ZeroDownTime/KubeZero
3
0
Fork 0
Code Issues 1 Pull Requests 26 Packages Projects Releases Wiki Activity

feat: improved ArgoCD bootstrap, tool cleanups

Browse Source
This commit is contained in:
Stefan Reimer 2025-03-17 20:30:34 +00:00
parent 545a7fd8b1
commit 30bc95408a
14 changed files with 117 additions and 156 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
admin/dev_apply.sh
View File

@ -5,7 +5,7 @@ set -x
ARTIFACTS=($(echo $1 | tr "," "\n")) ARTIFACTS=($(echo $1 | tr "," "\n"))
ACTION="${2:-apply}" ACTION="${2:-apply}"
ARGOCD="${3:-False}" ARGOCD="${3:-false}"
LOCAL_DEV=1 LOCAL_DEV=1

2
admin/kubezero.sh
View File

@ -131,7 +131,7 @@ control_plane_upgrade() {
update_kubezero_cm update_kubezero_cm
if [ "$ARGOCD" == "True" ]; then if [ "$ARGOCD" == "true" ]; then
# update argo app # update argo app
export kubezero_chart_version=$(yq .version $CHARTS/kubezero/Chart.yaml) export kubezero_chart_version=$(yq .version $CHARTS/kubezero/Chart.yaml)
kubectl get application kubezero -n argocd -o yaml | \ kubectl get application kubezero -n argocd -o yaml | \

16
admin/libhelm.sh
View File

@ -29,14 +29,14 @@ function chart_location() {
function argo_used() { function argo_used() {
kubectl get application kubezero -n argocd >/dev/null \ kubectl get application kubezero -n argocd >/dev/null \
&& echo "True" || echo "False" && echo "true" || echo "false"
} }
function field_manager() { function field_manager() {
local argo=${1:-"False"} local argo=${1:-"false"}
if [ "$argo" == "True" ]; then if [ "$argo" == "true" ]; then
echo "--field-manager argo-controller" echo "--field-manager argo-controller"
else else
echo "" echo ""
@ -61,9 +61,9 @@ function set_kubezero_secret() {
# get kubezero-values from ArgoCD if available or use in-cluster CM # get kubezero-values from ArgoCD if available or use in-cluster CM
function get_kubezero_values() { function get_kubezero_values() {
local argo=${1:-"False"} local argo=${1:-"false"}
if [ "$argo" == "True" ]; then if [ "$argo" == "true" ]; then
kubectl get application kubezero -n argocd -o yaml | yq .spec.source.helm.valuesObject > ${WORKDIR}/kubezero-values.yaml kubectl get application kubezero -n argocd -o yaml | yq .spec.source.helm.valuesObject > ${WORKDIR}/kubezero-values.yaml
else else
kubectl get configmap kubezero-values -n kubezero -o yaml | yq '.data."values.yaml"' > ${WORKDIR}/kubezero-values.yaml kubectl get configmap kubezero-values -n kubezero -o yaml | yq '.data."values.yaml"' > ${WORKDIR}/kubezero-values.yaml
@ -80,7 +80,7 @@ function update_kubezero_cm() {
# sync kubezero-values CM from ArgoCD app # sync kubezero-values CM from ArgoCD app
function sync_kubezero_cm_from_argo() { function sync_kubezero_cm_from_argo() {
get_kubezero_values True get_kubezero_values true
update_kubezero_cm update_kubezero_cm
} }
@ -216,9 +216,11 @@ function _helm() {
declare -F ${module}-pre && ${module}-pre declare -F ${module}-pre && ${module}-pre
render render
[ $action == "apply" ] && kubectl apply -f $WORKDIR/helm.yaml --server-side --force-conflicts $(field_manager $ARGOCD) && rc=$? || rc=$?
[ $action == "replace" ] && kubectl replace -f $WORKDIR/helm.yaml $(field_manager $ARGOCD) && rc=$? || rc=$? [ $action == "replace" ] && kubectl replace -f $WORKDIR/helm.yaml $(field_manager $ARGOCD) && rc=$? || rc=$?
# If replace failed try apply at least
[ $action == "apply" -o $rc -ne 0 ] && kubectl apply -f $WORKDIR/helm.yaml --server-side --force-conflicts $(field_manager $ARGOCD) && rc=$? || rc=$?
# Optional post hook # Optional post hook
declare -F ${module}-post && ${module}-post declare -F ${module}-post && ${module}-post

6
admin/upgrade_cluster.sh
View File

@ -17,7 +17,7 @@ ARGOCD=$(argo_used)
echo "Checking that all pods in kube-system are running ..." echo "Checking that all pods in kube-system are running ..."
#waitSystemPodsRunning #waitSystemPodsRunning
[ "$ARGOCD" == "True" ] && disable_argo [ "$ARGOCD" == "true" ] && disable_argo
# Check if we already have all controllers on the current version # Check if we already have all controllers on the current version
OLD_CONTROLLERS=$(kubectl get nodes -l "node-role.kubernetes.io/control-plane=" --no-headers=true | grep -cv $KUBE_VERSION || true) OLD_CONTROLLERS=$(kubectl get nodes -l "node-role.kubernetes.io/control-plane=" --no-headers=true | grep -cv $KUBE_VERSION || true)
@ -35,7 +35,7 @@ read -r
#echo "Adjust kubezero values as needed:" #echo "Adjust kubezero values as needed:"
# shellcheck disable=SC2015 # shellcheck disable=SC2015
#[ "$ARGOCD" == "True" ] && kubectl edit app kubezero -n argocd || kubectl edit cm kubezero-values -n kubezero #[ "$ARGOCD" == "true" ] && kubectl edit app kubezero -n argocd || kubectl edit cm kubezero-values -n kubezero
# upgrade modules # upgrade modules
control_plane_upgrade "apply_network, apply_addons, apply_storage, apply_operators" control_plane_upgrade "apply_network, apply_addons, apply_storage, apply_operators"
@ -63,4 +63,4 @@ echo "Then head over to ArgoCD for this cluster and sync all KubeZero modules to
echo "<Return> to continue and re-enable ArgoCD:" echo "<Return> to continue and re-enable ArgoCD:"
read -r read -r
[ "$ARGOCD" == "True" ] && enable_argo [ "$ARGOCD" == "true" ] && enable_argo

8
charts/kubezero-argo/Chart.yaml
View File

@ -1,7 +1,7 @@
apiVersion: v2 apiVersion: v2
description: KubeZero Argo - Events, Workflow, CD description: KubeZero Argo - Events, Workflow, CD
name: kubezero-argo name: kubezero-argo
version: 0.2.9 version: 0.3.0
home: https://kubezero.com home: https://kubezero.com
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
keywords: keywords:
@ -25,12 +25,8 @@ dependencies:
version: 7.8.9 version: 7.8.9
repository: https://argoproj.github.io/argo-helm repository: https://argoproj.github.io/argo-helm
condition: argo-cd.enabled condition: argo-cd.enabled
- name: argocd-apps
version: 2.0.2
repository: https://argoproj.github.io/argo-helm
condition: argo-cd.enabled
- name: argocd-image-updater - name: argocd-image-updater
version: 0.12.0 version: 0.12.0
repository: https://argoproj.github.io/argo-helm repository: https://argoproj.github.io/argo-helm
condition: argocd-image-updater.enabled condition: argocd-image-updater.enabled
kubeVersion: ">= 1.26.0-0" kubeVersion: ">= 1.30.0-0"

37
charts/kubezero-argo/README.md
View File

@ -1,6 +1,6 @@
# kubezero-argo # kubezero-argo
![Version: 0.2.8](https://img.shields.io/badge/Version-0.2.8-informational?style=flat-square) ![Version: 0.3.0](https://img.shields.io/badge/Version-0.3.0-informational?style=flat-square)
KubeZero Argo - Events, Workflow, CD KubeZero Argo - Events, Workflow, CD
@ -14,15 +14,14 @@ KubeZero Argo - Events, Workflow, CD
## Requirements ## Requirements
Kubernetes: `>= 1.26.0-0` Kubernetes: `>= 1.30.0-0`
| Repository | Name | Version | | Repository | Name | Version |
|------------|------|---------| |------------|------|---------|
| https://argoproj.github.io/argo-helm | argo-cd | 7.8.2 | | https://argoproj.github.io/argo-helm | argo-cd | 7.8.9 |
| https://argoproj.github.io/argo-helm | argo-events | 2.4.13 | | https://argoproj.github.io/argo-helm | argo-events | 2.4.13 |
| https://argoproj.github.io/argo-helm | argocd-apps | 2.0.2 |
| https://argoproj.github.io/argo-helm | argocd-image-updater | 0.12.0 | | https://argoproj.github.io/argo-helm | argocd-image-updater | 0.12.0 |
| https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.6 | | https://cdn.zero-downtime.net/charts/ | kubezero-lib | 0.2.1 |
## Values ## Values
@ -30,7 +29,7 @@ Kubernetes: `>= 1.26.0-0`
|-----|------|---------|-------------| |-----|------|---------|-------------|
| argo-cd.configs.cm."application.instanceLabelKey" | string | `nil` | | | argo-cd.configs.cm."application.instanceLabelKey" | string | `nil` | |
| argo-cd.configs.cm."application.resourceTrackingMethod" | string | `"annotation"` | | | argo-cd.configs.cm."application.resourceTrackingMethod" | string | `"annotation"` | |
| argo-cd.configs.cm."resource.customizations" | string | `"cert-manager.io/Certificate:\n # Lua script for customizing the health status assessment\n health.lua: |\n hs = {}\n if obj.status ~= nil then\n if obj.status.conditions ~= nil then\n for i, condition in ipairs(obj.status.conditions) do\n if condition.type == \"Ready\" and condition.status == \"False\" then\n hs.status = \"Degraded\"\n hs.message = condition.message\n return hs\n end\n if condition.type == \"Ready\" and condition.status == \"True\" then\n hs.status = \"Healthy\"\n hs.message = condition.message\n return hs\n end\n end\n end\n end\n hs.status = \"Progressing\"\n hs.message = \"Waiting for certificate\"\n return hs\n"` | | | argo-cd.configs.cm."resource.customizations" | string | `"argoproj.io/Application:\n health.lua: |\n hs = {}\n hs.status = \"Progressing\"\n hs.message = \"\"\n if obj.status ~= nil then\n if obj.status.health ~= nil then\n hs.status = obj.status.health.status\n if obj.status.health.message ~= nil then\n hs.message = obj.status.health.message\n end\n end\n end\n return hs\n"` | |
| argo-cd.configs.cm."timeout.reconciliation" | string | `"300s"` | | | argo-cd.configs.cm."timeout.reconciliation" | string | `"300s"` | |
| argo-cd.configs.cm."ui.bannercontent" | string | `"KubeZero v1.31 - Release notes"` | | | argo-cd.configs.cm."ui.bannercontent" | string | `"KubeZero v1.31 - Release notes"` | |
| argo-cd.configs.cm."ui.bannerpermanent" | string | `"true"` | | | argo-cd.configs.cm."ui.bannerpermanent" | string | `"true"` | |
@ -39,8 +38,8 @@ Kubernetes: `>= 1.26.0-0`
| argo-cd.configs.cm.installationID | string | `"KubeZero-ArgoCD"` | | | argo-cd.configs.cm.installationID | string | `"KubeZero-ArgoCD"` | |
| argo-cd.configs.cm.url | string | `"https://argocd.example.com"` | | | argo-cd.configs.cm.url | string | `"https://argocd.example.com"` | |
| argo-cd.configs.params."controller.diff.server.side" | string | `"true"` | | | argo-cd.configs.params."controller.diff.server.side" | string | `"true"` | |
| argo-cd.configs.params."controller.operation.processors" | string | `"5"` | | | argo-cd.configs.params."controller.resource.health.persist" | string | `"false"` | |
| argo-cd.configs.params."controller.status.processors" | string | `"10"` | | | argo-cd.configs.params."controller.sync.timeout.seconds" | int | `1800` | |
| argo-cd.configs.params."server.enable.gzip" | bool | `true` | | | argo-cd.configs.params."server.enable.gzip" | bool | `true` | |
| argo-cd.configs.params."server.insecure" | bool | `true` | | | argo-cd.configs.params."server.insecure" | bool | `true` | |
| argo-cd.configs.secret.createSecret | bool | `false` | | | argo-cd.configs.secret.createSecret | bool | `false` | |
@ -54,31 +53,24 @@ Kubernetes: `>= 1.26.0-0`
| argo-cd.dex.enabled | bool | `false` | | | argo-cd.dex.enabled | bool | `false` | |
| argo-cd.enabled | bool | `false` | | | argo-cd.enabled | bool | `false` | |
| argo-cd.global.image.repository | string | `"public.ecr.aws/zero-downtime/zdt-argocd"` | | | argo-cd.global.image.repository | string | `"public.ecr.aws/zero-downtime/zdt-argocd"` | |
| argo-cd.global.image.tag | string | `"v2.13.1"` | | | argo-cd.global.image.tag | string | `"v2.14.5"` | |
| argo-cd.global.logging.format | string | `"json"` | | | argo-cd.global.logging.format | string | `"json"` | |
| argo-cd.global.networkPolicy.create | bool | `true` | | | argo-cd.global.networkPolicy.create | bool | `true` | |
