From ad6d28ae3658458d61c26c8c9fe6f63a4da65765 Mon Sep 17 00:00:00 2001
From: Iago Regiani <Lago.RodriguezRegiani@windriver.com>
Date: Fri, 26 Feb 2021 14:46:06 -0500
Subject: [PATCH] Updated nginx-ingress controller to 0.41.2

This update includes removing the deprecated helm repo and previous
patches. This version is the last one that supports helm v2, and
implements nginx admission controller on port 5443 - avoiding conflict
with lighttpd.

Tested new version with cert-manager and Nodeinfo, making sure that new
routes were created when the application was manually updated, including
Openstack endpoints. Also tested with Platform Upgrade in Simplex and
Duplex deployments.

Story: 2008542
Task: 41636
Closes-Bug: #1902534
Signed-off-by: Regiani Iago <Lago.RodriguezRegiani@windriver.com>
Change-Id: I439ae16f0eb44b25c109d2a275121a60ae62c449
---
 centos_tarball-dl.lst                         |  2 +-
 .../centos/build_srpm.data                    |  7 +-
 .../stx-nginx-ingress-controller-helm.spec    | 21 ++---
 .../0001-Update-for-kubernetes-API-1.16.patch | 92 -------------------
 ...date-nginx-ingress-chart-for-Helm-v3.patch | 22 -----
 .../nginx_ingress_controller_manifest.yaml    | 16 +++-
 6 files changed, 23 insertions(+), 137 deletions(-)
 delete mode 100644 stx-nginx-ingress-controller-helm/stx-nginx-ingress-controller-helm/files/0001-Update-for-kubernetes-API-1.16.patch
 delete mode 100644 stx-nginx-ingress-controller-helm/stx-nginx-ingress-controller-helm/files/0002-Update-nginx-ingress-chart-for-Helm-v3.patch

diff --git a/centos_tarball-dl.lst b/centos_tarball-dl.lst
index 4e261a4..654d683 100644
--- a/centos_tarball-dl.lst
+++ b/centos_tarball-dl.lst
@@ -1 +1 @@
-helm-charts-92b6289ae93816717a8453cfe62bad51cbdb8ad0.tar.gz#helm-charts#https://github.com/helm/charts/archive/92b6289ae93816717a8453cfe62bad51cbdb8ad0.tar.gz#http##
+helm-charts-ingress-nginx-0.41.2.tar.gz#helm-charts#https://github.com/kubernetes/ingress-nginx/archive/controller-v0.41.2.tar.gz#http##
diff --git a/stx-nginx-ingress-controller-helm/centos/build_srpm.data b/stx-nginx-ingress-controller-helm/centos/build_srpm.data
index 09e6976..71c8bc5 100644
--- a/stx-nginx-ingress-controller-helm/centos/build_srpm.data
+++ b/stx-nginx-ingress-controller-helm/centos/build_srpm.data
@@ -1,9 +1,8 @@
 SRC_DIR="stx-nginx-ingress-controller-helm"
 
-TAR_NAME=helm-charts
-SHA=92b6289ae93816717a8453cfe62bad51cbdb8ad0
-VERSION=1.0.0
-TAR="$TAR_NAME-$SHA.tar.gz"
+TAR_NAME=helm-charts-ingress-nginx
+NGINX_VERSION=0.41.2
+TAR="$TAR_NAME-$NGINX_VERSION.tar.gz"
 
 COPY_LIST="${CGCS_BASE}/downloads/$TAR $PKG_BASE/$SRC_DIR/files/* $PKG_BASE/$SRC_DIR/manifests/*"
 
diff --git a/stx-nginx-ingress-controller-helm/centos/stx-nginx-ingress-controller-helm.spec b/stx-nginx-ingress-controller-helm/centos/stx-nginx-ingress-controller-helm.spec
index 8481f68..fc0c172 100644
--- a/stx-nginx-ingress-controller-helm/centos/stx-nginx-ingress-controller-helm.spec
+++ b/stx-nginx-ingress-controller-helm/centos/stx-nginx-ingress-controller-helm.spec
@@ -1,7 +1,7 @@
 # Application tunables (maps to metadata)
 %global app_name nginx-ingress-controller
 %global helm_repo stx-platform
-%global sha 92b6289ae93816717a8453cfe62bad51cbdb8ad0
+%global nginx_version 0.41.2
 
 %global armada_folder  /usr/lib/armada
 
@@ -14,14 +14,14 @@
 
 Summary: StarlingX Nginx Ingress Controller Application Armada Helm Charts
 Name: stx-nginx-ingress-controller-helm
-Version: 1.0
+Version: 1.1
 Release: %{tis_patch_ver}%{?_tis_dist}
 License: Apache-2.0
 Group: base
 Packager: Wind River <info@windriver.com>
 URL: unknown
 
-Source0: helm-charts-%{sha}.tar.gz
+Source0: helm-charts-ingress-nginx-%{nginx_version}.tar.gz
 Source1: repositories.yaml
 Source2: index.yaml
 Source3: Makefile
@@ -33,18 +33,12 @@ BuildArch: noarch
 BuildRequires: helm
 BuildRequires: chartmuseum
 
-Patch01: 0001-Update-for-kubernetes-API-1.16.patch
-Patch02: 0002-Update-nginx-ingress-chart-for-Helm-v3.patch
-
 %description
 StarlingX Nginx Ingress Controller Application Armada Helm Charts
 
 %prep
 %setup -n helm-charts
 
-%patch01 -p1
-%patch02 -p1
-
 %build
 # Host a server for the charts
 chartmuseum --debug --port=8879 --context-path='/charts' --storage="local" --storage-local-rootdir="." &
@@ -52,9 +46,9 @@ sleep 2
 helm repo add local http://localhost:8879/charts
 
 # Create the tgz file
-cp %{SOURCE3} stable
-cd stable
-make nginx-ingress
+cp %{SOURCE3} charts
+cd charts
+make ingress-nginx
 cd -
 
 # Terminate helm server (the last backgrounded task)
@@ -69,7 +63,8 @@ mkdir -p %{app_staging}
 cp %{SOURCE4} %{app_staging}
 cp %{SOURCE5} %{app_staging}
 mkdir -p %{app_staging}/charts
-cp stable/*.tgz %{app_staging}/charts
+
+cp charts/*.tgz %{app_staging}/charts
 cd %{app_staging}
 
 # Populate metadata
diff --git a/stx-nginx-ingress-controller-helm/stx-nginx-ingress-controller-helm/files/0001-Update-for-kubernetes-API-1.16.patch b/stx-nginx-ingress-controller-helm/stx-nginx-ingress-controller-helm/files/0001-Update-for-kubernetes-API-1.16.patch
deleted file mode 100644
index b6372be..0000000
--- a/stx-nginx-ingress-controller-helm/stx-nginx-ingress-controller-helm/files/0001-Update-for-kubernetes-API-1.16.patch
+++ /dev/null
@@ -1,92 +0,0 @@
-From 0d79e68c1e8a71c1b5dd37af553d3883098b55dc Mon Sep 17 00:00:00 2001
-From: Sabeel Ansari <Sabeel.Ansari@windriver.com>
-Date: Thu, 2 Apr 2020 13:32:15 -0400
-Subject: [PATCH 1/1] Update for kubernetes API 1.16
-
----
- stable/nginx-ingress/templates/controller-daemonset.yaml       | 6 +++++-
- stable/nginx-ingress/templates/controller-deployment.yaml      | 6 +++++-
- stable/nginx-ingress/templates/default-backend-deployment.yaml | 6 +++++-
- stable/nginx-ingress/templates/podsecuritypolicy.yaml          | 2 +-
- 4 files changed, 16 insertions(+), 4 deletions(-)
-
-diff --git a/stable/nginx-ingress/templates/controller-daemonset.yaml b/stable/nginx-ingress/templates/controller-daemonset.yaml
-index a05062e..c6e8271 100644
---- a/stable/nginx-ingress/templates/controller-daemonset.yaml
-+++ b/stable/nginx-ingress/templates/controller-daemonset.yaml
-@@ -1,5 +1,5 @@
- {{- if eq .Values.controller.kind "DaemonSet" }}
--apiVersion: extensions/v1beta1
-+apiVersion: apps/v1
- kind: DaemonSet
- metadata:
-   labels:
-@@ -10,6 +10,10 @@ metadata:
-     release: {{ .Release.Name }}
-   name: {{ template "nginx-ingress.controller.fullname" . }}
- spec:
-+  selector:
-+    matchLabels:
-+      app: {{ template "nginx-ingress.name" . }}
-+      release: {{ .Release.Name }}
-   revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
-   updateStrategy:
- {{ toYaml .Values.controller.updateStrategy | indent 4 }}
-diff --git a/stable/nginx-ingress/templates/controller-deployment.yaml b/stable/nginx-ingress/templates/controller-deployment.yaml
-index 7d78507..f653c8a 100644
---- a/stable/nginx-ingress/templates/controller-deployment.yaml
-+++ b/stable/nginx-ingress/templates/controller-deployment.yaml
-@@ -1,5 +1,5 @@
- {{- if eq .Values.controller.kind "Deployment" }}
--apiVersion: extensions/v1beta1
-+apiVersion: apps/v1
- kind: Deployment
- metadata:
-   labels:
-@@ -10,6 +10,10 @@ metadata:
-     release: {{ .Release.Name }}
-   name: {{ template "nginx-ingress.controller.fullname" . }}
- spec:
-+  selector:
-+    matchLabels:
-+      app: {{ template "nginx-ingress.name" . }}
-+      release: {{ .Release.Name }}
-   replicas: {{ .Values.controller.replicaCount }}
-   revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
-   strategy:
-diff --git a/stable/nginx-ingress/templates/default-backend-deployment.yaml b/stable/nginx-ingress/templates/default-backend-deployment.yaml
-index 93ea613..399b798 100644
---- a/stable/nginx-ingress/templates/default-backend-deployment.yaml
-+++ b/stable/nginx-ingress/templates/default-backend-deployment.yaml
-@@ -1,5 +1,5 @@
- {{- if .Values.defaultBackend.enabled }}
--apiVersion: extensions/v1beta1
-+apiVersion: apps/v1
- kind: Deployment
- metadata:
-   labels:
-@@ -10,6 +10,10 @@ metadata:
-     release: {{ .Release.Name }}
-   name: {{ template "nginx-ingress.defaultBackend.fullname" . }}
- spec:
-+  selector:
-+     matchLabels:
-+       app: {{ template "nginx-ingress.name" . }}
-+       release: {{ .Release.Name }}
-   replicas: {{ .Values.defaultBackend.replicaCount }}
-   revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
-   template:
-diff --git a/stable/nginx-ingress/templates/podsecuritypolicy.yaml b/stable/nginx-ingress/templates/podsecuritypolicy.yaml
-index 9222daf..b99aee8 100644
---- a/stable/nginx-ingress/templates/podsecuritypolicy.yaml
-+++ b/stable/nginx-ingress/templates/podsecuritypolicy.yaml
-@@ -1,5 +1,5 @@
- {{- if .Values.podSecurityPolicy.enabled}}
--apiVersion: extensions/v1beta1
-+apiVersion: policy/v1beta1
- kind: PodSecurityPolicy
- metadata:
-   name: {{ template "nginx-ingress.fullname" . }} 
--- 
-1.8.3.1
-
diff --git a/stx-nginx-ingress-controller-helm/stx-nginx-ingress-controller-helm/files/0002-Update-nginx-ingress-chart-for-Helm-v3.patch b/stx-nginx-ingress-controller-helm/stx-nginx-ingress-controller-helm/files/0002-Update-nginx-ingress-chart-for-Helm-v3.patch
deleted file mode 100644
index 0695e5f..0000000
--- a/stx-nginx-ingress-controller-helm/stx-nginx-ingress-controller-helm/files/0002-Update-nginx-ingress-chart-for-Helm-v3.patch
+++ /dev/null
@@ -1,22 +0,0 @@
-From 01e491844ccf4bc89533251c1868fd9e8bbb5483 Mon Sep 17 00:00:00 2001
-From: Jim Gauld <james.gauld@windriver.com>
-Date: Wed, 29 Apr 2020 16:36:02 -0400
-Subject: [PATCH] Update nginx-ingress chart for Helm v3
-
-Signed-off-by: Jim Gauld <james.gauld@windriver.com>
----
- stable/nginx-ingress/Chart.yaml | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/stable/nginx-ingress/Chart.yaml b/stable/nginx-ingress/Chart.yaml
-index a9d64ed..6574c3f 100644
---- a/stable/nginx-ingress/Chart.yaml
-+++ b/stable/nginx-ingress/Chart.yaml
-@@ -1,3 +1,4 @@
-+apiVersion: v1
- name: nginx-ingress
- version: 1.4.0
- appVersion: 0.23.0
--- 
-1.8.3.1
-
diff --git a/stx-nginx-ingress-controller-helm/stx-nginx-ingress-controller-helm/manifests/nginx_ingress_controller_manifest.yaml b/stx-nginx-ingress-controller-helm/stx-nginx-ingress-controller-helm/manifests/nginx_ingress_controller_manifest.yaml
index 525c5c7..9e709ce 100644
--- a/stx-nginx-ingress-controller-helm/stx-nginx-ingress-controller-helm/manifests/nginx_ingress_controller_manifest.yaml
+++ b/stx-nginx-ingress-controller-helm/stx-nginx-ingress-controller-helm/manifests/nginx_ingress_controller_manifest.yaml
@@ -4,13 +4,13 @@ metadata:
   schema: metadata/Document/v1
   name: nginx-ingress
 data:
-  chart_name: nginx-ingress
+  chart_name: ingress-nginx
   release: nginx-ingress
   namespace: kube-system
   wait:
     timeout: 1800
     labels:
-      app: nginx-ingress
+      app.kubernetes.io/name: ingress-nginx
   install:
     no_hooks: false
   upgrade:
@@ -19,11 +19,14 @@ data:
       delete:
         - type: job
           labels:
-            app: nginx-ingress
+             app.kubernetes.io/name: ingress-nginx
   values:
     imagePullSecrets: [{"name": "default-registry-key"}]
     controller:
       kind: DaemonSet
+      image:
+        # cleans the default digest value since sysinv changes the digest when pushing the image to the local registry
+        digest: ""
       daemonset:
         useHostPort: false
       nodeSelector:
@@ -43,6 +46,9 @@ data:
         initialDelaySeconds: 30
       readinessProbe:
         initialDelaySeconds: 30
+      admissionWebhooks:
+        # default port 8443 conflicts with lighttpd using https
+        port: 5443
     defaultBackend:
       image:
         repository: k8s.gcr.io/defaultbackend
@@ -57,8 +63,8 @@ data:
         initialDelaySeconds: 30
   source:
     type: tar
-    location: http://172.17.0.1/helm_charts/stx-platform/nginx-ingress-1.4.0.tgz
-    subpath: nginx-ingress
+    location: http://172.17.0.1/helm_charts/stx-platform/ingress-nginx-3.10.1.tgz
+    subpath: ingress-nginx
     reference: master
   dependencies: []
 ---