diff --git a/charts/kubezero-argocd/Chart.yaml b/charts/kubezero-argocd/Chart.yaml index 5b996935..c75d32ed 100644 --- a/charts/kubezero-argocd/Chart.yaml +++ b/charts/kubezero-argocd/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 description: KubeZero ArgoCD Helm chart to install ArgoCD itself and the KubeZero ArgoCD Application name: kubezero-argocd -version: 0.9.5 +version: 0.9.6 home: https://kubezero.com icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png keywords: @@ -16,6 +16,6 @@ dependencies: version: ">= 0.1.4" repository: https://cdn.zero-downtime.net/charts/ - name: argo-cd - version: 3.32.1 + version: 3.33.8 repository: https://argoproj.github.io/argo-helm kubeVersion: ">= 1.20.0" diff --git a/charts/kubezero-cert-manager/Chart.yaml b/charts/kubezero-cert-manager/Chart.yaml index 95c074c3..c01372aa 100644 --- a/charts/kubezero-cert-manager/Chart.yaml +++ b/charts/kubezero-cert-manager/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: kubezero-cert-manager description: KubeZero Umbrella Chart for cert-manager type: application -version: 0.8.0 +version: 0.8.2 appVersion: 1.6.1 home: https://kubezero.com icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png diff --git a/charts/kubezero-cert-manager/README.md b/charts/kubezero-cert-manager/README.md index 7061df2f..acf3a88d 100644 --- a/charts/kubezero-cert-manager/README.md +++ b/charts/kubezero-cert-manager/README.md @@ -1,6 +1,6 @@ # kubezero-cert-manager -![Version: 0.8.0](https://img.shields.io/badge/Version-0.8.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.6.1](https://img.shields.io/badge/AppVersion-1.6.1-informational?style=flat-square) +![Version: 0.8.1](https://img.shields.io/badge/Version-0.8.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.6.1](https://img.shields.io/badge/AppVersion-1.6.1-informational?style=flat-square) KubeZero Umbrella Chart for cert-manager diff --git a/charts/kubezero-cert-manager/templates/prometheus-rules.yaml b/charts/kubezero-cert-manager/templates/prometheus-rules.yaml index cbf455b0..45bd495f 100644 --- a/charts/kubezero-cert-manager/templates/prometheus-rules.yaml +++ b/charts/kubezero-cert-manager/templates/prometheus-rules.yaml @@ -1,3 +1,4 @@ +{{- if index .Values "cert-manager" "prometheus" "servicemonitor" "enabled" }} apiVersion: monitoring.coreos.com/v1 kind: PrometheusRule metadata: @@ -50,4 +51,4 @@ spec: for: 5m labels: severity: critical - +{{- end }} diff --git a/charts/kubezero-ci/Chart.yaml b/charts/kubezero-ci/Chart.yaml index 09a69854..84291d93 100644 --- a/charts/kubezero-ci/Chart.yaml +++ b/charts/kubezero-ci/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: kubezero-ci description: KubeZero umbrella chart for all things CI type: application -version: 0.4.26 +version: 0.4.44 home: https://kubezero.com icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png keywords: @@ -18,19 +18,19 @@ dependencies: version: ">= 0.1.5" repository: https://cdn.zero-downtime.net/charts/ - name: gocd - version: 1.39.4 + version: 1.40.8 repository: https://gocd.github.io/helm-chart condition: gocd.enabled - name: gitea - version: 5.0.0 + version: 5.0.3 repository: https://dl.gitea.io/charts/ condition: gitea.enabled - name: jenkins - version: 3.11.3 + version: 3.11.10 repository: https://charts.jenkins.io condition: jenkins.enabled - name: trivy - version: 0.4.9 + version: 0.4.12 repository: https://aquasecurity.github.io/helm-charts/ condition: trivy.enabled diff --git a/charts/kubezero-ci/README.md.gotmpl b/charts/kubezero-ci/README.md.gotmpl index 6940f8fb..28a0fceb 100644 --- a/charts/kubezero-ci/README.md.gotmpl +++ b/charts/kubezero-ci/README.md.gotmpl @@ -28,4 +28,7 @@ ## Resources +### JVM tuning in containers +- https://developers.redhat.com/blog/2017/04/04/openjdk-and-containers?extIdCarryOver=true&sc_cid=701f2000001Css5AAC + {{ template "chart.valuesSection" . }} diff --git a/charts/kubezero-ci/values.yaml b/charts/kubezero-ci/values.yaml index 4f44e6ab..77c1e6bd 100644 --- a/charts/kubezero-ci/values.yaml +++ b/charts/kubezero-ci/values.yaml @@ -17,7 +17,7 @@ gitea: enabled: false image: - tag: 1.16.1 + tag: 1.16.5 rootless: true securityContext: @@ -69,14 +69,14 @@ jenkins: enabled: false controller: - tagLabel: alpine + tag: 2.332.2-lts-jdk17-preview + #tagLabel: alpine disableRememberMe: true prometheus: enabled: false testEnabled: false enableRawHtmlMarkupFormatter: true - # javaOpts: "-Xms512m -Xmx512m" - javaOpts: "-XX:+UseStringDeduplication -Dhudson.model.DirectoryBrowserSupport.CSP=\"sandbox allow-popups; default-src 'none'; img-src 'self' cdn.zero-downtime.net; style-src 'unsafe-inline';\"" + javaOpts: "-XX:+UseContainerSupport -XX:+UseStringDeduplication -Dhudson.model.DirectoryBrowserSupport.CSP=\"sandbox allow-popups; default-src 'none'; img-src 'self' cdn.zero-downtime.net; style-src 'unsafe-inline';\"" jenkinsOpts: "--sessionTimeout=180 --sessionEviction=3600" resources: @@ -114,14 +114,15 @@ jenkins: numToKeepStr: "10" installPlugins: - - kubernetes:1.31.3 + - kubernetes:3580.v78271e5631dc - workflow-aggregator:2.6 - - git:4.10.3 - - configuration-as-code:1346.ve8cfa_3473c94 + - git:4.11.0 + - configuration-as-code:1414.v878271fc496f - antisamy-markup-formatter:2.7 - - prometheus:2.0.10 + - prometheus:2.0.11 - htmlpublisher:1.29 - build-discarder:60.v1747b0eb632a + - dark-theme:156.v6cf16af6f9ef serviceAccountAgent: create: true @@ -130,22 +131,22 @@ jenkins: # Preconfigure agents to use zdt podman requires fuse/overlayfs agent: image: public.ecr.aws/zero-downtime/jenkins-podman - tag: v0.2.4-6 + tag: v0.2.4-21 resources: requests: cpu: "512m" - memory: "512Mi" + memory: "1024Mi" limits: - cpu: "1" - memory: "2048Mi" - alwaysPullImage: true + cpu: "4" + memory: "6144Mi" + #alwaysPullImage: true podRetention: "Default" showRawYaml: false podName: "podman-aws" customJenkinsLabels: - podman-aws-trivy idleMinutes: 10 - containerCap: 4 + containerCap: 2 annotations: container.apparmor.security.beta.kubernetes.io/jnlp: unconfined # envVars: diff --git a/charts/kubezero-metrics/jsonnet/build.sh b/charts/kubezero-metrics/jsonnet/build.sh index 728e397f..c272c3c4 100755 --- a/charts/kubezero-metrics/jsonnet/build.sh +++ b/charts/kubezero-metrics/jsonnet/build.sh @@ -10,7 +10,7 @@ if [ -r jsonnetfile.lock.json ]; then jb update else #jb install github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus@main - jb install github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus@release-0.9 + jb install github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus@release-0.10 fi make clean diff --git a/charts/kubezero-metrics/values.yaml b/charts/kubezero-metrics/values.yaml index 4a8fa620..636e0bb2 100644 --- a/charts/kubezero-metrics/values.yaml +++ b/charts/kubezero-metrics/values.yaml @@ -73,6 +73,8 @@ kube-prometheus-stack: enabled: true prometheus-node-exporter: + hostRootFsMount: + enabled: false prometheus: monitor: relabelings: diff --git a/charts/kubezero-network/Chart.yaml b/charts/kubezero-network/Chart.yaml index 8a05152f..613784dc 100644 --- a/charts/kubezero-network/Chart.yaml +++ b/charts/kubezero-network/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: kubezero-network description: KubeZero umbrella chart for all things network type: application -version: 0.1.7 +version: 0.2.1 home: https://kubezero.com icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png keywords: @@ -16,7 +16,7 @@ maintainers: email: stefan@zero-downtime.net dependencies: - name: cilium - version: 1.10.5 + version: 1.11.3 repository: https://helm.cilium.io/ condition: cilium.enabled - name: metallb diff --git a/charts/kubezero-network/charts/calico/Chart.yaml b/charts/kubezero-network/charts/calico/Chart.yaml index 43e1cd76..7357f176 100644 --- a/charts/kubezero-network/charts/calico/Chart.yaml +++ b/charts/kubezero-network/charts/calico/Chart.yaml @@ -3,7 +3,7 @@ name: calico description: KubeZero Chart for Calico type: application version: 0.2.2 -appVersion: v3.16.5 +appVersion: v3.16.10 home: https://kubezero.com icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png keywords: diff --git a/charts/kubezero-network/charts/calico/templates/calico.yaml b/charts/kubezero-network/charts/calico/templates/calico.yaml index 17159983..bb5937aa 100644 --- a/charts/kubezero-network/charts/calico/templates/calico.yaml +++ b/charts/kubezero-network/charts/calico/templates/calico.yaml @@ -518,7 +518,7 @@ spec: mountPath: /sys/fs/ # Bidirectional means that, if we mount the BPF filesystem at /sys/fs/bpf it will propagate to the host. # If the host is known to mount that filesystem already then Bidirectional can be omitted. - mountPropagation: Bidirectional + # mountPropagation: Bidirectional volumes: # Used by calico-node. - name: lib-modules @@ -541,7 +541,7 @@ spec: # Used to install CNI. - name: cni-bin-dir hostPath: - path: /opt/cni/bin + path: /usr/libexec/cni - name: cni-net-dir hostPath: path: /etc/cni/net.d diff --git a/charts/kubezero-network/templates/multus/daemonset.yaml b/charts/kubezero-network/templates/multus/daemonset.yaml index 3ed4dfe8..5fc62691 100644 --- a/charts/kubezero-network/templates/multus/daemonset.yaml +++ b/charts/kubezero-network/templates/multus/daemonset.yaml @@ -115,6 +115,7 @@ spec: args: - "--multus-conf-file=auto" - "--rename-conf-file=true" + - "--cni-bin-dir=/host/usr/libexec/cni" - "--cni-version=0.3.1" resources: requests: @@ -133,7 +134,7 @@ spec: - name: cni mountPath: /host/etc/cni/net.d - name: cnibin - mountPath: /host/opt/cni/bin + mountPath: /host/usr/libexec/cni - name: multus-cfg mountPath: /tmp/multus-conf terminationGracePeriodSeconds: 10 @@ -146,7 +147,7 @@ spec: path: /etc/cni/net.d - name: cnibin hostPath: - path: /opt/cni/bin + path: /usr/libexec/cni - name: multus-cfg configMap: name: multus-cni-config diff --git a/charts/kubezero-storage/Chart.yaml b/charts/kubezero-storage/Chart.yaml index 8ad1ba51..79e0901d 100644 --- a/charts/kubezero-storage/Chart.yaml +++ b/charts/kubezero-storage/Chart.yaml @@ -28,7 +28,7 @@ dependencies: condition: gemini.enabled # repository: https://charts.fairwinds.com/stable - name: aws-ebs-csi-driver - version: 2.6.3 + version: 2.6.4 condition: aws-ebs-csi-driver.enabled # repository: https://kubernetes-sigs.github.io/aws-ebs-csi-driver - name: aws-efs-csi-driver diff --git a/charts/kubezero-storage/charts/aws-ebs-csi-driver/CHANGELOG.md b/charts/kubezero-storage/charts/aws-ebs-csi-driver/CHANGELOG.md index 1d510925..9ec008dd 100644 --- a/charts/kubezero-storage/charts/aws-ebs-csi-driver/CHANGELOG.md +++ b/charts/kubezero-storage/charts/aws-ebs-csi-driver/CHANGELOG.md @@ -1,5 +1,9 @@ # Helm chart +## v2.6.4 + +* Remove exposure all secrets to external-snapshotter-role + ## v2.6.3 * Bump app/driver to version `v1.5.1` diff --git a/charts/kubezero-storage/charts/aws-ebs-csi-driver/Chart.yaml b/charts/kubezero-storage/charts/aws-ebs-csi-driver/Chart.yaml index c55b3977..a57b5157 100644 --- a/charts/kubezero-storage/charts/aws-ebs-csi-driver/Chart.yaml +++ b/charts/kubezero-storage/charts/aws-ebs-csi-driver/Chart.yaml @@ -19,4 +19,4 @@ maintainers: name: aws-ebs-csi-driver sources: - https://github.com/kubernetes-sigs/aws-ebs-csi-driver -version: 2.6.3 +version: 2.6.4 diff --git a/charts/kubezero-storage/charts/aws-ebs-csi-driver/templates/clusterrole-snapshotter.yaml b/charts/kubezero-storage/charts/aws-ebs-csi-driver/templates/clusterrole-snapshotter.yaml index 5fada8b4..d0c3fc93 100644 --- a/charts/kubezero-storage/charts/aws-ebs-csi-driver/templates/clusterrole-snapshotter.yaml +++ b/charts/kubezero-storage/charts/aws-ebs-csi-driver/templates/clusterrole-snapshotter.yaml @@ -9,9 +9,13 @@ rules: - apiGroups: [ "" ] resources: [ "events" ] verbs: [ "list", "watch", "create", "update", "patch" ] - - apiGroups: [ "" ] - resources: [ "secrets" ] - verbs: [ "get", "list" ] + # Secret permission is optional. + # Enable it if your driver needs secret. + # For example, `csi.storage.k8s.io/snapshotter-secret-name` is set in VolumeSnapshotClass. + # See https://kubernetes-csi.github.io/docs/secrets-and-credentials.html for more details. + # - apiGroups: [ "" ] + # resources: [ "secrets" ] + # verbs: [ "get", "list" ] - apiGroups: [ "snapshot.storage.k8s.io" ] resources: [ "volumesnapshotclasses" ] verbs: [ "get", "list", "watch" ] diff --git a/charts/kubezero/Chart.yaml b/charts/kubezero/Chart.yaml index 86734e64..98e12381 100644 --- a/charts/kubezero/Chart.yaml +++ b/charts/kubezero/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: kubezero description: KubeZero - Root App of Apps chart type: application -version: 1.21.9-4 +version: 1.22.8-1 home: https://kubezero.com icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png keywords: diff --git a/charts/kubezero/README.md b/charts/kubezero/README.md index dd1ef559..ac2563d7 100644 --- a/charts/kubezero/README.md +++ b/charts/kubezero/README.md @@ -1,6 +1,6 @@ # kubezero -![Version: 1.21.9](https://img.shields.io/badge/Version-1.21.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) +![Version: 1.22.8-1](https://img.shields.io/badge/Version-1.22.8--1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) KubeZero - Root App of Apps chart @@ -14,7 +14,7 @@ KubeZero - Root App of Apps chart ## Requirements -Kubernetes: `>= 1.20.0` +Kubernetes: `>= 1.22.0` | Repository | Name | Version | |------------|------|---------| @@ -26,29 +26,27 @@ Kubernetes: `>= 1.20.0` |-----|------|---------|-------------| | HighAvailableControlplane | bool | `false` | | | addons.enabled | bool | `false` | | -| addons.targetRevision | string | `"0.2.4"` | | +| addons.targetRevision | string | `"0.4.1"` | | | argocd.enabled | bool | `false` | | | argocd.istio.enabled | bool | `false` | | | argocd.namespace | string | `"argocd"` | | -| argocd.targetRevision | string | `"0.9.4"` | | +| argocd.targetRevision | string | `"0.9.6"` | | | cert-manager.enabled | bool | `false` | | | cert-manager.namespace | string | `"cert-manager"` | | -| cert-manager.targetRevision | string | `"0.8.0"` | | +| cert-manager.targetRevision | string | `"0.8.2"` | | | istio-ingress.enabled | bool | `false` | | | istio-ingress.namespace | string | `"istio-ingress"` | | | istio-ingress.targetRevision | string | `"0.7.6"` | | | istio.enabled | bool | `false` | | | istio.namespace | string | `"istio-system"` | | | istio.targetRevision | string | `"0.7.6"` | | -| kiam.enabled | bool | `false` | | -| kiam.targetRevision | string | `"0.3.5"` | | | kubezero.defaultTargetRevision | string | `"*"` | | | kubezero.gitSync | object | `{}` | | | kubezero.repoURL | string | `"https://cdn.zero-downtime.net/charts"` | | | kubezero.server | string | `"https://kubernetes.default.svc"` | | | logging.enabled | bool | `false` | | | logging.namespace | string | `"logging"` | | -| logging.targetRevision | string | `"0.7.17"` | | +| logging.targetRevision | string | `"0.7.19"` | | | metrics.enabled | bool | `false` | | | metrics.istio.grafana | object | `{}` | | | metrics.istio.prometheus | object | `{}` | | @@ -56,11 +54,11 @@ Kubernetes: `>= 1.20.0` | metrics.targetRevision | string | `"0.7.4"` | | | network.enabled | bool | `false` | | | network.retain | bool | `true` | | -| network.targetRevision | string | `"0.1.0"` | | +| network.targetRevision | string | `"0.1.7"` | | | storage.aws-ebs-csi-driver.enabled | bool | `false` | | | storage.aws-efs-csi-driver.enabled | bool | `false` | | | storage.enabled | bool | `false` | | -| storage.targetRevision | string | `"0.5.2"` | | +| storage.targetRevision | string | `"0.5.7"` | | ---------------------------------------------- Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) diff --git a/charts/kubezero/templates/kiam.yaml b/charts/kubezero/templates/kiam.yaml deleted file mode 100644 index 3e4cb127..00000000 --- a/charts/kubezero/templates/kiam.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- define "kiam-values" }} -kiam: - server: - assumeRoleArn: "{{ .Values.kiam.IamArn }}" - deployment: - replicas: {{ ternary 2 1 .Values.HighAvailableControlplane }} - prometheus: - servicemonitor: - enabled: {{ .Values.metrics.enabled }} - agent: - prometheus: - servicemonitor: - enabled: {{ .Values.metrics.enabled }} -{{- end }} - - -{{- define "kiam-argo" }} -{{- end }} - -{{ include "kubezero-app.app" . }} diff --git a/charts/kubezero/values.yaml b/charts/kubezero/values.yaml index b85268c7..5ee23941 100644 --- a/charts/kubezero/values.yaml +++ b/charts/kubezero/values.yaml @@ -20,11 +20,6 @@ cert-manager: namespace: cert-manager targetRevision: 0.8.2 -# deprecated - removed with 1.22 -kiam: - enabled: false - targetRevision: 0.3.5 - storage: enabled: false targetRevision: 0.5.7 @@ -54,7 +49,7 @@ metrics: logging: enabled: false namespace: logging - targetRevision: 0.7.18 + targetRevision: 0.8.0 argocd: enabled: false diff --git a/scripts/publish.sh b/scripts/publish.sh index 46b7e47e..e0761fac 100755 --- a/scripts/publish.sh +++ b/scripts/publish.sh @@ -13,30 +13,41 @@ mkdir -p $TMPDIR [ -z "$DEBUG" ] && trap 'rm -rf $TMPDIR' ERR EXIT -for dir in $(find -L $SRCROOT/charts -mindepth 1 -maxdepth 1 -type d); -do - name=$(basename $dir) - [[ $name =~ $CHARTS ]] || continue - #if [ $(helm dep list $dir 2>/dev/null| wc -l) -gt 1 ] - #then - # echo "Processing chart dependencies" - # rm -rf $dir/tmpcharts - # helm dependency update --skip-refresh $dir - #fi +function reset_index() { + aws s3 sync $REPO_URL_S3/ $TMPDIR/ + helm repo index $TMPDIR --url $REPO_URL + aws s3 cp $TMPDIR/index.yaml $REPO_URL_S3/ --cache-control max-age=1 +} - echo "Processing $dir" - helm lint $dir - helm package -d $TMPDIR $dir -done -curl -L -s -o $TMPDIR/index.yaml ${REPO_URL}/index.yaml +function publish_chart() { + for dir in $(find -L $SRCROOT/charts -mindepth 1 -maxdepth 1 -type d); + do + name=$(basename $dir) + [[ $name =~ $CHARTS ]] || continue -helm repo index $TMPDIR --url $REPO_URL --merge $TMPDIR/index.yaml + #if [ $(helm dep list $dir 2>/dev/null| wc -l) -gt 1 ] + #then + # echo "Processing chart dependencies" + # rm -rf $dir/tmpcharts + # helm dependency update --skip-refresh $dir + #fi -for p in $TMPDIR/*.tgz; do - aws s3 cp $p $REPO_URL_S3/ -done -aws s3 cp $TMPDIR/index.yaml $REPO_URL_S3/ --cache-control max-age=1 + echo "Processing $dir" + helm lint $dir + helm package -d $TMPDIR $dir + done -rm -rf $TMPDIR + curl -L -s -o $TMPDIR/index.yaml ${REPO_URL}/index.yaml + helm repo index $TMPDIR --url $REPO_URL --merge $TMPDIR/index.yaml + + for p in $TMPDIR/*.tgz; do + aws s3 cp $p $REPO_URL_S3/ + done + aws s3 cp $TMPDIR/index.yaml $REPO_URL_S3/ --cache-control max-age=1 +} + + +publish_chart +#reset_index