From 3d09476cce9701456c3b9426a6fe9e10ec2723b3 Mon Sep 17 00:00:00 2001 From: ace Date: Sun, 31 Jul 2022 06:28:07 +0300 Subject: [PATCH] mass update and migrate to networking.k8s.io/v1 api --- contrib/networking-api-fix.sh | 46 +++++++++++++++++++ .../ghp/sample/group_vars/all/versions.yaml | 19 ++++---- playbooks/ghp/roundcube.yaml | 2 + roles/adguard-home/defaults/main.yaml | 13 +++--- roles/bitwarden/defaults/main.yaml | 6 ++- roles/drone/defaults/main.yaml | 2 +- roles/gitea/defaults/main.yaml | 2 +- roles/harbor/defaults/main.yaml | 25 ++++++---- roles/mastodon/defaults/main.yaml | 7 +-- roles/nextcloud/defaults/main.yaml | 2 +- roles/peertube/defaults/main.yaml | 10 ++-- roles/playmaker/defaults/main.yaml | 9 ++-- roles/postgres/defaults/main.yaml | 2 +- roles/pypiserver/defaults/main.yaml | 22 +++++---- roles/roundcube/defaults/main.yaml | 8 ++-- roles/wikijs/defaults/main.yaml | 24 +++++++--- 16 files changed, 139 insertions(+), 60 deletions(-) create mode 100755 contrib/networking-api-fix.sh diff --git a/contrib/networking-api-fix.sh b/contrib/networking-api-fix.sh new file mode 100755 index 0000000..2d12f19 --- /dev/null +++ b/contrib/networking-api-fix.sh @@ -0,0 +1,46 @@ +#!/bin/bash + +while getopts n:r:c: flag +do + case "${flag}" in + n) namespace=${OPTARG};; + r) release=${OPTARG};; + esac +done + +if [ -z ${release+x} ] || [ -z ${namespace+x} ]; then echo "namespace and release must be defined"; exit 0; fi + +echo "Get release object" +releaseObject=$(kubectl get secret -l owner=helm,status=deployed,name=$release --namespace $namespace | awk '{print $1}' | grep -v NAME) + +echo "Export secret to $release.release.yaml" +kubectl get secret $releaseObject -n $namespace -o yaml > $release.release.yaml + +echo "Create backup" +cp $release.release.yaml $release.release.bak + +echo "Decode" +cat $release.release.yaml | grep -oP '(?<=release: ).*' | base64 -d | base64 -d | gzip -d > $release.release.data.decoded + +echo "Replace api" +sed -i -e 's/extensions\/v1beta1/networking.k8s.io\/v1/' $release.release.data.decoded +sed -i -e 's/networking.k8s.io\/v1beta1/networking.k8s.io\/v1/' $release.release.data.decoded + +echo "Encode" +cat $release.release.data.decoded | gzip | base64 | base64 > $release.release.data.encoded + +echo "Remove newlines" +tr -d "\n" < $release.release.data.encoded > $release.release.data.encoded.final +releaseData=$(cat $release.release.data.encoded.final) + +echo "Replace data.release" +sed 's/^\(\s*release\s*:\s*\).*/\1'$releaseData'/' $release.release.yaml > $release.final.release.yaml + +echo "Applying to kubernetes" +kubectl apply -f $release.final.release.yaml -n $namespace + +rm $release.release.yaml +rm $release.release.data.decoded +rm $release.release.data.encoded +rm $release.release.data.encoded.final +rm $release.final.release.yaml diff --git a/inventory/ghp/sample/group_vars/all/versions.yaml b/inventory/ghp/sample/group_vars/all/versions.yaml index 1123c2b..440d29e 100644 --- a/inventory/ghp/sample/group_vars/all/versions.yaml +++ b/inventory/ghp/sample/group_vars/all/versions.yaml @@ -27,10 +27,10 @@ postgres_operator_version: 1.8.2 openldap_version: 1.2.7 # Adguard Home -adguard_version: 2.2.13 +adguard_version: 2.3.0 # Bitwarden (aka Vaultwarden) -bitwarden_version: 2.0.13 +bitwarden_version: 2.0.15 # Drone drone_version: 0.4.0 @@ -42,10 +42,10 @@ gitea_dns_version: 6.7.1 gitea_version: 5.0.8 # Docker and Helm chart registries -harbor_version: 1.7.5 +harbor_version: 1.9.3 # Mastodon -mastodon_version: 0.2.7 +mastodon_version: 0.3.0 # Nextcloud nextcloud_version: 2.14.2 @@ -53,17 +53,18 @@ nextcloud_version: 2.14.2 # Email dovecot_version: 0.1.3 postfix_version: 0.1.2 -roundcube_version: 0.2.7 +roundcube_version: 0.2.9 rspamd_version: 0.2.0 # Pypi server -pypiserver_version: 2.3.0 +pypiserver_version: 2.4.0 # WikiJS -wikijs_version: 2.2.22 +wikijs_version: 2.3.0 # PeerTube -peertube_version: 0.1.11 +peertube_version: 0.1.13 # Playmaker android APK repository -playmaker_version: 0.1.1 +playmaker_version: 0.1.3 + diff --git a/playbooks/ghp/roundcube.yaml b/playbooks/ghp/roundcube.yaml index c75ca04..b144de2 100644 --- a/playbooks/ghp/roundcube.yaml +++ b/playbooks/ghp/roundcube.yaml @@ -3,3 +3,5 @@ connection: local roles: - roundcube + tags: + - roundcude diff --git a/roles/adguard-home/defaults/main.yaml b/roles/adguard-home/defaults/main.yaml index 491063a..60bb74c 100644 --- a/roles/adguard-home/defaults/main.yaml +++ b/roles/adguard-home/defaults/main.yaml @@ -171,18 +171,19 @@ adguard_default_values: timezone: "UTC" ingress: enabled: true + className: "{{ external_ingress_class if adguard_publish else internal_ingress_class }}" annotations: - cert-manager.io/cluster-issuer: letsencrypt-prod - kubernetes.io/ingress.class: "{{ external_ingress_class if adguard_publish else internal_ingress_class }}" + cert-manager.io/cluster-issuer: "letsencrypt-prod" kubernetes.io/tls-acme: "true" - path: / hosts: - - "{{ adguard_short_name }}.{{ domain }}" + - host: "{{ adguard_short_name }}.{{ domain }}" + paths: + - path: / + pathType: ImplementationSpecific tls: - secretName: "{{ adguard_short_name }}.{{ domain }}-tls" hosts: - - "{{ adguard_short_name }}adguard.{{ domain }}" - + - "{{ adguard_short_name }}.{{ domain }}" service: type: ClusterIP # externalTrafficPolicy: Local diff --git a/roles/bitwarden/defaults/main.yaml b/roles/bitwarden/defaults/main.yaml index 2fd0872..3fd6c3f 100644 --- a/roles/bitwarden/defaults/main.yaml +++ b/roles/bitwarden/defaults/main.yaml @@ -79,13 +79,15 @@ bitwarden_default_values: type: deployment ingress: enabled: true + className: "{{ external_ingress_class if bitwarden_publish else internal_ingress_class }}" annotations: - kubernetes.io/ingress.class: "{{ external_ingress_class if bitwarden_publish else internal_ingress_class }}" cert-manager.io/cluster-issuer: "letsencrypt-prod" kubernetes.io/tls-acme: "true" hosts: - host: "{{ bitwarden_short_name }}.{{ domain }}" - paths: ["/"] + paths: + - path: / + pathType: ImplementationSpecific tls: - secretName: "{{ bitwarden_short_name }}.{{ domain }}-tls" hosts: diff --git a/roles/drone/defaults/main.yaml b/roles/drone/defaults/main.yaml index c82d328..4d57975 100644 --- a/roles/drone/defaults/main.yaml +++ b/roles/drone/defaults/main.yaml @@ -8,8 +8,8 @@ drone_default_values: port: 80 ingress: enabled: true + className: "{{ external_ingress_class if drone_publish else internal_ingress_class }}" annotations: - kubernetes.io/ingress.class: "{{ external_ingress_class if drone_publish else internal_ingress_class }}" cert-manager.io/cluster-issuer: "letsencrypt-prod" hosts: - host: "{{ drone_short_name }}.{{ domain }}" diff --git a/roles/gitea/defaults/main.yaml b/roles/gitea/defaults/main.yaml index 8312ba4..a285c6c 100644 --- a/roles/gitea/defaults/main.yaml +++ b/roles/gitea/defaults/main.yaml @@ -12,12 +12,12 @@ gitea_default_values: clusterIP: ingress: enabled: true + className: "{{ gitea_ingress_class }}" annotations: cert-manager.io/cluster-issuer: "letsencrypt-prod" nginx.ingress.kubernetes.io/proxy-body-size: "0" nginx.ingress.kubernetes.io/proxy-read-timeout: "600" nginx.ingress.kubernetes.io/proxy-send-timeout: "600" - kubernetes.io/ingress.class: "{{ gitea_ingress_class }}" kubernetes.io/tls-acme: "true" hosts: - host: "{{ gitea_short_name }}.