Merge pull request #2647 from zalando-incubator/beta-to-stable

beta to stable

cluster/config-defaults.yaml

@@ -13,6 +13,9 @@ autoscaling_buffer_pods: "0"
 cluster_autoscaler_cpu: "100m"
 cluster_autoscaler_memory: "300Mi"
 
+# Temporarily moved to a config item so we could test the new version
+cluster_autoscaler_version: "v1.12.2-internal.4"
+
 # ALB config created by kube-aws-ingress-controller
 kube_aws_ingress_controller_ssl_policy: "ELBSecurityPolicy-TLS-1-2-2017-01"
 kube_aws_ingress_controller_idle_timeout: "1m"
@@ -127,7 +130,7 @@ zmon_worker_cpu: "750m"
 zmon_worker_count: "16"
 {{end}}
 zmon_scalyr_region: "eu"
-zmon_worker_version: "v209-py2eol-2-gcd9ec1c-v251-py2eol"
+zmon_worker_version: "v209-py2eol-11-g0a79b03-v251-py2eol"
 logging_watcher_mem: "200Mi"
 logging_scalyr_mem: "175Mi"
 logging_slo_heartbeat_mem: "25Mi"
@@ -251,6 +254,10 @@ audit_pod_events: "true"
 # https://kubernetes.io/docs/tasks/access-kubernetes-api/custom-resources/custom-resource-definition-versioning/#webhook-conversion
 custom_resource_webhook_conversion: "false"
 
+# Feature toggle for CustomResourcePublishOpenAPI (alpha in v1.14)
+# https://kubernetes.io/docs/tasks/access-kubernetes-api/custom-resources/custom-resource-definitions/#publish-validation-schema-in-openapi-v2
+custom_resource_publish_openapi: "false"
+
 # CIDR configuration for nodes and pods
 # Changing this will change the number of nodes and pods we can schedule in the
 # cluster

cluster/manifests/admission-control/daemonset.yaml

@@ -30,7 +30,7 @@ spec:
         effect: NoSchedule
       containers:
       - name: cluster-autoscaler
-        image: registry.opensource.zalan.do/teapot/admission-controller:master-35
+        image: registry.opensource.zalan.do/teapot/admission-controller:master-37
         command:
           - /registry-proxy
           - --address=127.0.0.1:8285

cluster/manifests/admission-control/teapot.yaml

@@ -107,3 +107,13 @@ webhooks:
         apiGroups: ["apiextensions.k8s.io"]
         apiVersions: ["v1", "v1beta1"]
         resources: ["customresourcedefinitions"]
+  - name: ingress-admitter.teapot.zalan.do
+    clientConfig:
+      url: "https://localhost:8085/ingress"
+      caBundle: "{{ .ConfigItems.ca_cert_decompressed }}"
+    failurePolicy: Fail
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: ["extensions", "networking.k8s.io"]
+        apiVersions: ["v1beta1"]
+        resources: ["ingresses"]

cluster/manifests/deletions.yaml

@@ -4,10 +4,7 @@ pre_apply: []
 # everything defined under here will be deleted after applying the manifests
 post_apply:
 - name: compute-resources
-  namespace: default
-  kind: ResourceQuota
-- name: compute-resources
-  namespace: kube-system
+  namespace: visibility
   kind: ResourceQuota
 {{ if eq .ConfigItems.teapot_admission_controller_process_resources "true" }}
 - name: limits

cluster/manifests/kube-cluster-autoscaler/daemonset.yaml

@@ -5,7 +5,7 @@ metadata:
   namespace: kube-system
   labels:
     application: kube-cluster-autoscaler
-    version: v1.12.2-internal.4
+    version: {{.Cluster.ConfigItems.cluster_autoscaler_version}}
 spec:
   selector:
     matchLabels:
@@ -16,7 +16,7 @@ spec:
     metadata:
       labels:
         application: kube-cluster-autoscaler
-        version: v1.12.2-internal.4
+        version: {{.Cluster.ConfigItems.cluster_autoscaler_version}}
       annotations:
         iam.amazonaws.com/role: "{{ .LocalID }}-app-autoscaler"
         config/pool-sizes: "{{range .NodePools}}{{.Name}}-{{.MinSize}}-{{.MaxSize}} {{end}}"
@@ -33,7 +33,7 @@ spec:
         effect: NoSchedule
       containers:
       - name: cluster-autoscaler
-        image: registry.opensource.zalan.do/teapot/kube-cluster-autoscaler:v1.12.2-internal.4
+        image: registry.opensource.zalan.do/teapot/kube-cluster-autoscaler:{{.Cluster.ConfigItems.cluster_autoscaler_version}}
         command:
           - ./cluster-autoscaler
           - --v=4

cluster/manifests/kube-metrics-adapter/deployment.yaml

@@ -27,7 +27,7 @@ spec:
       serviceAccountName: custom-metrics-apiserver
       containers:
       - name: kube-metrics-adapter
-        image: registry.opensource.zalan.do/teapot/kube-metrics-adapter:v0.0.3
+        image: registry.opensource.zalan.do/teapot/kube-metrics-adapter:v0.0.4
         {{ if eq .ConfigItems.kube_aws_iam_controller_kube_system_enable "true"}}
         env:
         # must be set for the AWS SDK/AWS CLI to find the credentials file.

cluster/manifests/metrics-server/deployment.yaml

@@ -5,7 +5,7 @@ metadata:
   namespace: kube-system
   labels:
     application: metrics-server
-    version: v0.3.5
+    version: v0.3.6
 spec:
   replicas: 1
   selector:
@@ -16,7 +16,7 @@ spec:
       name: metrics-server
       labels:
         application: metrics-server
-        version: v0.3.5
+        version: v0.3.6
     spec:
       dnsConfig:
         options:
@@ -26,7 +26,7 @@ spec:
       serviceAccountName: metrics-server
       containers:
       - name: metrics-server
-        image: registry.opensource.zalan.do/teapot/metrics-server:v0.3.5
+        image: registry.opensource.zalan.do/teapot/metrics-server:v0.3.6
         resources:
           limits:
             cpu: "{{.ConfigItems.metrics_service_cpu}}"

cluster/manifests/skipper/deployment.yaml

@@ -5,7 +5,7 @@ metadata:
   namespace: kube-system
   labels:
     application: skipper-ingress
-    version: v0.10.295
+    version: v0.11.1
     component: ingress
 spec:
   strategy:
@@ -18,7 +18,7 @@ spec:
     metadata:
       labels:
         application: skipper-ingress
-        version: v0.10.295
+        version: v0.11.1
         component: ingress
       annotations:
         kubernetes-log-watcher/scalyr-parser: |
@@ -43,7 +43,7 @@ spec:
       hostNetwork: true
       containers:
       - name: skipper-ingress
-        image: registry.opensource.zalan.do/pathfinder/skipper:v0.10.295
+        image: registry.opensource.zalan.do/pathfinder/skipper:v0.11.1
         ports:
         - name: ingress-port
           containerPort: 9999

cluster/manifests/zmon-scheduler/deployment.yaml

@@ -5,7 +5,7 @@ metadata:
   namespace: visibility
   labels:
     application: zmon-scheduler
-    version: "v46-51-g0a0ad78-0.1.6-master-88"
+    version: "v46-55-gd1b34bc-0.1.6-master-92"
 spec:
   replicas: {{.ConfigItems.zmon_scheduler_replicas}}
   selector:
@@ -15,7 +15,7 @@ spec:
     metadata:
       labels:
         application: zmon-scheduler
-        version: "v46-51-g0a0ad78-0.1.6-master-88"
+        version: "v46-55-gd1b34bc-0.1.6-master-92"
       annotations:
         iam.amazonaws.com/role: "{{ .LocalID }}-app-zmon"
     spec:
@@ -47,7 +47,7 @@ spec:
 
       containers:
         - name: zmon-scheduler
-          image: "pierone.stups.zalan.do/zmon/zmon-scheduler:v46-51-g0a0ad78-0.1.6-master-88"
+          image: "pierone.stups.zalan.do/zmon/zmon-scheduler:v46-55-gd1b34bc-0.1.6-master-92"
           resources:
             limits:
               cpu: 1000m

cluster/manifests/zmon-worker/deployment.yaml

@@ -66,7 +66,7 @@ spec:
             periodSeconds: 60
 
           env:
-            - name: WORKER_SCALYR_REGION
+            - name: WORKER_PLUGIN_SCALYR_SCALYR_REGION
               value: {{.ConfigItems.zmon_scalyr_region}}
             - name: WORKER_ZMON_QUEUES
               value: zmon:queue:default/{{.ConfigItems.zmon_worker_count}}

cluster/node-pools/master-default/userdata.yaml

@@ -120,7 +120,7 @@ write_files:
           - --authorization-mode=Webhook,RBAC
           - --authorization-webhook-config-file=/etc/kubernetes/config/authz.yaml
           - --admission-control-config-file=/etc/kubernetes/config/image-policy-webhook.yaml
-          - --feature-gates=TaintNodesByCondition={{.Cluster.ConfigItems.experimental_schedule_daemonset_pods}},ScheduleDaemonSetPods={{.Cluster.ConfigItems.experimental_schedule_daemonset_pods}},TTLAfterFinished=true,CustomResourceWebhookConversion={{.Cluster.ConfigItems.custom_resource_webhook_conversion}}
+          - --feature-gates=TaintNodesByCondition={{.Cluster.ConfigItems.experimental_schedule_daemonset_pods}},ScheduleDaemonSetPods={{.Cluster.ConfigItems.experimental_schedule_daemonset_pods}},TTLAfterFinished=true,CustomResourceWebhookConversion={{.Cluster.ConfigItems.custom_resource_webhook_conversion}},CustomResourcePublishOpenAPI={{.Cluster.ConfigItems.custom_resource_publish_openapi}}
           - --anonymous-auth=false
           {{ if or (eq .Cluster.Environment "production") (index .Cluster.ConfigItems "audittrail_url") }}
           - --audit-webhook-config-file=/etc/kubernetes/config/audit.yaml
@@ -172,7 +172,7 @@ write_files:
             requests:
               cpu: 100m
               memory: 200Mi
-        - image: registry.opensource.zalan.do/teapot/admission-controller:master-35
+        - image: registry.opensource.zalan.do/teapot/admission-controller:master-37
           name: admission-controller
           readinessProbe:
             httpGet:
@@ -346,6 +346,7 @@ write_files:
           args:
           - skipper
           - -address=:9023
+          - -support-listener=:9913
           - -inline-routes
           - |
             health: Path("/healthz") -> inlineContent("ok") -> <shunt>;
@@ -398,6 +399,7 @@ write_files:
           args:
           - skipper
           - -address=:8443
+          - -support-listener=:9911
           - -tls-cert=/etc/kubernetes/ssl/apiserver.pem
           - -tls-key=/etc/kubernetes/ssl/apiserver-key.pem
           - -insecure