From 587398a49003caa0b2c75f4666ea5b1c9afc40f6 Mon Sep 17 00:00:00 2001 From: Stefan Reimer Date: Wed, 27 Mar 2024 22:48:02 +0000 Subject: [PATCH] feat: v1.28 version upgrade argoCD incl. move into argo umbrella chart --- admin/migrate_argo_values.py | 24 +-- admin/upgrade_cluster.sh | 9 +- charts/kubezero-argo/Chart.yaml | 15 +- charts/kubezero-argo/README.md | 53 +++++- charts/kubezero-argo/README.md.gotmpl | 2 + .../argo-cd/istio-authorization-policy.yaml | 2 +- .../templates/argo-cd/istio-service.yaml | 6 +- charts/kubezero-argo/update.sh | 2 +- charts/kubezero-argo/values.yaml | 154 +++++++++++++++++ charts/kubezero-argocd/Chart.yaml | 29 ---- charts/kubezero-argocd/README.md | 74 -------- charts/kubezero-argocd/README.md.gotmpl | 20 --- charts/kubezero-argocd/dashboards.yaml | 9 - .../templates/grafana-dashboards.yaml | 15 -- .../templates/istio-authorization-policy.yaml | 28 --- .../templates/istio-service.yaml | 31 ---- charts/kubezero-argocd/update.sh | 10 -- charts/kubezero-argocd/values.yaml | 162 ------------------ charts/kubezero-network/README.md | 6 +- .../k8up.yaml => templates/k8up/crds.yaml} | 2 + .../rbac-snapshot-controller.yaml | 103 ----------- .../templates/snapshot-controller/rbac.yaml | 26 ++- charts/kubezero-storage/update.sh | 13 +- charts/kubezero/templates/argo.yaml | 1 + charts/kubezero/templates/argocd.yaml | 104 ----------- charts/kubezero/templates/network.yaml | 6 + charts/kubezero/values.yaml | 16 +- docs/v1.28.md | 1 + 28 files changed, 291 insertions(+), 632 deletions(-) delete mode 100644 charts/kubezero-argocd/Chart.yaml delete mode 100644 charts/kubezero-argocd/README.md delete mode 100644 charts/kubezero-argocd/README.md.gotmpl delete mode 100644 charts/kubezero-argocd/dashboards.yaml delete mode 100644 charts/kubezero-argocd/templates/grafana-dashboards.yaml delete mode 100644 charts/kubezero-argocd/templates/istio-authorization-policy.yaml delete mode 100644 charts/kubezero-argocd/templates/istio-service.yaml delete mode 100755 charts/kubezero-argocd/update.sh delete mode 100644 charts/kubezero-argocd/values.yaml rename charts/kubezero-storage/{crds/k8up.yaml => templates/k8up/crds.yaml} (99%) delete mode 100644 charts/kubezero-storage/templates/snapshot-controller/rbac-snapshot-controller.yaml delete mode 100644 charts/kubezero/templates/argocd.yaml diff --git a/admin/migrate_argo_values.py b/admin/migrate_argo_values.py index 75a20b6d..38fafd80 100755 --- a/admin/migrate_argo_values.py +++ b/admin/migrate_argo_values.py @@ -8,27 +8,11 @@ import yaml def migrate(values): """Actual changes here""" - # Cleanup - values.pop("Domain", None) - values.pop("clusterName", None) - if "addons" in values: - if not values["addons"]: - values.pop("addons") - - # fix argoCD CM + # argoCD moves to argo module try: - if not values["argocd"]["configs"]["cm"]["url"].startswith("http"): - values["argocd"]["configs"]["cm"]["url"] = "https://" + values["argocd"]["configs"]["cm"]["url"] - except KeyError: - pass - - # migrate eck operator to new operator module - try: - if values["logging"]["eck-operator"]["enabled"]: - if "operators" not in values: - values["operators"] = { "enabled": True } - values["operators"]["eck-operator"] = { "enabled": True } - values["logging"].pop("eck-operator", None) + if values["argocd"]["enabled"]: + values["argo"] = { "enabled": True, "argo-cd": values["argocd"] } + values.pop("argocd") except KeyError: pass diff --git a/admin/upgrade_cluster.sh b/admin/upgrade_cluster.sh index 6381f684..aaf9aa05 100755 --- a/admin/upgrade_cluster.sh +++ b/admin/upgrade_cluster.sh @@ -31,7 +31,14 @@ waitSystemPodsRunning echo "Applying remaining KubeZero modules..." -control_plane_upgrade "apply_cert-manager, apply_istio, apply_istio-ingress, apply_istio-private-ingress, apply_logging, apply_metrics, apply_telemetry, apply_argocd" +### v1.28 +# - remove old argocd app, all resources will be taken over by argo.argo-cd +kubectl patch app argocd -n argocd \ + --type json \ + --patch='[ { "op": "remove", "path": "/metadata/finalizers" } ]' && \ + kubectl delete app argocd -n argocd || true + +control_plane_upgrade "apply_cert-manager, apply_istio, apply_istio-ingress, apply_istio-private-ingress, apply_logging, apply_metrics, apply_telemetry, apply_argo" # Trigger backup of upgraded cluster state kubectl create job --from=cronjob/kubezero-backup kubezero-backup-$VERSION -n kube-system diff --git a/charts/kubezero-argo/Chart.yaml b/charts/kubezero-argo/Chart.yaml index 81c3ed71..ac0e0f98 100644 --- a/charts/kubezero-argo/Chart.yaml +++ b/charts/kubezero-argo/Chart.yaml @@ -1,11 +1,12 @@ apiVersion: v2 description: KubeZero Argo - Events, Workflow, CD name: kubezero-argo -version: 0.1.1 +version: 0.2.0 home: https://kubezero.com icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png keywords: - kubezero + - argocd - argo-events - argo-workflow maintainers: @@ -20,4 +21,16 @@ dependencies: version: 2.4.4 repository: https://argoproj.github.io/argo-helm condition: argo-events.enabled + - name: argo-cd + version: 6.7.3 + repository: https://argoproj.github.io/argo-helm + condition: argo-cd.enabled + - name: argocd-apps + version: 2.0.0 + repository: https://argoproj.github.io/argo-helm + condition: argo-cd.enabled + - name: argocd-image-updater + version: 0.9.6 + repository: https://argoproj.github.io/argo-helm + condition: argocd-image-updater.enabled kubeVersion: ">= 1.26.0" diff --git a/charts/kubezero-argo/README.md b/charts/kubezero-argo/README.md index 8535758f..2f668dc6 100644 --- a/charts/kubezero-argo/README.md +++ b/charts/kubezero-argo/README.md @@ -1,6 +1,6 @@ # kubezero-argo -![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) +![Version: 0.2.0](https://img.shields.io/badge/Version-0.2.0-informational?style=flat-square) KubeZero Argo - Events, Workflow, CD @@ -18,13 +18,48 @@ Kubernetes: `>= 1.26.0` | Repository | Name | Version | |------------|------|---------| -| https://argoproj.github.io/argo-helm | argo-events | 2.4.3 | +| https://argoproj.github.io/argo-helm | argo-cd | 6.7.3 | +| https://argoproj.github.io/argo-helm | argo-events | 2.4.4 | +| https://argoproj.github.io/argo-helm | argocd-apps | 2.0.0 | +| https://argoproj.github.io/argo-helm | argocd-image-updater | 0.9.6 | | https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.6 | ## Values | Key | Type | Default | Description | |-----|------|---------|-------------| +| argo-cd.applicationSet.enabled | bool | `false` | | +| argo-cd.configs.cm."resource.customizations" | string | `"cert-manager.io/Certificate:\n # Lua script for customizing the health status assessment\n health.lua: |\n hs = {}\n if obj.status ~= nil then\n if obj.status.conditions ~= nil then\n for i, condition in ipairs(obj.status.conditions) do\n if condition.type == \"Ready\" and condition.status == \"False\" then\n hs.status = \"Degraded\"\n hs.message = condition.message\n return hs\n end\n if condition.type == \"Ready\" and condition.status == \"True\" then\n hs.status = \"Healthy\"\n hs.message = condition.message\n return hs\n end\n end\n end\n end\n hs.status = \"Progressing\"\n hs.message = \"Waiting for certificate\"\n return hs\n"` | | +| argo-cd.configs.cm."timeout.reconciliation" | int | `300` | | +| argo-cd.configs.cm."ui.bannercontent" | string | `"KubeZero v1.27 - Release notes"` | | +| argo-cd.configs.cm."ui.bannerpermanent" | string | `"true"` | | +| argo-cd.configs.cm."ui.bannerposition" | string | `"bottom"` | | +| argo-cd.configs.cm."ui.bannerurl" | string | `"https://kubezero.com/releases/v1.27"` | | +| argo-cd.configs.cm.url | string | `"https://argocd.example.com"` | | +| argo-cd.configs.knownHosts.data.ssh_known_hosts | string | `"bitbucket.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPIQmuzMBuKdWeF4+a2sjSSpBK0iqitSQ+5BM9KhpexuGt20JpTVM7u5BDZngncgrqDMbWdxMWWOGtZ9UgbqgZE=\nbitbucket.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIazEu89wgQZ4bqs3d63QSMzYVa0MuJ2e2gKTKqu+UUO\nbitbucket.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDQeJzhupRu0u0cdegZIa8e86EG2qOCsIsD1Xw0xSeiPDlCr7kq97NLmMbpKTX6Esc30NuoqEEHCuc7yWtwp8dI76EEEB1VqY9QJq6vk+aySyboD5QF61I/1WeTwu+deCbgKMGbUijeXhtfbxSxm6JwGrXrhBdofTsbKRUsrN1WoNgUa8uqN1Vx6WAJw1JHPhglEGGHea6QICwJOAr/6mrui/oB7pkaWKHj3z7d1IC4KWLtY47elvjbaTlkN04Kc/5LFEirorGYVbt15kAUlqGM65pk6ZBxtaO3+30LVlORZkxOh+LKL/BvbZ/iRNhItLqNyieoQj/uh/7Iv4uyH/cV/0b4WDSd3DptigWq84lJubb9t/DnZlrJazxyDCulTmKdOR7vs9gMTo+uoIrPSb8ScTtvw65+odKAlBj59dhnVp9zd7QUojOpXlL62Aw56U4oO+FALuevvMjiWeavKhJqlR7i5n9srYcrNV7ttmDw7kf/97P5zauIhxcjX+xHv4M=\ngithub.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg=\ngithub.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl\ngithub.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==\ngitlab.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFSMqzJeV9rUzU4kWitGjeR4PWSa29SPqJ1fVkhtj3Hw9xjLVXVYrU9QlYWrOLXBpQ6KWjbjTDTdDkoohFzgbEY=\ngitlab.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAfuCHKVTjquxvt6CM6tdG4SLp1Btn/nOeHHE5UOzRdf\ngitlab.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bNKTBSpIYDEGk9KxsGh3mySTRgMtXL583qmBpzeQ+jqCMRgBqB98u3z++J1sKlXHWfM9dyhSevkMwSbhoR8XIq/U0tCNyokEi/ueaBMCvbcTHhO7FcwzY92WK4Yt0aGROY5qX2UKSeOvuP4D6TPqKF1onrSzH9bx9XUf2lEdWT/ia1NEKjunUqu1xOB/StKDHMoX4/OKyIzuS0q/T1zOATthvasJFoPrAjkohTyaDUz2LN5JoH839hViyEG82yB+MjcFV5MU3N1l1QL3cVUCh93xSaua1N85qivl+siMkPGbO5xR/En4iEY6K2XPASUEMaieWVNTRCtJ4S8H+9\ngit.zero-downtime.net ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC8YdJ4YcOK7A0K7qOWsRjCS+wHTStXRcwBe7gjG43HPSNijiCKoGf/c+tfNsRhyouawg7Law6M6ahmS/jKWBpznRIM+OdOFVSuhnK/nr6h6wG3/ZfdLicyAPvx1/STGY/Fc6/zXA88i/9PV+g84gSVmhf3fGY92wokiASiu9DU4T9dT1gIkdyOX6fbMi1/mMKLSrHnAQcjyasYDvw9ISCJ95EoSwbj7O4c+7jo9fxYvdCfZZZAEZGozTRLAAO0AnjVcRah7bZV/jfHJuhOipV/TB7UVAhlVv1dfGV7hoTp9UKtKZFJF4cjIrSGxqQA/mdhSdLgkepK7yc4Jp2xGnaarhY29DfqsQqop+ugFpTbj7Xy5Rco07mXc6XssbAZhI1xtCOX20N4PufBuYippCK5AE6AiAyVtJmvfGQk4HP+TjOyhFo7PZm3wc9Hym7IBBVC0Sl30K8ddufkAgHwNGvvu1ZmD9ZWaMOXJDHBCZGMMr16QREZwVtZTwMEQalc7/yqmuqMhmcJIfs/GA2Lt91y+pq9C8XyeUL0VFPch0vkcLSRe3ghMZpRFJ/ht307xPcLzgTJqN6oQtNNDzSQglSEjwhge2K4GyWcIh+oGsWxWz5dHyk1iJmw90Y976BZIl/mYVgbTtZAJ81oGe/0k5rAe+LDL+Yq6tG28QFOg0QmiQ==\n"` | | +| argo-cd.configs.params."controller.operation.processors" | string | `"5"` | | +| argo-cd.configs.params."controller.status.processors" | string | `"10"` | | +| argo-cd.configs.params."server.enable.gzip" | bool | `true` | | +| argo-cd.configs.params."server.insecure" | bool | `true` | | +| argo-cd.configs.secret.createSecret | bool | `false` | | +| argo-cd.configs.styles | string | `".sidebar__logo img { content: url(https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png); }\n.sidebar__logo__text-logo { height: 0em; }\n.sidebar { background: linear-gradient(to bottom, #6A4D79, #493558, #2D1B30, #0D0711); }\n"` | | +| argo-cd.controller.metrics.enabled | bool | `false` | | +| argo-cd.controller.metrics.serviceMonitor.enabled | bool | `true` | | +| argo-cd.controller.resources.limits.memory | string | `"2048Mi"` | | +| argo-cd.controller.resources.requests.cpu | string | `"100m"` | | +| argo-cd.controller.resources.requests.memory | string | `"512Mi"` | | +| argo-cd.dex.enabled | bool | `false` | | +| argo-cd.enabled | bool | `false` | | +| argo-cd.global.logging.format | string | `"json"` | | +| argo-cd.istio.enabled | bool | `false` | | +| argo-cd.istio.gateway | string | `"istio-ingress/ingressgateway"` | | +| argo-cd.istio.ipBlocks | list | `[]` | | +| argo-cd.notifications.enabled | bool | `false` | | +| argo-cd.repoServer.metrics.enabled | bool | `false` | | +| argo-cd.repoServer.metrics.serviceMonitor.enabled | bool | `true` | | +| argo-cd.server.metrics.enabled | bool | `false` | | +| argo-cd.server.metrics.serviceMonitor.enabled | bool | `true` | | +| argo-cd.server.service.servicePortHttpsName | string | `"grpc"` | | | argo-events.configs.jetstream.settings.maxFileStore | int | `-1` | Maximum size of the file storage (e.g. 20G) | | argo-events.configs.jetstream.settings.maxMemoryStore | int | `-1` | Maximum size of the memory storage (e.g. 1G) | | argo-events.configs.jetstream.streamConfig.duplicates | string | `"300s"` | Not documented at the moment | @@ -38,6 +73,20 @@ Kubernetes: `>= 1.26.0` | argo-events.configs.jetstream.versions[0].startCommand | string | `"/nats-server"` | | | argo-events.configs.jetstream.versions[0].version | string | `"2.10.11"` | | | argo-events.enabled | bool | `false` | | +| argocd-apps.applications | object | `{}` | | +| argocd-apps.enabled | bool | `false` | | +| argocd-apps.projects | object | `{}` | | +| argocd-image-updater.authScripts.enabled | bool | `true` | | +| argocd-image-updater.authScripts.scripts."ecr-login.sh" | string | `"#!/bin/sh\naws ecr --region $AWS_REGION get-authorization-token --output text --query 'authorizationData[].authorizationToken' | base64 -d\n"` | | +| argocd-image-updater.authScripts.scripts."ecr-public-login.sh" | string | `"#!/bin/sh\naws ecr-public --region us-east-1 get-authorization-token --output text --query 'authorizationData.authorizationToken' | base64 -d\n"` | | +| argocd-image-updater.config.argocd.plaintext | bool | `true` | | +| argocd-image-updater.enabled | bool | `false` | | +| argocd-image-updater.fullnameOverride | string | `"argocd-image-updater"` | | +| argocd-image-updater.metrics.enabled | bool | `false` | | +| argocd-image-updater.metrics.serviceMonitor.enabled | bool | `true` | | +| argocd-image-updater.sshConfig.config | string | `"Host *\n PubkeyAcceptedAlgorithms +ssh-rsa\n HostkeyAlgorithms +ssh-rsa\n"` | | ## Resources +- https://argoproj.github.io/argo-cd/operator-manual/metrics/ +- https://raw.githubusercontent.com/argoproj/argo-cd/master/examples/dashboard.json diff --git a/charts/kubezero-argo/README.md.gotmpl b/charts/kubezero-argo/README.md.gotmpl index 6136a2e8..f2d17e4f 100644 --- a/charts/kubezero-argo/README.md.gotmpl +++ b/charts/kubezero-argo/README.md.gotmpl @@ -16,4 +16,6 @@ {{ template "chart.valuesSection" . }} ## Resources +- https://argoproj.github.io/argo-cd/operator-manual/metrics/ +- https://raw.githubusercontent.com/argoproj/argo-cd/master/examples/dashboard.json diff --git a/charts/kubezero-argo/templates/argo-cd/istio-authorization-policy.yaml b/charts/kubezero-argo/templates/argo-cd/istio-authorization-policy.yaml index 9f0d4cbc..603d1dfb 100644 --- a/charts/kubezero-argo/templates/argo-cd/istio-authorization-policy.yaml +++ b/charts/kubezero-argo/templates/argo-cd/istio-authorization-policy.yaml @@ -16,7 +16,7 @@ spec: - from: - source: notIpBlocks: - {{- toYaml .Values.istio.ipBlocks | nindent 8 }} + {{- toYaml (index .Values "argo-cd" "istio" "ipBlocks") | nindent 8 }} to: - operation: hosts: [{{ index .Values "argo-cd" "configs" "cm" "url" | quote }}] diff --git a/charts/kubezero-argo/templates/argo-cd/istio-service.yaml b/charts/kubezero-argo/templates/argo-cd/istio-service.yaml index 8f11bc59..0c757db8 100644 --- a/charts/kubezero-argo/templates/argo-cd/istio-service.yaml +++ b/charts/kubezero-argo/templates/argo-cd/istio-service.yaml @@ -8,7 +8,7 @@ metadata: {{- include "kubezero-lib.labels" . | nindent 4 }} spec: gateways: - - {{ .Values.istio.gateway }} + - {{ index .Values "argo-cd" "istio" "gateway" }} hosts: - {{ get (urlParse (index .Values "argo-cd" "configs" "cm" "url")) "host" }} http: @@ -19,13 +19,13 @@ spec: prefix: argocd-client route: - destination: - host: argocd-server + host: argo-argocd-server port: number: 443 - name: http route: - destination: - host: argocd-server + host: argo-argocd-server port: number: 80 {{- end }} diff --git a/charts/kubezero-argo/update.sh b/charts/kubezero-argo/update.sh index 58e8a3f7..4962882b 100755 --- a/charts/kubezero-argo/update.sh +++ b/charts/kubezero-argo/update.sh @@ -5,6 +5,6 @@ update_helm # Create ZDT dashboard configmap -#../kubezero-metrics/sync_grafana_dashboards.py dashboards.yaml templates/grafana-dashboards.yaml +../kubezero-metrics/sync_grafana_dashboards.py dashboards.yaml templates/argo-cd/grafana-dashboards.yaml update_docs diff --git a/charts/kubezero-argo/values.yaml b/charts/kubezero-argo/values.yaml index 0011b1a2..2db8063f 100644 --- a/charts/kubezero-argo/values.yaml +++ b/charts/kubezero-argo/values.yaml @@ -30,3 +30,157 @@ argo-events: configReloaderImage: natsio/nats-server-config-reloader:0.14.1 startCommand: /nats-server + +argocd-apps: + enabled: false + projects: {} + applications: {} + +argo-cd: + enabled: false + #configs: + # secret: + # `htpasswd -nbBC 10 "" $ARGO_PWD | tr -d ':\n' | sed 's/$2y/$2a/'` + # argocdServerAdminPassword: "$2a$10$ivKzaXVxMqdeDSfS3nqi1Od3iDbnL7oXrixzDfZFRHlXHnAG6LydG" + # argocdServerAdminPasswordMtime: "2020-04-24T15:33:09BST" + + global: + logging: + format: json + # image: + # tag: v2.1.6 + + configs: + styles: | + .sidebar__logo img { content: url(https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png); } + .sidebar__logo__text-logo { height: 0em; } + .sidebar { background: linear-gradient(to bottom, #6A4D79, #493558, #2D1B30, #0D0711); } + + cm: + ui.bannercontent: "KubeZero v1.27 - Release notes" + ui.bannerurl: "https://kubezero.com/releases/v1.27" + ui.bannerpermanent: "true" + ui.bannerposition: "bottom" + + # argo-cd.server.config.url -- ArgoCD URL being exposed via Istio + url: https://argocd.example.com + + timeout.reconciliation: 300s + + resource.customizations: | + cert-manager.io/Certificate: + # Lua script for customizing the health status assessment + health.lua: | + hs = {} + if obj.status ~= nil then + if obj.status.conditions ~= nil then + for i, condition in ipairs(obj.status.conditions) do + if condition.type == "Ready" and condition.status == "False" then + hs.status = "Degraded" + hs.message = condition.message + return hs + end + if condition.type == "Ready" and condition.status == "True" then + hs.status = "Healthy" + hs.message = condition.message + return hs + end + end + end + end + hs.status = "Progressing" + hs.message = "Waiting for certificate" + return hs + + secret: + createSecret: false + + ssh: + extraHosts: "git.zero-downtime.net ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC8YdJ4YcOK7A0K7qOWsRjCS+wHTStXRcwBe7gjG43HPSNijiCKoGf/c+tfNsRhyouawg7Law6M6ahmS/jKWBpznRIM+OdOFVSuhnK/nr6h6wG3/ZfdLicyAPvx1/STGY/Fc6/zXA88i/9PV+g84gSVmhf3fGY92wokiASiu9DU4T9dT1gIkdyOX6fbMi1/mMKLSrHnAQcjyasYDvw9ISCJ95EoSwbj7O4c+7jo9fxYvdCfZZZAEZGozTRLAAO0AnjVcRah7bZV/jfHJuhOipV/TB7UVAhlVv1dfGV7hoTp9UKtKZFJF4cjIrSGxqQA/mdhSdLgkepK7yc4Jp2xGnaarhY29DfqsQqop+ugFpTbj7Xy5Rco07mXc6XssbAZhI1xtCOX20N4PufBuYippCK5AE6AiAyVtJmvfGQk4HP+TjOyhFo7PZm3wc9Hym7IBBVC0Sl30K8ddufkAgHwNGvvu1ZmD9ZWaMOXJDHBCZGMMr16QREZwVtZTwMEQalc7/yqmuqMhmcJIfs/GA2Lt91y+pq9C8XyeUL0VFPch0vkcLSRe3ghMZpRFJ/ht307xPcLzgTJqN6oQtNNDzSQglSEjwhge2K4GyWcIh+oGsWxWz5dHyk1iJmw90Y976BZIl/mYVgbTtZAJ81oGe/0k5rAe+LDL+Yq6tG28QFOg0QmiQ==" + + params: + controller.status.processors: "10" + controller.operation.processors: "5" + + server.insecure: true + server.enable.gzip: true + + controller: + metrics: + enabled: false + serviceMonitor: + enabled: true + + resources: + limits: + # cpu: 500m + memory: 2048Mi + requests: + cpu: 100m + memory: 512Mi + + repoServer: + metrics: + enabled: false + serviceMonitor: + enabled: true + + server: + # Rename former https port to grpc, works with istio + insecure + service: + servicePortHttpsName: grpc + metrics: + enabled: false + serviceMonitor: + enabled: true + + # redis: + # We might want to try to keep redis close to the controller + # affinity: + + dex: + enabled: false + + applicationSet: + enabled: false + + notifications: + enabled: false + + # Support for Istio Ingress for ArgoCD + istio: + # istio.enabled -- Deploy Istio VirtualService to expose ArgoCD + enabled: false + # istio.gateway -- Name of the Istio gateway to add the VirtualService to + gateway: istio-ingress/ingressgateway + ipBlocks: [] + +argocd-image-updater: + enabled: false + + # Unify all ArgoCD pieces under the same argocd namespace + fullnameOverride: argocd-image-updater + + config: + argocd: + plaintext: true + + metrics: + enabled: false + serviceMonitor: + enabled: true + + authScripts: + enabled: true + scripts: + ecr-login.sh: | + #!/bin/sh + aws ecr --region $AWS_REGION get-authorization-token --output text --query 'authorizationData[].authorizationToken' | base64 -d + ecr-public-login.sh: | + #!/bin/sh + aws ecr-public --region us-east-1 get-authorization-token --output text --query 'authorizationData.authorizationToken' | base64 -d + sshConfig: + config: | + Host * + PubkeyAcceptedAlgorithms +ssh-rsa + HostkeyAlgorithms +ssh-rsa diff --git a/charts/kubezero-argocd/Chart.yaml b/charts/kubezero-argocd/Chart.yaml deleted file mode 100644 index 7f88dcc7..00000000 --- a/charts/kubezero-argocd/Chart.yaml +++ /dev/null @@ -1,29 +0,0 @@ -apiVersion: v2 -description: KubeZero ArgoCD - config, branding, image-updater (optional) -name: kubezero-argocd -version: 0.13.5 -home: https://kubezero.com -icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png -keywords: - - kubezero - - argocd - - argocd-image-updater -maintainers: - - name: Stefan Reimer - email: stefan@zero-downtime.net -# Url: https://github.com/argoproj/argo-helm/tree/main/charts -dependencies: - - name: kubezero-lib - version: ">= 0.1.6" - repository: https://cdn.zero-downtime.net/charts/ - - name: argo-cd - version: 6.7.3 - repository: https://argoproj.github.io/argo-helm - - name: argocd-apps - version: 2.0.0 - repository: https://argoproj.github.io/argo-helm - - name: argocd-image-updater - version: 0.9.6 - repository: https://argoproj.github.io/argo-helm - condition: argocd-image-updater.enabled -kubeVersion: ">= 1.26.0" diff --git a/charts/kubezero-argocd/README.md b/charts/kubezero-argocd/README.md deleted file mode 100644 index 9e5dab2f..00000000 --- a/charts/kubezero-argocd/README.md +++ /dev/null @@ -1,74 +0,0 @@ -# kubezero-argocd - -![Version: 0.13.3](https://img.shields.io/badge/Version-0.13.3-informational?style=flat-square) - -KubeZero ArgoCD - config, branding, image-updater (optional) - -**Homepage:** - -## Maintainers - -| Name | Email | Url | -| ---- | ------ | --- | -| Stefan Reimer | | | - -## Requirements - -Kubernetes: `>= 1.26.0` - -| Repository | Name | Version | -|------------|------|---------| -| https://argoproj.github.io/argo-helm | argo-cd | 5.51.4 | -| https://argoproj.github.io/argo-helm | argocd-apps | 1.4.1 | -| https://argoproj.github.io/argo-helm | argocd-image-updater | 0.9.1 | -| https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.6 | - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| argo-cd.applicationSet.enabled | bool | `false` | | -| argo-cd.configs.cm."resource.customizations" | string | `"cert-manager.io/Certificate:\n # Lua script for customizing the health status assessment\n health.lua: |\n hs = {}\n if obj.status ~= nil then\n if obj.status.conditions ~= nil then\n for i, condition in ipairs(obj.status.conditions) do\n if condition.type == \"Ready\" and condition.status == \"False\" then\n hs.status = \"Degraded\"\n hs.message = condition.message\n return hs\n end\n if condition.type == \"Ready\" and condition.status == \"True\" then\n hs.status = \"Healthy\"\n hs.message = condition.message\n return hs\n end\n end\n end\n end\n hs.status = \"Progressing\"\n hs.message = \"Waiting for certificate\"\n return hs\n"` | | -| argo-cd.configs.cm."timeout.reconciliation" | int | `300` | | -| argo-cd.configs.cm."ui.bannercontent" | string | `"KubeZero v1.27 - Release notes"` | | -| argo-cd.configs.cm."ui.bannerpermanent" | string | `"true"` | | -| argo-cd.configs.cm."ui.bannerposition" | string | `"bottom"` | | -| argo-cd.configs.cm."ui.bannerurl" | string | `"https://kubezero.com/releases/v1.27"` | | -| argo-cd.configs.cm.url | string | `"https://argocd.example.com"` | | -| argo-cd.configs.knownHosts.data.ssh_known_hosts | string | `"bitbucket.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPIQmuzMBuKdWeF4+a2sjSSpBK0iqitSQ+5BM9KhpexuGt20JpTVM7u5BDZngncgrqDMbWdxMWWOGtZ9UgbqgZE=\nbitbucket.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIazEu89wgQZ4bqs3d63QSMzYVa0MuJ2e2gKTKqu+UUO\nbitbucket.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDQeJzhupRu0u0cdegZIa8e86EG2qOCsIsD1Xw0xSeiPDlCr7kq97NLmMbpKTX6Esc30NuoqEEHCuc7yWtwp8dI76EEEB1VqY9QJq6vk+aySyboD5QF61I/1WeTwu+deCbgKMGbUijeXhtfbxSxm6JwGrXrhBdofTsbKRUsrN1WoNgUa8uqN1Vx6WAJw1JHPhglEGGHea6QICwJOAr/6mrui/oB7pkaWKHj3z7d1IC4KWLtY47elvjbaTlkN04Kc/5LFEirorGYVbt15kAUlqGM65pk6ZBxtaO3+30LVlORZkxOh+LKL/BvbZ/iRNhItLqNyieoQj/uh/7Iv4uyH/cV/0b4WDSd3DptigWq84lJubb9t/DnZlrJazxyDCulTmKdOR7vs9gMTo+uoIrPSb8ScTtvw65+odKAlBj59dhnVp9zd7QUojOpXlL62Aw56U4oO+FALuevvMjiWeavKhJqlR7i5n9srYcrNV7ttmDw7kf/97P5zauIhxcjX+xHv4M=\ngithub.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg=\ngithub.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl\ngithub.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==\ngitlab.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFSMqzJeV9rUzU4kWitGjeR4PWSa29SPqJ1fVkhtj3Hw9xjLVXVYrU9QlYWrOLXBpQ6KWjbjTDTdDkoohFzgbEY=\ngitlab.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAfuCHKVTjquxvt6CM6tdG4SLp1Btn/nOeHHE5UOzRdf\ngitlab.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bNKTBSpIYDEGk9KxsGh3mySTRgMtXL583qmBpzeQ+jqCMRgBqB98u3z++J1sKlXHWfM9dyhSevkMwSbhoR8XIq/U0tCNyokEi/ueaBMCvbcTHhO7FcwzY92WK4Yt0aGROY5qX2UKSeOvuP4D6TPqKF1onrSzH9bx9XUf2lEdWT/ia1NEKjunUqu1xOB/StKDHMoX4/OKyIzuS0q/T1zOATthvasJFoPrAjkohTyaDUz2LN5JoH839hViyEG82yB+MjcFV5MU3N1l1QL3cVUCh93xSaua1N85qivl+siMkPGbO5xR/En4iEY6K2XPASUEMaieWVNTRCtJ4S8H+9\ngit.zero-downtime.net ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC8YdJ4YcOK7A0K7qOWsRjCS+wHTStXRcwBe7gjG43HPSNijiCKoGf/c+tfNsRhyouawg7Law6M6ahmS/jKWBpznRIM+OdOFVSuhnK/nr6h6wG3/ZfdLicyAPvx1/STGY/Fc6/zXA88i/9PV+g84gSVmhf3fGY92wokiASiu9DU4T9dT1gIkdyOX6fbMi1/mMKLSrHnAQcjyasYDvw9ISCJ95EoSwbj7O4c+7jo9fxYvdCfZZZAEZGozTRLAAO0AnjVcRah7bZV/jfHJuhOipV/TB7UVAhlVv1dfGV7hoTp9UKtKZFJF4cjIrSGxqQA/mdhSdLgkepK7yc4Jp2xGnaarhY29DfqsQqop+ugFpTbj7Xy5Rco07mXc6XssbAZhI1xtCOX20N4PufBuYippCK5AE6AiAyVtJmvfGQk4HP+TjOyhFo7PZm3wc9Hym7IBBVC0Sl30K8ddufkAgHwNGvvu1ZmD9ZWaMOXJDHBCZGMMr16QREZwVtZTwMEQalc7/yqmuqMhmcJIfs/GA2Lt91y+pq9C8XyeUL0VFPch0vkcLSRe3ghMZpRFJ/ht307xPcLzgTJqN6oQtNNDzSQglSEjwhge2K4GyWcIh+oGsWxWz5dHyk1iJmw90Y976BZIl/mYVgbTtZAJ81oGe/0k5rAe+LDL+Yq6tG28QFOg0QmiQ==\n"` | | -| argo-cd.configs.params."controller.operation.processors" | string | `"5"` | | -| argo-cd.configs.params."controller.status.processors" | string | `"10"` | | -| argo-cd.configs.params."server.enable.gzip" | bool | `true` | | -| argo-cd.configs.params."server.insecure" | bool | `true` | | -| argo-cd.configs.secret.createSecret | bool | `false` | | -| argo-cd.configs.styles | string | `".sidebar__logo img { content: url(https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png); }\n.sidebar__logo__text-logo { height: 0em; }\n.sidebar { background: linear-gradient(to bottom, #6A4D79, #493558, #2D1B30, #0D0711); }\n"` | | -| argo-cd.controller.metrics.enabled | bool | `false` | | -| argo-cd.controller.metrics.serviceMonitor.enabled | bool | `true` | | -| argo-cd.controller.resources.requests.cpu | string | `"100m"` | | -| argo-cd.controller.resources.requests.memory | string | `"256Mi"` | | -| argo-cd.dex.enabled | bool | `false` | | -| argo-cd.global.logging.format | string | `"json"` | | -| argo-cd.notifications.enabled | bool | `false` | | -| argo-cd.repoServer.metrics.enabled | bool | `false` | | -| argo-cd.repoServer.metrics.serviceMonitor.enabled | bool | `true` | | -| argo-cd.server.metrics.enabled | bool | `false` | | -| argo-cd.server.metrics.serviceMonitor.enabled | bool | `true` | | -| argo-cd.server.service.servicePortHttpsName | string | `"grpc"` | | -| argocd-apps.applications | list | `[]` | | -| argocd-apps.projects | list | `[]` | | -| argocd-image-updater.authScripts.enabled | bool | `true` | | -| argocd-image-updater.authScripts.scripts."ecr-login.sh" | string | `"#!/bin/sh\naws ecr --region $AWS_REGION get-authorization-token --output text --query 'authorizationData[].authorizationToken' | base64 -d\n"` | | -| argocd-image-updater.authScripts.scripts."ecr-public-login.sh" | string | `"#!/bin/sh\naws ecr-public --region us-east-1 get-authorization-token --output text --query 'authorizationData.authorizationToken' | base64 -d\n"` | | -| argocd-image-updater.config.argocd.plaintext | bool | `true` | | -| argocd-image-updater.enabled | bool | `false` | | -| argocd-image-updater.fullnameOverride | string | `"argocd-image-updater"` | | -| argocd-image-updater.metrics.enabled | bool | `false` | | -| argocd-image-updater.metrics.serviceMonitor.enabled | bool | `true` | | -| argocd-image-updater.sshConfig.config | string | `"Host *\n PubkeyAcceptedAlgorithms +ssh-rsa\n HostkeyAlgorithms +ssh-rsa\n"` | | -| istio.enabled | bool | `false` | Deploy Istio VirtualService to expose ArgoCD | -| istio.gateway | string | `"istio-ingress/ingressgateway"` | Name of the Istio gateway to add the VirtualService to | -| istio.ipBlocks | list | `[]` | | - -## Resources -- https://argoproj.github.io/argo-cd/operator-manual/metrics/ -- https://raw.githubusercontent.com/argoproj/argo-cd/master/examples/dashboard.json diff --git a/charts/kubezero-argocd/README.md.gotmpl b/charts/kubezero-argocd/README.md.gotmpl deleted file mode 100644 index 63b02508..00000000 --- a/charts/kubezero-argocd/README.md.gotmpl +++ /dev/null @@ -1,20 +0,0 @@ -{{ template "chart.header" . }} -{{ template "chart.deprecationWarning" . }} - -{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }} - -{{ template "chart.description" . }} - -{{ template "chart.homepageLine" . }} - -{{ template "chart.maintainersSection" . }} - -{{ template "chart.sourcesSection" . }} - -{{ template "chart.requirementsSection" . }} - -{{ template "chart.valuesSection" . }} - -## Resources -- https://argoproj.github.io/argo-cd/operator-manual/metrics/ -- https://raw.githubusercontent.com/argoproj/argo-cd/master/examples/dashboard.json diff --git a/charts/kubezero-argocd/dashboards.yaml b/charts/kubezero-argocd/dashboards.yaml deleted file mode 100644 index 86f759d8..00000000 --- a/charts/kubezero-argocd/dashboards.yaml +++ /dev/null @@ -1,9 +0,0 @@ -configmap: grafana-dashboards -gzip: true -condition: 'index .Values "argo-cd" "controller" "metrics" "enabled"' -folder: KubeZero -dashboards: -- name: ArgoCD - url: https://grafana.com/api/dashboards/14584/revisions/1/download - tags: - - ArgoCD diff --git a/charts/kubezero-argocd/templates/grafana-dashboards.yaml b/charts/kubezero-argocd/templates/grafana-dashboards.yaml deleted file mode 100644 index 26895285..00000000 --- a/charts/kubezero-argocd/templates/grafana-dashboards.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{- if index .Values "argo-cd" "controller" "metrics" "enabled" }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ printf "%s-%s" (include "kubezero-lib.fullname" $) "grafana-dashboards" | trunc 63 | trimSuffix "-" }} - namespace: {{ .Release.Namespace }} - labels: - grafana_dashboard: "1" - {{- include "kubezero-lib.labels" . | nindent 4 }} - annotations: - k8s-sidecar-target-directory: KubeZero -binaryData: - ArgoCD.json.gz: - H4sIAAAAAAAC/+2d63PbtpbAv+ev4OXt3LE7sivKsiV3JrPjJn3tpo0bJ72z22Q0EAlJrCmSJcHEqtf7ty8eJAWSIKkHZVH2yYckAijhdXDO7xyAwP0LTdNHI9v1IxLq32p/fOqIlAD/FdkB5mk0RdPu+d80jyx8TFN1H7nY0TtJsm2xxCmKpniZ6KI5f/bHbPJnHIS257Icnac9dNRlTAM0QS4qlJJPTsvJZ0glDU+7p93q4tRNCpA/Uxblz7Qjz7GON2iYsqQZRmSO/GJZP+UzVi7HQgSFXhSYOF+YH3hzTGY4CovlXSvypCKNDXsyJIgUC7vJpG7XgwTfKUp4n0ktlkD/FmKPXNejtaG5TO5FkbpjhySdBcuK0JxxZDvkZ/ZLRmeZKnW5uivpM9hFY4flkyDCUvrMthSptum5rzzHC9gPBtMxOup2tJ5h0L/OzzuacSz/dNLoq2VbtH9pVw4OSKYKSwkJZ2MPBZYe5z3wfz+9iLtex5ZNcrXVpy4mP7MeN/rnw75IYvPhvec5xPZpRpcn8lFxI8cRnwgOeI3YFy96ZxeDweBs0D/nvUf72b2VVBAfX4X6MT3HQX6I2S9PkBOmHVXf8frExo71ynMn9jQdX/FVPEGRwzXg/YPUSR4VloCOiahX0kHp701p3rUXZn9rlpOHL/Rzry8l3CXdE39esM+F3+ZddzFMPy/741OaRmzCx0V/S+v52cZflk1NhjfwvqjnUX1vlbaun29dTeMMdeN6F+nn7NiLrvez8zAefJdgl01H/R9/oGDq2XM0xZ+OZoT44bfffIM+01YFoXE6tcksGkchDuKvnJre/Jvom7Nu7+JyMOz+R/jSMLr/+vyyn5k8c4/PP32OglvL++LqhZr7TjS13d/zZmXZ7wFyQx8FopbyRE6HhCsp5ZiYyJzh9/YcexGRJk6T0p2miqnEdYqcKHUCmVH7P6MGLtSlB6TpwZ5Fvm+70+zYidYuv11aAhqHnhMRrHey+SHBfijp3OTPfe6z1AYqrRi7uR8S+h45EY57M5f70FmjgICqnIqfH3bzP575/Km0CyPX5gJtESsKYuPzQvHoxsooP13PctO1t9p0PestP9MpFdCG52VUMY3n6O41ldxrj36HZRndbt0Up/39SywgonOl+nErk+S6npvJ/DMKiT1ZJNkoIp6c7QU2nZWJAdJn9PPfVDkgR36IjnJk4reKmvH56ZhFudQdFJJfPfIr7Qp5pmTnA5+dIaeOTDpvYpgYM+XAc4WRs0wsLdPQ9TUV1Z+YZJuTaS2+87ngE6qQjo61E42O5RHFRhOH4YiyXEBGLGsUYqpjrfD+T2/88qPOtLJpnVDNS8X1hCqpwDbDj3qHcQlVjCZ++X8f9a/STx/1h+Nsh0y8YI5IUjD9dTpsYfaRRP5+QCbhk9PIZAd4wuFEv5Im0ovcoCyN5wefFVQ0nRxXQU+Dns7qaa51HlVBn6+moC/7bVPQFIMQKOidK2jTi1xyxP/WxgvtSOjeY+1I6OKR6dB+x8HIdifefYUe3kQRUyXJSTfjijWppOf4B6pD84LM0m9m9oQUM2Kt/ko0OgS9Dnq9pXp9uJpeH5yDXn9Kej3APkYF/SJSX9sBNtOO2sAWhNE8UftUNdSo/A6VaTIS5oLnxZaC5swwcsiMYT6JQp6XSaFPhAvXlPOlzxtCfWttyZXvO7YZ++ZgT8CetNOeGMZqBsXoDsCigKdAPQVqdLyln1BvMJ6Yj/CONj+0iZep9JPX6y+qNKTQEN28YqQTnBX1sqAxE4nWu4os0ZFGISPRsbqbm2dZLfsp14S7rNIRqbabry+YqgMwVf1VTVV37UXCgzUOVGa/vE9k9w0ai/XenNbMPvULCm5ZkKOwZyA1NBu6J61xRDw/3jTwj5cf9S0di2wf1dsfB0+xa/2QFqE/qnV6m7RcYZvEPiulcUKOjUK+XSS7nUEfo6AgTzWmLJy9we6U8C0N3Uw6DjfYf2Fh054jLtWZgta2iEtVsInWmtiOI481T/gxQJYtVu276+u3QV6/DWr128y2LOzeCIHN96XYILHc/SEkMVsPOtBT9yp8r95KhD5PFcrDjALF1oR459H3c58s1Fn/gwOvmCNMcr4MYZLzqYE9nZEb5f4mptEUqV7AJ11S5VzWaxyaCrXnEe7L5EtPtS97vjAUVJxwXofyxC+2RTL7eVRGiIkyd4oSiDc916XKUzLaakOF2KasVJWXVY5pSNUspNrBZHZuigvSU6fifVZbJu9RKK//i/SiMNLut3CAuVqfOJ60l06o27eZ6bbMLKs5Vcfmbb67GXj52HpDe71QgcOLfnHvKi3rUZ2mvNG6X/bAw8NGFkzG6T9Ws2zv8DSW99wXNgq0pbsK72WlgYLiJsCl3ujlZ/8osZ22a9mfbStCTtHTljYey5t+79CdnZu848i8FTIpN0V2y+RNBcuNmbmn1bovVVcK67VAd7hiKkg2tlsidbTMgGQlwWG0Wagdy/Cm36Gw4MbFqr/wuND9hWSplSqDfd/qehYmxKIoDdwWK4SRp7/Bn9NKZzbZFuIK0t7WjHI85K2t5yWrWgPF1la1ROSINuuUvcZ0rlpYbDDHc/vEoi7RSdFjZpvoqQZflDns+i92GNruNPs7fhT4TiFIQAeA/oTi8XE2xskfvolCnxnQXA29ALnTwsMf3FuX7TsVG72P+P7u5K/j8vCOCu3r8L4K8Sswf9U97uW4r2TwSg4vlchUKi9y/cgk0+jlEu+KkS0uoRel/VrF6HKQ4lxpoIsuowLj61G+HOcrkb6A9aovS2yvylYCfjnk14B+ucETOfQ7/46BOy8vlf5AtU9Q5ReU+gZFUVD5COV+QomvoPYXWIKGQu1vNhCZRz1lfCqegG+KTnC+0iUEXuM/VPkIFX5Cta9Q6y9U+gwZv6FYaoXzUOpAKKPfLXMkst9PImDcucjkHBeD7/VORp2jsYKzUeJwZOqWczpKHY/q6H+JE1LliFQ6I5UOSdYpEeCg3fDWZOVZ5ZlkvROVnis4KCs5KcXZrXZWShyWSqelynEpd15q9HnRiSk2oejMKKdllU9Q6RfkfINeIU/tH1T4CKV+gmJVZ2ftMHbdjtJ5uFALVon/U+kDZQsqcwdbB/9vI/J2ckO1dPbhBXYc78vjeQqsBvknlU0Dl2LHLkUhsRmf4gJ8CvApwKcAn+LxfArpuZZ5FFLNDt6fYJYbvAnwJsCb2KE3Uf66r7TGmJ+F9admPMkVmouyvXf9TZdoVnQlnrKrIPd65erD2ZaewvlBOAol2cp9RXtwE2I/QCD9Rl5AlcnapxPQUvg32gT/ha7fCfsHXuRaR7ZrBpjaXdkV4HTLBWkTh+Dhj6+SSf/p+FiQ/FdTWhrb8b8Nx2/A6Wm5T4PSr0xCuZkqMOD0PXB62Vam9eBX15tFX9WbLpsSvNTCE6PXnjY+kcWCZ4ah59tg6OWWGDo4e0TYLAs7r0ab+49KA24+51jzQeCmP6PfYqnfB4EX/O8PyHawtTGGdjT+e49Mo7zMhwcqfU8NTNlwRAGGAHKbwTR3PuUBcSmA5/px5XRZ59nHkwclh1kfdDi5TSFjo7dtzHjYKKwrMioDw0INqDKAtYG1D3FfhwqzA3YuskmxecQP3Nk+tAuR3UYA+l08LrZYA940xqvSUsDSe9uMYcBmjEOL1pooUB3RxJKvkWWJPdMKuWQPvGPRDUWhnRUOzmLfT+/T+ee4P5l0876T+OqNiYTKCP8qjGjyxAzP41lNlarvOYjgGx+b1BwWaIMaDOoRClI8PVeiT8XcDfmvRvNypcEM/VJlkzBRCRvQbiW7DrZi12E5u8bXXBWIP4ndfpfquKLZnlFAdBgkvoqlqnjYD3dCuiuRr3r2PKyCahKHPeRwh109hf+7qhU7gA8hBRVn+hUZw6kO1OXvKdti62d3BfJwcEPIUYMVa5PDNQ54p7gmXhkeSt0UmvOTHRKPWvx5neTFv/+67KiHhB5UA6XfXSnV/CoSfydE99doPubUXuip+IEb+28VUugLddEVS2S1hrXccpbazXJVWzE8vmOTVGwrjc5C9MF3sYHKn126fKK8GxeFbjzElc82RUx651tGTIbdvUZMDmgrHbxxA2/ctDwyczsM+QW3LOxStw66YliGPjPuaAEWanF0S538lr1Cw2r48KDd32cqefDRnP8ahtrV9c+wVQ+iOBDFgT13uyDPwTaHS50ZW5Ln5cXeybMOLTdeyVPG0DdFy9bTYcNUCORXTX5fvOCWMh612Rb2yayC8dj/WSJjw9OvM+e3PvIqGyvy4JHs30nHa69ZxwORPTMi28tOtD03A3isHe9ADLY6tWd7WBu2BdbKX3JYi9bKdRXgFuCW4mib22iMTeKM8B02R+w4M9udVl0oxknL9OZztF3EbAPYiks9eN66Fr2sxV2vBZELzAUvrO74hdVDbWGrXhp45VGr4TkODuDVAQZgw7KjaHrw7kAz+696255MedZ/du8OPL3F6uIVVe1aqT5/ZgA99UZzPGcHHIajGUb+CDmOZ47GC4LD+z+98cuPuuDrE6pgAtsM46ilGqofP2apul7q8ED6Fzz3goX2IURTDK8D7DlsyWUfFpJhIRnATcQmz7Y+Unx46HsYHxf7WDMB+QD5doN8doAIPvIDz8RhODL9iFIZHSMrjLckrk19fxjzT8eAfpuh36vrD8B97QidGhsfqQJMCEz4rJiw392SCS96rUHCja+SgVjgkz1K5BmGAade4EWEjTbE/R4L/n5M+xzoD14fAcLb3yL4e+xgpukWz30h/FK9ED4cwjp4Q+vgg223enb3e7vKXk6sBvqFnaJN7RSNX6ceId8epe8ke+M/sUnCdV/Iju8v5FmPHAMVhT6BU/HECGhvxQhor9ihhcDDwMPAwxDxbM9tef1tsa3X6kvxgOqA6g6P6jSthusA6B4d6NihOAnUAc0BzQHNAc09ufXr4UULXkYBWgNaO/RjERNoo4qOtr6pUxGB37bYkSj6VfuejwgAHAAcANx+lqfjiQgvaHOrpV6YHnRhYTrt1eE2B0Zuuy49XDHAueE1y5sgbzzPVVkrcSnPBDB9lmA6tUnurO70E1XALz/qTngS4LlHGJZqVW/HdOcJlqbp8LrMpjsmbaK9E+MQakfpEBzDuUPAp8CnEGDcB0wpT3Tcmqb6QFNAU8+HpiaYmDMgqX2RlDnD5q0XEQCpdoNU0ycYAkbBVbTtuYq2dTfObhVQM873euOsYfTXuXK2ms72f7msTBBWFPCbUNOTS+K7ZjdgigbvoD3sO2YZD/zAOmyn18tWSxncH6s9t/tjwQA+DQOoDILs3QJePHMLuOoaBVhByQq+CU/e8U4DSwiWEG5S321EffX35rc9hnRgQES9qYg6nOnZrpD76se4B9j3TsRO1RYd6eR71tM5xD0/KyCIDke4QxgddiPs8Qj3ba+XHMDezjbvRgBs2hibyo69BE5q36GXgEmwaRMwabuXit5RvabdcL0GLxbxNQpD/WLRxcWTe7Fod8G54WWpVhKdCbG3XcfeAAJ3HjsTONjCE9EhfAZceMjhsyZvCgcsfLLRs0p+udyGXy4H1fxydgH8srv4F6BL8/ErYBUIYUEIC0JYwCpPjVWM7kUNrAzbCiubng8IsZYnBCxmYfNyDblof0XIJbbDNjQb1RuZm0OZ3nNBmVfae/qg9lvcxw0STReIBogGiKaOaKgKJMLa6v+kf7Tpu+tXfIXONnH47Rrv6vS2ooqKd3U4VZz3V7GgyRSbo+DW8r64ulrr5JID5FINXnLccaoFCL4j+iECYsXbEQ3B4+rvJBs1ka5+tzUXM5dkx/cy7+BU7PXINTkWWxDsRodiV9mUfZ6JraFQ+5t1M1Bv4y/zTQPfHAnGHc2QaznYik/Eqabg9HvULLDHfN+xTY7Rp1fL/8d2ozLeV3zbj/+2SQWgo/H/Mi3mWY98tE5aiYeHTvxJ1OPwb0QpjE968g4crA24DbgNAcRdMaD6tfxaCOwBBK4XvgSSA5LbkOTie0xO4+P+geBaSHDZsQF6A3oDegN6208Er1ez/NvvA7wBvAG8PQq8+YH3JzbJ6bX4F+CthfCWHZuN4Q0WuoHdgN2A3baKvNXC28XzgjeAM4CzncEZO8MjtCkCLU7fpf8FRFsN0aqHjR98nO6SDWxim4VNEEv9WpzD8TQsy/N8TkMKs5pYLdo9E9LUubBbAmZBuIAxgTGBMYEx9xIfPKvZyNkfAmICYgJiNoKYIQ5DtgXvRvwLcNnC+F92bIDNgM2AzYDN9hP/q4WzS4AzgDOAs0bgjN3LxODsd/EvwFkL4Sw7NgBnAGcAZwBnewmc9fs1b0B3gc2AzYDNmnl/1TS9yCWnV+JfYLMWsll2bIDNgM2AzYDN9hM4q4OzSwicAZwBnDW1qkmI7U7D05v4P4BnrVzXzAwO8BnwGfDZnq7V2umNWnK/tPkmrZ76Ji1jaRxbfJXWaifz7ekC18st7281jB6cCV3DsI9xUes6INt7ziArQHVEAcUO6d8cbGKSXYdAJ8imCHx84KCXgB1rEq0EVfKAeIB4gHiPfXMq1UX1hPci/jJTMUxjsNyzrviKHpozPEfxngd2VUNXJJOFKMNCwa14khqJpUTqV1Qdvnqtp79N8Nx3EPP+0k6gli0kkgxLNLe03fdZy+CIuw2U6psdtlwRAOTTKveAKpBJsTQ0A5sbzsL469QocUc+lzwTp3nIgEktgxNZ+MpRgEGJvOpzqiltxeOxGpH5T+bl1MjLylqnKjhgKMaOfCj2iDTaRiZ1iu9yB17r4a3tfwicm4VrKiqXSJRUuTxWS0OLHOf3ZCROv5ZLkQY9Mxz14V3mSdiuHY+Y6NyRUKNHt9EYj3zPGtnuxJNuYjjWdzzkWc2+6Yin9V1jwDNzJpWCtXtFho5lt5+kz578jgKbhaVPfuNlKCdTjZSdfi24KSsJ1fJW5ACme7hQhb8lrdWzuSUZseSKPpIyohC/F+pMhnalOEekGCPnqSO+FJmqTDknvkPSmJeI/9o6j9dCre2+Go14mQlopv/ZqfIrkfZEqtM6qIX6RRkKyL2hcsPKumPNDskBSXkdlHcZxpXIjG62CjSr2bLOy8s6b7oso1vRsG7TpZ1VlHbWeGnGrLxps4bL6pWX1Wu6rH55Wf2myxqWlzXMlvVCgcpLe2XMO+fzDpWoDh3njjHr9Gad/qyT+XnJvPTW5pX8vK+jlfWUdfFSkLh/VBZd7qRl/qHR6TTwIp8R/m60urrjarquEZHmDawqtOHy4jPaSotM8lefTGnP8OXQTrGAFeeMGYXEm7eJ7+O4W3wmccyzYrn4QBA/rnqzgL9it5Qwfvy1Jgh/ba432sH1q4jxuqr/Kh+ez0Cp4zyexm9GcmcYOWQ2Cgki2fnaoNbP91lVrzWifH/ijVqUFprkN1sqnXzTgL32nTGfhcBV+kyzpd9Eoc/WZKzSspdPNFvyL3Z1m5P8Zkt9jacBqmpu+kCz5X5wb938HXNysUn+6oY9lsaOJBuddKw6ce91kuZ0ihV4XMP/3DVmSHv5ielLJjhVikNkN1vm24i8nXCJLSt2+UTbZ7DooE5a4cbmKP+XLSE+iBUYm4tgvPYyEYu/Oi3pJI166DyWydL0zNd827zlq/Xxl2PkSyNnsuDq59Jik9GVPpzJH6TomBy90g35gxz8kWMzcuxEN2Lh+pS0gW3ILE6o8lLkH76Qf1gupdeXPyzFXR9Ycn2TumS672/PXQYQpJdVxBIZT4z4phf9r+vb6Y8/TQfxktrndNmNQ3FOr+lvJxPbtJGjiV/SXqNwNvZQYLENy95E+8/IxVqv2zP0Fw//D4RhmGe/kgEA -{{- end }} diff --git a/charts/kubezero-argocd/templates/istio-authorization-policy.yaml b/charts/kubezero-argocd/templates/istio-authorization-policy.yaml deleted file mode 100644 index cb313733..00000000 --- a/charts/kubezero-argocd/templates/istio-authorization-policy.yaml +++ /dev/null @@ -1,28 +0,0 @@ -{{- if .Values.istio.enabled }} -{{- if .Values.istio.ipBlocks }} -apiVersion: security.istio.io/v1beta1 -kind: AuthorizationPolicy -metadata: - name: argocd-deny-not-in-ipblocks - namespace: istio-system - labels: - {{- include "kubezero-lib.labels" . | nindent 4 }} -spec: - selector: - matchLabels: - app: istio-ingressgateway - action: DENY - rules: - - from: - - source: - notIpBlocks: - {{- toYaml .Values.istio.ipBlocks | nindent 8 }} - to: - - operation: - hosts: [{{ index .Values "argo-cd" "configs" "cm" "url" | quote }}] - when: - - key: connection.sni - values: - - '*' -{{- end }} -{{- end }} diff --git a/charts/kubezero-argocd/templates/istio-service.yaml b/charts/kubezero-argocd/templates/istio-service.yaml deleted file mode 100644 index e3ed7b00..00000000 --- a/charts/kubezero-argocd/templates/istio-service.yaml +++ /dev/null @@ -1,31 +0,0 @@ -{{- if .Values.istio.enabled }} -apiVersion: networking.istio.io/v1alpha3 -kind: VirtualService -metadata: - name: argocd-server - namespace: {{ $.Release.Namespace }} - labels: - {{- include "kubezero-lib.labels" . | nindent 4 }} -spec: - gateways: - - {{ .Values.istio.gateway }} - hosts: - - {{ get (urlParse (index .Values "argo-cd" "configs" "cm" "url")) "host" }} - http: - - name: grpc - match: - - headers: - user-agent: - prefix: argocd-client - route: - - destination: - host: argocd-server - port: - number: 443 - - name: http - route: - - destination: - host: argocd-server - port: - number: 80 -{{- end }} diff --git a/charts/kubezero-argocd/update.sh b/charts/kubezero-argocd/update.sh deleted file mode 100755 index 1235492b..00000000 --- a/charts/kubezero-argocd/update.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/bash - -. ../../scripts/lib-update.sh - -update_helm - -# Create ZDT dashboard configmap -../kubezero-metrics/sync_grafana_dashboards.py dashboards.yaml templates/grafana-dashboards.yaml - -update_docs diff --git a/charts/kubezero-argocd/values.yaml b/charts/kubezero-argocd/values.yaml deleted file mode 100644 index 625453de..00000000 --- a/charts/kubezero-argocd/values.yaml +++ /dev/null @@ -1,162 +0,0 @@ -# Support for Istio Ingress for ArgoCD -istio: - # istio.enabled -- Deploy Istio VirtualService to expose ArgoCD - enabled: false - # istio.gateway -- Name of the Istio gateway to add the VirtualService to - gateway: istio-ingress/ingressgateway - ipBlocks: [] - -argocd-apps: - projects: [] - applications: [] - -argo-cd: - #configs: - # secret: - # `htpasswd -nbBC 10 "" $ARGO_PWD | tr -d ':\n' | sed 's/$2y/$2a/'` - # argocdServerAdminPassword: "$2a$10$ivKzaXVxMqdeDSfS3nqi1Od3iDbnL7oXrixzDfZFRHlXHnAG6LydG" - # argocdServerAdminPasswordMtime: "2020-04-24T15:33:09BST" - - global: - logging: - format: json - # image: - # tag: v2.1.6 - - configs: - styles: | - .sidebar__logo img { content: url(https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png); } - .sidebar__logo__text-logo { height: 0em; } - .sidebar { background: linear-gradient(to bottom, #6A4D79, #493558, #2D1B30, #0D0711); } - - cm: - ui.bannercontent: "KubeZero v1.27 - Release notes" - ui.bannerurl: "https://kubezero.com/releases/v1.27" - ui.bannerpermanent: "true" - ui.bannerposition: "bottom" - - # argo-cd.server.config.url -- ArgoCD URL being exposed via Istio - url: https://argocd.example.com - - timeout.reconciliation: 300 - - resource.customizations: | - cert-manager.io/Certificate: - # Lua script for customizing the health status assessment - health.lua: | - hs = {} - if obj.status ~= nil then - if obj.status.conditions ~= nil then - for i, condition in ipairs(obj.status.conditions) do - if condition.type == "Ready" and condition.status == "False" then - hs.status = "Degraded" - hs.message = condition.message - return hs - end - if condition.type == "Ready" and condition.status == "True" then - hs.status = "Healthy" - hs.message = condition.message - return hs - end - end - end - end - hs.status = "Progressing" - hs.message = "Waiting for certificate" - return hs - - secret: - createSecret: false - - knownHosts: - data: - ssh_known_hosts: | - bitbucket.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPIQmuzMBuKdWeF4+a2sjSSpBK0iqitSQ+5BM9KhpexuGt20JpTVM7u5BDZngncgrqDMbWdxMWWOGtZ9UgbqgZE= - bitbucket.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIazEu89wgQZ4bqs3d63QSMzYVa0MuJ2e2gKTKqu+UUO - bitbucket.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDQeJzhupRu0u0cdegZIa8e86EG2qOCsIsD1Xw0xSeiPDlCr7kq97NLmMbpKTX6Esc30NuoqEEHCuc7yWtwp8dI76EEEB1VqY9QJq6vk+aySyboD5QF61I/1WeTwu+deCbgKMGbUijeXhtfbxSxm6JwGrXrhBdofTsbKRUsrN1WoNgUa8uqN1Vx6WAJw1JHPhglEGGHea6QICwJOAr/6mrui/oB7pkaWKHj3z7d1IC4KWLtY47elvjbaTlkN04Kc/5LFEirorGYVbt15kAUlqGM65pk6ZBxtaO3+30LVlORZkxOh+LKL/BvbZ/iRNhItLqNyieoQj/uh/7Iv4uyH/cV/0b4WDSd3DptigWq84lJubb9t/DnZlrJazxyDCulTmKdOR7vs9gMTo+uoIrPSb8ScTtvw65+odKAlBj59dhnVp9zd7QUojOpXlL62Aw56U4oO+FALuevvMjiWeavKhJqlR7i5n9srYcrNV7ttmDw7kf/97P5zauIhxcjX+xHv4M= - github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg= - github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl - github.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ== - gitlab.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFSMqzJeV9rUzU4kWitGjeR4PWSa29SPqJ1fVkhtj3Hw9xjLVXVYrU9QlYWrOLXBpQ6KWjbjTDTdDkoohFzgbEY= - gitlab.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAfuCHKVTjquxvt6CM6tdG4SLp1Btn/nOeHHE5UOzRdf - gitlab.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bNKTBSpIYDEGk9KxsGh3mySTRgMtXL583qmBpzeQ+jqCMRgBqB98u3z++J1sKlXHWfM9dyhSevkMwSbhoR8XIq/U0tCNyokEi/ueaBMCvbcTHhO7FcwzY92WK4Yt0aGROY5qX2UKSeOvuP4D6TPqKF1onrSzH9bx9XUf2lEdWT/ia1NEKjunUqu1xOB/StKDHMoX4/OKyIzuS0q/T1zOATthvasJFoPrAjkohTyaDUz2LN5JoH839hViyEG82yB+MjcFV5MU3N1l1QL3cVUCh93xSaua1N85qivl+siMkPGbO5xR/En4iEY6K2XPASUEMaieWVNTRCtJ4S8H+9 - git.zero-downtime.net ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC8YdJ4YcOK7A0K7qOWsRjCS+wHTStXRcwBe7gjG43HPSNijiCKoGf/c+tfNsRhyouawg7Law6M6ahmS/jKWBpznRIM+OdOFVSuhnK/nr6h6wG3/ZfdLicyAPvx1/STGY/Fc6/zXA88i/9PV+g84gSVmhf3fGY92wokiASiu9DU4T9dT1gIkdyOX6fbMi1/mMKLSrHnAQcjyasYDvw9ISCJ95EoSwbj7O4c+7jo9fxYvdCfZZZAEZGozTRLAAO0AnjVcRah7bZV/jfHJuhOipV/TB7UVAhlVv1dfGV7hoTp9UKtKZFJF4cjIrSGxqQA/mdhSdLgkepK7yc4Jp2xGnaarhY29DfqsQqop+ugFpTbj7Xy5Rco07mXc6XssbAZhI1xtCOX20N4PufBuYippCK5AE6AiAyVtJmvfGQk4HP+TjOyhFo7PZm3wc9Hym7IBBVC0Sl30K8ddufkAgHwNGvvu1ZmD9ZWaMOXJDHBCZGMMr16QREZwVtZTwMEQalc7/yqmuqMhmcJIfs/GA2Lt91y+pq9C8XyeUL0VFPch0vkcLSRe3ghMZpRFJ/ht307xPcLzgTJqN6oQtNNDzSQglSEjwhge2K4GyWcIh+oGsWxWz5dHyk1iJmw90Y976BZIl/mYVgbTtZAJ81oGe/0k5rAe+LDL+Yq6tG28QFOg0QmiQ== - - params: - controller.status.processors: "10" - controller.operation.processors: "5" - - server.insecure: true - server.enable.gzip: true - - controller: - metrics: - enabled: false - serviceMonitor: - enabled: true - - resources: - limits: - # cpu: 500m - memory: 2048Mi - requests: - cpu: 100m - memory: 512Mi - - repoServer: - metrics: - enabled: false - serviceMonitor: - enabled: true - - server: - # Rename former https port to grpc, works with istio + insecure - service: - servicePortHttpsName: grpc - metrics: - enabled: false - serviceMonitor: - enabled: true - - # redis: - # We might want to try to keep redis close to the controller - # affinity: - - dex: - enabled: false - - applicationSet: - enabled: false - - notifications: - enabled: false - -argocd-image-updater: - enabled: false - - # Unify all ArgoCD pieces under the same argocd namespace - fullnameOverride: argocd-image-updater - - config: - argocd: - plaintext: true - - metrics: - enabled: false - serviceMonitor: - enabled: true - - authScripts: - enabled: true - scripts: - ecr-login.sh: | - #!/bin/sh - aws ecr --region $AWS_REGION get-authorization-token --output text --query 'authorizationData[].authorizationToken' | base64 -d - ecr-public-login.sh: | - #!/bin/sh - aws ecr-public --region us-east-1 get-authorization-token --output text --query 'authorizationData.authorizationToken' | base64 -d - sshConfig: - config: | - Host * - PubkeyAcceptedAlgorithms +ssh-rsa - HostkeyAlgorithms +ssh-rsa diff --git a/charts/kubezero-network/README.md b/charts/kubezero-network/README.md index 8ff8d632..1e5fbb6a 100644 --- a/charts/kubezero-network/README.md +++ b/charts/kubezero-network/README.md @@ -1,6 +1,6 @@ # kubezero-network -![Version: 0.5.0](https://img.shields.io/badge/Version-0.5.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) +![Version: 0.5.1](https://img.shields.io/badge/Version-0.5.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) KubeZero umbrella chart for all things network @@ -19,8 +19,8 @@ Kubernetes: `>= 1.26.0` | Repository | Name | Version | |------------|------|---------| | https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.6 | -| https://helm.cilium.io/ | cilium | 1.15.2 | -| https://metallb.github.io/metallb | metallb | 0.14.3 | +| https://helm.cilium.io/ | cilium | 1.15.3 | +| https://metallb.github.io/metallb | metallb | 0.14.4 | ## Values diff --git a/charts/kubezero-storage/crds/k8up.yaml b/charts/kubezero-storage/templates/k8up/crds.yaml similarity index 99% rename from charts/kubezero-storage/crds/k8up.yaml rename to charts/kubezero-storage/templates/k8up/crds.yaml index c2d5c55f..3e91e92a 100644 --- a/charts/kubezero-storage/crds/k8up.yaml +++ b/charts/kubezero-storage/templates/k8up/crds.yaml @@ -1,3 +1,4 @@ +{{- if .Values.k8up.enabled }} --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition @@ -14420,3 +14421,4 @@ spec: storage: true subresources: status: {} +{{- end }} diff --git a/charts/kubezero-storage/templates/snapshot-controller/rbac-snapshot-controller.yaml b/charts/kubezero-storage/templates/snapshot-controller/rbac-snapshot-controller.yaml deleted file mode 100644 index 336c7100..00000000 --- a/charts/kubezero-storage/templates/snapshot-controller/rbac-snapshot-controller.yaml +++ /dev/null @@ -1,103 +0,0 @@ -# RBAC file for the snapshot controller. -# -# The snapshot controller implements the control loop for CSI snapshot functionality. -# It should be installed as part of the base Kubernetes distribution in an appropriate -# namespace for components implementing base system functionality. For installing with -# Vanilla Kubernetes, kube-system makes sense for the namespace. - ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: snapshot-controller - namespace: kube-system - ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: snapshot-controller-runner -rules: - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["persistentvolumeclaims"] - verbs: ["get", "list", "watch", "update"] - - apiGroups: [""] - resources: ["events"] - verbs: ["list", "watch", "create", "update", "patch"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotcontents"] - verbs: ["create", "get", "list", "watch", "update", "delete", "patch"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotcontents/status"] - verbs: ["patch"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshots"] - verbs: ["get", "list", "watch", "update", "patch", "delete"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshots/status"] - verbs: ["update", "patch"] - - - apiGroups: ["groupsnapshot.storage.k8s.io"] - resources: ["volumegroupsnapshotclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: ["groupsnapshot.storage.k8s.io"] - resources: ["volumegroupsnapshotcontents"] - verbs: ["create", "get", "list", "watch", "update", "delete", "patch"] - - apiGroups: ["groupsnapshot.storage.k8s.io"] - resources: ["volumegroupsnapshotcontents/status"] - verbs: ["patch"] - - apiGroups: ["groupsnapshot.storage.k8s.io"] - resources: ["volumegroupsnapshots"] - verbs: ["get", "list", "watch", "update", "patch"] - - apiGroups: ["groupsnapshot.storage.k8s.io"] - resources: ["volumegroupsnapshots/status"] - verbs: ["update", "patch"] - - # Enable this RBAC rule only when using distributed snapshotting, i.e. when the enable-distributed-snapshotting flag is set to true - # - apiGroups: [""] - # resources: ["nodes"] - # verbs: ["get", "list", "watch"] ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: snapshot-controller-role -subjects: - - kind: ServiceAccount - name: snapshot-controller - namespace: kube-system -roleRef: - kind: ClusterRole - name: snapshot-controller-runner - apiGroup: rbac.authorization.k8s.io - ---- -kind: Role -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: snapshot-controller-leaderelection - namespace: kube-system -rules: -- apiGroups: ["coordination.k8s.io"] - resources: ["leases"] - verbs: ["get", "watch", "list", "delete", "update", "create"] - ---- -kind: RoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: snapshot-controller-leaderelection - namespace: kube-system -subjects: - - kind: ServiceAccount - name: snapshot-controller -roleRef: - kind: Role - name: snapshot-controller-leaderelection - apiGroup: rbac.authorization.k8s.io diff --git a/charts/kubezero-storage/templates/snapshot-controller/rbac.yaml b/charts/kubezero-storage/templates/snapshot-controller/rbac.yaml index ed5d067e..4305413c 100644 --- a/charts/kubezero-storage/templates/snapshot-controller/rbac.yaml +++ b/charts/kubezero-storage/templates/snapshot-controller/rbac.yaml @@ -6,6 +6,7 @@ # namespace for components implementing base system functionality. For installing with # Vanilla Kubernetes, kube-system makes sense for the namespace. +--- apiVersion: v1 kind: ServiceAccount metadata: @@ -16,7 +17,6 @@ metadata: kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: - # rename if there are conflicts name: snapshot-controller-runner rules: - apiGroups: [""] @@ -39,15 +39,31 @@ rules: verbs: ["patch"] - apiGroups: ["snapshot.storage.k8s.io"] resources: ["volumesnapshots"] - verbs: ["get", "list", "watch", "update", "patch"] + verbs: ["get", "list", "watch", "update", "patch", "delete"] - apiGroups: ["snapshot.storage.k8s.io"] resources: ["volumesnapshots/status"] verbs: ["update", "patch"] + + - apiGroups: ["groupsnapshot.storage.k8s.io"] + resources: ["volumegroupsnapshotclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["groupsnapshot.storage.k8s.io"] + resources: ["volumegroupsnapshotcontents"] + verbs: ["create", "get", "list", "watch", "update", "delete", "patch"] + - apiGroups: ["groupsnapshot.storage.k8s.io"] + resources: ["volumegroupsnapshotcontents/status"] + verbs: ["patch"] + - apiGroups: ["groupsnapshot.storage.k8s.io"] + resources: ["volumegroupsnapshots"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: ["groupsnapshot.storage.k8s.io"] + resources: ["volumegroupsnapshots/status"] + verbs: ["update", "patch"] + # Enable this RBAC rule only when using distributed snapshotting, i.e. when the enable-distributed-snapshotting flag is set to true # - apiGroups: [""] # resources: ["nodes"] # verbs: ["get", "list", "watch"] - --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 @@ -59,7 +75,6 @@ subjects: namespace: kube-system roleRef: kind: ClusterRole - # change the name also here if the ClusterRole gets renamed name: snapshot-controller-runner apiGroup: rbac.authorization.k8s.io @@ -67,8 +82,8 @@ roleRef: kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: - namespace: kube-system name: snapshot-controller-leaderelection + namespace: kube-system rules: - apiGroups: ["coordination.k8s.io"] resources: ["leases"] @@ -83,7 +98,6 @@ metadata: subjects: - kind: ServiceAccount name: snapshot-controller - namespace: kube-system roleRef: kind: Role name: snapshot-controller-leaderelection diff --git a/charts/kubezero-storage/update.sh b/charts/kubezero-storage/update.sh index 48a2d0cc..4b92ffd9 100755 --- a/charts/kubezero-storage/update.sh +++ b/charts/kubezero-storage/update.sh @@ -15,7 +15,12 @@ patch_chart lvm-localpv patch_chart gemini # snapshotter -# https://raw.githubusercontent.com/kubernetes-csi/external-snapshotter/master/deploy/kubernetes/snapshot-controller/rbac-snapshot-controller.yaml +_f="templates/snapshot-controller/rbac.yaml" +echo "{{- if .Values.snapshotController.enabled }}" > $_f +curl -L -s https://raw.githubusercontent.com/kubernetes-csi/external-snapshotter/master/deploy/kubernetes/snapshot-controller/rbac-snapshot-controller.yaml >> $_f +echo "{{- end }}" >> $_f + +# our controller.yaml is based on: # https://raw.githubusercontent.com/kubernetes-csi/external-snapshotter/master/deploy/kubernetes/snapshot-controller/setup-snapshot-controller.yaml for crd in volumesnapshotclasses volumesnapshotcontents volumesnapshots; do @@ -28,7 +33,11 @@ done # k8up - CRDs VERSION=$(yq eval '.dependencies[] | select(.name=="k8up") | .version' Chart.yaml) -curl -L -s -o crds/k8up.yaml https://github.com/k8up-io/k8up/releases/download/k8up-${VERSION}/k8up-crd.yaml + +_f="templates/k8up/crds.yaml" +echo "{{- if .Values.k8up.enabled }}" > $_f +curl -L -s https://github.com/k8up-io/k8up/releases/download/k8up-${VERSION}/k8up-crd.yaml >> $_f +echo "{{- end }}" >> $_f # Metrics cd jsonnet diff --git a/charts/kubezero/templates/argo.yaml b/charts/kubezero/templates/argo.yaml index 8ea8c8b8..d0c76a35 100644 --- a/charts/kubezero/templates/argo.yaml +++ b/charts/kubezero/templates/argo.yaml @@ -25,6 +25,7 @@ argo-cd: {{- end }} argocd-apps: + enabled: {{ default "false" (index .Values "argo" "argo-cd" "enabled") }} projects: kubezero: namespace: argocd diff --git a/charts/kubezero/templates/argocd.yaml b/charts/kubezero/templates/argocd.yaml deleted file mode 100644 index 705fb9ec..00000000 --- a/charts/kubezero/templates/argocd.yaml +++ /dev/null @@ -1,104 +0,0 @@ -{{- define "argocd-values" }} - -argo-cd: - {{- with index .Values "argocd" "configs" }} - configs: - {{- toYaml . | nindent 4 }} - {{- end }} - - controller: - metrics: - enabled: {{ .Values.metrics.enabled }} - repoServer: - metrics: - enabled: {{ .Values.metrics.enabled }} - server: - metrics: - enabled: {{ .Values.metrics.enabled }} - -argocd-apps: - projects: - - name: kubezero - namespace: argocd - description: KubeZero - ZeroDownTime Kubernetes Platform - sourceRepos: - - {{ .Values.kubezero.repoURL }} - {{- with .Values.kubezero.gitSync.repoURL }} - - {{ . }} - {{- end }} - destinations: - - namespace: '*' - server: https://kubernetes.default.svc - clusterResourceWhitelist: - - group: '*' - kind: '*' - applications: - - name: kubezero-git-sync - namespace: argocd - project: kubezero - source: - repoURL: {{ .Values.kubezero.gitSync.repoURL }} - targetRevision: {{ .Values.kubezero.gitSync.targetRevision }} - path: {{ .Values.kubezero.gitSync.path }} - - directory: - recurse: true - - destination: - server: https://kubernetes.default.svc - namespace: argocd - - {{- with .Values.kubezero.syncPolicy }} - syncPolicy: - {{- toYaml . | nindent 8 }} - {{- end }} - -argocd-image-updater: - enabled: {{ default "false" (index .Values "argocd" "argocd-image-updater" "enabled") }} - - {{- with omit (index .Values "argocd" "argocd-image-updater") "enabled" }} - {{- toYaml . | nindent 2 }} - {{- end }} - - {{- if .Values.global.aws }} - extraEnv: - - name: AWS_ROLE_ARN - value: "arn:aws:iam::{{ .Values.global.aws.accountId }}:role/{{ .Values.global.aws.region }}.{{ .Values.global.clusterName }}.argocd-image-updater" - - name: AWS_WEB_IDENTITY_TOKEN_FILE - value: "/var/run/secrets/sts.amazonaws.com/serviceaccount/token" - - name: AWS_STS_REGIONAL_ENDPOINTS - value: "regional" - - name: METADATA_TRIES - value: "0" - - name: AWS_REGION - value: {{ .Values.global.aws.region }} - volumes: - - name: aws-token - projected: - sources: - - serviceAccountToken: - path: token - expirationSeconds: 86400 - audience: "sts.amazonaws.com" - volumeMounts: - - name: aws-token - mountPath: "/var/run/secrets/sts.amazonaws.com/serviceaccount/" - readOnly: true - {{- end }} - - metrics: - enabled: {{ .Values.metrics.enabled }} - -{{- if and ( index .Values "argocd" "istio" "enabled" ) .Values.istio.enabled }} -istio: - {{- with index .Values "argocd" "istio" }} - {{- toYaml . | nindent 2 }} - {{- end }} -{{- end }} - -{{- end }} - -{{- define "argocd-argo" }} -{{- end }} - -{{ include "kubezero-app.app" . }} diff --git a/charts/kubezero/templates/network.yaml b/charts/kubezero/templates/network.yaml index c172f26b..77002f02 100644 --- a/charts/kubezero/templates/network.yaml +++ b/charts/kubezero/templates/network.yaml @@ -37,6 +37,12 @@ metallb: {{- define "network-argo" }} + # Metallb + ignoreDifferences: + - group: apiextensions.k8s.io + kind: CustomResourceDefinition + jsonPointers: + - /spec/conversion/webhook/clientConfig/caBundle {{- end }} {{ include "kubezero-app.app" . }} diff --git a/charts/kubezero/values.yaml b/charts/kubezero/values.yaml index a474e021..44205976 100644 --- a/charts/kubezero/values.yaml +++ b/charts/kubezero/values.yaml @@ -30,18 +30,18 @@ addons: network: enabled: true retain: true - targetRevision: 0.5.0 + targetRevision: 0.5.1 cilium: cluster: {} cert-manager: enabled: false namespace: cert-manager - targetRevision: 0.9.6 + targetRevision: 0.9.7 storage: enabled: false - targetRevision: 0.8.5 + targetRevision: 0.8.6 lvm-localpv: enabled: false aws-ebs-csi-driver: @@ -110,11 +110,13 @@ logging: namespace: logging targetRevision: 0.8.10 -argocd: +argo: enabled: false namespace: argocd - targetRevision: 0.13.3 + targetRevision: 0.2.0 + argo-cd: + enabled: false + istio: + enabled: false argocd-image-updater: enabled: false - istio: - enabled: false diff --git a/docs/v1.28.md b/docs/v1.28.md index 8db7fed6..4e9ddf5b 100644 --- a/docs/v1.28.md +++ b/docs/v1.28.md @@ -4,6 +4,7 @@ - all KubeZero and support AMIs based on Alpine 3.19.1 - further reduced boot time, eg. less than 30s for a bastion on EC2 - sub-second timestamps for all system logs +- enabled TransparentHugePages incl. save settings for Golang ## Fixes