feat: First v1.29 basic control plane working
This commit is contained in:
parent
155b2ce63a
commit
90edf83794
11
Dockerfile
11
Dockerfile
@ -3,7 +3,9 @@ ARG ALPINE_VERSION=3.20
|
||||
FROM docker.io/alpine:${ALPINE_VERSION}
|
||||
|
||||
ARG ALPINE_VERSION
|
||||
ARG KUBE_VERSION=1.28.9
|
||||
ARG KUBE_VERSION=1.29.7
|
||||
ARG SECRETS_VERSION=4.6.0
|
||||
ARG VALS_VERSION=0.37.3
|
||||
|
||||
RUN cd /etc/apk/keys && \
|
||||
wget "https://cdn.zero-downtime.net/alpine/stefan@zero-downtime.net-61bb6bfb.rsa.pub" && \
|
||||
@ -29,6 +31,13 @@ RUN cd /etc/apk/keys && \
|
||||
RUN helm repo add kubezero https://cdn.zero-downtime.net/charts && \
|
||||
mkdir -p /var/lib/kubezero
|
||||
|
||||
# helm secrets
|
||||
RUN mkdir -p $(helm env HELM_PLUGINS) && \
|
||||
wget -qO - https://github.com/jkroepke/helm-secrets/releases/download/v${SECRETS_VERSION}/helm-secrets.tar.gz | tar -C "$(helm env HELM_PLUGINS)" -xzf-
|
||||
|
||||
# vals
|
||||
RUN wget -qO - https://github.com/helmfile/vals/releases/download/v${VALS_VERSION}/vals_${VALS_VERSION}_linux_amd64.tar.gz | tar -C /usr/local/bin -xzf- vals
|
||||
|
||||
ADD admin/kubezero.sh admin/libhelm.sh admin/migrate_argo_values.py /usr/bin
|
||||
ADD admin/libhelm.sh /var/lib/kubezero
|
||||
|
||||
|
@ -149,8 +149,8 @@ kubeadm_upgrade() {
|
||||
post_kubeadm
|
||||
|
||||
# If we have a re-cert kubectl config install for root
|
||||
if [ -f ${HOSTFS}/etc/kubernetes/admin.conf ]; then
|
||||
cp ${HOSTFS}/etc/kubernetes/admin.conf ${HOSTFS}/root/.kube/config
|
||||
if [ -f ${HOSTFS}/etc/kubernetes/super-admin.conf ]; then
|
||||
cp ${HOSTFS}/etc/kubernetes/super-admin.conf ${HOSTFS}/root/.kube/config
|
||||
fi
|
||||
|
||||
# post upgrade hook
|
||||
@ -190,7 +190,7 @@ control_plane_node() {
|
||||
cp -r ${WORKDIR}/pki ${HOSTFS}/etc/kubernetes
|
||||
|
||||
# Always use kubeadm kubectl config to never run into chicken egg with custom auth hooks
|
||||
cp ${WORKDIR}/admin.conf ${HOSTFS}/root/.kube/config
|
||||
cp ${WORKDIR}/super-admin.conf ${HOSTFS}/root/.kube/config
|
||||
|
||||
# Only restore etcd data during "restore" and none exists already
|
||||
if [[ "$CMD" =~ ^(restore)$ ]]; then
|
||||
@ -258,7 +258,7 @@ control_plane_node() {
|
||||
|
||||
_kubeadm init phase kubelet-start
|
||||
|
||||
cp ${HOSTFS}/etc/kubernetes/admin.conf ${HOSTFS}/root/.kube/config
|
||||
cp ${HOSTFS}/etc/kubernetes/super-admin.conf ${HOSTFS}/root/.kube/config
|
||||
|
||||
# Wait for api to be online
|
||||
echo "Waiting for Kubernetes API to be online ..."
|
||||
@ -347,7 +347,7 @@ delete_module() {
|
||||
# backup etcd + /etc/kubernetes/pki
|
||||
backup() {
|
||||
# Display all ENVs, careful this exposes the password !
|
||||
[ -n "$DEBUG" ] && env
|
||||
[ -n "$DEBUG" ] && env
|
||||
|
||||
restic snapshots || restic init || exit 1
|
||||
|
||||
@ -361,7 +361,8 @@ backup() {
|
||||
|
||||
# pki & cluster-admin access
|
||||
cp -r ${HOSTFS}/etc/kubernetes/pki ${WORKDIR}
|
||||
cp -r ${HOSTFS}/etc/kubernetes/admin.conf ${WORKDIR}
|
||||
cp ${HOSTFS}/etc/kubernetes/admin.conf ${WORKDIR}
|
||||
cp ${HOSTFS}/etc/kubernetes/super-admin.conf ${WORKDIR}
|
||||
|
||||
# Backup via restic
|
||||
restic backup ${WORKDIR} -H $CLUSTERNAME --tag $CLUSTER_VERSION
|
||||
|
@ -2,7 +2,7 @@ apiVersion: v2
|
||||
name: kubeadm
|
||||
description: KubeZero Kubeadm cluster config
|
||||
type: application
|
||||
version: 1.28.9
|
||||
version: 1.29.7
|
||||
home: https://kubezero.com
|
||||
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
||||
keywords:
|
||||
|
@ -33,5 +33,6 @@ kubeReserved:
|
||||
#evictionHard:
|
||||
# memory.available: "484Mi"
|
||||
imageGCLowThresholdPercent: 70
|
||||
imageMaximumGCAge: 168h
|
||||
serializeImagePulls: false
|
||||
maxParallelImagePulls: 4
|
||||
|
@ -2,10 +2,9 @@
|
||||
{{- /* Issues: MemoryQoS */ -}}
|
||||
{{- /* v1.28: PodAndContainerStatsFromCRI still not working */ -}}
|
||||
{{- /* v1.28: UnknownVersionInteroperabilityProxy requires StorageVersionAPI which is still alpha in 1.30 */ -}}
|
||||
{{- /* v1.29: remove/beta SidecarContainers */ -}}
|
||||
{{- /* v1.30: remove/beta KubeProxyDrainingTerminatingNodes */ -}}
|
||||
{{- define "kubeadm.featuregates" }}
|
||||
{{- $gates := list "CustomCPUCFSQuotaPeriod" "SidecarContainers" "KubeProxyDrainingTerminatingNodes" }}
|
||||
{{- $gates := list "CustomCPUCFSQuotaPeriod" "KubeProxyDrainingTerminatingNodes" "ImageMaximumGCAge" }}
|
||||
{{- if eq .return "csv" }}
|
||||
{{- range $key := $gates }}
|
||||
{{- $key }}=true,
|
||||
|
@ -117,7 +117,7 @@ spec:
|
||||
|
||||
containers:
|
||||
- name: aws-iam-authenticator
|
||||
image: public.ecr.aws/zero-downtime/aws-iam-authenticator:v0.6.14
|
||||
image: public.ecr.aws/zero-downtime/aws-iam-authenticator:v0.6.22
|
||||
args:
|
||||
- server
|
||||
- --backend-mode=CRD,MountedFile
|
||||
|
@ -1,6 +1,6 @@
|
||||
# kubezero-addons
|
||||
|
||||
![Version: 0.8.7](https://img.shields.io/badge/Version-0.8.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v1.28](https://img.shields.io/badge/AppVersion-v1.28-informational?style=flat-square)
|
||||
![Version: 0.8.8](https://img.shields.io/badge/Version-0.8.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v1.28](https://img.shields.io/badge/AppVersion-v1.28-informational?style=flat-square)
|
||||
|
||||
KubeZero umbrella chart for various optional cluster addons
|
||||
|
||||
@ -18,12 +18,12 @@ Kubernetes: `>= 1.26.0`
|
||||
|
||||
| Repository | Name | Version |
|
||||
|------------|------|---------|
|
||||
| https://bitnami-labs.github.io/sealed-secrets | sealed-secrets | 2.15.3 |
|
||||
| https://kubernetes-sigs.github.io/external-dns/ | external-dns | 1.14.4 |
|
||||
| https://kubernetes.github.io/autoscaler | cluster-autoscaler | 9.36.0 |
|
||||
| https://nvidia.github.io/k8s-device-plugin | nvidia-device-plugin | 0.15.0 |
|
||||
| https://bitnami-labs.github.io/sealed-secrets | sealed-secrets | 2.16.0 |
|
||||
| https://kubernetes-sigs.github.io/external-dns/ | external-dns | 1.14.5 |
|
||||
| https://kubernetes.github.io/autoscaler | cluster-autoscaler | 9.37.0 |
|
||||
| https://nvidia.github.io/k8s-device-plugin | nvidia-device-plugin | 0.16.0 |
|
||||
| https://twin.github.io/helm-charts | aws-eks-asg-rolling-update-handler | 1.5.0 |
|
||||
| oci://public.ecr.aws/aws-ec2/helm | aws-node-termination-handler | 0.23.0 |
|
||||
| oci://public.ecr.aws/aws-ec2/helm | aws-node-termination-handler | 0.24.0 |
|
||||
|
||||
# MetalLB
|
||||
|
||||
@ -110,7 +110,7 @@ Device plugin for [AWS Neuron](https://aws.amazon.com/machine-learning/neuron/)
|
||||
| cluster-autoscaler.extraArgs.scan-interval | string | `"30s"` | |
|
||||
| cluster-autoscaler.extraArgs.skip-nodes-with-local-storage | bool | `false` | |
|
||||
| cluster-autoscaler.image.repository | string | `"registry.k8s.io/autoscaling/cluster-autoscaler"` | |
|
||||
| cluster-autoscaler.image.tag | string | `"v1.28.2"` | |
|
||||
| cluster-autoscaler.image.tag | string | `"v1.29.4"` | |
|
||||
| cluster-autoscaler.nodeSelector."node-role.kubernetes.io/control-plane" | string | `""` | |
|
||||
| cluster-autoscaler.podDisruptionBudget | bool | `false` | |
|
||||
| cluster-autoscaler.prometheusRule.enabled | bool | `false` | |
|
||||
|
@ -1,5 +1,5 @@
|
||||
apiVersion: v2
|
||||
appVersion: 1.21.0
|
||||
appVersion: 1.22.0
|
||||
description: A Helm chart for the AWS Node Termination Handler.
