diff --git a/charts/kubeadm/templates/k8s-ecr-login-renew/README.md b/charts/kubeadm/templates/k8s-ecr-login-renew/README.md deleted file mode 100644 index 41b8bfc4..00000000 --- a/charts/kubeadm/templates/k8s-ecr-login-renew/README.md +++ /dev/null @@ -1,8 +0,0 @@ -# Create IAM role for ECR read-only access -- Attach managed policy: `AmazonEC2ContainerRegistryReadOnly` - -# Create secret for IAM user for ecr-renew -`kubectl create secret -n kube-system generic ecr-renew-cred --from-literal=AWS_REGION= --from-literal=AWS_ACCESS_KEY_ID= --from-literal=AWS_SECRET_ACCESS_KEY= - -# Resources -- https://github.com/nabsul/k8s-ecr-login-renew diff --git a/charts/kubezero-addons/Chart.yaml b/charts/kubezero-addons/Chart.yaml index a7c7a5f9..6c40a7bd 100644 --- a/charts/kubezero-addons/Chart.yaml +++ b/charts/kubezero-addons/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: kubezero-addons description: KubeZero umbrella chart for various optional cluster addons type: application -version: 0.0.1 +version: 0.1.0 home: https://kubezero.com icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png keywords: diff --git a/charts/kubezero-addons/README.md b/charts/kubezero-addons/README.md index 5086165d..d35dda1c 100644 --- a/charts/kubezero-addons/README.md +++ b/charts/kubezero-addons/README.md @@ -1,6 +1,6 @@ # kubezero-addons -![Version: 0.0.1](https://img.shields.io/badge/Version-0.0.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) +![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) KubeZero umbrella chart for various optional cluster addons @@ -20,16 +20,32 @@ Kubernetes: `>= 1.18.0` |------------|------|---------| | https://metallb.github.io/metallb | metallb | 0.10.2 | +# MetalLB + +# device-plugins + +# k8s-ecr-login-renew + +## IAM setup + - Create IAM user for ECR read-only access and attach the following managed policy: `AmazonEC2ContainerRegistryReadOnly` + - create AWS credentials for the IAM users + +## Kubernetes secret +Create secret with the IAM user credential for ecr-renew to use, using the credentials from the previous step: +`kubectl create secret -n kube-system generic ecr-renew-cred --from-literal=AWS_REGION= --from-literal=AWS_ACCESS_KEY_ID= --from-literal=AWS_SECRET_ACCESS_KEY=` + +## Resources +- https://github.com/nabsul/k8s-ecr-login-renew + ## Values | Key | Type | Default | Description | |-----|------|---------|-------------| +| fuseDevicePlugin.enabled | bool | `false` | | +| k8sEcrLoginRenew.enabled | bool | `false` | | | metallb.configInline | object | `{}` | | | metallb.controller.nodeSelector."node-role.kubernetes.io/master" | string | `""` | | | metallb.controller.tolerations[0].effect | string | `"NoSchedule"` | | | metallb.controller.tolerations[0].key | string | `"node-role.kubernetes.io/master"` | | -| metallb.enabled | bool | `true` | | +| metallb.enabled | bool | `false` | | | metallb.psp.create | bool | `false` | | - ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) diff --git a/charts/kubezero-addons/README.md.gotmpl b/charts/kubezero-addons/README.md.gotmpl new file mode 100644 index 00000000..fae2e774 --- /dev/null +++ b/charts/kubezero-addons/README.md.gotmpl @@ -0,0 +1,33 @@ +{{ template "chart.header" . }} +{{ template "chart.deprecationWarning" . }} + +{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }} + +{{ template "chart.description" . }} + +{{ template "chart.homepageLine" . }} + +{{ template "chart.maintainersSection" . }} + +{{ template "chart.sourcesSection" . }} + +{{ template "chart.requirementsSection" . }} + +# MetalLB + +# device-plugins + +# k8s-ecr-login-renew + +## IAM setup + - Create IAM user for ECR read-only access and attach the following managed policy: `AmazonEC2ContainerRegistryReadOnly` + - create AWS credentials for the IAM users + +## Kubernetes secret +Create secret with the IAM user credential for ecr-renew to use, using the credentials from the previous step: +`kubectl create secret -n kube-system generic ecr-renew-cred --from-literal=AWS_REGION= --from-literal=AWS_ACCESS_KEY_ID= --from-literal=AWS_SECRET_ACCESS_KEY=` + +## Resources +- https://github.com/nabsul/k8s-ecr-login-renew + +{{ template "chart.valuesSection" . }} diff --git a/charts/kubeadm/templates/device-plugins/fuse-device-plugin.yaml b/charts/kubezero-addons/templates/device-plugins/fuse-device-plugin.yaml similarity index 93% rename from charts/kubeadm/templates/device-plugins/fuse-device-plugin.yaml rename to charts/kubezero-addons/templates/device-plugins/fuse-device-plugin.yaml index b63e7749..8deebd16 100644 --- a/charts/kubeadm/templates/device-plugins/fuse-device-plugin.yaml +++ b/charts/kubezero-addons/templates/device-plugins/fuse-device-plugin.yaml @@ -1,3 +1,4 @@ +{{- if .Values.fuseDevicePlugin.enabled }} apiVersion: apps/v1 kind: DaemonSet metadata: @@ -28,3 +29,4 @@ spec: - name: device-plugin hostPath: path: /var/lib/kubelet/device-plugins +{{- end }} diff --git a/charts/kubeadm/templates/k8s-ecr-login-renew/cronjob.yaml b/charts/kubezero-addons/templates/k8s-ecr-login-renew/cronjob.yaml similarity index 95% rename from charts/kubeadm/templates/k8s-ecr-login-renew/cronjob.yaml rename to charts/kubezero-addons/templates/k8s-ecr-login-renew/cronjob.yaml index 5d4d041e..ff048281 100644 --- a/charts/kubeadm/templates/k8s-ecr-login-renew/cronjob.yaml +++ b/charts/kubezero-addons/templates/k8s-ecr-login-renew/cronjob.yaml @@ -1,3 +1,4 @@ +{{- if .Values.k8sEcrLoginRenew.enabled }} apiVersion: batch/v1beta1 kind: CronJob metadata: @@ -38,3 +39,4 @@ spec: secretKeyRef: name: ecr-renew-cred key: AWS_SECRET_ACCESS_KEY +{{- end }} diff --git a/charts/kubeadm/templates/k8s-ecr-login-renew/service-account.yml b/charts/kubezero-addons/templates/k8s-ecr-login-renew/service-account.yml similarity index 92% rename from charts/kubeadm/templates/k8s-ecr-login-renew/service-account.yml rename to charts/kubezero-addons/templates/k8s-ecr-login-renew/service-account.yml index 0591ebc0..52804fc9 100644 --- a/charts/kubeadm/templates/k8s-ecr-login-renew/service-account.yml +++ b/charts/kubezero-addons/templates/k8s-ecr-login-renew/service-account.yml @@ -1,9 +1,11 @@ +{{- if .Values.k8sEcrLoginRenew.enabled }} apiVersion: v1 kind: ServiceAccount metadata: namespace: kube-system name: ecr-renew --- + apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -16,6 +18,7 @@ rules: resources: ["namespaces"] verbs: ["get", "list"] --- + apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: @@ -29,3 +32,4 @@ subjects: - kind: ServiceAccount name: ecr-renew namespace: kube-system +{{- end }} diff --git a/charts/kubezero-addons/values.yaml b/charts/kubezero-addons/values.yaml index aaf874e8..3a8756db 100644 --- a/charts/kubezero-addons/values.yaml +++ b/charts/kubezero-addons/values.yaml @@ -1,5 +1,5 @@ metallb: - enabled: true + enabled: false psp: create: false @@ -16,3 +16,9 @@ metallb: # protocol: layer2 # addresses: # - 192.168.42.0/24 + +fuseDevicePlugin: + enabled: false + +k8sEcrLoginRenew: + enabled: false