feat: various fixes and version bumps for >= 1.22.8

This commit is contained in:
Stefan Reimer 2022-04-08 17:11:34 +02:00
parent dd0ef79dee
commit 8b18ec3920
22 changed files with 95 additions and 95 deletions

View File

@ -1,7 +1,7 @@
apiVersion: v2
description: KubeZero ArgoCD Helm chart to install ArgoCD itself and the KubeZero ArgoCD Application
name: kubezero-argocd
version: 0.9.5
version: 0.9.6
home: https://kubezero.com
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
keywords:
@ -16,6 +16,6 @@ dependencies:
version: ">= 0.1.4"
repository: https://cdn.zero-downtime.net/charts/
- name: argo-cd
version: 3.32.1
version: 3.33.8
repository: https://argoproj.github.io/argo-helm
kubeVersion: ">= 1.20.0"

View File

@ -2,7 +2,7 @@ apiVersion: v2
name: kubezero-cert-manager
description: KubeZero Umbrella Chart for cert-manager
type: application
version: 0.8.0
version: 0.8.2
appVersion: 1.6.1
home: https://kubezero.com
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png

View File

@ -1,6 +1,6 @@
# kubezero-cert-manager
![Version: 0.8.0](https://img.shields.io/badge/Version-0.8.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.6.1](https://img.shields.io/badge/AppVersion-1.6.1-informational?style=flat-square)
![Version: 0.8.1](https://img.shields.io/badge/Version-0.8.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.6.1](https://img.shields.io/badge/AppVersion-1.6.1-informational?style=flat-square)
KubeZero Umbrella Chart for cert-manager

View File

@ -1,3 +1,4 @@
{{- if index .Values "cert-manager" "prometheus" "servicemonitor" "enabled" }}
apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
@ -50,4 +51,4 @@ spec:
for: 5m
labels:
severity: critical
{{- end }}

View File

@ -2,7 +2,7 @@ apiVersion: v2
name: kubezero-ci
description: KubeZero umbrella chart for all things CI
type: application
version: 0.4.26
version: 0.4.44
home: https://kubezero.com
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
keywords:
@ -18,19 +18,19 @@ dependencies:
version: ">= 0.1.5"
repository: https://cdn.zero-downtime.net/charts/
- name: gocd
version: 1.39.4
version: 1.40.8
repository: https://gocd.github.io/helm-chart
condition: gocd.enabled
- name: gitea
version: 5.0.0
version: 5.0.3
repository: https://dl.gitea.io/charts/
condition: gitea.enabled
- name: jenkins
version: 3.11.3
version: 3.11.10
repository: https://charts.jenkins.io
condition: jenkins.enabled
- name: trivy
version: 0.4.9
version: 0.4.12
repository: https://aquasecurity.github.io/helm-charts/
condition: trivy.enabled

View File

@ -28,4 +28,7 @@
## Resources
### JVM tuning in containers
- https://developers.redhat.com/blog/2017/04/04/openjdk-and-containers?extIdCarryOver=true&sc_cid=701f2000001Css5AAC
{{ template "chart.valuesSection" . }}

