From 152bfd87fae740f8ecb8707c60b77e193bea037b Mon Sep 17 00:00:00 2001 From: Amanuel Engeda <74629455+engedaam@users.noreply.github.com> Date: Wed, 21 Aug 2024 21:25:41 -0700 Subject: [PATCH] (backport) chore: Remove Post Install Hook (#6827) for v0.34.x (#6833) --- .../karpenter.k8s.aws_ec2nodeclasses.yaml | 2 +- .../templates/karpenter.sh_nodeclaims.yaml | 2 +- .../templates/karpenter.sh_nodepools.yaml | 2 +- charts/karpenter-crd/values.yaml | 3 +- charts/karpenter/templates/_helpers.tpl | 11 ----- .../karpenter/templates/clusterrole-core.yaml | 17 ++------ .../templates/post-install-hook.yaml | 40 ------------------- charts/karpenter/values.yaml | 8 ---- hack/mutation/conversion_webhook_injection.sh | 6 +-- 9 files changed, 11 insertions(+), 80 deletions(-) delete mode 100644 charts/karpenter/templates/post-install-hook.yaml diff --git a/charts/karpenter-crd/templates/karpenter.k8s.aws_ec2nodeclasses.yaml b/charts/karpenter-crd/templates/karpenter.k8s.aws_ec2nodeclasses.yaml index 6ea02a24e697..58e7193a8de5 100644 --- a/charts/karpenter-crd/templates/karpenter.k8s.aws_ec2nodeclasses.yaml +++ b/charts/karpenter-crd/templates/karpenter.k8s.aws_ec2nodeclasses.yaml @@ -1276,7 +1276,7 @@ spec: clientConfig: service: name: {{ .Values.webhook.serviceName }} - namespace: {{ .Values.webhook.serviceNamespace }} + namespace: {{ .Release.Namespace }} port: {{ .Values.webhook.port }} {{- end }} diff --git a/charts/karpenter-crd/templates/karpenter.sh_nodeclaims.yaml b/charts/karpenter-crd/templates/karpenter.sh_nodeclaims.yaml index a4a7ece2dc9d..418d147e5053 100644 --- a/charts/karpenter-crd/templates/karpenter.sh_nodeclaims.yaml +++ b/charts/karpenter-crd/templates/karpenter.sh_nodeclaims.yaml @@ -811,7 +811,7 @@ spec: clientConfig: service: name: {{ .Values.webhook.serviceName }} - namespace: {{ .Values.webhook.serviceNamespace }} + namespace: {{ .Release.Namespace }} port: {{ .Values.webhook.port }} {{- end }} diff --git a/charts/karpenter-crd/templates/karpenter.sh_nodepools.yaml b/charts/karpenter-crd/templates/karpenter.sh_nodepools.yaml index 34094f591e7a..2d57654f92e6 100644 --- a/charts/karpenter-crd/templates/karpenter.sh_nodepools.yaml +++ b/charts/karpenter-crd/templates/karpenter.sh_nodepools.yaml @@ -1024,7 +1024,7 @@ spec: clientConfig: service: name: {{ .Values.webhook.serviceName }} - namespace: {{ .Values.webhook.serviceNamespace }} + namespace: {{ .Release.Namespace }} port: {{ .Values.webhook.port }} {{- end }} diff --git a/charts/karpenter-crd/values.yaml b/charts/karpenter-crd/values.yaml index f5bf8ddda3f8..2b66f3f98800 100644 --- a/charts/karpenter-crd/values.yaml +++ b/charts/karpenter-crd/values.yaml @@ -1,7 +1,6 @@ webhook: - # -- Whether to enable the webhooks and webhook permissions. + # -- Whether to enable the webhooks. enabled: false serviceName: karpenter - serviceNamespace: kube-system # -- The container port to use for the webhook. port: 8443 diff --git a/charts/karpenter/templates/_helpers.tpl b/charts/karpenter/templates/_helpers.tpl index a74c4dbb1aea..9dce663e2382 100644 --- a/charts/karpenter/templates/_helpers.tpl +++ b/charts/karpenter/templates/_helpers.tpl @@ -75,17 +75,6 @@ Karpenter image to use {{- end }} {{- end }} -{{/* -Karpenter post-install hook image to use -*/}} -{{- define "karpenter.postInstallHook.image" -}} -{{- if .Values.postInstallHook.image.digest }} -{{- printf "%s:%s@%s" .Values.postInstallHook.image.repository (default (printf "v%s" .Chart.AppVersion) .Values.postInstallHook.image.tag) .Values.postInstallHook.image.digest }} -{{- else }} -{{- printf "%s:%s" .Values.postInstallHook.image.repository (default (printf "v%s" .Chart.AppVersion) .Values.postInstallHook.image.tag) }} -{{- end }} -{{- end }} - {{/* Get PodDisruptionBudget API Version */}} {{- define "karpenter.pdb.apiVersion" -}} diff --git a/charts/karpenter/templates/clusterrole-core.yaml b/charts/karpenter/templates/clusterrole-core.yaml index a650a11e7039..67540c524548 100644 --- a/charts/karpenter/templates/clusterrole-core.yaml +++ b/charts/karpenter/templates/clusterrole-core.yaml @@ -47,13 +47,8 @@ rules: verbs: ["get", "watch", "list"] - apiGroups: ["apiextensions.k8s.io"] resources: ["customresourcedefinitions"] - verbs: ["get", "watch", "list"] -{{- else }} - # Used for the post install hook - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["get"] -{{- end }} + verbs: ["watch", "list"] + {{- end }} - apiGroups: ["policy"] resources: ["poddisruptionbudgets"] verbs: ["get", "list", "watch"] @@ -80,12 +75,8 @@ rules: resourceNames: ["validation.webhook.karpenter.sh", "validation.webhook.config.karpenter.sh"] - apiGroups: ["apiextensions.k8s.io"] resources: ["customresourcedefinitions"] - verbs: ["update", "patch"] -{{- else }} - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["patch"] -{{- end }} + verbs: ["update"] + {{- end }} {{- with .Values.additionalClusterRoleRules -}} {{ toYaml . | nindent 2 }} {{- end -}} \ No newline at end of file diff --git a/charts/karpenter/templates/post-install-hook.yaml b/charts/karpenter/templates/post-install-hook.yaml deleted file mode 100644 index 5a38c33d8672..000000000000 --- a/charts/karpenter/templates/post-install-hook.yaml +++ /dev/null @@ -1,40 +0,0 @@ -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ .Release.Name }}-post-install-hook - namespace: {{ .Release.Namespace }} - labels: - {{- include "karpenter.labels" . | nindent 4 }} - annotations: - "helm.sh/hook": post-install,post-upgrade,post-rollback - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded,hook-failed - {{- with .Values.additionalAnnotations }} - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - ttlSecondsAfterFinished: 0 - template: - spec: - serviceAccountName: {{ include "karpenter.serviceAccountName" . }} - restartPolicy: OnFailure - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - containers: - - name: post-install-job - image: {{ include "karpenter.postInstallHook.image" . }} - command: - - /bin/sh - - -c - - | - {{- if .Values.webhook.enabled }} - kubectl patch customresourcedefinitions nodepools.karpenter.sh --type='merge' -p '{"spec":{"conversion":{"strategy": "Webhook", "webhook":{"conversionReviewVersions": ["v1beta1", "v1"], "clientConfig":{"service":{"name":"{{ include "karpenter.fullname" . }}", "port": {{ .Values.webhook.port }} ,"namespace": "{{ .Release.Namespace }}"}}}}}}' - kubectl patch customresourcedefinitions nodeclaims.karpenter.sh --type='merge' -p '{"spec":{"conversion":{"strategy": "Webhook", "webhook":{"conversionReviewVersions": ["v1beta1", "v1"], "clientConfig":{"service":{"name":"{{ include "karpenter.fullname" . }}", "port": {{ .Values.webhook.port }} ,"namespace": "{{ .Release.Namespace }}"}}}}}}' - kubectl patch customresourcedefinitions ec2nodeclasses.karpenter.k8s.aws --type='merge' -p '{"spec":{"conversion":{"strategy": "Webhook", "webhook":{"conversionReviewVersions": ["v1beta1", "v1"], "clientConfig":{"service":{"name":"{{ include "karpenter.fullname" . }}", "port": {{ .Values.webhook.port }} ,"namespace": "{{ .Release.Namespace }}"}}}}}}' - {{- else }} - echo "disabled webhooks" - kubectl patch customresourcedefinitions nodepools.karpenter.sh --type='json' -p '[{'op': 'remove', 'path': '/spec/conversion'}]' - kubectl patch customresourcedefinitions nodeclaims.karpenter.sh --type='json' -p '[{'op': 'remove', 'path': '/spec/conversion'}]' - kubectl patch customresourcedefinitions ec2nodeclasses.karpenter.k8s.aws --type='json' -p '[{'op': 'remove', 'path': '/spec/conversion'}]' - {{- end }} \ No newline at end of file diff --git a/charts/karpenter/values.yaml b/charts/karpenter/values.yaml index d4d7cee33ef1..ff90cde71016 100644 --- a/charts/karpenter/values.yaml +++ b/charts/karpenter/values.yaml @@ -135,14 +135,6 @@ controller: healthProbe: # -- The container port to use for http health probe. port: 8081 -postInstallHook: - image: - # -- Repository path to the post-install hook. This minimally needs to have `kubectl` installed - repository: public.ecr.aws/bitnami/kubectl - # -- Tag of the post-install hook image. - tag: "1.30" - # -- SHA256 digest of the post-install hook image. - digest: sha256:13a2ad1bd37ce42ee2a6f1ab0d30595f42eb7fe4a90d6ec848550524104a1ed6 webhook: # -- Whether to enable the webhooks and webhook permissions. enabled: false diff --git a/hack/mutation/conversion_webhook_injection.sh b/hack/mutation/conversion_webhook_injection.sh index 1a466499d041..65a3ab3c8503 100755 --- a/hack/mutation/conversion_webhook_injection.sh +++ b/hack/mutation/conversion_webhook_injection.sh @@ -18,7 +18,7 @@ echo "{{- if .Values.webhook.enabled }} clientConfig: service: name: {{ .Values.webhook.serviceName }} - namespace: {{ .Values.webhook.serviceNamespace }} + namespace: {{ .Release.Namespace }} port: {{ .Values.webhook.port }} {{- end }} " >> charts/karpenter-crd/templates/karpenter.sh_nodepools.yaml @@ -33,7 +33,7 @@ echo "{{- if .Values.webhook.enabled }} clientConfig: service: name: {{ .Values.webhook.serviceName }} - namespace: {{ .Values.webhook.serviceNamespace }} + namespace: {{ .Release.Namespace }} port: {{ .Values.webhook.port }} {{- end }} " >> charts/karpenter-crd/templates/karpenter.sh_nodeclaims.yaml @@ -48,7 +48,7 @@ echo "{{- if .Values.webhook.enabled }} clientConfig: service: name: {{ .Values.webhook.serviceName }} - namespace: {{ .Values.webhook.serviceNamespace }} + namespace: {{ .Release.Namespace }} port: {{ .Values.webhook.port }} {{- end }} " >> charts/karpenter-crd/templates/karpenter.k8s.aws_ec2nodeclasses.yaml \ No newline at end of file