ZeroDownTime/KubeZero
3
0
Fork 0
Code Issues 1 Pull Requests 27 Packages Projects Releases Wiki Activity

feat: first working 1.31.4-alpha control plane

Browse Source
This commit is contained in:
Stefan Reimer 2025-01-13 22:08:24 +00:00
parent 4c4964d1af
commit 4377c89182
15 changed files with 59 additions and 77 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
Dockerfile
View File

@ -1,9 +1,9 @@
ARG ALPINE_VERSION=3.20 ARG ALPINE_VERSION=3.21
FROM docker.io/alpine:${ALPINE_VERSION} FROM docker.io/alpine:${ALPINE_VERSION}
ARG ALPINE_VERSION ARG ALPINE_VERSION
ARG KUBE_VERSION=1.30.6 ARG KUBE_VERSION=1.31.4
ARG SOPS_VERSION="3.9.1" ARG SOPS_VERSION="3.9.1"
ARG VALS_VERSION="0.37.6" ARG VALS_VERSION="0.37.6"
@ -12,7 +12,7 @@ ARG HELM_SECRETS_VERSION="4.6.2"
RUN cd /etc/apk/keys && \ RUN cd /etc/apk/keys && \
wget "https://cdn.zero-downtime.net/alpine/stefan@zero-downtime.net-61bb6bfb.rsa.pub" && \ wget "https://cdn.zero-downtime.net/alpine/stefan@zero-downtime.net-61bb6bfb.rsa.pub" && \
echo "@kubezero https://cdn.zero-downtime.net/alpine/v${ALPINE_VERSION}/kubezero" >> /etc/apk/repositories && \ echo "@kubezero https://cdn.zero-downtime.net/alpine/v${ALPINE_VERSION}/kubezero" >> /etc/apk/repositories && \
echo "@edge-testing http://dl-cdn.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories && \ echo "@testing http://dl-cdn.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories && \
echo "@edge-community http://dl-cdn.alpinelinux.org/alpine/edge/community" >> /etc/apk/repositories && \ echo "@edge-community http://dl-cdn.alpinelinux.org/alpine/edge/community" >> /etc/apk/repositories && \
apk upgrade -U -a --no-cache && \ apk upgrade -U -a --no-cache && \
apk --no-cache add \ apk --no-cache add \
@ -24,6 +24,7 @@ RUN cd /etc/apk/keys && \
py3-yaml \ py3-yaml \
restic \ restic \
helm \ helm \
ytt@testing \
etcd-ctl@edge-community \ etcd-ctl@edge-community \
cri-tools@kubezero \ cri-tools@kubezero \
etcdhelper@kubezero \ etcdhelper@kubezero \

