From 07699df602d455b4bdc10d4e3f75f0d4767eb0f5 Mon Sep 17 00:00:00 2001 From: 418 I'm a teapot Date: Mon, 23 Sep 2024 16:31:33 +0200 Subject: [PATCH 01/22] aws-cloud-controller-manager-internal: Update to version v1.30.2-master-127 Update container-registry.zalando.net/teapot/aws-cloud-controller-manager-internal to version v1.30.2-master-127 --- cluster/manifests/aws-cloud-controller-manager/daemonset.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster/manifests/aws-cloud-controller-manager/daemonset.yaml b/cluster/manifests/aws-cloud-controller-manager/daemonset.yaml index fc4788883f..ae91f2c940 100644 --- a/cluster/manifests/aws-cloud-controller-manager/daemonset.yaml +++ b/cluster/manifests/aws-cloud-controller-manager/daemonset.yaml @@ -27,7 +27,7 @@ spec: - --cloud-provider=aws - --use-service-account-credentials=true - --configure-cloud-routes=false - image: container-registry.zalando.net/teapot/aws-cloud-controller-manager-internal:v1.31.0-master-127 + image: container-registry.zalando.net/teapot/aws-cloud-controller-manager-internal:v1.30.2-master-127 name: aws-cloud-controller-manager resources: requests: From 407b68104082c2eb80e72d5c7eeda5a197a6aab8 Mon Sep 17 00:00:00 2001 From: 418 I'm a teapot Date: Mon, 23 Sep 2024 16:32:12 +0200 Subject: [PATCH 02/22] fabric-gateway: Update to version master-290 Update container-registry.zalando.net/gwproxy/fabric-gateway to version master-290 --- cluster/manifests/fabric-gateway/deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster/manifests/fabric-gateway/deployment.yaml b/cluster/manifests/fabric-gateway/deployment.yaml index bb1936d9e8..d25d30f4ce 100644 --- a/cluster/manifests/fabric-gateway/deployment.yaml +++ b/cluster/manifests/fabric-gateway/deployment.yaml @@ -1,4 +1,4 @@ -# {{ $image := "container-registry.zalando.net/gwproxy/fabric-gateway:master-289" }} +# {{ $image := "container-registry.zalando.net/gwproxy/fabric-gateway:master-290" }} # {{ $version := index (split $image ":") 1 }} apiVersion: apps/v1 kind: Deployment From 7b0e50323793b0ce76b1f38a33e107bbafdc59e9 Mon Sep 17 00:00:00 2001 From: 418 I'm a teapot Date: Mon, 23 Sep 2024 16:32:23 +0200 Subject: [PATCH 03/22] flannel-tc: Update to version master-13 Update container-registry.zalando.net/teapot/flannel-tc to version master-13 --- cluster/manifests/flannel/daemonset.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster/manifests/flannel/daemonset.yaml b/cluster/manifests/flannel/daemonset.yaml index 92f75d172b..02c42af571 100644 --- a/cluster/manifests/flannel/daemonset.yaml +++ b/cluster/manifests/flannel/daemonset.yaml @@ -100,7 +100,7 @@ spec: - /tc-flannel.sh command: - /bin/bash - image: container-registry.zalando.net/teapot/flannel-tc:master-12 + image: container-registry.zalando.net/teapot/flannel-tc:master-13 name: flannel-tc resources: requests: From 89215a587f999ce3fbeffd8edfcec4421f839946 Mon Sep 17 00:00:00 2001 From: 418 I'm a teapot Date: Mon, 23 Sep 2024 16:35:27 +0200 Subject: [PATCH 04/22] skipper: Update to version v0.21.204 Update 926694233939.dkr.ecr.eu-central-1.amazonaws.com/production_namespace/teapot/skipper to version v0.21.204 --- cluster/node-pools/master-default/userdata.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/cluster/node-pools/master-default/userdata.yaml b/cluster/node-pools/master-default/userdata.yaml index 3b87c4144a..7a9822e87a 100644 --- a/cluster/node-pools/master-default/userdata.yaml +++ b/cluster/node-pools/master-default/userdata.yaml @@ -247,7 +247,7 @@ write_files: name: admission-controller-kubeconfig readOnly: true - name: skipper-admission-webhook - image: 926694233939.dkr.ecr.eu-central-1.amazonaws.com/production_namespace/teapot/skipper:v0.19.32 + image: 926694233939.dkr.ecr.eu-central-1.amazonaws.com/production_namespace/teapot/skipper:v0.21.204 args: - webhook - --address=:9085 @@ -422,7 +422,7 @@ write_files: value: {{ .Cluster.ConfigItems.apiserver_business_partner_ids }} {{ end }} - name: skipper-proxy - image: 926694233939.dkr.ecr.eu-central-1.amazonaws.com/production_namespace/teapot/skipper:v0.19.32 + image: 926694233939.dkr.ecr.eu-central-1.amazonaws.com/production_namespace/teapot/skipper:v0.21.204 args: - skipper - -access-log-strip-query @@ -473,7 +473,7 @@ write_files: name: ssl-certs-kubernetes readOnly: true - name: skipper-metrics - image: 926694233939.dkr.ecr.eu-central-1.amazonaws.com/production_namespace/teapot/skipper:v0.19.32 + image: 926694233939.dkr.ecr.eu-central-1.amazonaws.com/production_namespace/teapot/skipper:v0.21.204 args: - skipper - -access-log-strip-query From 8b37ba43447890c61b7f11ac3f91795bb205c2c6 Mon Sep 17 00:00:00 2001 From: Noor Malik Date: Mon, 23 Sep 2024 18:54:29 +0200 Subject: [PATCH 05/22] clean up the k8s dashboard completely --- README.rst | 2 +- cluster/config-defaults.yaml | 7 -- cluster/manifests/dashboard/deployment.yaml | 117 ------------------ cluster/manifests/dashboard/rbac.yaml | 111 ----------------- cluster/manifests/dashboard/scraper-vpa.yaml | 23 ---- cluster/manifests/dashboard/scraper.yaml | 78 ------------ cluster/manifests/dashboard/service.yaml | 18 --- cluster/manifests/deletions.yaml | 9 -- cluster/manifests/roles/readonly-binding.yaml | 25 ---- .../manifests/roles/readonly-dashboard.yaml | 12 -- docs/user-guide/kubernetes-cheat-sheet.svg | 2 +- 11 files changed, 