releasing istio1.4.3 (#60)

Signed-off-by: Josh Cox <[email protected]>
joshuacox · Mar 18, 2020 · aa5f441 · aa5f441
1 parent c6c7183
commit aa5f441
Show file tree

Hide file tree

Showing 11 changed files with 72 additions and 72 deletions.
diff --git a/Makefile b/Makefile
@@ -1,12 +1,10 @@
 # Reactionetes Makefile
 # define various versions
 $(eval CT_VERSION := "v0.9.0")
-$(eval CNI_VERSION := "v0.7.5")
-$(eval ISTIO_VERSION := "1.3.1")
-$(eval NVM_VERSION := "v0.34.0")
-$(eval PACKER_VERSION := "1.4.0")
-$(eval ONESSL_VERSION := "0.10.0")
-$(eval CRICTL_VERSION := "v1.12.0")
+$(eval CNI_VERSION := "v0.8.5")
+$(eval NVM_VERSION := "v0.35.2")
+$(eval PACKER_VERSION := "1.5.0")
+$(eval CRICTL_VERSION := "v1.17.0")
 
 # Install location
 $(eval KUBASH_DIR := $(HOME)/.kubash)
@@ -88,11 +86,12 @@ istioctl: $(KUBASH_BIN)
 
 $(KUBASH_BIN)/istioctl:
 	@echo 'Installing istioctl'
-	$(eval TMP := $(shell mktemp -d --suffix=istioctlTMP))
+	$(eval TMP := $(shell mktemp -d --suffix=KUBECTLTMP))
 	cd $(TMP) && \
-	curl -sL https://git.io/getLatestIstio | ISTIO_VERSION=${ISTIO_VERSION} sh -
-	install -m755 ${TMP}/istio-${ISTIO_VERSION}/bin/istioctl $(KUBASH_BIN)/
-	rm -Rf $(TMP)
+	curl -L https://istio.io/downloadIstio | sh -
+	mv $(TMP)/istio-1.4.3/bin/istioctl $(KUBASH_DIR)/bin/
+	rm -Rf $(TMP)/istio-1.4.3
+	rmdir $(TMP)
 
 
 kubectl: $(KUBASH_BIN)
@@ -398,15 +397,6 @@ $(KUBASH_BIN)/ct:
 	&& mv ct $(KUBASH_BIN)/
 	rm -Rf $(TMP)
 
-onessl: $(KUBASH_BIN)/onessl
-
-$(KUBASH_BIN)/onessl:
-	$(eval TMP := $(shell mktemp -d --suffix=ONESSLTMP))
-	curl -fsSL -o $(TMP)/onessl https://github.com/kubepack/onessl/releases/download/${ONESSL_VERSION}/onessl-linux-amd64
-	chmod +x $(TMP)/onessl
-	mv $(TMP)/onessl $(KUBASH_BIN)/
-	rm -Rf $(TMP)
-
 gcloud:
 	curl https://sdk.cloud.google.com | bash
 

diff --git a/bootstrap b/bootstrap
@@ -19,7 +19,7 @@ check_shell () {
     . $HOME/.zshrc
   elif [[ "$THIS_SHELL" == "bash" ]]; then
     . $HOME/.bashrc
-  else 
+  else
     echo 'unsupported shell'
     exit 1
   fi
@@ -227,10 +227,10 @@ main () {
   echo 'ensure jinja2 is installed'
   cd $KUBASH_DIR
   make jinja2-cli
-  cat $HOME/.bashrc
+  #cat $HOME/.bashrc
   . $HOME/.bashrc
-  echo $PATH
-  check_install jinja2
+  #echo $PATH
+  #check_install jinja2
   cd $KUBASH_DIR
   make yaml2json
   #echo 'ensure ct is installed'
@@ -251,8 +251,18 @@ main () {
   make kubectl
   cd $KUBASH_DIR
   check_install crictl
-  check_install onessl
+  # onessl is deprecated and is being removed
+  #check_install onessl
   pip install --user --upgrade $PIP_INSTALL_PKGS
+  if [ -w /usr/local/bin ] ; then
+    touch /usr/local/bin/test_file_01
+    rm /usr/local/bin/test_file_01
+    echo '/usr/local/bin is writeable by the current user'
+  else
+    echo '/usr/local/bin is not writeable by the current user'
+    echo 'Please ensure the current user can write to /usr/local/bin'
+    #exit 1
+  fi
   echo 'logout and log back in, or source your RC files'
 }
 

diff --git a/lib/ingress.bash b/lib/ingress.bash
@@ -98,7 +98,6 @@ do_voyager () {
   KUBECONFIG=$KUBECONFIG \
   helm install stable/voyager --name voyager \
     --set cloudProvider=$VOYAGER_PROVIDER \
-    --set apiserver.ca="$(onessl get kube-ca)" \
     $VOYAGER_ADMISSIONWEBHOOK
   elif [ "$VOYAGER_BY_HELM" = "appscode" ]; then
   KUBECONFIG=$KUBECONFIG \
@@ -109,7 +108,6 @@ do_voyager () {
     --version $VOYAGER_VERSION \
     --namespace kube-system \
     --set cloudProvider=$VOYAGER_PROVIDER \
-    --set apiserver.ca="$(onessl get kube-ca)" \
     $VOYAGER_ADMISSIONWEBHOOK
   else
     KUBECONFIG=$KUBECONFIG \

diff --git a/lib/istio.bash b/lib/istio.bash
@@ -1,5 +1,7 @@
 #!/usr/bin/env bash
 do_istio () {
+    #KUBECONFIG=$KUBECONFIG \
+    #kubectl apply -f $KUBASH_DIR/templates/trustworthy-jwt.yaml
     # Install istio with certmanager
     # https://istio.io/docs/examples/advanced-gateways/ingress-certmgr/
     if [ -z $LETSENCRYPT_EMAIL ]; then
@@ -9,52 +11,37 @@ do_istio () {
     if [ -z $LOAD_BALANCER_IP ]; then
       LOAD_BALANCER_IP_SET=""
     else
-      #LOAD_BALANCER_IP_SET="--set gateways.istio-ilbgateway.loadBalancerIP=$LOAD_BALANCER_IP"
-      LOAD_BALANCER_IP_SET="--set gateways.istio-ingressgateway.loadBalancerIP=$LOAD_BALANCER_IP"
+      LOAD_BALANCER_IP_SET="--set values.gateways.istio-ingressgateway.loadBalancerIP=$LOAD_BALANCER_IP"
     fi
-    cd $KUBASH_DIR/submodules/istio/install/kubernetes/helm
     KUBECONFIG=$KUBECONFIG \
+    helm repo add jetstack https://charts.jetstack.io
+    helm repo update
+    # Install Cert-manager
     helm install \
-      --name=istio-init \
-      --namespace=istio-system \
-      --set gateways.istio-ingressgateway.sds.enabled=true \
-      --set global.k8sIngress.enabled=true \
-      --set certmanager.enabled=true \
-      --set certmanager.email=$LETSENCRYPT_EMAIL \
-      istio-init
-    sleep 1
-    ISTIO_CRD_COUNT=0
-    countzero=0
-    while [[ $ISTIO_CRD_COUNT -lt 28 ]]
-    do
-      ISTIO_CRD_COUNT=$(kubectl get crds | grep 'istio.io\|certmanager.k8s.io' | wc -l)
-      if [[ $countzero > 15 ]]; then
-        echo "ISTIO_CRD_COUNT=$ISTIO_CRD_COUNT"
-      fi
-      sleep 1
-      ((++countzero))
-    done
-    helm repo add istio.io https://storage.googleapis.com/istio-release/releases/1.1.7/charts/
+      --kubeconfig $KUBECONFIG \
+      --name cert-manager \
+      --namespace cert-manager \
+      --version v0.13.0 \
+      jetstack/cert-manager
     KUBECONFIG=$KUBECONFIG \
-    helm install \
-      --name=istio \
-      --namespace=istio-system \
+    kubectl get pods --namespace cert-manager
+    # Install Istio
+    KUBECONFIG=$KUBECONFIG \
+    istioctl manifest apply \
+      --wait \
+      --set profile=sds \
+      --set values.kiali.enabled=true \
+      --set values.grafana.enabled=true \
+      --set values.tracing.enabled=true \
+      --set values.prometheus.enabled=true \
+      --set values.certmanager.enabled=true \
+      --set values.gateways.istio-ingressgateway.sds.enabled=true \
+      --set values.global.k8sIngress.enabled=true \
+      --set values.global.k8sIngress.enableHttps=true \
+      --set values.global.k8sIngress.gatewayName=ingressgateway \
       $LOAD_BALANCER_IP_SET \
-      --set kiali.enabled=true \
-      --set grafana.enabled=true \
-      --set tracing.enabled=true \
-      --set prometheus.enabled=true \
-      --set certmanager.enabled=true \
-      --set certmanager.email=$LETSENCRYPT_EMAIL \
-      --set global.k8sIngress.enabled=true \
-      --set global.k8sIngress.enableHttps=true \
-      --set gateways.istio-ingressgateway.nodeSelector.ingress=true \
-      --set gateways.istio-ingressgateway.type=$ISTIO_GATEWAY_TYPE \
-      --set gateways.istio-ingressgateway.sds.enabled=true \
-      --set global.k8sIngress.gatewayName=ingressgateway \
-      --set "kiali.dashboard.grafanaURL=http://grafana:3000" \
-      --set "kiali.dashboard.jaegerURL=http://jaeger-query:16686" \
-      istio
+      --set "values.kiali.dashboard.jaegerURL=http://jaeger-query:16686" \
+      --set "values.kiali.dashboard.grafanaURL=http://grafana:3000"
     KUBECONFIG=$KUBECONFIG \
     kubectl label namespace default --overwrite istio-injection=enabled
 }
diff --git a/lib/kattic.bash b/lib/kattic.bash
@@ -557,6 +557,8 @@ do_decom () {
 
