feat: migrate device-plugins and k8s-ecr-login-renew into kubezero-addons

charts/kubeadm/templates/k8s-ecr-login-renew/README.md

@@ -1,8 +0,0 @@
-# Create IAM role for ECR read-only access
-- Attach managed policy: `AmazonEC2ContainerRegistryReadOnly`
-
-# Create secret for IAM user for ecr-renew
-`kubectl create secret -n kube-system generic ecr-renew-cred --from-literal=AWS_REGION=<AWS_REGION> --from-literal=AWS_ACCESS_KEY_ID=<AWS_SECRET_ID> --from-literal=AWS_SECRET_ACCESS_KEY=<AWS_SECRET_KEY>
-
-# Resources
-- https://github.com/nabsul/k8s-ecr-login-renew

charts/kubezero-addons/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 name: kubezero-addons
 description: KubeZero umbrella chart for various optional cluster addons
 type: application
-version: 0.0.1
+version: 0.1.0
 home: https://kubezero.com
 icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
 keywords:

charts/kubezero-addons/README.md

@@ -1,6 +1,6 @@
 # kubezero-addons
 
-![Version: 0.0.1](https://img.shields.io/badge/Version-0.0.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
+![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
 
 KubeZero umbrella chart for various optional cluster addons
 
@@ -20,16 +20,32 @@ Kubernetes: `>= 1.18.0`
 |------------|------|---------|
 | https://metallb.github.io/metallb | metallb | 0.10.2 |
 
+# MetalLB   
+   
+# device-plugins   
+   
+# k8s-ecr-login-renew   
+   
+## IAM setup   
+ - Create IAM user for ECR read-only access and attach the following managed policy: `AmazonEC2ContainerRegistryReadOnly`   
+ - create AWS credentials for the IAM users   
+   
+## Kubernetes secret   
+Create secret with the IAM user credential for ecr-renew to use, using the credentials from the previous step:   
+`kubectl create secret -n kube-system generic ecr-renew-cred --from-literal=AWS_REGION=<AWS_REGION> --from-literal=AWS_ACCESS_KEY_ID=<AWS_SECRET_ID> --from-literal=AWS_SECRET_ACCESS_KEY=<AWS_SECRET_KEY>`   
+   
+## Resources   
+- https://github.com/nabsul/k8s-ecr-login-renew
+
 ## Values
 
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
+| fuseDevicePlugin.enabled | bool | `false` |  |
+| k8sEcrLoginRenew.enabled | bool | `false` |  |
 | metallb.configInline | object | `{}` |  |
 | metallb.controller.nodeSelector."node-role.kubernetes.io/master" | string | `""` |  |
 | metallb.controller.tolerations[0].effect | string | `"NoSchedule"` |  |
 | metallb.controller.tolerations[0].key | string | `"node-role.kubernetes.io/master"` |  |
-| metallb.enabled | bool | `true` |  |
+| metallb.enabled | bool | `false` |  |
 | metallb.psp.create | bool | `false` |  |
-
-----------------------------------------------
-Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0)

charts/kubezero-addons/README.md.gotmpl

@@ -0,0 +1,33 @@
+{{ template "chart.header" . }}
+{{ template "chart.deprecationWarning" . }}
+
+{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }}
+
+{{ template "chart.description" . }}
+
+{{ template "chart.homepageLine" . }}
+
+{{ template "chart.maintainersSection" . }}
+
+{{ template "chart.sourcesSection" . }}
+
+{{ template "chart.requirementsSection" . }}
+
+# MetalLB    
+    
+# device-plugins    
+    
+# k8s-ecr-login-renew    
+    
+## IAM setup    
+ - Create IAM user for ECR read-only access and attach the following managed policy: `AmazonEC2ContainerRegistryReadOnly`    
+ - create AWS credentials for the IAM users    
+    
+## Kubernetes secret    
+Create secret with the IAM user credential for ecr-renew to use, using the credentials from the previous step:    
+`kubectl create secret -n kube-system generic ecr-renew-cred --from-literal=AWS_REGION=<AWS_REGION> --from-literal=AWS_ACCESS_KEY_ID=<AWS_SECRET_ID> --from-literal=AWS_SECRET_ACCESS_KEY=<AWS_SECRET_KEY>`    
+    
+## Resources    
+- https://github.com/nabsul/k8s-ecr-login-renew
+
+{{ template "chart.valuesSection" . }}

charts/kubezero-addons/templates/device-plugins/fuse-device-plugin.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.fuseDevicePlugin.enabled }}
 apiVersion: apps/v1
 kind: DaemonSet
 metadata:
@@ -28,3 +29,4 @@ spec:
         - name: device-plugin
           hostPath:
             path: /var/lib/kubelet/device-plugins
+{{- end }}

charts/kubezero-addons/templates/k8s-ecr-login-renew/cronjob.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.k8sEcrLoginRenew.enabled }}
 apiVersion: batch/v1beta1
 kind: CronJob
 metadata:
@@ -38,3 +39,4 @@ spec:
                     secretKeyRef:
                       name: ecr-renew-cred
                       key: AWS_SECRET_ACCESS_KEY
+{{- end }}

charts/kubezero-addons/templates/k8s-ecr-login-renew/service-account.yml

@@ -1,9 +1,11 @@
+{{- if .Values.k8sEcrLoginRenew.enabled }}
 apiVersion: v1
 kind: ServiceAccount
 metadata:
   namespace: kube-system
   name: ecr-renew
 ---
+
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
@@ -16,6 +18,7 @@ rules:
     resources: ["namespaces"]
     verbs: ["get", "list"]
 ---
+
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
@@ -29,3 +32,4 @@ subjects:
   - kind: ServiceAccount
     name: ecr-renew
     namespace: kube-system
+{{- end }}

charts/kubezero-addons/values.yaml

@@ -1,5 +1,5 @@
 metallb:
-  enabled: true
+  enabled: false
   psp:
     create: false
 
@@ -16,3 +16,9 @@ metallb:
 #     protocol: layer2
 #     addresses:
 #     - 192.168.42.0/24
+
+fuseDevicePlugin:
+  enabled: false
+
+k8sEcrLoginRenew:
+  enabled: false