From 630385802ceeeb5c80b6074d43ebfd1f84e6a6ec Mon Sep 17 00:00:00 2001
From: Mikkel Oscar Lyderik Larsen <mikkel.larsen@zalando.de>
Date: Tue, 27 Feb 2024 17:12:53 +0100
Subject: [PATCH 1/2] Disable kube2iam on master nodes in test

Signed-off-by: Mikkel Oscar Lyderik Larsen <mikkel.larsen@zalando.de>
---
 cluster/config-defaults.yaml              | 9 +++++++++
 cluster/manifests/kube2iam/daemonset.yaml | 4 ++++
 2 files changed, 13 insertions(+)

diff --git a/cluster/config-defaults.yaml b/cluster/config-defaults.yaml
index 96b1d300d9..2477302bf5 100644
--- a/cluster/config-defaults.yaml
+++ b/cluster/config-defaults.yaml
@@ -713,6 +713,15 @@ audit_webhook_batch_max_size: "250"
 kube2iam_cpu: "25m"
 kube2iam_memory: "100Mi"
 
+# configure whether kube2iam should only run on worker nodes.
+# This depends on control_plane_asg_lifecycle_hook=false as kube-node-ready
+# doesn't work without kube2iam.
+{{if eq .Cluster.Environment "production"}}
+kube2iam_worker_only: "false"
+{{else}}
+kube2iam_worker_only: "true"
+{{end}}
+
 # CIDR configuration for nodes and pods
 # Changing this will change the number of nodes and pods we can schedule in the
 # cluster: https://cloud.google.com/kubernetes-engine/docs/how-to/flexible-pod-cidr
diff --git a/cluster/manifests/kube2iam/daemonset.yaml b/cluster/manifests/kube2iam/daemonset.yaml
index 564ddc2f43..f8a8ae2faa 100644
--- a/cluster/manifests/kube2iam/daemonset.yaml
+++ b/cluster/manifests/kube2iam/daemonset.yaml
@@ -21,6 +21,10 @@ spec:
       annotations:
         logging/destination: "{{.Cluster.ConfigItems.log_destination_infra}}"
     spec:
+{{- if and (eq .Cluster.ConfigItems.kube2iam_worker_only "true") (eq .Cluster.ConfigItems.control_plane_asg_lifecycle_hook "false") }}
+      nodeSelector:
+        node.kubernetes.io/role: worker
+{{- end }}
       dnsConfig:
         options:
           - name: ndots

From af80397550882d99c41e386cbec729414f6626f5 Mon Sep 17 00:00:00 2001
From: Alexander Yastrebov <alexander.yastrebov@zalando.de>
Date: Tue, 30 Jan 2024 09:27:23 +0100
Subject: [PATCH 2/2] skipper: use redis 7

https://raw.githubusercontent.com/redis/redis/7.2/00-RELEASENOTES

The zalando/skipper#2895 updates skipper tests to use redis-7

Signed-off-by: Alexander Yastrebov <alexander.yastrebov@zalando.de>
---
 cluster/manifests/skipper/skipper-redis.yaml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/cluster/manifests/skipper/skipper-redis.yaml b/cluster/manifests/skipper/skipper-redis.yaml
index 7326ce5a83..c722a01031 100644
--- a/cluster/manifests/skipper/skipper-redis.yaml
+++ b/cluster/manifests/skipper/skipper-redis.yaml
@@ -3,7 +3,7 @@ kind: StatefulSet
 metadata:
   labels:
     application: skipper-ingress-redis
-    version: v6.2.7
+    version: v7.2.4
   annotations:
     zalando.org/update-using-hpa-replicas: skipper-ingress-redis
   name: skipper-ingress-redis
@@ -19,7 +19,7 @@ spec:
       labels:
         statefulset: skipper-ingress-redis
         application: skipper-ingress-redis
-        version: v6.2.7
+        version: v7.2.4
       annotations:
         cluster-autoscaler.kubernetes.io/safe-to-evict: "false"
         logging/destination: "{{.Cluster.ConfigItems.log_destination_infra}}"
@@ -50,7 +50,7 @@ spec:
                 - skipper-ingress-redis
       priorityClassName: "{{ .Cluster.ConfigItems.system_priority_class }}"
       containers:
-      - image: container-registry.zalando.net/library/redis-6-alpine:6-alpine-20220622
+      - image: container-registry.zalando.net/library/redis-7-alpine:7-alpine-20240226
         name: skipper-ingress-redis
         args:
         - /usr/local/bin/docker-entrypoint.sh