From a1c3642ed40f5c90601f1f6c037d4f48786304c8 Mon Sep 17 00:00:00 2001 From: Kimonas Sotirchos Date: Mon, 11 Jul 2022 18:12:53 +0300 Subject: [PATCH] Update Dex for K8s 1.22 (#2243) * dex: Update for K8s 1.22 Needed to update the deprecated APIs from v1beta1 to v1 for: * CRD for AuthCode * ClusterRole * ClusterRoleBinding Signed-off-by: Kimonas Sotirchos * gh-actions: CI action for Dex Create a GH Action that tests if: 1. Dex manifests can be applied in a KinD K8s 1.22 cluster 2. All pods can become ready Signed-off-by: Kimonas Sotirchos * dex: Update image to 2.31.2 Signed-off-by: Kimonas Sotirchos (cherry picked from commit dca107164e13366240c6ddd1bd50a83f65cf67a7) --- .github/workflows/dex_kind_test.yaml | 30 ++++++++++++++++++++++++++++ common/dex/base/crds.yaml | 15 ++++++++++---- common/dex/base/deployment.yaml | 2 +- 3 files changed, 42 insertions(+), 5 deletions(-) create mode 100644 .github/workflows/dex_kind_test.yaml diff --git a/.github/workflows/dex_kind_test.yaml b/.github/workflows/dex_kind_test.yaml new file mode 100644 index 0000000000..3459ca4754 --- /dev/null +++ b/.github/workflows/dex_kind_test.yaml @@ -0,0 +1,30 @@ +name: Build & Apply Dex manifests in KinD +on: + pull_request: + paths: + - common/dex/base/** + +jobs: + build: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Install KinD + run: ./tests/gh-actions/install_kind.sh + + - name: Create KinD Cluster + run: kind create cluster --config tests/gh-actions/kind-cluster-1-22.yaml + + - name: Install kustomize + run: ./tests/gh-actions/install_kustomize.sh + + - name: Install Istio + run: ./tests/gh-actions/install_istio.sh + + - name: Build & Apply manifests + run: | + cd common/dex + kustomize build overlays/istio | kubectl apply -f - + kubectl wait --for=condition=Ready pods --all --all-namespaces --timeout 180s diff --git a/common/dex/base/crds.yaml b/common/dex/base/crds.yaml index cd18744a85..edf3af58ab 100644 --- a/common/dex/base/crds.yaml +++ b/common/dex/base/crds.yaml @@ -1,5 +1,5 @@ --- -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: authcodes.dex.coreos.com @@ -11,9 +11,16 @@ spec: plural: authcodes singular: authcode scope: Namespaced - version: v1 + versions: + - name: v1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true --- -apiVersion: rbac.authorization.k8s.io/v1beta1 +apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: dex @@ -25,7 +32,7 @@ rules: resources: ["customresourcedefinitions"] verbs: ["create"] # To manage its own resources identity must be able to create customresourcedefinitions. --- -apiVersion: rbac.authorization.k8s.io/v1beta1 +apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: dex diff --git a/common/dex/base/deployment.yaml b/common/dex/base/deployment.yaml index a0972dc3f8..ed7e3dfa39 100644 --- a/common/dex/base/deployment.yaml +++ b/common/dex/base/deployment.yaml @@ -16,7 +16,7 @@ spec: spec: serviceAccountName: dex containers: - - image: quay.io/dexidp/dex:v2.22.0 + - image: ghcr.io/dexidp/dex:v2.31.2 name: dex command: ["dex", "serve", "/etc/dex/cfg/config.yaml"] ports: