ZeroDownTime/KubeZero
3
0
Fork 0
Code Issues 1 Pull Requests 25 Packages Projects Releases Wiki Activity

feat: migrate device-plugins and k8s-ecr-login-renew into kubezero-addons

Browse Source
This commit is contained in:
Stefan Reimer 2021-09-02 19:36:11 +02:00
parent fe46c756ae
commit 2da5044e10
8 changed files with 70 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
charts/kubeadm/templates/k8s-ecr-login-renew/README.md
View File

@ -1,8 +0,0 @@
# Create IAM role for ECR read-only access
- Attach managed policy: `AmazonEC2ContainerRegistryReadOnly`
# Create secret for IAM user for ecr-renew
`kubectl create secret -n kube-system generic ecr-renew-cred --from-literal=AWS_REGION=<AWS_REGION> --from-literal=AWS_ACCESS_KEY_ID=<AWS_SECRET_ID> --from-literal=AWS_SECRET_ACCESS_KEY=<AWS_SECRET_KEY>
# Resources
- https://github.com/nabsul/k8s-ecr-login-renew

2
charts/kubezero-addons/Chart.yaml
View File

@ -2,7 +2,7 @@ apiVersion: v2
name: kubezero-addons name: kubezero-addons
description: KubeZero umbrella chart for various optional cluster addons description: KubeZero umbrella chart for various optional cluster addons
type: application type: application
version: 0.0.1 version: 0.1.0
home: https://kubezero.com home: https://kubezero.com
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
keywords: keywords:

26
charts/kubezero-addons/README.md
View File

@ -1,6 +1,6 @@
# kubezero-addons # kubezero-addons
![Version: 0.0.1](https://img.shields.io/badge/Version-0.0.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
KubeZero umbrella chart for various optional cluster addons KubeZero umbrella chart for various optional cluster addons
@ -20,16 +20,32 @@ Kubernetes: `>= 1.18.0`
|------------|------|---------| |------------|------|---------|
| https://metallb.github.io/metallb | metallb | 0.10.2 | | https://metallb.github.io/metallb | metallb | 0.10.2 |
# MetalLB
# device-plugins
# k8s-ecr-login-renew
## IAM setup
- Create IAM user for ECR read-only access and attach the following managed policy: `AmazonEC2ContainerRegistryReadOnly`
- create AWS credentials for the IAM users
## Kubernetes secret
Create secret with the IAM user credential for ecr-renew to use, using the credentials from the previous step:
`kubectl create secret -n kube-system generic ecr-renew-cred --from-literal=AWS_REGION=<AWS_REGION> --from-literal=AWS_ACCESS_KEY_ID=<AWS_SECRET_ID> --from-literal=AWS_SECRET_ACCESS_KEY=<AWS_SECRET_KEY>`
## Resources
- https://github.com/nabsul/k8s-ecr-login-renew
## Values ## Values
| Key | Type | Default | Description | | Key | Type | Default | Description |
|-----|------|---------|-------------| |-----|------|---------|-------------|
| fuseDevicePlugin.enabled | bool | `false` | |
| k8sEcrLoginRenew.enabled | bool | `false` | |
| metallb.configInline | object | `{}` | | | metallb.configInline | object | `{}` | |
| metallb.controller.nodeSelector."node-role.kubernetes.io/master" | string | `""` | | | metallb.controller.nodeSelector."node-role.kubernetes.io/master" | string | `""` | |
| metallb.controller.tolerations[0].effect | string | `"NoSchedule"` | | | metallb.controller.tolerations[0].effect | string | `"NoSchedule"` | |
| metallb.controller.tolerations[0].key | string | `"node-role.kubernetes.io/master"` | | | metallb.controller.tolerations[0].key | string | `"node-role.kubernetes.io/master"` | |
| metallb.enabled | bool | `true` | | | metallb.enabled | bool | `false` | |
| metallb.psp.create | bool | `false` | | | metallb.psp.create | bool | `false` | |
----------------------------------------------
Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0)

