Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Resolve #101 - Support K8s 1.22 - 1.27 #102

Open
wants to merge 73 commits into
base: main
Choose a base branch
from
Open

Resolve #101 - Support K8s 1.22 - 1.27 #102

wants to merge 73 commits into from

Conversation

rlratcliffe
Copy link
Contributor

@rlratcliffe rlratcliffe commented Sep 3, 2023
edited
Loading

This PR is to allow support for Tavros up to Kubernetes 1.27. Tavros was last built with K8s 1.21 as far as I can tell. K8s 1.27 is now available, and my client needed to update to at least 1.25. Not all Kubernetes (K8s) versions have removals of APIs, but there were removals of APIs in K8s 1.22 and 1.25 that affected a number of Tavros components. K8s maintains a guide of these changes here.

Used Fairwinds' Pluto to generate list of what needed to be updated.

These changes include general maintenance but are primarily targeting these K8s API removals.

  • Updated Keycloak operator 12.0.4 -> 19.0.2. Updated various KeycloakClients in order to support the changes. Roles and scopes appear to not be created the same and can be created from the CRD instead, so these changes fix those issues.
  • Updated Kong chart from 2.3.0 -> 2.15.0 and Kong gateway from 2.5.0.0-alpine -> 3.0.0.0-alpine
  • Updated ECK from 1.6.0 -> 2.5.0
  • Updated kube-state-metrics from v2.0.0-rc.1 -> v2.7.0
  • Updated cert manager from 1.3.0 -> 1.11.0
  • Switched postgres helm repo due to the index changing.
  • Updated Jenkins from 2.277.4-lts-alpine -> 2.416-jdk11 and Jenkins operator from v0.6.0 0 -> v0.8.0-beta2. This PR will also need to be merged for pipeline related changes and a release will need to be made with v0.5. If no changes on the Jenkins PR, for testing this branch the library can be just changed in the configmap-jenkins-config to use the pre-release library version: v0.5-alpha.4
  • Updated Jaeger from v1.25.0 -> v1.47.0 and fixed the initialization of certs
  • Updated sealed secrets from v0.15.0 -> v0.17.5.
  • Updated various YAMLs to replace API endpoints

Some additional changes/additions, that either facilitated testing of these changes or are features we use at my client. Can move them to a different PR if that would be better.

  • Additional AKS ansible commands related to resource groups, storage, and DNS zones related to AKS provisioning
  • Added acceptance tests and other docs. Tests should eventually be automated but are a start.
  • Added tavros-repo helm repo to dev/test/prod to facilitate ease of deploying camel apps with less confusion
  • Git shell in Gitea namespace just in case it's necessary to push to git while kong is down
  • Troubleshooting shells inside of dev/test/prod namespaces. Image contains curl to be able to curl to the APIs with ease.
  • Fixed issue with occasionally failing to install Kibana assets

Thus far, this has only been tested on AKS.

  • Requires Jenkins Tavros library merge/release - Yes
  • Requires Tavros chart release - No
  • Requires archetype release - No

rlratcliffe added 30 commits June 29, 2023 14:47
@rlratcliffe
update k8s version
ff6f6a5
@rlratcliffe
update sealed secrets version
6fa19d4 
fix deprecated version + issue with missing quay image
@rlratcliffe
fix postgresql using new chart
02ded59 
old chart no longer existed, and values didn't match and needed to be reconfigured. old values are here: https://github.com/bitnami/charts/blob/4c72712f8d0c79ca3b573c87b993bfe80fc99b01/bitnami/postgresql/values.yaml
@rlratcliffe
add resource group/storage account to create/delete
940de0b 
maybe not a good idea if it deletes IP stuff but trying it out
@rlratcliffe
maybe fix kong
1f11e13
@rlratcliffe
upgrade cert-manager
b09860c 
https://cert-manager.io/docs/installation/supported-releases/

