fix: various upgrade fixes

2022-09-20 14:54:33 +02:00 · 2022-09-20 14:54:33 +02:00 · 048b113b1e
commit 048b113b1e
parent cb582cf14e
10 changed files with 54 additions and 40 deletions
--- a/admin/migrate_argo_values.py
+++ b/admin/migrate_argo_values.py
@ -13,15 +13,27 @@ def migrate(values):
        values["clusterName"] = values["ClusterName"]
        values.pop("ClusterName")

-    # Create new clusterwide cloudprovider data if possible
+    # Remove HighAvailableControlplane
    try:
-        if values["cert-manager"]["clusterIssuer"]["solvers"][0]["dns01"]["route53"]["regions"]:
+        values["global"]["highAvailable"] = values["HighAvailableControlplane"]
+        values.pop("HighAvailableControlplane")
+    except KeyError:
+        pass
+
+    # Create new clusterwide cloudprovider data if possible
+    # IamArn: arn:aws:iam::<ACCOUNT_ID>:role/<REGION>.<CLUSTERNAME>.cert-manager
+    try:
+        if values["cert-manager"]["IamArn"]:
+            account_id = values["cert-manager"]["IamArn"].split(":")[4]
+            region = values["cert-manager"]["IamArn"].split(":")[5].split('.')[0].split('/')[1]
            if "global" not in values:
                values["global"] = {}
            if "aws" not in values["global"]:
                values["global"]["aws"] = {}

-            values["global"]["aws"]["region"] = values["cert-manager"]["clusterIssuer"]["solvers"][0]["dns01"]["route53"]["region"]
+            values["global"]["aws"]["region"] = region
+            values["global"]["aws"]["accountId"] = account_id
+
    except KeyError:
        pass

--- a/admin/upgrade_cluster.sh
+++ b/admin/upgrade_cluster.sh
@ -128,9 +128,8 @@ all_nodes_upgrade "mount --make-shared /host/sys/fs/cgroup; mount --make-shared

 control_plane_upgrade kubeadm_upgrade

-echo "Adjust kubezero-values as needed: (eg. set cilium cluster id etc)"
-echo "kubectl edit cm kubezero-values -n kube-system"
-read
+echo "Adjust kubezero-values as needed: (eg. set cilium cluster id etc):"
+kubectl edit cm kubezero-values -n kube-system

 # Remove multus DS due to label changes, if this fails:
 # kubezero-network $ helm template . --set multus.enabled=true | kubectl apply -f -
--- a/charts/kubezero-addons/charts/aws-node-termination-handler/templates/deployment.yaml
+++ b/charts/kubezero-addons/charts/aws-node-termination-handler/templates/deployment.yaml
@ -168,9 +168,9 @@ spec:
              {{- toYaml . | nindent 12 }}
            {{- end }}
          ports:
-            - name: liveness-probe
-              protocol: TCP
-              containerPort: {{ .Values.probes.httpGet.port }}
+           - name: liveness-probe
+             protocol: TCP
+             containerPort: {{ .Values.probes.httpGet.port }}
          {{- if .Values.enablePrometheusServer }}
           - name: http-metrics
             protocol: TCP
--- a/charts/kubezero-addons/nth.patch
+++ b/charts/kubezero-addons/nth.patch
@ -1,19 +1,6 @@
 diff -tuNr charts/aws-node-termination-handler.orig/templates/deployment.yaml charts/aws-node-termination-handler/templates/deployment.yaml
 --- charts/aws-node-termination-handler.orig/templates/deployment.yaml	2022-01-26 18:01:36.123482217 +0100
 +++ charts/aws-node-termination-handler/templates/deployment.yaml	2022-01-26 18:08:21.464304621 +0100
-@@ -161,9 +161,9 @@
-               {{- toYaml . | nindent 12 }}
-             {{- end }}
-           ports:
-           - name: liveness-probe
-             protocol: TCP
-             containerPort: {{ .Values.probes.httpGet.port }}
-+            - name: liveness-probe
-+              protocol: TCP
-+              containerPort: {{ .Values.probes.httpGet.port }}
-           {{- if .Values.enablePrometheusServer }}
-             - name: http-metrics
-               protocol: TCP
@@ -175,13 +175,23 @@
           resources:
             {{- toYaml . | nindent 12 }}
--- a/charts/kubezero/README.md
+++ b/charts/kubezero/README.md
@ -1,6 +1,6 @@
 # kubezero

-![Version: 1.23.10-3](https://img.shields.io/badge/Version-1.23.10--3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
+![Version: 1.23.11](https://img.shields.io/badge/Version-1.23.11-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)

