feat: latest aws-nth and auth, latest 1.24 upgrad flow
This commit is contained in:
parent
4a153ab06f
commit
17ba64f1ee
@ -35,7 +35,7 @@ gantt
|
|||||||
beta :124b, 2022-11-14, 2022-12-31
|
beta :124b, 2022-11-14, 2022-12-31
|
||||||
release :after 124b, 2023-06-01
|
release :after 124b, 2023-06-01
|
||||||
section 1.25
|
section 1.25
|
||||||
beta :125b, 2023-02-01, 2023-02-28
|
beta :125b, 2023-03-01, 2023-03-31
|
||||||
release :after 125b, 2023-08-01
|
release :after 125b, 2023-08-01
|
||||||
```
|
```
|
||||||
|
|
||||||
@ -44,7 +44,7 @@ gantt
|
|||||||
# Components
|
# Components
|
||||||
|
|
||||||
## OS
|
## OS
|
||||||
- all nodes are based on Alpine V3.15
|
- all nodes are based on Alpine V3.16
|
||||||
- 2 GB encrypted root filesystem
|
- 2 GB encrypted root filesystem
|
||||||
- no 3rd party dependencies at boot ( other than container registries )
|
- no 3rd party dependencies at boot ( other than container registries )
|
||||||
- minimal attack surface
|
- minimal attack surface
|
||||||
|
@ -17,6 +17,18 @@ def migrate(values):
|
|||||||
deleteKey(values["network"], "calico")
|
deleteKey(values["network"], "calico")
|
||||||
deleteKey(values["network"], "multus")
|
deleteKey(values["network"], "multus")
|
||||||
|
|
||||||
|
# ArgoCD helm changes
|
||||||
|
if "argocd" in values:
|
||||||
|
if "server" in values["argocd"]:
|
||||||
|
if not "configs" in values["argocd"]:
|
||||||
|
values["argocd"]["configs"] = {}
|
||||||
|
if not "cm" in values["argocd"]["configs"]:
|
||||||
|
values["argocd"]["configs"]["cm"] = {}
|
||||||
|
values["argocd"]["configs"]["cm"]["url"] = values["argocd"]["server"]["config"][
|
||||||
|
"url"
|
||||||
|
]
|
||||||
|
deleteKey(values["argocd"], "server")
|
||||||
|
|
||||||
return values
|
return values
|
||||||
|
|
||||||
|
|
||||||
|
@ -164,6 +164,11 @@ waitSystemPodsRunning
|
|||||||
|
|
||||||
echo "Applying remaining KubeZero modules..."
|
echo "Applying remaining KubeZero modules..."
|
||||||
|
|
||||||
|
# delete argocd deployments as various immutable things changed, also redis restart fails otherwise
|
||||||
|
kubectl delete deployment argocd-redis -n argocd || true
|
||||||
|
kubectl delete deployment argocd-repo-server -n argocd || true
|
||||||
|
kubectl delete statefulset argocd-application-controller -n argocd || true
|
||||||
|
|
||||||
control_plane_upgrade "apply_cert-manager, apply_istio, apply_istio-ingress, apply_istio-private-ingress, apply_logging, apply_metrics, apply_argocd"
|
control_plane_upgrade "apply_cert-manager, apply_istio, apply_istio-ingress, apply_istio-private-ingress, apply_logging, apply_metrics, apply_argocd"
|
||||||
|
|
||||||
# Final step is to commit the new argocd kubezero app
|
# Final step is to commit the new argocd kubezero app
|
||||||
|
@ -117,7 +117,7 @@ spec:
|
|||||||
|
|
||||||
containers:
|
containers:
|
||||||
- name: aws-iam-authenticator
|
- name: aws-iam-authenticator
|
||||||
image: public.ecr.aws/zero-downtime/aws-iam-authenticator:v0.5.9
|
image: public.ecr.aws/zero-downtime/aws-iam-authenticator:v0.5.11
|
||||||
args:
|
args:
|
||||||
- server
|
- server
|
||||||
- --backend-mode=CRD,MountedFile
|
- --backend-mode=CRD,MountedFile
|
||||||
|
@ -2,7 +2,7 @@ apiVersion: v2
|
|||||||
name: kubezero-addons
|
name: kubezero-addons
|
||||||
description: KubeZero umbrella chart for various optional cluster addons
|
description: KubeZero umbrella chart for various optional cluster addons
|
||||||
type: application
|
type: application
|
||||||
version: 0.7.0
|
version: 0.7.1
|
||||||
appVersion: v1.24
|
appVersion: v1.24
|
||||||
home: https://kubezero.com
|
home: https://kubezero.com
|
||||||
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
||||||
@ -18,7 +18,7 @@ maintainers:
|
|||||||
email: stefan@zero-downtime.net
|
email: stefan@zero-downtime.net
|
||||||
dependencies:
|
dependencies:
|
||||||
- name: aws-node-termination-handler
|
- name: aws-node-termination-handler
|
||||||
version: 0.19.3
|
version: 0.20.0
|
||||||
# repository: https://aws.github.io/eks-charts
|
# repository: https://aws.github.io/eks-charts
|
||||||
condition: aws-node-termination-handler.enabled
|
condition: aws-node-termination-handler.enabled
|
||||||
- name: external-dns
|
- name: external-dns
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
# kubezero-addons
|
# kubezero-addons
|
||||||
|
|
||||||
![Version: 0.7.0](https://img.shields.io/badge/Version-0.7.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v1.24](https://img.shields.io/badge/AppVersion-v1.24-informational?style=flat-square)
|
![Version: 0.7.1](https://img.shields.io/badge/Version-0.7.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v1.24](https://img.shields.io/badge/AppVersion-v1.24-informational?style=flat-square)
|
||||||
|
|
||||||
KubeZero umbrella chart for various optional cluster addons
|
KubeZero umbrella chart for various optional cluster addons
|
||||||
|
|
||||||
@ -18,7 +18,7 @@ Kubernetes: `>= 1.24.0`
|
|||||||
|
|
||||||
| Repository | Name | Version |
|
| Repository | Name | Version |
|
||||||
|------------|------|---------|
|
|------------|------|---------|
|
||||||
| | aws-node-termination-handler | 0.19.3 |
|
| | aws-node-termination-handler | 0.20.0 |
|
||||||
| https://kubernetes-sigs.github.io/external-dns/ | external-dns | 1.11.0 |
|
| https://kubernetes-sigs.github.io/external-dns/ | external-dns | 1.11.0 |
|
||||||
| https://kubernetes.github.io/autoscaler | cluster-autoscaler | 9.21.0 |
|
| https://kubernetes.github.io/autoscaler | cluster-autoscaler | 9.21.0 |
|
||||||
| https://nvidia.github.io/k8s-device-plugin | nvidia-device-plugin | 0.12.3 |
|
| https://nvidia.github.io/k8s-device-plugin | nvidia-device-plugin | 0.12.3 |
|
||||||
@ -54,6 +54,7 @@ Device plugin for [AWS Neuron](https://aws.amazon.com/machine-learning/neuron/)
|
|||||||
| aws-node-termination-handler.fullnameOverride | string | `"aws-node-termination-handler"` | |
|
| aws-node-termination-handler.fullnameOverride | string | `"aws-node-termination-handler"` | |
|
||||||
| aws-node-termination-handler.ignoreDaemonSets | bool | `true` | |
|
| aws-node-termination-handler.ignoreDaemonSets | bool | `true` | |
|
||||||
| aws-node-termination-handler.jsonLogging | bool | `true` | |
|
| aws-node-termination-handler.jsonLogging | bool | `true` | |
|
||||||
|
| aws-node-termination-handler.logFormatVersion | int | `2` | |
|
||||||
| aws-node-termination-handler.managedTag | string | `"aws-node-termination-handler/managed"` | "aws-node-termination-handler/${ClusterName}" |
|
| aws-node-termination-handler.managedTag | string | `"aws-node-termination-handler/managed"` | "aws-node-termination-handler/${ClusterName}" |
|
||||||
| aws-node-termination-handler.metadataTries | int | `0` | |
|
| aws-node-termination-handler.metadataTries | int | `0` | |
|
||||||
| aws-node-termination-handler.nodeSelector."node-role.kubernetes.io/control-plane" | string | `""` | |
|
| aws-node-termination-handler.nodeSelector."node-role.kubernetes.io/control-plane" | string | `""` | |
|
||||||
@ -90,18 +91,6 @@ Device plugin for [AWS Neuron](https://aws.amazon.com/machine-learning/neuron/)
|
|||||||
| clusterBackup.password | string | `""` | /etc/cloudbender/clusterBackup.passphrase |
|
| clusterBackup.password | string | `""` | /etc/cloudbender/clusterBackup.passphrase |
|
||||||
| clusterBackup.repository | string | `""` | s3:https://s3.amazonaws.com/${CFN[ConfigBucket]}/k8s/${CLUSTERNAME}/clusterBackup |
|
| clusterBackup.repository | string | `""` | s3:https://s3.amazonaws.com/${CFN[ConfigBucket]}/k8s/${CLUSTERNAME}/clusterBackup |
|
||||||
| external-dns.enabled | bool | `false` | |
|
| external-dns.enabled | bool | `false` | |
|
||||||
| external-dns.env[0] | object | `{"name":"AWS_ROLE_ARN","value":""}` | "arn:aws:iam::${AWS::AccountId}:role/${AWS::Region}.${ClusterName}.externalDNS" |
|
|
||||||
| external-dns.env[1].name | string | `"AWS_WEB_IDENTITY_TOKEN_FILE"` | |
|
|
||||||
| external-dns.env[1].value | string | `"/var/run/secrets/sts.amazonaws.com/serviceaccount/token"` | |
|
|
||||||
| external-dns.env[2].name | string | `"AWS_STS_REGIONAL_ENDPOINTS"` | |
|
|
||||||
| external-dns.env[2].value | string | `"regional"` | |
|
|
||||||
| external-dns.extraVolumeMounts[0].mountPath | string | `"/var/run/secrets/sts.amazonaws.com/serviceaccount/"` | |
|
|
||||||
| external-dns.extraVolumeMounts[0].name | string | `"aws-token"` | |
|
|
||||||
| external-dns.extraVolumeMounts[0].readOnly | bool | `true` | |
|
|
||||||
| external-dns.extraVolumes[0].name | string | `"aws-token"` | |
|
|
||||||
| external-dns.extraVolumes[0].projected.sources[0].serviceAccountToken.audience | string | `"sts.amazonaws.com"` | |
|
|
||||||
| external-dns.extraVolumes[0].projected.sources[0].serviceAccountToken.expirationSeconds | int | `86400` | |
|
|
||||||
| external-dns.extraVolumes[0].projected.sources[0].serviceAccountToken.path | string | `"token"` | |
|
|
||||||
| external-dns.interval | string | `"3m"` | |
|
| external-dns.interval | string | `"3m"` | |
|
||||||
| external-dns.nodeSelector."node-role.kubernetes.io/control-plane" | string | `""` | |
|
| external-dns.nodeSelector."node-role.kubernetes.io/control-plane" | string | `""` | |
|
||||||
| external-dns.provider | string | `"inmemory"` | |
|
| external-dns.provider | string | `"inmemory"` | |
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
apiVersion: v2
|
apiVersion: v2
|
||||||
appVersion: 1.17.3
|
appVersion: 1.18.0
|
||||||
description: A Helm chart for the AWS Node Termination Handler.
|
description: A Helm chart for the AWS Node Termination Handler.
|
||||||
home: https://github.com/aws/eks-charts
|
home: https://github.com/aws/eks-charts
|
||||||
icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png
|
icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png
|
||||||
@ -22,4 +22,4 @@ sources:
|
|||||||
- https://github.com/aws/aws-node-termination-handler/
|
- https://github.com/aws/aws-node-termination-handler/
|
||||||
- https://github.com/aws/eks-charts/
|
- https://github.com/aws/eks-charts/
|
||||||
type: application
|
type: application
|
||||||
version: 0.19.3
|
version: 0.20.0
|
||||||
|
@ -70,6 +70,7 @@ The configuration in this table applies to all AWS Node Termination Handler mode
|
|||||||
| `extraEnv` | Additional environment variables for the _aws-node-termination-handler_ container. | `[]` |
|
| `extraEnv` | Additional environment variables for the _aws-node-termination-handler_ container. | `[]` |
|
||||||
| `probes` | The Kubernetes liveness probe configuration. | _See values.yaml_ |
|
| `probes` | The Kubernetes liveness probe configuration. | _See values.yaml_ |
|
||||||
| `logLevel` | Sets the log level (`info`,`debug`, or `error`) | `info` |
|
| `logLevel` | Sets the log level (`info`,`debug`, or `error`) | `info` |
|
||||||
|
| `logFormatVersion` | Sets the log format version. Available versions: 1, 2. Version 1 refers to the format that has been used through v1.17.3. Version 2 offers more detail for the "event kind" and "reason", especially when operating in Queue Processor mode. | `1` |
|
||||||
| `jsonLogging` | If `true`, use JSON-formatted logs instead of human readable logs. | `false` |
|
| `jsonLogging` | If `true`, use JSON-formatted logs instead of human readable logs. | `false` |
|
||||||
| `enablePrometheusServer` | If `true`, start an http server exposing `/metrics` endpoint for _Prometheus_. | `false` |
|
| `enablePrometheusServer` | If `true`, start an http server exposing `/metrics` endpoint for _Prometheus_. | `false` |
|
||||||
| `prometheusServerPort` | Replaces the default HTTP port for exposing _Prometheus_ metrics. | `9092` |
|
| `prometheusServerPort` | Replaces the default HTTP port for exposing _Prometheus_ metrics. | `9092` |
|
||||||
|
@ -81,6 +81,8 @@ spec:
|
|||||||
value: {{ .Values.logLevel | quote }}
|
value: {{ .Values.logLevel | quote }}
|
||||||
- name: JSON_LOGGING
|
- name: JSON_LOGGING
|
||||||
value: {{ .Values.jsonLogging | quote }}
|
value: {{ .Values.jsonLogging | quote }}
|
||||||
|
- name: LOG_FORMAT_VERSION
|
||||||
|
value: {{ .Values.logFormatVersion | quote }}
|
||||||
- name: ENABLE_PROMETHEUS_SERVER
|
- name: ENABLE_PROMETHEUS_SERVER
|
||||||
value: {{ .Values.enablePrometheusServer | quote }}
|
value: {{ .Values.enablePrometheusServer | quote }}
|
||||||
- name: PROMETHEUS_SERVER_PORT
|
- name: PROMETHEUS_SERVER_PORT
|
||||||
|
@ -81,6 +81,8 @@ spec:
|
|||||||
value: {{ .Values.logLevel | quote }}
|
value: {{ .Values.logLevel | quote }}
|
||||||
- name: JSON_LOGGING
|
- name: JSON_LOGGING
|
||||||
value: {{ .Values.jsonLogging | quote }}
|
value: {{ .Values.jsonLogging | quote }}
|
||||||
|
- name: LOG_FORMAT_VERSION
|
||||||
|
value: {{ .Values.logFormatVersion | quote }}
|
||||||
- name: ENABLE_PROMETHEUS_SERVER
|
- name: ENABLE_PROMETHEUS_SERVER
|
||||||
value: {{ .Values.enablePrometheusServer | quote }}
|
value: {{ .Values.enablePrometheusServer | quote }}
|
||||||
- name: PROMETHEUS_SERVER_PORT
|
- name: PROMETHEUS_SERVER_PORT
|
||||||
|
@ -78,6 +78,8 @@ spec:
|
|||||||
value: {{ .Values.logLevel | quote }}
|
value: {{ .Values.logLevel | quote }}
|
||||||
- name: JSON_LOGGING
|
- name: JSON_LOGGING
|
||||||
value: {{ .Values.jsonLogging | quote }}
|
value: {{ .Values.jsonLogging | quote }}
|
||||||
|
- name: LOG_FORMAT_VERSION
|
||||||
|
value: {{ .Values.logFormatVersion | quote }}
|
||||||
- name: ENABLE_PROMETHEUS_SERVER
|
- name: ENABLE_PROMETHEUS_SERVER
|
||||||
value: {{ .Values.enablePrometheusServer | quote }}
|
value: {{ .Values.enablePrometheusServer | quote }}
|
||||||
- name: PROMETHEUS_SERVER_PORT
|
- name: PROMETHEUS_SERVER_PORT
|
||||||
|
@ -66,6 +66,9 @@ probes:
|
|||||||
# Set the log level
|
# Set the log level
|
||||||
logLevel: info
|
logLevel: info
|
||||||
|
|
||||||
|
# Set the log format version
|
||||||
|
logFormatVersion: 1
|
||||||
|
|
||||||
# Log messages in JSON format
|
# Log messages in JSON format
|
||||||
jsonLogging: false
|
jsonLogging: false
|
||||||
|
|
||||||
|
@ -29,9 +29,6 @@ aws-node-termination-handler:
|
|||||||
|
|
||||||
fullnameOverride: "aws-node-termination-handler"
|
fullnameOverride: "aws-node-termination-handler"
|
||||||
|
|
||||||
#image:
|
|
||||||
# tag: v1.14.1
|
|
||||||
|
|
||||||
# -- "aws-node-termination-handler/${ClusterName}"
|
# -- "aws-node-termination-handler/${ClusterName}"
|
||||||
managedTag: "aws-node-termination-handler/managed"
|
managedTag: "aws-node-termination-handler/managed"
|
||||||
|
|
||||||
@ -63,6 +60,7 @@ aws-node-termination-handler:
|
|||||||
create: false
|
create: false
|
||||||
|
|
||||||
jsonLogging: true
|
jsonLogging: true
|
||||||
|
logFormatVersion: 2
|
||||||
|
|
||||||
tolerations:
|
tolerations:
|
||||||
- key: node-role.kubernetes.io/master
|
- key: node-role.kubernetes.io/master
|
||||||
@ -185,24 +183,3 @@ external-dns:
|
|||||||
#- istio-gateway
|
#- istio-gateway
|
||||||
|
|
||||||
provider: inmemory
|
provider: inmemory
|
||||||
|
|
||||||
extraVolumes:
|
|
||||||
- name: aws-token
|
|
||||||
projected:
|
|
||||||
sources:
|
|
||||||
- serviceAccountToken:
|
|
||||||
path: token
|
|
||||||
expirationSeconds: 86400
|
|
||||||
audience: "sts.amazonaws.com"
|
|
||||||
extraVolumeMounts:
|
|
||||||
- name: aws-token
|
|
||||||
mountPath: "/var/run/secrets/sts.amazonaws.com/serviceaccount/"
|
|
||||||
readOnly: true
|
|
||||||
env:
|
|
||||||
# -- "arn:aws:iam::${AWS::AccountId}:role/${AWS::Region}.${ClusterName}.externalDNS"
|
|
||||||
- name: AWS_ROLE_ARN
|
|
||||||
value: ""
|
|
||||||
- name: AWS_WEB_IDENTITY_TOKEN_FILE
|
|
||||||
value: "/var/run/secrets/sts.amazonaws.com/serviceaccount/token"
|
|
||||||
- name: AWS_STS_REGIONAL_ENDPOINTS
|
|
||||||
value: "regional"
|
|
||||||
|
@ -2,7 +2,7 @@
|
|||||||
|
|
||||||
![Version: 0.11.1](https://img.shields.io/badge/Version-0.11.1-informational?style=flat-square)
|
![Version: 0.11.1](https://img.shields.io/badge/Version-0.11.1-informational?style=flat-square)
|
||||||
|
|
||||||
KubeZero ArgoCD integration, config and branding as well as ArgoCD image-updater
|
KubeZero ArgoCD - config, branding, image-updater (optional)
|
||||||
|
|
||||||
**Homepage:** <https://kubezero.com>
|
**Homepage:** <https://kubezero.com>
|
||||||
|
|
||||||
@ -56,7 +56,15 @@ Kubernetes: `>= 1.24.0`
|
|||||||
| argo-cd.server.service.servicePortHttpsName | string | `"grpc"` | |
|
| argo-cd.server.service.servicePortHttpsName | string | `"grpc"` | |
|
||||||
| argocd-apps.applications | list | `[]` | |
|
| argocd-apps.applications | list | `[]` | |
|
||||||
| argocd-apps.projects | list | `[]` | |
|
| argocd-apps.projects | list | `[]` | |
|
||||||
|
| argocd-image-updater.authScripts.enabled | bool | `true` | |
|
||||||
|
| argocd-image-updater.authScripts.scripts."ecr-login.sh" | string | `"#!/bin/sh\naws ecr --region $AWS_REGION get-authorization-token --output text --query 'authorizationData[].authorizationToken' | base64 -d\n"` | |
|
||||||
|
| argocd-image-updater.authScripts.scripts."ecr-public-login.sh" | string | `"#!/bin/sh\naws ecr-public --region us-east-1 get-authorization-token --output text --query 'authorizationData.authorizationToken' | base64 -d\n"` | |
|
||||||
|
| argocd-image-updater.config.argocd.plaintext | bool | `true` | |
|
||||||
| argocd-image-updater.enabled | bool | `false` | |
|
| argocd-image-updater.enabled | bool | `false` | |
|
||||||
|
| argocd-image-updater.fullnameOverride | string | `"argocd-image-updater"` | |
|
||||||
|
| argocd-image-updater.metrics.enabled | bool | `false` | |
|
||||||
|
| argocd-image-updater.metrics.serviceMonitor.enabled | bool | `true` | |
|
||||||
|
| argocd-image-updater.sshConfig.config | string | `"Host *\n PubkeyAcceptedAlgorithms +ssh-rsa\n HostkeyAlgorithms +ssh-rsa\n"` | |
|
||||||
| istio.enabled | bool | `false` | Deploy Istio VirtualService to expose ArgoCD |
|
| istio.enabled | bool | `false` | Deploy Istio VirtualService to expose ArgoCD |
|
||||||
| istio.gateway | string | `"istio-ingress/ingressgateway"` | Name of the Istio gateway to add the VirtualService to |
|
| istio.gateway | string | `"istio-ingress/ingressgateway"` | Name of the Istio gateway to add the VirtualService to |
|
||||||
| istio.ipBlocks | list | `[]` | |
|
| istio.ipBlocks | list | `[]` | |
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
# kubezero-ci
|
# kubezero-ci
|
||||||
|
|
||||||
![Version: 0.5.17](https://img.shields.io/badge/Version-0.5.17-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
|
![Version: 0.5.20](https://img.shields.io/badge/Version-0.5.20-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
|
||||||
|
|
||||||
KubeZero umbrella chart for all things CI
|
KubeZero umbrella chart for all things CI
|
||||||
|
|
||||||
@ -20,8 +20,8 @@ Kubernetes: `>= 1.20.0`
|
|||||||
|------------|------|---------|
|
|------------|------|---------|
|
||||||
| https://aquasecurity.github.io/helm-charts/ | trivy | 0.4.17 |
|
| https://aquasecurity.github.io/helm-charts/ | trivy | 0.4.17 |
|
||||||
| https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.5 |
|
| https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.5 |
|
||||||
| https://charts.jenkins.io | jenkins | 4.2.10 |
|
| https://charts.jenkins.io | jenkins | 4.2.13 |
|
||||||
| https://dl.gitea.io/charts/ | gitea | 5.0.9 |
|
| https://dl.gitea.io/charts/ | gitea | 6.0.3 |
|
||||||
| https://gocd.github.io/helm-chart | gocd | 1.40.8 |
|
| https://gocd.github.io/helm-chart | gocd | 1.40.8 |
|
||||||
|
|
||||||
# Jenkins
|
# Jenkins
|
||||||
@ -54,7 +54,7 @@ Kubernetes: `>= 1.20.0`
|
|||||||
| gitea.gitea.metrics.enabled | bool | `false` | |
|
| gitea.gitea.metrics.enabled | bool | `false` | |
|
||||||
| gitea.gitea.metrics.serviceMonitor.enabled | bool | `false` | |
|
| gitea.gitea.metrics.serviceMonitor.enabled | bool | `false` | |
|
||||||
| gitea.image.rootless | bool | `true` | |
|
| gitea.image.rootless | bool | `true` | |
|
||||||
| gitea.image.tag | string | `"1.17.1"` | |
|
| gitea.image.tag | string | `"1.17.3"` | |
|
||||||
| gitea.istio.enabled | bool | `false` | |
|
| gitea.istio.enabled | bool | `false` | |
|
||||||
| gitea.istio.gateway | string | `"istio-ingress/private-ingressgateway"` | |
|
| gitea.istio.gateway | string | `"istio-ingress/private-ingressgateway"` | |
|
||||||
| gitea.istio.url | string | `"git.example.com"` | |
|
| gitea.istio.url | string | `"git.example.com"` | |
|
||||||
@ -85,7 +85,7 @@ Kubernetes: `>= 1.20.0`
|
|||||||
| jenkins.agent.resources.requests.cpu | string | `"512m"` | |
|
| jenkins.agent.resources.requests.cpu | string | `"512m"` | |
|
||||||
| jenkins.agent.resources.requests.memory | string | `"1024Mi"` | |
|
| jenkins.agent.resources.requests.memory | string | `"1024Mi"` | |
|
||||||
| jenkins.agent.showRawYaml | bool | `false` | |
|
| jenkins.agent.showRawYaml | bool | `false` | |
|
||||||
| jenkins.agent.tag | string | `"v0.4.0"` | |
|
| jenkins.agent.tag | string | `"v0.4.1"` | |
|
||||||
| jenkins.agent.yamlMergeStrategy | string | `"merge"` | |
|
| jenkins.agent.yamlMergeStrategy | string | `"merge"` | |
|
||||||
| jenkins.agent.yamlTemplate | string | `"apiVersion: v1\nkind: Pod\nspec:\n securityContext:\n fsGroup: 1000\n serviceAccountName: jenkins-podman-aws\n containers:\n - name: jnlp\n resources:\n limits:\n github.com/fuse: 1\n volumeMounts:\n - name: aws-token\n mountPath: \"/var/run/secrets/sts.amazonaws.com/serviceaccount/\"\n readOnly: true\n - name: host-registries-conf\n mountPath: \"/home/jenkins/.config/containers/registries.conf\"\n readOnly: true\n volumes:\n - name: aws-token\n projected:\n sources:\n - serviceAccountToken:\n path: token\n expirationSeconds: 86400\n audience: \"sts.amazonaws.com\"\n - name: host-registries-conf\n hostPath:\n path: /etc/containers/registries.conf\n type: File"` | |
|
| jenkins.agent.yamlTemplate | string | `"apiVersion: v1\nkind: Pod\nspec:\n securityContext:\n fsGroup: 1000\n serviceAccountName: jenkins-podman-aws\n containers:\n - name: jnlp\n resources:\n limits:\n github.com/fuse: 1\n volumeMounts:\n - name: aws-token\n mountPath: \"/var/run/secrets/sts.amazonaws.com/serviceaccount/\"\n readOnly: true\n - name: host-registries-conf\n mountPath: \"/home/jenkins/.config/containers/registries.conf\"\n readOnly: true\n volumes:\n - name: aws-token\n projected:\n sources:\n - serviceAccountToken:\n path: token\n expirationSeconds: 86400\n audience: \"sts.amazonaws.com\"\n - name: host-registries-conf\n hostPath:\n path: /etc/containers/registries.conf\n type: File"` | |
|
||||||
| jenkins.controller.JCasC.configScripts.zdt-settings | string | `"jenkins:\n noUsageStatistics: true\n disabledAdministrativeMonitors:\n - \"jenkins.security.ResourceDomainRecommendation\"\nunclassified:\n buildDiscarders:\n configuredBuildDiscarders:\n - \"jobBuildDiscarder\"\n - defaultBuildDiscarder:\n discarder:\n logRotator:\n artifactDaysToKeepStr: \"32\"\n artifactNumToKeepStr: \"10\"\n daysToKeepStr: \"100\"\n numToKeepStr: \"10\"\n"` | |
|
| jenkins.controller.JCasC.configScripts.zdt-settings | string | `"jenkins:\n noUsageStatistics: true\n disabledAdministrativeMonitors:\n - \"jenkins.security.ResourceDomainRecommendation\"\nunclassified:\n buildDiscarders:\n configuredBuildDiscarders:\n - \"jobBuildDiscarder\"\n - defaultBuildDiscarder:\n discarder:\n logRotator:\n artifactDaysToKeepStr: \"32\"\n artifactNumToKeepStr: \"10\"\n daysToKeepStr: \"100\"\n numToKeepStr: \"10\"\n"` | |
|
||||||
@ -97,9 +97,9 @@ Kubernetes: `>= 1.20.0`
|
|||||||
| jenkins.controller.initContainerResources.requests.memory | string | `"256Mi"` | |
|
| jenkins.controller.initContainerResources.requests.memory | string | `"256Mi"` | |
|
||||||
| jenkins.controller.installPlugins[0] | string | `"kubernetes:3734.v562b_b_a_627ea_c"` | |
|
| jenkins.controller.installPlugins[0] | string | `"kubernetes:3734.v562b_b_a_627ea_c"` | |
|
||||||
| jenkins.controller.installPlugins[1] | string | `"workflow-aggregator:581.v0c46fa_697ffd"` | |
|
| jenkins.controller.installPlugins[1] | string | `"workflow-aggregator:581.v0c46fa_697ffd"` | |
|
||||||
| jenkins.controller.installPlugins[2] | string | `"git:4.13.0"` | |
|
| jenkins.controller.installPlugins[2] | string | `"git:4.14.1"` | |
|
||||||
| jenkins.controller.installPlugins[3] | string | `"configuration-as-code:1569.vb_72405b_80249"` | |
|
| jenkins.controller.installPlugins[3] | string | `"configuration-as-code:1569.vb_72405b_80249"` | |
|
||||||
| jenkins.controller.installPlugins[4] | string | `"antisamy-markup-formatter:2.7"` | |
|
| jenkins.controller.installPlugins[4] | string | `"antisamy-markup-formatter:155.v795fb_8702324"` | |
|
||||||
| jenkins.controller.installPlugins[5] | string | `"prometheus:2.0.11"` | |
|
| jenkins.controller.installPlugins[5] | string | `"prometheus:2.0.11"` | |
|
||||||
| jenkins.controller.installPlugins[6] | string | `"htmlpublisher:1.31"` | |
|
| jenkins.controller.installPlugins[6] | string | `"htmlpublisher:1.31"` | |
|
||||||
| jenkins.controller.installPlugins[7] | string | `"build-discarder:139.v05696a_7fe240"` | |
|
| jenkins.controller.installPlugins[7] | string | `"build-discarder:139.v05696a_7fe240"` | |
|
||||||
@ -129,7 +129,7 @@ Kubernetes: `>= 1.20.0`
|
|||||||
| jenkins.serviceAccountAgent.create | bool | `true` | |
|
| jenkins.serviceAccountAgent.create | bool | `true` | |
|
||||||
| jenkins.serviceAccountAgent.name | string | `"jenkins-podman-aws"` | |
|
| jenkins.serviceAccountAgent.name | string | `"jenkins-podman-aws"` | |
|
||||||
| trivy.enabled | bool | `false` | |
|
| trivy.enabled | bool | `false` | |
|
||||||
|
| trivy.image.tag | string | `"0.34.0"` | |
|
||||||
| trivy.persistence.enabled | bool | `true` | |
|
| trivy.persistence.enabled | bool | `true` | |
|
||||||
| trivy.persistence.size | string | `"1Gi"` | |
|
| trivy.persistence.size | string | `"1Gi"` | |
|
||||||
| trivy.rbac.create | bool | `false` | |
|
| trivy.rbac.create | bool | `false` | |
|
||||||
| trivy.rbac.pspEnabled | bool | `false` | |
|
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
# kubezero-mq
|
# kubezero-mq
|
||||||
|
|
||||||
![Version: 0.3.0](https://img.shields.io/badge/Version-0.3.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
|
![Version: 0.3.3](https://img.shields.io/badge/Version-0.3.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
|
||||||
|
|
||||||
KubeZero umbrella chart for MQ systems like NATS, RabbitMQ
|
KubeZero umbrella chart for MQ systems like NATS, RabbitMQ
|
||||||
|
|
||||||
@ -20,7 +20,8 @@ Kubernetes: `>= 1.20.0`
|
|||||||
|------------|------|---------|
|
|------------|------|---------|
|
||||||
| | nats | 0.8.4 |
|
| | nats | 0.8.4 |
|
||||||
| https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.5 |
|
| https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.5 |
|
||||||
| https://charts.bitnami.com/bitnami | rabbitmq | 11.1.1 |
|
| https://charts.bitnami.com/bitnami | rabbitmq | 11.1.5 |
|
||||||
|
| https://charts.bitnami.com/bitnami | rabbitmq-cluster-operator | 3.1.4 |
|
||||||
|
|
||||||
## Values
|
## Values
|
||||||
|
|
||||||
@ -34,20 +35,30 @@ Kubernetes: `>= 1.20.0`
|
|||||||
| nats.nats.advertise | bool | `false` | |
|
| nats.nats.advertise | bool | `false` | |
|
||||||
| nats.nats.jetstream.enabled | bool | `true` | |
|
| nats.nats.jetstream.enabled | bool | `true` | |
|
||||||
| nats.natsbox.enabled | bool | `false` | |
|
| nats.natsbox.enabled | bool | `false` | |
|
||||||
|
| rabbitmq-cluster-operator.clusterOperator.metrics.enabled | bool | `false` | |
|
||||||
|
| rabbitmq-cluster-operator.clusterOperator.metrics.serviceMonitor.enabled | bool | `true` | |
|
||||||
|
| rabbitmq-cluster-operator.enabled | bool | `false` | |
|
||||||
|
| rabbitmq-cluster-operator.msgTopologyOperator.metrics.enabled | bool | `false` | |
|
||||||
|
| rabbitmq-cluster-operator.msgTopologyOperator.metrics.serviceMonitor.enabled | bool | `true` | |
|
||||||
|
| rabbitmq-cluster-operator.rabbitmqImage.tag | string | `"3.11.4-debian-11-r0"` | |
|
||||||
|
| rabbitmq-cluster-operator.useCertManager | bool | `true` | |
|
||||||
| rabbitmq.auth.existingErlangSecret | string | `"rabbitmq"` | |
|
| rabbitmq.auth.existingErlangSecret | string | `"rabbitmq"` | |
|
||||||
| rabbitmq.auth.existingPasswordSecret | string | `"rabbitmq"` | |
|
| rabbitmq.auth.existingPasswordSecret | string | `"rabbitmq"` | |
|
||||||
| rabbitmq.auth.tls.enabled | bool | `false` | |
|
| rabbitmq.auth.tls.enabled | bool | `false` | |
|
||||||
| rabbitmq.auth.tls.existingSecret | string | `"rabbitmq-server-certificate"` | |
|
| rabbitmq.auth.tls.existingSecret | string | `"rabbitmq-server-certificate"` | |
|
||||||
| rabbitmq.auth.tls.existingSecretFullChain | bool | `true` | |
|
| rabbitmq.auth.tls.existingSecretFullChain | bool | `true` | |
|
||||||
| rabbitmq.auth.tls.failIfNoPeerCert | bool | `false` | |
|
| rabbitmq.auth.tls.failIfNoPeerCert | bool | `false` | |
|
||||||
| rabbitmq.clustering.forceBoot | bool | `true` | |
|
| rabbitmq.clustering.enabled | bool | `false` | |
|
||||||
|
| rabbitmq.clustering.forceBoot | bool | `false` | |
|
||||||
| rabbitmq.enabled | bool | `false` | |
|
| rabbitmq.enabled | bool | `false` | |
|
||||||
| rabbitmq.hosts | list | `[]` | hostnames of rabbitmq services, used for Istio and TLS |
|
| rabbitmq.hosts | list | `[]` | hostnames of rabbitmq services, used for Istio and TLS |
|
||||||
| rabbitmq.istio.enabled | bool | `false` | |
|
| rabbitmq.istio.enabled | bool | `false` | |
|
||||||
| rabbitmq.istio.gateway | string | `"istio-ingress/private-ingressgateway"` | |
|
| rabbitmq.istio.gateway | string | `"istio-ingress/private-ingressgateway"` | |
|
||||||
|
| rabbitmq.istio.mqtts | bool | `false` | |
|
||||||
| rabbitmq.metrics.enabled | bool | `false` | |
|
| rabbitmq.metrics.enabled | bool | `false` | |
|
||||||
| rabbitmq.metrics.serviceMonitor.enabled | bool | `false` | |
|
| rabbitmq.metrics.serviceMonitor.enabled | bool | `true` | |
|
||||||
| rabbitmq.pdb.create | bool | `true` | |
|
| rabbitmq.pdb.create | bool | `false` | |
|
||||||
|
| rabbitmq.persistence.size | string | `"2Gi"` | |
|
||||||
| rabbitmq.podAntiAffinityPreset | string | `""` | |
|
| rabbitmq.podAntiAffinityPreset | string | `""` | |
|
||||||
| rabbitmq.replicaCount | int | `1` | |
|
| rabbitmq.replicaCount | int | `1` | |
|
||||||
| rabbitmq.resources.requests.cpu | string | `"100m"` | |
|
| rabbitmq.resources.requests.cpu | string | `"100m"` | |
|
||||||
|
@ -30,11 +30,12 @@ Kubernetes: `>= 1.24.0`
|
|||||||
| addons.enabled | bool | `true` | |
|
| addons.enabled | bool | `true` | |
|
||||||
| addons.external-dns.enabled | bool | `false` | |
|
| addons.external-dns.enabled | bool | `false` | |
|
||||||
| addons.forseti.enabled | bool | `false` | |
|
| addons.forseti.enabled | bool | `false` | |
|
||||||
| addons.targetRevision | string | `"0.7.0"` | |
|
| addons.targetRevision | string | `"0.7.1"` | |
|
||||||
|
| argocd.argocd-image-updater.enabled | bool | `false` | |
|
||||||
| argocd.enabled | bool | `false` | |
|
| argocd.enabled | bool | `false` | |
|
||||||
| argocd.istio.enabled | bool | `false` | |
|
| argocd.istio.enabled | bool | `false` | |
|
||||||
| argocd.namespace | string | `"argocd"` | |
|
| argocd.namespace | string | `"argocd"` | |
|
||||||
| argocd.targetRevision | string | `"0.10.2"` | |
|
| argocd.targetRevision | string | `"0.11.1"` | |
|
||||||
| cert-manager.enabled | bool | `false` | |
|
| cert-manager.enabled | bool | `false` | |
|
||||||
| cert-manager.namespace | string | `"cert-manager"` | |
|
| cert-manager.namespace | string | `"cert-manager"` | |
|
||||||
| cert-manager.targetRevision | string | `"0.9.3"` | |
|
| cert-manager.targetRevision | string | `"0.9.3"` | |
|
||||||
|
@ -77,6 +77,18 @@ external-dns:
|
|||||||
value: "regional"
|
value: "regional"
|
||||||
- name: METADATA_TRIES
|
- name: METADATA_TRIES
|
||||||
value: "0"
|
value: "0"
|
||||||
|
extraVolumes:
|
||||||
|
- name: aws-token
|
||||||
|
projected:
|
||||||
|
sources:
|
||||||
|
- serviceAccountToken:
|
||||||
|
path: token
|
||||||
|
expirationSeconds: 86400
|
||||||
|
audience: "sts.amazonaws.com"
|
||||||
|
extraVolumeMounts:
|
||||||
|
- name: aws-token
|
||||||
|
mountPath: "/var/run/secrets/sts.amazonaws.com/serviceaccount/"
|
||||||
|
readOnly: true
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
|
||||||
cluster-autoscaler:
|
cluster-autoscaler:
|
||||||
|
@ -1,6 +1,11 @@
|
|||||||
{{- define "argocd-values" }}
|
{{- define "argocd-values" }}
|
||||||
|
|
||||||
argo-cd:
|
argo-cd:
|
||||||
|
{{- with index .Values "argocd" "configs" }}
|
||||||
|
configs:
|
||||||
|
{{- toYaml . | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
controller:
|
controller:
|
||||||
metrics:
|
metrics:
|
||||||
enabled: {{ .Values.metrics.enabled }}
|
enabled: {{ .Values.metrics.enabled }}
|
||||||
@ -10,10 +15,9 @@ argo-cd:
|
|||||||
server:
|
server:
|
||||||
metrics:
|
metrics:
|
||||||
enabled: {{ .Values.metrics.enabled }}
|
enabled: {{ .Values.metrics.enabled }}
|
||||||
{{- with index .Values "argocd" "server" }}
|
|
||||||
{{- toYaml . | nindent 4 }}
|
argocd-apps:
|
||||||
{{- end }}
|
projects:
|
||||||
additionalProjects:
|
|
||||||
- name: kubezero
|
- name: kubezero
|
||||||
namespace: argocd
|
namespace: argocd
|
||||||
description: KubeZero - ZeroDownTime Kubernetes Platform
|
description: KubeZero - ZeroDownTime Kubernetes Platform
|
||||||
@ -28,7 +32,7 @@ argo-cd:
|
|||||||
clusterResourceWhitelist:
|
clusterResourceWhitelist:
|
||||||
- group: '*'
|
- group: '*'
|
||||||
kind: '*'
|
kind: '*'
|
||||||
additionalApplications:
|
applications:
|
||||||
- name: kubezero-git-sync
|
- name: kubezero-git-sync
|
||||||
namespace: argocd
|
namespace: argocd
|
||||||
project: kubezero
|
project: kubezero
|
||||||
@ -47,13 +51,44 @@ argo-cd:
|
|||||||
{{- with .Values.kubezero.syncPolicy }}
|
{{- with .Values.kubezero.syncPolicy }}
|
||||||
syncPolicy:
|
syncPolicy:
|
||||||
{{- toYaml . | nindent 8 }}
|
{{- toYaml . | nindent 8 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
|
||||||
{{- with index .Values "argocd" "configs" }}
|
argocd-image-updater:
|
||||||
configs:
|
enabled: {{ default "false" (index .Values "argocd" "argocd-image-updater" "enabled") }}
|
||||||
{{- toYaml . | nindent 4 }}
|
|
||||||
|
{{- with omit (index .Values "argocd" "argocd-image-updater") "enabled" }}
|
||||||
|
{{- toYaml . | nindent 2 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
|
||||||
|
{{- if .Values.global.aws }}
|
||||||
|
extraEnv:
|
||||||
|
- name: AWS_ROLE_ARN
|
||||||
|
value: "arn:aws:iam::{{ .Values.global.aws.accountId }}:role/{{ .Values.global.aws.region }}.{{ .Values.global.clusterName }}.argocd-image-updater"
|
||||||
|
- name: AWS_WEB_IDENTITY_TOKEN_FILE
|
||||||
|
value: "/var/run/secrets/sts.amazonaws.com/serviceaccount/token"
|
||||||
|
- name: AWS_STS_REGIONAL_ENDPOINTS
|
||||||
|
value: "regional"
|
||||||
|
- name: METADATA_TRIES
|
||||||
|
value: "0"
|
||||||
|
- name: AWS_REGION
|
||||||
|
value: {{ .Values.global.aws.region }}
|
||||||
|
volumes:
|
||||||
|
- name: aws-token
|
||||||
|
projected:
|
||||||
|
sources:
|
||||||
|
- serviceAccountToken:
|
||||||
|
path: token
|
||||||
|
expirationSeconds: 86400
|
||||||
|
audience: "sts.amazonaws.com"
|
||||||
|
volumeMounts:
|
||||||
|
- name: aws-token
|
||||||
|
mountPath: "/var/run/secrets/sts.amazonaws.com/serviceaccount/"
|
||||||
|
readOnly: true
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
metrics:
|
||||||
|
enabled: {{ .Values.metrics.enabled }}
|
||||||
|
|
||||||
{{- if and ( index .Values "argocd" "istio" "enabled" ) .Values.istio.enabled }}
|
{{- if and ( index .Values "argocd" "istio" "enabled" ) .Values.istio.enabled }}
|
||||||
istio:
|
istio:
|
||||||
{{- with index .Values "argocd" "istio" }}
|
{{- with index .Values "argocd" "istio" }}
|
||||||
|
@ -10,7 +10,7 @@ global:
|
|||||||
|
|
||||||
addons:
|
addons:
|
||||||
enabled: true
|
enabled: true
|
||||||
targetRevision: 0.7.0
|
targetRevision: 0.7.1
|
||||||
external-dns:
|
external-dns:
|
||||||
enabled: false
|
enabled: false
|
||||||
forseti:
|
forseti:
|
||||||
@ -79,6 +79,8 @@ logging:
|
|||||||
argocd:
|
argocd:
|
||||||
enabled: false
|
enabled: false
|
||||||
namespace: argocd
|
namespace: argocd
|
||||||
targetRevision: 0.10.2
|
targetRevision: 0.11.1
|
||||||
|
argocd-image-updater:
|
||||||
|
enabled: false
|
||||||
istio:
|
istio:
|
||||||
enabled: false
|
enabled: false
|
||||||
|
Loading…
Reference in New Issue
Block a user