Make kubezero work on baremetal

This commit is contained in:
Stefan Reimer 2020-07-23 14:52:11 +00:00
parent 16cb90730e
commit 40164dd02b
3 changed files with 21 additions and 11 deletions

View File

@ -36,8 +36,10 @@ spec:
value: '"1"' value: '"1"'
- name: ISTIO_META_ROUTER_MODE - name: ISTIO_META_ROUTER_MODE
value: standard value: standard
{{- if eq .Values.ingress.type "NodePort" }}
nodeSelector: nodeSelector:
node.kubernetes.io/ingress.public: "30080_30443" node.kubernetes.io/ingress.public: "30080_30443"
{{- end }}
resources: resources:
limits: limits:
cpu: 2000m cpu: 2000m
@ -91,14 +93,18 @@ spec:
operator: In operator: In
topologyKey: kubernetes.io/hostname topologyKey: kubernetes.io/hostname
values: istio-ingressgateway values: istio-ingressgateway
type: {{ default "NodePort" .Values.ingress.type }}
ports: ports:
- name: http2 - name: http2
nodePort: 30080
port: 80 port: 80
targetPort: 80 {{- if eq .Values.ingress.type "NodePort" }}
nodePort: 30080
{{- end }}
- name: https - name: https
nodePort: 30443
port: 443 port: 443
{{- if eq .Values.ingress.type "NodePort" }}
nodePort: 30443
{{- end }}
sds: sds:
enabled: true enabled: true
image: node-agent-k8s image: node-agent-k8s
@ -116,7 +122,6 @@ spec:
- mountPath: /etc/istio/ingressgateway-ca-certs - mountPath: /etc/istio/ingressgateway-ca-certs
name: ingressgateway-ca-certs name: ingressgateway-ca-certs
secretName: istio-ingressgateway-ca-certs secretName: istio-ingressgateway-ca-certs
type: NodePort
meshConfig: meshConfig:
accessLogFile: /dev/stdout accessLogFile: /dev/stdout
disablePolicyChecks: false disablePolicyChecks: false

View File

@ -5,6 +5,7 @@ istiod:
ingress: ingress:
autoscaleEnabled: false autoscaleEnabled: false
replicaCount: 2 replicaCount: 2
type: NodePort
#dnsNames: #dnsNames:
#- "*.example.com" #- "*.example.com"

View File

@ -10,14 +10,13 @@ kubezero:
migration: {{ default false .Values.calico.migration }} migration: {{ default false .Values.calico.migration }}
prometheus: false prometheus: false
# prometheus: {{ .Values.prometheus.enabled }} # prometheus: {{ .Values.prometheus.enabled }}
{{- if .Values.calico.network }} network: {{ default "vxlan" .Values.calico.network }}
network: {{ .Values.calico.network }} mtu: {{ default "8941" .Values.calico.mtu }}
{{- end }}
cert-manager: cert-manager:
enabled: {{ index .Values "cert-manager" "enabled" }} enabled: {{ index .Values "cert-manager" "enabled" }}
values:
{{- if not .Values.bootstrap }} {{- if not .Values.bootstrap }}
{{- if .Values.aws }} values:
{{- if eq .Values.platform "aws" }}
cert-manager: cert-manager:
podAnnotations: podAnnotations:
iam.amazonaws.com/role: "{{ index .Values "cert-manager" "IamArn" }}" iam.amazonaws.com/role: "{{ index .Values "cert-manager" "IamArn" }}"
@ -33,13 +32,17 @@ kubezero:
{{- . | toYaml | nindent 14 }} {{- . | toYaml | nindent 14 }}
{{- end }} {{- end }}
dns01: dns01:
{{- if .Values.aws }} {{- if eq .Values.platform "aws" }}
route53: route53:
region: {{ .Values.region }} region: {{ .Values.region }}
{{- else }}
{{- with index .Values "cert-manager" "solvers" }}
{{- . | toYaml | nindent 14 }}
{{- end }}
{{- end }} {{- end }}
# AWS only components # AWS only components
{{- if .Values.aws }} {{- if eq .Values.platform "aws" }}
aws-ebs-csi-driver: aws-ebs-csi-driver:
enabled: {{ index .Values "aws-ebs-csi-driver" "enabled" }} enabled: {{ index .Values "aws-ebs-csi-driver" "enabled" }}
values: values:
@ -68,6 +71,7 @@ kubezero:
istiod: istiod:
replicaCount: {{ ternary 2 1 .Values.HighAvailableControlplane }} replicaCount: {{ ternary 2 1 .Values.HighAvailableControlplane }}
ingress: ingress:
type: {{ default "NodePort" .Values.istio.ingress.type }}
dnsNames: dnsNames:
{{- with .Values.istio.ingress.dnsNames }} {{- with .Values.istio.ingress.dnsNames }}
{{- . | toYaml | nindent 8 }} {{- . | toYaml | nindent 8 }}