From 2e2a30515c1e650984a94667d3f9d241811adc75 Mon Sep 17 00:00:00 2001
From: Sean Eagan <sean.eagan@att.com>
Date: Wed, 20 Feb 2019 16:04:12 -0600
Subject: [PATCH] Use apps/v1 k8s controllers and add labels

Daemonset update strategy defaults to OnDelete in v1beta1, whereas
it defaults to RollingUpdate in v1, which seems prefereable.

This also adds helm-toolkit based labels at the controller level
to match standard usage such as for example by armada as wait labels.

This change has been tested using the promenade resiliency gate.

Change-Id: I9fd1bc4caedc0a6717b779e5333640ca8dc78b7e
---
 charts/apiserver/templates/daemonset.yaml          | 10 ++++++++--
 charts/controller_manager/templates/daemonset.yaml | 10 ++++++++--
 charts/coredns/templates/deployment.yaml           |  7 +++++--
 charts/coredns/templates/rbac.yaml                 |  2 +-
 charts/etcd/templates/daemonset-anchor.yaml        | 10 ++++++++--
 charts/haproxy/templates/daemonset.yaml            | 10 ++++++++--
 charts/promenade/templates/deployment-api.yaml     | 10 ++++++++--
 charts/proxy/templates/daemonset.yaml              | 11 ++++++++---
 charts/proxy/templates/rbac.yaml                   |  4 ++--
 charts/scheduler/templates/sched-anchor.yaml       | 10 ++++++++--
 tools/g2/sonobuoy.yaml                             |  4 ++--
 11 files changed, 66 insertions(+), 22 deletions(-)

diff --git a/charts/apiserver/templates/daemonset.yaml b/charts/apiserver/templates/daemonset.yaml
index f50a05da..cf49cb0e 100644
--- a/charts/apiserver/templates/daemonset.yaml
+++ b/charts/apiserver/templates/daemonset.yaml
@@ -18,19 +18,25 @@ limitations under the License.
 {{- $envAll := . }}
 {{- $mounts_kubernetes_apiserver := .Values.pod.mounts.kubernetes_apiserver.kubernetes_apiserver }}
 {{- $mounts_kubernetes_apiserver_init := .Values.pod.mounts.kubernetes_apiserver.init_container }}
+{{- $labels := tuple $envAll "kubernetes" "kubernetes-apiserver-anchor" | include "helm-toolkit.snippets.kubernetes_metadata_labels" -}}
 ---
-apiVersion: "extensions/v1beta1"
+apiVersion: "apps/v1"
 kind: DaemonSet
 metadata:
   name: {{ .Values.service.name }}-anchor
+  labels:
+{{ $labels | indent 4 }}
   annotations:
     {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
 spec:
+  selector:
+    matchLabels:
+{{ $labels | indent 6 }}
 {{ tuple $envAll "kubernetes-apiserver-anchor" | include "helm-toolkit.snippets.kubernetes_upgrades_daemonset" | indent 2 }}
   template:
     metadata:
       labels:
-{{ tuple $envAll "kubernetes" "kubernetes-apiserver-anchor" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
+{{ $labels | indent 8 }}
       annotations:
         scheduler.alpha.kubernetes.io/critical-pod: ''
         configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
diff --git a/charts/controller_manager/templates/daemonset.yaml b/charts/controller_manager/templates/daemonset.yaml
index 92f428d1..d9baba84 100644
--- a/charts/controller_manager/templates/daemonset.yaml
+++ b/charts/controller_manager/templates/daemonset.yaml
@@ -18,19 +18,25 @@ limitations under the License.
 {{- $envAll := . }}
 {{- $mounts_controller_manager := .Values.pod.mounts.controller_manager.controller_manager }}
 {{- $mounts_controller_manager_init := .Values.pod.mounts.controller_manager.init_container }}
+{{- $labels := tuple $envAll "kubernetes" "kubernetes-controller-manager-anchor" | include "helm-toolkit.snippets.kubernetes_metadata_labels" -}}
 ---
-apiVersion: "extensions/v1beta1"
+apiVersion: "apps/v1"
 kind: DaemonSet
 metadata:
   name: {{ .Values.service.name }}-anchor
+  labels:
+{{ $labels | indent 4 }}
   annotations:
     {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
 spec:
+  selector:
+    matchLabels:
+{{ $labels | indent 6 }}
 {{ tuple $envAll "kubernetes-controller-manager-anchor" | include "helm-toolkit.snippets.kubernetes_upgrades_daemonset" | indent 2 }}
   template:
     metadata:
       labels:
-{{ tuple $envAll "kubernetes" "kubernetes-controller-manager-anchor" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
+{{ $labels | indent 8 }}
       annotations:
         scheduler.alpha.kubernetes.io/critical-pod: ''
         configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
diff --git a/charts/coredns/templates/deployment.yaml b/charts/coredns/templates/deployment.yaml
index 3e593047..d11b1498 100644
--- a/charts/coredns/templates/deployment.yaml
+++ b/charts/coredns/templates/deployment.yaml
@@ -15,12 +15,14 @@ limitations under the License.
 */}}
 
