feat: latest aws-nth and auth, latest 1.24 upgrad flow

This commit is contained in:
Stefan Reimer 2022-12-06 15:56:25 +00:00
parent 4a153ab06f
commit 17ba64f1ee
20 changed files with 134 additions and 72 deletions

View File

@ -35,7 +35,7 @@ gantt
beta :124b, 2022-11-14, 2022-12-31 beta :124b, 2022-11-14, 2022-12-31
release :after 124b, 2023-06-01 release :after 124b, 2023-06-01
section 1.25 section 1.25
beta :125b, 2023-02-01, 2023-02-28 beta :125b, 2023-03-01, 2023-03-31
release :after 125b, 2023-08-01 release :after 125b, 2023-08-01
``` ```
@ -44,7 +44,7 @@ gantt
# Components # Components
## OS ## OS
- all nodes are based on Alpine V3.15 - all nodes are based on Alpine V3.16
- 2 GB encrypted root filesystem - 2 GB encrypted root filesystem
- no 3rd party dependencies at boot ( other than container registries ) - no 3rd party dependencies at boot ( other than container registries )
- minimal attack surface - minimal attack surface

View File

@ -17,6 +17,18 @@ def migrate(values):
deleteKey(values["network"], "calico") deleteKey(values["network"], "calico")
deleteKey(values["network"], "multus") deleteKey(values["network"], "multus")
# ArgoCD helm changes
if "argocd" in values:
if "server" in values["argocd"]:
if not "configs" in values["argocd"]:
values["argocd"]["configs"] = {}
if not "cm" in values["argocd"]["configs"]:
values["argocd"]["configs"]["cm"] = {}
values["argocd"]["configs"]["cm"]["url"] = values["argocd"]["server"]["config"][
"url"
]
deleteKey(values["argocd"], "server")
return values return values

View File

@ -164,6 +164,11 @@ waitSystemPodsRunning
echo "Applying remaining KubeZero modules..." echo "Applying remaining KubeZero modules..."
# delete argocd deployments as various immutable things changed, also redis restart fails otherwise
kubectl delete deployment argocd-redis -n argocd || true
kubectl delete deployment argocd-repo-server -n argocd || true
kubectl delete statefulset argocd-application-controller -n argocd || true
control_plane_upgrade "apply_cert-manager, apply_istio, apply_istio-ingress, apply_istio-private-ingress, apply_logging, apply_metrics, apply_argocd" control_plane_upgrade "apply_cert-manager, apply_istio, apply_istio-ingress, apply_istio-private-ingress, apply_logging, apply_metrics, apply_argocd"
# Final step is to commit the new argocd kubezero app # Final step is to commit the new argocd kubezero app

View File

@ -117,7 +117,7 @@ spec:
containers: containers:
- name: aws-iam-authenticator - name: aws-iam-authenticator
image: public.ecr.aws/zero-downtime/aws-iam-authenticator:v0.5.9 image: public.ecr.aws/zero-downtime/aws-iam-authenticator:v0.5.11
args: args:
- server - server
- --backend-mode=CRD,MountedFile - --backend-mode=CRD,MountedFile

View File

@ -2,7 +2,7 @@ apiVersion: v2
name: kubezero-addons name: kubezero-addons
description: KubeZero umbrella chart for various optional cluster addons description: KubeZero umbrella chart for various optional cluster addons
type: application type: application
version: 0.7.0 version: 0.7.1
appVersion: v1.24 appVersion: v1.24
home: https://kubezero.com home: https://kubezero.com
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
@ -18,7 +18,7 @@ maintainers:
email: stefan@zero-downtime.net email: stefan@zero-downtime.net
dependencies: dependencies:
- name: aws-node-termination-handler - name: aws-node-termination-handler
version: 0.19.3 version: 0.20.0
# repository: https://aws.github.io/eks-charts # repository: https://aws.github.io/eks-charts
condition: aws-node-termination-handler.enabled condition: aws-node-termination-handler.enabled
- name: external-dns - name: external-dns

View File

@ -1,6 +1,6 @@
# kubezero-addons # kubezero-addons
![Version: 0.7.0](https://img.shields.io/badge/Version-0.7.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v1.24](https://img.shields.io/badge/AppVersion-v1.24-informational?style=flat-square) ![Version: 0.7.1](https://img.shields.io/badge/Version-0.7.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v1.24](https://img.shields.io/badge/AppVersion-v1.24-informational?style=flat-square)
KubeZero umbrella chart for various optional cluster addons KubeZero umbrella chart for various optional cluster addons
@ -18,7 +18,7 @@ Kubernetes: `>= 1.24.0`
