Merge branch 'development/2.11' into feature/ARTESCA-1878/dashboard-network-plane-health

Author: JulienMeziere

.pre-commit-config.yaml

@@ -47,7 +47,7 @@ repos:
         files: salt/tests/unit/formulas/.*\.py
         additional_dependencies:
           - 'pyenchant~=3.2'
-          - 'salt==3002.6'
+          - 'salt==3002.7'
           - pytest
           - Jinja2
 

CHANGELOG.md

@@ -1,8 +1,29 @@
 # CHANGELOG
 ## Release 2.11.0 (in development)
 ### Enhancements
+
+- Bump Kubernetes version to 1.22.1
+  (PR[#3525](https://github.com/scality/metalk8s/pull/3525))
+
+- Bump etcd version to 3.5.0-0
+  (PR[#3525](https://github.com/scality/metalk8s/pull/3525))
+
+- Bump CoreDNS version to v1.8.4
+  (PR[#3525](https://github.com/scality/metalk8s/pull/3525))
+
 - Bump `containerd` version to 1.4.8 (PR [#3466](https://github.com/scality/metalk8s/pull/3466)).
 
+- Bump Calico version to 3.20.0
+  (PR[#3527](https://github.com/scality/metalk8s/pull/3527))
+
+- Bump ingress-nginx chart version to 4.0.1
+  nginx-ingress-controller image has been bumped accordingly to v1.0.0
+  (PR[#3518](https://github.com/scality/metalk8s/pull/3518))
+
+- Bump Dex chart version to v0.6.3, Dex image has been bumped accordingly
+  to v2.30.0
+  (PR[#3519](https://github.com/scality/metalk8s/pull/3519))
+
 - [#3487](https://github.com/scality/metalk8s/issues/3487) - Make Salt
   Kubernetes execution module more flexible relying on `DynamicClient`
   from `python-kubernetes`
@@ -14,6 +35,20 @@
 - Bump Kubernetes version to 1.21.4
   (PR[#3495](https://github.com/scality/metalk8s/pull/3495))
 
+- Bump Salt version to 3002.7
+  (PR [#3524](https://github.com/scality/metalk8s/pull/3524))
+
+- Improve UI metrics charts (cursor synchronisation when hovering a chart, better tooltip with coloured legend and unit, lot of bug fixes when data is missing, symmetrical charts to compare read/write in/out metrics) (PR[#3529](https://github.com/scality/metalk8s/pull/3529))
+
+## Bug fixes
+
+- Enforce a single subnet for control plane when using a
+  MetalLB-managed VIP for Ingress
+  (PR [#3533](https://github.com/scality/metalk8s/pull/3533))
+
+- Fix UI issues in multi nodes environment when a node
+  is unavailable (PR[#3521](https://github.com/scality/metalk8s/pull/3521))
+
 ## Release 2.10.2
 ### Bug fixes
 - Fix the link to documentation from the UI navigation bar

buildchain/buildchain/versions.py

@@ -18,9 +18,9 @@
 
 # Project-wide versions {{{
 
-CALICO_VERSION: str = "3.19.1"
-K8S_VERSION: str = "1.21.4"
-SALT_VERSION: str = "3002.6"
+CALICO_VERSION: str = "3.20.0"
+K8S_VERSION: str = "1.22.1"
+SALT_VERSION: str = "3002.7"
 CONTAINERD_VERSION: str = "1.4.8"
 SOS_VERSION: str = "< 4.0"
 
@@ -98,27 +98,27 @@ def _version_prefix(version: str, prefix: str = "v") -> str:
     Image(
         name="calico-node",
         version=_version_prefix(CALICO_VERSION),
-        digest="sha256:bc4a631d553b38fdc169ea4cb8027fa894a656e80d68d513359a4b9d46836b55",
+        digest="sha256:7f9aa7e31fbcea7be64b153f8bcfd494de023679ec10d851a05667f0adb42650",
     ),
     Image(
         name="calico-kube-controllers",
         version=_version_prefix(CALICO_VERSION),
-        digest="sha256:904458fe1bd56f995ef76e2c4d9a6831c506cc80f79e8fc0182dc059b1db25a4",
+        digest="sha256:a850ce8daa84433a5641900693b0f8bc8e5177a4aa4cac8cf4b6cd8c24fd9886",
     ),
     Image(
         name="coredns",
-        version="v1.8.0",
-        digest="sha256:cc8fb77bc2a0541949d1d9320a641b82fd392b0d3d8145469ca4709ae769980e",
+        version="v1.8.4",
+        digest="sha256:6e5a02c21641597998b4be7cb5eb1e7b02c0d8d23cce4dd09f4682d463798890",
     ),
     Image(
         name="dex",
-        version="v2.28.1",
-        digest="sha256:5e88f2205de172b60fd7af23ac92f34321688a83de9f7de7c9a6f394f6950877",
+        version="v2.30.0",
+        digest="sha256:63fc6ee14bcf1868ebfba90885aec76597e0f27bc8e89d1fd238b1f2ee3dea6e",
     ),
     Image(
         name="etcd",
-        version="3.4.13-0",
-        digest="sha256:4ad90a11b55313b182afc186b9876c8e891531b8db4c9bf1541953021618d0e2",
+        version="3.5.0-0",
+        digest="sha256:9ce33ba33d8e738a5b85ed50b5080ac746deceed4a7496c550927a7a19ca3b6d",
     ),
     Image(
         name="grafana",
@@ -133,22 +133,22 @@ def _version_prefix(version: str, prefix: str = "v") -> str:
     Image(
         name="kube-apiserver",
         version=_version_prefix(K8S_VERSION),
-        digest="sha256:a12a4347573b16ba925bf3c2154b9155faa7796d35016d0e194f3ffce93435dc",
+        digest="sha256:6862d5a70cea8f3ef49213d6a36b7bfbbf90f99fb37f7124505be55f0ef51364",
     ),
     Image(
         name="kube-controller-manager",
         version=_version_prefix(K8S_VERSION),
-        digest="sha256:2f8234e1d386faa415090c381edc55a473b355ba79ef71c7851f89041b294d56",
+        digest="sha256:3e4274dee8a122bdd5e3f3db6b1eb8db59404deda2bf1adb0fec1da5dd95400a",
     ),
     Image(
         name="kube-proxy",
         version=_version_prefix(K8S_VERSION),
-        digest="sha256:bebf88332fc0e5648795fd7f0b57c4d39b901878e56d7cbd940ff9bd20d2a027",
+        digest="sha256:efcf1d5fb2fc95d28841f534f1385a4884230c7c876fb1b7cf66d2777ad6dc56",
     ),
     Image(
         name="kube-scheduler",
         version=_version_prefix(K8S_VERSION),
-        digest="sha256:650b648d881c672e7541227ad3ef9ff107e24d565a66feec95ca089b027c0b18",
+        digest="sha256:e1a999694bf4b9198bc220216680ef651fabe406445a93c2d354f9dd7e53c1fd",
     ),
     Image(
         name="kube-state-metrics",
@@ -162,8 +162,8 @@ def _version_prefix(version: str, prefix: str = "v") -> str:
     ),
     Image(
         name="nginx-ingress-controller",
-        version="v0.47.0",
-        digest="sha256:a1e4efc107be0bb78f32eaec37bef17d7a0c81bec8066cdf2572508d21351d0b",
+        version="v1.0.0",
+        digest="sha256:0851b34f69f69352bf168e6ccf30e1e20714a264ab1ecd1933e4d8c0fc3215c6",
     ),
     Image(
         name="nginx-ingress-defaultbackend-amd64",

charts/dex.yaml

@@ -51,7 +51,7 @@ volumeMounts:
   - name: https-tls
     mountPath: /etc/dex/tls/https/server
   - name: dex-login
-    mountPath: /web/themes/scality
+    mountPath: /srv/dex/web/themes/scality
   - name: nginx-ingress-ca-cert
     mountPath: /etc/ssl/certs/nginx-ingress-ca.crt
     subPath: ca.crt

charts/dex/Chart.yaml

@@ -1,11 +1,12 @@
 annotations:
   artifacthub.io/changes: |
-    - Added support for priority class name
+    - kind: added
+      description: "`clusterIP` value to control the IP when using ClusterIP service type"
   artifacthub.io/images: |
     - name: dex
-      image: ghcr.io/dexidp/dex:v2.28.1
+      image: ghcr.io/dexidp/dex:v2.30.0
 apiVersion: v2
-appVersion: 2.28.1
+appVersion: 2.30.0
 description: OpenID Connect (OIDC) identity and OAuth 2.0 provider with pluggable
   connectors.
 home: https://dexidp.io/
@@ -25,4 +26,4 @@ sources:
 - https://github.com/dexidp/dex
 - https://github.com/dexidp/helm-charts/tree/master/charts/dex
 type: application
-version: 0.4.0
+version: 0.6.3

charts/dex/README.md

@@ -1,6 +1,6 @@
 # dex
 
-![version: 0.4.0](https://img.shields.io/badge/version-0.4.0-informational?style=flat-square) ![type: application](https://img.shields.io/badge/type-application-informational?style=flat-square) ![app version: 2.28.1](https://img.shields.io/badge/app%20version-2.28.1-informational?style=flat-square) ![kube version: >=1.14.0-0](https://img.shields.io/badge/kube%20version->=1.14.0--0-informational?style=flat-square) [![artifact hub](https://img.shields.io/badge/artifact%20hub-dex-informational?style=flat-square)](https://artifacthub.io/packages/helm/dex/dex)
+![version: 0.6.3](https://img.shields.io/badge/version-0.6.3-informational?style=flat-square) ![type: application](https://img.shields.io/badge/type-application-informational?style=flat-square) ![app version: 2.30.0](https://img.shields.io/badge/app%20version-2.30.0-informational?style=flat-square) ![kube version: >=1.14.0-0](https://img.shields.io/badge/kube%20version->=1.14.0--0-informational?style=flat-square) [![artifact hub](https://img.shields.io/badge/artifact%20hub-dex-informational?style=flat-square)](https://artifacthub.io/packages/helm/dex/dex)
 