 {{- $envAll := . }}
+{{- $labels := tuple $envAll "kubernetes" "coredns" | include "helm-toolkit.snippets.kubernetes_metadata_labels" -}}
 ---
-apiVersion: extensions/v1beta1
+apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: coredns
   labels:
+{{ $labels | indent 4 }}
     {{ .Values.service.name }}: enabled
     kubernetes.io/name: "CoreDNS"
   annotations:
@@ -33,11 +35,12 @@ spec:
       maxUnavailable: 1
   selector:
     matchLabels:
+{{ $labels | indent 6 }}
       {{ .Values.service.name }}: enabled
   template:
     metadata:
       labels:
-{{ tuple $envAll "kubernetes" "coredns" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
+{{ $labels | indent 8 }}
         {{ .Values.service.name }}: enabled
       annotations:
         configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
diff --git a/charts/coredns/templates/rbac.yaml b/charts/coredns/templates/rbac.yaml
index 6d95c858..ab75fe4b 100644
--- a/charts/coredns/templates/rbac.yaml
+++ b/charts/coredns/templates/rbac.yaml
@@ -23,7 +23,7 @@ roleRef:
   name: system:coredns
   apiGroup: rbac.authorization.k8s.io
 ---
-apiVersion: rbac.authorization.k8s.io/v1beta1
+apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
   labels:
diff --git a/charts/etcd/templates/daemonset-anchor.yaml b/charts/etcd/templates/daemonset-anchor.yaml
index 7426db60..a3f865aa 100644
--- a/charts/etcd/templates/daemonset-anchor.yaml
+++ b/charts/etcd/templates/daemonset-anchor.yaml
@@ -21,21 +21,27 @@ limitations under the License.
 # Note that application can either be kubernetes or calico for now
 # and may expand in scope in the future
 {{- $applicationName := .Values.service.name | replace "-etcd" "" }}
+{{- $labels := tuple $envAll $applicationName "etcd-anchor" | include "helm-toolkit.snippets.kubernetes_metadata_labels" -}}
 ---
-apiVersion: extensions/v1beta1
+apiVersion: apps/v1
 kind: DaemonSet
 metadata:
   name: {{ .Values.service.name }}-anchor
+  labels:
+{{ $labels | indent 4 }}
   annotations:
     {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
 spec:
+  selector:
+    matchLabels:
+{{ $labels | indent 6 }}
 {{ tuple $envAll "anchor" | include "helm-toolkit.snippets.kubernetes_upgrades_daemonset" | indent 2 }}
   template:
     metadata:
       annotations:
         scheduler.alpha.kubernetes.io/critical-pod: ''
       labels:
-{{ tuple $envAll $applicationName "etcd-anchor" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
+{{ $labels | indent 8 }}
     spec:
       hostNetwork: true
       {{- if .Values.anchor.dns_policy }}
diff --git a/charts/haproxy/templates/daemonset.yaml b/charts/haproxy/templates/daemonset.yaml
index b8f5e694..a20a0957 100644
--- a/charts/haproxy/templates/daemonset.yaml
+++ b/charts/haproxy/templates/daemonset.yaml
@@ -15,19 +15,25 @@ limitations under the License.
 */}}
 
 {{- $envAll := . }}
+{{- $labels := tuple $envAll "kubernetes" "haproxy-anchor" | include "helm-toolkit.snippets.kubernetes_metadata_labels" -}}
 ---
-apiVersion: extensions/v1beta1
+apiVersion: apps/v1
 kind: DaemonSet
 metadata:
   name: haproxy-anchor
+  labels:
+{{ $labels | indent 4 }}
   annotations:
     {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
 spec:
+  selector:
+    matchLabels:
+{{ $labels | indent 6 }}
 {{ tuple $envAll "haproxy_anchor" | include "helm-toolkit.snippets.kubernetes_upgrades_daemonset" | indent 2 }}
   template:
     metadata:
       labels:
-{{ tuple $envAll "kubernetes" "haproxy-anchor" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
+{{ $labels | indent 8 }}
       annotations:
         scheduler.alpha.kubernetes.io/critical-pod: ''
     spec:
diff --git a/charts/promenade/templates/deployment-api.yaml b/charts/promenade/templates/deployment-api.yaml
index b940d952..e9e4b4e4 100644
--- a/charts/promenade/templates/deployment-api.yaml
+++ b/charts/promenade/templates/deployment-api.yaml
@@ -16,20 +16,26 @@ limitations under the License.
 
 {{- if .Values.manifests.deployment_api }}
 {{- $envAll := . }}
+{{- $labels := tuple $envAll "promenade" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" -}}
 ---
-apiVersion: extensions/v1beta1
+apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: promenade-api
+  labels:
+{{ $labels | indent 4 }}
   annotations:
     {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
 spec:
+  selector:
+    matchLabels:
+{{ $labels | indent 6 }}
   replicas: {{ .Values.pod.replicas.api }}
 {{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }}
   template:
     metadata:
       labels:
-{{ tuple $envAll "promenade" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
+{{ $labels | indent 8 }}
       annotations:
         configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
         configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
diff --git a/charts/proxy/templates/daemonset.yaml b/charts/proxy/templates/daemonset.yaml
index 310e3c49..47fa9464 100644
--- a/charts/proxy/templates/daemonset.yaml
+++ b/charts/proxy/templates/daemonset.yaml
@@ -16,20 +16,25 @@ limitations under the License.
 
 {{- if .Values.manifests.daemonset_proxy }}
 {{- $envAll := . }}
-
+{{- $labels := tuple $envAll "kubernetes" "proxy" | include "helm-toolkit.snippets.kubernetes_metadata_labels" -}}
 ---
-apiVersion: "extensions/v1beta1"
+apiVersion: "apps/v1"
 kind: DaemonSet
 metadata:
   name: kubernetes-proxy
+  labels:
+{{ $labels | indent 4 }}
   annotations:
     {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
 spec:
+  selector:
+    matchLabels:
+{{ $labels | indent 6 }}
 {{ tuple $envAll "proxy" | include "helm-toolkit.snippets.kubernetes_upgrades_daemonset" | indent 2 }}
   template:
     metadata:
       labels:
-{{ tuple $envAll "kubernetes" "proxy" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
+{{ $labels | indent 8 }}
       annotations:
         scheduler.alpha.kubernetes.io/critical-pod: ''
     spec:
diff --git a/charts/proxy/templates/rbac.yaml b/charts/proxy/templates/rbac.yaml
index 38790797..a25eeae1 100644
--- a/charts/proxy/templates/rbac.yaml
+++ b/charts/proxy/templates/rbac.yaml
@@ -22,7 +22,7 @@ metadata:
     addonmanager.kubernetes.io/mode: Reconcile
 ---
 kind: ClusterRoleBinding
-apiVersion: rbac.authorization.k8s.io/v1beta1
+apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: system:kube-proxy
   labels:
@@ -34,4 +34,4 @@ subjects:
 roleRef:
   kind: ClusterRole
   name: system:node-proxier
-  apiGroup: rbac.authorization.k8s.io
\ No newline at end of file
+  apiGroup: rbac.authorization.k8s.io
diff --git a/charts/scheduler/templates/sched-anchor.yaml b/charts/scheduler/templates/sched-anchor.yaml
index c0646671..c816566a 100644
--- a/charts/scheduler/templates/sched-anchor.yaml
+++ b/charts/scheduler/templates/sched-anchor.yaml
@@ -15,14 +15,20 @@ limitations under the License.
 */}}
 
 {{- $envAll := . }}
+{{- $labels := tuple $envAll "kubernetes" "kubernetes-scheduler-anchor" | include "helm-toolkit.snippets.kubernetes_metadata_labels" -}}
 ---
-apiVersion: "extensions/v1beta1"
+apiVersion: "apps/v1"
 kind: DaemonSet
 metadata:
   name: kubernetes-scheduler-anchor
+  labels:
+{{ $labels | indent 4 }}
   annotations:
     {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
 spec:
+  selector:
+    matchLabels:
+{{ $labels | indent 6 }}
 {{ tuple $envAll "scheduler" | include "helm-toolkit.snippets.kubernetes_upgrades_daemonset" | indent 2 }}
   template:
     metadata:
@@ -31,7 +37,7 @@ spec:
         configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
         configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
       labels:
-{{ tuple $envAll "kubernetes" "kubernetes-scheduler-anchor" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
+{{ $labels | indent 8 }}
     spec:
       hostNetwork: true
       dnsPolicy: {{ .Values.anchor.dns_policy }}
diff --git a/tools/g2/sonobuoy.yaml b/tools/g2/sonobuoy.yaml
index 390dad11..1faf147d 100644
--- a/tools/g2/sonobuoy.yaml
+++ b/tools/g2/sonobuoy.yaml
@@ -12,7 +12,7 @@ metadata:
   name: sonobuoy-serviceaccount
   namespace: heptio-sonobuoy
 ---
-apiVersion: rbac.authorization.k8s.io/v1beta1
+apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
   labels:
@@ -27,7 +27,7 @@ subjects:
   name: sonobuoy-serviceaccount
   namespace: heptio-sonobuoy
 ---
-apiVersion: rbac.authorization.k8s.io/v1beta1
+apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
   labels: