ZeroDownTime/KubeZero
3
0
Fork 0
Code Issues 1 Pull Requests 21 Packages Projects Releases Wiki Activity

feat: kubezero now installs and tracks Helm charts for each module

Browse Source
This commit is contained in:
Stefan Reimer 2021-08-25 16:01:02 +02:00
parent bfdefc7364
commit 10a69e6cff
11 changed files with 166 additions and 78 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
charts/kubezero/Chart.yaml
View File

@ -2,17 +2,16 @@ apiVersion: v2
name: kubezero name: kubezero
description: KubeZero - Bootstrap and ArgoCD Root App of Apps chart description: KubeZero - Bootstrap and ArgoCD Root App of Apps chart
type: application type: application
version: 0.5.1 version: 1.20.8
home: https://kubezero.com home: https://kubezero.com
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
keywords: keywords:
- kubezero - kubezero
- argocd - argocd
- gitops
maintainers: maintainers:
- name: Quarky9 - name: Quarky9
dependencies: dependencies:
- name: kubezero-lib - name: kubezero-lib
version: ">= 0.1.3" version: ">= 0.1.4"
repository: https://zero-down-time.github.io/kubezero/ repository: https://zero-down-time.github.io/kubezero/
kubeVersion: ">= 1.18.0" kubeVersion: ">= 1.18.0"

13
charts/kubezero/README.md
View File

@ -1,6 +1,6 @@
# kubezero # kubezero
![Version: 0.5.1](https://img.shields.io/badge/Version-0.5.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![Version: 1.20.8-alpha](https://img.shields.io/badge/Version-1.20.8--alpha-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
KubeZero - Bootstrap and ArgoCD Root App of Apps chart KubeZero - Bootstrap and ArgoCD Root App of Apps chart
@ -18,14 +18,13 @@ Kubernetes: `>= 1.18.0`
| Repository | Name | Version | | Repository | Name | Version |
|------------|------|---------| |------------|------|---------|
| https://zero-down-time.github.io/kubezero/ | kubezero-lib | >= 0.1.3 | | https://zero-down-time.github.io/kubezero/ | kubezero-lib | >= 0.1.4 |
## Values ## Values
| Key | Type | Default | Description | | Key | Type | Default | Description |
|-----|------|---------|-------------| |-----|------|---------|-------------|
| HighAvailableControlplane | bool | `false` | | | HighAvailableControlplane | bool | `false` | |
| argo | object | `{}` | |
| argocd.crds | bool | `true` | | | argocd.crds | bool | `true` | |
| argocd.enabled | bool | `false` | | | argocd.enabled | bool | `false` | |
| argocd.istio.enabled | bool | `false` | | | argocd.istio.enabled | bool | `false` | |
@ -40,16 +39,16 @@ Kubernetes: `>= 1.18.0`
| cert-manager.crds | bool | `true` | | | cert-manager.crds | bool | `true` | |
| cert-manager.enabled | bool | `false` | | | cert-manager.enabled | bool | `false` | |
| cert-manager.namespace | string | `"cert-manager"` | | | cert-manager.namespace | string | `"cert-manager"` | |
| global.kubezero.pathPrefix | string | `""` | |
| global.kubezero.repoURL | string | `"https://github.com/zero-down-time/kubezero"` | |
| global.kubezero.server | string | `"https://kubernetes.default.svc"` | |
| global.kubezero.targetRevision | string | `"HEAD"` | |
| istio-ingress.enabled | bool | `false` | | | istio-ingress.enabled | bool | `false` | |
| istio-ingress.namespace | string | `"istio-ingress"` | | | istio-ingress.namespace | string | `"istio-ingress"` | |
| istio.crds | bool | `true` | | | istio.crds | bool | `true` | |
| istio.enabled | bool | `false` | | | istio.enabled | bool | `false` | |
| istio.namespace | string | `"istio-system"` | | | istio.namespace | string | `"istio-system"` | |
| kiam.enabled | bool | `false` | | | kiam.enabled | bool | `false` | |
| kubezero.repoURL | string | `"https://zero-down-time.github.io/kubezero"` | |
| kubezero.server | string | `"https://kubernetes.default.svc"` | |
| kubezero.sourceRepos[0] | string | `"https://zero-down-time.github.io/kubezero"` | |
| kubezero.targetRevision | string | `"*"` | |
| logging.crds | bool | `true` | | | logging.crds | bool | `true` | |
| logging.enabled | bool | `false` | | | logging.enabled | bool | `false` | |
| logging.namespace | string | `"logging"` | | | logging.namespace | string | `"logging"` | |

61
charts/kubezero/bootstrap.sh
View File

@ -6,32 +6,18 @@ ARTIFACTS=($(echo $2 | tr "," "\n"))
CLUSTER=$3 CLUSTER=$3
LOCATION=${4:-""} LOCATION=${4:-""}
API_VERSIONS="-a monitoring.coreos.com/v1"
DEPLOY_DIR=$( dirname $( realpath $0 ))
which yq || { echo "yq not found!"; exit 1; } which yq || { echo "yq not found!"; exit 1; }
which helm || { echo "helm not found!"; exit 1; } which helm || { echo "helm not found!"; exit 1; }
helm_version=$(helm version --short) helm_version=$(helm version --short)
echo $helm_version | grep -qe "^v3.[3-9]" || { echo "Helm version >= 3.3 required!"; exit 1; } echo $helm_version | grep -qe "^v3.[3-9]" || { echo "Helm version >= 3.3 required!"; exit 1; }
# Simulate well-known CRDs being available
API_VERSIONS="-a monitoring.coreos.com/v1"
KUBE_VERSION="--kube-version $(kubectl version -o json | jq -r .serverVersion.gitVersion)"
TMPDIR=$(mktemp -d kubezero.XXX) TMPDIR=$(mktemp -d kubezero.XXX)
[ -z "$DEBUG" ] && trap 'rm -rf $TMPDIR' ERR EXIT [ -z "$DEBUG" ] && trap 'rm -rf $TMPDIR' ERR EXIT
# First lets generate kubezero.yaml
# Add all yaml files in $CLUSTER
VALUES="$(find $CLUSTER -name '*.yaml' | tr '\n' ',')"
helm template $DEPLOY_DIR -f ${VALUES%%,} --set argo=false > $TMPDIR/kubezero.yaml
# Resolve all the all enabled artifacts in order of their appearance
if [ ${ARTIFACTS[0]} == "all" ]; then
ARTIFACTS=($(yq r -p p $TMPDIR/kubezero.yaml "*.enabled" | awk -F "." '{print $1}'))
fi
# Update only if we use upstream
if [ -z "$LOCATION" ]; then
helm repo add kubezero https://zero-down-time.github.io/kubezero
helm repo update
fi
# Waits for max 300s and retries # Waits for max 300s and retries
function wait_for() { function wait_for() {
@ -72,8 +58,8 @@ function delete_ns() {
# Extract crds via helm calls and apply delta=crds only # Extract crds via helm calls and apply delta=crds only
function _crds() { function _crds() {
helm template $(chart_location $chart) --namespace $namespace --name-template $release --skip-crds --set ${release}.installCRDs=false -f $TMPDIR/values.yaml > $TMPDIR/helm-no-crds.yaml helm template $(chart_location $chart) -n $namespace --name-template $release --skip-crds --set ${release}.installCRDs=false -f $TMPDIR/values.yaml $API_VERSIONS $KUBE_VERSION > $TMPDIR/helm-no-crds.yaml
helm template $(chart_location $chart) --namespace $namespace --name-template $release --include-crds --set ${release}.installCRDs=true -f $TMPDIR/values.yaml > $TMPDIR/helm-crds.yaml helm template $(chart_location $chart) -n $namespace --name-template $release --include-crds --set ${release}.installCRDs=true -f $TMPDIR/values.yaml $API_VERSIONS $KUBE_VERSION > $TMPDIR/helm-crds.yaml
diff -e $TMPDIR/helm-no-crds.yaml $TMPDIR/helm-crds.yaml | head -n-1 | tail -n+2 > $TMPDIR/crds.yaml diff -e $TMPDIR/helm-no-crds.yaml $TMPDIR/helm-crds.yaml | head -n-1 | tail -n+2 > $TMPDIR/crds.yaml
[ -s $TMPDIR/crds.yaml ] && kubectl apply -f $TMPDIR/crds.yaml [ -s $TMPDIR/crds.yaml ] && kubectl apply -f $TMPDIR/crds.yaml
} }
@ -82,9 +68,9 @@ function _crds() {
# helm template | kubectl apply -f - # helm template | kubectl apply -f -
# confine to one namespace if possible # confine to one namespace if possible
function apply(){ function apply(){
helm template $(chart_location $chart) --namespace $namespace --name-template $release --skip-crds -f $TMPDIR/values.yaml $API_VERSIONS $@ > $TMPDIR/helm.yaml helm template $(chart_location $chart) -n $namespace --name-template $release --skip-crds -f $TMPDIR/values.yaml $API_VERSIONS $KUBE_VERSION $@ > $TMPDIR/helm.yaml
# If resources are out of the single $namespace, apply without restrictions # If resources are in more than ONE $namespace, apply without restrictions
nr_ns=$(grep -e '^ namespace:' $TMPDIR/helm.yaml | sed "s/\"//g" | sort | uniq | wc -l) nr_ns=$(grep -e '^ namespace:' $TMPDIR/helm.yaml | sed "s/\"//g" | sort | uniq | wc -l)
if [ $nr_ns -gt 1 ]; then if [ $nr_ns -gt 1 ]; then
kubectl $action -f $TMPDIR/helm.yaml && rc=$? || rc=$? kubectl $action -f $TMPDIR/helm.yaml && rc=$? || rc=$?
@ -133,6 +119,7 @@ function is_enabled() {
local enabled=$(yq r $TMPDIR/kubezero.yaml ${chart}.enabled) local enabled=$(yq r $TMPDIR/kubezero.yaml ${chart}.enabled)
if [ "$enabled" == "true" ]; then if [ "$enabled" == "true" ]; then
# slice values for this chart only from kubezero.yaml
yq r $TMPDIR/kubezero.yaml ${chart}.values > $TMPDIR/values.yaml yq r $TMPDIR/kubezero.yaml ${chart}.values > $TMPDIR/values.yaml
return 0 return 0
fi fi
@ -155,6 +142,11 @@ function get_namespace() {
} }
function update_kubezero_argo() {
helm template $(chart_location kubezero) -f ${VALUES%%,} --set installKubeZero=true > $TMPDIR/kubezero-argocd.yaml
kubectl apply -f $TMPDIR/kubezero-argocd.yaml
}
################ ################
# cert-manager # # cert-manager #
################ ################
@ -198,7 +190,28 @@ function metrics-pre() {
} }
##########
# ArgoCD #
##########
# Install KubeZero app and project
function argocd-post() {
update_kubezero_argo
}
## MAIN ## ## MAIN ##
# First lets generate kubezero.yaml
# Add all yaml files in $CLUSTER
VALUES="$(find $CLUSTER -maxdepth 1 -name '*.yaml' | sort | tr '\n' ',')"
helm template $(chart_location kubezero) -f ${VALUES%%,} > $TMPDIR/kubezero.yaml
# Resolve all the all enabled artifacts in order of their appearance
if [ ${ARTIFACTS[0]} == "all" ]; then
ARTIFACTS=($(yq r -p p $TMPDIR/kubezero.yaml "*.enabled" | awk -F "." '{print $1}'))
fi
echo "Artifacts: ${ARTIFACTS[@]}"
if [ $1 == "deploy" ]; then if [ $1 == "deploy" ]; then
for t in ${ARTIFACTS[@]}; do for t in ${ARTIFACTS[@]}; do
is_enabled $t && _helm apply $t || true is_enabled $t && _helm apply $t || true
@ -216,4 +229,8 @@ elif [ $1 == "delete" ]; then
for (( idx=${#ARTIFACTS[@]}-1 ; idx>=0 ; idx-- )) ; do for (( idx=${#ARTIFACTS[@]}-1 ; idx>=0 ; idx-- )) ; do
is_enabled ${ARTIFACTS[idx]} && _helm delete ${ARTIFACTS[idx]} || true is_enabled ${ARTIFACTS[idx]} && _helm delete ${ARTIFACTS[idx]} || true
done done
# Update ArgoCD Kubezero app
elif [ $1 == "argo" -a $2 == 'kubezero' ]; then
update_kubezero_argo
fi fi

14
charts/kubezero/templates/_app.tpl
View File

@ -1,14 +1,14 @@
{{- define "kubezero-app.app" }} {{- define "kubezero-app.app" }}
{{- $name := regexReplaceAll "kubezero/templates/([a-z-]*)..*" .Template.Name "${1}" }} {{- $name := regexReplaceAll "kubezero/templates/([a-z-]*)..*" .Template.Name "${1}" }}
{{- if and .Values.argo ( index .Values $name "enabled" ) }} {{- if and .Values.argocdAppName ( index .Values $name "enabled" ) }}
apiVersion: argoproj.io/v1alpha1 apiVersion: argoproj.io/v1alpha1
kind: Application kind: Application
metadata: metadata:
name: {{ $name }} name: {{ $name }}
namespace: argocd namespace: argocd
labels: labels:
{{ include "kubezero-lib.labels" . | indent 4 }} {{- include "kubezero-lib.labels" . | nindent 4 }}
{{- if not ( index .Values $name "retain" ) }} {{- if not ( index .Values $name "retain" ) }}
finalizers: finalizers:
- resources-finalizer.argocd.argoproj.io - resources-finalizer.argocd.argoproj.io
@ -17,18 +17,18 @@ spec:
project: kubezero project: kubezero
source: source:
repoURL: {{ .Values.global.kubezero.repoURL }} chart: kubezero-{{ $name }}
targetRevision: {{ .Values.global.kubezero.targetRevision }} repoURL: {{ .Values.kubezero.repoURL }}
path: {{ .Values.global.kubezero.pathPrefix}}charts/kubezero-{{ $name }} targetRevision: {{ default .Values.kubezero.targetRevision ( index .Values $name "targetRevision" ) | quote }}
helm: helm:
values: | values: |
{{- include (print $name "-values") $ | nindent 8 }} {{- include (print $name "-values") $ | nindent 8 }}
destination: destination:
server: {{ .Values.global.kubezero.server }} server: {{ .Values.kubezero.server }}
namespace: {{ default "kube-system" ( index .Values $name "namespace" ) }} namespace: {{ default "kube-system" ( index .Values $name "namespace" ) }}
{{- with .Values.global.kubezero.syncPolicy }} {{- with .Values.kubezero.syncPolicy }}
syncPolicy: syncPolicy:
{{- toYaml . | nindent 4 }} {{- toYaml . | nindent 4 }}
{{- end }} {{- end }}

7
charts/kubezero/templates/argocd.yaml
View File

@ -1,4 +1,5 @@
{{- define "argocd-values" }} {{- define "argocd-values" }}
argo-cd: argo-cd:
controller: controller:
metrics: metrics:
@ -23,9 +24,9 @@ istio:
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- with index .Values "argocd" "kubezero" }}
kubezero:
{{- toYaml . | nindent 2 }}
{{- end }} {{- end }}
{{- define "argocd-argo" }}
{{- end }} {{- end }}
{{ include "kubezero-app.app" . }}

8
charts/kubezero/templates/argoless.yaml
View File

@ -1,12 +1,8 @@
{{- if not .Values.argo }} {{- if and ( not .Values.argocdAppName ) ( not .Values.installKubeZero ) }}
# if no ArgoCD is used, only render the global values.yaml for all kubezero modules
{{- $artifacts := list "calico" "cert-manager" "kiam" "aws-ebs-csi-driver" "aws-efs-csi-driver" "istio" "istio-ingress" "metrics" "logging" "argocd" "timecapsule" "storage" }} {{- $artifacts := list "calico" "cert-manager" "kiam" "aws-ebs-csi-driver" "aws-efs-csi-driver" "istio" "istio-ingress" "metrics" "logging" "argocd" "timecapsule" "storage" }}
{{- if .Values.global }}
global:
{{- toYaml .Values.global | nindent 2 }}
{{- end }}
{{- range $artifacts }} {{- range $artifacts }}
{{- if index $.Values . }} {{- if index $.Values . }}
{{ . }}: {{ . }}:

15
charts/kubezero/templates/aws-node-termination-handler.yaml
View File

@ -1,15 +0,0 @@
{{- define "aws-node-termination-handler-values" }}
aws-node-termination-handler:
queueURL: "{{ index .Values "aws-node-termination-handler" "queueURL" }}"
{{ with index .Values "aws-node-termination-handler" "IamArn" }}
podAnnotations:
iam.amazonaws.com/role: "{{ . }}"
{{- end }}
{{- end }}
{{- define "aws-node-termination-handler-argo" }}
{{- end }}
{{ include "kubezero-app.app" . }}

1
charts/kubezero/templates/istio-ingress.yaml
View File

@ -26,7 +26,6 @@ istio-ingress:
dnsNames: dnsNames:
{{- toYaml $cert.dnsNames | nindent 4 }} {{- toYaml $cert.dnsNames | nindent 4 }}
{{- end }} {{- end }}
proxyProtocol: {{ default false (index .Values "istio-ingress" "public" "proxyProtocol") }}
{{- end }} {{- end }}
{{- if index .Values "istio-ingress" "private" }} {{- if index .Values "istio-ingress" "private" }}

10
charts/kubezero/templates/istio.yaml
View File

@ -9,6 +9,14 @@ global:
defaultPodDisruptionBudget: defaultPodDisruptionBudget:
enabled: true enabled: true
{{- end }} {{- end }}
{{- with index .Values "istio" "kiali-server" }}
kiali-server:
{{- toYaml . | nindent 2 }}
{{- end }}
{{- with .Values.istio.rateLimiting }}
rateLimiting:
{{- toYaml . | nindent 2 }}
{{- end }}
{{- end }} {{- end }}
@ -24,6 +32,8 @@ global:
jsonPointers: jsonPointers:
- /webhooks/0/clientConfig/caBundle - /webhooks/0/clientConfig/caBundle
- /webhooks/0/failurePolicy - /webhooks/0/failurePolicy
- /webhooks/1/clientConfig/caBundle
- /webhooks/1/failurePolicy
- group: admissionregistration.k8s.io - group: admissionregistration.k8s.io
kind: MutatingWebhookConfiguration kind: MutatingWebhookConfiguration
jsonPointers: jsonPointers:

77
charts/kubezero/templates/kubezero.yaml Normal file
View File

@ -0,0 +1,77 @@
{{- if .Values.installKubeZero }}
# Add KubeZero app and project
apiVersion: argoproj.io/v1alpha1
kind: AppProject
metadata:
name: kubezero
namespace: argocd
labels:
{{- include "kubezero-lib.labels" . | nindent 4 }}
spec:
description: KubeZero - ZeroDownTime Kubernetes Platform
# Allow manifests to deploy from
{{- with .Values.kubezero.sourceRepos }}
sourceRepos:
{{- toYaml . | nindent 2 }}
{{- end }}
# platform namespaces in the local cluster
destinations:
- namespace: argocd
server: https://kubernetes.default.svc
- namespace: kube-system
server: https://kubernetes.default.svc
- namespace: cert-manager
server: https://kubernetes.default.svc
- namespace: istio-system
server: https://kubernetes.default.svc
- namespace: istio-ingress
server: https://kubernetes.default.svc
- namespace: monitoring
server: https://kubernetes.default.svc
- namespace: elastic-system
server: https://kubernetes.default.svc
- namespace: logging
server: https://kubernetes.default.svc
clusterResourceWhitelist:
- group: '*'
kind: '*'
---
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: kubezero
namespace: argocd
labels:
{{- include "kubezero-lib.labels" . | nindent 4 }}
spec:
project: kubezero
source:
repoURL: https://zero-down-time.github.io/kubezero
chart: kubezero
# targetRevision: '>=1.20.8-0'
targetRevision: '{{ .Chart.Version }}'
helm:
parameters:
# We use this to detect if we are called from ArgoCD
- name: argocdAppName
value: $ARGOCD_APP_NAME
# This breaks the recursion, otherwise we install another kubezero project and app
- name: installKubeZero
value: "false"
values: |
{{- toYaml .Values | nindent 8 }}
destination:
server: https://kubernetes.default.svc
namespace: argocd
syncPolicy:
automated:
prune: true
{{- end }}

33
charts/kubezero/values.yaml
View File

@ -1,9 +1,9 @@
global: kubezero:
kubezero: server: https://kubernetes.default.svc
server: https://kubernetes.default.svc repoURL: https://zero-down-time.github.io/kubezero
repoURL: https://github.com/zero-down-time/kubezero targetRevision: '*'
targetRevision: HEAD sourceRepos:
pathPrefix: '' - 'https://zero-down-time.github.io/kubezero'
HighAvailableControlplane: false HighAvailableControlplane: false
@ -11,45 +11,50 @@ calico:
enabled: false enabled: false
crds: true crds: true
retain: true retain: true
targetRevision: 0.2.2
cert-manager: cert-manager:
enabled: false enabled: false
crds: true crds: true
namespace: cert-manager namespace: cert-manager
targetRevision: 0.6.1
kiam: kiam:
enabled: false enabled: false
targetRevision: 0.3.5
aws-node-termination-handler:
enabled: false
timecapsule:
enabled: false
storage: storage:
enabled: false enabled: false
crds: true crds: true
timecapsule:
enabled: false
aws-ebs-csi-driver: aws-ebs-csi-driver:
enabled: false enabled: false
crds: true crds: true
targetRevision: 0.6.4
aws-efs-csi-driver: aws-efs-csi-driver:
enabled: false enabled: false
targetRevision: 0.4.2
istio: istio:
enabled: false enabled: false
crds: true crds: true
namespace: istio-system namespace: istio-system
targetRevision: 0.7.2
istio-ingress: istio-ingress:
enabled: false enabled: false
namespace: istio-ingress namespace: istio-ingress
targetRevision: 0.7.2
metrics: metrics:
enabled: false enabled: false
crds: true crds: true
namespace: monitoring namespace: monitoring
targetRevision: 0.4.6
istio: istio:
grafana: {} grafana: {}
prometheus: {} prometheus: {}
@ -58,12 +63,12 @@ logging:
enabled: false enabled: false
crds: true crds: true
namespace: logging namespace: logging
targetRevision: 0.7.6
argocd: argocd:
enabled: false enabled: false
crds: true crds: true
namespace: argocd namespace: argocd
targetRevision: 0.8.1
istio: istio:
enabled: false enabled: false
argo: {}