2021-12-01 12:35:18 +00:00
|
|
|
clusterBackup:
|
2021-09-02 17:36:11 +00:00
|
|
|
enabled: false
|
2021-12-01 12:35:18 +00:00
|
|
|
|
|
|
|
image:
|
|
|
|
name: public.ecr.aws/zero-downtime/kubezero-admin
|
2022-04-08 20:11:36 +00:00
|
|
|
# tag: v1.22.8
|
2021-12-01 12:35:18 +00:00
|
|
|
|
2022-08-24 15:13:39 +00:00
|
|
|
# -- s3:https://s3.amazonaws.com/${CFN[ConfigBucket]}/k8s/${CLUSTERNAME}/clusterBackup
|
2021-12-01 12:35:18 +00:00
|
|
|
repository: ""
|
2022-08-24 15:13:39 +00:00
|
|
|
# -- /etc/cloudbender/clusterBackup.passphrase
|
2021-12-01 12:35:18 +00:00
|
|
|
password: ""
|
2022-08-24 15:13:39 +00:00
|
|
|
|
2021-12-03 21:16:22 +00:00
|
|
|
extraEnv: []
|
2021-12-01 12:35:18 +00:00
|
|
|
|
2022-01-28 16:22:12 +00:00
|
|
|
forseti:
|
2022-01-24 11:05:54 +00:00
|
|
|
enabled: false
|
|
|
|
|
|
|
|
image:
|
2022-01-28 16:22:12 +00:00
|
|
|
name: public.ecr.aws/zero-downtime/forseti
|
|
|
|
tag: v0.1.2
|
|
|
|
|
|
|
|
aws:
|
|
|
|
region: ""
|
|
|
|
# -- "arn:aws:iam::${AWS::AccountId}:role/${AWS::Region}.${ClusterName}.kubezeroForseti"
|
|
|
|
iamRoleArn: ""
|
2022-01-24 11:05:54 +00:00
|
|
|
|
2022-12-15 21:51:31 +00:00
|
|
|
sealed-secrets:
|
|
|
|
enabled: false
|
|
|
|
|
|
|
|
# ensure kubeseal default values match
|
|
|
|
fullnameOverride: sealed-secrets-controller
|
|
|
|
|
|
|
|
# Disable auto keyrotation for now
|
2023-04-12 11:14:31 +00:00
|
|
|
keyrenewperiod: "0"
|
2022-12-15 21:51:31 +00:00
|
|
|
|
|
|
|
resources:
|
|
|
|
requests:
|
|
|
|
cpu: 10m
|
|
|
|
memory: 24Mi
|
|
|
|
limits:
|
|
|
|
memory: 128Mi
|
|
|
|
|
|
|
|
metrics:
|
|
|
|
serviceMonitor:
|
|
|
|
enabled: false
|
|
|
|
|
|
|
|
nodeSelector:
|
|
|
|
node-role.kubernetes.io/control-plane: ""
|
|
|
|
tolerations:
|
|
|
|
- key: node-role.kubernetes.io/control-plane
|
|
|
|
effect: NoSchedule
|
|
|
|
|
2023-01-11 12:08:18 +00:00
|
|
|
aws-eks-asg-rolling-update-handler:
|
|
|
|
enabled: false
|
|
|
|
image:
|
2023-08-20 16:55:23 +00:00
|
|
|
repository: twinproduction/aws-eks-asg-rolling-update-handler
|
2024-06-29 03:08:08 +00:00
|
|
|
tag: v1.8.4
|
2023-01-11 12:08:18 +00:00
|
|
|
|
|
|
|
environmentVars:
|
|
|
|
- name: CLUSTER_NAME
|
|
|
|
value: ""
|
|
|
|
- name: AWS_REGION
|
|
|
|
value: us-west-2
|
|
|
|
- name: EXECUTION_INTERVAL
|
|
|
|
value: "60"
|
|
|
|
- name: METRICS
|
|
|
|
value: "true"
|
|
|
|
- name: EAGER_CORDONING
|
|
|
|
value: "true"
|
|
|
|
# Only disable if all services have PDBs across AZs
|
|
|
|
- name: SLOW_MODE
|
|
|
|
value: "true"
|
|
|
|
- name: AWS_ROLE_ARN
|
|
|
|
value: ""
|
|
|
|
- name: AWS_WEB_IDENTITY_TOKEN_FILE
|
|
|
|
value: "/var/run/secrets/sts.amazonaws.com/serviceaccount/token"
|
|
|
|
- name: AWS_STS_REGIONAL_ENDPOINTS
|
|
|
|
value: "regional"
|
|
|
|
|
2023-11-15 22:35:53 +00:00
|
|
|
securityContext:
|
|
|
|
runAsNonRoot: true
|
|
|
|
runAsUser: 1001
|
|
|
|
seccompProfile:
|
|
|
|
type: RuntimeDefault
|
|
|
|
|
|
|
|
containerSecurityContext:
|
|
|
|
allowPrivilegeEscalation: false
|
|
|
|
capabilities:
|
|
|
|
drop:
|
|
|
|
- ALL
|
|
|
|
|
2023-01-11 12:08:18 +00:00
|
|
|
resources:
|
|
|
|
requests:
|
|
|
|
cpu: 10m
|
|
|
|
memory: 32Mi
|
|
|
|
limits:
|
|
|
|
memory: 128Mi
|
|
|
|
|
|
|
|
nodeSelector:
|
|
|
|
node-role.kubernetes.io/control-plane: ""
|
|
|
|
tolerations:
|
|
|
|
- key: node-role.kubernetes.io/control-plane
|
|
|
|
effect: NoSchedule
|
|
|
|
|
2021-12-01 12:35:18 +00:00
|
|
|
aws-node-termination-handler:
|
|
|
|
enabled: false
|
|
|
|
|
|
|
|
fullnameOverride: "aws-node-termination-handler"
|
|
|
|
|
2023-08-16 10:17:39 +00:00
|
|
|
# -- "zdt:kubezero:nth:${ClusterName}"
|
|
|
|
managedTag: "zdt:kubezero:nth:${ClusterName}"
|
2021-12-03 21:16:22 +00:00
|
|
|
|
2022-05-16 08:14:02 +00:00
|
|
|
useProviderId: true
|
2021-12-01 12:35:18 +00:00
|
|
|
enableSqsTerminationDraining: true
|
2022-05-16 08:14:02 +00:00
|
|
|
# otherwise pds fails trying to reach IMDS
|
|
|
|
enableSpotInterruptionDraining: false
|
2021-12-21 15:05:08 +00:00
|
|
|
enableProbesServer: true
|
2021-12-03 21:16:22 +00:00
|
|
|
deleteLocalData: true
|
|
|
|
ignoreDaemonSets: true
|
|
|
|
taintNode: true
|
2021-12-21 15:05:08 +00:00
|
|
|
emitKubernetesEvents: true
|
2021-12-01 12:35:18 +00:00
|
|
|
|
2021-12-01 15:43:42 +00:00
|
|
|
# -- https://sqs.${AWS::Region}.amazonaws.com/${AWS::AccountId}/${ClusterName}_Nth
|
2021-12-01 12:35:18 +00:00
|
|
|
queueURL: ""
|
|
|
|
|
2021-12-01 15:43:42 +00:00
|
|
|
metadataTries: 0
|
|
|
|
extraEnv:
|
2022-01-28 16:22:12 +00:00
|
|
|
# -- "arn:aws:iam::${AWS::AccountId}:role/${AWS::Region}.${ClusterName}.awsNth"
|
|
|
|
- name: AWS_ROLE_ARN
|
|
|
|
value: ""
|
|
|
|
- name: AWS_WEB_IDENTITY_TOKEN_FILE
|
|
|
|
value: "/var/run/secrets/sts.amazonaws.com/serviceaccount/token"
|
|
|
|
- name: AWS_STS_REGIONAL_ENDPOINTS
|
|
|
|
value: "regional"
|
2021-12-01 15:43:42 +00:00
|
|
|
|
2021-12-01 12:35:18 +00:00
|
|
|
enablePrometheusServer: false
|
|
|
|
podMonitor:
|
2021-09-02 17:08:08 +00:00
|
|
|
create: false
|
|
|
|
|
2021-12-01 12:35:18 +00:00
|
|
|
jsonLogging: true
|
2022-12-06 15:56:25 +00:00
|
|
|
logFormatVersion: 2
|
2021-12-01 12:35:18 +00:00
|
|
|
|
|
|
|
tolerations:
|
2022-10-27 12:27:42 +00:00
|
|
|
- key: node-role.kubernetes.io/control-plane
|
|
|
|
effect: NoSchedule
|
2021-12-01 12:35:18 +00:00
|
|
|
nodeSelector:
|
|
|
|
node-role.kubernetes.io/control-plane: ""
|
|
|
|
|
|
|
|
rbac:
|
|
|
|
pspEnabled: false
|
2021-09-02 17:36:11 +00:00
|
|
|
|
|
|
|
fuseDevicePlugin:
|
|
|
|
enabled: false
|
2023-10-02 12:57:25 +00:00
|
|
|
image:
|
|
|
|
name: public.ecr.aws/zero-downtime/fuse-device-plugin
|
|
|
|
tag: v1.2.0
|
2021-09-02 17:36:11 +00:00
|
|
|
|
2022-05-04 12:24:14 +00:00
|
|
|
awsNeuron:
|
2021-09-02 17:36:11 +00:00
|
|
|
enabled: false
|
2022-04-08 20:11:36 +00:00
|
|
|
|
2022-05-04 12:24:14 +00:00
|
|
|
image:
|
|
|
|
name: public.ecr.aws/neuron/neuron-device-plugin
|
2024-10-16 11:20:20 +00:00
|
|
|
tag: 2.22.4.0
|
2022-09-11 11:54:56 +00:00
|
|
|
|
2022-09-14 17:08:14 +00:00
|
|
|
nvidia-device-plugin:
|
|
|
|
enabled: false
|
2024-11-08 16:45:10 +00:00
|
|
|
|
|
|
|
cdi:
|
|
|
|
nvidiaHookPath: /usr/bin
|
2024-11-08 19:38:02 +00:00
|
|
|
deviceDiscoveryStrategy: nvml
|
|
|
|
runtimeClassName: nvidia
|
2024-11-08 16:45:10 +00:00
|
|
|
|
2022-09-14 17:08:14 +00:00
|
|
|
tolerations:
|
|
|
|
- key: nvidia.com/gpu
|
|
|
|
operator: Exists
|
|
|
|
effect: NoSchedule
|
|
|
|
- key: kubezero-workergroup
|
|
|
|
effect: NoSchedule
|
|
|
|
operator: Exists
|
|
|
|
|
|
|
|
affinity:
|
|
|
|
nodeAffinity:
|
|
|
|
requiredDuringSchedulingIgnoredDuringExecution:
|
|
|
|
nodeSelectorTerms:
|
|
|
|
- matchExpressions:
|
|
|
|
- key: "node.kubernetes.io/instance-type"
|
|
|
|
operator: In
|
|
|
|
values:
|
|
|
|
- g5.xlarge
|
|
|
|
- g5.2xlarge
|
|
|
|
- g5.4xlarge
|
|
|
|
- g5.8xlarge
|
|
|
|
- g5.12xlarge
|
|
|
|
- g5.16xlarge
|
|
|
|
- g5.24xlarge
|
|
|
|
- g5.48xlarge
|
2023-01-22 16:24:58 +00:00
|
|
|
- g4dn.xlarge
|
2023-04-12 11:14:31 +00:00
|
|
|
- g4dn.2xlarge
|
|
|
|
- g4dn.4xlarge
|
|
|
|
- g4dn.8xlarge
|
|
|
|
- g4dn.12xlarge
|
|
|
|
- g4dn.16xlarge
|
2022-09-14 17:08:14 +00:00
|
|
|
|
2022-09-11 11:54:56 +00:00
|
|
|
cluster-autoscaler:
|
|
|
|
enabled: false
|
|
|
|
|
2023-04-12 11:14:31 +00:00
|
|
|
image:
|
2023-08-20 16:55:23 +00:00
|
|
|
repository: registry.k8s.io/autoscaling/cluster-autoscaler
|
2024-10-16 11:20:20 +00:00
|
|
|
tag: v1.30.2
|
2023-04-12 11:14:31 +00:00
|
|
|
|
2022-09-11 11:54:56 +00:00
|
|
|
autoDiscovery:
|
|
|
|
clusterName: ""
|
|
|
|
awsRegion: "us-west-2"
|
|
|
|
|
|
|
|
serviceMonitor:
|
|
|
|
enabled: false
|
|
|
|
interval: 30s
|
|
|
|
|
|
|
|
prometheusRule:
|
|
|
|
enabled: false
|
2022-09-28 15:41:30 +00:00
|
|
|
interval: "30"
|
2022-09-11 11:54:56 +00:00
|
|
|
|
|
|
|
# Disable pdb for now
|
|
|
|
podDisruptionBudget: false
|
|
|
|
|
2022-09-28 15:41:30 +00:00
|
|
|
extraArgs:
|
|
|
|
scan-interval: 30s
|
|
|
|
skip-nodes-with-local-storage: false
|
2023-04-26 10:26:30 +00:00
|
|
|
balance-similar-node-groups: true
|
|
|
|
ignore-taint: "node.cilium.io/agent-not-ready"
|
2022-09-28 15:41:30 +00:00
|
|
|
|
2022-09-11 11:54:56 +00:00
|
|
|
#securityContext:
|
|
|
|
# runAsNonRoot: true
|
|
|
|
|
|
|
|
nodeSelector:
|
|
|
|
node-role.kubernetes.io/control-plane: ""
|
|
|
|
tolerations:
|
2022-10-27 12:27:42 +00:00
|
|
|
- key: node-role.kubernetes.io/control-plane
|
|
|
|
effect: NoSchedule
|
2022-09-11 11:54:56 +00:00
|
|
|
|
|
|
|
# On AWS enable Projected Service Accounts to assume IAM role
|
|
|
|
#extraEnv:
|
|
|
|
# AWS_ROLE_ARN: <IamArn>
|
2024-03-22 17:04:41 +00:00
|
|
|
# AWS_WEB_IDENTITY_TOKEN_FILE: "/var/run/secrets/sts.amazonaws.com/serviceaccount/token"
|
2022-09-11 11:54:56 +00:00
|
|
|
# AWS_STS_REGIONAL_ENDPOINTS: "regional"
|
|
|
|
|
|
|
|
#extraVolumes:
|
|
|
|
#- name: aws-token
|
|
|
|
# projected:
|
|
|
|
# sources:
|
|
|
|
# - serviceAccountToken:
|
|
|
|
# path: token
|
|
|
|
# expirationSeconds: 86400
|
|
|
|
# audience: "sts.amazonaws.com"
|
|
|
|
|
|
|
|
#extraVolumeMounts:
|
|
|
|
#- name: aws-token
|
|
|
|
# mountPath: "/var/run/secrets/sts.amazonaws.com/serviceaccount/"
|
|
|
|
# readOnly: true
|
2022-05-04 12:24:14 +00:00
|
|
|
|
2022-04-08 20:11:36 +00:00
|
|
|
external-dns:
|
|
|
|
enabled: false
|
|
|
|
|
|
|
|
interval: 3m
|
|
|
|
triggerLoopOnEvent: true
|
|
|
|
|
|
|
|
tolerations:
|
2022-10-27 12:27:42 +00:00
|
|
|
- key: node-role.kubernetes.io/control-plane
|
|
|
|
effect: NoSchedule
|
2022-04-08 20:11:36 +00:00
|
|
|
nodeSelector:
|
|
|
|
node-role.kubernetes.io/control-plane: ""
|
|
|
|
|
2022-04-12 13:23:33 +00:00
|
|
|
#logLevel: debug
|
2022-04-08 20:11:36 +00:00
|
|
|
sources:
|
2022-09-28 15:41:30 +00:00
|
|
|
- service
|
2022-04-08 20:11:36 +00:00
|
|
|
#- istio-gateway
|
|
|
|
|
|
|
|
provider: inmemory
|
2024-11-13 18:19:14 +00:00
|
|
|
|
|
|
|
|
|
|
|
py-kube-downscaler:
|
|
|
|
enabled: false
|
|
|
|
|
|
|
|
tolerations:
|
|
|
|
- key: node-role.kubernetes.io/control-plane
|
|
|
|
effect: NoSchedule
|
|
|
|
nodeSelector:
|
|
|
|
node-role.kubernetes.io/control-plane: ""
|
|
|
|
|
|
|
|
resources:
|
|
|
|
limits:
|
|
|
|
cpu: null
|
|
|
|
memory: 512Mi
|
|
|
|
requests:
|
|
|
|
cpu: 10m
|
|
|
|
memory: 64Mi
|
|
|
|
|
|
|
|
# By default no NOT scale down KubeZero modules
|
|
|
|
excludedNamespaces:
|
|
|
|
- kube-system
|
|
|
|
- operators
|
|
|
|
- monitoring
|
|
|
|
- logging
|
|
|
|
- telemetry
|
|
|
|
- istio-system
|
|
|
|
- istio-ingress
|
|
|
|
- cert-manager
|
|
|
|
- argocd
|