feat: kubezero now installs and tracks Helm charts for each module
This commit is contained in:
parent
bfdefc7364
commit
10a69e6cff
@ -2,17 +2,16 @@ apiVersion: v2
|
||||
name: kubezero
|
||||
description: KubeZero - Bootstrap and ArgoCD Root App of Apps chart
|
||||
type: application
|
||||
version: 0.5.1
|
||||
version: 1.20.8
|
||||
home: https://kubezero.com
|
||||
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
||||
keywords:
|
||||
- kubezero
|
||||
- argocd
|
||||
- gitops
|
||||
maintainers:
|
||||
- name: Quarky9
|
||||
dependencies:
|
||||
- name: kubezero-lib
|
||||
version: ">= 0.1.3"
|
||||
version: ">= 0.1.4"
|
||||
repository: https://zero-down-time.github.io/kubezero/
|
||||
kubeVersion: ">= 1.18.0"
|
||||
|
@ -1,6 +1,6 @@
|
||||
# kubezero
|
||||
|
||||
![Version: 0.5.1](https://img.shields.io/badge/Version-0.5.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
|
||||
![Version: 1.20.8-alpha](https://img.shields.io/badge/Version-1.20.8--alpha-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
|
||||
|
||||
KubeZero - Bootstrap and ArgoCD Root App of Apps chart
|
||||
|
||||
@ -18,14 +18,13 @@ Kubernetes: `>= 1.18.0`
|
||||
|
||||
| Repository | Name | Version |
|
||||
|------------|------|---------|
|
||||
| https://zero-down-time.github.io/kubezero/ | kubezero-lib | >= 0.1.3 |
|
||||
| https://zero-down-time.github.io/kubezero/ | kubezero-lib | >= 0.1.4 |
|
||||
|
||||
## Values
|
||||
|
||||
| Key | Type | Default | Description |
|
||||
|-----|------|---------|-------------|
|
||||
| HighAvailableControlplane | bool | `false` | |
|
||||
| argo | object | `{}` | |
|
||||
| argocd.crds | bool | `true` | |
|
||||
| argocd.enabled | bool | `false` | |
|
||||
| argocd.istio.enabled | bool | `false` | |
|
||||
@ -40,16 +39,16 @@ Kubernetes: `>= 1.18.0`
|
||||
| cert-manager.crds | bool | `true` | |
|
||||
| cert-manager.enabled | bool | `false` | |
|
||||
| cert-manager.namespace | string | `"cert-manager"` | |
|
||||
| global.kubezero.pathPrefix | string | `""` | |
|
||||
| global.kubezero.repoURL | string | `"https://github.com/zero-down-time/kubezero"` | |
|
||||
| global.kubezero.server | string | `"https://kubernetes.default.svc"` | |
|
||||
| global.kubezero.targetRevision | string | `"HEAD"` | |
|
||||
| istio-ingress.enabled | bool | `false` | |
|
||||
| istio-ingress.namespace | string | `"istio-ingress"` | |
|
||||
| istio.crds | bool | `true` | |
|
||||
| istio.enabled | bool | `false` | |
|
||||
| istio.namespace | string | `"istio-system"` | |
|
||||
| kiam.enabled | bool | `false` | |
|
||||
| kubezero.repoURL | string | `"https://zero-down-time.github.io/kubezero"` | |
|
||||
| kubezero.server | string | `"https://kubernetes.default.svc"` | |
|
||||
| kubezero.sourceRepos[0] | string | `"https://zero-down-time.github.io/kubezero"` | |
|
||||
| kubezero.targetRevision | string | `"*"` | |
|
||||
| logging.crds | bool | `true` | |
|
||||
| logging.enabled | bool | `false` | |
|
||||
| logging.namespace | string | `"logging"` | |
|
||||
|
@ -6,32 +6,18 @@ ARTIFACTS=($(echo $2 | tr "," "\n"))
|
||||
CLUSTER=$3
|
||||
LOCATION=${4:-""}
|
||||
|
||||
API_VERSIONS="-a monitoring.coreos.com/v1"
|
||||
|
||||
DEPLOY_DIR=$( dirname $( realpath $0 ))
|
||||
which yq || { echo "yq not found!"; exit 1; }
|
||||
which helm || { echo "helm not found!"; exit 1; }
|
||||
helm_version=$(helm version --short)
|
||||
echo $helm_version | grep -qe "^v3.[3-9]" || { echo "Helm version >= 3.3 required!"; exit 1; }
|
||||
|
||||
# Simulate well-known CRDs being available
|
||||
API_VERSIONS="-a monitoring.coreos.com/v1"
|
||||
KUBE_VERSION="--kube-version $(kubectl version -o json | jq -r .serverVersion.gitVersion)"
|
||||
|
||||
TMPDIR=$(mktemp -d kubezero.XXX)
|
||||
[ -z "$DEBUG" ] && trap 'rm -rf $TMPDIR' ERR EXIT
|
||||
|
||||
# First lets generate kubezero.yaml
|
||||
# Add all yaml files in $CLUSTER
|
||||
VALUES="$(find $CLUSTER -name '*.yaml' | tr '\n' ',')"
|
||||
helm template $DEPLOY_DIR -f ${VALUES%%,} --set argo=false > $TMPDIR/kubezero.yaml
|
||||
|
||||
# Resolve all the all enabled artifacts in order of their appearance
|
||||
if [ ${ARTIFACTS[0]} == "all" ]; then
|
||||
ARTIFACTS=($(yq r -p p $TMPDIR/kubezero.yaml "*.enabled" | awk -F "." '{print $1}'))
|
||||
fi
|
||||
|
||||
# Update only if we use upstream
|
||||
if [ -z "$LOCATION" ]; then
|
||||
helm repo add kubezero https://zero-down-time.github.io/kubezero
|
||||
helm repo update
|
||||
fi
|
||||
|
||||
# Waits for max 300s and retries
|
||||
function wait_for() {
|
||||
@ -72,8 +58,8 @@ function delete_ns() {
|
||||
|
||||
# Extract crds via helm calls and apply delta=crds only
|
||||
function _crds() {
|
||||
helm template $(chart_location $chart) --namespace $namespace --name-template $release --skip-crds --set ${release}.installCRDs=false -f $TMPDIR/values.yaml > $TMPDIR/helm-no-crds.yaml
|
||||
helm template $(chart_location $chart) --namespace $namespace --name-template $release --include-crds --set ${release}.installCRDs=true -f $TMPDIR/values.yaml > $TMPDIR/helm-crds.yaml
|
||||
helm template $(chart_location $chart) -n $namespace --name-template $release --skip-crds --set ${release}.installCRDs=false -f $TMPDIR/values.yaml $API_VERSIONS $KUBE_VERSION > $TMPDIR/helm-no-crds.yaml
|
||||
helm template $(chart_location $chart) -n $namespace --name-template $release --include-crds --set ${release}.installCRDs=true -f $TMPDIR/values.yaml $API_VERSIONS $KUBE_VERSION > $TMPDIR/helm-crds.yaml
|
||||
diff -e $TMPDIR/helm-no-crds.yaml $TMPDIR/helm-crds.yaml | head -n-1 | tail -n+2 > $TMPDIR/crds.yaml
|
||||
[ -s $TMPDIR/crds.yaml ] && kubectl apply -f $TMPDIR/crds.yaml
|
||||
}
|
||||
@ -82,9 +68,9 @@ function _crds() {
|
||||
# helm template | kubectl apply -f -
|
||||
# confine to one namespace if possible
|
||||
function apply(){
|
||||
helm template $(chart_location $chart) --namespace $namespace --name-template $release --skip-crds -f $TMPDIR/values.yaml $API_VERSIONS $@ > $TMPDIR/helm.yaml
|
||||
helm template $(chart_location $chart) -n $namespace --name-template $release --skip-crds -f $TMPDIR/values.yaml $API_VERSIONS $KUBE_VERSION $@ > $TMPDIR/helm.yaml
|
||||
|
||||
# If resources are out of the single $namespace, apply without restrictions
|
||||
# If resources are in more than ONE $namespace, apply without restrictions
|
||||
nr_ns=$(grep -e '^ namespace:' $TMPDIR/helm.yaml | sed "s/\"//g" | sort | uniq | wc -l)
|
||||
if [ $nr_ns -gt 1 ]; then
|
||||
kubectl $action -f $TMPDIR/helm.yaml && rc=$? || rc=$?
|
||||
@ -133,6 +119,7 @@ function is_enabled() {
|
||||
local enabled=$(yq r $TMPDIR/kubezero.yaml ${chart}.enabled)
|
||||
|
||||
if [ "$enabled" == "true" ]; then
|
||||
# slice values for this chart only from kubezero.yaml
|
||||
yq r $TMPDIR/kubezero.yaml ${chart}.values > $TMPDIR/values.yaml
|
||||
return 0
|
||||
fi
|
||||
@ -155,6 +142,11 @@ function get_namespace() {
|
||||
}
|
||||
|
||||
|
||||
function update_kubezero_argo() {
|
||||
helm template $(chart_location kubezero) -f ${VALUES%%,} --set installKubeZero=true > $TMPDIR/kubezero-argocd.yaml
|
||||
kubectl apply -f $TMPDIR/kubezero-argocd.yaml
|
||||
}
|
||||
|
||||
################
|
||||
# cert-manager #
|
||||
################
|
||||
@ -198,7 +190,28 @@ function metrics-pre() {
|
||||
}
|
||||
|
||||
|
||||
##########
|
||||
# ArgoCD #
|
||||
##########
|
||||
# Install KubeZero app and project
|
||||
function argocd-post() {
|
||||
update_kubezero_argo
|
||||
}
|
||||
|
||||
|
||||
## MAIN ##
|
||||
# First lets generate kubezero.yaml
|
||||
# Add all yaml files in $CLUSTER
|
||||
VALUES="$(find $CLUSTER -maxdepth 1 -name '*.yaml' | sort | tr '\n' ',')"
|
||||
helm template $(chart_location kubezero) -f ${VALUES%%,} > $TMPDIR/kubezero.yaml
|
||||
|
||||
# Resolve all the all enabled artifacts in order of their appearance
|
||||
if [ ${ARTIFACTS[0]} == "all" ]; then
|
||||
ARTIFACTS=($(yq r -p p $TMPDIR/kubezero.yaml "*.enabled" | awk -F "." '{print $1}'))
|
||||
fi
|
||||
echo "Artifacts: ${ARTIFACTS[@]}"
|
||||
|
||||
|
||||
if [ $1 == "deploy" ]; then
|
||||
for t in ${ARTIFACTS[@]}; do
|
||||
is_enabled $t && _helm apply $t || true
|
||||
@ -216,4 +229,8 @@ elif [ $1 == "delete" ]; then
|
||||
for (( idx=${#ARTIFACTS[@]}-1 ; idx>=0 ; idx-- )) ; do
|
||||
is_enabled ${ARTIFACTS[idx]} && _helm delete ${ARTIFACTS[idx]} || true
|
||||
done
|
||||
|
||||
# Update ArgoCD Kubezero app
|
||||
elif [ $1 == "argo" -a $2 == 'kubezero' ]; then
|
||||
update_kubezero_argo
|
||||
fi
|
||||
|
@ -1,14 +1,14 @@
|
||||
{{- define "kubezero-app.app" }}
|
||||
{{- $name := regexReplaceAll "kubezero/templates/([a-z-]*)..*" .Template.Name "${1}" }}
|
||||
|
||||
{{- if and .Values.argo ( index .Values $name "enabled" ) }}
|
||||
{{- if and .Values.argocdAppName ( index .Values $name "enabled" ) }}
|
||||
apiVersion: argoproj.io/v1alpha1
|
||||
kind: Application
|
||||
metadata:
|
||||
name: {{ $name }}
|
||||
namespace: argocd
|
||||
labels:
|
||||
{{ include "kubezero-lib.labels" . | indent 4 }}
|
||||
{{- include "kubezero-lib.labels" . | nindent 4 }}
|
||||
{{- if not ( index .Values $name "retain" ) }}
|
||||
finalizers:
|
||||
- resources-finalizer.argocd.argoproj.io
|
||||
@ -17,18 +17,18 @@ spec:
|
||||
project: kubezero
|
||||
|
||||
source:
|
||||
repoURL: {{ .Values.global.kubezero.repoURL }}
|
||||
targetRevision: {{ .Values.global.kubezero.targetRevision }}
|
||||
path: {{ .Values.global.kubezero.pathPrefix}}charts/kubezero-{{ $name }}
|
||||
chart: kubezero-{{ $name }}
|
||||
repoURL: {{ .Values.kubezero.repoURL }}
|
||||
targetRevision: {{ default .Values.kubezero.targetRevision ( index .Values $name "targetRevision" ) | quote }}
|
||||
helm:
|
||||
values: |
|
||||
{{- include (print $name "-values") $ | nindent 8 }}
|
||||
|
||||
destination:
|
||||
server: {{ .Values.global.kubezero.server }}
|
||||
server: {{ .Values.kubezero.server }}
|
||||
namespace: {{ default "kube-system" ( index .Values $name "namespace" ) }}
|
||||
|
||||
{{- with .Values.global.kubezero.syncPolicy }}
|
||||
{{- with .Values.kubezero.syncPolicy }}
|
||||
syncPolicy:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
|
@ -1,4 +1,5 @@
|
||||
{{- define "argocd-values" }}
|
||||
|
||||
argo-cd:
|
||||
controller:
|
||||
metrics:
|
||||
@ -23,9 +24,9 @@ istio:
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{- with index .Values "argocd" "kubezero" }}
|
||||
kubezero:
|
||||
{{- toYaml . | nindent 2 }}
|
||||
{{- end }}
|
||||
|
||||
{{- define "argocd-argo" }}
|
||||
{{- end }}
|
||||
|
||||
{{ include "kubezero-app.app" . }}
|
||||
|
@ -1,12 +1,8 @@
|
||||
{{- if not .Values.argo }}
|
||||
{{- if and ( not .Values.argocdAppName ) ( not .Values.installKubeZero ) }}
|
||||
# if no ArgoCD is used, only render the global values.yaml for all kubezero modules
|
||||
|
||||
{{- $artifacts := list "calico" "cert-manager" "kiam" "aws-ebs-csi-driver" "aws-efs-csi-driver" "istio" "istio-ingress" "metrics" "logging" "argocd" "timecapsule" "storage" }}
|
||||
|
||||
{{- if .Values.global }}
|
||||
global:
|
||||
{{- toYaml .Values.global | nindent 2 }}
|
||||
{{- end }}
|
||||
|
||||
{{- range $artifacts }}
|
||||
{{- if index $.Values . }}
|
||||
{{ . }}:
|
||||
|
@ -1,15 +0,0 @@
|
||||
{{- define "aws-node-termination-handler-values" }}
|
||||
|
||||
aws-node-termination-handler:
|
||||
queueURL: "{{ index .Values "aws-node-termination-handler" "queueURL" }}"
|
||||
{{ with index .Values "aws-node-termination-handler" "IamArn" }}
|
||||
podAnnotations:
|
||||
iam.amazonaws.com/role: "{{ . }}"
|
||||
{{- end }}
|
||||
|
||||
{{- end }}
|
||||
|
||||
{{- define "aws-node-termination-handler-argo" }}
|
||||
{{- end }}
|
||||
|
||||
{{ include "kubezero-app.app" . }}
|
@ -26,7 +26,6 @@ istio-ingress:
|
||||
dnsNames:
|
||||
{{- toYaml $cert.dnsNames | nindent 4 }}
|
||||
{{- end }}
|
||||
proxyProtocol: {{ default false (index .Values "istio-ingress" "public" "proxyProtocol") }}
|
||||
{{- end }}
|
||||
|
||||
{{- if index .Values "istio-ingress" "private" }}
|
||||
|
@ -9,6 +9,14 @@ global:
|
||||
defaultPodDisruptionBudget:
|
||||
enabled: true
|
||||
{{- end }}
|
||||
{{- with index .Values "istio" "kiali-server" }}
|
||||
kiali-server:
|
||||
{{- toYaml . | nindent 2 }}
|
||||
{{- end }}
|
||||
{{- with .Values.istio.rateLimiting }}
|
||||
rateLimiting:
|
||||
{{- toYaml . | nindent 2 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
|
||||
@ -24,6 +32,8 @@ global:
|
||||
jsonPointers:
|
||||
- /webhooks/0/clientConfig/caBundle
|
||||
- /webhooks/0/failurePolicy
|
||||
- /webhooks/1/clientConfig/caBundle
|
||||
- /webhooks/1/failurePolicy
|
||||
- group: admissionregistration.k8s.io
|
||||
kind: MutatingWebhookConfiguration
|
||||
jsonPointers:
|
||||
|
77
charts/kubezero/templates/kubezero.yaml
Normal file
77
charts/kubezero/templates/kubezero.yaml
Normal file
@ -0,0 +1,77 @@
|
||||
{{- if .Values.installKubeZero }}
|
||||
# Add KubeZero app and project
|
||||
|
||||
apiVersion: argoproj.io/v1alpha1
|
||||
kind: AppProject
|
||||
metadata:
|
||||
name: kubezero
|
||||
namespace: argocd
|
||||
labels:
|
||||
{{- include "kubezero-lib.labels" . | nindent 4 }}
|
||||
spec:
|
||||
description: KubeZero - ZeroDownTime Kubernetes Platform
|
||||
|
||||
# Allow manifests to deploy from
|
||||
{{- with .Values.kubezero.sourceRepos }}
|
||||
sourceRepos:
|
||||
{{- toYaml . | nindent 2 }}
|
||||
{{- end }}
|
||||
|
||||
# platform namespaces in the local cluster
|
||||
destinations:
|
||||
- namespace: argocd
|
||||
server: https://kubernetes.default.svc
|
||||
- namespace: kube-system
|
||||
server: https://kubernetes.default.svc
|
||||
- namespace: cert-manager
|
||||
server: https://kubernetes.default.svc
|
||||
- namespace: istio-system
|
||||
server: https://kubernetes.default.svc
|
||||
- namespace: istio-ingress
|
||||
server: https://kubernetes.default.svc
|
||||
- namespace: monitoring
|
||||
server: https://kubernetes.default.svc
|
||||
- namespace: elastic-system
|
||||
server: https://kubernetes.default.svc
|
||||
- namespace: logging
|
||||
server: https://kubernetes.default.svc
|
||||
|
||||
clusterResourceWhitelist:
|
||||
- group: '*'
|
||||
kind: '*'
|
||||
|
||||
---
|
||||
apiVersion: argoproj.io/v1alpha1
|
||||
kind: Application
|
||||
metadata:
|
||||
name: kubezero
|
||||
namespace: argocd
|
||||
labels:
|
||||
{{- include "kubezero-lib.labels" . | nindent 4 }}
|
||||
spec:
|
||||
project: kubezero
|
||||
source:
|
||||
repoURL: https://zero-down-time.github.io/kubezero
|
||||
chart: kubezero
|
||||
# targetRevision: '>=1.20.8-0'
|
||||
targetRevision: '{{ .Chart.Version }}'
|
||||
|
||||
helm:
|
||||
parameters:
|
||||
# We use this to detect if we are called from ArgoCD
|
||||
- name: argocdAppName
|
||||
value: $ARGOCD_APP_NAME
|
||||
# This breaks the recursion, otherwise we install another kubezero project and app
|
||||
- name: installKubeZero
|
||||
value: "false"
|
||||
values: |
|
||||
{{- toYaml .Values | nindent 8 }}
|
||||
|
||||
destination:
|
||||
server: https://kubernetes.default.svc
|
||||
namespace: argocd
|
||||
|
||||
syncPolicy:
|
||||
automated:
|
||||
prune: true
|
||||
{{- end }}
|
@ -1,9 +1,9 @@
|
||||
global:
|
||||
kubezero:
|
||||
server: https://kubernetes.default.svc
|
||||
repoURL: https://github.com/zero-down-time/kubezero
|
||||
targetRevision: HEAD
|
||||
pathPrefix: ''
|
||||
repoURL: https://zero-down-time.github.io/kubezero
|
||||
targetRevision: '*'
|
||||
sourceRepos:
|
||||
- 'https://zero-down-time.github.io/kubezero'
|
||||
|
||||
HighAvailableControlplane: false
|
||||
|
||||
@ -11,45 +11,50 @@ calico:
|
||||
enabled: false
|
||||
crds: true
|
||||
retain: true
|
||||
targetRevision: 0.2.2
|
||||
|
||||
cert-manager:
|
||||
enabled: false
|
||||
crds: true
|
||||
namespace: cert-manager
|
||||
targetRevision: 0.6.1
|
||||
|
||||
kiam:
|
||||
enabled: false
|
||||
|
||||
aws-node-termination-handler:
|
||||
enabled: false
|
||||
|
||||
timecapsule:
|
||||
enabled: false
|
||||
targetRevision: 0.3.5
|
||||
|
||||
storage:
|
||||
enabled: false
|
||||
crds: true
|
||||
|
||||
timecapsule:
|
||||
enabled: false
|
||||
|
||||
aws-ebs-csi-driver:
|
||||
enabled: false
|
||||
crds: true
|
||||
targetRevision: 0.6.4
|
||||
|
||||
aws-efs-csi-driver:
|
||||
enabled: false
|
||||
targetRevision: 0.4.2
|
||||
|
||||
istio:
|
||||
enabled: false
|
||||
crds: true
|
||||
namespace: istio-system
|
||||
targetRevision: 0.7.2
|
||||
|
||||
istio-ingress:
|
||||
enabled: false
|
||||
namespace: istio-ingress
|
||||
targetRevision: 0.7.2
|
||||
|
||||
metrics:
|
||||
enabled: false
|
||||
crds: true
|
||||
namespace: monitoring
|
||||
targetRevision: 0.4.6
|
||||
istio:
|
||||
grafana: {}
|
||||
prometheus: {}
|
||||
@ -58,12 +63,12 @@ logging:
|
||||
enabled: false
|
||||
crds: true
|
||||
namespace: logging
|
||||
targetRevision: 0.7.6
|
||||
|
||||
argocd:
|
||||
enabled: false
|
||||
crds: true
|
||||
namespace: argocd
|
||||
targetRevision: 0.8.1
|
||||
istio:
|
||||
enabled: false
|
||||
|
||||
argo: {}
|
||||
|
Loading…
Reference in New Issue
Block a user