42
admin/kubezero.sh
View File

@ -69,9 +69,9 @@ render_kubeadm() {
fi fi
# "uncloak" the json patches after they got processed by helm # "uncloak" the json patches after they got processed by helm
for s in apiserver controller-manager scheduler; do for s in kube-apiserver kube-controller-manager kube-scheduler corednsdeployment; do
yq eval '.json' ${WORKDIR}/kubeadm/templates/patches/kube-${s}1\+json.yaml > /tmp/_tmp.yaml && \ yq eval '.json' ${WORKDIR}/kubeadm/templates/patches/${s}1\+json.yaml > /tmp/_tmp.yaml && \
mv /tmp/_tmp.yaml ${WORKDIR}/kubeadm/templates/patches/kube-${s}1\+json.yaml mv /tmp/_tmp.yaml ${WORKDIR}/kubeadm/templates/patches/${s}1\+json.yaml
done done
} }
@ -117,40 +117,12 @@ post_kubeadm() {
for f in ${WORKDIR}/kubeadm/templates/resources/*.yaml; do for f in ${WORKDIR}/kubeadm/templates/resources/*.yaml; do
kubectl apply -f $f $LOG kubectl apply -f $f $LOG
done done
# Patch coreDNS addon, ideally we prevent kubeadm to reset coreDNS to its defaults
kubectl patch deployment coredns -n kube-system --patch-file ${WORKDIR}/kubeadm/templates/patches/coredns0.yaml $LOG
} }
kubeadm_upgrade() { kubeadm_upgrade() {
# pre upgrade hook # pre upgrade hook
### Remove with 1.31
# migrate kubezero CM to kubezero NS
# migrate ArgoCD app from values to valuesObject
create_ns kubezero
if [ "$ARGOCD" == "True" ]; then
kubectl get app kubezero -n argocd -o yaml > $WORKDIR/kubezero-argo-app.yaml
if [ "$(yq '(.spec.source.helm | has "values")' $WORKDIR/kubezero-argo-app.yaml)" == "true" ]; then
yq '.spec.source.helm.valuesObject = (.spec.source.helm.values | from_yaml)' \
$WORKDIR/kubezero-argo-app.yaml | kubectl apply --server-side --force-conflicts -f -
kubectl patch app kubezero -n argocd --type json -p='[{"op": "remove", "path": "/spec/source/helm/values"}]'
kubectl delete cm kubezero-values -n kube-system > /dev/null || true
kubectl create configmap -n kubezero kubezero-values || true
fi
else
kubectl get cm kubezero-values -n kubezero > /dev/null || \
{ kubectl get cm kubezero-values -n kube-system -o yaml | \
sed 's/^ namespace: kube-system/ namespace: kubezero/' | \
kubectl create -f - && \
kubectl delete cm kubezero-values -n kube-system ; }
fi
###
# get current values, argo app over cm # get current values, argo app over cm
get_kubezero_values $ARGOCD get_kubezero_values $ARGOCD
@ -191,14 +163,6 @@ kubeadm_upgrade() {
# post upgrade # post upgrade
# Update kubezero-values CM
kubectl get cm -n kube-system kubelet-config -o=yaml | \
yq e '.data.kubelet' | yq e '.containerRuntimeEndpoint = "unix:///run/containerd/containerd.sock"' > $WORKDIR/new-kubelet.cm
kubectl get cm -n kube-system kubelet-config -o=yaml | \
yq e '.data.kubelet |= load_str("/tmp/kubezero/new-kubelet.cm")' | \
kubectl apply --server-side --force-conflicts -f -
# Cleanup after kubeadm on the host # Cleanup after kubeadm on the host
rm -rf ${HOSTFS}/etc/kubernetes/tmp rm -rf ${HOSTFS}/etc/kubernetes/tmp

10
admin/libhelm.sh
View File

@ -46,6 +46,16 @@ function get_kubezero_values() {
} }
# Update kubezero-values CM
function update_kubezero_cm() {
kubectl get application kubezero -n argocd -o yaml | yq .spec.source.helm.valuesObject > ${WORKDIR}/kubezero-values.yaml
kubectl get cm -n kubezero kubezero-values -o=yaml | \
yq e '.data."values.yaml" |= load_str("/tmp/kubezero/kubezero-values.yaml")' | \
kubectl apply --server-side --force-conflicts -f -
}
function disable_argo() { function disable_argo() {
cat > _argoapp_patch.yaml <<EOF cat > _argoapp_patch.yaml <<EOF
spec: spec:

15
admin/upgrade_cluster.sh
View File

@ -2,7 +2,7 @@
set -eE set -eE
set -o pipefail set -o pipefail
KUBE_VERSION=v1.30 KUBE_VERSION=v1.31
ARGO_APP=${1:-/tmp/new-kubezero-argoapp.yaml} ARGO_APP=${1:-/tmp/new-kubezero-argoapp.yaml}
@ -19,11 +19,6 @@ echo "Checking that all pods in kube-system are running ..."
[ "$ARGOCD" == "True" ] && disable_argo [ "$ARGOCD" == "True" ] && disable_argo
# 1.30 fix for the missing kubeadm socket annotations
for c in $(kubectl get nodes -l "node-role.kubernetes.io/control-plane=" | grep v1.29 | awk {'print $1}'); do
kubectl annotate node $c 'kubeadm.alpha.kubernetes.io/cri-socket=unix:///var/run/crio/crio.sock'
done
control_plane_upgrade kubeadm_upgrade control_plane_upgrade kubeadm_upgrade
echo "Control plane upgraded, <Return> to continue" echo "Control plane upgraded, <Return> to continue"
@ -33,8 +28,7 @@ read -r
# shellcheck disable=SC2015 # shellcheck disable=SC2015
#[ "$ARGOCD" == "True" ] && kubectl edit app kubezero -n argocd || kubectl edit cm kubezero-values -n kubezero #[ "$ARGOCD" == "True" ] && kubectl edit app kubezero -n argocd || kubectl edit cm kubezero-values -n kubezero
### v1.30 ### v1.31
kubectl delete runtimeclass crio || true
# upgrade modules # upgrade modules
# #
@ -43,9 +37,8 @@ kubectl delete runtimeclass crio || true
control_plane_upgrade "apply_network, apply_addons, apply_storage, apply_operators" control_plane_upgrade "apply_network, apply_addons, apply_storage, apply_operators"
# Disabled during 1.30 due to nvidia runtime deadlock echo "Checking that all pods in kube-system are running ..."
#echo "Checking that all pods in kube-system are running ..." waitSystemPodsRunning
#waitSystemPodsRunning
echo "Applying remaining KubeZero modules..." echo "Applying remaining KubeZero modules..."

