Merge pull request #132 from IBM/kube1.22

Upgrade to Kubernetes 1.22
IBM · May 9, 2022 · 6803699 · 6803699
2 parents ba10c16 + 7aec154
commit 6803699
Show file tree

Hide file tree

Showing 3 changed files with 101 additions and 97 deletions.
diff --git a/charts/spire/templates/NOTES.txt b/charts/spire/templates/NOTES.txt
@@ -41,7 +41,7 @@ To learn more about the release, try:
   $ helm status {{ .Release.Name }}
   $ helm get all {{ .Release.Name }}
 
-{{- if not (lookup "apiextensions.k8s.io/v1beta1" "CustomResourceDefinition" "" "spiffeids.spiffeid.spiffe.io") -}}
+{{- if not (lookup "apiextensions.k8s.io/v1" "CustomResourceDefinition" "" "spiffeids.spiffeid.spiffe.io") -}}
   {{ printf "\n" }}
   Generate new SPIFFEID CRD
 {{- else -}}

diff --git a/charts/spire/templates/spiffeid.spiffe.io_spiffeids.tpl b/charts/spire/templates/spiffeid.spiffe.io_spiffeids.tpl
@@ -1,14 +1,13 @@
-{{- if not (lookup "apiextensions.k8s.io/v1beta1" "CustomResourceDefinition" "" "spiffeids.spiffeid.spiffe.io") -}}
+{{- if not (lookup "apiextensions.k8s.io/v1" "CustomResourceDefinition" "" "spiffeids.spiffeid.spiffe.io") -}}
 {{/*
     If does not exist, generate new SPIFFEID CRD
 */}}
 
-apiVersion: apiextensions.k8s.io/v1beta1
+apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
     controller-gen.kubebuilder.io/version: v0.2.4
-  creationTimestamp: null
   name: spiffeids.spiffeid.spiffe.io
 spec:
   group: spiffeid.spiffe.io
@@ -18,98 +17,99 @@ spec:
     plural: spiffeids
     singular: spiffeid
   scope: Namespaced
-  subresources:
-    status: {}
-  validation:
-    openAPIV3Schema:
-      description: SpiffeID is the Schema for the spiffeid API
-      properties:
-        apiVersion:
-          description: 'APIVersion defines the versioned schema of this representation
-            of an object. Servers should convert recognized schemas to the latest
-            internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-          type: string
-        kind:
-          description: 'Kind is a string value representing the REST resource this
-            object represents. Servers may infer this from the endpoint the client
-            submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-          type: string
-        metadata:
-          type: object
-        spec:
-          description: SpiffeIDSpec defines the desired state of SpiffeID
-          properties:
-            dnsNames:
-              items:
-                type: string
-              type: array
-            federatesWith:
-              items:
-                type: string
-              type: array
-            parentId:
-              type: string
-            selector:
-              properties:
-                arbitrary:
-                  description: Arbitrary selectors
-                  items:
-                    type: string
-                  type: array
-                containerImage:
-                  description: Container image to match for this spiffe ID
-                  type: string
-                containerName:
-                  description: Container name to match for this spiffe ID
-                  type: string
-                namespace:
-                  description: Namespace to match for this spiffe ID
-                  type: string
-                nodeName:
-                  description: Node name to match for this spiffe ID
-                  type: string
-                podLabel:
-                  additionalProperties:
-                    type: string
-                  description: Pod label name/value to match for this spiffe ID
-                  type: object
-                podName:
-                  description: Pod name to match for this spiffe ID
-                  type: string
-                podUid:
-                  description: Pod UID to match for this spiffe ID
-                  type: string
-                serviceAccount:
-                  description: ServiceAccount to match for this spiffe ID
-                  type: string
-              type: object
-            spiffeId:
-              type: string
-          required:
-          - parentId
-          - selector
-          - spiffeId
-          type: object
-        status:
-          description: SpiffeIDStatus defines the observed state of SpiffeID
-          properties:
-            entryId:
-              description: 'INSERT ADDITIONAL STATUS FIELD - define observed state
-                of cluster Important: Run "make" to regenerate code after modifying
-                this file'
-              type: string
-          type: object
-      type: object
-  version: v1beta1
   versions:
   - name: v1beta1
     served: true
     storage: true
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []
+    subresources:
+      status: {}
+    schema:
+      openAPIV3Schema:
+        description: SpiffeID is the Schema for the spiffeid API
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: SpiffeIDSpec defines the desired state of SpiffeID
+            properties:
+              dnsNames:
+                items:
+                  type: string
+                type: array
+              federatesWith:
+                items:
+                  type: string
+                type: array
+              parentId:
+                type: string
+              downstream:
+                type: boolean
+              selector:
+                properties:
+                  arbitrary:
+                    description: Arbitrary selectors
+                    items:
+                      type: string
+                    type: array
+                  containerImage:
+                    description: Container image to match for this spiffe ID
+                    type: string
+                  containerName:
+                    description: Container name to match for this spiffe ID
+                    type: string
+                  namespace:
+                    description: Namespace to match for this spiffe ID
+                    type: string
+                  nodeName:
+                    description: Node name to match for this spiffe ID
+                    type: string
+                  podLabel:
+                    additionalProperties:
+                      type: string
+                    description: Pod label name/value to match for this spiffe ID
+                    type: object
+                  podName:
+                    description: Pod name to match for this spiffe ID
+                    type: string
+                  podUid:
+                    description: Pod UID to match for this spiffe ID
+                    type: string
+                  serviceAccount:
+                    description: ServiceAccount to match for this spiffe ID
+                    type: string
+                  cluster:
+                    description: The k8s_psat cluster name
+                    type: string
+                  agent_node_uid:
+                    description: UID of the node
+                    type: string
+                type: object
+              spiffeId:
+                type: string
+            required:
+            - parentId
+            - selector
+            - spiffeId
+            type: object
+          status:
+            description: SpiffeIDStatus defines the observed state of SpiffeID
+            properties:
+              entryId:
+                description: 'INSERT ADDITIONAL STATUS FIELD - define observed state
+                  of cluster Important: Run "make" to regenerate code after modifying
+                  this file'
+                type: string
+            type: object
+        type: object
 
 {{- end -}}
diff --git a/utils/install-open-shift-tornjak.sh b/utils/install-open-shift-tornjak.sh
@@ -218,14 +218,15 @@ echo "$INGRESS"
 
 # setup TLS secret:
 CRN=$(ibmcloud oc ingress secret get -c "$CLUSTERNAME" --name "$INGSEC" --namespace openshift-ingress --output json | jq -r '.crn')
-ibmcloud oc ingress secret create --cluster "$CLUSTERNAME" --cert-crn "$CRN" --name "$INGSEC" --namespace "$PROJECT"
+# not needed for k8s 1.22 anymore:
+#ibmcloud oc ingress secret create --cluster "$CLUSTERNAME" --cert-crn "$CRN" --name "$INGSEC" --namespace "$PROJECT"
 if [ "$?" == "0" ]; then
   echo "All good"
 fi
 
 # create ingress deployment:
 oc_cli create -f- <<EOF
-apiVersion: networking.k8s.io/v1beta1
+apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
   name: spireingress
@@ -239,9 +240,12 @@ spec:
     http:
       paths:
       - path: /
+        pathType: Prefix
         backend:
-          serviceName: spire-server
-          servicePort: 8081
+          service:
+            name: spire-server
+            port:
+              number: 8081
 EOF
 
 # create route for Tornjak TLS: