_overrides.tpl | 12 ++++++------ - 1 file changed, 6 insertions(+), 6 deletions(-) - -diff --git a/helm-toolkit/templates/utils/_daemonset_overrides.tpl b/helm-toolkit/templates/utils/_daemonset_overrides.tpl -index 10ab166..ab1177a 100644 ---- a/helm-toolkit/templates/utils/_daemonset_overrides.tpl -+++ b/helm-toolkit/templates/utils/_daemonset_overrides.tpl -@@ -49,10 +49,10 @@ limitations under the License. - {{- $override_conf_copy := $host_data.conf }} - {{/* Deep copy to prevent https://storyboard.openstack.org/#!/story/2005936 */}} - {{- $root_conf_copy := omit ($context.Values.conf | toYaml | fromYaml) "overrides" }} -- {{- $merged_dict := mergeOverwrite $root_conf_copy $override_conf_copy }} -+ {{- $merged_dict := merge $override_conf_copy $root_conf_copy }} - {{- $root_conf_copy2 := dict "conf" $merged_dict }} - {{- $context_values := omit (omit ($context.Values | toYaml | fromYaml) "conf") "__daemonset_list" }} -- {{- $root_conf_copy3 := mergeOverwrite $context_values $root_conf_copy2 }} -+ {{- $root_conf_copy3 := merge $context_values $root_conf_copy2 }} - {{- $root_conf_copy4 := dict "Values" $root_conf_copy3 }} - {{- $_ := set $current_dict "nodeData" $root_conf_copy4 }} - -@@ -89,10 +89,10 @@ limitations under the License. - {{- $override_conf_copy := $label_data.conf }} - {{/* Deep copy to prevent https://storyboard.openstack.org/#!/story/2005936 */}} - {{- $root_conf_copy := omit ($context.Values.conf | toYaml | fromYaml) "overrides" }} -- {{- $merged_dict := mergeOverwrite $root_conf_copy $override_conf_copy }} -+ {{- $merged_dict := merge $override_conf_copy $root_conf_copy }} - {{- $root_conf_copy2 := dict "conf" $merged_dict }} - {{- $context_values := omit (omit ($context.Values | toYaml | fromYaml) "conf") "__daemonset_list" }} -- {{- $root_conf_copy3 := mergeOverwrite $context_values $root_conf_copy2 }} -+ {{- $root_conf_copy3 := merge $context_values $root_conf_copy2 }} - {{- $root_conf_copy4 := dict "Values" $root_conf_copy3 }} - {{- $_ := set $context.Values.__current_label "nodeData" $root_conf_copy4 }} - -@@ -187,7 +187,7 @@ limitations under the License. - {{- $root_conf_copy1 := omit $context.Values.conf "overrides" }} - {{- $root_conf_copy2 := dict "conf" $root_conf_copy1 }} - {{- $context_values := omit $context.Values "conf" }} -- {{- $root_conf_copy3 := mergeOverwrite $context_values $root_conf_copy2 }} -+ {{- $root_conf_copy3 := merge $context_values $root_conf_copy2 }} - {{- $root_conf_copy4 := dict "Values" $root_conf_copy3 }} - {{- $_ := set $context.Values.__default "nodeData" $root_conf_copy4 }} - -@@ -198,7 +198,7 @@ limitations under the License. - {{- range $current_dict := $context.Values.__daemonset_list }} - - {{- $context_novalues := omit $context "Values" }} -- {{- $merged_dict := mergeOverwrite $context_novalues $current_dict.nodeData }} -+ {{- $merged_dict := merge $current_dict.nodeData $context_novalues }} - {{- $_ := set $current_dict "nodeData" $merged_dict }} - {{/* Deep copy original daemonset_yaml */}} - {{- $_ := set $context.Values "__daemonset_yaml" ($daemonset_yaml | toYaml | fromYaml) }} --- -2.7.4 - diff --git a/kubernetes/armada-helm-toolkit/files/0006-Fix-pod-restarts-on-all-workers-when-worker-added-re.patch b/kubernetes/armada-helm-toolkit/files/0006-Fix-pod-restarts-on-all-workers-when-worker-added-re.patch deleted file mode 100644 index 272b3046b..000000000 --- a/kubernetes/armada-helm-toolkit/files/0006-Fix-pod-restarts-on-all-workers-when-worker-added-re.patch +++ /dev/null @@ -1,46 +0,0 @@ -From 326fcd76f54d7c099f4c3da6c31eefe0eef2e236 Mon Sep 17 00:00:00 2001 -From: Ovidiu Poncea -Date: Mon, 29 Jul 2019 08:00:01 -0400 -Subject: [PATCH] Fix pod restarts on all workers when worker added/removed - ---- - helm-toolkit/templates/utils/_daemonset_overrides.tpl | 4 ++-- - helm-toolkit/templates/utils/_hash.tpl | 2 +- - 2 files changed, 3 insertions(+), 3 deletions(-) - -diff --git a/helm-toolkit/templates/utils/_daemonset_overrides.tpl b/helm-toolkit/templates/utils/_daemonset_overrides.tpl -index ab1177a..e564869 100644 ---- a/helm-toolkit/templates/utils/_daemonset_overrides.tpl -+++ b/helm-toolkit/templates/utils/_daemonset_overrides.tpl -@@ -215,7 +215,7 @@ limitations under the License. - name uniqueness */}} - {{- $_ := set $current_dict "dns_1123_name" dict }} - {{- if hasKey $current_dict "matchExpressions" }} -- {{- $_ := set $current_dict "dns_1123_name" (printf (print $name_format2 "-" ($current_dict.matchExpressions | quote | sha256sum | trunc 8))) }} -+ {{- $_ := set $current_dict "dns_1123_name" (printf (print $name_format2 "-" ($current_dict.matchExpressions | toJson | sha256sum | trunc 8))) }} - {{- else }} - {{- $_ := set $current_dict "dns_1123_name" $name_format2 }} - {{- end }} -@@ -258,7 +258,7 @@ limitations under the License. - {{- if not $context.Values.__daemonset_yaml.spec.template.metadata }}{{- $_ := set $context.Values.__daemonset_yaml.spec.template "metadata" dict }}{{- end }} - {{- if not $context.Values.__daemonset_yaml.spec.template.metadata.annotations }}{{- $_ := set $context.Values.__daemonset_yaml.spec.template.metadata "annotations" dict }}{{- end }} - {{- $cmap := list $current_dict.dns_1123_name $current_dict.nodeData | include $configmap_include }} -- {{- $values_hash := $cmap | quote | sha256sum }} -+ {{- $values_hash := $cmap | toJson | sha256sum }} - {{- $_ := set $context.Values.__daemonset_yaml.spec.template.metadata.annotations "configmap-etc-hash" $values_hash }} - - {{/* generate configmap */}} -diff --git a/helm-toolkit/templates/utils/_hash.tpl b/helm-toolkit/templates/utils/_hash.tpl -index 1041ec0..e419e3b 100644 ---- a/helm-toolkit/templates/utils/_hash.tpl -+++ b/helm-toolkit/templates/utils/_hash.tpl -@@ -19,5 +19,5 @@ limitations under the License. - {{- $context := index . 1 -}} - {{- $last := base $context.Template.Name }} - {{- $wtf := $context.Template.Name | replace $last $name -}} --{{- include $wtf $context | sha256sum | quote -}} -+{{- include $wtf $context | toJson | sha256sum | quote -}} - {{- end -}} --- -2.7.4 - diff --git a/kubernetes/armada-helm-toolkit/files/0007-Update-apiVersion-to-networking.k8s.io.patch b/kubernetes/armada-helm-toolkit/files/0007-Update-apiVersion-to-networking.k8s.io.patch deleted file mode 100644 index dc43fcdcc..000000000 --- a/kubernetes/armada-helm-toolkit/files/0007-Update-apiVersion-to-networking.k8s.io.patch +++ /dev/null @@ -1,219 +0,0 @@ -From 751dff849dfcd9d68ba065571dc8251dbfc16cb2 Mon Sep 17 00:00:00 2001 -From: Daniel Safta -Date: Wed, 2 Feb 2022 12:07:18 +0000 -Subject: [PATCH 1/2] Update apiVersion to networking.k8s.io/v1 - -These are the changes needed to upgrade -the apiVersion in the resources used by armada. -This is a subset of the upstream commit: -https://github.com/openstack/openstack-helm-infra/commit/f4972121bcb41c8d74748917804d2b239ab757f9 -Signed-off-by: Daniel Safta ---- - helm-toolkit/templates/manifests/_ingress.tpl | 75 +++++++++++++------ - ingress/templates/ingress.yaml | 14 +++- - 2 files changed, 62 insertions(+), 27 deletions(-) - -diff --git a/helm-toolkit/templates/manifests/_ingress.tpl b/helm-toolkit/templates/manifests/_ingress.tpl -index f0c37fd..5c54c34 100644 ---- a/helm-toolkit/templates/manifests/_ingress.tpl -+++ b/helm-toolkit/templates/manifests/_ingress.tpl -@@ -64,7 +64,7 @@ examples: - {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" ) -}} - return: | - --- -- apiVersion: extensions/v1beta1 -+ apiVersion: networking.k8s.io/v1 - kind: Ingress - metadata: - name: barbican -@@ -78,25 +78,34 @@ examples: - http: - paths: - - path: / -+ pathType: ImplementationSpecific - backend: -- serviceName: barbican-api -- servicePort: b-api -+ service: -+ name: barbican-api -+ port: -+ name: b-api - - host: barbican.default - http: - paths: - - path: / -+ pathType: ImplementationSpecific - backend: -- serviceName: barbican-api -- servicePort: b-api -+ service: -+ name: barbican-api -+ port: -+ name: b-api - - host: barbican.default.svc.cluster.local - http: - paths: - - path: / -+ pathType: ImplementationSpecific - backend: -- serviceName: barbican-api -- servicePort: b-api -+ service: -+ name: barbican-api -+ port: -+ name: b-api - --- -- apiVersion: extensions/v1beta1 -+ apiVersion: networking.k8s.io/v1 - kind: Ingress - metadata: - name: barbican-namespace-fqdn -@@ -114,11 +123,14 @@ examples: - http: - paths: - - path: / -+ pathType: ImplementationSpecific - backend: -- serviceName: barbican-api -- servicePort: b-api -+ service: -+ name: barbican-api -+ port: -+ name: b-api - --- -- apiVersion: extensions/v1beta1 -+ apiVersion: networking.k8s.io/v1 - kind: Ingress - metadata: - name: barbican-cluster-fqdn -@@ -136,9 +148,12 @@ examples: - http: - paths: - - path: / -+ pathType: ImplementationSpecific - backend: -- serviceName: barbican-api -- servicePort: b-api -+ service: -+ name: barbican-api -+ port: -+ name: b-api - - values: | - network: - api: -@@ -184,7 +199,7 @@ examples: - {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" ) -}} - return: | - --- -- apiVersion: extensions/v1beta1 -+ apiVersion: networking.k8s.io/v1 - kind: Ingress - metadata: - name: barbican -@@ -204,23 +219,32 @@ examples: - http: - paths: - - path: / -+ pathType: ImplementationSpecific - backend: -- serviceName: barbican-api -- servicePort: b-api -+ service: -+ name: barbican-api -+ port: -+ name: b-api - - host: barbican.default - http: - paths: - - path: / -+ pathType: ImplementationSpecific - backend: -- serviceName: barbican-api -- servicePort: b-api -+ service: -+ name: barbican-api -+ port: -+ name: b-api - - host: barbican.default.svc.cluster.local - http: - paths: - - path: / -+ pathType: ImplementationSpecific - backend: -- serviceName: barbican-api -- servicePort: b-api -+ service: -+ name: barbican-api -+ port: -+ name: b-api - */}} - - {{- define "helm-toolkit.manifests.ingress._host_rules" -}} -@@ -231,9 +255,12 @@ examples: - http: - paths: - - path: / -+ pathType: ImplementationSpecific - backend: -- serviceName: {{ $backendName }} -- servicePort: {{ $backendPort }} -+ service: -+ name: {{ $backendName }} -+ port: -+ name: {{ $backendPort }} - {{- end }} - - {{- define "helm-toolkit.manifests.ingress" -}} -@@ -247,7 +274,7 @@ examples: - {{- $hostName := tuple $backendServiceType $endpoint $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} - {{- $hostNameFull := tuple $backendServiceType $endpoint $envAll | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup" }} - --- --apiVersion: extensions/v1beta1 -+apiVersion: networking.k8s.io/v1 - kind: Ingress - metadata: - name: {{ $ingressName }} -@@ -282,7 +309,7 @@ spec: - {{- range $key2, $ingressController := tuple "namespace" "cluster" }} - {{- $hostNameFullRules := dict "vHost" $hostNameFull "backendName" $backendName "backendPort" $backendPort }} - --- --apiVersion: extensions/v1beta1 -+apiVersion: networking.k8s.io/v1 - kind: Ingress - metadata: - name: {{ printf "%s-%s-%s" $ingressName $ingressController "fqdn" }} -diff --git a/ingress/templates/ingress.yaml b/ingress/templates/ingress.yaml -index 16ebaab..10ffac7 100644 ---- a/ingress/templates/ingress.yaml -+++ b/ingress/templates/ingress.yaml -@@ -21,7 +21,7 @@ limitations under the License. - {{- $_ := set .Values.network.ingress.annotations "kubernetes.io/ingress.class" .Values.deployment.cluster.class -}} - {{- end -}} - --- --apiVersion: extensions/v1beta1 -+apiVersion: networking.k8s.io/v1 - kind: Ingress - metadata: - name: {{ .Release.Namespace }}-{{ .Release.Name }} -@@ -33,8 +33,16 @@ spec: - http: - paths: - - path: / -+ pathType: ImplementationSpecific - backend: -- serviceName: {{ tuple "ingress" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} -- servicePort: {{ tuple "ingress" "internal" "http" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} -+ service: -+ name: {{ $serviceName }} -+ port: -+{{- if or (kindIs "int" $servicePort) (regexMatch "^[0-9]{1,5}$" $servicePort) }} -+ number: {{ $servicePort | int }} -+{{- else }} -+ name: {{ $servicePort | quote }} -+{{- end }} -+ - {{- end }} - {{- end }} --- -2.31.1 - diff --git a/kubernetes/armada-helm-toolkit/files/0008-Update-apiVersion-authorization-to-v1.patch b/kubernetes/armada-helm-toolkit/files/0008-Update-apiVersion-authorization-to-v1.patch deleted file mode 100644 index be3d6ba85..000000000 --- a/kubernetes/armada-helm-toolkit/files/0008-Update-apiVersion-authorization-to-v1.patch +++ /dev/null @@ -1,53 +0,0 @@ -From d5d3e40baedaba10335bc2f0ea801e9118e05d1c Mon Sep 17 00:00:00 2001 -From: Daniel Safta -Date: Wed, 2 Feb 2022 12:07:51 +0000 -Subject: [PATCH 2/2] Update apiVersion authorization to v1 - -These are the changes needed to upgrade -the apiVersion in the resources used by armada. -This is a subset of the upstream commit: -https://github.com/openstack/openstack-helm-infra/commit/f4972121bcb41c8d74748917804d2b239ab757f9 -Signed-off-by: Daniel Safta ---- - .../templates/snippets/_kubernetes_pod_rbac_roles.tpl | 4 ++-- - podsecuritypolicy/templates/podsecuritypolicy.yaml | 2 +- - 2 files changed, 3 insertions(+), 3 deletions(-) - -diff --git a/helm-toolkit/templates/snippets/_kubernetes_pod_rbac_roles.tpl b/helm-toolkit/templates/snippets/_kubernetes_pod_rbac_roles.tpl -index f9f48ef..44a31fd 100644 ---- a/helm-toolkit/templates/snippets/_kubernetes_pod_rbac_roles.tpl -+++ b/helm-toolkit/templates/snippets/_kubernetes_pod_rbac_roles.tpl -@@ -21,7 +21,7 @@ limitations under the License. - {{- $saNamespace := index . 3 -}} - {{- $releaseName := $envAll.Release.Name }} - --- --apiVersion: rbac.authorization.k8s.io/v1beta1 -+apiVersion: rbac.authorization.k8s.io/v1 - kind: RoleBinding - metadata: - name: {{ $releaseName }}-{{ $saName }} -@@ -35,7 +35,7 @@ subjects: - name: {{ $saName }} - namespace: {{ $saNamespace }} - --- --apiVersion: rbac.authorization.k8s.io/v1beta1 -+apiVersion: rbac.authorization.k8s.io/v1 - kind: Role - metadata: - name: {{ $releaseName }}-{{ $saNamespace }}-{{ $saName }} -diff --git a/podsecuritypolicy/templates/podsecuritypolicy.yaml b/podsecuritypolicy/templates/podsecuritypolicy.yaml -index 741c9a8..9e22c6e 100644 ---- a/podsecuritypolicy/templates/podsecuritypolicy.yaml -+++ b/podsecuritypolicy/templates/podsecuritypolicy.yaml -@@ -20,7 +20,7 @@ limitations under the License. - {{/* Create one ClusterRole and PSP per PSP definition in values */}} - {{- range $pspName, $pspDetails := .Values.data }} - --- --apiVersion: extensions/v1beta1 -+apiVersion: policy/v1beta1 - kind: PodSecurityPolicy - metadata: - name: {{ $pspName }} --- -2.31.1 - diff --git a/kubernetes/armada/centos/armada.spec b/kubernetes/armada/centos/armada.spec deleted file mode 100644 index 13e9ba307..000000000 --- a/kubernetes/armada/centos/armada.spec +++ /dev/null @@ -1,90 +0,0 @@ -%global git_sha 7ef4b8643b5ec5216a8f6726841e156c0aa54a1a - -# Build variables -%global helm_folder /usr/lib/helm -%global toolkit_version 0.1.0 -%global charts_staging ./charts - -Name: armada -Version: 0.2.0 -Release: 0%{?_tis_dist}.%{tis_patch_ver} -Summary: An orchestrator for managing a collection of Kubernetes Helm charts -License: Apache-2.0 -Group: base -Packager: Wind River -URL: https://airship-armada.readthedocs.io/ -Source0: %{name}-%{git_sha}.tar.gz - -Patch1: 0001-Add-Helm-v2-client-initialization-using-tiller-postS.patch -Patch2: 0002-Tiller-wait-for-postgres-database-ping.patch -Patch3: 0003-Update-the-liveness-probe-to-verify-postgres-connect.patch -Patch4: 0004-Update-postgres-liveness-check-to-support-IPv6-addre.patch -Patch5: 0005-Add-toleration-to-armada-api.patch - -BuildArch: noarch - -BuildRequires: helm -BuildRequires: armada-helm-toolkit -BuildRequires: chartmuseum - -%description -%{summary} - -%prep -%setup -n armada -%patch1 -p1 -%patch2 -p1 -%patch3 -p1 -%patch4 -p1 -%patch5 -p1 - -%build -# Package the armada chart tarball using methodology derived from: -# git clone https://opendev.org/airship/armada.git && cd armada -# make charts -# -# This provides the equivalent of 'make charts' and builds what is -# minimally sufficient to generate the armada chart tarball. -# - do not need to build helm-toolkit. -# - do not need to build tiller (armada chart contains tiller). -# - This does not download helm v2 or helm-toolkit as done by 'make charts', -# and does not require external network. -# - Everything else provided by the armada Makefile build is ignored. -# -# This is built using helm v3. -# - 'helm init' and 'helm serv' have been removed in helm v3 -# - chartmuseum is drop-in replacement for 'helm serv' -# - no initial repository exist -# - charts self-contain helm-toolkit and pass lint; requirements.yaml -# dependencies are safely removed from package so the cluster does -# not have to serve 'local' repo (i.e., with ChartMuseum). -# - helm config of setup directories and repositories is automated -# (we don't need to create them) - -# Stage helm-toolkit in the local repo -cp %{helm_folder}/armada-helm-toolkit-%{toolkit_version}.tgz %{charts_staging}/helm-toolkit-%{toolkit_version}.tgz - -# Host a local server for the charts. -chartmuseum --debug --port=8879 --context-path='/charts' --storage="local" --storage-local-rootdir="%{charts_staging}" & -sleep 2 -helm repo add local http://localhost:8879/charts - -cd %{charts_staging} -helm dependency update armada -helm lint armada -rm -v -f ./requirements.lock ./requirements.yaml -helm template --set pod.resources.enabled=true armada -helm package armada -cd - - -# Terminate helm server (the last backgrounded task) -kill %1 - -%install -install -d -m 755 ${RPM_BUILD_ROOT}/opt/extracharts -install -p -D -m 755 %{charts_staging}/armada-*.tgz ${RPM_BUILD_ROOT}/opt/extracharts - -%files -%defattr(-,root,root,-) -/opt/extracharts/* - diff --git a/kubernetes/armada/centos/build_srpm.data b/kubernetes/armada/centos/build_srpm.data deleted file mode 100644 index 5fdb639cb..000000000 --- a/kubernetes/armada/centos/build_srpm.data +++ /dev/null @@ -1,8 +0,0 @@ -TAR_NAME=armada -VERSION=0.2.0 -SHA=7ef4b8643b5ec5216a8f6726841e156c0aa54a1a -TAR="$TAR_NAME-$SHA.tar.gz" - -COPY_LIST="${CGCS_BASE}/downloads/$TAR $FILES_BASE/*" - -TIS_PATCH_VER=PKG_GITREVCOUNT diff --git a/kubernetes/armada/centos/files/0001-Add-Helm-v2-client-initialization-using-tiller-postS.patch b/kubernetes/armada/centos/files/0001-Add-Helm-v2-client-initialization-using-tiller-postS.patch deleted file mode 100644 index a6955e460..000000000 --- a/kubernetes/armada/centos/files/0001-Add-Helm-v2-client-initialization-using-tiller-postS.patch +++ /dev/null @@ -1,114 +0,0 @@ -From 8c6cc4c0ad5569d7de3615463f7d8c4dd7429e63 Mon Sep 17 00:00:00 2001 -From: Thiago Brito -Date: Thu, 22 Apr 2021 20:00:51 -0300 -Subject: [PATCH] Add Helm v2 client initialization using tiller - postStart exec - -This adds helm v2 client initialization using the tiller -container postStart exec to access helm v2 binary. - -This will perform 'helm init', removes the default repos -'stable' and 'local', and add valid repos that were provided -as overrides. Note that helm will only add repos that exist. - -This expects overrides in this format: -conf: - tiller: - charts_url: 'http://192.168.204.1:8080/helm_charts' - repo_names: - - 'starlingx' - - 'stx-platform' - repos: - stable: https://kubernetes-charts.storage.googleapis.com - -This gives the following result: -helmv2-cli -- helm repo list -NAME URL -stable https://kubernetes-charts.storage.googleapis.com -starlingx http://192.168.204.1:8080/helm_charts/starlingx -stx-platform http://192.168.204.1:8080/helm_charts/stx-platform - -Signed-off-by: Jim Gauld -Signed-off-by: Thiago Brito ---- - charts/armada/templates/deployment-api.yaml | 33 +++++++++++++++++++++ - charts/armada/values.yaml | 10 +++++++ - 2 files changed, 43 insertions(+) - -diff --git a/charts/armada/templates/deployment-api.yaml b/charts/armada/templates/deployment-api.yaml -index 562e3d0..483ec0b 100644 ---- a/charts/armada/templates/deployment-api.yaml -+++ b/charts/armada/templates/deployment-api.yaml -@@ -186,6 +186,39 @@ spec: - - -trace - {{- end }} - lifecycle: -+ postStart: -+ exec: -+ command: -+ - sh -+ - "-c" -+ - | -+ /bin/sh <<'EOF' -+ # Delay initialization since postStart handler runs asynchronously and there -+ # is no guarantee it is called before the Container’s entrypoint. -+ sleep 5 -+ # Initialize Helm v2 client. -+ export HELM_HOST=:{{ .Values.conf.tiller.port }} -+ /helm init --client-only --skip-refresh -+ -+ # Moving the ln up so eventual errors on the next commands doesn't prevent -+ # having helm available -+ ln -s -f /helm /tmp/helm -+ -+ # Removes all repos available so we don't get an error removing what -+ # doesn't exist anymore or error re-adding an existing repo -+ /helm repo list | awk '(NR>1){print $1}' | xargs --no-run-if-empty /helm repo rm -+{{- if .Values.conf.tiller.repos }} -+ {{- range $name, $repo := .Values.conf.tiller.repos }} -+ /helm repo add {{ $name }} {{ $repo }} -+ {{- end }} -+{{- end }} -+{{- if .Values.conf.tiller.repo_names }} -+ {{- range .Values.conf.tiller.repo_names }} -+ /helm repo add {{ . }} {{ $envAll.Values.conf.tiller.charts_url }}/{{ . }} -+ {{- end }} -+{{- end }} -+ exit 0 -+ EOF - preStop: - exec: - command: -diff --git a/charts/armada/values.yaml b/charts/armada/values.yaml -index 3a4427e..da45810 100644 ---- a/charts/armada/values.yaml -+++ b/charts/armada/values.yaml -@@ -220,6 +220,10 @@ conf: - # Note: Defaulting to the (default) kubernetes grace period, as anything - # greater than that will have no effect. - prestop_sleep: 30 -+ # Helm v2 initialization -+ charts_url: null -+ repo_names: [] -+ repos: {} - - monitoring: - prometheus: -@@ -325,7 +329,13 @@ pod: - volumes: - - name: kubernetes-client-cache - emptyDir: {} -+ - name: tiller-tmp -+ emptyDir: {} - volumeMounts: -+ - name: tiller-tmp -+ # /tmp is now readOnly due to the security_context on L288, so -+ # mounting an emptyDir -+ mountPath: /tmp - - name: kubernetes-client-cache - # Should be the `$HOME/.kube` of the `runAsUser` above - # as this is where tiller's kubernetes client roots its cache dir. --- -2.17.1 - - diff --git a/kubernetes/armada/centos/files/0002-Tiller-wait-for-postgres-database-ping.patch b/kubernetes/armada/centos/files/0002-Tiller-wait-for-postgres-database-ping.patch deleted file mode 100644 index b256c9162..000000000 --- a/kubernetes/armada/centos/files/0002-Tiller-wait-for-postgres-database-ping.patch +++ /dev/null @@ -1,66 +0,0 @@ -From 96e49fcc6d6b988d03a61261511abf64a0af2e2a Mon Sep 17 00:00:00 2001 -From: Dan Voiculeasa -Date: Tue, 11 May 2021 21:04:18 +0300 -Subject: [PATCH] Tiller wait for postgres database ping - -Networking might not be correctly initialized when tiller starts. - -Modify the pod command to wait for networking to be available before -starting up tiller. - -Signed-off-by: Dan Voiculeasa ---- - charts/armada/templates/deployment-api.yaml | 31 +++++++++++++-------- - 1 file changed, 19 insertions(+), 12 deletions(-) - -diff --git a/charts/armada/templates/deployment-api.yaml b/charts/armada/templates/deployment-api.yaml -index 69036c0..3816366 100644 ---- a/charts/armada/templates/deployment-api.yaml -+++ b/charts/armada/templates/deployment-api.yaml -@@ -167,24 +167,31 @@ spec: - - name: TILLER_HISTORY_MAX - value: {{ .Values.conf.tiller.history_max | quote }} - command: -- - /tiller -+ - sh -+ - -c -+ - | -+ /bin/sh <<'EOF' - {{- if .Values.conf.tiller.storage }} -- - --storage={{ .Values.conf.tiller.storage }} - {{- if and (eq .Values.conf.tiller.storage "sql") (.Values.conf.tiller.sql_dialect) (.Values.conf.tiller.sql_connection) }} -- - --sql-dialect={{ .Values.conf.tiller.sql_dialect }} -- - --sql-connection-string={{ .Values.conf.tiller.sql_connection }} -+ while ! /bin/busybox nc -vz -w 1 {{ .Values.conf.tiller.sql_endpoint_ip}} 5432; do continue; done; - {{- end }} - {{- end }} -- - -listen -- - ":{{ .Values.conf.tiller.port }}" -- - -probe-listen -- - ":{{ .Values.conf.tiller.probe_port }}" -- - -logtostderr -- - -v -- - {{ .Values.conf.tiller.verbosity | quote }} -+ /tiller \ -+{{- if .Values.conf.tiller.storage }} -+ --storage={{ .Values.conf.tiller.storage }} \ -+{{- if and (eq .Values.conf.tiller.storage "sql") (.Values.conf.tiller.sql_dialect) (.Values.conf.tiller.sql_connection) }} -+ --sql-dialect={{ .Values.conf.tiller.sql_dialect }} \ -+ --sql-connection-string={{ .Values.conf.tiller.sql_connection }} \ -+{{- end }} -+{{- end }} -+ -listen ":{{ .Values.conf.tiller.port }}" \ -+ -probe-listen ":{{ .Values.conf.tiller.probe_port }}" \ -+ -logtostderr \ -+ -v {{ .Values.conf.tiller.verbosity | quote }} \ - {{- if .Values.conf.tiller.trace }} -- - -trace -+ -trace - {{- end }} -+ EOF - lifecycle: - postStart: - exec: --- -2.30.0 - diff --git a/kubernetes/armada/centos/files/0003-Update-the-liveness-probe-to-verify-postgres-connect.patch b/kubernetes/armada/centos/files/0003-Update-the-liveness-probe-to-verify-postgres-connect.patch deleted file mode 100644 index ecd3f8939..000000000 --- a/kubernetes/armada/centos/files/0003-Update-the-liveness-probe-to-verify-postgres-connect.patch +++ /dev/null @@ -1,45 +0,0 @@ -From be3167e5342f2730ef43012d8fe4f3782c6ef468 Mon Sep 17 00:00:00 2001 -From: Robert Church -Date: Wed, 12 May 2021 02:38:52 -0400 -Subject: [PATCH 3/3] Update the liveness probe to verify postgres connectivity - -Change the tillerLivenessProbeTemplate to test the connectivity to the -postgres backend. We will override the periodSeconds and -failureThreshold when installing the helm chart to trigger a restart of -the tiller pod over a swact when the postgres DB/server moves from one -controller to the other. - -This will help guarantee that the tiller connection is always -reestablished if the connectivity to the postgres backend fails. - -Signed-off-by: Robert Church ---- - charts/armada/templates/deployment-api.yaml | 12 ++++++++---- - 1 file changed, 8 insertions(+), 4 deletions(-) - -diff --git a/charts/armada/templates/deployment-api.yaml b/charts/armada/templates/deployment-api.yaml -index bf23fb2..2b65494 100644 ---- a/charts/armada/templates/deployment-api.yaml -+++ b/charts/armada/templates/deployment-api.yaml -@@ -28,10 +28,14 @@ httpGet: - {{- end }} - - {{- define "tillerLivenessProbeTemplate" }} --httpGet: -- path: /liveness -- port: {{ .Values.conf.tiller.probe_port }} -- scheme: HTTP -+exec: -+ command: -+ - nc -+ - -vz -+ - -w -+ - "1" -+ - {{ .Values.conf.tiller.sql_endpoint_ip}} -+ - "5432" - {{- end }} - - {{- if .Values.manifests.deployment_api }} --- -2.16.6 - diff --git a/kubernetes/armada/centos/files/0004-Update-postgres-liveness-check-to-support-IPv6-addre.patch b/kubernetes/armada/centos/files/0004-Update-postgres-liveness-check-to-support-IPv6-addre.patch deleted file mode 100644 index dbe88e809..000000000 --- a/kubernetes/armada/centos/files/0004-Update-postgres-liveness-check-to-support-IPv6-addre.patch +++ /dev/null @@ -1,30 +0,0 @@ -From e13416638b103fde04feb31027c3148c9685cf7f Mon Sep 17 00:00:00 2001 -From: Robert Church -Date: Sat, 15 May 2021 16:16:41 -0400 -Subject: [PATCH 4/4] Update postgres liveness check to support IPv6 addresses - -Templating will add square brackets for IPv6 addresses which are -interpreted as an array vs. a string. Quote this so that it interpreted -correctly. - -Signed-off-by: Robert Church ---- - charts/armada/templates/deployment-api.yaml | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/charts/armada/templates/deployment-api.yaml b/charts/armada/templates/deployment-api.yaml -index 2b65494..5c4825c 100644 ---- a/charts/armada/templates/deployment-api.yaml -+++ b/charts/armada/templates/deployment-api.yaml -@@ -34,7 +34,7 @@ exec: - - -vz - - -w - - "1" -- - {{ .Values.conf.tiller.sql_endpoint_ip}} -+ - "{{ .Values.conf.tiller.sql_endpoint_ip }}" - - "5432" - {{- end }} - --- -2.16.6 - diff --git a/kubernetes/armada/centos/files/0005-Add-toleration-to-armada-api.patch b/kubernetes/armada/centos/files/0005-Add-toleration-to-armada-api.patch deleted file mode 100644 index 31cb98c06..000000000 --- a/kubernetes/armada/centos/files/0005-Add-toleration-to-armada-api.patch +++ /dev/null @@ -1,57 +0,0 @@ -From 8f38dcdc7ba6448487283d14a745b8c299c47a13 Mon Sep 17 00:00:00 2001 -From: Enzo Candotti -Date: Wed, 6 Oct 2021 18:25:10 -0300 -Subject: [PATCH] Add toleration to armada-api - ---- - charts/armada/templates/deployment-api.yaml | 4 ++++ - charts/armada/templates/tests/test-armada-api.yaml | 4 ++++ - charts/armada/values.yaml | 2 ++ - 3 files changed, 10 insertions(+) - -diff --git a/charts/armada/templates/deployment-api.yaml b/charts/armada/templates/deployment-api.yaml -index d4eff7a..1859d99 100644 ---- a/charts/armada/templates/deployment-api.yaml -+++ b/charts/armada/templates/deployment-api.yaml -@@ -108,6 +108,10 @@ spec: - initContainers: - {{ tuple $envAll "api" $mounts_armada_api_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} - {{ dict "envAll" $envAll "application" "armada" "container" "armada_api_init" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }} -+{{- with .Values.pod.tolerations.api }} -+ tolerations: -+{{ toYaml . | indent 8 }} -+{{- end }} - containers: - - name: armada-api - {{ tuple $envAll "api" | include "helm-toolkit.snippets.image" | indent 10 }} -diff --git a/charts/armada/templates/tests/test-armada-api.yaml b/charts/armada/templates/tests/test-armada-api.yaml -index a467fc9..2733cfe 100644 ---- a/charts/armada/templates/tests/test-armada-api.yaml -+++ b/charts/armada/templates/tests/test-armada-api.yaml -@@ -32,6 +32,10 @@ metadata: - spec: - {{ dict "envAll" $envAll "application" "api_test" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 2 }} - restartPolicy: Never -+{{- with .Values.pod.tolerations.api }} -+ tolerations: -+{{ toYaml . | indent 4 }} -+{{- end }} - nodeSelector: - {{ .Values.labels.test.node_selector_key }}: {{ .Values.labels.test.node_selector_value }} - containers: -diff --git a/charts/armada/values.yaml b/charts/armada/values.yaml -index e583947..247b15e 100644 ---- a/charts/armada/values.yaml -+++ b/charts/armada/values.yaml -@@ -206,6 +206,8 @@ monitoring: - port: 8000 - - pod: -+ tolerations: -+ api: [] - mandatory_access_control: - type: apparmor - armada-api: --- -2.25.1 - diff --git a/kubernetes/armada/debian/deb_folder/armada.lintian-overrides b/kubernetes/armada/debian/deb_folder/armada.lintian-overrides deleted file mode 100644 index 5d9719c23..000000000 --- a/kubernetes/armada/debian/deb_folder/armada.lintian-overrides +++ /dev/null @@ -1 +0,0 @@ -dir-or-file-in-opt diff --git a/kubernetes/armada/debian/deb_folder/changelog b/kubernetes/armada/debian/deb_folder/changelog deleted file mode 100644 index 17ea966c8..000000000 --- a/kubernetes/armada/debian/deb_folder/changelog +++ /dev/null @@ -1,5 +0,0 @@ -armada (0.2.0-0) unstable; urgency=medium - - * Initial release. - - -- Daniel Safta Thu, 04 Nov 2021 14:00:42 +0000 diff --git a/kubernetes/armada/debian/deb_folder/control b/kubernetes/armada/debian/deb_folder/control deleted file mode 100644 index 45056ea2e..000000000 --- a/kubernetes/armada/debian/deb_folder/control +++ /dev/null @@ -1,14 +0,0 @@ -Source: armada -Section: admin -Priority: optional -Maintainer: StarlingX Developers -Build-Depends: debhelper-compat (= 13), helm, chartmuseum, procps,armada-helm-toolkit -Standards-Version: 4.4.1 -Homepage: https://www.starlingx.io - -Package: armada -Architecture: any -Depends: ${misc:Depends}, ${shlibs:Depends} -Description: An orchestrator for managing a collection of Kubernetes Helm charts. - Armada is a tool for managing multiple Helm charts with - dependencies by centralizing all configurations in a single Armada YAML. diff --git a/kubernetes/armada/debian/deb_folder/copyright b/kubernetes/armada/debian/deb_folder/copyright deleted file mode 100644 index e70fa6dae..000000000 --- a/kubernetes/armada/debian/deb_folder/copyright +++ /dev/null @@ -1,29 +0,0 @@ - -Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ -Upstream-Name: armada -Source: https://opendev.org/airship/armada.git -Files: * -Copyright: (c) 2013-2021 Wind River Systems, Inc -License: Apache-2 - -# If you want to use GPL v2 or later for the /debian/* files use -# the following clauses, or change it to suit. Delete these two lines -Files: debian/* -Copyright: 2021 Wind River Systems, Inc -License: Apache-2 - -License: Apache-2 - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - . - https://www.apache.org/licenses/LICENSE-2.0 - . - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. - . - On Debian-based systems the full text of the Apache version 2.0 license - can be found in `/usr/share/common-licenses/Apache-2.0'. diff --git a/kubernetes/armada/debian/deb_folder/patches/0001-Revert-Tiller-listen-on-localhost-by-default.patch b/kubernetes/armada/debian/deb_folder/patches/0001-Revert-Tiller-listen-on-localhost-by-default.patch deleted file mode 100644 index 5e8e1e4e6..000000000 --- a/kubernetes/armada/debian/deb_folder/patches/0001-Revert-Tiller-listen-on-localhost-by-default.patch +++ /dev/null @@ -1,83 +0,0 @@ -From bf0cfeb9efe5c021b24dcd5ef4c353507d96e307 Mon Sep 17 00:00:00 2001 -From: Dan Voiculeasa -Date: Tue, 14 Jun 2022 15:45:22 +0300 -Subject: [PATCH 1/8] Revert "Tiller: listen on localhost by default" - -This reverts commit a3f11e5873bc5b97de579c627d7b57e3bc9f655e. -Updating the sources from 7ef4b8643b5ec5216a8f6726841e156c0aa54a1a to -ddbdd7256c20f138737f6cbd772312f7a19f58b8 we observe a change to default -tiller port logic. - -Keep old logic. - -Signed-off-by: Dan Voiculeasa ---- - charts/armada/templates/deployment-api.yaml | 2 +- - charts/armada/values.yaml | 6 ------ - charts/tiller/templates/deployment-tiller.yaml | 2 +- - charts/tiller/values.yaml | 6 ------ - 4 files changed, 2 insertions(+), 14 deletions(-) - -diff --git a/charts/armada/templates/deployment-api.yaml b/charts/armada/templates/deployment-api.yaml -index b7f93d7..f1395ef 100644 ---- a/charts/armada/templates/deployment-api.yaml -+++ b/charts/armada/templates/deployment-api.yaml -@@ -178,7 +178,7 @@ spec: - {{- end }} - {{- end }} - - -listen -- - "{{ if not .Values.conf.tiller.listen_on_any }}127.0.0.1{{ end }}:{{ .Values.conf.tiller.port }}" -+ - ":{{ .Values.conf.tiller.port }}" - - -probe-listen - - ":{{ .Values.conf.tiller.probe_port }}" - - -logtostderr -diff --git a/charts/armada/values.yaml b/charts/armada/values.yaml -index b1ed61f..3a4427e 100644 ---- a/charts/armada/values.yaml -+++ b/charts/armada/values.yaml -@@ -206,12 +206,6 @@ conf: - tiller: - # If set to false then some form of Tiller needs to be provided - enabled: true -- # To have Tiller bind to all interfaces, allowing direct connections from -- # the Helm client to pod_ip:port, set 'listen_on_any: true'. -- # The default setting 'listen_on_any: false' binds Tiller to 127.0.0.1. -- # The Armada container talks directly to Tiller via 127.0.0.1, so the -- # default value is appropriate for normal operation. -- listen_on_any: false - port: 24134 - probe_port: 24135 - verbosity: 5 -diff --git a/charts/tiller/templates/deployment-tiller.yaml b/charts/tiller/templates/deployment-tiller.yaml -index f6df614..1f04a13 100644 ---- a/charts/tiller/templates/deployment-tiller.yaml -+++ b/charts/tiller/templates/deployment-tiller.yaml -@@ -104,7 +104,7 @@ spec: - {{- end }} - {{- end }} - - -listen -- - "{{ if not .Values.conf.tiller.listen_on_any }}127.0.0.1{{ end }}:{{ .Values.conf.tiller.port }}" -+ - ":{{ .Values.conf.tiller.port }}" - - -probe-listen - - ":{{ .Values.conf.tiller.probe_port }}" - - -logtostderr -diff --git a/charts/tiller/values.yaml b/charts/tiller/values.yaml -index ba776bc..495e3c1 100644 ---- a/charts/tiller/values.yaml -+++ b/charts/tiller/values.yaml -@@ -52,12 +52,6 @@ conf: - # Note: Defaulting to the (default) kubernetes grace period, as anything - # greater than that will have no effect. - prestop_sleep: 30 -- # To have Tiller bind to all interfaces, allowing direct connections from -- # the Helm client to pod_ip:port, set 'listen_on_any: true'. -- # The default setting 'listen_on_any: false' binds Tiller to 127.0.0.1. -- # Helm clients with Kubernetes API access dynamically set up a portforward -- # into the pod, which works with the default setting. -- listen_on_any: false - port: 44134 - probe_port: 44135 - --- -2.34.1 - diff --git a/kubernetes/armada/debian/deb_folder/patches/0002-Revert-Add-labels-to-Armada-deployment.patch b/kubernetes/armada/debian/deb_folder/patches/0002-Revert-Add-labels-to-Armada-deployment.patch deleted file mode 100644 index e263f2dba..000000000 --- a/kubernetes/armada/debian/deb_folder/patches/0002-Revert-Add-labels-to-Armada-deployment.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 6d63302d8e7d35c4549c49b97c8667203bc22428 Mon Sep 17 00:00:00 2001 -From: Dan Voiculeasa -Date: Tue, 14 Jun 2022 16:01:56 +0300 -Subject: [PATCH 2/8] Revert "Add "labels" to Armada deployment" - -This reverts commit eb2e87d32b2b9c9853deb70ed2e7029380ef0e16. -Updating the sources from 7ef4b8643b5ec5216a8f6726841e156c0aa54a1a to -ddbdd7256c20f138737f6cbd772312f7a19f58b8. -This revert is here just to reduce the need for testing. Keeping the -helm charts without changes between 7ef4b8..ddbdd7. - -Signed-off-by: Dan Voiculeasa ---- - charts/armada/templates/deployment-api.yaml | 2 -- - 1 file changed, 2 deletions(-) - -diff --git a/charts/armada/templates/deployment-api.yaml b/charts/armada/templates/deployment-api.yaml -index f1395ef..562e3d0 100644 ---- a/charts/armada/templates/deployment-api.yaml -+++ b/charts/armada/templates/deployment-api.yaml -@@ -92,8 +92,6 @@ apiVersion: apps/v1 - kind: Deployment - metadata: - name: armada-api -- labels: --{{ $labels | indent 4 }} - annotations: - {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 4 }} - spec: --- -2.34.1 - diff --git a/kubernetes/armada/debian/deb_folder/patches/0003-Create-lock-CRD-as-apiextensions.k8s.io-v1-object.patch b/kubernetes/armada/debian/deb_folder/patches/0003-Create-lock-CRD-as-apiextensions.k8s.io-v1-object.patch deleted file mode 100644 index fdf5a4124..000000000 --- a/kubernetes/armada/debian/deb_folder/patches/0003-Create-lock-CRD-as-apiextensions.k8s.io-v1-object.patch +++ /dev/null @@ -1,205 +0,0 @@ -From 9c37292171aa9c35fbfb8c1ee2670150b9621190 Mon Sep 17 00:00:00 2001 -From: Phil Sphicas -Date: Wed, 9 Feb 2022 10:04:38 -0800 -Subject: [PATCH 3/8] Create lock CRD as apiextensions.k8s.io/v1 object - -Cherry-pick https://review.opendev.org/c/airship/armada/+/845392 -from upstream keeping the original commit message: - ------ -Kubernetes v1.22 stopped serving the apiextensions.k8s.io/v1beta1 API -version of CustomResourceDefinition. - -This change ensures that the locks.armada.process CRD is created using -the apiextensions.k8s.io/v1 API. - -The kubernetes client package is also updated to take advantage of the -dynamic client. - -(cherry picked from commit c5d39f27cacaa953be43c7d3265bb693db0939d0) - -In addition to the clean cherry-pick add fixes for tests: -- docs language -- protobuf version -- stestr missing - -Closes-Bug: 1978409 -Change-Id: Icd518ab5cbb78e8b15f63d19c51b5f5b9a67e995 ------ - -On top of the upstream cherry-pick we need to enchance build env to -add missing .yaml files. -Change setup.py and add MANIFEST.in to allow proper contents of the -image to be generated. - -Signed-off-by: Dan Voiculeasa ---- - MANIFEST.in | 2 ++ - armada/handlers/k8s.py | 7 +++---- - armada/handlers/lock.py | 42 +++++++++++++++++------------------------ - doc/source/conf.py | 2 +- - requirements.txt | 6 +++--- - setup.py | 2 +- - test-requirements.txt | 1 + - 7 files changed, 28 insertions(+), 34 deletions(-) - create mode 100644 MANIFEST.in - -diff --git a/MANIFEST.in b/MANIFEST.in -new file mode 100644 -index 0000000..61709ba ---- /dev/null -+++ b/MANIFEST.in -@@ -0,0 +1,2 @@ -+include *.yaml -+recursive-include armada *.yaml -diff --git a/armada/handlers/k8s.py b/armada/handlers/k8s.py -index 31b00c7..56cbc26 100644 ---- a/armada/handlers/k8s.py -+++ b/armada/handlers/k8s.py -@@ -57,8 +57,7 @@ class K8s(object): - self.batch_api = client.BatchV1Api(api_client) - self.batch_v1beta1_api = client.BatchV1beta1Api(api_client) - self.custom_objects = client.CustomObjectsApi(api_client) -- self.api_extensions = client.ApiextensionsV1beta1Api(api_client) -- self.extension_api = client.ExtensionsV1beta1Api(api_client) -+ self.api_extensions = client.ApiextensionsV1Api(api_client) - self.apps_v1_api = client.AppsV1Api(api_client) - - def delete_job_action( -@@ -359,10 +358,10 @@ class K8s(object): - - :param crd: custom resource definition to create - -- :type crd: kubernetes.client.V1beta1CustomResourceDefinition -+ :type crd: kubernetes.client.V1CustomResourceDefinition - - :return: new custom resource definition -- :rtype: kubernetes.client.V1beta1CustomResourceDefinition -+ :rtype: kubernetes.client.V1CustomResourceDefinition - """ - return self.api_extensions.create_custom_resource_definition(crd) - -diff --git a/armada/handlers/lock.py b/armada/handlers/lock.py -index bd99d38..54e3eb0 100644 ---- a/armada/handlers/lock.py -+++ b/armada/handlers/lock.py -@@ -281,40 +281,32 @@ class LockConfig: - return lock - - def create_definition(self): -- names = client.V1beta1CustomResourceDefinitionNames( -+ names = client.V1CustomResourceDefinitionNames( - kind="Resource", plural=LOCK_PLURAL, singular=LOCK_SINGULAR) - metadata = client.V1ObjectMeta( - name="{}.{}".format(LOCK_PLURAL, LOCK_GROUP), - resource_version=LOCK_VERSION) -- status = client.V1beta1CustomResourceDefinitionStatus( -- accepted_names=names, -- conditions=[], -- stored_versions=[LOCK_VERSION]) -- spec = client.V1beta1CustomResourceDefinitionSpec( -+ spec = client.V1CustomResourceDefinitionSpec( - group=LOCK_GROUP, - names=names, - scope="Namespaced", -- version=LOCK_VERSION) -- crd = client.V1beta1CustomResourceDefinition( -- spec=spec, -- status=status, -- metadata=metadata, -- kind="CustomResourceDefinition") -+ versions=[ -+ { -+ "name": LOCK_VERSION, -+ "schema": { -+ "openAPIV3Schema": { -+ "type": "object", -+ "x-kubernetes-preserve-unknown-fields": True -+ } -+ }, -+ "served": True, -+ "storage": True, -+ } -+ ]) -+ crd = client.V1CustomResourceDefinition( -+ spec=spec, metadata=metadata, kind="CustomResourceDefinition") - try: - self.k8s.create_custom_resource_definition(crd) -- except ValueError as err: -- # Because of an issue with the Kubernetes code, the API server -- # may return `null` for the required field `conditions` in -- # kubernetes.client.V1beta1CustomResourceDefinitionStatus -- # This causes validation to fail which will raise the subsequent -- # ValueError even though the CRD was created successfully -- # https://github.com/kubernetes-client/gen/issues/52 -- # TODO if this is fixed upstream this should be removed -- known_msg = "Invalid value for `conditions`, must not be `None`" -- known_err = ValueError(known_msg) -- if err.args != known_err.args: -- raise -- LOG.debug("Encountered known issue while creating CRD, continuing") - except ApiException as err: - # If a 409 is received then the definition already exists - if err.status != 409: -diff --git a/doc/source/conf.py b/doc/source/conf.py -index 6ed6273..b4826c7 100644 ---- a/doc/source/conf.py -+++ b/doc/source/conf.py -@@ -78,7 +78,7 @@ author = 'The Airship Authors' - # - # This is also used if you do content translation via gettext catalogs. - # Usually you set "language" from the command line for these cases. --language = None -+language = 'en' - - # List of patterns, relative to source directory, that match files and - # directories to ignore when looking for source files. -diff --git a/requirements.txt b/requirements.txt -index 2d61ca3..c2f9ac2 100644 ---- a/requirements.txt -+++ b/requirements.txt -@@ -6,16 +6,16 @@ jsonschema>=3.0.1,<4 - keystoneauth1>=3.18.0 - keystonemiddleware==5.3.0 - kombu<4.7,>=4.6.10 --kubernetes>=12.0.0 -+kubernetes<23,>=17.0.0 - Paste>=2.0.3 - PasteDeploy>=1.5.2 --protobuf>=3.4.0 -+protobuf>=3.4.0,<3.21 - pylibyaml~=0.1 - pyyaml~=5.1 - requests - retry - setuptools>=40.4.3 --prometheus_client>=0.7.0 -+prometheus_client<0.13.0,>=0.7.0 - - # API - falcon -diff --git a/setup.py b/setup.py -index 7d9b694..8a5a815 100644 ---- a/setup.py -+++ b/setup.py -@@ -5,4 +5,4 @@ try: - except ImportError: - pass - --setuptools.setup(setup_requires=['pbr>=2.0.0'], pbr=True) -+setuptools.setup(setup_requires=['pbr>=2.0.0'], pbr=True, include_package_data=True) -diff --git a/test-requirements.txt b/test-requirements.txt -index 3108c65..e9faa28 100644 ---- a/test-requirements.txt -+++ b/test-requirements.txt -@@ -16,6 +16,7 @@ mock - responses>=0.8.1 - yapf==0.27.0 - flake8-import-order==0.18.1 -+stestr>=1.0.0 # Apache-2.0 - - grpcio-tools==1.16.0 - typing-extensions==3.7.2 --- -2.34.1 - diff --git a/kubernetes/armada/debian/deb_folder/patches/0004-Add-Helm-v2-client-initialization.patch b/kubernetes/armada/debian/deb_folder/patches/0004-Add-Helm-v2-client-initialization.patch deleted file mode 100644 index 7495bab3c..000000000 --- a/kubernetes/armada/debian/deb_folder/patches/0004-Add-Helm-v2-client-initialization.patch +++ /dev/null @@ -1,112 +0,0 @@ -From 1c73f6739eb672b330669fda5e427099c08c3490 Mon Sep 17 00:00:00 2001 -From: Thiago Brito -Date: Thu, 22 Apr 2021 20:00:51 -0300 -Subject: [PATCH 4/8] Add Helm v2 client initialization - -This adds helm v2 client initialization using the tiller -container postStart exec to access helm v2 binary. - -This will perform 'helm init', removes the default repos -'stable' and 'local', and add valid repos that were provided -as overrides. Note that helm will only add repos that exist. - -This expects overrides in this format: -conf: - tiller: - charts_url: 'http://192.168.204.1:8080/helm_charts' - repo_names: - - 'starlingx' - - 'stx-platform' - repos: - stable: https://kubernetes-charts.storage.googleapis.com - -This gives the following result: -helmv2-cli -- helm repo list -NAME URL -stable https://kubernetes-charts.storage.googleapis.com -starlingx http://192.168.204.1:8080/helm_charts/starlingx -stx-platform http://192.168.204.1:8080/helm_charts/stx-platform - -Signed-off-by: Jim Gauld -Signed-off-by: Thiago Brito ---- - charts/armada/templates/deployment-api.yaml | 33 +++++++++++++++++++++ - charts/armada/values.yaml | 10 +++++++ - 2 files changed, 43 insertions(+) - -diff --git a/charts/armada/templates/deployment-api.yaml b/charts/armada/templates/deployment-api.yaml -index 562e3d0..69036c0 100644 ---- a/charts/armada/templates/deployment-api.yaml -+++ b/charts/armada/templates/deployment-api.yaml -@@ -186,6 +186,39 @@ spec: - - -trace - {{- end }} - lifecycle: -+ postStart: -+ exec: -+ command: -+ - sh -+ - "-c" -+ - | -+ /bin/sh <<'EOF' -+ # Delay initialization since postStart handler runs asynchronously and there -+ # is no guarantee it is called before the Container’s entrypoint. -+ sleep 5 -+ # Initialize Helm v2 client. -+ export HELM_HOST=:{{ .Values.conf.tiller.port }} -+ /helm init --client-only --skip-refresh -+ -+ # Moving the ln up so eventual errors on the next commands doesn't prevent -+ # having helm available -+ ln -s -f /helm /tmp/helm -+ -+ # Removes all repos available so we don't get an error removing what -+ # doesn't exist anymore or error re-adding an existing repo -+ /helm repo list | awk '(NR>1){print $1}' | xargs --no-run-if-empty /helm repo rm -+{{- if .Values.conf.tiller.repos }} -+ {{- range $name, $repo := .Values.conf.tiller.repos }} -+ /helm repo add {{ $name }} {{ $repo }} -+ {{- end }} -+{{- end }} -+{{- if .Values.conf.tiller.repo_names }} -+ {{- range .Values.conf.tiller.repo_names }} -+ /helm repo add {{ . }} {{ $envAll.Values.conf.tiller.charts_url }}/{{ . }} -+ {{- end }} -+{{- end }} -+ exit 0 -+ EOF - preStop: - exec: - command: -diff --git a/charts/armada/values.yaml b/charts/armada/values.yaml -index 3a4427e..da45810 100644 ---- a/charts/armada/values.yaml -+++ b/charts/armada/values.yaml -@@ -220,6 +220,10 @@ conf: - # Note: Defaulting to the (default) kubernetes grace period, as anything - # greater than that will have no effect. - prestop_sleep: 30 -+ # Helm v2 initialization -+ charts_url: null -+ repo_names: [] -+ repos: {} - - monitoring: - prometheus: -@@ -325,7 +329,13 @@ pod: - volumes: - - name: kubernetes-client-cache - emptyDir: {} -+ - name: tiller-tmp -+ emptyDir: {} - volumeMounts: -+ - name: tiller-tmp -+ # /tmp is now readOnly due to the security_context on L288, so -+ # mounting an emptyDir -+ mountPath: /tmp - - name: kubernetes-client-cache - # Should be the `$HOME/.kube` of the `runAsUser` above - # as this is where tiller's kubernetes client roots its cache dir. --- -2.34.1 - diff --git a/kubernetes/armada/debian/deb_folder/patches/0005-Tiller-wait-for-postgres-database-ping.patch b/kubernetes/armada/debian/deb_folder/patches/0005-Tiller-wait-for-postgres-database-ping.patch deleted file mode 100644 index e75650b8c..000000000 --- a/kubernetes/armada/debian/deb_folder/patches/0005-Tiller-wait-for-postgres-database-ping.patch +++ /dev/null @@ -1,66 +0,0 @@ -From 0cd23c208587d86ce8b2083bf4f42dadf03e28e2 Mon Sep 17 00:00:00 2001 -From: Dan Voiculeasa -Date: Tue, 11 May 2021 21:04:18 +0300 -Subject: [PATCH 5/8] Tiller wait for postgres database ping - -Networking might not be correctly initialized when tiller starts. - -Modify the pod command to wait for networking to be available before -starting up tiller. - -Signed-off-by: Dan Voiculeasa ---- - charts/armada/templates/deployment-api.yaml | 31 +++++++++++++-------- - 1 file changed, 19 insertions(+), 12 deletions(-) - -diff --git a/charts/armada/templates/deployment-api.yaml b/charts/armada/templates/deployment-api.yaml -index 69036c0..bf23fb2 100644 ---- a/charts/armada/templates/deployment-api.yaml -+++ b/charts/armada/templates/deployment-api.yaml -@@ -167,24 +167,31 @@ spec: - - name: TILLER_HISTORY_MAX - value: {{ .Values.conf.tiller.history_max | quote }} - command: -- - /tiller -+ - sh -+ - -c -+ - | -+ /bin/sh <<'EOF' - {{- if .Values.conf.tiller.storage }} -- - --storage={{ .Values.conf.tiller.storage }} - {{- if and (eq .Values.conf.tiller.storage "sql") (.Values.conf.tiller.sql_dialect) (.Values.conf.tiller.sql_connection) }} -- - --sql-dialect={{ .Values.conf.tiller.sql_dialect }} -- - --sql-connection-string={{ .Values.conf.tiller.sql_connection }} -+ while ! /bin/busybox nc -vz -w 1 {{ .Values.conf.tiller.sql_endpoint_ip}} 5432; do continue; done; - {{- end }} - {{- end }} -- - -listen -- - ":{{ .Values.conf.tiller.port }}" -- - -probe-listen -- - ":{{ .Values.conf.tiller.probe_port }}" -- - -logtostderr -- - -v -- - {{ .Values.conf.tiller.verbosity | quote }} -+ /tiller \ -+{{- if .Values.conf.tiller.storage }} -+ --storage={{ .Values.conf.tiller.storage }} \ -+{{- if and (eq .Values.conf.tiller.storage "sql") (.Values.conf.tiller.sql_dialect) (.Values.conf.tiller.sql_connection) }} -+ --sql-dialect={{ .Values.conf.tiller.sql_dialect }} \ -+ --sql-connection-string={{ .Values.conf.tiller.sql_connection }} \ -+{{- end }} -+{{- end }} -+ -listen ":{{ .Values.conf.tiller.port }}" \ -+ -probe-listen ":{{ .Values.conf.tiller.probe_port }}" \ -+ -logtostderr \ -+ -v {{ .Values.conf.tiller.verbosity | quote }} \ - {{- if .Values.conf.tiller.trace }} -- - -trace -+ -trace - {{- end }} -+ EOF - lifecycle: - postStart: - exec: --- -2.34.1 - diff --git a/kubernetes/armada/debian/deb_folder/patches/0006-Update-the-liveness-probe-to-verify-postgres-connect.patch b/kubernetes/armada/debian/deb_folder/patches/0006-Update-the-liveness-probe-to-verify-postgres-connect.patch deleted file mode 100644 index 5656dab51..000000000 --- a/kubernetes/armada/debian/deb_folder/patches/0006-Update-the-liveness-probe-to-verify-postgres-connect.patch +++ /dev/null @@ -1,45 +0,0 @@ -From 3e34ec8c87ec5cbac79f6299e63fa1c06a75692e Mon Sep 17 00:00:00 2001 -From: Robert Church -Date: Wed, 12 May 2021 02:38:52 -0400 -Subject: [PATCH 6/8] Update the liveness probe to verify postgres connectivity - -Change the tillerLivenessProbeTemplate to test the connectivity to the -postgres backend. We will override the periodSeconds and -failureThreshold when installing the helm chart to trigger a restart of -the tiller pod over a swact when the postgres DB/server moves from one -controller to the other. - -This will help guarantee that the tiller connection is always -reestablished if the connectivity to the postgres backend fails. - -Signed-off-by: Robert Church ---- - charts/armada/templates/deployment-api.yaml | 12 ++++++++---- - 1 file changed, 8 insertions(+), 4 deletions(-) - -diff --git a/charts/armada/templates/deployment-api.yaml b/charts/armada/templates/deployment-api.yaml -index bf23fb2..2b65494 100644 ---- a/charts/armada/templates/deployment-api.yaml -+++ b/charts/armada/templates/deployment-api.yaml -@@ -28,10 +28,14 @@ httpGet: - {{- end }} - - {{- define "tillerLivenessProbeTemplate" }} --httpGet: -- path: /liveness -- port: {{ .Values.conf.tiller.probe_port }} -- scheme: HTTP -+exec: -+ command: -+ - nc -+ - -vz -+ - -w -+ - "1" -+ - {{ .Values.conf.tiller.sql_endpoint_ip}} -+ - "5432" - {{- end }} - - {{- if .Values.manifests.deployment_api }} --- -2.34.1 - diff --git a/kubernetes/armada/debian/deb_folder/patches/0007-Update-postgres-liveness-check-to-support-IPv6-addre.patch b/kubernetes/armada/debian/deb_folder/patches/0007-Update-postgres-liveness-check-to-support-IPv6-addre.patch deleted file mode 100644 index efeb49bdb..000000000 --- a/kubernetes/armada/debian/deb_folder/patches/0007-Update-postgres-liveness-check-to-support-IPv6-addre.patch +++ /dev/null @@ -1,30 +0,0 @@ -From c5a117faafbe1cc6de4200315ba400bdc0c83e40 Mon Sep 17 00:00:00 2001 -From: Robert Church -Date: Sat, 15 May 2021 16:16:41 -0400 -Subject: [PATCH 7/8] Update postgres liveness check to support IPv6 addresses - -Templating will add square brackets for IPv6 addresses which are -interpreted as an array vs. a string. Quote this so that it interpreted -correctly. - -Signed-off-by: Robert Church ---- - charts/armada/templates/deployment-api.yaml | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/charts/armada/templates/deployment-api.yaml b/charts/armada/templates/deployment-api.yaml -index 2b65494..5c4825c 100644 ---- a/charts/armada/templates/deployment-api.yaml -+++ b/charts/armada/templates/deployment-api.yaml -@@ -34,7 +34,7 @@ exec: - - -vz - - -w - - "1" -- - {{ .Values.conf.tiller.sql_endpoint_ip}} -+ - "{{ .Values.conf.tiller.sql_endpoint_ip }}" - - "5432" - {{- end }} - --- -2.34.1 - diff --git a/kubernetes/armada/debian/deb_folder/patches/0008-Add-toleration-to-armada-api.patch b/kubernetes/armada/debian/deb_folder/patches/0008-Add-toleration-to-armada-api.patch deleted file mode 100644 index 442f3deab..000000000 --- a/kubernetes/armada/debian/deb_folder/patches/0008-Add-toleration-to-armada-api.patch +++ /dev/null @@ -1,58 +0,0 @@ -From 9a5b91d35923272c55e998f21ff096b5c0268ad2 Mon Sep 17 00:00:00 2001 -From: Enzo Candotti -Date: Wed, 6 Oct 2021 18:25:10 -0300 -Subject: [PATCH 8/8] Add toleration to armada-api - -Signed-off-by: Yue Tao ---- - charts/armada/templates/deployment-api.yaml | 4 ++++ - charts/armada/templates/tests/test-armada-api.yaml | 4 ++++ - charts/armada/values.yaml | 2 ++ - 3 files changed, 10 insertions(+) - -diff --git a/charts/armada/templates/deployment-api.yaml b/charts/armada/templates/deployment-api.yaml -index 5c4825c..3ee086a 100644 ---- a/charts/armada/templates/deployment-api.yaml -+++ b/charts/armada/templates/deployment-api.yaml -@@ -125,6 +125,10 @@ spec: - initContainers: - {{ tuple $envAll "api" $mounts_armada_api_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} - {{ dict "envAll" $envAll "application" "armada" "container" "armada_api_init" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }} -+{{- with .Values.pod.tolerations.api }} -+ tolerations: -+{{ toYaml . | indent 8 }} -+{{- end }} - containers: - - name: armada-api - {{ tuple $envAll "api" | include "helm-toolkit.snippets.image" | indent 10 }} -diff --git a/charts/armada/templates/tests/test-armada-api.yaml b/charts/armada/templates/tests/test-armada-api.yaml -index 895353a..aa9e37a 100644 ---- a/charts/armada/templates/tests/test-armada-api.yaml -+++ b/charts/armada/templates/tests/test-armada-api.yaml -@@ -32,6 +32,10 @@ metadata: - spec: - {{ dict "envAll" $envAll "application" "api_test" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 2 }} - restartPolicy: Never -+{{- with .Values.pod.tolerations.api }} -+ tolerations: -+{{ toYaml . | indent 4 }} -+{{- end }} - nodeSelector: - {{ .Values.labels.test.node_selector_key }}: {{ .Values.labels.test.node_selector_value }} - containers: -diff --git a/charts/armada/values.yaml b/charts/armada/values.yaml -index da45810..3644706 100644 ---- a/charts/armada/values.yaml -+++ b/charts/armada/values.yaml -@@ -233,6 +233,8 @@ monitoring: - port: 8000 - - pod: -+ tolerations: -+ api: [] - mandatory_access_control: - type: apparmor - armada-api: --- -2.34.1 - diff --git a/kubernetes/armada/debian/deb_folder/patches/series b/kubernetes/armada/debian/deb_folder/patches/series deleted file mode 100644 index cab9923a1..000000000 --- a/kubernetes/armada/debian/deb_folder/patches/series +++ /dev/null @@ -1,8 +0,0 @@ -0001-Revert-Tiller-listen-on-localhost-by-default.patch -0002-Revert-Add-labels-to-Armada-deployment.patch -0003-Create-lock-CRD-as-apiextensions.k8s.io-v1-object.patch -0004-Add-Helm-v2-client-initialization.patch -0005-Tiller-wait-for-postgres-database-ping.patch -0006-Update-the-liveness-probe-to-verify-postgres-connect.patch -0007-Update-postgres-liveness-check-to-support-IPv6-addre.patch -0008-Add-toleration-to-armada-api.patch diff --git a/kubernetes/armada/debian/deb_folder/rules b/kubernetes/armada/debian/deb_folder/rules deleted file mode 100644 index 10e6f9cbc..000000000 --- a/kubernetes/armada/debian/deb_folder/rules +++ /dev/null @@ -1,32 +0,0 @@ -#!/usr/bin/make -f - -export ROOT = debian/armada -export APP_FOLDER = $(ROOT)/opt/extracharts -export CHARTS_STAGING = charts -export APP_NAME = armada -export APP_NAME_FULL = $(CHARTS_STAGING)/$(APP_NAME) - -%: - dh $@ - -override_dh_auto_build: - # Host a server for the charts - cp /usr/lib/helm/armada-helm-toolkit-0.1.0.tgz ./charts - - chartmuseum --debug --port=8879 --context-path='/charts' --storage="local" --storage-local-rootdir="./charts" & - sleep 2 - helm repo add local http://localhost:8879/charts - - helm dependency update $(APP_NAME_FULL) - helm lint $(APP_NAME_FULL) - rm -v -f ./requirements.lock ./requirements.yaml - helm template --set pod.resources.enabled=true $(APP_NAME_FULL) - helm package $(APP_NAME_FULL) - - pkill chartmuseum - - -override_dh_auto_install: - # Install the app tar file. - install -d -m 755 $(APP_FOLDER) - install -p -D -m 755 armada-0.1.0.tgz $(APP_FOLDER) diff --git a/kubernetes/armada/debian/meta_data.yaml b/kubernetes/armada/debian/meta_data.yaml deleted file mode 100644 index 71c775c65..000000000 --- a/kubernetes/armada/debian/meta_data.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -debname: armada -debver: 0.2.0-0 -dl_path: - name: armada-ddbdd7256c20f138737f6cbd772312f7a19f58b8.tar.gz - url: https://github.com/airshipit/armada/tarball/ddbdd7256c20f138737f6cbd772312f7a19f58b8 - md5sum: fd8563e106a48b912b56ac82e8a5d4ee - sha256sum: 4f4db518837f7e89e3d65e024353f49ea341c530533cb986ff50d0781f39bee6 -revision: - dist: $STX_DIST - GITREVCOUNT: - BASE_SRCREV: db16f48a952e3c5da8b2efea7acc723107b2c0a2 - SRC_DIR: ${MY_REPO}/stx/integ/kubernetes/armada diff --git a/kubernetes/armada/distroless/armada-image.stable_docker_image b/kubernetes/armada/distroless/armada-image.stable_docker_image deleted file mode 100644 index f1d9a674b..000000000 --- a/kubernetes/armada/distroless/armada-image.stable_docker_image +++ /dev/null @@ -1,7 +0,0 @@ -BUILDER=script -LABEL=armada-image -SOURCE_REPO=https://github.com/airshipit/armada -SOURCE_REF=ddbdd7256c20f138737f6cbd772312f7a19f58b8 -COMMAND=bash -SCRIPT=build-armada-image.sh -ARGS="armada-image" diff --git a/kubernetes/armada/distroless/build-armada-image.sh b/kubernetes/armada/distroless/build-armada-image.sh deleted file mode 100644 index 15b0dbc6f..000000000 --- a/kubernetes/armada/distroless/build-armada-image.sh +++ /dev/null @@ -1,54 +0,0 @@ -#!/bin/bash -################################################################################ -# Copyright (c) 2022 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# -################################################################################ - -PROJECT=$1 -IMAGE_TAG=$2 - -if [ -z "${IMAGE_TAG}" ]; then - echo "image tag must be specified. build ${PROJECT} Aborting..." >&2 - exit 1 -fi - -# Copy patches from: -# https://opendev.org/starlingx/integ/src/branch/master/kubernetes/armada/debian/deb_folder/patches -tmp_dir=$(mktemp -d -t armada-XXXXXXXXXX --tmpdir=/tmp) -pushd ${tmp_dir} -git clone https://opendev.org/starlingx/integ/ -if [ $? -ne 0 ]; then - echo "Failed to clone patches for ${PROJECT}. Aborting..." >&2 - exit 1 -fi -popd -cp -r ${tmp_dir}/integ/kubernetes/armada/debian/deb_folder/patches . -rm -rf ${tmp_dir} - -# Apply patches -pushd patches -cat series | xargs -n 1 git am -if [ $? -ne 0 ]; then - echo "Failed to apply patches for ${PROJECT}. Aborting..." >&2 - exit 1 -fi -popd - -# Use Makefile to build images -make images -if [ $? -ne 0 ]; then - echo "Failed to make ${PROJECT} image. Aborting..." >&2 - exit 1 -fi - -RETVAL=0 -docker tag quay.io/airshipit/armada:latest-ubuntu_bionic "${IMAGE_TAG}" -if [ $? -ne 0 ]; then - echo "Failed to tag ${PROJECT} with ${IMAGE_TAG}. Aborting..." >&2 - RETVAL=1 -fi - -docker rmi quay.io/airshipit/armada:latest-ubuntu_bionic -exit ${RETVAL} diff --git a/kubernetes/helm/centos/files/helmv2-cli.sh b/kubernetes/helm/centos/files/helmv2-cli.sh deleted file mode 100644 index ff61d5235..000000000 --- a/kubernetes/helm/centos/files/helmv2-cli.sh +++ /dev/null @@ -1,141 +0,0 @@ -#!/bin/bash - -# Copyright (c) 2020 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# - -# This script is wrapper to Helm v2 client, providing access to containerized -# armada/tiller managed charts. - -# There are two modes of operation: -# - no command specified: this is an interactive BusyBox shell -# - command and options specified: this executes a single helm v2 command - -set -euo pipefail - -# Define minimal path -PATH=/bin:/usr/bin:/usr/local/bin - -# Process input options -SCRIPT=$(basename $0) -OPTS=$(getopt -o dh --long debug,help -n ${SCRIPT} -- "$@") -if [ $? != 0 ]; then - echo "Failed parsing options." >&2 - exit 1 -fi -eval set -- "$OPTS" - -DEBUG=false -HELP=false -while true; do - case "$1" in - -d | --debug ) DEBUG=true; shift ;; - -h | --help ) HELP=true; shift ;; - -- ) shift; break ;; - * ) break ;; - esac -done - -# Treat remaining arguments as commands + options -shift $((OPTIND-1)) -OTHERARGS="$@" - -if [ ${HELP} == 'true' ]; then - echo "Usage: ${SCRIPT} [-d|--debug] [-h|--help] -- [command] [options]" - echo "Options:" - echo " -d | --debug : display initialization information" - echo " -h | --help : this help" - echo - echo "Command option examples:" - echo " helmv2-cli -- helm search" - echo " helmv2-cli -- helm list" - echo " helmv2-cli -- helm list --namespace openstack --pending" - exit 0 -fi - -# Logger setup -LOG_FACILITY=user -LOG_PRIORITY=info -function LOG { - logger -t "${0##*/}[$$]" -p ${LOG_FACILITY}.${LOG_PRIORITY} "$@" - echo "${0##*/}[$$]" "$@" -} -function ERROR { - MSG="ERROR" - echo "${MSG} $@" >&2 - LOG "${MSG} $@" -} - -# Determine running armada pods, including list of status conditions -# This jsonpath gives the following output format per pod: -# armada-api-bc77f956d-jwl4n::Initialized=True:Ready=True:ContainersReady=True:PodScheduled=True -JSONPATH='{range .items[*]}{"\n"}{@.metadata.name}:{@.metadata.deletionTimestamp}{range @.status.conditions[*]}{":"}{@.type}={@.status}{end}{end}' -ARMADA_PODS=( $(kubectl get pods -n armada \ - --selector=application=armada,component=api \ - --field-selector status.phase=Running \ - --output=jsonpath="${JSONPATH}") ) -if [ ${#ARMADA_PODS[@]} -eq 0 ]; then - ERROR "Could not find armada pod." - exit 1 -fi -if [ ${DEBUG} == 'true' ]; then - LOG "Found armada pods: ${ARMADA_PODS[@]}" -fi - -# Get first available Running and Ready armada pod, with tiller container we can exec -POD="" -for LINE in "${ARMADA_PODS[@]}"; do - # match only Ready pods with nil deletionTimestamp - if [[ $LINE =~ ::.*Ready=True ]]; then - # extract pod name, it is first element delimited by : - A=( ${LINE/:/ } ) - P=${A[0]} - else - continue - fi - - kubectl exec -it -n armada ${P} -c tiller -- pwd 1>/dev/null 2>/dev/null - RC=$? - if [ ${RC} -eq 0 ]; then - POD=${P} - break - fi -done -if [ -z "${POD}" ]; then - ERROR "Could not find armada pod." - exit 1 -fi -if [ ${DEBUG} == 'true' ]; then - LOG "Found armada pod: ${POD}" -fi - -# Determine tiller listen port (configured by armada chart) -# armada-api is container index 0, tiller is container index 1 -TILLER_PORT=$(kubectl get pod -n armada ${POD} \ - --output=jsonpath={.spec.containers[1].ports[0].containerPort}) -if [ -z "${TILLER_PORT}" ]; then - ERROR "Could not find tiller listen port." - exit 1 -fi -if [ ${DEBUG} == 'true' ]; then - LOG "Found tiller listen port: ${TILLER_PORT}" -fi - -# Launch BusyBox shell with access to local tiller. -# Can execute helm v2 commands as '/helm' or 'helm'. -if [ ${DEBUG} == 'true' ]; then - LOG "Launching Helm-v2 client" -fi -HELM_HOST=":${TILLER_PORT}" -if [ -z "${OTHERARGS}" ]; then - # Interactive BusyBox shell - kubectl exec -it -n armada ${POD} -c tiller -- \ - /bin/sh -c "PATH=${PATH}:/tmp PS1='Helm-v2 \h:\w $ ' HELM_HOST=${HELM_HOST} /bin/sh" -else - # Execute single helm v2 command in BusyBox shell - kubectl exec -n armada ${POD} -c tiller -- \ - /bin/sh -c "PATH=${PATH}:/tmp HELM_HOST=${HELM_HOST} /bin/sh -c '$OTHERARGS'" -fi - -exit 0 diff --git a/kubernetes/helm/centos/helm.spec b/kubernetes/helm/centos/helm.spec index ab6e8c907..b07267cfb 100644 --- a/kubernetes/helm/centos/helm.spec +++ b/kubernetes/helm/centos/helm.spec @@ -52,7 +52,6 @@ cp -R mapkubeapis %{buildroot}/usr/local/share/helm/plugins/ %defattr(-,root,root,-) %{_sbindir}/helm /usr/local/sbin/helm-upload -/usr/local/sbin/helmv2-cli %{_sysconfdir}/sudoers.d/helm /usr/local/share/helm/plugins/2to3/* /usr/local/share/helm/plugins/mapkubeapis/* diff --git a/kubernetes/helm/debian/deb_folder/helm.install b/kubernetes/helm/debian/deb_folder/helm.install index 37b0a4bc2..e1a2dc6bd 100644 --- a/kubernetes/helm/debian/deb_folder/helm.install +++ b/kubernetes/helm/debian/deb_folder/helm.install @@ -1,7 +1,6 @@ etc/sudoers.d/helm usr/sbin/helm usr/local/sbin/helm-upload -usr/local/sbin/helmv2-cli usr/local/share/helm usr/local/share/helm/plugins usr/local/share/helm/plugins/mapkubeapis diff --git a/kubernetes/helm/debian/deb_folder/rules b/kubernetes/helm/debian/deb_folder/rules index 19eba92b7..6bac58e6f 100755 --- a/kubernetes/helm/debian/deb_folder/rules +++ b/kubernetes/helm/debian/deb_folder/rules @@ -26,7 +26,6 @@ override_dh_auto_install: install -d -m 755 $(ROOT)/usr/local/sbin install -p -D -m 755 $(HELM_EXECUTABLE) $(SBINDIR) install -p -D -m 755 helm-upload $(ROOT)/usr/local/sbin - install -p -D -m 755 helmv2-cli.sh $(ROOT)/usr/local/sbin/helmv2-cli install -d -m 755 $(SUDOERDIR) install -p -D -m 440 helm.sudo $(SUDOERDIR)/helm install -d -m 755 $(ROOT)/usr/local/share/helm