From 00acc8f8549fbda9649de1f42d299e015f084c61 Mon Sep 17 00:00:00 2001 From: Kubeshop <174873053+ed382@users.noreply.github.com> Date: Mon, 21 Oct 2024 20:30:45 +0200 Subject: [PATCH 1/4] fix: remove nats preupgrade hook --- .../testkube/templates/pre-upgrade-nats.yaml | 95 ------------------- .../templates/pre-upgrade-sa-nats.yaml | 57 ----------- charts/testkube/values-demo.yaml | 38 -------- charts/testkube/values-develop.yaml | 37 -------- charts/testkube/values-stage.yaml | 40 +------- charts/testkube/values.yaml | 38 -------- 6 files changed, 1 insertion(+), 304 deletions(-) delete mode 100644 charts/testkube/templates/pre-upgrade-nats.yaml delete mode 100644 charts/testkube/templates/pre-upgrade-sa-nats.yaml diff --git a/charts/testkube/templates/pre-upgrade-nats.yaml b/charts/testkube/templates/pre-upgrade-nats.yaml deleted file mode 100644 index 5c0047e3c..000000000 --- a/charts/testkube/templates/pre-upgrade-nats.yaml +++ /dev/null @@ -1,95 +0,0 @@ -{{- if .Values.preUpgradeHookNATS.enabled -}} -apiVersion: batch/v1 -kind: Job -metadata: - name: "{{ .Values.preUpgradeHookNATS.name }}" - labels: - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - job-name: pre-upgrade - {{- if .Values.global.labels }} - {{- include "global.tplvalues.render" ( dict "value" .Values.global.labels "context" $ ) | nindent 4 }} - {{- end }} - annotations: - "helm.sh/hook": pre-upgrade - "helm.sh/hook-weight": "5" - "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation - {{- if .Values.global.annotations}} - {{- include "global.tplvalues.render" ( dict "value" .Values.global.annotations "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.preUpgradeHookNATS.annotations }} - {{- include "global.tplvalues.render" ( dict "value" .Values.preUpgradeHookNATS.annotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - {{- if .Values.preUpgradeHookNATS.ttlSecondsAfterFinished }} - ttlSecondsAfterFinished: {{ .Values.preUpgradeHookNATS.ttlSecondsAfterFinished }} - {{- end }} - template: - metadata: - name: "{{ .Values.preUpgradeHookNATS.name }}" - labels: - app.kubernetes.io/component: nats - app.kubernetes.io/name: "{{ .Values.preUpgradeHookNATS.name }}" - {{- if .Values.global.labels }} - {{- include "global.tplvalues.render" ( dict "value" .Values.global.labels "context" $ ) | nindent 8 }} - {{- end }} - {{- if .Values.preUpgradeHookNATS.labels }} - {{- include "global.tplvalues.render" ( dict "value" .Values.preUpgradeHookNATS.labels "context" $ ) | nindent 8 }} - {{- end }} - {{- if or .Values.global.annotations .Values.preUpgradeHookNATS.podAnnotations }} - annotations: - {{- if .Values.global.annotations}} - {{- include "global.tplvalues.render" ( dict "value" .Values.global.annotations "context" $ ) | nindent 8 }} - {{- end }} - {{- if .Values.preUpgradeHookNATS.podAnnotations }} - {{- include "global.tplvalues.render" ( dict "value" .Values.preUpgradeHookNATS.podAnnotations "context" $ ) | nindent 8 }} - {{- end }} - {{- end }} - spec: - serviceAccountName: "{{ .Values.preUpgradeHookNATS.name }}" - {{- include "global.images.renderPullSecrets" (dict "global" .Values.global "secretPath" .Values.preUpgradeHookNATS.image.pullSecrets) | nindent 6 }} - containers: - - name: kubectl - image: {{ include "global.images.image" (dict "imageRoot" .Values.preUpgradeHookNATS.image "global" .Values.global) }} - imagePullPolicy: {{ .Values.preUpgradeHookNATS.image.pullPolicy }} - {{- if .Values.preUpgradeHookNATS.resources }} - resources: {{- toYaml .Values.preUpgradeHookNATS.resources | nindent 10 }} - {{- end }} - command: - - /bin/bash - - -c - - > - export deployment_name=$(kubectl get deployments -n {{ .Release.Namespace }} -o custom-columns=NAME:.metadata.name | grep 'box'); - export sts_name=$(kubectl get sts -n {{ .Release.Namespace }} -o custom-columns=NAME:.metadata.name | grep 'nats'); - export current_nats_version=$(kubectl get sts $sts_name -o=jsonpath='{$.metadata.labels}' -n {{ .Release.Namespace }} | awk -F'chart' '{print $2}' | awk -F'[^0-9]+' '{ print $2"."$3"."$4 }'); - - if [ "$current_nats_version" = "0.19.1" ]; - then kubectl delete deployment $deployment_name -n {{ .Release.Namespace }}; - kubectl delete sts $sts_name -n {{ .Release.Namespace }}; - else echo "NATS version is up-to-date"; - fi - securityContext: - {{- toYaml .Values.preUpgradeHookNATS.securityContext | nindent 10 }} - securityContext: - {{- toYaml .Values.preUpgradeHookNATS.podSecurityContext | nindent 8 }} - restartPolicy: Never - {{- if .Values.preUpgradeHookNATS.tolerations }} - tolerations: - {{- toYaml .Values.preUpgradeHookNATS.tolerations | nindent 6 }} - {{- else if .Values.global.tolerations }} - tolerations: - {{- toYaml .Values.global.tolerations | nindent 6 }} - {{- end }} - {{- if .Values.preUpgradeHookNATS.affinity }} - affinity: - {{- toYaml .Values.preUpgradeHookNATS.affinity | nindent 8 }} - {{- else if .Values.global.affinity }} - affinity: - {{- toYaml .Values.global.affinity | nindent 8 }} - {{- end }} - {{- if .Values.preUpgradeHookNATS.nodeSelector }} - nodeSelector: {{ toYaml .Values.preUpgradeHookNATS.nodeSelector | nindent 8 }} - {{- end }} - {{- if .Values.global.nodeSelector }} - nodeSelector: {{ toYaml .Values.global.nodeSelector | nindent 8 }} - {{- end }} - {{- end }} diff --git a/charts/testkube/templates/pre-upgrade-sa-nats.yaml b/charts/testkube/templates/pre-upgrade-sa-nats.yaml deleted file mode 100644 index dd47219d6..000000000 --- a/charts/testkube/templates/pre-upgrade-sa-nats.yaml +++ /dev/null @@ -1,57 +0,0 @@ -{{- if .Values.preUpgradeHookNATS.serviceAccount.create }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: "{{ .Values.preUpgradeHookNATS.name }}" - labels: - {{- if .Values.global.labels }} - {{- include "global.tplvalues.render" ( dict "value" .Values.global.labels "context" $ ) | nindent 4 }} - {{- end }} - annotations: - "helm.sh/hook": pre-upgrade,post-upgrade - "helm.sh/hook-weight": "4" - "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation -{{- end }} - -{{- if .Values.preUpgradeHookNATS.serviceAccount.create }} ---- -kind: Role -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: "{{ .Values.preUpgradeHookNATS.name }}" - labels: - {{- if .Values.global.labels }} - {{- include "global.tplvalues.render" ( dict "value" .Values.global.labels "context" $ ) | nindent 4 }} - {{- end }} - annotations: - "helm.sh/hook": pre-upgrade,post-upgrade - "helm.sh/hook-weight": "4" - "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation -rules: - - apiGroups: ["apps"] - resources: ["deployments", "deployments/scale", "statefulsets"] - verbs: ["create","delete","get","list","patch","update","watch"] -{{- end }} - -{{- if .Values.preUpgradeHookNATS.serviceAccount.create }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: "{{ .Values.preUpgradeHookNATS.name }}" - labels: - {{- if .Values.global.labels }} - {{- include "global.tplvalues.render" ( dict "value" .Values.global.labels "context" $ ) | nindent 4 }} - {{- end }} - annotations: - "helm.sh/hook": pre-upgrade,post-upgrade - "helm.sh/hook-weight": "4" - "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: "{{ .Values.preUpgradeHookNATS.name }}" -subjects: - - kind: ServiceAccount - name: "{{ .Values.preUpgradeHookNATS.name }}" -{{- end }} diff --git a/charts/testkube/values-demo.yaml b/charts/testkube/values-demo.yaml index 1eec34ef9..703047adc 100644 --- a/charts/testkube/values-demo.yaml +++ b/charts/testkube/values-demo.yaml @@ -109,44 +109,6 @@ mongodb: updateStrategy: type: Recreate -# -- NATS pre-upgrade parameters -preUpgradeHookNATS: - # -- Upgrade hook is enabled - enabled: true - # -- Upgrade hook name - name: nats-upgrade - ## -- TTL (time to live) mechanism to limit the lifetime of Job objects that have finished execution, specified in seconds - ttlSecondsAfterFinished: 100 - ## -- Specific labels - labels: {} - ## -- Annotations to add to the upgrade Job - annotations: {} - ## -- Annotations to add to the upgrade Job's pod - podAnnotations: {} - # -- Specify image - image: - registry: docker.io - repository: bitnami/kubectl - tag: 1.28.2 - pullPolicy: IfNotPresent - pullSecrets: [] - # -- Specify resource limits and requests - resources: {} - # -- Create SA for upgrade hook - serviceAccount: - create: true - # -- Node labels for pod assignment. - nodeSelector: {} - # ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod - # -- MongoDB Upgrade Pod Security Context - podSecurityContext: {} - # ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container - # -- Security Context for MongoDB Upgrade kubectl container - securityContext: {} - # ref: https://cloud.google.com/kubernetes-engine/docs/how-to/prepare-arm-workloads-for-deployment#node-affinity-multi-arch-arm - # -- Tolerations to schedule a workload to nodes with any architecture type. Required for deployment to GKE cluster. - tolerations: [] - # -- NATS chart parameters nats: # NATS container settings diff --git a/charts/testkube/values-develop.yaml b/charts/testkube/values-develop.yaml index aac288cc0..c17491887 100644 --- a/charts/testkube/values-develop.yaml +++ b/charts/testkube/values-develop.yaml @@ -111,43 +111,6 @@ mongodb: updateStrategy: type: Recreate -# -- NATS pre-upgrade parameters -preUpgradeHookNATS: - # -- Upgrade hook is enabled - enabled: true - # -- Upgrade hook name - name: nats-upgrade - ## -- TTL (time to live) mechanism to limit the lifetime of Job objects that have finished execution, specified in seconds - ttlSecondsAfterFinished: 100 - ## -- Specific labels - labels: {} - ## -- Annotations to add to the upgrade Job - annotations: {} - ## -- Annotations to add to the upgrade Job's pod - podAnnotations: {} - # -- Specify image - image: - registry: docker.io - repository: bitnami/kubectl - tag: 1.28.2 - pullPolicy: IfNotPresent - pullSecrets: [] - # -- Specify resource limits and requests - resources: {} - # -- Create SA for upgrade hook - serviceAccount: - create: true - # -- Node labels for pod assignment. - nodeSelector: {} - # ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod - # -- MongoDB Upgrade Pod Security Context - podSecurityContext: {} - # ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container - # -- Security Context for MongoDB Upgrade kubectl container - securityContext: {} - # ref: https://cloud.google.com/kubernetes-engine/docs/how-to/prepare-arm-workloads-for-deployment#node-affinity-multi-arch-arm - # -- Tolerations to schedule a workload to nodes with any architecture type. Required for deployment to GKE cluster. - tolerations: [] # NATS values nats: # NATS container settings diff --git a/charts/testkube/values-stage.yaml b/charts/testkube/values-stage.yaml index efd0394d6..4d36b5f99 100644 --- a/charts/testkube/values-stage.yaml +++ b/charts/testkube/values-stage.yaml @@ -115,44 +115,6 @@ testkube-logs: nameOverride: logs nodeSelector: {} -# -- NATS pre-upgrade parameters -preUpgradeHookNATS: - # -- Upgrade hook is enabled - enabled: true - # -- Upgrade hook name - name: nats-upgrade - ## -- TTL (time to live) mechanism to limit the lifetime of Job objects that have finished execution, specified in seconds - ttlSecondsAfterFinished: 100 - ## -- Specific labels - labels: {} - ## -- Annotations to add to the upgrade Job - annotations: {} - ## -- Annotations to add to the upgrade Job's pod - podAnnotations: {} - # -- Specify image - image: - registry: docker.io - repository: bitnami/kubectl - tag: 1.28.2 - pullPolicy: IfNotPresent - pullSecrets: [] - # -- Specify resource limits and requests - resources: {} - # -- Create SA for upgrade hook - serviceAccount: - create: true - # -- Node labels for pod assignment. - nodeSelector: {} - # ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod - # -- MongoDB Upgrade Pod Security Context - podSecurityContext: {} - # ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container - # -- Security Context for MongoDB Upgrade kubectl container - securityContext: {} - # ref: https://cloud.google.com/kubernetes-engine/docs/how-to/prepare-arm-workloads-for-deployment#node-affinity-multi-arch-arm - # -- Tolerations to schedule a workload to nodes with any architecture type. Required for deployment to GKE cluster. - tolerations: [] - nats: podTemplate: merge: @@ -380,4 +342,4 @@ testkube-operator: testConnection: enabled: true - nodeSelector: {} \ No newline at end of file + nodeSelector: {} diff --git a/charts/testkube/values.yaml b/charts/testkube/values.yaml index 7ee85d698..f705d6db6 100644 --- a/charts/testkube/values.yaml +++ b/charts/testkube/values.yaml @@ -103,44 +103,6 @@ preUpgradeHook: # -- Tolerations to schedule a workload to nodes with any architecture type. Required for deployment to GKE cluster. tolerations: [] -# -- NATS pre-upgrade parameters -preUpgradeHookNATS: - # -- Upgrade hook is enabled - enabled: true - # -- Upgrade hook name - name: nats-upgrade - ## -- TTL (time to live) mechanism to limit the lifetime of Job objects that have finished execution, specified in seconds - ttlSecondsAfterFinished: 100 - ## -- Specific labels - labels: {} - ## -- Annotations to add to the upgrade Job - annotations: {} - ## -- Annotations to add to the upgrade Job's pod - podAnnotations: {} - # -- Specify image - image: - registry: docker.io - repository: bitnami/kubectl - tag: 1.28.2 - pullPolicy: IfNotPresent - pullSecrets: [] - # -- Specify resource limits and requests - resources: {} - # -- Create SA for upgrade hook - serviceAccount: - create: true - # -- Node labels for pod assignment. - nodeSelector: {} - # ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod - # -- MongoDB Upgrade Pod Security Context - podSecurityContext: {} - # ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container - # -- Security Context for MongoDB Upgrade kubectl container - securityContext: {} - # ref: https://cloud.google.com/kubernetes-engine/docs/how-to/prepare-arm-workloads-for-deployment#node-affinity-multi-arch-arm - # -- Tolerations to schedule a workload to nodes with any architecture type. Required for deployment to GKE cluster. - tolerations: [] - # MongoDB parameters # For more configuration parameters of MongoDB chart please look here: https://github.com/bitnami/charts/tree/master/bitnami/mongodb#parameters mongodb: From 8d725afb1919b92d0fa370a5d205d67e9749ca36 Mon Sep 17 00:00:00 2001 From: Kubeshop <174873053+ed382@users.noreply.github.com> Date: Tue, 22 Oct 2024 19:50:48 +0200 Subject: [PATCH 2/4] fix: remove mongodb preupgrade hook --- charts/testkube/templates/pre-upgrade-sa.yaml | 60 ------------ charts/testkube/templates/pre-upgrade.yaml | 92 ------------------- charts/testkube/values.yaml | 38 -------- 3 files changed, 190 deletions(-) delete mode 100644 charts/testkube/templates/pre-upgrade-sa.yaml delete mode 100644 charts/testkube/templates/pre-upgrade.yaml diff --git a/charts/testkube/templates/pre-upgrade-sa.yaml b/charts/testkube/templates/pre-upgrade-sa.yaml deleted file mode 100644 index 9a87e277d..000000000 --- a/charts/testkube/templates/pre-upgrade-sa.yaml +++ /dev/null @@ -1,60 +0,0 @@ -{{- if and .Values.preUpgradeHook.serviceAccount.create .Values.mongodb.enabled }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: "{{ .Values.preUpgradeHook.name }}" - labels: - {{- include "mongodb.labels" . | nindent 4 }} - {{- if .Values.global.labels }} - {{- include "global.tplvalues.render" ( dict "value" .Values.global.labels "context" $ ) | nindent 4 }} - {{- end }} - annotations: - "helm.sh/hook": pre-upgrade,post-upgrade - "helm.sh/hook-weight": "4" - "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation -{{- end }} - -{{- if and .Values.preUpgradeHook.serviceAccount.create .Values.mongodb.enabled }} ---- -kind: Role -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: "{{ .Values.preUpgradeHook.name }}" - labels: - {{- include "mongodb.labels" . | nindent 4 }} - {{- if .Values.global.labels }} - {{- include "global.tplvalues.render" ( dict "value" .Values.global.labels "context" $ ) | nindent 4 }} - {{- end }} - annotations: - "helm.sh/hook": pre-upgrade,post-upgrade - "helm.sh/hook-weight": "4" - "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation -rules: - - apiGroups: ["apps"] - resources: ["deployments", "deployments/scale"] - verbs: ["create","delete","get","list","patch","update","watch"] -{{- end }} - -{{- if and .Values.preUpgradeHook.serviceAccount.create .Values.mongodb.enabled }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: "{{ .Values.preUpgradeHook.name }}" - labels: - {{- include "mongodb.labels" . | nindent 4 }} - {{- if .Values.global.labels }} - {{- include "global.tplvalues.render" ( dict "value" .Values.global.labels "context" $ ) | nindent 4 }} - {{- end }} - annotations: - "helm.sh/hook": pre-upgrade,post-upgrade - "helm.sh/hook-weight": "4" - "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: "{{ .Values.preUpgradeHook.name }}" -subjects: - - kind: ServiceAccount - name: "{{ .Values.preUpgradeHook.name }}" -{{- end }} diff --git a/charts/testkube/templates/pre-upgrade.yaml b/charts/testkube/templates/pre-upgrade.yaml deleted file mode 100644 index daa40b8a7..000000000 --- a/charts/testkube/templates/pre-upgrade.yaml +++ /dev/null @@ -1,92 +0,0 @@ -{{- if and .Values.preUpgradeHook.enabled .Values.mongodb.enabled -}} -apiVersion: batch/v1 -kind: Job -metadata: - name: "{{ .Values.preUpgradeHook.name }}" - labels: - {{- include "mongodb.labels" . | nindent 4 }} - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - job-name: pre-upgrade - {{- if .Values.global.labels }} - {{- include "global.tplvalues.render" ( dict "value" .Values.global.labels "context" $ ) | nindent 4 }} - {{- end }} - annotations: - "helm.sh/hook": pre-upgrade - "helm.sh/hook-weight": "5" - "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation - {{- if .Values.global.annotations}} - {{- include "global.tplvalues.render" ( dict "value" .Values.global.annotations "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.preUpgradeHook.annotations }} - {{- include "global.tplvalues.render" ( dict "value" .Values.preUpgradeHook.annotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - {{- if .Values.preUpgradeHook.ttlSecondsAfterFinished }} - ttlSecondsAfterFinished: {{ .Values.preUpgradeHook.ttlSecondsAfterFinished }} - {{- end }} - template: - metadata: - name: "{{ .Values.preUpgradeHook.name }}" - labels: - app.kubernetes.io/component: mongodb - app.kubernetes.io/name: "{{ .Values.preUpgradeHook.name }}" - {{- if .Values.global.labels }} - {{- include "global.tplvalues.render" ( dict "value" .Values.global.labels "context" $ ) | nindent 8 }} - {{- end }} - {{- if .Values.preUpgradeHook.labels }} - {{- include "global.tplvalues.render" ( dict "value" .Values.preUpgradeHook.labels "context" $ ) | nindent 8 }} - {{- end }} - {{- if or .Values.global.annotations .Values.preUpgradeHook.podAnnotations }} - annotations: - {{- if .Values.global.annotations}} - {{- include "global.tplvalues.render" ( dict "value" .Values.global.annotations "context" $ ) | nindent 8 }} - {{- end }} - {{- if .Values.preUpgradeHook.podAnnotations }} - {{- include "global.tplvalues.render" ( dict "value" .Values.preUpgradeHook.podAnnotations "context" $ ) | nindent 8 }} - {{- end }} - {{- end }} - spec: - serviceAccountName: "{{ .Values.preUpgradeHook.name }}" - {{- include "global.images.renderPullSecrets" (dict "global" .Values.global "secretPath" .Values.preUpgradeHook.image.pullSecrets) | nindent 6 }} - containers: - - name: kubectl - image: {{ include "global.images.image" (dict "imageRoot" .Values.preUpgradeHook.image "global" .Values.global) }} - imagePullPolicy: {{ .Values.preUpgradeHook.image.pullPolicy }} - {{- if .Values.preUpgradeHook.resources }} - resources: {{- toYaml .Values.preUpgradeHook.resources | nindent 10 }} - {{- end }} - command: - - /bin/bash - - -c - - > - export current_mongodb_version=$(kubectl get deployment {{ .Release.Name }}-mongodb -o=jsonpath='{$.spec.template.metadata.labels}' -n {{ .Release.Namespace }} | awk -F'helm.sh/chart' '{print $2}' | awk -F'[^0-9]+' '{ print $2 }'); - if [ "$current_mongodb_version" -eq "12" ]; - then kubectl scale deployment {{ .Release.Name }}-mongodb --replicas=0 -n {{ .Release.Namespace }}; - else echo "MongoDB is up-to-date"; - fi - securityContext: - {{- toYaml .Values.preUpgradeHook.securityContext | nindent 10 }} - securityContext: - {{- toYaml .Values.preUpgradeHook.podSecurityContext | nindent 8 }} - restartPolicy: Never - {{- if .Values.preUpgradeHook.tolerations }} - tolerations: - {{- toYaml .Values.preUpgradeHook.tolerations | nindent 6 }} - {{- else if .Values.global.tolerations }} - tolerations: - {{- toYaml .Values.global.tolerations | nindent 6 }} - {{- end }} - {{- if .Values.preUpgradeHook.affinity }} - affinity: - {{- toYaml .Values.preUpgradeHook.affinity | nindent 8 }} - {{- else if .Values.global.affinity }} - affinity: - {{- toYaml .Values.global.affinity | nindent 8 }} - {{- end }} - {{- if .Values.preUpgradeHook.nodeSelector }} - nodeSelector: {{ toYaml .Values.preUpgradeHook.nodeSelector | nindent 8 }} - {{- end }} - {{- if .Values.global.nodeSelector }} - nodeSelector: {{ toYaml .Values.global.nodeSelector | nindent 8 }} - {{- end }} - {{- end }} diff --git a/charts/testkube/values.yaml b/charts/testkube/values.yaml index f705d6db6..176b20375 100644 --- a/charts/testkube/values.yaml +++ b/charts/testkube/values.yaml @@ -65,44 +65,6 @@ global: # imagePullSecrets: # - name: regcred -# -- MongoDB pre-upgrade parameters -preUpgradeHook: - # -- Upgrade hook is enabled - enabled: true - # -- Upgrade hook name - name: mongodb-upgrade - ## -- TTL (time to live) mechanism to limit the lifetime of Job objects that have finished execution, specified in seconds - ttlSecondsAfterFinished: 100 - ## -- Specific labels - labels: {} - ## -- Annotations to add to the upgrade Job - annotations: {} - ## -- Annotations to add to the upgrade Job's pod - podAnnotations: {} - # -- Specify image - image: - registry: docker.io - repository: bitnami/kubectl - tag: 1.28.2 - pullPolicy: IfNotPresent - pullSecrets: [] - # -- Specify resource limits and requests - resources: {} - # -- Create SA for upgrade hook - serviceAccount: - create: true - # -- Node labels for pod assignment. - nodeSelector: {} - # ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod - # -- MongoDB Upgrade Pod Security Context - podSecurityContext: {} - # ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container - # -- Security Context for MongoDB Upgrade kubectl container - securityContext: {} - # ref: https://cloud.google.com/kubernetes-engine/docs/how-to/prepare-arm-workloads-for-deployment#node-affinity-multi-arch-arm - # -- Tolerations to schedule a workload to nodes with any architecture type. Required for deployment to GKE cluster. - tolerations: [] - # MongoDB parameters # For more configuration parameters of MongoDB chart please look here: https://github.com/bitnami/charts/tree/master/bitnami/mongodb#parameters mongodb: From f90169af8dd53049ddc7d6c7c7b928254db42dfb Mon Sep 17 00:00:00 2001 From: Kubeshop <174873053+ed382@users.noreply.github.com> Date: Tue, 22 Oct 2024 20:04:47 +0200 Subject: [PATCH 3/4] fix: remove pre upgrade hook to create namespace for operator --- .../templates/pre-upgrade-sa.yaml | 48 ---------- .../templates/pre-upgrade.yaml | 96 ------------------- charts/testkube-operator/values.yaml | 37 ------- charts/testkube/values.yaml | 33 ------- 4 files changed, 214 deletions(-) delete mode 100644 charts/testkube-operator/templates/pre-upgrade-sa.yaml delete mode 100644 charts/testkube-operator/templates/pre-upgrade.yaml diff --git a/charts/testkube-operator/templates/pre-upgrade-sa.yaml b/charts/testkube-operator/templates/pre-upgrade-sa.yaml deleted file mode 100644 index cb87bb66c..000000000 --- a/charts/testkube-operator/templates/pre-upgrade-sa.yaml +++ /dev/null @@ -1,48 +0,0 @@ -{{- if .Values.preUpgrade.serviceAccount.create }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Release.Name }}-operator-pre-upgrade-sa - namespace: {{ .Release.Namespace }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade - "helm.sh/hook-weight": "3" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded -{{- end }} - -{{- if .Values.preUpgrade.serviceAccount.create }} ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ .Release.Name }}-operator-pre-upgrade-role - annotations: - "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade - "helm.sh/hook-weight": "3" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded -rules: - - apiGroups: [""] - resources: ["namespaces"] - verbs: ["create","delete","get","list","patch","update","watch"] -{{- end }} - -{{- if .Values.preUpgrade.serviceAccount.create }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ .Release.Name }}-operator-pre-upgrade-rolebinding - namespace: {{ include "testkube-operator.namespace" . }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade - "helm.sh/hook-weight": "3" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ .Release.Name }}-operator-pre-upgrade-role -subjects: - - kind: ServiceAccount - name: {{ .Release.Name }}-operator-pre-upgrade-sa - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/charts/testkube-operator/templates/pre-upgrade.yaml b/charts/testkube-operator/templates/pre-upgrade.yaml deleted file mode 100644 index 82ce80d8c..000000000 --- a/charts/testkube-operator/templates/pre-upgrade.yaml +++ /dev/null @@ -1,96 +0,0 @@ -{{- if .Values.preUpgrade.enabled -}} -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ .Release.Name }}-operator-pre-upgrade - labels: - {{- if .Values.preUpgrade.labels }} - {{- include "global.tplvalues.render" ( dict "value" .Values.preUpgrade.labels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.global.labels }} - {{- include "global.tplvalues.render" ( dict "value" .Values.global.labels "context" $ ) | nindent 4 }} - {{- end }} - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - job-name: {{ .Release.Name }}-operator-pre-upgrade - annotations: - {{- if .Values.preUpgrade.annotations }} - {{- include "global.tplvalues.render" ( dict "value" .Values.preUpgrade.annotations "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.global.annotations }} - {{- include "global.tplvalues.render" ( dict "value" .Values.global.annotations "context" $ ) | nindent 4 }} - {{- end }} - "helm.sh/hook": pre-upgrade, pre-install - "helm.sh/hook-weight": "4" - "helm.sh/hook-delete-policy": before-hook-creation, hook-succeeded -spec: - {{- if .Values.preUpgrade.ttlSecondsAfterFinished }} - ttlSecondsAfterFinished: {{ .Values.preUpgrade.ttlSecondsAfterFinished }} - {{- end }} - template: - metadata: - name: {{ .Release.Name }}-operator-pre-upgrade - labels: - {{- if .Values.preUpgrade.labels }} - {{- include "global.tplvalues.render" ( dict "value" .Values.preUpgrade.labels "context" $ ) | nindent 8 }} - {{- end }} - {{- if .Values.global.labels }} - {{- include "global.tplvalues.render" ( dict "value" .Values.global.labels "context" $ ) | nindent 8 }} - {{- end }} - app.kubernetes.io/component: testkube-operator - app.kubernetes.io/name: {{ .Release.Name }}-operator-pre-upgrade - annotations: - {{- if .Values.preUpgrade.podAnnotations }} - {{- include "global.tplvalues.render" ( dict "value" .Values.preUpgrade.podAnnotations "context" $ ) | nindent 8 }} - {{- end }} - {{- if .Values.global.annotations }} - {{- include "global.tplvalues.render" ( dict "value" .Values.global.annotations "context" $ ) | nindent 8 }} - {{- end }} - spec: - serviceAccountName: {{ .Release.Name }}-operator-pre-upgrade-sa - {{- include "global.images.renderPullSecrets" (dict "global" .Values.global "secretPath" .Values.preUpgrade.image.pullSecrets) | nindent 6 }} - containers: - - name: kubectl - image: {{ include "global.images.image" (dict "imageRoot" .Values.preUpgrade.image "global" .Values.global) }} - imagePullPolicy: {{ .Values.preUpgrade.image.pullPolicy }} - {{- if .Values.preUpgrade.resources }} - resources: {{- toYaml .Values.preUpgrade.resources | nindent 10 }} - {{- end }} - command: - - /bin/bash - - -c - - > - NAMESPACE={{ include "testkube-operator.namespace" . }} - echo "Checking if namespace ${NAMESPACE} exists" - if kubectl get namespaces ${NAMESPACE} - then echo "Namespace already exists"; - else - echo "creating namespace ${NAMESPACE}" - kubectl create namespace ${NAMESPACE}; - fi - securityContext: - {{- toYaml .Values.preUpgrade.securityContext | nindent 10 }} - securityContext: - {{- toYaml .Values.preUpgrade.podSecurityContext | nindent 8 }} - restartPolicy: Never - {{- if .Values.preUpgrade.affinity }} - affinity: - {{- toYaml .Values.preUpgrade.affinity | nindent 8 }} - {{- else if .Values.global.affinity }} - affinity: - {{- toYaml .Values.global.affinity | nindent 8 }} - {{- end }} - {{- if .Values.preUpgrade.tolerations }} - tolerations: - {{- toYaml .Values.preUpgrade.tolerations | nindent 6 }} - {{- else if .Values.global.tolerations }} - tolerations: - {{- toYaml .Values.global.tolerations | nindent 6 }} - {{- end }} - {{- if .Values.preUpgrade.nodeSelector }} - nodeSelector: - {{- toYaml .Values.preUpgrade.nodeSelector | nindent 8 }} - {{- else if .Values.global.nodeSelector }} - nodeSelector: - {{- toYaml .Values.global.nodeSelector | nindent 8 }} - {{- end }} -{{- end }} diff --git a/charts/testkube-operator/values.yaml b/charts/testkube-operator/values.yaml index 330d0fd7d..ed84c4b28 100644 --- a/charts/testkube-operator/values.yaml +++ b/charts/testkube-operator/values.yaml @@ -310,43 +310,6 @@ priorityClassName: "" testConnection: enabled: false -preUpgrade: - # -- Upgrade hook is enabled - enabled: true - # -- Specify image parameters - image: - registry: docker.io - repository: bitnami/kubectl - tag: 1.28.2 - pullPolicy: IfNotPresent - pullSecrets: [] - # -- Specify resource limits and requests - resources: {} - # -- Create SA for upgrade hook - serviceAccount: - create: true - # ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod - # -- Upgrade Pod Security Context - podSecurityContext: {} - # ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container - # -- Security Context for Upgrade kubectl container - securityContext: {} - ## -- Specific labels - labels: {} - ## -- Annotations to add to the upgrade Job - annotations: {} - ## -- Annotations to add to the upgrade Job's Pod - podAnnotations: {} - # ref: https://cloud.google.com/kubernetes-engine/docs/how-to/prepare-arm-workloads-for-deployment#node-affinity-multi-arch-arm - # -- Tolerations to schedule a workload to nodes with any architecture type. Required for deployment to GKE cluster. - tolerations: - - key: kubernetes.io/arch - operator: Equal - value: arm64 - effect: NoSchedule - ## Node labels for Testkube Logs pod assignment. - nodeSelector: {} - ## Affinity for pre-upgrade job ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity ## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set diff --git a/charts/testkube/values.yaml b/charts/testkube/values.yaml index 176b20375..bb93b3ab0 100644 --- a/charts/testkube/values.yaml +++ b/charts/testkube/values.yaml @@ -1123,36 +1123,3 @@ testkube-operator: # ref: https://cloud.google.com/kubernetes-engine/docs/how-to/prepare-arm-workloads-for-deployment#node-affinity-multi-arch-arm # -- Tolerations to schedule a workload to nodes with any architecture type. Required for deployment to GKE cluster. tolerations: [] - - preUpgrade: - # -- Upgrade hook is enabled - enabled: true - ## -- TTL (time to live) mechanism to limit the lifetime of Job objects that have finished execution, specified in seconds - ttlSecondsAfterFinished: 100 - # -- Specify image - image: - registry: docker.io - repository: bitnami/kubectl - tag: 1.28.2 - pullPolicy: IfNotPresent - pullSecrets: [] - # -- Specify resource limits and requests - resources: {} - # -- Create SA for upgrade hook - serviceAccount: - create: true - # ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod - # -- Upgrade Pod Security Context - podSecurityContext: {} - # ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container - # -- Security Context for Upgrade kubectl container - securityContext: {} - ## -- Specific labels - labels: {} - ## -- Annotations to add to the upgrade Job - annotations: {} - ## -- Annotations to add to the upgrade Job's Pod - podAnnotations: {} - # ref: https://cloud.google.com/kubernetes-engine/docs/how-to/prepare-arm-workloads-for-deployment#node-affinity-multi-arch-arm - # -- Tolerations to schedule a workload to nodes with any architecture type. Required for deployment to GKE cluster. - tolerations: [] From ccb177aadb2d0bdc4a1dbe93915dda6fef146c87 Mon Sep 17 00:00:00 2001 From: Kubeshop <174873053+ed382@users.noreply.github.com> Date: Tue, 22 Oct 2024 21:03:49 +0200 Subject: [PATCH 4/4] feat: update rbac proxy image. The tag we were using had 5 critical vulnerabilities and: > Images provided under gcr.io/kubebuilder/ will be unavailable from March 18, 2025. https://book.kubebuilder.io/reference/metrics --- charts/testkube-operator/values.yaml | 21 ++++++++++----------- charts/testkube/values-demo.yaml | 13 ------------- charts/testkube/values-develop.yaml | 13 ------------- charts/testkube/values-stage.yaml | 12 ------------ charts/testkube/values.yaml | 6 +++--- 5 files changed, 13 insertions(+), 52 deletions(-) diff --git a/charts/testkube-operator/values.yaml b/charts/testkube-operator/values.yaml index ed84c4b28..55fee0a63 100644 --- a/charts/testkube-operator/values.yaml +++ b/charts/testkube-operator/values.yaml @@ -63,20 +63,19 @@ image: args: - --logtostderr=true -##Proxy Image parameters -## image.registry Proxy image registry -## image.repository Proxy image name -## image.tag Proxy image tag -## image.pullPolicy Proxy Image pull policy -## image.pullSecret Proxy Image pull k8s secret name for private registries +# Proxy settings proxy: + # Proxy Image parameters image: - registry: gcr.io - repository: kubebuilder/kube-rbac-proxy - tag: "v0.15.0" - pullPolicy: IfNotPresent + # -- Testkube Operator rbac-proxy image registry + registry: quay.io + # -- Testkube Operator rbac-proxy image repository + repository: brancz/kube-rbac-proxy + # -- Testkube Operator rbac-proxy image tag + tag: "v0.18.1" + # -- Testkube Operator rbac-proxy k8s secret for private registries pullSecrets: [] - ## Resources limits and requests for kube-rbac-proxy container + # -- Testkube Operator rbac-proxy resource settings resources: {} ## Testkube API full name diff --git a/charts/testkube/values-demo.yaml b/charts/testkube/values-demo.yaml index 703047adc..c595856a5 100644 --- a/charts/testkube/values-demo.yaml +++ b/charts/testkube/values-demo.yaml @@ -380,19 +380,6 @@ testkube-operator: installCRD: true priorityClassName: "highest-priority" - ##Proxy Image parameters - ## image.registry Proxy image registry - ## image.repository Proxy image name - ## image.tag Proxy image tag - ## image.pullPolicy Proxy Image pull policy - proxy: - image: - registry: gcr.io - repository: kubebuilder/kube-rbac-proxy - tag: "v0.8.0" - ## Proxy Container Port - containerPort: 8443 - resources: requests: memory: "200Mi" diff --git a/charts/testkube/values-develop.yaml b/charts/testkube/values-develop.yaml index c17491887..6c28dfb19 100644 --- a/charts/testkube/values-develop.yaml +++ b/charts/testkube/values-develop.yaml @@ -324,19 +324,6 @@ testkube-logs: nodeSelector: {} testkube-operator: priorityClassName: "highest-priority" - ##Proxy Image parameters - ## image.registry Proxy image registry - ## image.repository Proxy image name - ## image.tag Proxy image tag - ## image.pullPolicy Proxy Image pull policy - proxy: - image: - registry: gcr.io - repository: kubebuilder/kube-rbac-proxy - tag: "v0.8.0" - ## Proxy Container Port - containerPort: 8443 - useArgoCDSync: true purgeExecutions: false diff --git a/charts/testkube/values-stage.yaml b/charts/testkube/values-stage.yaml index 4d36b5f99..2854c417b 100644 --- a/charts/testkube/values-stage.yaml +++ b/charts/testkube/values-stage.yaml @@ -320,18 +320,6 @@ testkube-api: testkube-operator: priorityClassName: "highest-priority" - ##Proxy Image parameters - ## image.registry Proxy image registry - ## image.repository Proxy image name - ## image.tag Proxy image tag - ## image.pullPolicy Proxy Image pull policy - proxy: - image: - registry: gcr.io - repository: kubebuilder/kube-rbac-proxy - tag: "v0.8.0" - ## Proxy Container Port - containerPort: 8443 resources: {} # requests: diff --git a/charts/testkube/values.yaml b/charts/testkube/values.yaml index bb93b3ab0..0c0e6b5fa 100644 --- a/charts/testkube/values.yaml +++ b/charts/testkube/values.yaml @@ -909,11 +909,11 @@ testkube-operator: # Proxy Image parameters image: # -- Testkube Operator rbac-proxy image registry - registry: gcr.io + registry: quay.io # -- Testkube Operator rbac-proxy image repository - repository: kubebuilder/kube-rbac-proxy + repository: brancz/kube-rbac-proxy # -- Testkube Operator rbac-proxy image tag - tag: "v0.8.0" + tag: "v0.18.1" # -- Testkube Operator rbac-proxy k8s secret for private registries pullSecrets: [] # -- Testkube Operator rbac-proxy resource settings