|
||||
home: https://github.com/aws/aws-node-termination-handler/
|
||||
icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png
|
||||
@ -21,4 +21,4 @@ name: aws-node-termination-handler
|
||||
sources:
|
||||
- https://github.com/aws/aws-node-termination-handler/
|
||||
type: application
|
||||
version: 0.23.0
|
||||
version: 0.24.0
|
||||
|
@ -200,7 +200,7 @@ cluster-autoscaler:
|
||||
|
||||
image:
|
||||
repository: registry.k8s.io/autoscaling/cluster-autoscaler
|
||||
tag: v1.28.2
|
||||
tag: v1.29.4
|
||||
|
||||
autoDiscovery:
|
||||
clusterName: ""
|
||||
|
@ -1,6 +1,6 @@
|
||||
# kubezero-network
|
||||
|
||||
![Version: 0.5.2](https://img.shields.io/badge/Version-0.5.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
|
||||
![Version: 0.5.3](https://img.shields.io/badge/Version-0.5.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
|
||||
|
||||
KubeZero umbrella chart for all things network
|
||||
|
||||
@ -20,8 +20,8 @@ Kubernetes: `>= 1.26.0`
|
||||
|------------|------|---------|
|
||||
| https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.6 |
|
||||
| https://haproxytech.github.io/helm-charts | haproxy | 1.22.0 |
|
||||
| https://helm.cilium.io/ | cilium | 1.15.5 |
|
||||
| https://metallb.github.io/metallb | metallb | 0.14.5 |
|
||||
| https://helm.cilium.io/ | cilium | 1.15.7 |
|
||||
| https://metallb.github.io/metallb | metallb | 0.14.7 |
|
||||
|
||||
## Values
|
||||
|
||||
|
File diff suppressed because one or more lines are too long
@ -45,10 +45,6 @@ cilium:
|
||||
#-- Ensure this is false if multus is enabled
|
||||
exclusive: false
|
||||
|
||||
# bpf:
|
||||
# autoMount:
|
||||
# enabled: false
|
||||
|
||||
cluster:
|
||||
# This should match the second octet of clusterPoolIPv4PodCIDRList
|
||||
# to prevent IP space overlap and easy tracking
|
||||
@ -71,6 +67,14 @@ cilium:
|
||||
enabled: false
|
||||
hostRoot: "/sys/fs/cgroup"
|
||||
|
||||
# we need biDirectional so use helm init-container
|
||||
#bpf:
|
||||
# autoMount:
|
||||
# enabled: false
|
||||
|
||||
sysctlfix:
|
||||
enabled: false
|
||||
|
||||
routingMode: tunnel
|
||||
tunnelProtocol: geneve
|
||||
|
||||
|
@ -21,6 +21,7 @@ spec:
|
||||
runAsUser: 1000
|
||||
runAsGroup: 1000
|
||||
runAsNonRoot: true
|
||||
fsGroup: 1000
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
privileged: false
|
||||
|
@ -35,4 +35,5 @@ spec:
|
||||
indexPatterns:
|
||||
- "logstash-*"
|
||||
- "jaeger-*"
|
||||
- "otel-v1-apm-span-*"
|
||||
{{- end }}
|
||||
|
@ -2,7 +2,7 @@ apiVersion: v2
|
||||
name: kubezero
|
||||
description: KubeZero - Root App of Apps chart
|
||||
type: application
|
||||
version: 1.28.9-2
|
||||
version: 1.29.7
|
||||
home: https://kubezero.com
|
||||
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
||||
keywords:
|
||||
|
@ -11,7 +11,7 @@ global:
|
||||
|
||||
addons:
|
||||
enabled: true
|
||||
targetRevision: 0.8.7
|
||||
targetRevision: 0.8.8
|
||||
external-dns:
|
||||
enabled: false
|
||||
forseti:
|
||||
@ -30,7 +30,7 @@ addons:
|
||||
network:
|
||||
enabled: true
|
||||
retain: true
|
||||
targetRevision: 0.5.1
|
||||
targetRevision: 0.5.3
|
||||
cilium:
|
||||
cluster: {}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user