{{ domain }}" diff --git a/roles/harbor/defaults/main.yaml b/roles/harbor/defaults/main.yaml index 16d77e1..544ccd3 100644 --- a/roles/harbor/defaults/main.yaml +++ b/roles/harbor/defaults/main.yaml @@ -10,11 +10,11 @@ harbor_default_values: secretName: "{{ harbor_short_name }}.{{ domain }}-tls" notarySecretName: "notary.{{ harbor_short_name }}.{{ domain }}-tls" ingress: + className: "{{ external_ingress_class if harbor_publish else internal_ingress_class }}" hosts: core: "{{ harbor_short_name }}.{{ domain }}" notary: "notary.{{ harbor_short_name }}.{{ domain }}" annotations: - kubernetes.io/ingress.class: "{{ external_ingress_class if harbor_publish else internal_ingress_class }}" cert-manager.io/cluster-issuer: "letsencrypt-prod" nginx.ingress.kubernetes.io/proxy-body-size: "0" nginx.ingress.kubernetes.io/proxy-read-timeout: "600" @@ -123,12 +123,11 @@ harbor_default_values: notarySignerDatabase: "harbor_notary_signer" harbor_readonly_ingress_definition: | - apiVersion: extensions/v1beta1 + apiVersion: networking.k8s.io/v1 kind: Ingress metadata: annotations: cert-manager.io/cluster-issuer: letsencrypt-prod - kubernetes.io/ingress.class: "{{ external_ingress_class }}" nginx.ingress.kubernetes.io/proxy-body-size: "0" nginx.ingress.kubernetes.io/proxy-read-timeout: "600" nginx.ingress.kubernetes.io/proxy-send-timeout: "600" @@ -136,22 +135,30 @@ harbor_readonly_ingress_definition: | name: harbor-public-ingress namespace: "{{ harbor_namespace | default(namespace) }}" spec: + ingressClassName: "{{ external_ingress_class }}" rules: - host: "{{ harbor_readonly_ingress }}" http: paths: - backend: - serviceName: harbor-core - servicePort: 80 + service: + name: harbor-core + port: + number: 80 path: /v2 pathType: ImplementationSpecific - backend: - serviceName: harbor-core - servicePort: 80 + service: + name: harbor-core + port: + number: 80 path: /chartrepo + pathType: ImplementationSpecific - backend: - serviceName: harbor-core - servicePort: 80 + service: + name: harbor-core + port: + number: 80 path: /api pathType: ImplementationSpecific tls: diff --git a/roles/mastodon/defaults/main.yaml b/roles/mastodon/defaults/main.yaml index 027d092..c931ae9 100644 --- a/roles/mastodon/defaults/main.yaml +++ b/roles/mastodon/defaults/main.yaml @@ -7,17 +7,18 @@ mastodon_admin_email: "mastodon@{{ mail_domain | default(domain) }}" mastodon_default_values: ingress: enabled: true + className: "{{ external_ingress_class if mastodon_publish else internal_ingress_class }}" annotations: cert-manager.io/cluster-issuer: "letsencrypt-prod" + kubernetes.io/tls-acme: "true" nginx.ingress.kubernetes.io/proxy-body-size: "0" nginx.ingress.kubernetes.io/proxy-read-timeout: "600" nginx.ingress.kubernetes.io/proxy-send-timeout: "600" - kubernetes.io/ingress.class: "{{ external_ingress_class if mastodon_publish else internal_ingress_class }}" - kubernetes.io/tls-acme: "true" hosts: - host: "{{ mastodon_short_name }}.{{ domain }}" paths: - - path: '/' + - path: / + pathType: ImplementationSpecific tls: - secretName: "{{ mastodon_short_name }}.{{ domain }}-tls" hosts: diff --git a/roles/nextcloud/defaults/main.yaml b/roles/nextcloud/defaults/main.yaml index 1a2ce8c..ba36cea 100644 --- a/roles/nextcloud/defaults/main.yaml +++ b/roles/nextcloud/defaults/main.yaml @@ -5,9 +5,9 @@ nextcloud_short_name: "nextcloud" nextcloud_default_values: ingress: enabled: true + className: "{{ external_ingress_class if nextcloud_publish else internal_ingress_class }}" annotations: cert-manager.io/cluster-issuer: "letsencrypt-prod" - kubernetes.io/ingress.class: "{{ external_ingress_class if nextcloud_publish else internal_ingress_class }}" nginx.ingress.kubernetes.io/proxy-body-size: "0" nginx.ingress.kubernetes.io/proxy-read-timeout: "600" nginx.ingress.kubernetes.io/proxy-send-timeout: "600" diff --git a/roles/peertube/defaults/main.yaml b/roles/peertube/defaults/main.yaml index e886c24..9e99274 100644 --- a/roles/peertube/defaults/main.yaml +++ b/roles/peertube/defaults/main.yaml @@ -97,16 +97,18 @@ peertube_default_values: value: "{{ peertube_admin_password }}" ingress: enabled: true - annotations: - cert-manager.io/cluster-issuer: letsencrypt-prod - kubernetes.io/ingress.class: "{{ external_ingress_class if peertube_publish else internal_ingress_class }}" + className: "{{ external_ingress_class if peertube_publish else internal_ingress_class }}" + annotations: + cert-manager.io/cluster-issuer: "letsencrypt-prod" kubernetes.io/tls-acme: "true" nginx.ingress.kubernetes.io/proxy-body-size: "0" nginx.ingress.kubernetes.io/proxy-read-timeout: "600" nginx.ingress.kubernetes.io/proxy-send-timeout: "600" hosts: - host: "{{ peertube_short_name }}.{{ domain }}" - paths: ["/"] + paths: + - path: / + pathType: ImplementationSpecific tls: - secretName: "{{ peertube_short_name }}.{{ domain }}-tls" hosts: diff --git a/roles/playmaker/defaults/main.yaml b/roles/playmaker/defaults/main.yaml index 3af797b..5d5f507 100644 --- a/roles/playmaker/defaults/main.yaml +++ b/roles/playmaker/defaults/main.yaml @@ -52,20 +52,23 @@ playmaker_default_values: service: type: ClusterIP port: 80 - + ingress: enabled: true + className: "{{ external_ingress_class if playmaker_publish else internal_ingress_class }}" annotations: - kubernetes.io/ingress.class: "{{ external_ingress_class if playmaker_publish else internal_ingress_class }}" cert-manager.io/cluster-issuer: "letsencrypt-prod" kubernetes.io/tls-acme: "true" hosts: - host: "{{ playmaker_short_name }}.{{ domain }}" - paths: ["/"] + paths: + - path: / + pathType: ImplementationSpecific tls: - secretName: "{{ playmaker_short_name }}.{{ domain }}-tls" hosts: - "{{ playmaker_short_name }}.{{ domain }}" + persistence: enabled: true storageClass: "{{ playmaker_storage | default('nfs-hdd') }}" diff --git a/roles/postgres/defaults/main.yaml b/roles/postgres/defaults/main.yaml index 00cc2e1..726bb29 100644 --- a/roles/postgres/defaults/main.yaml +++ b/roles/postgres/defaults/main.yaml @@ -19,9 +19,9 @@ postgres_operator_ui_default_values: # configure UI ingress. If needed: "enabled: true" ingress: enabled: true + ingressClassName: "{{ postgres_operator_ui_ingress_class | default(internal_ingress_class) }}" annotations: cert-manager.io/cluster-issuer: "letsencrypt-prod" - kubernetes.io/ingress.class: "{{ postgres_operator_ui_ingress_class | default(internal_ingress_class) }}" hosts: - host: "{{ postgres_operator_ui_short_name }}.{{ domain }}" paths: [""] diff --git a/roles/pypiserver/defaults/main.yaml b/roles/pypiserver/defaults/main.yaml index e7d80e3..70e2e17 100644 --- a/roles/pypiserver/defaults/main.yaml +++ b/roles/pypiserver/defaults/main.yaml @@ -15,20 +15,22 @@ pypiserver_default_values: pypiserver_admin: "{{ pypiserver_admin_htpasswd_hash }}" ingress: enabled: true - labels: {} - annotations: - kubernetes.io/ingress.class: "{{ external_ingress_class if pypiserver_publish else internal_ingress_class }}" + className: "{{ external_ingress_class if pypiserver_publish else internal_ingress_class }}" + annotations: cert-manager.io/cluster-issuer: "letsencrypt-prod" + kubernetes.io/tls-acme: "true" nginx.ingress.kubernetes.io/proxy-body-size: "0" nginx.ingress.kubernetes.io/proxy-read-timeout: "600" nginx.ingress.kubernetes.io/proxy-send-timeout: "600" - path: "/" - hosts: - - "{{ pypiserver_short_name }}.{{ domain }}" - tls: - - secretName: "{{ pypiserver_short_name }}.{{ domain }}-tls" - hosts: - - "{{ pypiserver_short_name }}.{{ domain }}" + hosts: + - host: "{{ pypiserver_short_name }}.{{ domain }}" + paths: + - path: / + pathType: ImplementationSpecific + tls: + - secretName: "{{ pypiserver_short_name }}.{{ domain }}-tls" + hosts: + - "{{ pypiserver_short_name }}.{{ domain }}" persistence: enabled: true storageClass: "{{ pypiserver_storage | default('nfs-hdd') }}" diff --git a/roles/roundcube/defaults/main.yaml b/roles/roundcube/defaults/main.yaml index 1143a9b..eff55ff 100644 --- a/roles/roundcube/defaults/main.yaml +++ b/roles/roundcube/defaults/main.yaml @@ -30,16 +30,18 @@ roundcube_default_values: value: "archive,zipdownload,managesieve" ingress: enabled: true + className: "{{ external_ingress_class if roundcube_publish else internal_ingress_class }}" annotations: cert-manager.io/cluster-issuer: "letsencrypt-prod" - kubernetes.io/ingress.class: "{{ external_ingress_class if roundcube_publish else internal_ingress_class }}" kubernetes.io/tls-acme: "true" nginx.ingress.kubernetes.io/proxy-body-size: "0" nginx.ingress.kubernetes.io/proxy-read-timeout: "600" nginx.ingress.kubernetes.io/proxy-send-timeout: "600" - path: / hosts: - - "{{ roundcube_short_name }}.{{ domain }}" + - host: "{{ roundcube_short_name }}.{{ domain }}" + paths: + - path: / + pathType: ImplementationSpecific tls: - secretName: "{{ roundcube_short_name }}.{{ domain }}-tls" hosts: diff --git a/roles/wikijs/defaults/main.yaml b/roles/wikijs/defaults/main.yaml index b46668d..dc81773 100644 --- a/roles/wikijs/defaults/main.yaml +++ b/roles/wikijs/defaults/main.yaml @@ -6,12 +6,18 @@ wikijs_default_values: fullnameOverride: "wikijs" ingress: enabled: true - annotations: + className: "{{ external_ingress_class if wikijs_publish else internal_ingress_class }}" + annotations: cert-manager.io/cluster-issuer: "letsencrypt-prod" - kubernetes.io/ingress.class: "{{ external_ingress_class if wikijs_publish else internal_ingress_class }}" + kubernetes.io/tls-acme: "true" + nginx.ingress.kubernetes.io/proxy-body-size: "0" + nginx.ingress.kubernetes.io/proxy-read-timeout: "600" + nginx.ingress.kubernetes.io/proxy-send-timeout: "600" hosts: - host: "{{ wikijs_short_name }}.{{ domain }}" - paths: ["/"] + paths: + - path: / + pathType: ImplementationSpecific tls: - secretName: "{{ wikijs_short_name }}.{{ domain }}-tls" hosts: @@ -25,28 +31,32 @@ wikijs_default_values: postgresqlDatabase: "{{ wikijs_db_name | default('wikijs') }}" wikijs_readonly_ingress_definition: | - apiVersion: extensions/v1beta1 + apiVersion: networking.k8s.io/v1 kind: Ingress metadata: annotations: cert-manager.io/cluster-issuer: letsencrypt-prod - kubernetes.io/ingress.class: "{{ external_ingress_class }}" nginx.ingress.kubernetes.io/proxy-body-size: "0" nginx.ingress.kubernetes.io/proxy-read-timeout: "600" nginx.ingress.kubernetes.io/proxy-send-timeout: "600" name: wikijs-public namespace: "{{ wikijs_namespace | default(namespace) }}" spec: + ingressClassName: "{{ external_ingress_class }}" rules: - host: "{{ wikijs_readonly_ingress }}" http: paths: - backend: - serviceName: wikijs - servicePort: 80 + service: + name: wikijs + port: + number: 80 path: / + pathType: ImplementationSpecific tls: - hosts: - "{{ wikijs_readonly_ingress }}" secretName: "{{ wikijs_readonly_ingress }}-tls" +