Kyma 2.6.3 (#3326)

* successful local install * change cli version * fix leftover and patches * remove unused flag * try to fix benchmark * install kyma once * reuse existing kyma * initial changes * change * add patch * unify kyma cli version * initial changes * change kyma version in comments * use ns var and label ory ns * add message * update kyma cli version * fix benchmark * fix ory ns * fix ns typo * typo * update docs --------- Co-authored-by: PetarTodorovv <todorovv.petar@gmail.com>
kyma-incubator · Sep 29, 2023 · c045c8b · c045c8b
1 parent a82dda0
commit c045c8b
Show file tree

Hide file tree

Showing 9 changed files with 46 additions and 25 deletions.
diff --git a/README.md b/README.md
@@ -21,7 +21,7 @@ For more information about the Compass architecture, technical details, and comp
 - [Docker](https://www.docker.com/get-started)
 - [k3d](https://github.com/k3d-io/k3d) v5.2.2+
 - [kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/) 1.23.0+
-- [Kyma CLI](https://github.com/kyma-project/cli) 2.6.2
+- [Kyma CLI](https://github.com/kyma-project/cli) 2.7.0
 - [helm](https://github.com/helm/helm) v3.8.0+
 - [yq](https://github.com/mikefarah/yq) v4+
 

diff --git a/docs/compass/04-01-installation.md b/docs/compass/04-01-installation.md
@@ -8,7 +8,7 @@ You can install Compass both on a cluster and on your local machine in the follo
 
 ### Required versions
 
-- Kubernetes 1.21
+- Kubernetes 1.23
 - For more information about the required CLI tools versions, see: [Compass Prerequisites](https://github.com/kyma-incubator/compass#prerequisites) 
 
 ### Managed PostgreSQL Database
@@ -46,7 +46,7 @@ Therefore, `serviceAccountTokenJWKS` and `serviceAccountTokenIssuer` need to be
 
 > **NOTE:** During the installation of Compass, the installed Kyma version (as a basis to Compass) must match to the one in the [`KYMA_VERSION`](../../installation/resources/KYMA_VERSION) file in the specific Compass commit.
 
-If custom domains and certificates are needed, see the [Set up your custom domain TLS certificate](https://github.com/kyma-project/kyma/blob/2.5.2/docs/03-tutorials/sec-01-tls-certificates-security.md) document in the Kyma installation guide, as well as the resources in the [Certificate Management](#certificate-management) section in this document.
+If custom domains and certificates are needed, see the [Set up your custom domain TLS certificate](https://github.com/kyma-project/kyma/blob/2.6.3/docs/03-tutorials/sec-01-tls-certificates-security.md) document in the Kyma installation guide, as well as the resources in the [Certificate Management](#certificate-management) section in this document.
 
 Save the following .yaml code with installation overrides into a file (for example: additionalKymaOverrides.yaml)
 ```yaml
@@ -383,9 +383,9 @@ To install the Compass and Runtime components on a single cluster, perform the f
 
 > **NOTE:** During the installation of Kyma, the installed version must match to the one in the [`KYMA_VERSION`](../../installation/resources/KYMA_VERSION) file in the specific Compass commit.
 
-You must have a Kyma installation with an enabled Runtime Agent. For more information, see [Enable Kyma with Runtime Agent](https://github.com/kyma-project/kyma/blob/2.5.2/docs/04-operation-guides/operations/ra-01-enable-kyma-with-runtime-agent.md). Therefore, you must add the compass-runtime-agent module in the compass-system namespace to the list of [minimal kyma components file](../../installation/resources/kyma/kyma-components-minimal.yaml).
+You must have a Kyma installation with an enabled Runtime Agent. For more information, see [Enable Kyma with Runtime Agent](https://github.com/kyma-project/kyma/blob/2.6.3/docs/04-operation-guides/operations/ra-01-enable-kyma-with-runtime-agent.md). Therefore, you must add the compass-runtime-agent module in the compass-system namespace to the list of [minimal kyma components file](../../installation/resources/kyma/kyma-components-minimal.yaml).
 
-If custom domains and certificates are needed, see the [Set up your custom domain TLS certificate](https://github.com/kyma-project/kyma/blob/2.5.2/docs/03-tutorials/sec-01-tls-certificates-security.md) document in the Kyma installation guide, as well as the resources in the [Certificate Management](#certificate-management) section in this document.
+If custom domains and certificates are needed, see the [Set up your custom domain TLS certificate](https://github.com/kyma-project/kyma/blob/2.6.3/docs/03-tutorials/sec-01-tls-certificates-security.md) document in the Kyma installation guide, as well as the resources in the [Certificate Management](#certificate-management) section in this document.
 
 Save the following .yaml code with installation overrides to a file (for example: additionalKymaOverrides.yaml)
 ```yaml

diff --git a/installation/resources/KYMA_VERSION b/installation/resources/KYMA_VERSION
@@ -1 +1 @@
-2.5.2
+2.6.3
diff --git a/installation/scripts/install-compass.sh b/installation/scripts/install-compass.sh
@@ -62,27 +62,32 @@ do
 done
 set -- "${POSITIONAL[@]}" # restore positional parameters
 
+# As of Kyma 2.6.3 we need to specify which namespaces should enable istio injection
+RELEASE_NS=compass-system
+kubectl create ns $RELEASE_NS --dry-run=client -o yaml | kubectl apply -f -
+kubectl label ns $RELEASE_NS istio-injection=enabled --overwrite
+
 if [[ ${SQL_HELM_BACKEND} ]]; then
     echo -e "${GREEN}Helm SQL storage backend will be used${NC}"
 
-    DB_USER=$(base64 -d <<< $(kubectl get secret -n compass-system compass-postgresql -o=jsonpath="{.data['postgresql-director-username']}"))
-    DB_PWD=$(base64 -d <<< $(kubectl get secret -n compass-system compass-postgresql -o=jsonpath="{.data['postgresql-director-password']}"))
-    DB_NAME=$(base64 -d <<< $(kubectl get secret -n compass-system compass-postgresql -o=jsonpath="{.data['postgresql-directorDatabaseName']}"))
-    DB_PORT=$(base64 -d <<< $(kubectl get secret -n compass-system compass-postgresql -o=jsonpath="{.data['postgresql-servicePort']}"))
+    DB_USER=$(base64 -d <<< $(kubectl get secret -n "${RELEASE_NS}" compass-postgresql -o=jsonpath="{.data['postgresql-director-username']}"))
+    DB_PWD=$(base64 -d <<< $(kubectl get secret -n "${RELEASE_NS}" compass-postgresql -o=jsonpath="{.data['postgresql-director-password']}"))
+    DB_NAME=$(base64 -d <<< $(kubectl get secret -n "${RELEASE_NS}" compass-postgresql -o=jsonpath="{.data['postgresql-directorDatabaseName']}"))
+    DB_PORT=$(base64 -d <<< $(kubectl get secret -n "${RELEASE_NS}" compass-postgresql -o=jsonpath="{.data['postgresql-servicePort']}"))
 
-    kubectl port-forward --namespace compass-system svc/compass-postgresql ${DB_PORT}:${DB_PORT} &
+    kubectl port-forward --namespace "${RELEASE_NS}" svc/compass-postgresql ${DB_PORT}:${DB_PORT} &
     sleep 5 #wait port-forwarding to be completed
 
     export HELM_DRIVER=sql
     export HELM_DRIVER_SQL_CONNECTION_STRING=postgres://${DB_USER}:${DB_PWD}@localhost:${DB_PORT}/${DB_NAME}?sslmode=disable
 fi
 
 echo "Wait for helm stable status..."
-wait_for_helm_stable_state "compass" "compass-system" 
+wait_for_helm_stable_state "compass" ""${RELEASE_NS}"" 
 
 echo "Starting compass installation..."
 echo "Path to compass charts: " ${COMPASS_CHARTS}
-helm upgrade --install --atomic --timeout "${TIMEOUT}" -f ./mergedOverrides.yaml --create-namespace --namespace compass-system compass "${COMPASS_CHARTS}"
+helm upgrade --install --atomic --timeout "${TIMEOUT}" -f ./mergedOverrides.yaml --create-namespace --namespace "${RELEASE_NS}" compass "${COMPASS_CHARTS}"
 trap "cleanup_trap" RETURN EXIT INT TERM
 echo "Compass installation finished successfully"
 

diff --git a/installation/scripts/install-db.sh b/installation/scripts/install-db.sh
@@ -51,24 +51,29 @@ do
 done
 set -- "${POSITIONAL[@]}" # restore positional parameters
 