2
charts/kubeadm/Chart.yaml
View File

@ -2,7 +2,7 @@ apiVersion: v2
name: kubeadm name: kubeadm
description: KubeZero Kubeadm cluster config description: KubeZero Kubeadm cluster config
type: application type: application
version: 1.30.6 version: 1.31.4
home: https://kubezero.com home: https://kubezero.com
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
keywords: keywords:

2
charts/kubeadm/templates/_helpers.tpl
View File

@ -3,7 +3,7 @@
{{- /* v1.28: PodAndContainerStatsFromCRI still not working */ -}} {{- /* v1.28: PodAndContainerStatsFromCRI still not working */ -}}
{{- /* v1.28: UnknownVersionInteroperabilityProxy requires StorageVersionAPI which is still alpha in 1.30 */ -}} {{- /* v1.28: UnknownVersionInteroperabilityProxy requires StorageVersionAPI which is still alpha in 1.30 */ -}}
{{- define "kubeadm.featuregates" }} {{- define "kubeadm.featuregates" }}
{{- $gates := list "CustomCPUCFSQuotaPeriod" }} {{- $gates := list "CustomCPUCFSQuotaPeriod" "AuthorizeWithSelectors" "AuthorizeNodeWithSelectors" "ConsistentListFromCache" "VolumeAttributesClass"}}
{{- if eq .return "csv" }} {{- if eq .return "csv" }}
{{- range $key := $gates }} {{- range $key := $gates }}
{{- $key }}=true, {{- $key }}=true,

1
charts/kubeadm/templates/patches/coredns0.yaml → charts/kubeadm/templates/patches/corednsdeployment0.yaml
View File

@ -1,5 +1,4 @@
spec: spec:
replicas: {{ ternary 3 1 .Values.global.highAvailable }}
template: template:
spec: spec:
containers: containers:

4
charts/kubeadm/templates/patches/corednsdeployment1+json.yaml Normal file
View File

@ -0,0 +1,4 @@
json:
- op: replace
path: /spec/replicas
value: {{ ternary 3 1 .Values.global.highAvailable }}

14
charts/kubezero-argo/README.md
View File

@ -1,6 +1,6 @@
# kubezero-argo # kubezero-argo
![Version: 0.2.6](https://img.shields.io/badge/Version-0.2.6-informational?style=flat-square) ![Version: 0.2.7](https://img.shields.io/badge/Version-0.2.7-informational?style=flat-square)
KubeZero Argo - Events, Workflow, CD KubeZero Argo - Events, Workflow, CD
@ -18,8 +18,8 @@ Kubernetes: `>= 1.26.0-0`
| Repository | Name | Version | | Repository | Name | Version |
|------------|------|---------| |------------|------|---------|
| https://argoproj.github.io/argo-helm | argo-cd | 7.7.2 | | https://argoproj.github.io/argo-helm | argo-cd | 7.7.7 |
| https://argoproj.github.io/argo-helm | argo-events | 2.4.8 | | https://argoproj.github.io/argo-helm | argo-events | 2.4.9 |
| https://argoproj.github.io/argo-helm | argocd-apps | 2.0.2 | | https://argoproj.github.io/argo-helm | argocd-apps | 2.0.2 |
| https://argoproj.github.io/argo-helm | argocd-image-updater | 0.11.2 | | https://argoproj.github.io/argo-helm | argocd-image-updater | 0.11.2 |
| https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.6 | | https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.6 |
@ -28,12 +28,13 @@ Kubernetes: `>= 1.26.0-0`
| Key | Type | Default | Description | | Key | Type | Default | Description |
|-----|------|---------|-------------| |-----|------|---------|-------------|
| argo-cd.configs.cm."application.resourceTrackingMethod" | string | `"annotation"` | |
| argo-cd.configs.cm."resource.customizations" | string | `"cert-manager.io/Certificate:\n # Lua script for customizing the health status assessment\n health.lua: |\n hs = {}\n if obj.status ~= nil then\n if obj.status.conditions ~= nil then\n for i, condition in ipairs(obj.status.conditions) do\n if condition.type == \"Ready\" and condition.status == \"False\" then\n hs.status = \"Degraded\"\n hs.message = condition.message\n return hs\n end\n if condition.type == \"Ready\" and condition.status == \"True\" then\n hs.status = \"Healthy\"\n hs.message = condition.message\n return hs\n end\n end\n end\n end\n hs.status = \"Progressing\"\n hs.message = \"Waiting for certificate\"\n return hs\n"` | | | argo-cd.configs.cm."resource.customizations" | string | `"cert-manager.io/Certificate:\n # Lua script for customizing the health status assessment\n health.lua: |\n hs = {}\n if obj.status ~= nil then\n if obj.status.conditions ~= nil then\n for i, condition in ipairs(obj.status.conditions) do\n if condition.type == \"Ready\" and condition.status == \"False\" then\n hs.status = \"Degraded\"\n hs.message = condition.message\n return hs\n end\n if condition.type == \"Ready\" and condition.status == \"True\" then\n hs.status = \"Healthy\"\n hs.message = condition.message\n return hs\n end\n end\n end\n end\n hs.status = \"Progressing\"\n hs.message = \"Waiting for certificate\"\n return hs\n"` | |
| argo-cd.configs.cm."timeout.reconciliation" | string | `"300s"` | | | argo-cd.configs.cm."timeout.reconciliation" | string | `"300s"` | |
| argo-cd.configs.cm."ui.bannercontent" | string | `"KubeZero v1.30 - Release notes"` | | | argo-cd.configs.cm."ui.bannercontent" | string | `"KubeZero v1.31 - Release notes"` | |
| argo-cd.configs.cm."ui.bannerpermanent" | string | `"true"` | | | argo-cd.configs.cm."ui.bannerpermanent" | string | `"true"` | |
| argo-cd.configs.cm."ui.bannerposition" | string | `"bottom"` | | | argo-cd.configs.cm."ui.bannerposition" | string | `"bottom"` | |
| argo-cd.configs.cm."ui.bannerurl" | string | `"https://kubezero.com/releases/v1.30"` | | | argo-cd.configs.cm."ui.bannerurl" | string | `"https://kubezero.com/releases/v1.31"` | |
| argo-cd.configs.cm.url | string | `"https://argocd.example.com"` | | | argo-cd.configs.cm.url | string | `"https://argocd.example.com"` | |
| argo-cd.configs.params."controller.diff.server.side" | string | `"true"` | | | argo-cd.configs.params."controller.diff.server.side" | string | `"true"` | |
| argo-cd.configs.params."controller.operation.processors" | string | `"5"` | | | argo-cd.configs.params."controller.operation.processors" | string | `"5"` | |
@ -51,8 +52,9 @@ Kubernetes: `>= 1.26.0-0`
| argo-cd.dex.enabled | bool | `false` | | | argo-cd.dex.enabled | bool | `false` | |
| argo-cd.enabled | bool | `false` | | | argo-cd.enabled | bool | `false` | |
| argo-cd.global.image.repository | string | `"public.ecr.aws/zero-downtime/zdt-argocd"` | | | argo-cd.global.image.repository | string | `"public.ecr.aws/zero-downtime/zdt-argocd"` | |
| argo-cd.global.image.tag | string | `"v2.12.4"` | | | argo-cd.global.image.tag | string | `"v2.13.1"` | |
| argo-cd.global.logging.format | string | `"json"` | | | argo-cd.global.logging.format | string | `"json"` | |
| argo-cd.global.networkPolicy.create | bool | `true` | |
| argo-cd.istio.enabled | bool | `false` | | | argo-cd.istio.enabled | bool | `false` | |
| argo-cd.istio.gateway | string | `"istio-ingress/ingressgateway"` | | | argo-cd.istio.gateway | string | `"istio-ingress/ingressgateway"` | |
| argo-cd.istio.ipBlocks | list | `[]` | | | argo-cd.istio.ipBlocks | list | `[]` | |

4
charts/kubezero-argo/values.yaml
View File

@ -66,6 +66,10 @@ argo-cd:
timeout.reconciliation: 300s timeout.reconciliation: 300s
application.resourceTrackingMethod: annotation
installationID: "KubeZero-ArgoCD"
application.instanceLabelKey: Null
resource.customizations: | resource.customizations: |
cert-manager.io/Certificate: cert-manager.io/Certificate:
# Lua script for customizing the health status assessment # Lua script for customizing the health status assessment

6
charts/kubezero-network/README.md
View File

@ -1,6 +1,6 @@
# kubezero-network # kubezero-network
![Version: 0.5.5](https://img.shields.io/badge/Version-0.5.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![Version: 0.5.6](https://img.shields.io/badge/Version-0.5.6-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
KubeZero umbrella chart for all things network KubeZero umbrella chart for all things network
@ -20,8 +20,8 @@ Kubernetes: `>= 1.26.0`
|------------|------|---------| |------------|------|---------|
| https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.6 | | https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.6 |
| https://haproxytech.github.io/helm-charts | haproxy | 1.23.0 | | https://haproxytech.github.io/helm-charts | haproxy | 1.23.0 |
| https://helm.cilium.io/ | cilium | 1.16.3 | | https://helm.cilium.io/ | cilium | 1.16.5 |
| https://metallb.github.io/metallb | metallb | 0.14.8 | | https://metallb.github.io/metallb | metallb | 0.14.9 |
## Values ## Values

2
charts/kubezero-network/templates/cilium-grafana-dashboards.yaml
View File

File diff suppressed because one or more lines are too long

18
charts/kubezero-operators/values.yaml
View File

@ -29,18 +29,22 @@ cloudnative-pg:
strimzi-kafka-operator: strimzi-kafka-operator:
enabled: false enabled: false
revisionHistoryLimit: 3 revisionHistoryLimit: 2
watchAnyNamespace: true watchAnyNamespace: true
leaderElection: leaderElection:
enable: false enable: false
resources: # extraEnvs:
requests: # - name: JAVA_OPTS
cpu: 20m # value: "-XX:MaxRAMPercentage=75 -XX:+UseParallelGC -XX:ActiveProcessorCount=2"
memory: 256Mi
limits: # resources:
memory: 384Mi # requests:
# cpu: 10m
# memory: 256Mi
# limits:
# memory: 256Mi
monitoring: monitoring:
podMonitorEnabled: false podMonitorEnabled: false

2
charts/kubezero/values.yaml
View File

@ -36,7 +36,7 @@ addons:
network: network:
enabled: true enabled: true
retain: true retain: true
targetRevision: 0.5.5 targetRevision: 0.5.6
cilium: cilium:
cluster: {} cluster: {}

7
docs/v1.31.md
View File

@ -1,15 +1,16 @@
# ![k8s-v1.31](images/k8s-1.31.png) KubeZero 1.31 - Elli # ![k8s-v1.31](images/k8s-1.31.png) KubeZero 1.31 - Elli
## What's new - Major themes ## What's new - Major themes
- all KubeZero and support AMIs based on Alpine 3.21 - all KubeZero and support AMIs based on [Alpine 3.21](https://alpinelinux.org/posts/Alpine-3.21.0-released.html)
- network policies for ArgoCD
## Features and fixes ## Features and fixes
- ArgoCD now tracks ownership by annotations rather than labels
## Version upgrades ## Version upgrades
<WIP>
- cilium 1.16.3 - cilium 1.16.3
- istio 1.22.3 - istio 1.22.3
- ArgoCD 2.13.0 [custom ZDT image](https://git.zero-downtime.net/ZeroDownTime/zdt-argocd) - ArgoCD 2.13.1 [custom ZDT image](https://git.zero-downtime.net/ZeroDownTime/zdt-argocd)
- Prometheus 2.55.1 / Grafana 11.3.0 - Prometheus 2.55.1 / Grafana 11.3.0
- Nvidia container toolkit 1.17, drivers 565.57.01, Cuda 12.7 - Nvidia container toolkit 1.17, drivers 565.57.01, Cuda 12.7