View File

@ -17,7 +17,7 @@ gitea:
enabled: false
image:
tag: 1.16.1
tag: 1.16.5
rootless: true
securityContext:
@ -69,14 +69,14 @@ jenkins:
enabled: false
controller:
tagLabel: alpine
tag: 2.332.2-lts-jdk17-preview
#tagLabel: alpine
disableRememberMe: true
prometheus:
enabled: false
testEnabled: false
enableRawHtmlMarkupFormatter: true
# javaOpts: "-Xms512m -Xmx512m"
javaOpts: "-XX:+UseStringDeduplication -Dhudson.model.DirectoryBrowserSupport.CSP=\"sandbox allow-popups; default-src 'none'; img-src 'self' cdn.zero-downtime.net; style-src 'unsafe-inline';\""
javaOpts: "-XX:+UseContainerSupport -XX:+UseStringDeduplication -Dhudson.model.DirectoryBrowserSupport.CSP=\"sandbox allow-popups; default-src 'none'; img-src 'self' cdn.zero-downtime.net; style-src 'unsafe-inline';\""
jenkinsOpts: "--sessionTimeout=180 --sessionEviction=3600"
resources:
@ -114,14 +114,15 @@ jenkins:
numToKeepStr: "10"
installPlugins:
- kubernetes:1.31.3
- kubernetes:3580.v78271e5631dc
- workflow-aggregator:2.6
- git:4.10.3
- configuration-as-code:1346.ve8cfa_3473c94
- git:4.11.0
- configuration-as-code:1414.v878271fc496f
- antisamy-markup-formatter:2.7
- prometheus:2.0.10
- prometheus:2.0.11
- htmlpublisher:1.29
- build-discarder:60.v1747b0eb632a
- dark-theme:156.v6cf16af6f9ef
serviceAccountAgent:
create: true
@ -130,22 +131,22 @@ jenkins:
# Preconfigure agents to use zdt podman requires fuse/overlayfs
agent:
image: public.ecr.aws/zero-downtime/jenkins-podman
tag: v0.2.4-6
tag: v0.2.4-21
resources:
requests:
cpu: "512m"
memory: "512Mi"
memory: "1024Mi"
limits:
cpu: "1"
memory: "2048Mi"
alwaysPullImage: true
cpu: "4"
memory: "6144Mi"
#alwaysPullImage: true
podRetention: "Default"
showRawYaml: false
podName: "podman-aws"
customJenkinsLabels:
- podman-aws-trivy
idleMinutes: 10
containerCap: 4
containerCap: 2
annotations:
container.apparmor.security.beta.kubernetes.io/jnlp: unconfined
# envVars:

View File

@ -10,7 +10,7 @@ if [ -r jsonnetfile.lock.json ]; then
jb update
else
#jb install github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus@main
jb install github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus@release-0.9
jb install github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus@release-0.10
fi
make clean

View File

@ -73,6 +73,8 @@ kube-prometheus-stack:
enabled: true
prometheus-node-exporter:
hostRootFsMount:
enabled: false
prometheus:
monitor:
relabelings:

View File

@ -2,7 +2,7 @@ apiVersion: v2
name: kubezero-network
description: KubeZero umbrella chart for all things network
type: application
version: 0.1.7
version: 0.2.1
home: https://kubezero.com
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
keywords:
@ -16,7 +16,7 @@ maintainers:
email: stefan@zero-downtime.net
dependencies:
- name: cilium
version: 1.10.5
version: 1.11.3
repository: https://helm.cilium.io/
condition: cilium.enabled
- name: metallb

View File

@ -3,7 +3,7 @@ name: calico
description: KubeZero Chart for Calico
type: application
version: 0.2.2
appVersion: v3.16.5
appVersion: v3.16.10
home: https://kubezero.com
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
keywords:

View File

@ -518,7 +518,7 @@ spec:
mountPath: /sys/fs/
# Bidirectional means that, if we mount the BPF filesystem at /sys/fs/bpf it will propagate to the host.
# If the host is known to mount that filesystem already then Bidirectional can be omitted.
mountPropagation: Bidirectional
# mountPropagation: Bidirectional
volumes:
# Used by calico-node.
- name: lib-modules
@ -541,7 +541,7 @@ spec:
# Used to install CNI.
- name: cni-bin-dir
hostPath:
path: /opt/cni/bin
path: /usr/libexec/cni
- name: cni-net-dir
hostPath:
path: /etc/cni/net.d

View File

@ -115,6 +115,7 @@ spec:
args:
- "--multus-conf-file=auto"
- "--rename-conf-file=true"
- "--cni-bin-dir=/host/usr/libexec/cni"
- "--cni-version=0.3.1"
resources:
requests:
@ -133,7 +134,7 @@ spec:
- name: cni
mountPath: /host/etc/cni/net.d
- name: cnibin
mountPath: /host/opt/cni/bin
mountPath: /host/usr/libexec/cni
- name: multus-cfg
mountPath: /tmp/multus-conf
terminationGracePeriodSeconds: 10
@ -146,7 +147,7 @@ spec:
path: /etc/cni/net.d
- name: cnibin
hostPath:
path: /opt/cni/bin
path: /usr/libexec/cni
- name: multus-cfg
configMap:
name: multus-cni-config