 do_metallb () {
     if [[ METALLB_INSTALLATION_METHOD = 'helm' ]]; then
+      echo "This method is deprecated by upstream"
+      exit 1
       KUBECONFIG=$KUBECONFIG \
         helm install --name metallb stable/metallb
     else

diff --git a/lib/kvars.bash b/lib/kvars.bash
@@ -64,7 +64,7 @@
 : ${VOYAGER_PROVIDER:='metallb'}
 : ${VOYAGER_BY_HELM:= "false"}
 : ${VOYAGER_VERSION:='9.0.0'}
-: ${METALLB_VERSION:='v0.8.1'}
+: ${METALLB_VERSION:='v0.8.3'}
 : ${VOYAGER_ADMISSIONWEBHOOK:='--set apiserver.enableAdmissionWebhook=true'}
 : ${LINKERD_URL:='https://raw.githubusercontent.com/linkerd/linkerd-examples/master/k8s-daemonset/k8s/linkerd-ingress-controller.yml'}
 : ${ISTIO_GATEWAY_TYPE=LoadBalancer}

diff --git a/submodules/istio b/submodules/istio
diff --git a/submodules/kubespray b/submodules/kubespray
diff --git a/submodules/openshift-ansible b/submodules/openshift-ansible
diff --git a/submodules/rook b/submodules/rook
diff --git a/templates/trustworthy-jwt.yaml b/templates/trustworthy-jwt.yaml
@@ -0,0 +1,13 @@
+# This configs KinD to spin up a k8s cluster with trustworthy jwt (Service Account Token Volume Projection) feature.
+kind: Cluster
+apiVersion: kind.sigs.k8s.io/v1alpha3
+kubeadmConfigPatches:
+  - |
+    apiVersion: kubeadm.k8s.io/v1beta2
+    kind: ClusterConfiguration
+    metadata:
+      name: config
+    apiServer:
+      extraArgs:
+        "service-account-issuer": "kubernetes.default.svc"
+        "service-account-signing-key-file": "/etc/kubernetes/pki/sa.key"
+18 −6		roles/openshift_node/defaults/main.yml
+19 −9		roles/openshift_node/tasks/apply_machine_config.yml
+1 −1		roles/openshift_node/tasks/install.yml
+31 −20		test/aws/create_machineset.yml
+71 −23		Documentation/ceph-cluster-crd.md
+119 −0		Documentation/ceph-object-bucket-claim.md
+110 −63		Documentation/ceph-object.md
+13 −5		Documentation/ceph-upgrade.md
+47 −29		Documentation/helm-operator.md
+3 −1		Gopkg.lock
+5 −6		INSTALL.md
+7 −3		Jenkinsfile
+1 −0		cluster/charts/rook-ceph/templates/clusterrole.yaml
+78 −1		cluster/charts/rook-ceph/templates/clusterrolebinding.yaml
+3 −1		cluster/charts/rook-ceph/templates/deployment.yaml
+4 −3		cluster/charts/rook-ceph/values.yaml
+1 −1		cluster/examples/coreos/after-reboot-daemonset.yaml
+1 −1		cluster/examples/coreos/before-reboot-daemonset.yaml
+1 −1		cluster/examples/kubernetes/cassandra/operator.yaml
+31 −12		cluster/examples/kubernetes/ceph/cluster-on-pvc.yaml
+3 −0		cluster/examples/kubernetes/ceph/cluster.yaml
+1 −0		cluster/examples/kubernetes/ceph/common.yaml
+3 −3		cluster/examples/kubernetes/ceph/csi/template/cephfs/csi-cephfsplugin-provisioner-dep.yaml
+3 −3		cluster/examples/kubernetes/ceph/csi/template/cephfs/csi-cephfsplugin-provisioner-sts.yaml
+7 −0		cluster/examples/kubernetes/ceph/csi/template/cephfs/csi-cephfsplugin.yaml
+5 −3		cluster/examples/kubernetes/ceph/csi/template/rbd/csi-rbdplugin-provisioner-dep.yaml
+5 −3		cluster/examples/kubernetes/ceph/csi/template/rbd/csi-rbdplugin-provisioner-sts.yaml
+7 −0		cluster/examples/kubernetes/ceph/csi/template/rbd/csi-rbdplugin.yaml
+6 −6		cluster/examples/kubernetes/ceph/monitoring/prometheus-ceph-v14-rules.yaml
+4 −1		cluster/examples/kubernetes/ceph/operator-openshift.yaml