33
charts/kubezero-addons/README.md.gotmpl Normal file
View File

@ -0,0 +1,33 @@
{{ template "chart.header" . }}
{{ template "chart.deprecationWarning" . }}
{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }}
{{ template "chart.description" . }}
{{ template "chart.homepageLine" . }}
{{ template "chart.maintainersSection" . }}
{{ template "chart.sourcesSection" . }}
{{ template "chart.requirementsSection" . }}
# MetalLB
# device-plugins
# k8s-ecr-login-renew
## IAM setup
- Create IAM user for ECR read-only access and attach the following managed policy: `AmazonEC2ContainerRegistryReadOnly`
- create AWS credentials for the IAM users
## Kubernetes secret
Create secret with the IAM user credential for ecr-renew to use, using the credentials from the previous step:
`kubectl create secret -n kube-system generic ecr-renew-cred --from-literal=AWS_REGION=<AWS_REGION> --from-literal=AWS_ACCESS_KEY_ID=<AWS_SECRET_ID> --from-literal=AWS_SECRET_ACCESS_KEY=<AWS_SECRET_KEY>`
## Resources
- https://github.com/nabsul/k8s-ecr-login-renew
{{ template "chart.valuesSection" . }}

2
charts/kubeadm/templates/device-plugins/fuse-device-plugin.yaml → charts/kubezero-addons/templates/device-plugins/fuse-device-plugin.yaml
View File

@ -1,3 +1,4 @@
{{- if .Values.fuseDevicePlugin.enabled }}
apiVersion: apps/v1 apiVersion: apps/v1
kind: DaemonSet kind: DaemonSet
metadata: metadata:
@ -28,3 +29,4 @@ spec:
- name: device-plugin - name: device-plugin
hostPath: hostPath:
path: /var/lib/kubelet/device-plugins path: /var/lib/kubelet/device-plugins
{{- end }}

2
charts/kubeadm/templates/k8s-ecr-login-renew/cronjob.yaml → charts/kubezero-addons/templates/k8s-ecr-login-renew/cronjob.yaml
View File

@ -1,3 +1,4 @@
{{- if .Values.k8sEcrLoginRenew.enabled }}
apiVersion: batch/v1beta1 apiVersion: batch/v1beta1
kind: CronJob kind: CronJob
metadata: metadata:
@ -38,3 +39,4 @@ spec:
secretKeyRef: secretKeyRef:
name: ecr-renew-cred name: ecr-renew-cred
key: AWS_SECRET_ACCESS_KEY key: AWS_SECRET_ACCESS_KEY
{{- end }}

4
charts/kubeadm/templates/k8s-ecr-login-renew/service-account.yml → charts/kubezero-addons/templates/k8s-ecr-login-renew/service-account.yml
View File

@ -1,9 +1,11 @@
{{- if .Values.k8sEcrLoginRenew.enabled }}
apiVersion: v1 apiVersion: v1
kind: ServiceAccount kind: ServiceAccount
metadata: metadata:
namespace: kube-system namespace: kube-system
name: ecr-renew name: ecr-renew
--- ---
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole kind: ClusterRole
metadata: metadata:
@ -16,6 +18,7 @@ rules:
resources: ["namespaces"] resources: ["namespaces"]
verbs: ["get", "list"] verbs: ["get", "list"]
--- ---
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding kind: ClusterRoleBinding
metadata: metadata:
@ -29,3 +32,4 @@ subjects:
- kind: ServiceAccount - kind: ServiceAccount
name: ecr-renew name: ecr-renew
namespace: kube-system namespace: kube-system
{{- end }}

8
charts/kubezero-addons/values.yaml
View File

@ -1,5 +1,5 @@
metallb: metallb:
enabled: true enabled: false
psp: psp:
create: false create: false
@ -16,3 +16,9 @@ metallb:
# protocol: layer2 # protocol: layer2
# addresses: # addresses:
# - 192.168.42.0/24 # - 192.168.42.0/24
fuseDevicePlugin:
enabled: false
k8sEcrLoginRenew:
enabled: false