2 insertions(+), 402 deletions(-) delete mode 100644 cluster/manifests/dashboard/deployment.yaml delete mode 100644 cluster/manifests/dashboard/rbac.yaml delete mode 100644 cluster/manifests/dashboard/scraper-vpa.yaml delete mode 100644 cluster/manifests/dashboard/scraper.yaml delete mode 100644 cluster/manifests/dashboard/service.yaml delete mode 100644 cluster/manifests/roles/readonly-dashboard.yaml diff --git a/README.rst b/README.rst index 844d254427..c1e8844c28 100644 --- a/README.rst +++ b/README.rst @@ -31,7 +31,7 @@ Features * Kubernetes DNS with node-local dnsmasq as daemonset and CoreDNS resolver for cluster.local domain running in the same pod. * Route53 DNS integration via `External DNS`_ * AWS IAM integration via kube2iam_, `AWS OIDC IAM`_ -* Standard components are installed: dashboard, node exporter, kube-state-metrics, see also `cluster/manifests`_ directory +* Standard components are installed: node exporter, kube-state-metrics, see also `cluster/manifests`_ directory * Webhook authentication and authorization (roles "ReadOnly", "PowerUser", "Manual", "Emergency", "Administrator") * Emergency Access via internal emergency-access-service, that grant roles "Manual" and "Emergency" with 4 eyes principle and audit logging * Log shipping via Scalyr diff --git a/cluster/config-defaults.yaml b/cluster/config-defaults.yaml index 0f2640c5e5..726f428ae4 100644 --- a/cluster/config-defaults.yaml +++ b/cluster/config-defaults.yaml @@ -454,13 +454,6 @@ prometheus_remote_max_backoff: "10s" # Comma-separated list of user ids allowed to access Prometheus UI prometheus_ui_users: "" -# dashboard metrics scraper resource limits -dashboard_metrics_scraper_cpu_min: "50m" -dashboard_metrics_scraper_mem_min: "200Mi" - -# config-item to toggle dashboard in a cluster -k8s_dashboard_enabled: "false" - metrics_service_cpu: "100m" metrics_service_mem_max: "4Gi" metrics_server_metric_resolution: "15s" diff --git a/cluster/manifests/dashboard/deployment.yaml b/cluster/manifests/dashboard/deployment.yaml deleted file mode 100644 index abd0af8f3c..0000000000 --- a/cluster/manifests/dashboard/deployment.yaml +++ /dev/null @@ -1,117 +0,0 @@ -{{ if eq .Cluster.ConfigItems.k8s_dashboard_enabled "true" }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: kubernetes-dashboard - namespace: kube-system - labels: - application: kubernetes - component: dashboard -spec: - replicas: 1 - selector: - matchLabels: - deployment: kubernetes-dashboard - template: - metadata: - labels: - application: kubernetes - component: dashboard - deployment: kubernetes-dashboard - annotations: - logging/destination: "{{.Cluster.ConfigItems.log_destination_infra}}" - spec: - dnsConfig: - options: - - name: ndots - value: "1" - serviceAccountName: kubernetes-dashboard - containers: - - name: kubernetes-dashboard - image: container-registry.zalando.net/teapot/kubernetes-dashboard:v2.4.0-master-17 - args: - - --insecure-bind-address=0.0.0.0 - resources: - limits: - cpu: 50m - memory: 400Mi - requests: - cpu: 50m - memory: 400Mi - ports: - - containerPort: 9090 - protocol: TCP - livenessProbe: - httpGet: - path: / - port: 9090 - initialDelaySeconds: 30 - timeoutSeconds: 30 - volumeMounts: - - name: kubernetes-dashboard-certs - mountPath: /certs - # Create on-disk volume to store exec logs - - mountPath: /tmp - name: tmp-volume - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - runAsUser: 1001 - runAsGroup: 2001 - volumes: - - name: kubernetes-dashboard-certs - secret: - secretName: kubernetes-dashboard-certs - - name: tmp-volume - emptyDir: {} - ---- - -apiVersion: v1 -kind: Secret -metadata: - name: kubernetes-dashboard-certs - namespace: kube-system - labels: - application: kubernetes - component: dashboard -type: Opaque - ---- - -apiVersion: v1 -kind: Secret -metadata: - name: kubernetes-dashboard-csrf - namespace: kube-system - labels: - application: kubernetes - component: dashboard -type: Opaque -data: - csrf: "" - ---- - -apiVersion: v1 -kind: Secret -metadata: - name: kubernetes-dashboard-key-holder - namespace: kube-system - labels: - application: kubernetes - component: dashboard -type: Opaque - ---- - -apiVersion: v1 -kind: ConfigMap -metadata: - name: kubernetes-dashboard-settings - namespace: kube-system - labels: - application: kubernetes - component: dashboard -{{ end }} diff --git a/cluster/manifests/dashboard/rbac.yaml b/cluster/manifests/dashboard/rbac.yaml deleted file mode 100644 index 497ed52972..0000000000 --- a/cluster/manifests/dashboard/rbac.yaml +++ /dev/null @@ -1,111 +0,0 @@ -{{ if eq .Cluster.ConfigItems.k8s_dashboard_enabled "true" }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: kubernetes-dashboard - namespace: kube-system - labels: - application: kubernetes - component: dashboard - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: kubernetes-dashboard - namespace: kube-system - labels: - application: kubernetes - component: dashboard -rules: -# Allow Dashboard to get, update and delete Dashboard exclusive secrets. -- apiGroups: [""] - resources: ["secrets"] - resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs", "kubernetes-dashboard-csrf"] - verbs: ["get", "update", "delete"] - # Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map. -- apiGroups: [""] - resources: ["configmaps"] - resourceNames: ["kubernetes-dashboard-settings"] - verbs: ["get", "update"] - # Allow Dashboard to get metrics. -- apiGroups: [""] - resources: ["services"] - resourceNames: ["dashboard-metrics-scraper"] - verbs: ["proxy"] -- apiGroups: [""] - resources: ["services/proxy"] - resourceNames: ["dashboard-metrics-scraper", "http:dashboard-metrics-scraper"] - verbs: ["get"] - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: kubernetes-dashboard - labels: - application: kubernetes - component: dashboard -rules: -# Allow Metrics Scraper to get metrics from the Metrics server -- apiGroups: ["metrics.k8s.io"] - resources: ["pods", "nodes"] - verbs: ["get", "list", "watch"] - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: kubernetes-dashboard - namespace: kube-system - labels: - application: kubernetes - component: dashboard -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: kubernetes-dashboard -subjects: -- kind: ServiceAccount - name: kubernetes-dashboard - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: kubernetes-dashboard-internal - labels: - application: kubernetes - component: dashboard -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: kubernetes-dashboard -subjects: -- kind: ServiceAccount - name: kubernetes-dashboard - namespace: kube-system - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: kubernetes-dashboard-readonly - labels: - application: kubernetes - component: dashboard -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: readonly -subjects: -- kind: ServiceAccount - name: kubernetes-dashboard - namespace: kube-system -{{ end }} diff --git a/cluster/manifests/dashboard/scraper-vpa.yaml b/cluster/manifests/dashboard/scraper-vpa.yaml deleted file mode 100644 index 0499a15958..0000000000 --- a/cluster/manifests/dashboard/scraper-vpa.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{ if eq .Cluster.ConfigItems.k8s_dashboard_enabled "true" }} -apiVersion: autoscaling.k8s.io/v1 -kind: VerticalPodAutoscaler -metadata: - name: dashboard-metrics-scraper-vpa - namespace: kube-system - labels: - application: kubernetes - component: dashboard-metrics-scraper -spec: - targetRef: - apiVersion: apps/v1 - kind: Deployment - name: dashboard-metrics-scraper - updatePolicy: - updateMode: Auto - resourcePolicy: - containerPolicies: - - containerName: dashboard-metrics-scraper - minAllowed: - memory: {{ .Cluster.ConfigItems.dashboard_metrics_scraper_mem_min }} - cpu: {{ .Cluster.ConfigItems.dashboard_metrics_scraper_cpu_min }} -{{ end }} diff --git a/cluster/manifests/dashboard/scraper.yaml b/cluster/manifests/dashboard/scraper.yaml deleted file mode 100644 index 145b0fe9b9..0000000000 --- a/cluster/manifests/dashboard/scraper.yaml +++ /dev/null @@ -1,78 +0,0 @@ -{{ if eq .Cluster.ConfigItems.k8s_dashboard_enabled "true" }} -apiVersion: v1 -kind: Service -metadata: - name: dashboard-metrics-scraper - namespace: kube-system - labels: - application: kubernetes - component: dashboard-metrics-scraper -spec: - selector: - application: kubernetes - component: dashboard-metrics-scraper - ports: - - port: 8000 - targetPort: 8000 - protocol: TCP - ---- - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: dashboard-metrics-scraper - namespace: kube-system - labels: - application: kubernetes - component: dashboard-metrics-scraper -spec: - replicas: 1 - selector: - matchLabels: - deployment: dashboard-metrics-scraper - template: - metadata: - labels: - application: kubernetes - component: dashboard-metrics-scraper - deployment: dashboard-metrics-scraper - annotations: - logging/destination: "{{.Cluster.ConfigItems.log_destination_infra}}" - spec: - serviceAccountName: kubernetes-dashboard - containers: - - name: dashboard-metrics-scraper - image: container-registry.zalando.net/teapot/metrics-scraper:v1.0.7-master-17 - resources: - limits: - cpu: 50m - memory: 200Mi - requests: - cpu: 50m - memory: 200Mi - ports: - - containerPort: 8000 - protocol: TCP - livenessProbe: - httpGet: - scheme: HTTP - path: / - port: 8000 - initialDelaySeconds: 30 - timeoutSeconds: 30 - volumeMounts: - - mountPath: /tmp - name: tmp-volume - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - runAsUser: 1001 - runAsGroup: 2001 - securityContext: - fsGroup: 2001 - volumes: - - name: tmp-volume - emptyDir: {} -{{ end }} diff --git a/cluster/manifests/dashboard/service.yaml b/cluster/manifests/dashboard/service.yaml deleted file mode 100644 index f1c582fe51..0000000000 --- a/cluster/manifests/dashboard/service.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{ if eq .Cluster.ConfigItems.k8s_dashboard_enabled "true" }} -apiVersion: v1 -kind: Service -metadata: - name: kubernetes-dashboard - namespace: kube-system - labels: - application: kubernetes - component: dashboard - kubernetes.io/cluster-service: "true" -spec: - selector: - deployment: kubernetes-dashboard - ports: - - port: 80 - targetPort: 9090 - protocol: TCP -{{ end }} diff --git a/cluster/manifests/deletions.yaml b/cluster/manifests/deletions.yaml index 2a224a70fd..066e845733 100644 --- a/cluster/manifests/deletions.yaml +++ b/cluster/manifests/deletions.yaml @@ -295,12 +295,3 @@ post_apply: - name: deployment-service-status-service kind: Ingress namespace: kube-system - -{{ if ne .Cluster.ConfigItems.k8s_dashboard_enabled "true" }} -- name: readonly-dashboard - kind: Role - namespace: kube-system -- name: readonly-dashboard - kind: RoleBinding - namespace: kube-system -{{ end }} diff --git a/cluster/manifests/roles/readonly-binding.yaml b/cluster/manifests/roles/readonly-binding.yaml index 4000a6b5ba..e69f445316 100644 --- a/cluster/manifests/roles/readonly-binding.yaml +++ b/cluster/manifests/roles/readonly-binding.yaml @@ -19,31 +19,6 @@ subjects: - kind: Group name: "okta:common/read-only" apiGroup: rbac.authorization.k8s.io -{{ if ne .Cluster.ConfigItems.k8s_dashboard_enabled "true" }} ---- -kind: RoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: readonly-dashboard - namespace: kube-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: readonly-dashboard -subjects: - - kind: Group - name: ReadOnly - apiGroup: rbac.authorization.k8s.io - - kind: Group - name: "okta:common/engineer" - apiGroup: rbac.authorization.k8s.io - - kind: Group - name: "okta:common/collaborator" - apiGroup: rbac.authorization.k8s.io - - kind: Group - name: "okta:common/read-only" - apiGroup: rbac.authorization.k8s.io -{{ end }} --- kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 diff --git a/cluster/manifests/roles/readonly-dashboard.yaml b/cluster/manifests/roles/readonly-dashboard.yaml deleted file mode 100644 index c85576295d..0000000000 --- a/cluster/manifests/roles/readonly-dashboard.yaml +++ /dev/null @@ -1,12 +0,0 @@ -{{ if ne .Cluster.ConfigItems.k8s_dashboard_enabled "true" }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: readonly-dashboard - namespace: kube-system -rules: - - apiGroups: [ "" ] - resources: [ "services/proxy" ] - verbs: [ "get" ] - resourceNames: [ "kubernetes-dashboard" ] -{{ end }} diff --git a/docs/user-guide/kubernetes-cheat-sheet.svg b/docs/user-guide/kubernetes-cheat-sheet.svg index ddf4461512..034d8c8242 100644 --- a/docs/user-guide/kubernetes-cheat-sheet.svg +++ b/docs/user-guide/kubernetes-cheat-sheet.svg @@ -1186,7 +1186,7 @@ id="tspan10403" x="479.26886" y="339.45703" - style="font-style:oblique;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:9px;line-height:1.25;font-family:Purisa;-inkscape-font-specification:'Purisa Bold Oblique';fill:#646464;fill-opacity:1">open Kubernetes Dashboard in browser + style="font-style:oblique;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:9px;line-height:1.25;font-family:Purisa;-inkscape-font-specification:'Purisa Bold Oblique';fill:#646464;fill-opacity:1">open kube-web-view Dashboard in browser Date: Mon, 23 Sep 2024 19:32:51 +0200 Subject: [PATCH 06/22] nvidia-dcgm-exporter: Update to version v3.3.6-3.4.2-ubuntu22.04-master-14 Update container-registry.zalando.net/teapot/nvidia-dcgm-exporter to version v3.3.6-3.4.2-ubuntu22.04-master-14 --- cluster/manifests/nvidia/nvidia-gpu-device-plugin.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster/manifests/nvidia/nvidia-gpu-device-plugin.yaml b/cluster/manifests/nvidia/nvidia-gpu-device-plugin.yaml index 0450d3e774..f730d39a3d 100644 --- a/cluster/manifests/nvidia/nvidia-gpu-device-plugin.yaml +++ b/cluster/manifests/nvidia/nvidia-gpu-device-plugin.yaml @@ -80,7 +80,7 @@ spec: mountPath: /var/lib/kubelet/device-plugins {{- if eq .Cluster.ConfigItems.nvidia_dcgm_exporter_enabled "true" }} - name: dcgm-exporter - image: container-registry.zalando.net/teapot/nvidia-dcgm-exporter:v3.3.6-3.4.2-ubuntu22.04-master-12 + image: container-registry.zalando.net/teapot/nvidia-dcgm-exporter:v3.3.6-3.4.2-ubuntu22.04-master-14 args: - --kubernetes - --address=:9400 From 8fad61735e61723682dd416fde0cc794b48adf16 Mon Sep 17 00:00:00 2001 From: 418 I'm a teapot Date: Mon, 23 Sep 2024 19:42:35 +0200 Subject: [PATCH 07/22] kube-metrics-adapter: Update to version kube-metrics-adapter-0.2.3-24-gb371621 Update container-registry.zalando.net/teapot/kube-metrics-adapter to version kube-metrics-adapter-0.2.3-24-gb371621 --- cluster/manifests/kube-metrics-adapter/deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster/manifests/kube-metrics-adapter/deployment.yaml b/cluster/manifests/kube-metrics-adapter/deployment.yaml index 7a6c29546b..d53c018b3a 100644 --- a/cluster/manifests/kube-metrics-adapter/deployment.yaml +++ b/cluster/manifests/kube-metrics-adapter/deployment.yaml @@ -27,7 +27,7 @@ spec: serviceAccountName: custom-metrics-apiserver containers: - name: kube-metrics-adapter - image: container-registry.zalando.net/teapot/kube-metrics-adapter:kube-metrics-adapter-0.2.3-21-g527a5fc + image: container-registry.zalando.net/teapot/kube-metrics-adapter:kube-metrics-adapter-0.2.3-24-gb371621 env: - name: AWS_REGION value: {{ .Cluster.Region }} From 0bde22486aba26de8a39bd5fc3b5036ed97528c4 Mon Sep 17 00:00:00 2001 From: 418 I'm a teapot Date: Tue, 24 Sep 2024 10:01:35 +0200 Subject: [PATCH 08/22] aws-cloud-controller-manager-internal: Update to version v1.31.0-master-128 Update container-registry.zalando.net/teapot/aws-cloud-controller-manager-internal to version v1.31.0-master-128 --- cluster/manifests/aws-cloud-controller-manager/daemonset.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster/manifests/aws-cloud-controller-manager/daemonset.yaml b/cluster/manifests/aws-cloud-controller-manager/daemonset.yaml index ae91f2c940..fb5566a5d7 100644 --- a/cluster/manifests/aws-cloud-controller-manager/daemonset.yaml +++ b/cluster/manifests/aws-cloud-controller-manager/daemonset.yaml @@ -27,7 +27,7 @@ spec: - --cloud-provider=aws - --use-service-account-credentials=true - --configure-cloud-routes=false - image: container-registry.zalando.net/teapot/aws-cloud-controller-manager-internal:v1.30.2-master-127 + image: container-registry.zalando.net/teapot/aws-cloud-controller-manager-internal:v1.31.0-master-128 name: aws-cloud-controller-manager resources: requests: From 1e6cf7d951a226c45bdabaa316b5ba0c295975e4 Mon Sep 17 00:00:00 2001 From: 418 I'm a teapot Date: Tue, 24 Sep 2024 16:15:15 +0200 Subject: [PATCH 09/22] skipper: Update to version v0.21.205 Update 926694233939.dkr.ecr.eu-central-1.amazonaws.com/production_namespace/teapot/skipper to version v0.21.205 --- cluster/node-pools/master-default/userdata.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/cluster/node-pools/master-default/userdata.yaml b/cluster/node-pools/master-default/userdata.yaml index 7a9822e87a..1c31bd355f 100644 --- a/cluster/node-pools/master-default/userdata.yaml +++ b/cluster/node-pools/master-default/userdata.yaml @@ -247,7 +247,7 @@ write_files: name: admission-controller-kubeconfig readOnly: true - name: skipper-admission-webhook - image: 926694233939.dkr.ecr.eu-central-1.amazonaws.com/production_namespace/teapot/skipper:v0.21.204 + image: 926694233939.dkr.ecr.eu-central-1.amazonaws.com/production_namespace/teapot/skipper:v0.21.205 args: - webhook - --address=:9085 @@ -422,7 +422,7 @@ write_files: value: {{ .Cluster.ConfigItems.apiserver_business_partner_ids }} {{ end }} - name: skipper-proxy - image: 926694233939.dkr.ecr.eu-central-1.amazonaws.com/production_namespace/teapot/skipper:v0.21.204 + image: 926694233939.dkr.ecr.eu-central-1.amazonaws.com/production_namespace/teapot/skipper:v0.21.205 args: - skipper - -access-log-strip-query @@ -473,7 +473,7 @@ write_files: name: ssl-certs-kubernetes readOnly: true - name: skipper-metrics - image: 926694233939.dkr.ecr.eu-central-1.amazonaws.com/production_namespace/teapot/skipper:v0.21.204 + image: 926694233939.dkr.ecr.eu-central-1.amazonaws.com/production_namespace/teapot/skipper:v0.21.205 args: - skipper - -access-log-strip-query From aa3fd6fac899d26d27a487e0ca09bebad19ff73e Mon Sep 17 00:00:00 2001 From: 418 I'm a teapot Date: Tue, 24 Sep 2024 19:24:45 +0200 Subject: [PATCH 10/22] skipper: Update to version v0.21.206 Update 926694233939.dkr.ecr.eu-central-1.amazonaws.com/production_namespace/teapot/skipper to version v0.21.206 --- cluster/node-pools/master-default/userdata.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/cluster/node-pools/master-default/userdata.yaml b/cluster/node-pools/master-default/userdata.yaml index 1c31bd355f..a8b332cd30 100644 --- a/cluster/node-pools/master-default/userdata.yaml +++ b/cluster/node-pools/master-default/userdata.yaml @@ -247,7 +247,7 @@ write_files: name: admission-controller-kubeconfig readOnly: true - name: skipper-admission-webhook - image: 926694233939.dkr.ecr.eu-central-1.amazonaws.com/production_namespace/teapot/skipper:v0.21.205 + image: 926694233939.dkr.ecr.eu-central-1.amazonaws.com/production_namespace/teapot/skipper:v0.21.206 args: - webhook - --address=:9085 @@ -422,7 +422,7 @@ write_files: value: {{ .Cluster.ConfigItems.apiserver_business_partner_ids }} {{ end }} - name: skipper-proxy - image: 926694233939.dkr.ecr.eu-central-1.amazonaws.com/production_namespace/teapot/skipper:v0.21.205 + image: 926694233939.dkr.ecr.eu-central-1.amazonaws.com/production_namespace/teapot/skipper:v0.21.206 args: - skipper - -access-log-strip-query @@ -473,7 +473,7 @@ write_files: name: ssl-certs-kubernetes readOnly: true - name: skipper-metrics - image: 926694233939.dkr.ecr.eu-central-1.amazonaws.com/production_namespace/teapot/skipper:v0.21.205 + image: 926694233939.dkr.ecr.eu-central-1.amazonaws.com/production_namespace/teapot/skipper:v0.21.206 args: - skipper - -access-log-strip-query From eb9fa6e864daee295ffda342c2b7f0357074577c Mon Sep 17 00:00:00 2001 From: 418 I'm a teapot Date: Wed, 25 Sep 2024 09:26:35 +0200 Subject: [PATCH 11/22] skipper: Update to version v0.21.207 Update 926694233939.dkr.ecr.eu-central-1.amazonaws.com/production_namespace/teapot/skipper to version v0.21.207 --- cluster/node-pools/master-default/userdata.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/cluster/node-pools/master-default/userdata.yaml b/cluster/node-pools/master-default/userdata.yaml index a8b332cd30..a8bed37b7d 100644 --- a/cluster/node-pools/master-default/userdata.yaml +++ b/cluster/node-pools/master-default/userdata.yaml @@ -247,7 +247,7 @@ write_files: name: admission-controller-kubeconfig readOnly: true - name: skipper-admission-webhook - image: 926694233939.dkr.ecr.eu-central-1.amazonaws.com/production_namespace/teapot/skipper:v0.21.206 + image: 926694233939.dkr.ecr.eu-central-1.amazonaws.com/production_namespace/teapot/skipper:v0.21.207 args: - webhook - --address=:9085 @@ -422,7 +422,7 @@ write_files: value: {{ .Cluster.ConfigItems.apiserver_business_partner_ids }} {{ end }} - name: skipper-proxy - image: 926694233939.dkr.ecr.eu-central-1.amazonaws.com/production_namespace/teapot/skipper:v0.21.206 + image: 926694233939.dkr.ecr.eu-central-1.amazonaws.com/production_namespace/teapot/skipper:v0.21.207 args: - skipper - -access-log-strip-query @@ -473,7 +473,7 @@ write_files: name: ssl-certs-kubernetes readOnly: true - name: skipper-metrics - image: 926694233939.dkr.ecr.eu-central-1.amazonaws.com/production_namespace/teapot/skipper:v0.21.206 + image: 926694233939.dkr.ecr.eu-central-1.amazonaws.com/production_namespace/teapot/skipper:v0.21.207 args: - skipper - -access-log-strip-query From f9561b8277482597b841d6ef764d9e2a8c437f49 Mon Sep 17 00:00:00 2001 From: 418 I'm a teapot Date: Wed, 25 Sep 2024 10:15:08 +0200 Subject: [PATCH 12/22] skipper: Update to version v0.21.208 Update 926694233939.dkr.ecr.eu-central-1.amazonaws.com/production_namespace/teapot/skipper to version v0.21.208 --- cluster/node-pools/master-default/userdata.