Update a8s components and manifests

Paul Eichler · Philipp Kuntz · commit b651ebbf6dc3 · 2022-11-08T13:02:58.000+01:00
The a8s components (PostgreSQL operator, backup-manager,
servicebinding-controller) are updated to the latest versions, which
includes conversion webhooks.

As these conversion webhooks require configuration in the CRDs along
with a Service and a Certificate, they have been added too.
diff --git a/deploy/a8s/manifests/backup-manager.yaml b/deploy/a8s/manifests/backup-manager.yaml
@@ -2,10 +2,23 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
+    cert-manager.io/inject-ca-from: a8s-system/a8s-backup-serving-cert
     controller-gen.kubebuilder.io/version: v0.4.1
   creationTimestamp: null
   name: backups.backups.anynines.com
 spec:
+  conversion:
+    strategy: Webhook
+    webhook:
+      clientConfig:
+        service:
+          name: a8s-backup-webhook-service
+          namespace: a8s-system
+          path: /convert
+          port: 443
+      conversionReviewVersions:
+      - v1
+      - v1beta1
   group: backups.anynines.com
   names:
     kind: Backup
@@ -166,8 +179,6 @@ spec:
               retries:
                 description: Number of times the backup has been retried
                 type: integer
-            required:
-            - conditions
             type: object
         required:
         - spec
@@ -326,8 +337,6 @@ spec:
               retries:
                 description: Number of times the backup has been retried
                 type: integer
-            required:
-            - conditions
             type: object
         required:
         - spec
@@ -347,10 +356,23 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
+    cert-manager.io/inject-ca-from: a8s-system/a8s-backup-serving-cert
     controller-gen.kubebuilder.io/version: v0.4.1
   creationTimestamp: null
   name: restores.backups.anynines.com
 spec:
+  conversion:
+    strategy: Webhook
+    webhook:
+      clientConfig:
+        service:
+          name: a8s-backup-webhook-service
+          namespace: a8s-system
+          path: /convert
+          port: 443
+      conversionReviewVersions:
+      - v1
+      - v1beta1
   group: backups.anynines.com
   names:
     kind: Restore
@@ -516,8 +538,6 @@ spec:
                 description: RestoreID is the ID of the Restore; clients can use this
                   to poll the status of the Restore at the Pod identified by `PodToHit`.
                 type: string
-            required:
-            - conditions
             type: object
         type: object
     served: true
@@ -679,8 +699,6 @@ spec:
                 description: RestoreID is the ID of the Restore; clients can use this
                   to poll the status of the Restore at the Pod identified by `PodToHit`.
                 type: string
-            required:
-            - conditions
             type: object
         type: object
     served: true
@@ -934,7 +952,9 @@ spec:
     protocol: TCP
     targetPort: 9443
   selector:
-    control-plane: controller-manager
+    app.kubernetes.io/component: controller-manager
+    app.kubernetes.io/name: backup-manager
+    app.kubernetes.io/part-of: a8s-backup
 ---
 apiVersion: apps/v1
 kind: Deployment
@@ -976,7 +996,7 @@ spec:
               fieldPath: metadata.namespace
         - name: BACKUP_CREDENTIAL_PATH
           value: /etc/backup-store-secrets
-        image: public.ecr.aws/w5n9a2g2/a9s-ds-for-k8s/dev/backup-manager:v0.34.0
+        image: public.ecr.aws/w5n9a2g2/a9s-ds-for-k8s/dev/backup-manager:878e5ef789335feada36e27dd40733e281536aa2
         livenessProbe:
           httpGet:
             path: /healthz
diff --git a/deploy/a8s/manifests/postgresql-operator.yaml b/deploy/a8s/manifests/postgresql-operator.yaml
@@ -2,10 +2,22 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
+    cert-manager.io/inject-ca-from: a8s-system/postgresql-serving-cert
     controller-gen.kubebuilder.io/version: v0.4.1
   creationTimestamp: null
   name: postgresqls.postgresql.anynines.com
 spec:
+  conversion:
+    strategy: Webhook
+    webhook:
+      clientConfig:
+        service:
+          name: postgresql-webhook-service
+          namespace: a8s-system
+          path: /convert
+      conversionReviewVersions:
+      - v1
+      - v1beta1
   group: postgresql.anynines.com
   names:
     kind: Postgresql
@@ -2890,7 +2902,7 @@ spec:
         - --leader-elect
         command:
         - postgresql-operator
-        image: public.ecr.aws/w5n9a2g2/a9s-ds-for-k8s/dev/postgresql-operator:v0.46.0
+        image: public.ecr.aws/w5n9a2g2/a9s-ds-for-k8s/dev/postgresql-operator:4880de8355bac36308e2f6f4ec3f4273e42af7b1
         livenessProbe:
           httpGet:
             path: /healthz
diff --git a/deploy/a8s/manifests/service-binding-controller.yaml b/deploy/a8s/manifests/service-binding-controller.yaml
@@ -3,9 +3,22 @@ kind: CustomResourceDefinition
 metadata:
   annotations:
     controller-gen.kubebuilder.io/version: v0.4.1
+    cert-manager.io/inject-ca-from: a8s-system/service-binding-serving-cert
   creationTimestamp: null
   name: servicebindings.servicebindings.anynines.com
 spec:
+  conversion:
+      strategy: Webhook
+      webhook:
+        clientConfig:
+          service:
+            name: service-binding-webhook-service
+            namespace: a8s-system
+            path: /convert
+            port: 443
+        conversionReviewVersions:
+        - v1
+        - v1beta1
   group: servicebindings.anynines.com
   names:
     categories:
@@ -395,6 +408,21 @@ spec:
     app.kubernetes.io/name: service-binding-controller-manager
     app.kubernetes.io/part-of: a8s-service-binding
 ---
+apiVersion: v1
+kind: Service
+metadata:
+  name: service-binding-webhook-service
+  namespace: a8s-system
+spec:
+  ports:
+  - port: 443
+    protocol: TCP
+    targetPort: 9443
+  selector:
+    app.kubernetes.io/component: controller-manager
+    app.kubernetes.io/name: service-binding-controller-manager
+    app.kubernetes.io/part-of: a8s-service-binding
+---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -428,7 +456,7 @@ spec:
         - a8s-service-binding-controller
         - --postgresql-root-role=a9s_user
         - --postgresql-default-database=a9s_apps_default_db
-        image: public.ecr.aws/w5n9a2g2/a9s-ds-for-k8s/dev/service-binding-controller:v0.29.0
+        image: public.ecr.aws/w5n9a2g2/a9s-ds-for-k8s/dev/service-binding-controller:7c91f7c206308935f6e9e576c71d032c53560fa1
         livenessProbe:
           httpGet:
             path: /healthz
@@ -492,8 +520,8 @@ metadata:
   namespace: a8s-system
 spec:
   dnsNames:
-  - $(SERVICE_NAME).$(SERVICE_NAMESPACE).svc
-  - $(SERVICE_NAME).$(SERVICE_NAMESPACE).svc.cluster.local
+  - service-binding-webhook-service.a8s-system.svc
+  - service-binding-webhook-service.a8s-system.svc.cluster.local
   issuerRef:
     kind: Issuer
     name: service-binding-selfsigned-issuer
