Skip to content

Commit

Permalink
Update to Kubernetes v1.16
Browse files Browse the repository at this point in the history 
Signed-off-by: Mikkel Oscar Lyderik Larsen <[email protected]>
  • Loading branch information
@mikkeloscar
mikkeloscar committed Dec 19, 2019
1 parent bb9b680 commit 8f6c276
Show file tree
Hide file tree
Showing 24 changed files with 509 additions and 212 deletions.
13 changes: 4 additions & 9 deletions cluster/config-defaults.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -243,8 +243,8 @@ dynamodb_service_link_enabled: "false"
cluster_dns: "coredns"
coredns_log_svc_names: "true"

kuberuntu_image_v1_14: {{ amiID "zalando-ubuntu-kubernetes-production-v1.14.8-master-77" "861068367966" }}
kuberuntu_image_v1_15: {{ amiID "zalando-ubuntu-kubernetes-production-v1.15.6-master-81" "861068367966" }}
kuberuntu_image_v1_16: {{ amiID "zalando-ubuntu-kubernetes-production-v1.16.4-master-84" "861068367966" }}

# Feature toggle to allow gradual decommissioning of ingress-template-controller
enable_ingress_template_controller: "false"
Expand All @@ -265,14 +265,6 @@ audittrail_url: ""
{{end}}
audittrail_root_account_role: ""

# Feature toggle for CustomResourceWebhookConversion (alpha in v1.13)
# https://kubernetes.io/docs/tasks/access-kubernetes-api/custom-resources/custom-resource-definition-versioning/#webhook-conversion
custom_resource_webhook_conversion: "false"

# Feature toggle for CustomResourcePublishOpenAPI (alpha in v1.14)
# https://kubernetes.io/docs/tasks/access-kubernetes-api/custom-resources/custom-resource-definitions/#publish-validation-schema-in-openapi-v2
custom_resource_publish_openapi: "false"

# CIDR configuration for nodes and pods
# Changing this will change the number of nodes and pods we can schedule in the
# cluster: https://cloud.google.com/kubernetes-engine/docs/how-to/flexible-pod-cidr
Expand Down Expand Up @@ -309,3 +301,6 @@ custom_dns_zone_nameservers: "" # space seperated list of nameserver IP addresse

# prefix prepended to ownership TXT records for external-dns
external_dns_ownership_prefix: ""

# Enable FeatureGate EndpointSlice
enable_endpointslice: "false"
129 changes: 66 additions & 63 deletions cluster/manifests/01-platformcredentialsset/customresourcedefinition.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,13 +1,12 @@
# A specification to declare needed OAuth credentials (tokens, clients) for the
# Zalando Platform IAM system
apiVersion: apiextensions.k8s.io/v1beta1
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: platformcredentialssets.zalando.org
spec:
scope: Namespaced
group: zalando.org
version: v1
names:
kind: PlatformCredentialsSet
plural: platformcredentialssets
Expand All @@ -16,66 +15,70 @@ spec:
- pcs
categories:
- all
additionalPrinterColumns:
- JSONPath: .spec.application
description: ID of application registered in application registry
name: Application
type: string
- JSONPath: .status.processingStatus
description: Processing status reported by Credentials Provider
name: Status
type: string
- JSONPath: .metadata.creationTimestamp
description: Age of the PlatformCredentialsSet
name: Age
type: date
validation:
openAPIV3Schema:
required:
- spec
properties:
spec:
required:
- application
properties:
application:
type: string
pattern: "^[a-z][a-z0-9-]*[a-z0-9]$"
clients:
type: object
additionalProperties:
versions:
- name: v1
served: true
storage: true
additionalPrinterColumns:
- jsonPath: .spec.application
description: ID of application registered in application registry
name: Application
type: string
- jsonPath: .status.processingStatus
description: Processing status reported by Credentials Provider
name: Status
type: string
- jsonPath: .metadata.creationTimestamp
description: Age of the PlatformCredentialsSet
name: Age
type: date
schema:
openAPIV3Schema:
required:
- spec
properties:
spec:
required:
- application
properties:
application:
type: string
pattern: "^[a-z][a-z0-9-]*[a-z0-9]$"
clients:
type: object
properties:
realm:
type: string
enum:
- customers
- users
- services
grant:
type: string
enum:
- authorization-code
- implicit
- resource-owner-password-credentials
- client-credentials
redirectUri:
type: string
tokens:
type: object
additionalProperties:
type: object
nullable: true
properties:
privileges:
type: array
nullable: true
items:
additionalProperties:
type: object
properties:
realm:
type: string
enum:
- customers
- users
- services
grant:
type: string
token_version:
type: string
enum:
- v1
- v2
subresources:
status: {}
enum:
- authorization-code
- implicit
- resource-owner-password-credentials
- client-credentials
redirectUri:
type: string
tokens:
type: object
additionalProperties:
type: object
nullable: true
properties:
privileges:
type: array
nullable: true
items:
type: string
token_version:
type: string
enum:
- v1
- v2
subresources:
status: {}
57 changes: 36 additions & 21 deletions cluster/manifests/01-vertical-pod-autoscaler/01-crd.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
---
apiVersion: apiextensions.k8s.io/v1beta1
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: verticalpodautoscalers.autoscaling.k8s.io
Expand All @@ -14,33 +14,49 @@ spec:
kind: VerticalPodAutoscaler
shortNames:
- vpa
version: v1beta1
versions:
- name: v1beta1
served: true
storage: false
schema:
# openAPIV3Schema is the schema for validating custom objects.
openAPIV3Schema:
properties:
spec:
required: []
properties:
targetRef:
type: object
updatePolicy:
properties:
updateMode:
type: string
resourcePolicy:
properties:
containerPolicies:
type: array
- name: v1beta2
served: true
storage: true
validation:
# openAPIV3Schema is the schema for validating custom objects.
openAPIV3Schema:
properties:
spec:
required: []
properties:
targetRef:
type: object
updatePolicy:
properties:
updateMode:
type: string
resourcePolicy:
properties:
containerPolicies:
type: array
schema:
# openAPIV3Schema is the schema for validating custom objects.
openAPIV3Schema:
properties:
spec:
required: []
properties:
targetRef:
type: object
updatePolicy:
properties:
updateMode:
type: string
resourcePolicy:
properties:
containerPolicies:
type: array
---
apiVersion: apiextensions.k8s.io/v1beta1
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: verticalpodautoscalercheckpoints.autoscaling.k8s.io
Expand All @@ -55,7 +71,6 @@ spec:
kind: VerticalPodAutoscalerCheckpoint
shortNames:
- vpacheckpoint
version: v1beta1
versions:
- name: v1beta1
served: true
Expand Down
91 changes: 47 additions & 44 deletions cluster/manifests/02-kube-aws-iam-controller/crd.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,56 +1,59 @@
apiVersion: apiextensions.k8s.io/v1beta1
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: awsiamroles.zalando.org
spec:
group: zalando.org
version: v1
scope: Namespaced
names:
kind: AWSIAMRole
singular: awsiamrole
plural: awsiamroles
categories:
- all
additionalPrinterColumns:
- name: RoleARN
type: string
description: Full RoleARN
JSONPath: .status.roleARN
- name: Expiration
type: string
description: Expiration time of the current credentials provisioned for the role
JSONPath: .status.expiration
subresources:
# status enables the status subresource.
status: {}
# validation depends on Kubernetes >= v1.11.0
validation:
openAPIV3Schema:
properties:
spec:
properties:
roleReference:
description: |
Reference to an AWS IAM role which can either be a role name
or a full IAM role ARN.
type: string
minLength: 3
roleSessionDuration:
description: |
Specify the role session duration in seconds. Defaults to 3600
seconds (1 hour). This value must be less than or equal to the
`MaxSessionDuration` value of the IAM role.
type: integer
minimum: 900 # 15 minutes
maximum: 43200 # 12 hours
status:
properties:
observedGeneration:
type: integer
roleARN:
type: string
expiration:
type: string
required:
- spec
versions:
- name: v1
served: true
storage: true
additionalPrinterColumns:
- name: RoleARN
type: string
description: Full RoleARN
jsonPath: .status.roleARN
- name: Expiration
type: string
description: Expiration time of the current credentials provisioned for the role
jsonPath: .status.expiration
subresources:
# status enables the status subresource.
status: {}
# validation depends on Kubernetes >= v1.11.0
schema:
openAPIV3Schema:
properties:
spec:
properties:
roleReference:
description: |
Reference to an AWS IAM role which can either be a role name
or a full IAM role ARN.
type: string
minLength: 3
roleSessionDuration:
description: |
Specify the role session duration in seconds. Defaults to 3600
seconds (1 hour). This value must be less than or equal to the
`MaxSessionDuration` value of the IAM role.
type: integer
minimum: 900 # 15 minutes
maximum: 43200 # 12 hours
status:
properties:
observedGeneration:
type: integer
roleARN:
type: string
expiration:
type: string
required:
- spec
2 changes: 0 additions & 2 deletions cluster/manifests/02-kube-aws-iam-controller/deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,8 +36,6 @@ spec:
cpu: "{{.ConfigItems.kube_aws_iam_controller_cpu}}"
memory: "{{.ConfigItems.kube_aws_iam_controller_mem}}"
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
- key: node.kubernetes.io/role
value: master
effect: NoSchedule
Expand Down
4 changes: 1 addition & 3 deletions cluster/manifests/admission-control/daemonset.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,14 +26,12 @@ spec:
dnsPolicy: Default
hostNetwork: true
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
- key: node.kubernetes.io/role
value: master
effect: NoSchedule
containers:
- name: cluster-autoscaler
image: registry.opensource.zalan.do/teapot/admission-controller:master-45
image: registry.opensource.zalan.do/teapot/admission-controller:master-50
command:
- /registry-proxy
- --address=127.0.0.1:8285
Expand Down
Loading

0 comments on commit 8f6c276

Please sign in to comment.