Bugfixes for control plane, proper calico cpu requests
This commit is contained in:
parent
de2602c3d5
commit
3f204b5e04
@ -12,7 +12,7 @@ etcd:
|
|||||||
extraArgs:
|
extraArgs:
|
||||||
listen-metrics-urls: "http://{{ .Values.listenAddress }}:2381"
|
listen-metrics-urls: "http://{{ .Values.listenAddress }}:2381"
|
||||||
logger: "zap"
|
logger: "zap"
|
||||||
log-level: "warn"
|
# log-level: "warn"
|
||||||
{{- with .Values.etcdExtraArgs }}
|
{{- with .Values.etcdExtraArgs }}
|
||||||
{{- toYaml . | nindent 6 }}
|
{{- toYaml . | nindent 6 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
@ -50,7 +50,7 @@ apiServer:
|
|||||||
{{- end }}
|
{{- end }}
|
||||||
enable-admission-plugins: NodeRestriction,EventRateLimit
|
enable-admission-plugins: NodeRestriction,EventRateLimit
|
||||||
{{- if .Values.clusterHighAvailable }}
|
{{- if .Values.clusterHighAvailable }}
|
||||||
goaway-chance: ".001"
|
# goaway-chance: ".001"
|
||||||
{{- end }}
|
{{- end }}
|
||||||
logging-format: json
|
logging-format: json
|
||||||
{{- with .Values.apiExtraArgs }}
|
{{- with .Values.apiExtraArgs }}
|
||||||
|
@ -3,25 +3,15 @@
|
|||||||
apiVersion: iamauthenticator.k8s.aws/v1alpha1
|
apiVersion: iamauthenticator.k8s.aws/v1alpha1
|
||||||
kind: IAMIdentityMapping
|
kind: IAMIdentityMapping
|
||||||
metadata:
|
metadata:
|
||||||
name: kubezero-controllers
|
name: kubezero-worker-nodes
|
||||||
spec:
|
spec:
|
||||||
arn: {{ .Values.ControllerIamRole }}
|
arn: {{ .Values.WorkerNodeRole }}
|
||||||
username: kubezero-controller
|
username: system:node:{{ "{{" }}EC2PrivateDNSName{{ "}}" }}
|
||||||
groups:
|
groups:
|
||||||
|
# For now use masters, define properly with 1.20
|
||||||
- system:masters
|
- system:masters
|
||||||
|
- system:nodes
|
||||||
---
|
- system:bootstrappers
|
||||||
# Worker role to eg. delete during terminate
|
|
||||||
apiVersion: iamauthenticator.k8s.aws/v1alpha1
|
|
||||||
kind: IAMIdentityMapping
|
|
||||||
metadata:
|
|
||||||
name: kubezero-workers
|
|
||||||
spec:
|
|
||||||
arn: {{ .Values.WorkerIamRole }}
|
|
||||||
username: kubezero-worker
|
|
||||||
groups:
|
|
||||||
- system:masters
|
|
||||||
|
|
||||||
---
|
---
|
||||||
# Admin Role for remote access
|
# Admin Role for remote access
|
||||||
apiVersion: iamauthenticator.k8s.aws/v1alpha1
|
apiVersion: iamauthenticator.k8s.aws/v1alpha1
|
||||||
|
@ -11,3 +11,7 @@ platform: "aws"
|
|||||||
# Set to false for openrc, eg. on Gentoo or Alpine
|
# Set to false for openrc, eg. on Gentoo or Alpine
|
||||||
systemd: true
|
systemd: true
|
||||||
protectKernelDefaults: true
|
protectKernelDefaults: true
|
||||||
|
|
||||||
|
WorkerNodeRole: "arn:aws:iam::000000000000:role/KubernetesNode"
|
||||||
|
WorkerIamRole: "arn:aws:iam::000000000000:role/KubernetesNode"
|
||||||
|
KubeAdminRole: "arn:aws:iam::000000000000:role/KubernetesNode"
|
||||||
|
@ -2,7 +2,7 @@ apiVersion: v2
|
|||||||
name: kubezero-aws-node-termination-handler
|
name: kubezero-aws-node-termination-handler
|
||||||
description: Umbrella chart for all KubeZero AWS addons
|
description: Umbrella chart for all KubeZero AWS addons
|
||||||
type: application
|
type: application
|
||||||
version: 0.1.0
|
version: 0.1.1
|
||||||
home: https://kubezero.com
|
home: https://kubezero.com
|
||||||
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
||||||
keywords:
|
keywords:
|
||||||
@ -18,6 +18,6 @@ dependencies:
|
|||||||
version: ">= 0.1.3"
|
version: ">= 0.1.3"
|
||||||
repository: https://zero-down-time.github.io/kubezero/
|
repository: https://zero-down-time.github.io/kubezero/
|
||||||
- name: aws-node-termination-handler
|
- name: aws-node-termination-handler
|
||||||
version: ">= 0.13.3"
|
version: ">= 0.14.1"
|
||||||
repository: https://aws.github.io/eks-charts
|
repository: https://aws.github.io/eks-charts
|
||||||
kubeVersion: ">= 1.18.0"
|
kubeVersion: ">= 1.18.0"
|
||||||
|
@ -2,7 +2,7 @@ apiVersion: v2
|
|||||||
name: kubezero-calico
|
name: kubezero-calico
|
||||||
description: KubeZero Umbrella Chart for Calico
|
description: KubeZero Umbrella Chart for Calico
|
||||||
type: application
|
type: application
|
||||||
version: 0.2.1
|
version: 0.2.2
|
||||||
appVersion: v3.16.5
|
appVersion: v3.16.5
|
||||||
home: https://kubezero.com
|
home: https://kubezero.com
|
||||||
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
||||||
|
@ -482,7 +482,7 @@ spec:
|
|||||||
privileged: true
|
privileged: true
|
||||||
resources:
|
resources:
|
||||||
requests:
|
requests:
|
||||||
cpu: 250m
|
cpu: 50m
|
||||||
livenessProbe:
|
livenessProbe:
|
||||||
exec:
|
exec:
|
||||||
command:
|
command:
|
||||||
@ -619,6 +619,9 @@ spec:
|
|||||||
command:
|
command:
|
||||||
- /usr/bin/check-status
|
- /usr/bin/check-status
|
||||||
- -r
|
- -r
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
cpu: 50m
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
|
@ -15,6 +15,7 @@ helm_version=$(helm version --short)
|
|||||||
echo $helm_version | grep -qe "^v3.[3-9]" || { echo "Helm version >= 3.3 required!"; exit 1; }
|
echo $helm_version | grep -qe "^v3.[3-9]" || { echo "Helm version >= 3.3 required!"; exit 1; }
|
||||||
|
|
||||||
TMPDIR=$(mktemp -d kubezero.XXX)
|
TMPDIR=$(mktemp -d kubezero.XXX)
|
||||||
|
[ -z "$DEBUG" ] && trap 'rm -rf $TMPDIR' ERR EXIT
|
||||||
|
|
||||||
# First lets generate kubezero.yaml
|
# First lets generate kubezero.yaml
|
||||||
# Add all yaml files in $CLUSTER
|
# Add all yaml files in $CLUSTER
|
||||||
@ -226,5 +227,3 @@ elif [ $1 == "delete" ]; then
|
|||||||
is_enabled ${ARTIFACTS[idx]} && _helm delete ${ARTIFACTS[idx]}
|
is_enabled ${ARTIFACTS[idx]} && _helm delete ${ARTIFACTS[idx]}
|
||||||
done
|
done
|
||||||
fi
|
fi
|
||||||
|
|
||||||
[ "$DEBUG" == "" ] && rm -rf $TMPDIR
|
|
||||||
|
12
scripts/setClusterVersion.sh
Executable file
12
scripts/setClusterVersion.sh
Executable file
@ -0,0 +1,12 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
# Meant for testing only !!!
|
||||||
|
|
||||||
|
# This sets the Kubernetes Version in SSM
|
||||||
|
# Make sure your AWS Profile and Region points to the right direction ...
|
||||||
|
|
||||||
|
CONGLOMERATE=$1
|
||||||
|
VERSION=$2
|
||||||
|
|
||||||
|
aws ssm put-parameter --name /cloudbender/${CONGLOMERATE}/kubecontrol/meta/clusterversion --type SecureString --value "$(echo "$VERSION" | base64 -w0)" --overwrite
|
||||||
|
|
26
scripts/updateWorkerIamRole.sh
Executable file
26
scripts/updateWorkerIamRole.sh
Executable file
@ -0,0 +1,26 @@
|
|||||||
|
#!/bin/bash -ex
|
||||||
|
|
||||||
|
# Meant for testing only !!!
|
||||||
|
|
||||||
|
# This updates the proxy IAM role with the actual worker ASGs IAM roles
|
||||||
|
# Make sure your AWS Profile points to right account
|
||||||
|
|
||||||
|
REGION="$1"
|
||||||
|
CLUSTER="$2"
|
||||||
|
|
||||||
|
TMPDIR=$(mktemp -p /tmp -d kubezero.XXX)
|
||||||
|
trap 'rm -rf $TMPDIR' ERR EXIT
|
||||||
|
|
||||||
|
# Get orig policy
|
||||||
|
aws iam get-role --output json --role-name $REGION-$CLUSTER-kube-workers | jq -c .Role.AssumeRolePolicyDocument > $TMPDIR/orig
|
||||||
|
|
||||||
|
# Add current and new list of entities to include
|
||||||
|
cat $TMPDIR/orig | jq -c .Statement[].Principal.AWS[] | sort | uniq > $TMPDIR/current-roles
|
||||||
|
aws iam list-roles --output json --path-prefix /$REGION/$CLUSTER/nodes/ | jq -c .Roles[].Arn | sort | uniq > $TMPDIR/new-roles
|
||||||
|
|
||||||
|
# If no diff exit
|
||||||
|
diff -tub $TMPDIR/current-roles $TMPDIR/new-roles && exit 0
|
||||||
|
|
||||||
|
# Create new policy
|
||||||
|
jq -c '.Statement[].Principal.AWS = $roles' $TMPDIR/orig --slurpfile roles $TMPDIR/new-roles > $TMPDIR/new
|
||||||
|
aws iam update-assume-role-policy --role-name $REGION-$CLUSTER-kube-workers --policy-document "$(cat $TMPDIR/new)"
|
Loading…
Reference in New Issue
Block a user