| argo-cd.istio.enabled | bool | `false` | | | argo-cd.istio.enabled | bool | `false` | |
| argo-cd.istio.gateway | string | `"istio-ingress/ingressgateway"` | | | argo-cd.istio.gateway | string | `"istio-ingress/ingressgateway"` | |
| argo-cd.istio.ipBlocks | list | `[]` | | | argo-cd.istio.ipBlocks | list | `[]` | |
| argo-cd.kubezero.bootstrap | bool | `false` | |
| argo-cd.kubezero.path | string | `"/"` | |
| argo-cd.kubezero.repoUrl | string | `"https://git.my.org/thiscluster"` | |
| argo-cd.kubezero.targetRevision | string | `"HEAD"` | |
| argo-cd.notifications.enabled | bool | `false` | | | argo-cd.notifications.enabled | bool | `false` | |
| argo-cd.redisSecretInit.enabled | bool | `false` | |
| argo-cd.repoServer.clusterRoleRules.enabled | bool | `true` | | | argo-cd.repoServer.clusterRoleRules.enabled | bool | `true` | |
| argo-cd.repoServer.clusterRoleRules.rules[0].apiGroups[0] | string | `""` | | | argo-cd.repoServer.clusterRoleRules.rules[0].apiGroups[0] | string | `""` | |
| argo-cd.repoServer.clusterRoleRules.rules[0].resources[0] | string | `"secrets"` | | | argo-cd.repoServer.clusterRoleRules.rules[0].resources[0] | string | `"secrets"` | |
| argo-cd.repoServer.clusterRoleRules.rules[0].verbs[0] | string | `"get"` | | | argo-cd.repoServer.clusterRoleRules.rules[0].verbs[0] | string | `"get"` | |
| argo-cd.repoServer.clusterRoleRules.rules[0].verbs[1] | string | `"watch"` | | | argo-cd.repoServer.clusterRoleRules.rules[0].verbs[1] | string | `"watch"` | |
| argo-cd.repoServer.clusterRoleRules.rules[0].verbs[2] | string | `"list"` | | | argo-cd.repoServer.clusterRoleRules.rules[0].verbs[2] | string | `"list"` | |
| argo-cd.repoServer.initContainers[0].command[0] | string | `"/usr/local/bin/sa2kubeconfig.sh"` | |
| argo-cd.repoServer.initContainers[0].command[1] | string | `"/home/argocd/.kube/config"` | |
| argo-cd.repoServer.initContainers[0].image | string | `"{{ default .Values.global.image.repository .Values.repoServer.image.repository }}:{{ default (include \"argo-cd.defaultTag\" .) .Values.repoServer.image.tag }}"` | |
| argo-cd.repoServer.initContainers[0].imagePullPolicy | string | `"{{ default .Values.global.image.imagePullPolicy .Values.repoServer.image.imagePullPolicy }}"` | |
| argo-cd.repoServer.initContainers[0].name | string | `"create-kubeconfig"` | |
| argo-cd.repoServer.initContainers[0].securityContext.allowPrivilegeEscalation | bool | `false` | |
| argo-cd.repoServer.initContainers[0].securityContext.capabilities.drop[0] | string | `"ALL"` | |
| argo-cd.repoServer.initContainers[0].securityContext.readOnlyRootFilesystem | bool | `true` | |
| argo-cd.repoServer.initContainers[0].securityContext.runAsNonRoot | bool | `true` | |
| argo-cd.repoServer.initContainers[0].securityContext.seccompProfile.type | string | `"RuntimeDefault"` | |
| argo-cd.repoServer.initContainers[0].volumeMounts[0].mountPath | string | `"/home/argocd/.kube"` | |
| argo-cd.repoServer.initContainers[0].volumeMounts[0].name | string | `"kubeconfigs"` | |
| argo-cd.repoServer.metrics.enabled | bool | `false` | | | argo-cd.repoServer.metrics.enabled | bool | `false` | |
| argo-cd.repoServer.metrics.serviceMonitor.enabled | bool | `true` | | | argo-cd.repoServer.metrics.serviceMonitor.enabled | bool | `true` | |
| argo-cd.repoServer.volumeMounts[0].mountPath | string | `"/home/argocd/.kube"` | | | argo-cd.repoServer.volumeMounts[0].mountPath | string | `"/home/argocd/.kube"` | |
@ -101,9 +93,6 @@ Kubernetes: `>= 1.26.0-0`
| argo-events.configs.jetstream.versions[0].startCommand | string | `"/nats-server"` | | | argo-events.configs.jetstream.versions[0].startCommand | string | `"/nats-server"` | |
| argo-events.configs.jetstream.versions[0].version | string | `"2.10.11"` | | | argo-events.configs.jetstream.versions[0].version | string | `"2.10.11"` | |
| argo-events.enabled | bool | `false` | | | argo-events.enabled | bool | `false` | |
| argocd-apps.applications | object | `{}` | |
| argocd-apps.enabled | bool | `false` | |
| argocd-apps.projects | object | `{}` | |
| argocd-image-updater.authScripts.enabled | bool | `true` | | | argocd-image-updater.authScripts.enabled | bool | `true` | |
| argocd-image-updater.authScripts.scripts."ecr-login.sh" | string | `"#!/bin/sh\naws ecr --region $AWS_REGION get-authorization-token --output text --query 'authorizationData[].authorizationToken' | base64 -d\n"` | | | argocd-image-updater.authScripts.scripts."ecr-login.sh" | string | `"#!/bin/sh\naws ecr --region $AWS_REGION get-authorization-token --output text --query 'authorizationData[].authorizationToken' | base64 -d\n"` | |
| argocd-image-updater.authScripts.scripts."ecr-public-login.sh" | string | `"#!/bin/sh\naws ecr-public --region us-east-1 get-authorization-token --output text --query 'authorizationData.authorizationToken' | base64 -d\n"` | | | argocd-image-updater.authScripts.scripts."ecr-public-login.sh" | string | `"#!/bin/sh\naws ecr-public --region us-east-1 get-authorization-token --output text --query 'authorizationData.authorizationToken' | base64 -d\n"` | |

28
charts/kubezero-argo/templates/argo-cd/kubezero-git-sync-app.yaml Normal file
View File

@ -0,0 +1,28 @@
{{- if index .Values "argo-cd" "kubezero" "bootstrap" }}
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: kubezero-git-sync
namespace: argocd
annotations:
argocd.argoproj.io/sync-wave: "-20"
spec:
destination:
namespace: argocd
server: https://kubernetes.default.svc
project: kubezero
source:
{{- with index .Values "argo-cd" "kubezero" }}
repoURL: {{ .repoUrl }}
targetRevision: {{ .targetRevision }}
path: {{ .path }}
{{- end }}
directory:
recurse: true
syncPolicy:
automated:
prune: true
syncOptions:
- ServerSideApply=true
- ApplyOutOfSyncOnly=true
{{- end }}

18
charts/kubezero-argo/templates/argo-cd/kubezero-project.yaml Normal file
View File

@ -0,0 +1,18 @@
{{- if index .Values "argo-cd" "kubezero" "bootstrap" }}
apiVersion: argoproj.io/v1alpha1
kind: AppProject
metadata:
name: kubezero
namespace: argocd
spec:
clusterResourceWhitelist:
- group: '*'
kind: '*'
description: KubeZero - ZeroDownTime Kubernetes Platform
destinations:
- namespace: '*'
server: https://kubernetes.default.svc
sourceRepos:
- https://cdn.zero-downtime.net/charts
- {{ index .Values "argo-cd" "kubezero" "repoUrl" }}
{{- end }}

60
charts/kubezero-argo/values.yaml
View File

@ -30,13 +30,6 @@ argo-events:
configReloaderImage: natsio/nats-server-config-reloader:0.14.1 configReloaderImage: natsio/nats-server-config-reloader:0.14.1
startCommand: /nats-server startCommand: /nats-server
argocd-apps:
enabled: false
projects: {}
applications: {}
argo-cd: argo-cd:
enabled: false enabled: false
@ -45,7 +38,7 @@ argo-cd:
format: json format: json
image: image:
repository: public.ecr.aws/zero-downtime/zdt-argocd repository: public.ecr.aws/zero-downtime/zdt-argocd
tag: v2.14.2 tag: v2.14.5
networkPolicy: networkPolicy:
create: true create: true
@ -71,28 +64,19 @@ argo-cd:
application.instanceLabelKey: Null application.instanceLabelKey: Null
resource.customizations: | resource.customizations: |
cert-manager.io/Certificate: argoproj.io/Application:
# Lua script for customizing the health status assessment
health.lua: | health.lua: |
hs = {} hs = {}
hs.status = "Progressing"
hs.message = ""
if obj.status ~= nil then if obj.status ~= nil then
if obj.status.conditions ~= nil then if obj.status.health ~= nil then
for i, condition in ipairs(obj.status.conditions) do hs.status = obj.status.health.status
if condition.type == "Ready" and condition.status == "False" then if obj.status.health.message ~= nil then
hs.status = "Degraded" hs.message = obj.status.health.message
hs.message = condition.message
return hs
end
if condition.type == "Ready" and condition.status == "True" then
hs.status = "Healthy"
hs.message = condition.message
return hs
end
end end
end end
end end
hs.status = "Progressing"
hs.message = "Waiting for certificate"
return hs return hs
secret: secret:
@ -148,26 +132,6 @@ argo-cd:
resources: ["secrets"] resources: ["secrets"]
verbs: ["get", "watch", "list"] verbs: ["get", "watch", "list"]
initContainers:
- name: create-kubeconfig
image: '{{ default .Values.global.image.repository .Values.repoServer.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.repoServer.image.tag }}'
imagePullPolicy: '{{ default .Values.global.image.imagePullPolicy .Values.repoServer.image.imagePullPolicy }}'
command:
- /usr/local/bin/sa2kubeconfig.sh
- /home/argocd/.kube/config
volumeMounts:
- mountPath: /home/argocd/.kube
name: kubeconfigs
securityContext:
runAsNonRoot: true
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
seccompProfile:
type: RuntimeDefault
capabilities:
drop:
- ALL
server: server:
# Rename former https port to grpc, works with istio + insecure # Rename former https port to grpc, works with istio + insecure
service: service:
@ -198,6 +162,14 @@ argo-cd:
gateway: istio-ingress/ingressgateway gateway: istio-ingress/ingressgateway
ipBlocks: [] ipBlocks: []
kubezero:
# only set this once initially to prevent the circular dependency
bootstrap: false
repoUrl: "https://git.my.org/thiscluster"
path: "/"
targetRevision: HEAD
argocd-image-updater: argocd-image-updater:
enabled: false enabled: false

2
charts/kubezero-telemetry/values.yaml
View File

@ -274,7 +274,7 @@ fluentd:
#- fluent-plugin-s3 #- fluent-plugin-s3
source: source:
sharedKey: secretref+k8s://v1/Secret/kubezero/kubezero-secrets/telemetry.fluentd.source.sharedKey # "cloudbender" sharedKey: secretref+k8s://v1/Secret/kubezero/kubezero-secrets/telemetry.fluentd.source.sharedKey?inCluster # "cloudbender"
output: output:
# Defaults to OpenSearch in same namespace # Defaults to OpenSearch in same namespace

34
charts/kubezero/README.md
View File

@ -1,6 +1,6 @@
# kubezero # kubezero
![Version: 1.31.3](https://img.shields.io/badge/Version-1.31.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![Version: 1.31.6](https://img.shields.io/badge/Version-1.31.6-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
KubeZero - Root App of Apps chart KubeZero - Root App of Apps chart
@ -14,11 +14,11 @@ KubeZero - Root App of Apps chart
## Requirements ## Requirements
Kubernetes: `>= 1.26.0-0` Kubernetes: `>= 1.31.0-0`
| Repository | Name | Version | | Repository | Name | Version |
|------------|------|---------| |------------|------|---------|
| https://cdn.zero-downtime.net/charts | kubezero-lib | >= 0.2.1 | | https://cdn.zero-downtime.net/charts | kubezero-lib | 0.2.1 |
## Values ## Values
@ -32,16 +32,17 @@ Kubernetes: `>= 1.26.0-0`
| addons.external-dns.enabled | bool | `false` | | | addons.external-dns.enabled | bool | `false` | |
| addons.forseti.enabled | bool | `false` | | | addons.forseti.enabled | bool | `false` | |
| addons.sealed-secrets.enabled | bool | `false` | | | addons.sealed-secrets.enabled | bool | `false` | |
| addons.targetRevision | string | `"0.8.11"` | | | addons.targetRevision | string | `"0.8.13"` | |
| argo.argo-cd.enabled | bool | `false` | | | argo.argo-cd.enabled | bool | `false` | |
| argo.argo-cd.istio.enabled | bool | `false` | | | argo.argo-cd.istio.enabled | bool | `false` | |
| argo.argocd-apps.enabled | bool | `false` | |
| argo.argocd-image-updater.enabled | bool | `false` | | | argo.argocd-image-updater.enabled | bool | `false` | |
| argo.enabled | bool | `false` | | | argo.enabled | bool | `false` | |
| argo.namespace | string | `"argocd"` | | | argo.namespace | string | `"argocd"` | |
| argo.targetRevision | string | `"0.2.6"` | | | argo.targetRevision | string | `"0.2.9"` | |
| cert-manager.enabled | bool | `false` | | | cert-manager.enabled | bool | `false` | |
| cert-manager.namespace | string | `"cert-manager"` | | | cert-manager.namespace | string | `"cert-manager"` | |
| cert-manager.targetRevision | string | `"0.9.10"` | | | cert-manager.targetRevision | string | `"0.9.12"` | |
| falco.enabled | bool | `false` | | | falco.enabled | bool | `false` | |
| falco.k8saudit.enabled | bool | `false` | | | falco.k8saudit.enabled | bool | `false` | |
| falco.targetRevision | string | `"0.1.2"` | | | falco.targetRevision | string | `"0.1.2"` | |
@ -54,35 +55,32 @@ Kubernetes: `>= 1.26.0-0`
| istio-ingress.enabled | bool | `false` | | | istio-ingress.enabled | bool | `false` | |
| istio-ingress.gateway.service | object | `{}` | | | istio-ingress.gateway.service | object | `{}` | |
| istio-ingress.namespace | string | `"istio-ingress"` | | | istio-ingress.namespace | string | `"istio-ingress"` | |
| istio-ingress.targetRevision | string | `"0.23.2"` | | | istio-ingress.targetRevision | string | `"0.24.3"` | |
| istio-private-ingress.chart | string | `"kubezero-istio-gateway"` | | | istio-private-ingress.chart | string | `"kubezero-istio-gateway"` | |
| istio-private-ingress.enabled | bool | `false` | | | istio-private-ingress.enabled | bool | `false` | |
| istio-private-ingress.gateway.service | object | `{}` | | | istio-private-ingress.gateway.service | object | `{}` | |
| istio-private-ingress.namespace | string | `"istio-ingress"` | | | istio-private-ingress.namespace | string | `"istio-ingress"` | |
| istio-private-ingress.targetRevision | string | `"0.23.2"` | | | istio-private-ingress.targetRevision | string | `"0.24.3"` | |
| istio.enabled | bool | `false` | | | istio.enabled | bool | `false` | |
| istio.namespace | string | `"istio-system"` | | | istio.namespace | string | `"istio-system"` | |
| istio.targetRevision | string | `"0.23.2"` | | | istio.targetRevision | string | `"0.24.3"` | |
| kubezero.defaultTargetRevision | string | `"*"` | | | logging.annotations."argocd.argoproj.io/compare-options" | string | `"ServerSideDiff=false"` | |
| kubezero.gitSync | object | `{}` | |
| kubezero.repoURL | string | `"https://cdn.zero-downtime.net/charts"` | |
| kubezero.server | string | `"https://kubernetes.default.svc"` | |
| logging.enabled | bool | `false` | | | logging.enabled | bool | `false` | |
| logging.namespace | string | `"logging"` | | | logging.namespace | string | `"logging"` | |
| logging.targetRevision | string | `"0.8.13"` | | | logging.targetRevision | string | `"0.8.14"` | |
| metrics.enabled | bool | `false` | | | metrics.enabled | bool | `false` | |
| metrics.istio.grafana | object | `{}` | | | metrics.istio.grafana | object | `{}` | |
| metrics.istio.prometheus | object | `{}` | | | metrics.istio.prometheus | object | `{}` | |
| metrics.kubezero.prometheus.prometheusSpec.additionalScrapeConfigs | list | `[]` | | | metrics.kubezero.prometheus.prometheusSpec.additionalScrapeConfigs | list | `[]` | |
| metrics.namespace | string | `"monitoring"` | | | metrics.namespace | string | `"monitoring"` | |
| metrics.targetRevision | string | `"0.10.2"` | | | metrics.targetRevision | string | `"0.11.0"` | |
| network.cilium.cluster | object | `{}` | | | network.cilium.cluster | object | `{}` | |
| network.enabled | bool | `true` | | | network.enabled | bool | `true` | |
| network.retain | bool | `true` | | | network.retain | bool | `true` | |
| network.targetRevision | string | `"0.5.5"` | | | network.targetRevision | string | `"0.5.7"` | |
| operators.enabled | bool | `false` | | | operators.enabled | bool | `false` | |
| operators.namespace | string | `"operators"` | | | operators.namespace | string | `"operators"` | |
| operators.targetRevision | string | `"0.1.6"` | | | operators.targetRevision | string | `"0.2.0"` | |
| storage.aws-ebs-csi-driver.enabled | bool | `false` | | | storage.aws-ebs-csi-driver.enabled | bool | `false` | |
| storage.aws-efs-csi-driver.enabled | bool | `false` | | | storage.aws-efs-csi-driver.enabled | bool | `false` | |
| storage.enabled | bool | `false` | | | storage.enabled | bool | `false` | |
@ -90,7 +88,7 @@ Kubernetes: `>= 1.26.0-0`
| storage.k8up.enabled | bool | `false` | | | storage.k8up.enabled | bool | `false` | |
| storage.lvm-localpv.enabled | bool | `false` | | | storage.lvm-localpv.enabled | bool | `false` | |
| storage.snapshotController.enabled | bool | `false` | | | storage.snapshotController.enabled | bool | `false` | |
| storage.targetRevision | string | `"0.8.9"` | | | storage.targetRevision | string | `"0.8.10"` | |
| telemetry.enabled | bool | `false` | | | telemetry.enabled | bool | `false` | |
| telemetry.namespace | string | `"telemetry"` | | | telemetry.namespace | string | `"telemetry"` | |
| telemetry.targetRevision | string | `"0.4.1"` | | | telemetry.targetRevision | string | `"0.4.1"` | |

12
charts/kubezero/templates/_app.tpl
View File

@ -21,20 +21,16 @@ spec:
project: kubezero project: kubezero
source: source:
{{- if index .Values $name "chart" }} chart: {{ default (print "kubezero-" $name) (index .Values $name "chart") }}
chart: {{ index .Values $name "chart" }} repoURL: {{ default "https://cdn.zero-downtime.net/charts" (index .Values $name "repository") }}
{{- else }} targetRevision: {{ default "HEAD" ( index .Values $name "targetRevision" ) | quote }}
chart: kubezero-{{ $name }}
{{- end }}
repoURL: {{ .Values.kubezero.repoURL }}
targetRevision: {{ default .Values.kubezero.targetRevision ( index .Values $name "targetRevision" ) | quote }}
helm: helm:
skipTests: true skipTests: true
valuesObject: valuesObject:
{{- include (print $name "-values") $ | nindent 8 }} {{- include (print $name "-values") $ | nindent 8 }}
destination: destination:
server: {{ .Values.kubezero.server }} server: "https://kubernetes.default.svc"
namespace: {{ default "kube-system" ( index .Values $name "namespace" ) }} namespace: {{ default "kube-system" ( index .Values $name "namespace" ) }}
revisionHistoryLimit: 2 revisionHistoryLimit: 2

40
charts/kubezero/templates/argo.yaml
View File

@ -39,42 +39,10 @@ argo-cd:
{{- end }} {{- end }}
{{- end }} {{- end }}
argocd-apps: {{- with index .Values "argo" "argo-cd" "kubezero" }}
enabled: {{ default "false" (index .Values "argo" "argo-cd" "enabled") }} kubezero:
projects: {{- toYaml . | nindent 4 }}
kubezero: {{- end }}
namespace: argocd
description: KubeZero - ZeroDownTime Kubernetes Platform
sourceRepos:
- {{ .Values.kubezero.repoURL }}
{{- with .Values.kubezero.gitSync.repoURL }}
- {{ . }}
{{- end }}
destinations:
- namespace: '*'
server: https://kubernetes.default.svc
clusterResourceWhitelist:
- group: '*'
kind: '*'
applications:
kubezero-git-sync:
namespace: argocd
project: kubezero
source:
repoURL: {{ .Values.kubezero.gitSync.repoURL }}
targetRevision: {{ .Values.kubezero.gitSync.targetRevision }}
path: {{ .Values.kubezero.gitSync.path }}
directory:
recurse: true
destination:
server: https://kubernetes.default.svc
namespace: argocd
syncPolicy:
automated:
prune: true
argocd-image-updater: argocd-image-updater:
enabled: {{ default "false" (index .Values "argo" "argocd-image-updater" "enabled") }} enabled: {{ default "false" (index .Values "argo" "argocd-image-updater" "enabled") }}

8
charts/kubezero/values.yaml
View File

@ -1,9 +1,3 @@
kubezero:
server: https://kubernetes.default.svc
repoURL: https://cdn.zero-downtime.net/charts
defaultTargetRevision: '*'
gitSync: {}
global: global:
clusterName: zdt-trial-cluster clusterName: zdt-trial-cluster
@ -121,7 +115,7 @@ logging:
argo: argo:
enabled: false enabled: false
namespace: argocd namespace: argocd
targetRevision: 0.2.8 targetRevision: 0.3.0
argo-cd: argo-cd:
enabled: false enabled: false
istio: istio: