Merge pull request #1017 from flanksource/feature/upgrade-eck

feat: update eck operator version to 2.1.0
flanksource · Jun 7, 2022 · 02918e6 · 02918e6
2 parents b120537 + c94ef10
commit 02918e6
Show file tree

Hide file tree

Showing 10 changed files with 412 additions and 157 deletions.
diff --git a/.github/workflows/kind.yml b/.github/workflows/kind.yml
@@ -142,7 +142,7 @@ jobs:
         with:
           if-no-files-found: ignore
           name: snapshot-${{matrix.k8s}}-${{matrix.suite}}
-          path: artifacts/snapshot.zip
+          path: artifacts/snapshot
       - name: Generate Kind logs
         if: ${{ env.FILE_CHANGES_TO_CORE_ARTIFACTS == 'true' && failure() }}
         run: kind export logs --name=kind-${{matrix.suite}}-${{matrix.k8s}} artifacts/kind-logs

diff --git a/manifests/crd/eck.yaml b/manifests/crd/eck.yaml
diff --git a/manifests/eck.yaml b/manifests/eck.yaml
@@ -10,7 +10,7 @@ apiVersion: v1
 kind: ServiceAccount
 metadata:
   labels:
-    app.kubernetes.io/version: 1.9.1
+    app.kubernetes.io/version: 2.1.0
     control-plane: elastic-operator
   name: elastic-operator
   namespace: elastic-system
@@ -19,7 +19,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
   labels:
-    app.kubernetes.io/version: 1.9.1
+    app.kubernetes.io/version: 2.1.0
     control-plane: elastic-operator
   name: elastic-operator
 rules:
@@ -191,12 +191,20 @@ rules:
   - update
   - patch
   - delete
+- apiGroups:
+  - ""
+  resources:
+  - nodes
+  verbs:
+  - get
+  - list
+  - watch
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
   labels:
-    app.kubernetes.io/version: 1.9.1
+    app.kubernetes.io/version: 2.1.0
     control-plane: elastic-operator
     rbac.authorization.k8s.io/aggregate-to-admin: "true"
     rbac.authorization.k8s.io/aggregate-to-edit: "true"
@@ -277,7 +285,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
   labels:
-    app.kubernetes.io/version: 1.9.1
+    app.kubernetes.io/version: 2.1.0
     control-plane: elastic-operator
     rbac.authorization.k8s.io/aggregate-to-admin: "true"
     rbac.authorization.k8s.io/aggregate-to-edit: "true"
@@ -345,7 +353,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
   labels:
-    app.kubernetes.io/version: 1.9.1
+    app.kubernetes.io/version: 2.1.0
     control-plane: elastic-operator
   name: elastic-operator
 roleRef:
@@ -368,7 +376,8 @@ data:
     ca-cert-rotate-before: 24h
     cert-validity: 8760h
     cert-rotate-before: 24h
-    set-default-security-context: true
+    exposed-node-labels: [topology.kubernetes.io/.*,failure-domain.beta.kubernetes.io/.*]
+    set-default-security-context: auto-detect
     kube-client-timeout: 60s
     elasticsearch-client-timeout: 180s
     disable-telemetry: false
@@ -379,7 +388,7 @@ data:
 kind: ConfigMap
 metadata:
   labels:
-    app.kubernetes.io/version: 1.9.1
+    app.kubernetes.io/version: 2.1.0
     control-plane: elastic-operator
   name: elastic-operator
   namespace: elastic-system
@@ -388,7 +397,7 @@ apiVersion: v1
 kind: Service
 metadata:
   labels:
-    app.kubernetes.io/version: 1.9.1
+    app.kubernetes.io/version: 2.1.0
     control-plane: elastic-operator
   name: elastic-webhook-server
   namespace: elastic-system
@@ -404,7 +413,7 @@ apiVersion: apps/v1
 kind: StatefulSet
 metadata:
   labels:
-    app.kubernetes.io/version: 1.9.1
+    app.kubernetes.io/version: 2.1.0
     control-plane: elastic-operator
   name: elastic-operator
   namespace: elastic-system
@@ -417,7 +426,7 @@ spec:
   template:
     metadata:
       annotations:
-        checksum/config: 239de074c87fe1f7254f5c93ff9f4a0949c8f111ba15696c460d786d6279e4d6
+        checksum/config: 06e29365c8508fbeda738005ba0e857e543fcac6580e97f081656c96b5944bff
         co.elastic.logs/raw: '[{"type":"container","json.keys_under_root":true,"paths":["/var/log/containers/*${data.kubernetes.container.id}.log"],"processors":[{"convert":{"mode":"rename","ignore_missing":true,"fields":[{"from":"error","to":"_error"}]}},{"convert":{"mode":"rename","ignore_missing":true,"fields":[{"from":"_error","to":"error.message"}]}},{"convert":{"mode":"rename","ignore_missing":true,"fields":[{"from":"source","to":"_source"}]}},{"convert":{"mode":"rename","ignore_missing":true,"fields":[{"from":"_source","to":"event.source"}]}}]}]'
       labels:
         control-plane: elastic-operator
@@ -447,7 +456,7 @@ spec:
         resources:
           limits:
             cpu: 1
-            memory: 512Mi
+            memory: 1Gi
           requests:
             cpu: 100m
             memory: 150Mi
@@ -495,7 +504,7 @@ apiVersion: admissionregistration.k8s.io/v1
 kind: ValidatingWebhookConfiguration
 metadata:
   labels:
-    app.kubernetes.io/version: 1.9.1
+    app.kubernetes.io/version: 2.1.0
     control-plane: elastic-operator
   name: elastic-webhook.k8s.elastic.co
 webhooks:

diff --git a/manifests/upstream/eck/base/kustomization.yaml b/manifests/upstream/eck/base/kustomization.yaml
@@ -1,9 +1,9 @@
 namespace: elastic-system
 resources:
-  - https://download.elastic.co/downloads/eck/1.9.1/operator.yaml
+  - https://download.elastic.co/downloads/eck/2.1.0/operator.yaml
   - certificate.yaml
 images:
   - name: docker.elastic.co/eck/eck-operator
     newTag: "{{.eck.version}}"
 patchesStrategicMerge:
-  - delete-secret.yaml
+  - delete-secret.yaml
diff --git a/manifests/upstream/eck/crd/kustomization.yaml b/manifests/upstream/eck/crd/kustomization.yaml
@@ -1,2 +1,2 @@
 resources:
-  - https://raw.githubusercontent.com/elastic/cloud-on-k8s/1.9.1/config/crds/v1/all-crds.yaml
+  - https://raw.githubusercontent.com/elastic/cloud-on-k8s/2.1.0/config/crds/v1/all-crds.yaml
diff --git a/test/elastic.yaml b/test/elastic.yaml
@@ -59,7 +59,7 @@ packetbeat:
 eventrouter:
   version: v0.3
 eck:
-  version: 1.0.0
+  version: 2.1.0
 test:
   exclude:
     - dex

diff --git a/test/manifests/elastic/elastic.yaml b/test/manifests/elastic/elastic.yaml
@@ -0,0 +1,60 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: eck
+---
+apiVersion: elasticsearch.k8s.elastic.co/v1
+kind: Elasticsearch
+metadata:
+  name: logs
+  namespace: eck
+spec:
+  version: 7.17.3
+  nodeSets:
+    - name: default
+      count: 1
+      config:
+        node.master: true
+        node.data: true
+        node.ingest: true
+        node.store.allow_mmap: false
+        xpack.security.transport.ssl.supported_protocols: TLSv1.1,TLSv1.2
+        xpack.security.authc.anonymous.roles: fluentd
+      podTemplate:
+        metadata:
+          annotations:
+            cluster-autoscaler.kubernetes.io/safe-to-evict: "true"
+        spec:
+          containers:
+            - name: elasticsearch
+              resources:
+                requests:
+                  memory: 2Gi
+                  cpu: 200m
+                limits:
+                  memory: 4Gi
+                  cpu: 500m
+      volumeClaimTemplates:
+        - metadata:
+            name: elasticsearch-data
+          spec:
+            accessModes:
+              - ReadWriteOnce
+            resources:
+              requests:
+                storage: 1Gi
+---
+apiVersion: kibana.k8s.elastic.co/v1
+kind: Kibana
+metadata:
+  name: logs
+  namespace: eck
+spec:
+  version: 7.17.3
+  count: 1
+  elasticsearchRef:
+    name: logs
+  podTemplate:
+    metadata:
+      annotations:
+        cluster-autoscaler.kubernetes.io/safe-to-evict: "true"
diff --git a/test/manifests/elastic/eval.sh b/test/manifests/elastic/eval.sh
@@ -0,0 +1,34 @@
+#!/bin/bash
+if [[ $(uname -s) == "Darwin" ]]; then
+    END_TIME=$(date -v +5M +%s)
+else
+    TIMEOUT="10 minute"
+    END_TIME=$(date -ud "$TIMEOUT" +%s)
+fi
+
+SUCCESS="f"
+while [[ $(date -u +%s) -le $END_TIME ]]
+do
+    echo "Waiting for elastic to become available..."
+    if kubectl -n eck get elasticsearch logs | grep -q Ready; then
+        SUCCESS="t"
+        echo "Elastic up successfully"
+        break
+    fi
+    sleep 5
+done
+if [[ "$SUCCESS" != "t" ]]; then
+    set -x
+    echo "==== elasticsearch object ===="
+    kubectl -n eck get elasticsearch logs
+    echo "==== elasticsearch object ===="
+    kubectl -n eck describe elasticsearch logs
+    echo "==== pods ===="
+    kubectl -n eck describe pods
+    echo "==== pod logs ===="
+    kubectl -n eck logs logs-es-default-0
+    echo "==== operator logs ===="
+    kubectl -n elastic-system logs elastic-operator-0
+    exit 1
+fi
+exit 0
diff --git a/test/manifests/elastic/kustomization.yaml b/test/manifests/elastic/kustomization.yaml
@@ -0,0 +1,2 @@
+resources:
+  - elastic.yaml
diff --git a/test/test.sh b/test/test.sh
@@ -67,9 +67,7 @@ function report() {
         ./build-tools junit gh-workflow-commands test-results/results.xml
     fi
     mkdir -p artifacts
-    if $BIN snapshot --output-dir ../snapshot -v --include-specs=true --include-logs=true --include-events=true $CONFIG_FILES ; then
-        zip -r artifacts/snapshot.zip snapshot/*
-    fi
+    $BIN snapshot --output-dir ../artifacts/snapshot -v --include-specs=true --include-logs=true --include-events=true $CONFIG_FILES
 
     echo "::endgroup::"
 }
@@ -108,6 +106,12 @@ echo "::group::Deploy All"
 $BIN deploy all --exclude crds --prune=false -v $CONFIG_FILES || (echo "::error::Error while deploying" && exit 1)
 echo "::endgroup::"
 
+if [[ -f "test/manifests/$SUITE/kustomization.yaml" ]]; then
+    echo "::group::Deploying suite specific manifests"
+    kubectl apply -k test/manifests/$SUITE
+    echo "::endgroup::"
+fi
+
 echo "::group::Test Dry Run"
 # wait for up to 8 minutes, rerunning tests if they fail
 # this allows for all resources to reconcile and images to finish downloading etc..
@@ -119,3 +123,9 @@ echo "::group::Final Test Run"
 # its own wait. e2e tests should always pass once the non e2e have passed
 $BIN test all --e2e --progress=false -v --junit-path test-results/results.xml $CONFIG_FILES
 echo "::endgroup::"
+
+if [[ -f "test/manifests/$SUITE/eval.sh" ]]; then
+    echo "::group::Suite Specific Test"
+    ./test/manifests/$SUITE/eval.sh
+    echo "::endgroup::"
+fi