| Repository | Name | Version | | Repository | Name | Version |
|------------|------|---------| |------------|------|---------|
| | aws-node-termination-handler | 0.19.3 | | | aws-node-termination-handler | 0.20.0 |
| https://kubernetes-sigs.github.io/external-dns/ | external-dns | 1.11.0 | | https://kubernetes-sigs.github.io/external-dns/ | external-dns | 1.11.0 |
| https://kubernetes.github.io/autoscaler | cluster-autoscaler | 9.21.0 | | https://kubernetes.github.io/autoscaler | cluster-autoscaler | 9.21.0 |
| https://nvidia.github.io/k8s-device-plugin | nvidia-device-plugin | 0.12.3 | | https://nvidia.github.io/k8s-device-plugin | nvidia-device-plugin | 0.12.3 |
@ -54,6 +54,7 @@ Device plugin for [AWS Neuron](https://aws.amazon.com/machine-learning/neuron/)
| aws-node-termination-handler.fullnameOverride | string | `"aws-node-termination-handler"` | | | aws-node-termination-handler.fullnameOverride | string | `"aws-node-termination-handler"` | |
| aws-node-termination-handler.ignoreDaemonSets | bool | `true` | | | aws-node-termination-handler.ignoreDaemonSets | bool | `true` | |
| aws-node-termination-handler.jsonLogging | bool | `true` | | | aws-node-termination-handler.jsonLogging | bool | `true` | |
| aws-node-termination-handler.logFormatVersion | int | `2` | |
| aws-node-termination-handler.managedTag | string | `"aws-node-termination-handler/managed"` | "aws-node-termination-handler/${ClusterName}" | | aws-node-termination-handler.managedTag | string | `"aws-node-termination-handler/managed"` | "aws-node-termination-handler/${ClusterName}" |
| aws-node-termination-handler.metadataTries | int | `0` | | | aws-node-termination-handler.metadataTries | int | `0` | |
| aws-node-termination-handler.nodeSelector."node-role.kubernetes.io/control-plane" | string | `""` | | | aws-node-termination-handler.nodeSelector."node-role.kubernetes.io/control-plane" | string | `""` | |
@ -90,18 +91,6 @@ Device plugin for [AWS Neuron](https://aws.amazon.com/machine-learning/neuron/)
| clusterBackup.password | string | `""` | /etc/cloudbender/clusterBackup.passphrase | | clusterBackup.password | string | `""` | /etc/cloudbender/clusterBackup.passphrase |
| clusterBackup.repository | string | `""` | s3:https://s3.amazonaws.com/${CFN[ConfigBucket]}/k8s/${CLUSTERNAME}/clusterBackup | | clusterBackup.repository | string | `""` | s3:https://s3.amazonaws.com/${CFN[ConfigBucket]}/k8s/${CLUSTERNAME}/clusterBackup |
| external-dns.enabled | bool | `false` | | | external-dns.enabled | bool | `false` | |
| external-dns.env[0] | object | `{"name":"AWS_ROLE_ARN","value":""}` | "arn:aws:iam::${AWS::AccountId}:role/${AWS::Region}.${ClusterName}.externalDNS" |
| external-dns.env[1].name | string | `"AWS_WEB_IDENTITY_TOKEN_FILE"` | |
| external-dns.env[1].value | string | `"/var/run/secrets/sts.amazonaws.com/serviceaccount/token"` | |
| external-dns.env[2].name | string | `"AWS_STS_REGIONAL_ENDPOINTS"` | |
| external-dns.env[2].value | string | `"regional"` | |
| external-dns.extraVolumeMounts[0].mountPath | string | `"/var/run/secrets/sts.amazonaws.com/serviceaccount/"` | |
| external-dns.extraVolumeMounts[0].name | string | `"aws-token"` | |
| external-dns.extraVolumeMounts[0].readOnly | bool | `true` | |
| external-dns.extraVolumes[0].name | string | `"aws-token"` | |
| external-dns.extraVolumes[0].projected.sources[0].serviceAccountToken.audience | string | `"sts.amazonaws.com"` | |
| external-dns.extraVolumes[0].projected.sources[0].serviceAccountToken.expirationSeconds | int | `86400` | |
| external-dns.extraVolumes[0].projected.sources[0].serviceAccountToken.path | string | `"token"` | |
| external-dns.interval | string | `"3m"` | | | external-dns.interval | string | `"3m"` | |
| external-dns.nodeSelector."node-role.kubernetes.io/control-plane" | string | `""` | | | external-dns.nodeSelector."node-role.kubernetes.io/control-plane" | string | `""` | |
| external-dns.provider | string | `"inmemory"` | | | external-dns.provider | string | `"inmemory"` | |

View File

@ -1,5 +1,5 @@
apiVersion: v2 apiVersion: v2
appVersion: 1.17.3 appVersion: 1.18.0
description: A Helm chart for the AWS Node Termination Handler. description: A Helm chart for the AWS Node Termination Handler.
home: https://github.com/aws/eks-charts home: https://github.com/aws/eks-charts
icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png
@ -22,4 +22,4 @@ sources:
- https://github.com/aws/aws-node-termination-handler/ - https://github.com/aws/aws-node-termination-handler/
- https://github.com/aws/eks-charts/ - https://github.com/aws/eks-charts/
type: application type: application
version: 0.19.3 version: 0.20.0

View File

@ -70,6 +70,7 @@ The configuration in this table applies to all AWS Node Termination Handler mode
| `extraEnv` | Additional environment variables for the _aws-node-termination-handler_ container. | `[]` | | `extraEnv` | Additional environment variables for the _aws-node-termination-handler_ container. | `[]` |
| `probes` | The Kubernetes liveness probe configuration. | _See values.yaml_ | | `probes` | The Kubernetes liveness probe configuration. | _See values.yaml_ |
| `logLevel` | Sets the log level (`info`,`debug`, or `error`) | `info` | | `logLevel` | Sets the log level (`info`,`debug`, or `error`) | `info` |
| `logFormatVersion` | Sets the log format version. Available versions: 1, 2. Version 1 refers to the format that has been used through v1.17.3. Version 2 offers more detail for the "event kind" and "reason", especially when operating in Queue Processor mode. | `1` |
| `jsonLogging` | If `true`, use JSON-formatted logs instead of human readable logs. | `false` | | `jsonLogging` | If `true`, use JSON-formatted logs instead of human readable logs. | `false` |
| `enablePrometheusServer` | If `true`, start an http server exposing `/metrics` endpoint for _Prometheus_. | `false` | | `enablePrometheusServer` | If `true`, start an http server exposing `/metrics` endpoint for _Prometheus_. | `false` |
| `prometheusServerPort` | Replaces the default HTTP port for exposing _Prometheus_ metrics. | `9092` | | `prometheusServerPort` | Replaces the default HTTP port for exposing _Prometheus_ metrics. | `9092` |

View File

@ -81,6 +81,8 @@ spec:
value: {{ .Values.logLevel | quote }} value: {{ .Values.logLevel | quote }}
- name: JSON_LOGGING - name: JSON_LOGGING
value: {{ .Values.jsonLogging | quote }} value: {{ .Values.jsonLogging | quote }}
- name: LOG_FORMAT_VERSION
value: {{ .Values.logFormatVersion | quote }}
- name: ENABLE_PROMETHEUS_SERVER - name: ENABLE_PROMETHEUS_SERVER
value: {{ .Values.enablePrometheusServer | quote }} value: {{ .Values.enablePrometheusServer | quote }}
- name: PROMETHEUS_SERVER_PORT - name: PROMETHEUS_SERVER_PORT

View File

@ -81,6 +81,8 @@ spec:
value: {{ .Values.logLevel | quote }} value: {{ .Values.logLevel | quote }}
- name: JSON_LOGGING - name: JSON_LOGGING
value: {{ .Values.jsonLogging | quote }} value: {{ .Values.jsonLogging | quote }}
- name: LOG_FORMAT_VERSION
value: {{ .Values.logFormatVersion | quote }}
- name: ENABLE_PROMETHEUS_SERVER - name: ENABLE_PROMETHEUS_SERVER
value: {{ .Values.enablePrometheusServer | quote }} value: {{ .Values.enablePrometheusServer | quote }}
- name: PROMETHEUS_SERVER_PORT - name: PROMETHEUS_SERVER_PORT

View File

@ -78,6 +78,8 @@ spec:
value: {{ .Values.logLevel | quote }} value: {{ .Values.logLevel | quote }}
- name: JSON_LOGGING - name: JSON_LOGGING
value: {{ .Values.jsonLogging | quote }} value: {{ .Values.jsonLogging | quote }}
- name: LOG_FORMAT_VERSION
value: {{ .Values.logFormatVersion | quote }}
- name: ENABLE_PROMETHEUS_SERVER - name: ENABLE_PROMETHEUS_SERVER
value: {{ .Values.enablePrometheusServer | quote }} value: {{ .Values.enablePrometheusServer | quote }}
- name: PROMETHEUS_SERVER_PORT - name: PROMETHEUS_SERVER_PORT

View File

@ -66,6 +66,9 @@ probes:
# Set the log level # Set the log level
logLevel: info logLevel: info
# Set the log format version
logFormatVersion: 1
# Log messages in JSON format # Log messages in JSON format
jsonLogging: false jsonLogging: false

View File

@ -29,9 +29,6 @@ aws-node-termination-handler:
fullnameOverride: "aws-node-termination-handler" fullnameOverride: "aws-node-termination-handler"
#image:
# tag: v1.14.1
# -- "aws-node-termination-handler/${ClusterName}" # -- "aws-node-termination-handler/${ClusterName}"
managedTag: "aws-node-termination-handler/managed" managedTag: "aws-node-termination-handler/managed"
@ -63,6 +60,7 @@ aws-node-termination-handler:
create: false create: false
jsonLogging: true jsonLogging: true
logFormatVersion: 2
tolerations: tolerations:
- key: node-role.kubernetes.io/master - key: node-role.kubernetes.io/master
@ -185,24 +183,3 @@ external-dns:
#- istio-gateway #- istio-gateway
provider: inmemory provider: inmemory
extraVolumes:
- name: aws-token
projected:
sources:
- serviceAccountToken:
path: token
expirationSeconds: 86400
audience: "sts.amazonaws.com"
extraVolumeMounts:
- name: aws-token
mountPath: "/var/run/secrets/sts.amazonaws.com/serviceaccount/"
readOnly: true
env:
# -- "arn:aws:iam::${AWS::AccountId}:role/${AWS::Region}.${ClusterName}.externalDNS"
- name: AWS_ROLE_ARN
value: ""
- name: AWS_WEB_IDENTITY_TOKEN_FILE
value: "/var/run/secrets/sts.amazonaws.com/serviceaccount/token"
- name: AWS_STS_REGIONAL_ENDPOINTS
value: "regional"

View File

@ -2,7 +2,7 @@
![Version: 0.11.1](https://img.shields.io/badge/Version-0.11.1-informational?style=flat-square) ![Version: 0.11.1](https://img.shields.io/badge/Version-0.11.1-informational?style=flat-square)
KubeZero ArgoCD integration, config and branding as well as ArgoCD image-updater KubeZero ArgoCD - config, branding, image-updater (optional)
**Homepage:** <https://kubezero.com> **Homepage:** <https://kubezero.com>
@ -56,7 +56,15 @@ Kubernetes: `>= 1.24.0`
| argo-cd.server.service.servicePortHttpsName | string | `"grpc"` | | | argo-cd.server.service.servicePortHttpsName | string | `"grpc"` | |
| argocd-apps.applications | list | `[]` | | | argocd-apps.applications | list | `[]` | |
| argocd-apps.projects | list | `[]` | | | argocd-apps.projects | list | `[]` | |
| argocd-image-updater.authScripts.enabled | bool | `true` | |
| argocd-image-updater.authScripts.scripts."ecr-login.sh" | string | `"#!/bin/sh\naws ecr --region $AWS_REGION get-authorization-token --output text --query 'authorizationData[].authorizationToken' | base64 -d\n"` | |
| argocd-image-updater.authScripts.scripts."ecr-public-login.sh" | string | `"#!/bin/sh\naws ecr-public --region us-east-1 get-authorization-token --output text --query 'authorizationData.authorizationToken' | base64 -d\n"` | |
| argocd-image-updater.config.argocd.plaintext | bool | `true` | |
| argocd-image-updater.enabled | bool | `false` | | | argocd-image-updater.enabled | bool | `false` | |
| argocd-image-updater.fullnameOverride | string | `"argocd-image-updater"` | |
| argocd-image-updater.metrics.enabled | bool | `false` | |
| argocd-image-updater.metrics.serviceMonitor.enabled | bool | `true` | |
| argocd-image-updater.sshConfig.config | string | `"Host *\n PubkeyAcceptedAlgorithms +ssh-rsa\n HostkeyAlgorithms +ssh-rsa\n"` | |
| istio.enabled | bool | `false` | Deploy Istio VirtualService to expose ArgoCD | | istio.enabled | bool | `false` | Deploy Istio VirtualService to expose ArgoCD |
| istio.gateway | string | `"istio-ingress/ingressgateway"` | Name of the Istio gateway to add the VirtualService to | | istio.gateway | string | `"istio-ingress/ingressgateway"` | Name of the Istio gateway to add the VirtualService to |
| istio.ipBlocks | list | `[]` | | | istio.ipBlocks | list | `[]` | |

View File

@ -1,6 +1,6 @@
# kubezero-ci # kubezero-ci
![Version: 0.5.17](https://img.shields.io/badge/Version-0.5.17-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![Version: 0.5.20](https://img.shields.io/badge/Version-0.5.20-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
KubeZero umbrella chart for all things CI KubeZero umbrella chart for all things CI
@ -20,8 +20,8 @@ Kubernetes: `>= 1.20.0`
|------------|------|---------| |------------|------|---------|
| https://aquasecurity.github.io/helm-charts/ | trivy | 0.4.17 | | https://aquasecurity.github.io/helm-charts/ | trivy | 0.4.17 |
| https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.5 | | https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.5 |
| https://charts.jenkins.io | jenkins | 4.2.10 | | https://charts.jenkins.io | jenkins | 4.2.13 |
| https://dl.gitea.io/charts/ | gitea | 5.0.9 | | https://dl.gitea.io/charts/ | gitea | 6.0.3 |
| https://gocd.github.io/helm-chart | gocd | 1.40.8 | | https://gocd.github.io/helm-chart | gocd | 1.40.8 |
# Jenkins # Jenkins
@ -54,7 +54,7 @@ Kubernetes: `>= 1.20.0`
| gitea.gitea.metrics.enabled | bool | `false` | | | gitea.gitea.metrics.enabled | bool | `false` | |
| gitea.gitea.metrics.serviceMonitor.enabled | bool | `false` | | | gitea.gitea.metrics.serviceMonitor.enabled | bool | `false` | |
| gitea.image.rootless | bool | `true` | | | gitea.image.rootless | bool | `true` | |
| gitea.image.tag | string | `"1.17.1"` | | | gitea.image.tag | string | `"1.17.3"` | |
| gitea.istio.enabled | bool | `false` | | | gitea.istio.enabled | bool | `false` | |
| gitea.istio.gateway | string | `"istio-ingress/private-ingressgateway"` | | | gitea.istio.gateway | string | `"istio-ingress/private-ingressgateway"` | |
| gitea.istio.url | string | `"git.example.com"` | | | gitea.istio.url | string | `"git.example.com"` | |
@ -85,7 +85,7 @@ Kubernetes: `>= 1.20.0`
| jenkins.agent.resources.requests.cpu | string | `"512m"` | | | jenkins.agent.resources.requests.cpu | string | `"512m"` | |
| jenkins.agent.resources.requests.memory | string | `"1024Mi"` | | | jenkins.agent.resources.requests.memory | string | `"1024Mi"` | |
| jenkins.agent.showRawYaml | bool | `false` | | | jenkins.agent.showRawYaml | bool | `false` | |
| jenkins.agent.tag | string | `"v0.4.0"` | | | jenkins.agent.tag | string | `"v0.4.1"` | |
| jenkins.agent.yamlMergeStrategy | string | `"merge"` | | | jenkins.agent.yamlMergeStrategy | string | `"merge"` | |
| jenkins.agent.yamlTemplate | string | `"apiVersion: v1\nkind: Pod\nspec:\n securityContext:\n fsGroup: 1000\n serviceAccountName: jenkins-podman-aws\n containers:\n - name: jnlp\n resources:\n limits:\n github.com/fuse: 1\n volumeMounts:\n - name: aws-token\n mountPath: \"/var/run/secrets/sts.amazonaws.com/serviceaccount/\"\n readOnly: true\n - name: host-registries-conf\n mountPath: \"/home/jenkins/.config/containers/registries.conf\"\n readOnly: true\n volumes:\n - name: aws-token\n projected:\n sources:\n - serviceAccountToken:\n path: token\n expirationSeconds: 86400\n audience: \"sts.amazonaws.com\"\n - name: host-registries-conf\n hostPath:\n path: /etc/containers/registries.conf\n type: File"` | | | jenkins.agent.yamlTemplate | string | `"apiVersion: v1\nkind: Pod\nspec:\n securityContext:\n fsGroup: 1000\n serviceAccountName: jenkins-podman-aws\n containers:\n - name: jnlp\n resources:\n limits:\n github.com/fuse: 1\n volumeMounts:\n - name: aws-token\n mountPath: \"/var/run/secrets/sts.amazonaws.com/serviceaccount/\"\n readOnly: true\n - name: host-registries-conf\n mountPath: \"/home/jenkins/.config/containers/registries.conf\"\n readOnly: true\n volumes:\n - name: aws-token\n projected:\n sources:\n - serviceAccountToken:\n path: token\n expirationSeconds: 86400\n audience: \"sts.amazonaws.com\"\n - name: host-registries-conf\n hostPath:\n path: /etc/containers/registries.conf\n type: File"` | |
| jenkins.controller.JCasC.configScripts.zdt-settings | string | `"jenkins:\n noUsageStatistics: true\n disabledAdministrativeMonitors:\n - \"jenkins.security.ResourceDomainRecommendation\"\nunclassified:\n buildDiscarders:\n configuredBuildDiscarders:\n - \"jobBuildDiscarder\"\n - defaultBuildDiscarder:\n discarder:\n logRotator:\n artifactDaysToKeepStr: \"32\"\n artifactNumToKeepStr: \"10\"\n daysToKeepStr: \"100\"\n numToKeepStr: \"10\"\n"` | | | jenkins.controller.JCasC.configScripts.zdt-settings | string | `"jenkins:\n noUsageStatistics: true\n disabledAdministrativeMonitors:\n - \"jenkins.security.ResourceDomainRecommendation\"\nunclassified:\n buildDiscarders:\n configuredBuildDiscarders:\n - \"jobBuildDiscarder\"\n - defaultBuildDiscarder:\n discarder:\n logRotator:\n artifactDaysToKeepStr: \"32\"\n artifactNumToKeepStr: \"10\"\n daysToKeepStr: \"100\"\n numToKeepStr: \"10\"\n"` | |
@ -97,9 +97,9 @@ Kubernetes: `>= 1.20.0`
| jenkins.controller.initContainerResources.requests.memory | string | `"256Mi"` | | | jenkins.controller.initContainerResources.requests.memory | string | `"256Mi"` | |
| jenkins.controller.installPlugins[0] | string | `"kubernetes:3734.v562b_b_a_627ea_c"` | | | jenkins.controller.installPlugins[0] | string | `"kubernetes:3734.v562b_b_a_627ea_c"` | |
| jenkins.controller.installPlugins[1] | string | `"workflow-aggregator:581.v0c46fa_697ffd"` | | | jenkins.controller.installPlugins[1] | string | `"workflow-aggregator:581.v0c46fa_697ffd"` | |
| jenkins.controller.installPlugins[2] | string | `"git:4.13.0"` | | | jenkins.controller.installPlugins[2] | string | `"git:4.14.1"` | |
| jenkins.controller.installPlugins[3] | string | `"configuration-as-code:1569.vb_72405b_80249"` | | | jenkins.controller.installPlugins[3] | string | `"configuration-as-code:1569.vb_72405b_80249"` | |
| jenkins.controller.installPlugins[4] | string | `"antisamy-markup-formatter:2.7"` | | | jenkins.controller.installPlugins[4] | string | `"antisamy-markup-formatter:155.v795fb_8702324"` | |
| jenkins.controller.installPlugins[5] | string | `"prometheus:2.0.11"` | | | jenkins.controller.installPlugins[5] | string | `"prometheus:2.0.11"` | |
| jenkins.controller.installPlugins[6] | string | `"htmlpublisher:1.31"` | | | jenkins.controller.installPlugins[6] | string | `"htmlpublisher:1.31"` | |
| jenkins.controller.installPlugins[7] | string | `"build-discarder:139.v05696a_7fe240"` | | | jenkins.controller.installPlugins[7] | string | `"build-discarder:139.v05696a_7fe240"` | |
@ -129,7 +129,7 @@ Kubernetes: `>= 1.20.0`
| jenkins.serviceAccountAgent.create | bool | `true` | | | jenkins.serviceAccountAgent.create | bool | `true` | |
| jenkins.serviceAccountAgent.name | string | `"jenkins-podman-aws"` | | | jenkins.serviceAccountAgent.name | string | `"jenkins-podman-aws"` | |
| trivy.enabled | bool | `false` | | | trivy.enabled | bool | `false` | |
| trivy.image.tag | string | `"0.34.0"` | |
| trivy.persistence.enabled | bool | `true` | | | trivy.persistence.enabled | bool | `true` | |
| trivy.persistence.size | string | `"1Gi"` | | | trivy.persistence.size | string | `"1Gi"` | |
| trivy.rbac.create | bool | `false` | | | trivy.rbac.create | bool | `false` | |
| trivy.rbac.pspEnabled | bool | `false` | |

View File

@ -1,6 +1,6 @@
# kubezero-mq # kubezero-mq
![Version: 0.3.0](https://img.shields.io/badge/Version-0.3.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![Version: 0.3.3](https://img.shields.io/badge/Version-0.3.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
KubeZero umbrella chart for MQ systems like NATS, RabbitMQ KubeZero umbrella chart for MQ systems like NATS, RabbitMQ
@ -20,7 +20,8 @@ Kubernetes: `>= 1.20.0`
|------------|------|---------| |------------|------|---------|
| | nats | 0.8.4 | | | nats | 0.8.4 |
| https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.5 | | https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.5 |
| https://charts.bitnami.com/bitnami | rabbitmq | 11.1.1 | | https://charts.bitnami.com/bitnami | rabbitmq | 11.1.5 |
| https://charts.bitnami.com/bitnami | rabbitmq-cluster-operator | 3.1.4 |
## Values ## Values
@ -34,20 +35,30 @@ Kubernetes: `>= 1.20.0`
| nats.nats.advertise | bool | `false` | | | nats.nats.advertise | bool | `false` | |
| nats.nats.jetstream.enabled | bool | `true` | | | nats.nats.jetstream.enabled | bool | `true` | |
| nats.natsbox.enabled | bool | `false` | | | nats.natsbox.enabled | bool | `false` | |
| rabbitmq-cluster-operator.clusterOperator.metrics.enabled | bool | `false` | |
| rabbitmq-cluster-operator.clusterOperator.metrics.serviceMonitor.enabled | bool | `true` | |
| rabbitmq-cluster-operator.enabled | bool | `false` | |
| rabbitmq-cluster-operator.msgTopologyOperator.metrics.enabled | bool | `false` | |
| rabbitmq-cluster-operator.msgTopologyOperator.metrics.serviceMonitor.enabled | bool | `true` | |
| rabbitmq-cluster-operator.rabbitmqImage.tag | string | `"3.11.4-debian-11-r0"` | |
| rabbitmq-cluster-operator.useCertManager | bool | `true` | |
| rabbitmq.auth.existingErlangSecret | string | `"rabbitmq"` | | | rabbitmq.auth.existingErlangSecret | string | `"rabbitmq"` | |
| rabbitmq.auth.existingPasswordSecret | string | `"rabbitmq"` | | | rabbitmq.auth.existingPasswordSecret | string | `"rabbitmq"` | |
| rabbitmq.auth.tls.enabled | bool | `false` | | | rabbitmq.auth.tls.enabled | bool | `false` | |
| rabbitmq.auth.tls.existingSecret | string | `"rabbitmq-server-certificate"` | | | rabbitmq.auth.tls.existingSecret | string | `"rabbitmq-server-certificate"` | |
| rabbitmq.auth.tls.existingSecretFullChain | bool | `true` | | | rabbitmq.auth.tls.existingSecretFullChain | bool | `true` | |
| rabbitmq.auth.tls.failIfNoPeerCert | bool | `false` | | | rabbitmq.auth.tls.failIfNoPeerCert | bool | `false` | |
| rabbitmq.clustering.forceBoot | bool | `true` | | | rabbitmq.clustering.enabled | bool | `false` | |
| rabbitmq.clustering.forceBoot | bool | `false` | |
| rabbitmq.enabled | bool | `false` | | | rabbitmq.enabled | bool | `false` | |
| rabbitmq.hosts | list | `[]` | hostnames of rabbitmq services, used for Istio and TLS | | rabbitmq.hosts | list | `[]` | hostnames of rabbitmq services, used for Istio and TLS |
| rabbitmq.istio.enabled | bool | `false` | | | rabbitmq.istio.enabled | bool | `false` | |
| rabbitmq.istio.gateway | string | `"istio-ingress/private-ingressgateway"` | | | rabbitmq.istio.gateway | string | `"istio-ingress/private-ingressgateway"` | |
| rabbitmq.istio.mqtts | bool | `false` | |
| rabbitmq.metrics.enabled | bool | `false` | | | rabbitmq.metrics.enabled | bool | `false` | |
| rabbitmq.metrics.serviceMonitor.enabled | bool | `false` | | | rabbitmq.metrics.serviceMonitor.enabled | bool | `true` | |
| rabbitmq.pdb.create | bool | `true` | | | rabbitmq.pdb.create | bool | `false` | |
| rabbitmq.persistence.size | string | `"2Gi"` | |
| rabbitmq.podAntiAffinityPreset | string | `""` | | | rabbitmq.podAntiAffinityPreset | string | `""` | |
| rabbitmq.replicaCount | int | `1` | | | rabbitmq.replicaCount | int | `1` | |
| rabbitmq.resources.requests.cpu | string | `"100m"` | | | rabbitmq.resources.requests.cpu | string | `"100m"` | |

View File

@ -30,11 +30,12 @@ Kubernetes: `>= 1.24.0`
| addons.enabled | bool | `true` | | | addons.enabled | bool | `true` | |
| addons.external-dns.enabled | bool | `false` | | | addons.external-dns.enabled | bool | `false` | |
| addons.forseti.enabled | bool | `false` | | | addons.forseti.enabled | bool | `false` | |
| addons.targetRevision | string | `"0.7.0"` | | | addons.targetRevision | string | `"0.7.1"` | |
| argocd.argocd-image-updater.enabled | bool | `false` | |
| argocd.enabled | bool | `false` | | | argocd.enabled | bool | `false` | |
| argocd.istio.enabled | bool | `false` | | | argocd.istio.enabled | bool | `false` | |
| argocd.namespace | string | `"argocd"` | | | argocd.namespace | string | `"argocd"` | |
| argocd.targetRevision | string | `"0.10.2"` | | | argocd.targetRevision | string | `"0.11.1"` | |
