Merge pull request #10094 from zalando-incubator/alpha-to-beta

alpha to beta

Author: szuecs

cluster/cluster.yaml

@@ -83,7 +83,11 @@ Resources:
           ToPort: {{ $element.ToPort }}
 {{- end }}
 {{- end }}
-        - CidrIp: {{ if eq .Cluster.ConfigItems.kube_aws_ingress_controller_nlb_enabled "true" }}"0.0.0.0/0"{{else}}"{{.Values.vpc_ipv4_cidr}}"{{end}}
+        - CidrIp: "0.0.0.0/0"
+          FromPort: 9998
+          IpProtocol: tcp
+          ToPort: 9999
+        - CidrIpv6: "::/0"
           FromPort: 9998
           IpProtocol: tcp
           ToPort: 9999
@@ -882,7 +886,7 @@ Resources:
           ToPort: {{ $element.ToPort }}
 {{- end }}
 {{- end }}
-        - CidrIp: {{ if eq .Cluster.ConfigItems.kube_aws_ingress_controller_nlb_enabled "true" }}"0.0.0.0/0"{{else}}"{{.Values.vpc_ipv4_cidr}}"{{end}}
+        - CidrIp: "0.0.0.0/0"
           FromPort: 9998
           IpProtocol: tcp
           ToPort: 9999

cluster/config-defaults.yaml

@@ -64,8 +64,6 @@ kube_aws_ingress_controller_ssl_policy: "ELBSecurityPolicy-TLS13-1-2-Res-2021-06
 kube_aws_ingress_controller_idle_timeout: "1m"
 kube_aws_ingress_controller_deregistration_delay_timeout: "10s"
 # allow using NLBs for ingress
-# This opens skipper-ingress ports 9998 and 9999 on all worker nodes
-kube_aws_ingress_controller_nlb_enabled: "true"
 kube_aws_ingress_controller_nlb_cross_zone: "true"
 kube_aws_ingress_controller_nlb_zone_affinity: "any_availability_zone"
 kube_aws_ingress_controller_cert_polling_interval: "2m"

cluster/manifests/02-skipper-validation-webhook/deployment.yaml

@@ -32,7 +32,7 @@ spec:
       priorityClassName: system-cluster-critical
       containers:
       - name: skipper-admission-webhook
-        image: 926694233939.dkr.ecr.eu-central-1.amazonaws.com/production_namespace/teapot/skipper:v0.22.119
+        image: 926694233939.dkr.ecr.eu-central-1.amazonaws.com/production_namespace/teapot/skipper:v0.22.142
         args:
           - webhook
           - --address=:9085

cluster/manifests/sandbox-controller/30-deployment.yaml

@@ -1,4 +1,4 @@
-# {{ $image := "container-registry.zalando.net/gwproxy/sandbox-controller:main-31" }}
+# {{ $image := "container-registry.zalando.net/gwproxy/sandbox-controller:main-34" }}
 # {{ $version := index (split $image ":") 1 }}
 
 {{ if eq .Cluster.ConfigItems.sandbox_controller_enabled "true" }}

cluster/manifests/skipper-canary-controller/canary-cronjob.yaml

@@ -29,7 +29,7 @@ spec:
           containers:
           - name: skipper-canary-controller
             terminationMessagePolicy: FallbackToLogsOnError
-            image: container-registry.zalando.net/gwproxy/skipper-canary-controller:main-33
+            image: container-registry.zalando.net/gwproxy/skipper-canary-controller:main-34
             env:
             - name: POD_NAME
               valueFrom:

cluster/node-pools/master-default/userdata.yaml

@@ -287,7 +287,7 @@ write_files:
             - mountPath: /etc/kubernetes/ssl
               name: ssl-certs-kubernetes
               readOnly: true
-        - image: 926694233939.dkr.ecr.eu-central-1.amazonaws.com/production_namespace/teapot/k8s-authnz-webhook:master-152
+        - image: 926694233939.dkr.ecr.eu-central-1.amazonaws.com/production_namespace/teapot/k8s-authnz-webhook:master-155
           name: webhook
           ports:
           - containerPort: 8081

test/e2e/cluster_config.sh

@@ -34,7 +34,6 @@ clusters:
     skipper_ingress_refuse_payload: "refused-pattern-1[cf724afc]refused-pattern-2"
     efs_id: ${EFS_ID}
     webhook_id: ${INFRASTRUCTURE_ACCOUNT}:${REGION}:kube-aws-test
-    kube_aws_ingress_controller_nlb_enabled: "true"
     nlb_switch: "pre"
     vm_dirty_bytes: 134217728
     vm_dirty_background_bytes: 67108864