diff --git a/charts/kubeadm/templates/_helpers.tpl b/charts/kubeadm/templates/_helpers.tpl index 88f32ed8..b0b26095 100644 --- a/charts/kubeadm/templates/_helpers.tpl +++ b/charts/kubeadm/templates/_helpers.tpl @@ -1,10 +1,11 @@ {{- /* Feature gates for all control plane components */ -}} -{{- /* Issues: "MemoryQoS" */ -}} -{{- /* v1.30?: "NodeSwap" */ -}} -{{- /* v1.29: remove/beta now "SidecarContainers" */ -}} -{{- /* v1.28: "PodAndContainerStatsFromCRI" still not working */ -}} +{{- /* Issues: MemoryQoS */ -}} +{{- /* v1.28: PodAndContainerStatsFromCRI still not working */ -}} +{{- /* v1.28: UnknownVersionInteroperabilityProxy requires StorageVersionAPI which is still alpha in 1.30 */ -}} +{{- /* v1.29: remove/beta SidecarContainers */ -}} +{{- /* v1.30: remove/beta KubeProxyDrainingTerminatingNodes */ -}} {{- define "kubeadm.featuregates" }} -{{- $gates := list "CustomCPUCFSQuotaPeriod" "SidecarContainers" }} +{{- $gates := list "CustomCPUCFSQuotaPeriod" "SidecarContainers" "KubeProxyDrainingTerminatingNodes" }} {{- if eq .return "csv" }} {{- range $key := $gates }} {{- $key }}=true, diff --git a/charts/kubezero-ci/README.md b/charts/kubezero-ci/README.md index 74032a56..3754925d 100644 --- a/charts/kubezero-ci/README.md +++ b/charts/kubezero-ci/README.md @@ -67,7 +67,7 @@ Kubernetes: `>= 1.25.0` | gitea.gitea.metrics.enabled | bool | `false` | | | gitea.gitea.metrics.serviceMonitor.enabled | bool | `true` | | | gitea.image.rootless | bool | `true` | | -| gitea.image.tag | string | `"1.21.9"` | | +| gitea.image.tag | string | `"1.21.11"` | | | gitea.istio.enabled | bool | `false` | | | gitea.istio.gateway | string | `"istio-ingress/private-ingressgateway"` | | | gitea.istio.url | string | `"git.example.com"` | | @@ -103,7 +103,11 @@ Kubernetes: `>= 1.25.0` | jenkins.agent.showRawYaml | bool | `false` | | | jenkins.agent.yamlMergeStrategy | string | `"merge"` | | | jenkins.agent.yamlTemplate | string | `"apiVersion: v1\nkind: Pod\nspec:\n securityContext:\n fsGroup: 1000\n containers:\n - name: jnlp\n resources:\n requests:\n cpu: \"512m\"\n memory: \"1024Mi\"\n limits:\n cpu: \"4\"\n memory: \"6144Mi\"\n github.com/fuse: 1\n volumeMounts:\n - name: aws-token\n mountPath: \"/var/run/secrets/sts.amazonaws.com/serviceaccount/\"\n readOnly: true\n - name: host-registries-conf\n mountPath: \"/home/jenkins/.config/containers/registries.conf\"\n readOnly: true\n volumes:\n - name: aws-token\n projected:\n sources:\n - serviceAccountToken:\n path: token\n expirationSeconds: 86400\n audience: \"sts.amazonaws.com\"\n - name: host-registries-conf\n hostPath:\n path: /etc/containers/registries.conf\n type: File"` | | -| jenkins.controller.JCasC.configScripts.zdt-settings | string | `"jenkins:\n noUsageStatistics: true\n disabledAdministrativeMonitors:\n - \"jenkins.security.ResourceDomainRecommendation\"\nappearance:\n themeManager:\n disableUserThemes: true\n theme: \"dark\"\nunclassified:\n buildDiscarders:\n configuredBuildDiscarders:\n - \"jobBuildDiscarder\"\n - defaultBuildDiscarder:\n discarder:\n logRotator:\n artifactDaysToKeepStr: \"32\"\n artifactNumToKeepStr: \"10\"\n daysToKeepStr: \"100\"\n numToKeepStr: \"10\"\n"` | | +| jenkins.controller.JCasC.configScripts.zdt-settings | string | `"jenkins:\n noUsageStatistics: true\n disabledAdministrativeMonitors:\n - \"jenkins.security.ResourceDomainRecommendation\"\nappearance:\n themeManager:\n disableUserThemes: true\n theme: \"dark\"\nunclassified:\n openTelemetry:\n configurationProperties: |-\n otel.exporter.otlp.protocol=grpc\n otel.instrumentation.jenkins.web.enabled=false\n ignoredSteps: \"dir,echo,isUnix,pwd,properties\"\n #endpoint: \"telemetry-jaeger-collector.telemetry:4317\"\n exportOtelConfigurationAsEnvironmentVariables: false\n #observabilityBackends:\n # - jaeger:\n # jaegerBaseUrl: \"https://jaeger.example.com\"\n # name: \"KubeZero Jaeger\"\n serviceName: \"Jenkins\"\n buildDiscarders:\n configuredBuildDiscarders:\n - \"jobBuildDiscarder\"\n - defaultBuildDiscarder:\n discarder:\n logRotator:\n artifactDaysToKeepStr: \"32\"\n artifactNumToKeepStr: \"10\"\n daysToKeepStr: \"100\"\n numToKeepStr: \"10\"\n"` | | +| jenkins.controller.containerEnv[0].name | string | `"OTEL_LOGS_EXPORTER"` | | +| jenkins.controller.containerEnv[0].value | string | `"none"` | | +| jenkins.controller.containerEnv[1].name | string | `"OTEL_METRICS_EXPORTER"` | | +| jenkins.controller.containerEnv[1].value | string | `"none"` | | | jenkins.controller.disableRememberMe | bool | `true` | | | jenkins.controller.enableRawHtmlMarkupFormatter | bool | `true` | | | jenkins.controller.image.tag | string | `"alpine-jdk17"` | | @@ -116,6 +120,7 @@ Kubernetes: `>= 1.25.0` | jenkins.controller.installPlugins[12] | string | `"dark-theme"` | | | jenkins.controller.installPlugins[13] | string | `"matrix-auth"` | | | jenkins.controller.installPlugins[14] | string | `"reverse-proxy-auth-plugin"` | | +| jenkins.controller.installPlugins[15] | string | `"opentelemetry"` | | | jenkins.controller.installPlugins[1] | string | `"kubernetes-credentials-provider"` | | | jenkins.controller.installPlugins[2] | string | `"workflow-aggregator"` | | | jenkins.controller.installPlugins[3] | string | `"git"` | | @@ -154,7 +159,7 @@ Kubernetes: `>= 1.25.0` | renovate.env.LOG_FORMAT | string | `"json"` | | | renovate.securityContext.fsGroup | int | `1000` | | | trivy.enabled | bool | `false` | | -| trivy.image.tag | string | `"0.49.1"` | | +| trivy.image.tag | string | `"0.50.1"` | | | trivy.persistence.enabled | bool | `true` | | | trivy.persistence.size | string | `"1Gi"` | | | trivy.rbac.create | bool | `false` | | diff --git a/charts/kubezero-ci/values.yaml b/charts/kubezero-ci/values.yaml index 88b9c5ad..0a29ca20 100644 --- a/charts/kubezero-ci/values.yaml +++ b/charts/kubezero-ci/values.yaml @@ -2,7 +2,7 @@ gitea: enabled: false image: - tag: 1.21.9 + tag: 1.21.11 rootless: true repliaCount: 1 @@ -103,6 +103,13 @@ jenkins: javaOpts: "-XX:+UseContainerSupport -XX:+UseStringDeduplication -Dhudson.model.DirectoryBrowserSupport.CSP=\"sandbox allow-popups; default-src 'none'; img-src 'self' cdn.zero-downtime.net; style-src 'unsafe-inline';\"" jenkinsOpts: "--sessionTimeout=300 --sessionEviction=10800" + # Until we setup the logging and metrics pipelines in OTEL + containerEnv: + - name: OTEL_LOGS_EXPORTER + value: "none" + - name: OTEL_METRICS_EXPORTER + value: "none" + resources: requests: cpu: "250m" @@ -130,6 +137,18 @@ jenkins: disableUserThemes: true theme: "dark" unclassified: + openTelemetry: + configurationProperties: |- + otel.exporter.otlp.protocol=grpc + otel.instrumentation.jenkins.web.enabled=false + ignoredSteps: "dir,echo,isUnix,pwd,properties" + #endpoint: "telemetry-jaeger-collector.telemetry:4317" + exportOtelConfigurationAsEnvironmentVariables: false + #observabilityBackends: + # - jaeger: + # jaegerBaseUrl: "https://jaeger.example.com" + # name: "KubeZero Jaeger" + serviceName: "Jenkins" buildDiscarders: configuredBuildDiscarders: - "jobBuildDiscarder" @@ -157,6 +176,7 @@ jenkins: - dark-theme - matrix-auth - reverse-proxy-auth-plugin + - opentelemetry serviceAccountAgent: create: true @@ -255,7 +275,7 @@ jenkins: trivy: enabled: false image: - tag: 0.49.1 + tag: 0.50.1 persistence: enabled: true size: 1Gi diff --git a/charts/kubezero-telemetry/templates/opensearch/cluster.yaml b/charts/kubezero-telemetry/templates/opensearch/cluster.yaml index a8411d49..f8ba2691 100644 --- a/charts/kubezero-telemetry/templates/opensearch/cluster.yaml +++ b/charts/kubezero-telemetry/templates/opensearch/cluster.yaml @@ -55,6 +55,10 @@ spec: roles: - "cluster_manager" - "data" + {{- if gt (int .replicas) 1 }} + pdb: + enable: true + maxUnavailable: 1 topologySpreadConstraints: - maxSkew: 1 topologyKey: kubernetes.io/hostname @@ -62,6 +66,7 @@ spec: labelSelector: matchLabels: opster.io/opensearch-cluster: {{ template "kubezero-lib.fullname" $ }} + {{- end }} additionalConfig: index.codec: zstd_no_dict indices.time_series_index.default_index_merge_policy: log_byte_size diff --git a/charts/kubezero-telemetry/values.yaml b/charts/kubezero-telemetry/values.yaml index e0c84c23..7862c99f 100644 --- a/charts/kubezero-telemetry/values.yaml +++ b/charts/kubezero-telemetry/values.yaml @@ -18,6 +18,9 @@ jaeger: http: name: otlp-http port: 4318 + extraEnv: + - name: ES_TAGS_AS_FIELDS_ALL + value: "true" serviceMonitor: enabled: false diff --git a/charts/kubezero/templates/network.yaml b/charts/kubezero/templates/network.yaml index 77002f02..47ac8558 100644 --- a/charts/kubezero/templates/network.yaml +++ b/charts/kubezero/templates/network.yaml @@ -23,6 +23,9 @@ cilium: enabled: {{ .Values.metrics.enabled }} operator: + {{- if .Values.global.highAvailable }} + replicas: 2 + {{- end }} prometheus: enabled: {{ .Values.metrics.enabled }} serviceMonitor: diff --git a/docs/v1.28.md b/docs/v1.28.md index 514b6b18..461fba73 100644 --- a/docs/v1.28.md +++ b/docs/v1.28.md @@ -16,5 +16,6 @@ ### FeatureGates - CustomCPUCFSQuotaPeriod - SidecarContainers +- KubeProxyDrainingTerminatingNodes ## Known issues