+7 −4		cluster/examples/kubernetes/ceph/operator.yaml
+1 −1		cluster/examples/kubernetes/ceph/toolbox.yaml
+1 −1		cluster/examples/kubernetes/cockroachdb/operator.yaml
+1 −1		cluster/examples/kubernetes/edgefs/operator.yaml
+1 −1		cluster/examples/kubernetes/minio/operator.yaml
+2 −2		cluster/examples/kubernetes/nfs/operator.yaml
+1 −1		cluster/examples/kubernetes/yugabytedb/operator.yaml
+28 −17		cmd/rook/ceph/osd.go
+48 −0		cmd/rook/ceph/osd_test.go
+3 −5		images/ceph/Makefile
+3 −0		pkg/apis/ceph.rook.io/v1/types.go
+14 −7		pkg/daemon/ceph/agent/flexvolume/controller.go
+9 −3		pkg/daemon/ceph/agent/flexvolume/controller_test.go
+2 −2		pkg/daemon/ceph/client/status.go
+9 −0		pkg/daemon/ceph/config/config.go
+23 −1		pkg/daemon/ceph/osd/agent.go
+13 −31		pkg/daemon/ceph/osd/daemon.go
+8 −3		pkg/daemon/ceph/osd/volume.go
+3 −3		pkg/daemon/ceph/osd/volume_test.go
+6 −4		pkg/operator/ceph/cluster/cluster.go
+21 −4		pkg/operator/ceph/cluster/controller.go
+1 −1		pkg/operator/ceph/cluster/mgr/dashboard.go
+3 −2		pkg/operator/ceph/cluster/mgr/mgr.go
+3 −2		pkg/operator/ceph/cluster/mgr/mgr_test.go
+1 −2		pkg/operator/ceph/cluster/mgr/orchestrator.go
+23 −1		pkg/operator/ceph/cluster/mgr/orchestrator_test.go
+36 −6		pkg/operator/ceph/cluster/mon/mon.go
+1 −2		pkg/operator/ceph/cluster/mon/spec.go
+0 −22		pkg/operator/ceph/cluster/osd/deviceSet.go
+26 −18		pkg/operator/ceph/cluster/osd/health.go
+2 −2		pkg/operator/ceph/cluster/osd/health_test.go
+77 −20		pkg/operator/ceph/cluster/osd/osd.go
+27 −0		pkg/operator/ceph/cluster/osd/osd_test.go
+9 −25		pkg/operator/ceph/cluster/osd/spec.go
+11 −5		pkg/operator/ceph/cluster/osd/spec_test.go
+84 −0		pkg/operator/ceph/cluster/osd/topology.go
+39 −0		pkg/operator/ceph/cluster/osd/topology_test.go
+1 −1		pkg/operator/ceph/cluster/rbd/mirror.go
+8 −1		pkg/operator/ceph/cr_manager.go
+11 −3		pkg/operator/ceph/csi/spec.go
+29 −24		pkg/operator/ceph/disruption/clusterdisruption/location.go
+59 −19		pkg/operator/ceph/disruption/clusterdisruption/osd.go
+5 −8		pkg/operator/ceph/disruption/clusterdisruption/pools.go
+3 −2		pkg/operator/ceph/disruption/clusterdisruption/reconcile.go
+1 −0		pkg/operator/ceph/disruption/controllerconfig/context.go
+57 −0		pkg/operator/ceph/disruption/controllerconfig/toleration.go
+72 −12		pkg/operator/ceph/disruption/controllerconfig/toleration_test.go
+125 −32		pkg/operator/ceph/disruption/nodedrain/reconcile.go
+1 −1		pkg/operator/ceph/nfs/controller.go
+8 −3		pkg/operator/ceph/object/bucket/provisioner.go
+13 −1		pkg/operator/ceph/object/user/controller.go
+47 −11		pkg/operator/ceph/version/version.go
+29 −27		pkg/operator/ceph/version/version_test.go
+18 −14		pkg/operator/k8sutil/cmdreporter/cmdreporter.go
+5 −0		pkg/operator/k8sutil/node.go
+2 −2		pkg/operator/k8sutil/pod.go
+3 −3		pkg/operator/nfs/controller.go
+16 −1		pkg/util/sys/device.go
+14 −9		tests/framework/clients/pool.go
+1 −0		tests/framework/installer/ceph_manifests.go
+46 −44		tests/integration/ceph_base_block_test.go
+2 −0		tests/integration/ceph_base_object_test.go
+8 −4		tests/integration/ceph_block_test.go
+36 −10		tests/integration/ceph_mon_test.go
+1 −1		tests/integration/ceph_upgrade_test.go