ZeroDownTime/KubeZero
3
0
Fork 0
Code Issues 1 Pull Requests 25 Packages Projects Releases Wiki Activity

fix: minor fixes for CI and Telemetry

Browse Source
This commit is contained in:
Stefan Reimer 2024-04-25 15:36:09 +00:00
parent 71c0e96491
commit 2a849944c9
7 changed files with 48 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
charts/kubeadm/templates/_helpers.tpl
View File

@ -1,10 +1,11 @@
{{- /* Feature gates for all control plane components */ -}} {{- /* Feature gates for all control plane components */ -}}
{{- /* Issues: "MemoryQoS" */ -}} {{- /* Issues: MemoryQoS */ -}}
{{- /* v1.30?: "NodeSwap" */ -}} {{- /* v1.28: PodAndContainerStatsFromCRI still not working */ -}}
{{- /* v1.29: remove/beta now "SidecarContainers" */ -}} {{- /* v1.28: UnknownVersionInteroperabilityProxy requires StorageVersionAPI which is still alpha in 1.30 */ -}}
{{- /* v1.28: "PodAndContainerStatsFromCRI" still not working */ -}} {{- /* v1.29: remove/beta SidecarContainers */ -}}
{{- /* v1.30: remove/beta KubeProxyDrainingTerminatingNodes */ -}}
{{- define "kubeadm.featuregates" }} {{- define "kubeadm.featuregates" }}
{{- $gates := list "CustomCPUCFSQuotaPeriod" "SidecarContainers" }} {{- $gates := list "CustomCPUCFSQuotaPeriod" "SidecarContainers" "KubeProxyDrainingTerminatingNodes" }}
{{- if eq .return "csv" }} {{- if eq .return "csv" }}
{{- range $key := $gates }} {{- range $key := $gates }}
{{- $key }}=true, {{- $key }}=true,

11
charts/kubezero-ci/README.md
View File

@ -67,7 +67,7 @@ Kubernetes: `>= 1.25.0`
| gitea.gitea.metrics.enabled | bool | `false` | | | gitea.gitea.metrics.enabled | bool | `false` | |
| gitea.gitea.metrics.serviceMonitor.enabled | bool | `true` | | | gitea.gitea.metrics.serviceMonitor.enabled | bool | `true` | |
| gitea.image.rootless | bool | `true` | | | gitea.image.rootless | bool | `true` | |
| gitea.image.tag | string | `"1.21.9"` | | | gitea.image.tag | string | `"1.21.11"` | |
| gitea.istio.enabled | bool | `false` | | | gitea.istio.enabled | bool | `false` | |
| gitea.istio.gateway | string | `"istio-ingress/private-ingressgateway"` | | | gitea.istio.gateway | string | `"istio-ingress/private-ingressgateway"` | |
| gitea.istio.url | string | `"git.example.com"` | | | gitea.istio.url | string | `"git.example.com"` | |
@ -103,7 +103,11 @@ Kubernetes: `>= 1.25.0`
| jenkins.agent.showRawYaml | bool | `false` | | | jenkins.agent.showRawYaml | bool | `false` | |
| jenkins.agent.yamlMergeStrategy | string | `"merge"` | | | jenkins.agent.yamlMergeStrategy | string | `"merge"` | |
| jenkins.agent.yamlTemplate | string | `"apiVersion: v1\nkind: Pod\nspec:\n securityContext:\n fsGroup: 1000\n containers:\n - name: jnlp\n resources:\n requests:\n cpu: \"512m\"\n memory: \"1024Mi\"\n limits:\n cpu: \"4\"\n memory: \"6144Mi\"\n github.com/fuse: 1\n volumeMounts:\n - name: aws-token\n mountPath: \"/var/run/secrets/sts.amazonaws.com/serviceaccount/\"\n readOnly: true\n - name: host-registries-conf\n mountPath: \"/home/jenkins/.config/containers/registries.conf\"\n readOnly: true\n volumes:\n - name: aws-token\n projected:\n sources:\n - serviceAccountToken:\n path: token\n expirationSeconds: 86400\n audience: \"sts.amazonaws.com\"\n - name: host-registries-conf\n hostPath:\n path: /etc/containers/registries.conf\n type: File"` | | | jenkins.agent.yamlTemplate | string | `"apiVersion: v1\nkind: Pod\nspec:\n securityContext:\n fsGroup: 1000\n containers:\n - name: jnlp\n resources:\n requests:\n cpu: \"512m\"\n memory: \"1024Mi\"\n limits:\n cpu: \"4\"\n memory: \"6144Mi\"\n github.com/fuse: 1\n volumeMounts:\n - name: aws-token\n mountPath: \"/var/run/secrets/sts.amazonaws.com/serviceaccount/\"\n readOnly: true\n - name: host-registries-conf\n mountPath: \"/home/jenkins/.config/containers/registries.conf\"\n readOnly: true\n volumes:\n - name: aws-token\n projected:\n sources:\n - serviceAccountToken:\n path: token\n expirationSeconds: 86400\n audience: \"sts.amazonaws.com\"\n - name: host-registries-conf\n hostPath:\n path: /etc/containers/registries.conf\n type: File"` | |
| jenkins.controller.JCasC.configScripts.zdt-settings | string | `"jenkins:\n noUsageStatistics: true\n disabledAdministrativeMonitors:\n - \"jenkins.security.ResourceDomainRecommendation\"\nappearance:\n themeManager:\n disableUserThemes: true\n theme: \"dark\"\nunclassified:\n buildDiscarders:\n configuredBuildDiscarders:\n - \"jobBuildDiscarder\"\n - defaultBuildDiscarder:\n discarder:\n logRotator:\n artifactDaysToKeepStr: \"32\"\n artifactNumToKeepStr: \"10\"\n daysToKeepStr: \"100\"\n numToKeepStr: \"10\"\n"` | | | jenkins.controller.JCasC.configScripts.zdt-settings | string | `"jenkins:\n noUsageStatistics: true\n disabledAdministrativeMonitors:\n - \"jenkins.security.ResourceDomainRecommendation\"\nappearance:\n themeManager:\n disableUserThemes: true\n theme: \"dark\"\nunclassified:\n openTelemetry:\n configurationProperties: |-\n otel.exporter.otlp.protocol=grpc\n otel.instrumentation.jenkins.web.enabled=false\n ignoredSteps: \"dir,echo,isUnix,pwd,properties\"\n #endpoint: \"telemetry-jaeger-collector.telemetry:4317\"\n exportOtelConfigurationAsEnvironmentVariables: false\n #observabilityBackends:\n # - jaeger:\n # jaegerBaseUrl: \"https://jaeger.example.com\"\n # name: \"KubeZero Jaeger\"\n serviceName: \"Jenkins\"\n buildDiscarders:\n configuredBuildDiscarders:\n - \"jobBuildDiscarder\"\n - defaultBuildDiscarder:\n discarder:\n logRotator:\n artifactDaysToKeepStr: \"32\"\n artifactNumToKeepStr: \"10\"\n daysToKeepStr: \"100\"\n numToKeepStr: \"10\"\n"` | |
| jenkins.controller.containerEnv[0].name | string | `"OTEL_LOGS_EXPORTER"` | |
| jenkins.controller.containerEnv[0].value | string | `"none"` | |
| jenkins.controller.containerEnv[1].name | string | `"OTEL_METRICS_EXPORTER"` | |
| jenkins.controller.containerEnv[1].value | string | `"none"` | |
| jenkins.controller.disableRememberMe | bool | `true` | | | jenkins.controller.disableRememberMe | bool | `true` | |
| jenkins.controller.enableRawHtmlMarkupFormatter | bool | `true` | | | jenkins.controller.enableRawHtmlMarkupFormatter | bool | `true` | |
| jenkins.controller.image.tag | string | `"alpine-jdk17"` | | | jenkins.controller.image.tag | string | `"alpine-jdk17"` | |
@ -116,6 +120,7 @@ Kubernetes: `>= 1.25.0`
| jenkins.controller.installPlugins[12] | string | `"dark-theme"` | | | jenkins.controller.installPlugins[12] | string | `"dark-theme"` | |
| jenkins.controller.installPlugins[13] | string | `"matrix-auth"` | | | jenkins.controller.installPlugins[13] | string | `"matrix-auth"` | |
| jenkins.controller.installPlugins[14] | string | `"reverse-proxy-auth-plugin"` | | | jenkins.controller.installPlugins[14] | string | `"reverse-proxy-auth-plugin"` | |
| jenkins.controller.installPlugins[15] | string | `"opentelemetry"` | |
| jenkins.controller.installPlugins[1] | string | `"kubernetes-credentials-provider"` | | | jenkins.controller.installPlugins[1] | string | `"kubernetes-credentials-provider"` | |
| jenkins.controller.installPlugins[2] | string | `"workflow-aggregator"` | | | jenkins.controller.installPlugins[2] | string | `"workflow-aggregator"` | |
| jenkins.controller.installPlugins[3] | string | `"git"` | | | jenkins.controller.installPlugins[3] | string | `"git"` | |
@ -154,7 +159,7 @@ Kubernetes: `>= 1.25.0`
| renovate.env.LOG_FORMAT | string | `"json"` | | | renovate.env.LOG_FORMAT | string | `"json"` | |
| renovate.securityContext.fsGroup | int | `1000` | | | renovate.securityContext.fsGroup | int | `1000` | |
| trivy.enabled | bool | `false` | | | trivy.enabled | bool | `false` | |
| trivy.image.tag | string | `"0.49.1"` | | | trivy.image.tag | string | `"0.50.1"` | |
| trivy.persistence.enabled | bool | `true` | | | trivy.persistence.enabled | bool | `true` | |
| trivy.persistence.size | string | `"1Gi"` | | | trivy.persistence.size | string | `"1Gi"` | |
| trivy.rbac.create | bool | `false` | | | trivy.rbac.create | bool | `false` | |

24
charts/kubezero-ci/values.yaml
View File

@ -2,7 +2,7 @@ gitea:
enabled: false enabled: false
image: image:
tag: 1.21.9 tag: 1.21.11
rootless: true rootless: true
repliaCount: 1 repliaCount: 1
@ -103,6 +103,13 @@ jenkins:
javaOpts: "-XX:+UseContainerSupport -XX:+UseStringDeduplication -Dhudson.model.DirectoryBrowserSupport.CSP=\"sandbox allow-popups; default-src 'none'; img-src 'self' cdn.zero-downtime.net; style-src 'unsafe-inline';\"" javaOpts: "-XX:+UseContainerSupport -XX:+UseStringDeduplication -Dhudson.model.DirectoryBrowserSupport.CSP=\"sandbox allow-popups; default-src 'none'; img-src 'self' cdn.zero-downtime.net; style-src 'unsafe-inline';\""
jenkinsOpts: "--sessionTimeout=300 --sessionEviction=10800" jenkinsOpts: "--sessionTimeout=300 --sessionEviction=10800"
# Until we setup the logging and metrics pipelines in OTEL
containerEnv:
- name: OTEL_LOGS_EXPORTER
value: "none"
- name: OTEL_METRICS_EXPORTER
value: "none"
resources: resources:
requests: requests:
cpu: "250m" cpu: "250m"
@ -130,6 +137,18 @@ jenkins:
disableUserThemes: true disableUserThemes: true
theme: "dark" theme: "dark"
unclassified: unclassified:
openTelemetry:
configurationProperties: |-
otel.exporter.otlp.protocol=grpc
otel.instrumentation.jenkins.web.enabled=false
ignoredSteps: "dir,echo,isUnix,pwd,properties"
#endpoint: "telemetry-jaeger-collector.telemetry:4317"
exportOtelConfigurationAsEnvironmentVariables: false
#observabilityBackends:
# - jaeger:
# jaegerBaseUrl: "https://jaeger.example.com"
# name: "KubeZero Jaeger"
serviceName: "Jenkins"
buildDiscarders: buildDiscarders:
configuredBuildDiscarders: configuredBuildDiscarders:
- "jobBuildDiscarder" - "jobBuildDiscarder"
@ -157,6 +176,7 @@ jenkins:
- dark-theme - dark-theme
- matrix-auth - matrix-auth
- reverse-proxy-auth-plugin - reverse-proxy-auth-plugin
- opentelemetry
serviceAccountAgent: serviceAccountAgent:
create: true create: true
@ -255,7 +275,7 @@ jenkins:
trivy: trivy:
enabled: false enabled: false
image: image:
tag: 0.49.1 tag: 0.50.1
persistence: persistence:
enabled: true enabled: true
size: 1Gi size: 1Gi

5
charts/kubezero-telemetry/templates/opensearch/cluster.yaml
View File

@ -55,6 +55,10 @@ spec:
roles: roles:
- "cluster_manager" - "cluster_manager"
- "data" - "data"
{{- if gt (int .replicas) 1 }}
pdb:
enable: true
maxUnavailable: 1
topologySpreadConstraints: topologySpreadConstraints:
- maxSkew: 1 - maxSkew: 1
topologyKey: kubernetes.io/hostname topologyKey: kubernetes.io/hostname
@ -62,6 +66,7 @@ spec:
labelSelector: labelSelector:
matchLabels: matchLabels:
opster.io/opensearch-cluster: {{ template "kubezero-lib.fullname" $ }} opster.io/opensearch-cluster: {{ template "kubezero-lib.fullname" $ }}
{{- end }}
additionalConfig: additionalConfig:
index.codec: zstd_no_dict index.codec: zstd_no_dict
indices.time_series_index.default_index_merge_policy: log_byte_size indices.time_series_index.default_index_merge_policy: log_byte_size

3
charts/kubezero-telemetry/values.yaml
View File

@ -18,6 +18,9 @@ jaeger:
http: http:
name: otlp-http name: otlp-http
port: 4318 port: 4318
extraEnv:
- name: ES_TAGS_AS_FIELDS_ALL
value: "true"
serviceMonitor: serviceMonitor:
enabled: false enabled: false

3
charts/kubezero/templates/network.yaml
View File

@ -23,6 +23,9 @@ cilium:
enabled: {{ .Values.metrics.enabled }} enabled: {{ .Values.metrics.enabled }}
operator: operator:
{{- if .Values.global.highAvailable }}
replicas: 2
{{- end }}
prometheus: prometheus:
enabled: {{ .Values.metrics.enabled }} enabled: {{ .Values.metrics.enabled }}
serviceMonitor: serviceMonitor:

1
docs/v1.28.md
View File

@ -16,5 +16,6 @@
### FeatureGates ### FeatureGates
- CustomCPUCFSQuotaPeriod - CustomCPUCFSQuotaPeriod
- SidecarContainers - SidecarContainers
- KubeProxyDrainingTerminatingNodes
## Known issues ## Known issues