prod-kong-ingress-certs & sandbox-kong-ingress-certs weren't being created, but are now
@rlratcliffe
update keycloak
f64552a 
NOTE: this keycloak-operator is deprecated and no more fixes are available
@rlratcliffe
add command to create dns zone in aks
d145cbd
@rlratcliffe
maybe fix elastic
051e5e9
@rlratcliffe
update cronjob for jaeger, but leave operator same for now
1908ae5
@rlratcliffe
part 1 of fixing jenkins
f5832e4
@rlratcliffe
part 2 of fixing jenkins (still broken)
1ba160b
@rlratcliffe
docs: add start of manual backups info
c0b1f8b
@rlratcliffe
update postgres sql init image
2957299
@rlratcliffe
part 3 of fixing jenkins
1a4512c
@rlratcliffe
update default_vars
b19cee4
@rlratcliffe
fix formatting
c0676ed
@rlratcliffe
docs: add nexus backup info
8b7b16d
@rlratcliffe
add wait after dns
ec21d01
@rlratcliffe
docs: modify version
b30cf81
@rlratcliffe
docs: add access info and acceptance tests
97879bc
@rlratcliffe
allow retries of adding kibana assets
29b8c97 
was suddenly failing after many repeat runs
@rlratcliffe
docs: add additional tests
15dda7a
@rlratcliffe
don't validate certs in kibana call to match old curl call
178835a
@rlratcliffe
docs: add some more info
217d026
@rlratcliffe
update acceptance test results, will delete results later
3e5842b
@rlratcliffe
add todo
db3c746
@rlratcliffe
update TODO
d8abcaf
@rlratcliffe
add keycloak roles
ddc5c11
@rlratcliffe
dunno if this is a real issue yet
0cd4f76
@rlratcliffe
update acceptance tests again
f7d986d
@rlratcliffe
ignore vscode folder
d2fbf85
@rlratcliffe
fix jaeger (partially working)
2591f71 
need to fix:
- erroring out deployment in ansible script
- jaeger user not being created properly in elastic (tavros-es-creds not working to access elastic node out of the box)
- tavros-es-http-certs (-n jaeger) secret needs ca.crt from tavros-es-http-certs-public (-n elastic-system)
@rlratcliffe
misc keycloak changes
f5e2654
@rlratcliffe
fix issues with elastic init-runner
a488f80 
- fix init script that creates jaeger role and user so that it doesn't silently fail, and therefore will keep retrying
- move init-runner wait before wait for elastic in ansible script
@rlratcliffe
fix init of ca.crt secret for jaeger
b1b2012
@rlratcliffe
add main tavros host env var
e6cfd8f
@rlratcliffe
update postgres backup instructions
80bf6b8
@rlratcliffe
reduce duplication of jenkins vars
0be68a5
@rlratcliffe
Revert "reduce duplication of jenkins vars"
33f61a0 
This reverts commit 0be68a5.
@rlratcliffe
update acceptance tests
9388d43
@rlratcliffe
prevent troubleshooting shell from running as root
451543a
@rlratcliffe
remove unnecessary ansible step
ef12f5d 
the storage account gets deleted when the resource group does
@rlratcliffe
update docs and default_vars
1cb75e5
@rlratcliffe
add info about rate limits
921111f
@rlratcliffe
cleanup
6311ff1
@rlratcliffe
update acceptance tests
645bc20
@rlratcliffe
update main readme
2129ed4
@rlratcliffe
bump jenkins versions/attempt to lock other versions
599e43c
@rlratcliffe
update acceptance tests again
9decda6
@rlratcliffe
fix tests except for .stdout issue
0d7a2a4
@rlratcliffe
fix enterprise tests
b81cd1f
@rlratcliffe
change how elastic cert is retrieved & secret is created
cf500f1 
the default for when there's no cert is really just for the test, which I'm not sure is ideal
@rlratcliffe
update acceptance tests again
b22b1f6
@rlratcliffe rlratcliffe marked this pull request as ready for review September 4, 2023 14:20
@rlratcliffe rlratcliffe mentioned this pull request Sep 4, 2023
Open
14 tasks
@rlratcliffe rlratcliffe changed the title Resolve #101 Resolve #101 - Support K8s 1.22 - 1.27 Sep 4, 2023
This was referenced Oct 16, 2023
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@rlratcliffe