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/cluster/node-pools/master-default/userdata.yaml b/cluster/node-pools/master-default/userdata.yaml index a8bed37b7d..22fb9ab132 100644 --- a/cluster/node-pools/master-default/userdata.yaml +++ b/cluster/node-pools/master-default/userdata.yaml @@ -247,7 +247,7 @@ write_files: name: admission-controller-kubeconfig readOnly: true - name: skipper-admission-webhook - image: 926694233939.dkr.ecr.eu-central-1.amazonaws.com/production_namespace/teapot/skipper:v0.21.207 + image: 926694233939.dkr.ecr.eu-central-1.amazonaws.com/production_namespace/teapot/skipper:v0.21.208 args: - webhook - --address=:9085 @@ -422,7 +422,7 @@ write_files: value: {{ .Cluster.ConfigItems.apiserver_business_partner_ids }} {{ end }} - name: skipper-proxy - image: 926694233939.dkr.ecr.eu-central-1.amazonaws.com/production_namespace/teapot/skipper:v0.21.207 + image: 926694233939.dkr.ecr.eu-central-1.amazonaws.com/production_namespace/teapot/skipper:v0.21.208 args: - skipper - -access-log-strip-query @@ -473,7 +473,7 @@ write_files: name: ssl-certs-kubernetes readOnly: true - name: skipper-metrics - image: 926694233939.dkr.ecr.eu-central-1.amazonaws.com/production_namespace/teapot/skipper:v0.21.207 + image: 926694233939.dkr.ecr.eu-central-1.amazonaws.com/production_namespace/teapot/skipper:v0.21.208 args: - skipper - -access-log-strip-query From 314c38ad996b32905b985d8f7ca9e0bc7996a8e6 Mon Sep 17 00:00:00 2001 From: 418 I'm a teapot Date: Wed, 25 Sep 2024 11:11:59 +0200 Subject: [PATCH 13/22] cronjob-fixer: Update to version master-18 Update container-registry.zalando.net/teapot/cronjob-fixer to version master-18 --- cluster/manifests/cronjob-fixer/deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster/manifests/cronjob-fixer/deployment.yaml b/cluster/manifests/cronjob-fixer/deployment.yaml index 1b6b933b99..e17390029e 100644 --- a/cluster/manifests/cronjob-fixer/deployment.yaml +++ b/cluster/manifests/cronjob-fixer/deployment.yaml @@ -27,7 +27,7 @@ spec: serviceAccountName: cronjob-fixer containers: - name: cronjob-fixer - image: "container-registry.zalando.net/teapot/cronjob-fixer:master-17" + image: "container-registry.zalando.net/teapot/cronjob-fixer:master-18" resources: limits: cpu: 5m From 148e957ead3641fd04e323575be222aabe775fb1 Mon Sep 17 00:00:00 2001 From: 418 I'm a teapot Date: Wed, 25 Sep 2024 11:13:15 +0200 Subject: [PATCH 14/22] kubelet-summary-metrics: Update to version main-8 Update container-registry.zalando.net/teapot/kubelet-summary-metrics to version main-8 --- cluster/manifests/kubelet-summary-metrics/deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster/manifests/kubelet-summary-metrics/deployment.yaml b/cluster/manifests/kubelet-summary-metrics/deployment.yaml index 174541b476..5187358e4f 100644 --- a/cluster/manifests/kubelet-summary-metrics/deployment.yaml +++ b/cluster/manifests/kubelet-summary-metrics/deployment.yaml @@ -27,7 +27,7 @@ spec: serviceAccountName: kubelet-summary-metrics containers: - name: proxy - image: container-registry.zalando.net/teapot/kubelet-summary-metrics:main-7 + image: container-registry.zalando.net/teapot/kubelet-summary-metrics:main-8 resources: limits: cpu: "{{.Cluster.ConfigItems.kubelet_summary_metrics_cpu}}" From 8fe018e20349fb136de900a967adc1298115125a Mon Sep 17 00:00:00 2001 From: 418 I'm a teapot Date: Wed, 25 Sep 2024 14:43:09 +0200 Subject: [PATCH 15/22] pod-deletion-cost-controller: Update to version main-28 Update container-registry.zalando.net/gwproxy/pod-deletion-cost-controller to version main-28 --- cluster/manifests/skipper/pod-deletion-cost-controller.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster/manifests/skipper/pod-deletion-cost-controller.yaml b/cluster/manifests/skipper/pod-deletion-cost-controller.yaml index 3944affac3..5afa1de279 100644 --- a/cluster/manifests/skipper/pod-deletion-cost-controller.yaml +++ b/cluster/manifests/skipper/pod-deletion-cost-controller.yaml @@ -35,7 +35,7 @@ spec: - -resync - -resync-interval={{ .Cluster.ConfigItems.skipper_pod_deletion_cost_controller_resync_interval }} # {{ end }} - image: container-registry.zalando.net/gwproxy/pod-deletion-cost-controller:main-27 + image: container-registry.zalando.net/gwproxy/pod-deletion-cost-controller:main-28 name: pod-deletion-cost-controller terminationMessagePolicy: FallbackToLogsOnError ports: From e6806e53ce885b3b6cae682b032d43026ed587d1 Mon Sep 17 00:00:00 2001 From: Alexander Yastrebov Date: Wed, 25 Sep 2024 12:33:30 +0200 Subject: [PATCH 16/22] skipper: automate canary version update Define canary image variable to enable automatic updates by image-updater-bot. Signed-off-by: Alexander Yastrebov --- cluster/manifests/skipper/deployment.yaml | 27 +++++++++++++---------- 1 file changed, 15 insertions(+), 12 deletions(-) diff --git a/cluster/manifests/skipper/deployment.yaml b/cluster/manifests/skipper/deployment.yaml index b3643c0ad9..67de7c527c 100644 --- a/cluster/manifests/skipper/deployment.yaml +++ b/cluster/manifests/skipper/deployment.yaml @@ -1,12 +1,15 @@ -{{ $internal_version := "v0.21.198-1017" }} -{{ $canary_internal_version := "v0.21.198-1017" }} +{{/* image-updater-bot detects *image variables so use __ suffux to disable it for main image */}} + +{{ $main_image__ := "container-registry.zalando.net/teapot/skipper-internal:v0.21.198-1017" }} +{{ $canary_image := "container-registry.zalando.net/teapot/skipper-internal:v0.21.198-1017" }} + {{/* Optional canary arguments separated by "[cf724afc]" to allow whitespaces, e.g. "-foo=has a whitespace[cf724afc]-baz=qux" */}} {{ $canary_args := "" }} {{ template "skipper-ingress" dict "name" "skipper-ingress" - "internal_version" $internal_version + "image" $main_image__ "Cluster" .Cluster "Values" .Values @@ -15,7 +18,7 @@ {{ if eq .Cluster.ConfigItems.skipper_ingress_canary_enabled "true" }} {{ template "skipper-ingress" dict "name" "skipper-ingress-canary" - "internal_version" $canary_internal_version + "image" $canary_image "replicas" 1 "args" $canary_args @@ -25,7 +28,7 @@ {{ end }} {{ define "skipper-ingress" }} -{{ $version := index (split .internal_version "-") 0 }} +{{ $version := index (split (index (split .image ":") 1) "-") 0 }} --- apiVersion: apps/v1 kind: Deployment @@ -85,7 +88,7 @@ spec: hostNetwork: true containers: - name: skipper-ingress - image: container-registry.zalando.net/teapot/skipper-internal:{{ .internal_version }} + image: "{{ .image }}" terminationMessagePolicy: FallbackToLogsOnError ports: - name: ingress-port @@ -225,7 +228,7 @@ spec: tag=application=skipper-ingress tag=account={{ .Cluster.Alias }} tag=cluster={{ .Cluster.Alias }} - tag=artifact=container-registry.zalando.net/teapot/skipper-internal:{{ .internal_version }} + tag=artifact={{ .image }} max-buffered-spans={{ .Cluster.ConfigItems.skipper_ingress_tracing_buffer }} grpc-max-msg-size={{ .Cluster.ConfigItems.skipper_ingress_lightstep_grpc_max_msg_size }} max-period={{ .Cluster.ConfigItems.skipper_ingress_lightstep_max_period }} @@ -444,7 +447,7 @@ spec: {{ end }} {{ if ne .Cluster.ConfigItems.skipper_routesrv_enabled "false" }} -{{ $version := index (split $internal_version "-") 0 }} +{{ $main_version := index (split (index (split $main_image__ ":") 1) "-") 0 }} --- apiVersion: apps/v1 kind: Deployment @@ -453,7 +456,7 @@ metadata: namespace: kube-system labels: application: skipper-ingress - version: {{ $version }} + version: "{{ $main_version }}" component: routesrv spec: strategy: @@ -469,7 +472,7 @@ spec: labels: deployment: skipper-ingress-routesrv application: skipper-ingress - version: {{ $version }} + version: "{{ $main_version }}" component: routesrv annotations: config/hash: {{"secret.yaml" | manifestHash}} @@ -513,7 +516,7 @@ spec: {{- end }} containers: - name: routesrv - image: container-registry.zalando.net/teapot/skipper:{{ $version }} + image: container-registry.zalando.net/teapot/skipper:{{ $main_version }} terminationMessagePolicy: FallbackToLogsOnError ports: - name: ingress-port @@ -567,7 +570,7 @@ spec: tag=component=routesrv tag=account={{ .Cluster.Alias }} tag=cluster={{ .Cluster.Alias }} - tag=artifact=container-registry.zalando.net/teapot/skipper:{{ $version }} + tag=artifact=container-registry.zalando.net/teapot/skipper:{{ $main_version }} max-buffered-spans={{ .Cluster.ConfigItems.skipper_ingress_tracing_buffer }} grpc-max-msg-size={{ .Cluster.ConfigItems.skipper_ingress_lightstep_grpc_max_msg_size }} max-period=2500ms From c65d6049f6ac180f0c832a6d698640c83c0ff533 Mon Sep 17 00:00:00 2001 From: Mustafa Abdelrahman Date: Wed, 25 Sep 2024 15:05:16 +0200 Subject: [PATCH 17/22] skipper-canary: update logs destination provide pod name as env variable Signed-off-by: Mustafa Abdelrahman --- .../skipper-canary-controller/canary-cronjob.yaml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/cluster/manifests/skipper-canary-controller/canary-cronjob.yaml b/cluster/manifests/skipper-canary-controller/canary-cronjob.yaml index e5a7eb3f52..85cb382a4d 100644 --- a/cluster/manifests/skipper-canary-controller/canary-cronjob.yaml +++ b/cluster/manifests/skipper-canary-controller/canary-cronjob.yaml @@ -18,6 +18,10 @@ spec: labels: application: skipper-ingress component: canary + annotations: + kubernetes-log-watcher/scalyr-parser: | + [{"container": "controller", "parser": "keyValue"}] + logging/destination: "{{ .Cluster.ConfigItems.log_destination_both }}" spec: serviceAccountName: skipper-canary-controller # Make sure the job run only once @@ -27,6 +31,10 @@ spec: terminationMessagePolicy: FallbackToLogsOnError image: container-registry.zalando.net/gwproxy/skipper-canary-controller:main-22 env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name - name: _PLATFORM_OBSERVABILITY_ACCESS_TOKEN valueFrom: secretKeyRef: From 9760e315639acca2a2264f03fd18779c7f8f9701 Mon Sep 17 00:00:00 2001 From: 418 I'm a teapot Date: Wed, 25 Sep 2024 15:13:03 +0200 Subject: [PATCH 18/22] skipper-canary-controller: Update to version main-23 Update container-registry.zalando.net/gwproxy/skipper-canary-controller to version main-23 --- cluster/manifests/skipper-canary-controller/canary-cronjob.