From 6ee072b6d66cf5fe8a838c5d77569231149af4a6 Mon Sep 17 00:00:00 2001 From: Katyanna Moura Date: Mon, 13 May 2024 10:20:03 +0200 Subject: [PATCH 1/7] Update components to v1.29.4 Components updated: - kube-aws-controller - event-logger - k8s-auth-webhook Signed-off-by: Katyanna Moura --- cluster/manifests/02-kube-aws-iam-controller/deployment.yaml | 2 +- cluster/manifests/event-logger/statefulset.yaml | 2 +- cluster/manifests/ingress-controller/deployment.yaml | 2 +- cluster/node-pools/master-default/userdata.yaml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/cluster/manifests/02-kube-aws-iam-controller/deployment.yaml b/cluster/manifests/02-kube-aws-iam-controller/deployment.yaml index cca497ec05..2a66b0134c 100644 --- a/cluster/manifests/02-kube-aws-iam-controller/deployment.yaml +++ b/cluster/manifests/02-kube-aws-iam-controller/deployment.yaml @@ -27,7 +27,7 @@ spec: hostNetwork: true containers: - name: kube-aws-iam-controller - image: container-registry.zalando.net/teapot/kube-aws-iam-controller:v0.3.0-2-g5f9bcc0 + image: container-registry.zalando.net/teapot/kube-aws-iam-controller:v0.3.0-4-g21debb6 args: - --debug - "--assume-role={{.Cluster.LocalID}}-worker" diff --git a/cluster/manifests/event-logger/statefulset.yaml b/cluster/manifests/event-logger/statefulset.yaml index c29c387e85..2171f1be29 100644 --- a/cluster/manifests/event-logger/statefulset.yaml +++ b/cluster/manifests/event-logger/statefulset.yaml @@ -30,7 +30,7 @@ spec: serviceAccountName: kubernetes-event-logger containers: - name: logger - image: container-registry.zalando.net/teapot/event-logger:master-12 + image: container-registry.zalando.net/teapot/event-logger:master-13 args: - --snapshot-namespace=kube-system - --snapshot-name=kubernetes-event-logger diff --git a/cluster/manifests/ingress-controller/deployment.yaml b/cluster/manifests/ingress-controller/deployment.yaml index e23b8c544e..770dc77aca 100644 --- a/cluster/manifests/ingress-controller/deployment.yaml +++ b/cluster/manifests/ingress-controller/deployment.yaml @@ -1,4 +1,4 @@ -# {{ $version := "v0.15.15" }} +# {{ $version := "v0.15.16" }} apiVersion: apps/v1 kind: Deployment diff --git a/cluster/node-pools/master-default/userdata.yaml b/cluster/node-pools/master-default/userdata.yaml index 81dccc59d7..514cbb0ea3 100644 --- a/cluster/node-pools/master-default/userdata.yaml +++ b/cluster/node-pools/master-default/userdata.yaml @@ -271,7 +271,7 @@ write_files: - mountPath: /etc/kubernetes/ssl name: ssl-certs-kubernetes readOnly: true - - image: 926694233939.dkr.ecr.eu-central-1.amazonaws.com/production_namespace/teapot/k8s-authnz-webhook:master-132 + - image: 926694233939.dkr.ecr.eu-central-1.amazonaws.com/production_namespace/teapot/k8s-authnz-webhook:master-133 name: webhook ports: - containerPort: 8081 From ad97f7609bee54e9301ccca7f1009e56fb497732 Mon Sep 17 00:00:00 2001 From: Roman Zavodskikh Date: Mon, 13 May 2024 10:56:39 +0200 Subject: [PATCH 2/7] Update skipper version, step 1/2 Signed-off-by: Roman Zavodskikh --- cluster/manifests/skipper/deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster/manifests/skipper/deployment.yaml b/cluster/manifests/skipper/deployment.yaml index 927638ae43..b9510e327b 100644 --- a/cluster/manifests/skipper/deployment.yaml +++ b/cluster/manifests/skipper/deployment.yaml @@ -1,5 +1,5 @@ {{ $internal_version := "v0.21.86-915" }} -{{ $canary_internal_version := "v0.21.86-915" }} +{{ $canary_internal_version := "v0.21.91-921" }} {{/* Optional canary arguments separated by "[cf724afc]" to allow whitespaces, e.g. "-foo=has a whitespace[cf724afc]-baz=qux" */}} {{ $canary_args := "" }} From 81b14a6fb90b84ad8c7b4a5da5808f89cef2719d Mon Sep 17 00:00:00 2001 From: Mahmoud Gaballah Date: Mon, 13 May 2024 12:03:58 +0200 Subject: [PATCH 3/7] chore(deps): update kubernetes-lifecycle-metrics, kube-node-ready-controller --- cluster/manifests/kube-node-ready-controller/daemonset.yaml | 2 +- cluster/manifests/kubernetes-lifecycle-metrics/deployment.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/cluster/manifests/kube-node-ready-controller/daemonset.yaml b/cluster/manifests/kube-node-ready-controller/daemonset.yaml index 7da30f91d3..1b8d82e60b 100644 --- a/cluster/manifests/kube-node-ready-controller/daemonset.yaml +++ b/cluster/manifests/kube-node-ready-controller/daemonset.yaml @@ -36,7 +36,7 @@ spec: effect: NoSchedule containers: - name: controller - image: container-registry.zalando.net/teapot/kube-node-ready-controller:master-24 + image: container-registry.zalando.net/teapot/kube-node-ready-controller:master-25 resources: requests: cpu: {{.Cluster.ConfigItems.kube_node_ready_controller_cpu}} diff --git a/cluster/manifests/kubernetes-lifecycle-metrics/deployment.yaml b/cluster/manifests/kubernetes-lifecycle-metrics/deployment.yaml index 2cef8353e9..6fda0a49b1 100644 --- a/cluster/manifests/kubernetes-lifecycle-metrics/deployment.yaml +++ b/cluster/manifests/kubernetes-lifecycle-metrics/deployment.yaml @@ -31,7 +31,7 @@ spec: serviceAccountName: kubernetes-lifecycle-metrics containers: - name: kubernetes-lifecycle-metrics - image: "container-registry.zalando.net/teapot/kubernetes-lifecycle-metrics:master-17" + image: "container-registry.zalando.net/teapot/kubernetes-lifecycle-metrics:master-18" ports: - containerPort: 9090 protocol: TCP From 832b2cebde6dd9e237b9fde979f336518f5b0a25 Mon Sep 17 00:00:00 2001 From: Alexander Yastrebov Date: Mon, 13 May 2024 12:47:34 +0200 Subject: [PATCH 4/7] prometheus: cleanup ingress PR #6754 introduced an equivalent RouteGroup. Signed-off-by: Alexander Yastrebov --- cluster/manifests/deletions.yaml | 4 ++++ cluster/manifests/prometheus/ingress.yaml | 26 +---------------------- 2 files changed, 5 insertions(+), 25 deletions(-) diff --git a/cluster/manifests/deletions.yaml b/cluster/manifests/deletions.yaml index 13262e9356..843dda16a5 100644 --- a/cluster/manifests/deletions.yaml +++ b/cluster/manifests/deletions.yaml @@ -287,3 +287,7 @@ post_apply: - name: skipper-ingress kind: ClusterRoleBinding namespace: kube-system + +- name: prometheus + kind: Ingress + namespace: kube-system diff --git a/cluster/manifests/prometheus/ingress.yaml b/cluster/manifests/prometheus/ingress.yaml index f65c511985..e87753dd73 100644 --- a/cluster/manifests/prometheus/ingress.yaml +++ b/cluster/manifests/prometheus/ingress.yaml @@ -1,27 +1,3 @@ -# TODO: Remove -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: prometheus - namespace: kube-system - annotations: - zalando.org/skipper-filter: | - oauthTokeninfoAnyKV("realm", "/employees", "realm", "/services") - labels: - application: kubernetes - component: prometheus -spec: - rules: - - host: system-prometheus.{{ .Values.hosted_zone }} - http: - paths: - - backend: - service: - name: prometheus - port: - number: 80 - pathType: ImplementationSpecific ---- apiVersion: zalando.org/v1 kind: RouteGroup metadata: @@ -43,7 +19,7 @@ spec: routes: - pathSubtree: / predicates: - - HeaderRegexp("Authorization", "Bearer .+") + - HeaderRegexp("Authorization", "^Bearer .+") filters: - oauthTokeninfoAnyKV("realm", "/employees", "realm", "/services") From 70f8569f6b086071efa354cf40328fab62590916 Mon Sep 17 00:00:00 2001 From: Mikkel Oscar Lyderik Larsen Date: Mon, 13 May 2024 13:47:49 +0200 Subject: [PATCH 5/7] Update kube-metrics-adapter to v1.29 Signed-off-by: Mikkel Oscar Lyderik Larsen --- cluster/manifests/kube-metrics-adapter/deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster/manifests/kube-metrics-adapter/deployment.yaml b/cluster/manifests/kube-metrics-adapter/deployment.yaml index 2a1dc98805..d84fa21b55 100644 --- a/cluster/manifests/kube-metrics-adapter/deployment.yaml +++ b/cluster/manifests/kube-metrics-adapter/deployment.yaml @@ -27,7 +27,7 @@ spec: serviceAccountName: custom-metrics-apiserver containers: - name: kube-metrics-adapter - image: container-registry.zalando.net/teapot/kube-metrics-adapter:v0.2.2-35-gdcedc0c + image: container-registry.zalando.net/teapot/kube-metrics-adapter:v0.2.2-44-gcafe11a env: - name: AWS_REGION value: {{ .Cluster.Region }} From 632558b006e2d09b6cb08d66a1c05ec95ace597b Mon Sep 17 00:00:00 2001 From: Katyanna Moura Date: Mon, 13 May 2024 16:13:59 +0200 Subject: [PATCH 6/7] Update cluster/manifests/kube-metrics-adapter/deployment.yaml --- cluster/manifests/kube-metrics-adapter/deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster/manifests/kube-metrics-adapter/deployment.yaml b/cluster/manifests/kube-metrics-adapter/deployment.yaml index d84fa21b55..dd447fb4b2 100644 --- a/cluster/manifests/kube-metrics-adapter/deployment.yaml +++ b/cluster/manifests/kube-metrics-adapter/deployment.yaml @@ -27,7 +27,7 @@ spec: serviceAccountName: custom-metrics-apiserver containers: - name: kube-metrics-adapter - image: container-registry.zalando.net/teapot/kube-metrics-adapter:v0.2.2-44-gcafe11a + image: container-registry.zalando.net/teapot/kube-metrics-adapter:v0.2.2-46-gf55afc0 env: - name: AWS_REGION value: {{ .Cluster.Region }} From e0aaebdc697173961e053337b0393f11e414af10 Mon Sep 17 00:00:00 2001 From: Mikkel Oscar Lyderik Larsen Date: Mon, 13 May 2024 17:36:06 +0200 Subject: [PATCH 7/7] deployment-service: support multiple clusters per account Signed-off-by: Mikkel Oscar Lyderik Larsen --- .../deployment-service/status-service-ingress.yaml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/cluster/manifests/deployment-service/status-service-ingress.yaml b/cluster/manifests/deployment-service/status-service-ingress.yaml index 5633810556..c96572b901 100644 --- a/cluster/manifests/deployment-service/status-service-ingress.yaml +++ b/cluster/manifests/deployment-service/status-service-ingress.yaml @@ -17,3 +17,12 @@ spec: port: name: http pathType: ImplementationSpecific + - host: "deployment-status-service-{{.Cluster.Alias}}.{{.Values.hosted_zone}}" + http: + paths: + - backend: + service: + name: "deployment-service-status-service" + port: + name: http + pathType: ImplementationSpecific