+# As of Kyma 2.6.3 we need to specify which namespaces should enable istio injection
+RELEASE_NS=compass-system
+kubectl create ns $RELEASE_NS --dry-run=client -o yaml | kubectl apply -f -
+kubectl label ns $RELEASE_NS istio-injection=enabled --overwrite
+
 echo "Installing DB..."
-helm upgrade --install --atomic --timeout "${TIMEOUT}" -f ./mergedOverrides.yaml --create-namespace --namespace compass-system localdb "${DB_CHARTS}"
+helm upgrade --install --atomic --timeout "${TIMEOUT}" -f ./mergedOverrides.yaml --create-namespace --namespace "${RELEASE_NS}" localdb "${DB_CHARTS}"
 
 echo "Look for DB dump in progress ..."
-DBDUMP_JOB_JSON=$(kubectl get job compass-dbdump -n compass-system --ignore-not-found -o json)
+DBDUMP_JOB_JSON=$(kubectl get job compass-dbdump -n "${RELEASE_NS}" --ignore-not-found -o json)
 
 if [ ! -z "$DBDUMP_JOB_JSON" ]; then
     echo "DB Dump job found. Wait to complete (up to 30 minutes) ..."
-    kubectl wait --for=condition=complete job/compass-dbdump -n compass-system --timeout="${TIMEOUT}"
-    DBDUMP_JOB_COMPLETION_STATUS=$(kubectl get job compass-dbdump -n compass-system -o jsonpath='{.status.conditions[?(@.type=="Complete")].status}')
+    kubectl wait --for=condition=complete job/compass-dbdump -n "${RELEASE_NS}" --timeout="${TIMEOUT}"
+    DBDUMP_JOB_COMPLETION_STATUS=$(kubectl get job compass-dbdump -n "${RELEASE_NS}" -o jsonpath='{.status.conditions[?(@.type=="Complete")].status}')
 
     if [ "$DBDUMP_JOB_COMPLETION_STATUS" == "True" ]; then
         echo "DB Dump job was executed successfully. Cleanup cluster."
-        kubectl delete job compass-dbdump -n compass-system
-        kubectl delete serviceaccount dbdump-dbdump-job -n compass-system
+        kubectl delete job compass-dbdump -n "${RELEASE_NS}"
+        kubectl delete serviceaccount dbdump-dbdump-job -n "${RELEASE_NS}"
     else
         echo "DB Dump job was failed. Exitting."
-        DBDUMP_JOB_JSON=$(kubectl get job compass-dbdump -n compass-system --ignore-not-found -o json)
+        DBDUMP_JOB_JSON=$(kubectl get job compass-dbdump -n "${RELEASE_NS}" --ignore-not-found -o json)
         echo "DB Dump job: $DBDUMP_JOB_JSON"
         exit 1
     fi

diff --git a/installation/scripts/install-kyma.sh b/installation/scripts/install-kyma.sh
@@ -29,11 +29,11 @@ yq -i ".istio.helmValues.pilot.jwksResolverExtraRootCA = \"$CERT\"" "${MINIMAL_O
 if [[ $(uname -m) == 'arm64' ]]; then
   yq -i ".istio.global.images.istio_proxyv2.containerRegistryPath = \"ghcr.io\"" "${MINIMAL_OVERRIDES_TEMP}"
   yq -i ".istio.global.images.istio_proxyv2.directory = \"resf/istio\"" "${MINIMAL_OVERRIDES_TEMP}"
-  yq -i ".istio.global.images.istio_proxyv2.version = \"1.14.1-distroless\"" "${MINIMAL_OVERRIDES_TEMP}"
+  yq -i ".istio.global.images.istio_proxyv2.version = \"1.14.3-distroless\"" "${MINIMAL_OVERRIDES_TEMP}"
 
