fix: Mitigate breaking changes to VPA upgrad v2.x

[neelaruban]

What does this PR do?

🛑 Please open an issue first to discuss any significant work and flesh out details/direction - we would hate for your time to be wasted.
Consult the CONTRIBUTING guide for submitting pull-requests.

Motivation

• Resolves Update VPA addon to v2.x #288

More

• Yes, I have tested the PR using my local account setup (Provide any test evidence report under Additional Notes)
• Yes, I ran pre-commit run -a with this PR

For Moderators

• E2E Test successfully complete before merge?

Additional Notes

[bryantbiggs]

how has this been validated, are there any schema changes for the chart?

[neelaruban]

how has this been validated, are there any schema changes for the chart?

the breaking changes introduced will affect existing implementation only during when the intent is to migrate seamlessly without any outages

the new version of the chart introduces new set of default values -

The certificate creation process was changed from using OpenSSL to kube-webhook-certgen to simplify the process. It still uses the same configuration keys (.Values.admissionController.certGen), which makes it impossible to reuse the values from a previous install.

You can mitigate this change by setting the correct image for the upgrade:

helm upgrade <release name> fairwinds-stable/vpa --version 2.0.0 --reuse-values \
  --set "admissionController.certGen.image.repository=registry.k8s.io/ingress-nginx/kube-webhook-certgen" \
  --set "admissionController.certGen.image.tag=v20230312-helm-chart-4.5.2-28-g66a760794"

these new values should be installed when it is installed fresh unless you are trying to do a in place replacement which should be done as shown above .

Furthermore, Previously, the webhook creation was handled by the admission controller itself. This had the downside that Helm is not in control of the resource and therefore required the cleanupOnDelete job.

This version disables the self-registration by the admission controller and creates the MutatingWebhookconfiguration using Helm.

You can either:

• Migrate the MutatingWebhookconfiguration by:

  • adding the label app.kubernetes.io/managed-by: Helm
  • adding the annotation meta.helm.sh/release-name: <release name>
  • adding the annotation meta.helm.sh/release-namespace: <release namespace>

• delete the configuration and it will be recreated by Helm

• or keep the configuration as it is and Helm will ignore it. Execute the tests, to make sure everything works.

Also, the cleanupOnDelete configuration is obsolete.

[github-actions]

This PR has been automatically marked as stale because it has been open 30 days
with no activity. Remove stale label or comment or this PR will be closed in 10 days

[github-actions]

Pull request closed due to inactivity.