View File

@ -28,7 +28,7 @@ dependencies:
condition: gemini.enabled
# repository: https://charts.fairwinds.com/stable
- name: aws-ebs-csi-driver
version: 2.6.3
version: 2.6.4
condition: aws-ebs-csi-driver.enabled
# repository: https://kubernetes-sigs.github.io/aws-ebs-csi-driver
- name: aws-efs-csi-driver

View File

@ -1,5 +1,9 @@
# Helm chart
## v2.6.4
* Remove exposure all secrets to external-snapshotter-role
## v2.6.3
* Bump app/driver to version `v1.5.1`

View File

@ -19,4 +19,4 @@ maintainers:
name: aws-ebs-csi-driver
sources:
- https://github.com/kubernetes-sigs/aws-ebs-csi-driver
version: 2.6.3
version: 2.6.4

View File

@ -9,9 +9,13 @@ rules:
- apiGroups: [ "" ]
resources: [ "events" ]
verbs: [ "list", "watch", "create", "update", "patch" ]
- apiGroups: [ "" ]
resources: [ "secrets" ]
verbs: [ "get", "list" ]
# Secret permission is optional.
# Enable it if your driver needs secret.
# For example, `csi.storage.k8s.io/snapshotter-secret-name` is set in VolumeSnapshotClass.
# See https://kubernetes-csi.github.io/docs/secrets-and-credentials.html for more details.
# - apiGroups: [ "" ]
# resources: [ "secrets" ]
# verbs: [ "get", "list" ]
- apiGroups: [ "snapshot.storage.k8s.io" ]
resources: [ "volumesnapshotclasses" ]
verbs: [ "get", "list", "watch" ]

View File

@ -2,7 +2,7 @@ apiVersion: v2
name: kubezero
description: KubeZero - Root App of Apps chart
type: application
version: 1.21.9-4
version: 1.22.8-1
home: https://kubezero.com
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
keywords:

View File

@ -1,6 +1,6 @@
# kubezero
![Version: 1.21.9](https://img.shields.io/badge/Version-1.21.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
![Version: 1.22.8-1](https://img.shields.io/badge/Version-1.22.8--1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
KubeZero - Root App of Apps chart
@ -14,7 +14,7 @@ KubeZero - Root App of Apps chart
## Requirements
Kubernetes: `>= 1.20.0`
Kubernetes: `>= 1.22.0`
| Repository | Name | Version |
|------------|------|---------|
@ -26,29 +26,27 @@ Kubernetes: `>= 1.20.0`
|-----|------|---------|-------------|
| HighAvailableControlplane | bool | `false` | |
| addons.enabled | bool | `false` | |
| addons.targetRevision | string | `"0.2.4"` | |
| addons.targetRevision | string | `"0.4.1"` | |
| argocd.enabled | bool | `false` | |
| argocd.istio.enabled | bool | `false` | |
| argocd.namespace | string | `"argocd"` | |
| argocd.targetRevision | string | `"0.9.4"` | |
| argocd.targetRevision | string | `"0.9.6"` | |
| cert-manager.enabled | bool | `false` | |
| cert-manager.namespace | string | `"cert-manager"` | |
| cert-manager.targetRevision | string | `"0.8.0"` | |
| cert-manager.targetRevision | string | `"0.8.2"` | |
| istio-ingress.enabled | bool | `false` | |
| istio-ingress.namespace | string | `"istio-ingress"` | |
| istio-ingress.targetRevision | string | `"0.7.6"` | |
| istio.enabled | bool | `false` | |
| istio.namespace | string | `"istio-system"` | |
| istio.targetRevision | string | `"0.7.6"` | |
| kiam.enabled | bool | `false` | |
| kiam.targetRevision | string | `"0.3.5"` | |
| kubezero.defaultTargetRevision | string | `"*"` | |
| kubezero.gitSync | object | `{}` | |
| kubezero.repoURL | string | `"https://cdn.zero-downtime.net/charts"` | |
| kubezero.server | string | `"https://kubernetes.default.svc"` | |
| logging.enabled | bool | `false` | |
| logging.namespace | string | `"logging"` | |
| logging.targetRevision | string | `"0.7.17"` | |
| logging.targetRevision | string | `"0.7.19"` | |
| metrics.enabled | bool | `false` | |
| metrics.istio.grafana | object | `{}` | |
| metrics.istio.prometheus | object | `{}` | |
@ -56,11 +54,11 @@ Kubernetes: `>= 1.20.0`
| metrics.targetRevision | string | `"0.7.4"` | |
| network.enabled | bool | `false` | |
| network.retain | bool | `true` | |
| network.targetRevision | string | `"0.1.0"` | |
| network.targetRevision | string | `"0.1.7"` | |
| storage.aws-ebs-csi-driver.enabled | bool | `false` | |
| storage.aws-efs-csi-driver.enabled | bool | `false` | |
| storage.enabled | bool | `false` | |
| storage.targetRevision | string | `"0.5.2"` | |
| storage.targetRevision | string | `"0.5.7"` | |
----------------------------------------------
Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0)

View File

@ -1,20 +0,0 @@
{{- define "kiam-values" }}
kiam:
server:
assumeRoleArn: "{{ .Values.kiam.IamArn }}"
deployment:
replicas: {{ ternary 2 1 .Values.HighAvailableControlplane }}
prometheus:
servicemonitor:
enabled: {{ .Values.metrics.enabled }}
agent:
prometheus:
servicemonitor:
enabled: {{ .Values.metrics.enabled }}
{{- end }}
{{- define "kiam-argo" }}
{{- end }}
{{ include "kubezero-app.app" . }}

View File

@ -20,11 +20,6 @@ cert-manager:
namespace: cert-manager
targetRevision: 0.8.2
# deprecated - removed with 1.22
kiam:
enabled: false
targetRevision: 0.3.5
storage:
enabled: false
targetRevision: 0.5.7
@ -54,7 +49,7 @@ metrics:
logging:
enabled: false
namespace: logging
targetRevision: 0.7.18
targetRevision: 0.8.0
argocd:
enabled: false

View File

@ -13,30 +13,41 @@ mkdir -p $TMPDIR
[ -z "$DEBUG" ] && trap 'rm -rf $TMPDIR' ERR EXIT
for dir in $(find -L $SRCROOT/charts -mindepth 1 -maxdepth 1 -type d);
do
name=$(basename $dir)
[[ $name =~ $CHARTS ]] || continue
#if [ $(helm dep list $dir 2>/dev/null| wc -l) -gt 1 ]
#then
# echo "Processing chart dependencies"
# rm -rf $dir/tmpcharts
# helm dependency update --skip-refresh $dir
#fi
function reset_index() {
aws s3 sync $REPO_URL_S3/ $TMPDIR/
helm repo index $TMPDIR --url $REPO_URL
aws s3 cp $TMPDIR/index.yaml $REPO_URL_S3/ --cache-control max-age=1
}
echo "Processing $dir"
helm lint $dir
helm package -d $TMPDIR $dir
done
curl -L -s -o $TMPDIR/index.yaml ${REPO_URL}/index.yaml
function publish_chart() {
for dir in $(find -L $SRCROOT/charts -mindepth 1 -maxdepth 1 -type d);
do
name=$(basename $dir)
[[ $name =~ $CHARTS ]] || continue
helm repo index $TMPDIR --url $REPO_URL --merge $TMPDIR/index.yaml
#if [ $(helm dep list $dir 2>/dev/null| wc -l) -gt 1 ]
#then
# echo "Processing chart dependencies"
# rm -rf $dir/tmpcharts
# helm dependency update --skip-refresh $dir
#fi
for p in $TMPDIR/*.tgz; do
aws s3 cp $p $REPO_URL_S3/
done
aws s3 cp $TMPDIR/index.yaml $REPO_URL_S3/ --cache-control max-age=1
echo "Processing $dir"
helm lint $dir
helm package -d $TMPDIR $dir
done
rm -rf $TMPDIR
curl -L -s -o $TMPDIR/index.yaml ${REPO_URL}/index.yaml
helm repo index $TMPDIR --url $REPO_URL --merge $TMPDIR/index.yaml
for p in $TMPDIR/*.tgz; do
aws s3 cp $p $REPO_URL_S3/
done
aws s3 cp $TMPDIR/index.yaml $REPO_URL_S3/ --cache-control max-age=1
}
publish_chart
#reset_index