| cert-manager.enabled | bool | `false` | | | cert-manager.enabled | bool | `false` | |
| cert-manager.namespace | string | `"cert-manager"` | | | cert-manager.namespace | string | `"cert-manager"` | |
| cert-manager.targetRevision | string | `"0.9.3"` | | | cert-manager.targetRevision | string | `"0.9.3"` | |

View File

@ -77,6 +77,18 @@ external-dns:
value: "regional" value: "regional"
- name: METADATA_TRIES - name: METADATA_TRIES
value: "0" value: "0"
extraVolumes:
- name: aws-token
projected:
sources:
- serviceAccountToken:
path: token
expirationSeconds: 86400
audience: "sts.amazonaws.com"
extraVolumeMounts:
- name: aws-token
mountPath: "/var/run/secrets/sts.amazonaws.com/serviceaccount/"
readOnly: true
{{- end }} {{- end }}
cluster-autoscaler: cluster-autoscaler:

View File

@ -1,6 +1,11 @@
{{- define "argocd-values" }} {{- define "argocd-values" }}
argo-cd: argo-cd:
{{- with index .Values "argocd" "configs" }}
configs:
{{- toYaml . | nindent 4 }}
{{- end }}
controller: controller:
metrics: metrics:
enabled: {{ .Values.metrics.enabled }} enabled: {{ .Values.metrics.enabled }}
@ -10,10 +15,9 @@ argo-cd:
server: server:
metrics: metrics:
enabled: {{ .Values.metrics.enabled }} enabled: {{ .Values.metrics.enabled }}
{{- with index .Values "argocd" "server" }}
{{- toYaml . | nindent 4 }} argocd-apps:
{{- end }} projects:
additionalProjects:
- name: kubezero - name: kubezero
namespace: argocd namespace: argocd
description: KubeZero - ZeroDownTime Kubernetes Platform description: KubeZero - ZeroDownTime Kubernetes Platform
@ -28,7 +32,7 @@ argo-cd:
clusterResourceWhitelist: clusterResourceWhitelist:
- group: '*' - group: '*'
kind: '*' kind: '*'
additionalApplications: applications:
- name: kubezero-git-sync - name: kubezero-git-sync
namespace: argocd namespace: argocd
project: kubezero project: kubezero
@ -47,13 +51,44 @@ argo-cd:
{{- with .Values.kubezero.syncPolicy }} {{- with .Values.kubezero.syncPolicy }}
syncPolicy: syncPolicy:
{{- toYaml . | nindent 8 }} {{- toYaml . | nindent 8 }}
{{- end }} {{- end }}
{{- with index .Values "argocd" "configs" }} argocd-image-updater:
configs: enabled: {{ default "false" (index .Values "argocd" "argocd-image-updater" "enabled") }}
{{- toYaml . | nindent 4 }}
{{- with omit (index .Values "argocd" "argocd-image-updater") "enabled" }}
{{- toYaml . | nindent 2 }}
{{- end }} {{- end }}
{{- if .Values.global.aws }}
extraEnv:
- name: AWS_ROLE_ARN
value: "arn:aws:iam::{{ .Values.global.aws.accountId }}:role/{{ .Values.global.aws.region }}.{{ .Values.global.clusterName }}.argocd-image-updater"
- name: AWS_WEB_IDENTITY_TOKEN_FILE
value: "/var/run/secrets/sts.amazonaws.com/serviceaccount/token"
- name: AWS_STS_REGIONAL_ENDPOINTS
value: "regional"
- name: METADATA_TRIES
value: "0"
- name: AWS_REGION
value: {{ .Values.global.aws.region }}
volumes:
- name: aws-token
projected:
sources:
- serviceAccountToken:
path: token
expirationSeconds: 86400
audience: "sts.amazonaws.com"
volumeMounts:
- name: aws-token
mountPath: "/var/run/secrets/sts.amazonaws.com/serviceaccount/"
readOnly: true
{{- end }}
metrics:
enabled: {{ .Values.metrics.enabled }}
{{- if and ( index .Values "argocd" "istio" "enabled" ) .Values.istio.enabled }} {{- if and ( index .Values "argocd" "istio" "enabled" ) .Values.istio.enabled }}
istio: istio:
{{- with index .Values "argocd" "istio" }} {{- with index .Values "argocd" "istio" }}

View File

@ -10,7 +10,7 @@ global:
addons: addons:
enabled: true enabled: true
targetRevision: 0.7.0 targetRevision: 0.7.1
external-dns: external-dns:
enabled: false enabled: false
forseti: forseti:
@ -79,6 +79,8 @@ logging:
argocd: argocd:
enabled: false enabled: false
namespace: argocd namespace: argocd
targetRevision: 0.10.2 targetRevision: 0.11.1
argocd-image-updater:
enabled: false
istio: istio:
enabled: false enabled: false