 KubeZero - Root App of Apps chart

@ -24,8 +24,11 @@ Kubernetes: `>= 1.20.0`

 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
-| HighAvailableControlplane | bool | `false` |  |
+| addons.aws-node-termination-handler | object | `{}` |  |
+| addons.clusterBackup | object | `{}` |  |
 | addons.enabled | bool | `true` |  |
+| addons.external-dns | object | `{}` |  |
+| addons.forseti | object | `{}` |  |
 | addons.targetRevision | string | `"0.6.2"` |  |
 | argocd.enabled | bool | `false` |  |
 | argocd.istio.enabled | bool | `false` |  |
@ -34,6 +37,8 @@ Kubernetes: `>= 1.20.0`
 | cert-manager.enabled | bool | `false` |  |
 | cert-manager.namespace | string | `"cert-manager"` |  |
 | cert-manager.targetRevision | string | `"0.9.2"` |  |
+| global.clusterName | string | `"zdt-trial-cluster"` |  |
+| global.highAvailable | bool | `false` |  |
 | istio-ingress.chart | string | `"kubezero-istio-gateway"` |  |
 | istio-ingress.enabled | bool | `false` |  |
 | istio-ingress.gateway.service | object | `{}` |  |
@ -58,14 +63,15 @@ Kubernetes: `>= 1.20.0`
 | metrics.istio.grafana | object | `{}` |  |
 | metrics.istio.prometheus | object | `{}` |  |
 | metrics.namespace | string | `"monitoring"` |  |
-| metrics.targetRevision | string | `"0.8.1"` |  |
+| metrics.targetRevision | string | `"0.8.5"` |  |
+| network.cilium.cluster | object | `{}` |  |
 | network.enabled | bool | `true` |  |
 | network.retain | bool | `true` |  |
 | network.targetRevision | string | `"0.3.3"` |  |
 | storage.aws-ebs-csi-driver.enabled | bool | `false` |  |
 | storage.aws-efs-csi-driver.enabled | bool | `false` |  |
 | storage.enabled | bool | `false` |  |
-| storage.targetRevision | string | `"0.7.0"` |  |
+| storage.targetRevision | string | `"0.7.1"` |  |

 ----------------------------------------------
 Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0)
--- a/charts/kubezero/templates/addons.yaml
+++ b/charts/kubezero/templates/addons.yaml
@ -7,8 +7,8 @@ clusterBackup:
  {{- toYaml . | nindent 2 }}
  {{- end }}

-  # AWS
  {{- if .Values.global.aws }}
+  # AWS
  extraEnv:
    - name: AWS_DEFAULT_REGION
      value: {{ .Values.global.aws.region }}
@ -21,8 +21,8 @@ forseti:
  {{- toYaml . | nindent 2 }}
  {{- end }}

-  # AWS
  {{- if .Values.global.aws }}
+  # AWS
  aws:
    region: {{ $.Values.global.aws.region }}
    iamRoleArn: "arn:aws:iam::{{ .Values.global.aws.accountId }}:role/{{ .Values.global.aws.region }}.{{ .Values.global.clusterName }}.kubezeroForseti"
--- a/charts/kubezero/templates/istio.yaml
+++ b/charts/kubezero/templates/istio.yaml
@ -2,7 +2,7 @@
 istiod:
  telemetry:
    enabled: {{ $.Values.metrics.enabled }}
-{{- if .Values.HighAvailableControlplane }}
+{{- if .Values.global.highAvailable }}
  pilot:
    replicaCount: 2
 global:
--- a/charts/kubezero/templates/network.yaml
+++ b/charts/kubezero/templates/network.yaml
@ -15,13 +15,17 @@ cilium:
  enabled: true

  cluster:
+    name: {{ .Values.global.clusterName }}
    {{- with .Values.network.cilium.cluster.id }}
    id: {{ . }}
+  ipam:
+    operator:
+      clusterPoolIPv4PodCIDRList:
+        - 10.{{ . }}.0.0/16
    {{- end }}
-    name: {{ $.Values.global.clusterName }}

  prometheus:
-    enabled: {{ $.Values.metrics.enabled }}
+    enabled: {{ .Values.metrics.enabled }}

 {{- with index .Values "network" "metallb" }}
 metallb:
--- a/charts/kubezero/templates/storage.yaml
+++ b/charts/kubezero/templates/storage.yaml
@ -15,7 +15,7 @@ gemini:
 aws-ebs-csi-driver:
  enabled: {{ default false (index .Values "storage" "aws-ebs-csi-driver" "enabled")}}
  controller:
-    replicaCount: {{ ternary 2 1 .Values.HighAvailableControlplane }}
+    replicaCount: {{ ternary 2 1 .Values.global.highAvailable }}
    k8sTagClusterId: {{ .Values.global.clusterName }}
    env:
    - name: AWS_ROLE_ARN
@ -25,7 +25,7 @@ aws-ebs-csi-driver:
    - name: AWS_STS_REGIONAL_ENDPOINTS
      value: regional

-    {{- if .Values.HighAvailableControlplane }}
+    {{- if .Values.global.highAvailable }}
    affinity:
      podAntiAffinity:
        requiredDuringSchedulingIgnoredDuringExecution:
@ -40,7 +40,7 @@ aws-ebs-csi-driver:

 aws-efs-csi-driver:
  enabled: {{ default false (index .Values "storage" "aws-efs-csi-driver" "enabled")}}
-  replicaCount: {{ ternary 2 1 .Values.HighAvailableControlplane }}
+  replicaCount: {{ ternary 2 1 .Values.global.highAvailable }}
  controller:
    extraEnv:
    - name: AWS_ROLE_ARN
@ -51,7 +51,7 @@ aws-efs-csi-driver:
      value: regional

    # The EFS controller steel needs hostnetwork and cannot update on single node control planes otherwise
-    {{- if not .Values.HighAvailableControlplane }}
+    {{- if not .Values.global.highAvailable }}
    updateStrategy: Recreate
    {{- else }}
    affinity:
--- a/charts/kubezero/values.yaml
+++ b/charts/kubezero/values.yaml
@ -4,15 +4,21 @@ kubezero:
  defaultTargetRevision: '*'
  gitSync: {}

-HighAvailableControlplane: false
+global:
+  highAvailable: false
+  clusterName: zdt-trial-cluster

 addons:
  enabled: true
  targetRevision: 0.6.2
-  external-dns: {}
-  forseti: {}
-  clusterBackup: {}
-  aws-node-termination-handler: {}
+  external-dns:
+    enabled: false
+  forseti:
+    enabled: false
+  clusterBackup:
+    enabled: false
+  aws-node-termination-handler:
+    enabled: false

 network:
  enabled: true