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster/manifests/skipper-canary-controller/canary-cronjob.yaml b/cluster/manifests/skipper-canary-controller/canary-cronjob.yaml index e5a7eb3f52..b481931b05 100644 --- a/cluster/manifests/skipper-canary-controller/canary-cronjob.yaml +++ b/cluster/manifests/skipper-canary-controller/canary-cronjob.yaml @@ -25,7 +25,7 @@ spec: containers: - name: skipper-canary-controller terminationMessagePolicy: FallbackToLogsOnError - image: container-registry.zalando.net/gwproxy/skipper-canary-controller:main-22 + image: container-registry.zalando.net/gwproxy/skipper-canary-controller:main-23 env: - name: _PLATFORM_OBSERVABILITY_ACCESS_TOKEN valueFrom: From 12484a167aa7559a4045cf6f2783d9fcd35b902f Mon Sep 17 00:00:00 2001 From: Mustafa Abdelrahman Date: Wed, 25 Sep 2024 16:50:54 +0200 Subject: [PATCH 19/22] skipper-canary: fix cronjob annotations identation follow up on https://github.com/zalando-incubator/kubernetes-on-aws/pull/8200 Signed-off-by: Mustafa Abdelrahman --- .../manifests/skipper-canary-controller/canary-cronjob.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/cluster/manifests/skipper-canary-controller/canary-cronjob.yaml b/cluster/manifests/skipper-canary-controller/canary-cronjob.yaml index 85cb382a4d..2aad8d5c35 100644 --- a/cluster/manifests/skipper-canary-controller/canary-cronjob.yaml +++ b/cluster/manifests/skipper-canary-controller/canary-cronjob.yaml @@ -18,10 +18,10 @@ spec: labels: application: skipper-ingress component: canary - annotations: - kubernetes-log-watcher/scalyr-parser: | + annotations: + kubernetes-log-watcher/scalyr-parser: | [{"container": "controller", "parser": "keyValue"}] - logging/destination: "{{ .Cluster.ConfigItems.log_destination_both }}" + logging/destination: "{{ .Cluster.ConfigItems.log_destination_both }}" spec: serviceAccountName: skipper-canary-controller # Make sure the job run only once From 40ebbfb4fbe5f8731045a4f4a9bf173e98f0b16d Mon Sep 17 00:00:00 2001 From: 418 I'm a teapot Date: Thu, 26 Sep 2024 09:32:24 +0200 Subject: [PATCH 20/22] prometheus: Update to version v2.54.1-master-58 Update container-registry.zalando.net/teapot/prometheus to version v2.54.1-master-58 --- cluster/manifests/kubenurse/prometheus.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster/manifests/kubenurse/prometheus.yaml b/cluster/manifests/kubenurse/prometheus.yaml index 307c3a4b02..c608d2dc83 100644 --- a/cluster/manifests/kubenurse/prometheus.yaml +++ b/cluster/manifests/kubenurse/prometheus.yaml @@ -37,7 +37,7 @@ spec: value: "1" containers: - name: prometheus - image: container-registry.zalando.net/teapot/prometheus:v2.53.1-master-57 + image: container-registry.zalando.net/teapot/prometheus:v2.54.1-master-58 args: - "--config.file=/etc/prometheus/prometheus.yml" - "--storage.tsdb.path=/prometheus/" From 68e22941c70410d1e0c3f4c3862199eb2228cc32 Mon Sep 17 00:00:00 2001 From: 418 I'm a teapot Date: Mon, 23 Sep 2024 16:35:39 +0200 Subject: [PATCH 21/22] platform-iam-tokeninfo: Update to version master-124 Update 926694233939.dkr.ecr.eu-central-1.amazonaws.com/production_namespace/foundation/platform-iam-tokeninfo to version master-124 --- cluster/node-pools/master-default/userdata.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cluster/node-pools/master-default/userdata.yaml b/cluster/node-pools/master-default/userdata.yaml index be3ba5656d..5aac583abe 100644 --- a/cluster/node-pools/master-default/userdata.yaml +++ b/cluster/node-pools/master-default/userdata.yaml @@ -357,7 +357,7 @@ write_files: - mountPath: /etc/kubernetes/k8s-authnz-webhook-kubeconfig name: k8s-authnz-webhook-kubeconfig readOnly: true - - image: 926694233939.dkr.ecr.eu-central-1.amazonaws.com/production_namespace/foundation/platform-iam-tokeninfo:master-113 + - image: 926694233939.dkr.ecr.eu-central-1.amazonaws.com/production_namespace/foundation/platform-iam-tokeninfo:master-124 name: tokeninfo ports: - containerPort: 9021 @@ -388,7 +388,7 @@ write_files: value: {{ .Cluster.ConfigItems.apiserver_business_partner_ids }} {{ if ne .Cluster.Environment "production" }} - name: tokeninfo-sandbox - image: 926694233939.dkr.ecr.eu-central-1.amazonaws.com/production_namespace/foundation/platform-iam-tokeninfo:master-113 + image: 926694233939.dkr.ecr.eu-central-1.amazonaws.com/production_namespace/foundation/platform-iam-tokeninfo:master-124 ports: - containerPort: 9022 lifecycle: From b84536c71333bd304db4de1e0d21b5936fecf856 Mon Sep 17 00:00:00 2001 From: Mikkel Oscar Lyderik Larsen Date: Thu, 26 Sep 2024 10:31:21 +0200 Subject: [PATCH 22/22] Configure listener address for sandbox-tokeninfo Signed-off-by: Mikkel Oscar Lyderik Larsen --- cluster/node-pools/master-default/userdata.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/cluster/node-pools/master-default/userdata.yaml b/cluster/node-pools/master-default/userdata.yaml index 5aac583abe..ac64c92e6c 100644 --- a/cluster/node-pools/master-default/userdata.yaml +++ b/cluster/node-pools/master-default/userdata.yaml @@ -418,6 +418,8 @@ write_files: value: "https://sandbox.identity.zalando.com" - name: LISTEN_ADDRESS value: ":9022" + - name: METRICS_LISTEN_ADDRESS + value: ":9023" - name: BUSINESS_PARTNERS value: {{ .Cluster.ConfigItems.apiserver_business_partner_ids }} {{ end }}