   yq -i ".istio.global.images.istio_pilot.containerRegistryPath = \"ghcr.io\"" "${MINIMAL_OVERRIDES_TEMP}"
   yq -i ".istio.global.images.istio_pilot.directory = \"resf/istio\"" "${MINIMAL_OVERRIDES_TEMP}"
-  yq -i ".istio.global.images.istio_pilot.version = \"1.14.1-distroless\"" "${MINIMAL_OVERRIDES_TEMP}"
+  yq -i ".istio.global.images.istio_pilot.version = \"1.14.3-distroless\"" "${MINIMAL_OVERRIDES_TEMP}"
 fi
 
 trap "rm -f ${MINIMAL_OVERRIDES_TEMP}" EXIT INT TERM

diff --git a/installation/scripts/install-ory.sh b/installation/scripts/install-ory.sh
@@ -92,7 +92,9 @@ RELEASE_NS=ory
 RELEASE_NAME=ory-stack
 SECRET_NAME=ory-hydra-credentials
 
+# As of Kyma 2.6.3 we need to specify which namespaces should enable istio injection
 kubectl create ns $RELEASE_NS --dry-run=client -o yaml | kubectl apply -f -
+kubectl label ns $RELEASE_NS istio-injection=enabled --overwrite
 
 LOCAL_PERSISTENCE=$(yq ".global.ory.hydra.persistence.postgresql.enabled" ${OVERRIDE_TEMP_ORY})
 

diff --git a/installation/scripts/prow/jobs/compass-gke-benchmark.sh b/installation/scripts/prow/jobs/compass-gke-benchmark.sh
@@ -162,7 +162,7 @@ function installHelm() {
 }
 
 function installKymaCLI() {
-  KYMA_CLI_VERSION="2.6.2"
+  KYMA_CLI_VERSION="2.7.0"
   log::info "Installing Kyma CLI version: $KYMA_CLI_VERSION"
 
   PREV_WD=$(pwd)
@@ -214,6 +214,15 @@ function installCompassOld() {
   COMPASS_OVERRIDES="$PWD/compass_benchmark_overrides.yaml"
   COMPASS_COMMON_OVERRIDES="$PWD/compass_common_overrides.yaml"
 
+  # Added with Kyma 2.6.3 upgrade can be removed after it reaches main
+  kubectl create ns compass-system --dry-run=client -o yaml | kubectl apply -f -
+  kubectl label ns compass-system istio-injection=enabled --overwrite
+
+  kubectl create ns ory --dry-run=client -o yaml | kubectl apply -f -
+  kubectl label ns ory istio-injection=enabled --overwrite
+
+  # -------------------------------------------------------------------
+
   echo "Installing Ory"
   installOry
 

diff --git a/installation/scripts/prow/jobs/provision-compass.sh b/installation/scripts/prow/jobs/provision-compass.sh
@@ -49,8 +49,8 @@ log::info "Successfully installed yq version: $YQ_VERSION"
 
 # Install Kyma to be later used in run.sh
 # KYMA_CLI_VERSION=$(cat ${COMPASS_SOURCE_DIR}/installation/resources/KYMA_VERSION)
-# TODO: Kyma 2.5.2 release exists, but Kyma CLI with the same version does not. That's why we're using 2.6.2
-KYMA_CLI_VERSION="2.6.2"
+# TODO: Kyma 2.6.3 release exists, but Kyma CLI with the same version does not. That's why we're using 2.7.0
+KYMA_CLI_VERSION="2.7.0"
 log::info "Installing Kyma CLI version: $KYMA_CLI_VERSION"
 
 curl -Lo kyma.tar.gz "https://github.com/kyma-project/cli/releases/download/${KYMA_CLI_VERSION}/kyma_Linux_x86_64.tar.gz" \