Patch ImagePullSecrets to CoreDNS and Kube-proxy ServiceAccount

When upgrading Kubernetes from version 1.29 to 1.30, the ServiceAccount
configuration for CoreDNS and Kube-proxy pods is reset. This reset
causes the previously configured imagePullSecrets to be removed,
resulting in ImagePullBackOff errors on compute nodes.

To address this issue, we are patching the imagePullSecrets
into the CoreDNS and Kube-proxy serviceaccount after the
control plane upgrade

Test plan:
PASS: build-pkgs && build-image.
PASS: Perform k8s upgrade from 1.29 to 1.30, and then to 1.31 on
AIO-SX and verify it upgraded successfully.
PASS: Perform k8s upgrade from 1.29 to 1.30, and then to 1.31 on
AIO-DX and verify it upgraded successfully.
PASS: Perform k8s upgrade from 1.29 to 1.30, and then to 1.31
on a standard system and verify coredns and kube-proxy are running
on compute nodes.
PASS: Perform multiple k8s upgrade on AIO-SX and verify it
upgraded successfully.

Closes-bug: 2106037

Change-Id: Idf7a6451951b28617336e98f5385d6674deef448
Signed-off-by: Boovan Rajendran <boovan.rajendran@windriver.com>

puppet-manifests/src/modules/platform/manifests/kubernetes.pp

@@ -971,6 +971,23 @@ class platform::kubernetes::pre_pull_control_plane_images
   }
 }
 
+define platform::kubernetes::patch_coredns_kubeproxy_serviceaccount($current_version) {
+  if versioncmp(regsubst($current_version, '^v', ''), '1.30.0') >= 0 {
+    exec { 'Patch pull secret into kube-proxy service account':
+      command   => 'kubectl --kubeconfig=/etc/kubernetes/admin.conf -n kube-system patch serviceaccount kube-proxy -p \'{"imagePullSecrets": [{"name": "registry-local-secret"}]}\'', # lint:ignore:140chars
+      logoutput => true,
+      }
+    -> exec { 'Patch pull secret into coredns service account':
+        command   => 'kubectl --kubeconfig=/etc/kubernetes/admin.conf -n kube-system patch serviceaccount coredns -p \'{"metadata": {"labels": {"kubernetes.io/cluster-service": "true","addonmanager.kubernetes.io/mode": "Reconcile"}},"imagePullSecrets": [{"name": "default-registry-key"}]}\'', # lint:ignore:140chars
+        logoutput => true,
+      }
+    -> exec { 'Restart the coredns and kube-proxy pods':
+        command   => 'kubectl --kubeconfig=/etc/kubernetes/admin.conf rollout restart deployment coredns -n kube-system && kubectl --kubeconfig=/etc/kubernetes/admin.conf rollout restart daemonset kube-proxy -n kube-system', # lint:ignore:140chars
+        logoutput => true,
+      }
+  }
+}
+
 class platform::kubernetes::upgrade_first_control_plane
   inherits ::platform::kubernetes::params {
 
@@ -1028,6 +1045,12 @@ class platform::kubernetes::upgrade_first_control_plane
       require   => Exec['upgrade first control plane']
     }
   }
+  # Upgrading the K8s control plane from version 1.29 to 1.30
+  # resets the configurations of the CoreDNS and kube-proxy service accounts.
+  # The following change will restore the configurations for these service accounts.
+  -> platform::kubernetes::patch_coredns_kubeproxy_serviceaccount { 'patch_serviceaccount':
+      current_version => $version
+  }
 }
 
 class platform::kubernetes::upgrade_control_plane
@@ -1065,6 +1088,12 @@ class platform::kubernetes::upgrade_control_plane
     logoutput => true,
   }
 
+  # Upgrading the K8s control plane from version 1.29 to 1.30
+  # resets the configurations of the CoreDNS and kube-proxy service accounts.
+  # The following change will restore the configurations for these service accounts.
+  -> platform::kubernetes::patch_coredns_kubeproxy_serviceaccount { 'patch_serviceaccount':
+      current_version => $version
+  }
 }
 
 # Define for unmasking and starting a service