 OpenID Connect (OIDC) identity and OAuth 2.0 provider with pluggable connectors.
 
@@ -140,6 +140,7 @@ ingress:
 | securityContext | object | `{}` | Container [security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container). See the [API reference](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1) for details. |
 | service.annotations | object | `{}` | Annotations to be added to the service. |
 | service.type | string | `"ClusterIP"` | Kubernetes [service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types). |
+| service.clusterIP | string | `""` | Internal cluster service IP (when applicable) |
 | service.ports.http.port | int | `5556` | HTTP service port |
 | service.ports.http.nodePort | int | `nil` | HTTP node port (when applicable) |
 | service.ports.https.port | int | `5554` | HTTPS service port |

charts/dex/ci/no-config-secret.yaml

@@ -0,0 +1,10 @@
+config:
+  issuer: https://my-issuer.com
+
+  storage:
+    type: memory
+
+  enablePasswordDB: true
+
+configSecret:
+  create: false

charts/dex/templates/deployment.yaml

@@ -14,10 +14,12 @@ spec:
   template:
     metadata:
       annotations:
-        checksum/config: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
       {{- with .Values.podAnnotations }}
         {{- toYaml . | nindent 8 }}
       {{- end }}
+      {{ if .Values.configSecret.create }}
+        checksum/config: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
+      {{- end }}
       labels:
         {{- include "dex.selectorLabels" . | nindent 8 }}
     spec:

charts/dex/templates/secret.yaml

@@ -1,4 +1,4 @@
-{{ if .Values.configSecret.create }}
+{{- if .Values.configSecret.create -}}
 apiVersion: v1
 kind: Secret
 metadata:
@@ -8,4 +8,4 @@ metadata:
 type: Opaque
 data:
   config.yaml: {{ .Values.config | toYaml | b64enc | quote }}
-{{ end }}
+{{- end }}

charts/dex/templates/service.yaml

@@ -10,8 +10,8 @@ metadata:
   {{- end }}
 spec:
   type: {{ .Values.service.type }}
-  {{- if hasKey .Values.service "clusterIP" }}
-  clusterIP: {{ .Values.service.clusterIP | quote }}
+  {{- with .Values.service.clusterIP }}
+  clusterIP: {{ . }}
   {{- end }}
   ports:
     - name: http

charts/dex/templates/tests/no-config-secret.yaml

@@ -0,0 +1,13 @@
+{{- if not .Values.configSecret.create -}}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "dex.configSecretName" . }}-test-no-create
+  labels:
+    {{- include "dex.labels" . | nindent 4 }}
+  annotations:
+    "helm.sh/hook": test
+type: Opaque
+data:
+  config.yaml: {{ .Values.config | toYaml | b64enc | quote }}
+{{- end }}

charts/dex/values.yaml

@@ -122,6 +122,9 @@ service:
   # -- Kubernetes [service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types).
   type: ClusterIP
 
+  # -- Internal cluster service IP (when applicable)
+  clusterIP: ""
+
   ports:
     http:
       # -- HTTP service port

charts/ingress-nginx-control-plane-daemonset.yaml

@@ -7,7 +7,9 @@ controller:
 
   electionID: ingress-control-plane-controller-leader
 
-  ingressClass: nginx-control-plane
+  ingressClassResource:
+    name: nginx-control-plane
+    controllerValue: "k8s.io/ingress-nginx-control-plane"
 
   admissionWebhooks:
     enabled: false

charts/ingress-nginx-control-plane-deployment.yaml

@@ -7,7 +7,9 @@ controller:
 
   electionID: ingress-control-plane-controller-leader
 
-  ingressClass: nginx-control-plane
+  ingressClassResource:
+    name: nginx-control-plane
+    controllerValue: "k8s.io/ingress-nginx-control-plane"
 
   admissionWebhooks:
     enabled: false

charts/ingress-nginx.yaml

@@ -6,6 +6,9 @@ controller:
   hostPort:
     enabled: true
 
+  ingressClassResource:
+    default: true
+
   admissionWebhooks:
     enabled: false
 

charts/ingress-nginx/Chart.yaml

@@ -1,19 +1,22 @@
 annotations:
   artifacthub.io/changes: |
-    - Add namespace field in the namespace scoped resource templates
+    - Support for Ingress object v1 and drop support for v1beta1
+    - Update to go 1.17
+    - Fix some bugs
+  artifacthub.io/prerelease: "false"
 apiVersion: v2
-appVersion: 0.47.0
+appVersion: 1.0.0
 description: Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer
 home: https://github.com/kubernetes/ingress-nginx
 icon: https://upload.wikimedia.org/wikipedia/commons/thumb/c/c5/Nginx_logo.svg/500px-Nginx_logo.svg.png
 keywords:
 - ingress
 - nginx
-kubeVersion: '>=1.16.0-0'
+kubeVersion: '>=1.19.0-0'
 maintainers:
 - name: ChiefAlexander
 name: ingress-nginx
 sources:
 - https://github.com/kubernetes/ingress-nginx
 type: application
-version: 3.34.0
+version: 4.0.1

charts/ingress-nginx/OWNERS

@@ -1,5 +1,10 @@
+# See the OWNERS docs: https://github.com/kubernetes/community/blob/master/contributors/guide/owners.md
+
 approvers:
-  - ChiefAlexander
+- ingress-nginx-helm-maintainers
 
 reviewers:
-  - ChiefAlexander
+- ingress-nginx-helm-reviewers
+
+labels:
+- area/helm

charts/ingress-nginx/README.md

@@ -90,9 +90,9 @@ You can add Prometheus annotations to the metrics service using `controller.metr
 
 Previous versions of this chart had a `controller.stats.*` configuration block, which is now obsolete due to the following changes in nginx ingress controller:
 
-- In [0.16.1](https://github.com/kubernetes/ingress-nginx/blob/master/Changelog.md#0161), the vts (virtual host traffic status) dashboard was removed
-- In [0.23.0](https://github.com/kubernetes/ingress-nginx/blob/master/Changelog.md#0230), the status page at port 18080 is now a unix socket webserver only available at localhost.
-  You can use `curl --unix-socket /tmp/nginx-status-server.sock http://localhost/nginx_status` inside the controller container to access it locally, or use the snippet from [nginx-ingress changelog](https://github.com/kubernetes/ingress-nginx/blob/master/Changelog.md#0230) to re-enable the http server
+- In [0.16.1](https://github.com/kubernetes/ingress-nginx/blob/main/Changelog.md#0161), the vts (virtual host traffic status) dashboard was removed
+- In [0.23.0](https://github.com/kubernetes/ingress-nginx/blob/main/Changelog.md#0230), the status page at port 18080 is now a unix socket webserver only available at localhost.
+  You can use `curl --unix-socket /tmp/nginx-status-server.sock http://localhost/nginx_status` inside the controller container to access it locally, or use the snippet from [nginx-ingress changelog](https://github.com/kubernetes/ingress-nginx/blob/main/Changelog.md#0230) to re-enable the http server
 
 ### ExternalDNS Service Configuration
 
@@ -107,7 +107,7 @@ controller:
 
 ### AWS L7 ELB with SSL Termination
 
-Annotate the controller as shown in the [nginx-ingress l7 patch](https://github.com/kubernetes/ingress-nginx/blob/master/deploy/aws/l7/service-l7.yaml):
+Annotate the controller as shown in the [nginx-ingress l7 patch](https://github.com/kubernetes/ingress-nginx/blob/main/deploy/aws/l7/service-l7.yaml):
 
 ```yaml
 controller:
@@ -159,7 +159,7 @@ controller:
       enabled: true
       annotations:
         # Create internal ELB
-        service.beta.kubernetes.io/aws-load-balancer-internal: 0.0.0.0/0
+        service.beta.kubernetes.io/aws-load-balancer-internal: "true"
         # Any other annotation can be declared here.
 ```
 

charts/ingress-nginx/ci/controller-custom-ingressclass-flags.yaml

@@ -0,0 +1,7 @@
+controller:
+  watchIngressWithoutClass: true
+  ingressClassResource:
+    name: custom-nginx
+    enabled: true
+    default: true
+    controllerValue: "k8s.io/custom-nginx"

charts/ingress-nginx/ci/daemonset-customconfig-values.yaml

@@ -1,4 +1,8 @@
 controller:
+  image:
+    repository: ingress-controller/controller
+    tag: 1.0.0-dev
+    digest: null
   kind: DaemonSet
   admissionWebhooks:
     enabled: false

charts/ingress-nginx/ci/daemonset-customnodeport-values.yaml

@@ -1,5 +1,9 @@
 controller:
   kind: DaemonSet
+  image:
+    repository: ingress-controller/controller
+    tag: 1.0.0-dev
+    digest: null
   admissionWebhooks:
     enabled: false