feat: First v1.29 basic control plane working
This commit is contained in:
parent
155b2ce63a
commit
90edf83794
11
Dockerfile
11
Dockerfile
@ -3,7 +3,9 @@ ARG ALPINE_VERSION=3.20
|
|||||||
FROM docker.io/alpine:${ALPINE_VERSION}
|
FROM docker.io/alpine:${ALPINE_VERSION}
|
||||||
|
|
||||||
ARG ALPINE_VERSION
|
ARG ALPINE_VERSION
|
||||||
ARG KUBE_VERSION=1.28.9
|
ARG KUBE_VERSION=1.29.7
|
||||||
|
ARG SECRETS_VERSION=4.6.0
|
||||||
|
ARG VALS_VERSION=0.37.3
|
||||||
|
|
||||||
RUN cd /etc/apk/keys && \
|
RUN cd /etc/apk/keys && \
|
||||||
wget "https://cdn.zero-downtime.net/alpine/stefan@zero-downtime.net-61bb6bfb.rsa.pub" && \
|
wget "https://cdn.zero-downtime.net/alpine/stefan@zero-downtime.net-61bb6bfb.rsa.pub" && \
|
||||||
@ -29,6 +31,13 @@ RUN cd /etc/apk/keys && \
|
|||||||
RUN helm repo add kubezero https://cdn.zero-downtime.net/charts && \
|
RUN helm repo add kubezero https://cdn.zero-downtime.net/charts && \
|
||||||
mkdir -p /var/lib/kubezero
|
mkdir -p /var/lib/kubezero
|
||||||
|
|
||||||
|
# helm secrets
|
||||||
|
RUN mkdir -p $(helm env HELM_PLUGINS) && \
|
||||||
|
wget -qO - https://github.com/jkroepke/helm-secrets/releases/download/v${SECRETS_VERSION}/helm-secrets.tar.gz | tar -C "$(helm env HELM_PLUGINS)" -xzf-
|
||||||
|
|
||||||
|
# vals
|
||||||
|
RUN wget -qO - https://github.com/helmfile/vals/releases/download/v${VALS_VERSION}/vals_${VALS_VERSION}_linux_amd64.tar.gz | tar -C /usr/local/bin -xzf- vals
|
||||||
|
|
||||||
ADD admin/kubezero.sh admin/libhelm.sh admin/migrate_argo_values.py /usr/bin
|
ADD admin/kubezero.sh admin/libhelm.sh admin/migrate_argo_values.py /usr/bin
|
||||||
ADD admin/libhelm.sh /var/lib/kubezero
|
ADD admin/libhelm.sh /var/lib/kubezero
|
||||||
|
|
||||||
|
@ -149,8 +149,8 @@ kubeadm_upgrade() {
|
|||||||
post_kubeadm
|
post_kubeadm
|
||||||
|
|
||||||
# If we have a re-cert kubectl config install for root
|
# If we have a re-cert kubectl config install for root
|
||||||
if [ -f ${HOSTFS}/etc/kubernetes/admin.conf ]; then
|
if [ -f ${HOSTFS}/etc/kubernetes/super-admin.conf ]; then
|
||||||
cp ${HOSTFS}/etc/kubernetes/admin.conf ${HOSTFS}/root/.kube/config
|
cp ${HOSTFS}/etc/kubernetes/super-admin.conf ${HOSTFS}/root/.kube/config
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# post upgrade hook
|
# post upgrade hook
|
||||||
@ -190,7 +190,7 @@ control_plane_node() {
|
|||||||
cp -r ${WORKDIR}/pki ${HOSTFS}/etc/kubernetes
|
cp -r ${WORKDIR}/pki ${HOSTFS}/etc/kubernetes
|
||||||
|
|
||||||
# Always use kubeadm kubectl config to never run into chicken egg with custom auth hooks
|
# Always use kubeadm kubectl config to never run into chicken egg with custom auth hooks
|
||||||
cp ${WORKDIR}/admin.conf ${HOSTFS}/root/.kube/config
|
cp ${WORKDIR}/super-admin.conf ${HOSTFS}/root/.kube/config
|
||||||
|
|
||||||
# Only restore etcd data during "restore" and none exists already
|
# Only restore etcd data during "restore" and none exists already
|
||||||
if [[ "$CMD" =~ ^(restore)$ ]]; then
|
if [[ "$CMD" =~ ^(restore)$ ]]; then
|
||||||
@ -258,7 +258,7 @@ control_plane_node() {
|
|||||||
|
|
||||||
_kubeadm init phase kubelet-start
|
_kubeadm init phase kubelet-start
|
||||||
|
|
||||||
cp ${HOSTFS}/etc/kubernetes/admin.conf ${HOSTFS}/root/.kube/config
|
cp ${HOSTFS}/etc/kubernetes/super-admin.conf ${HOSTFS}/root/.kube/config
|
||||||
|
|
||||||
# Wait for api to be online
|
# Wait for api to be online
|
||||||
echo "Waiting for Kubernetes API to be online ..."
|
echo "Waiting for Kubernetes API to be online ..."
|
||||||
@ -347,7 +347,7 @@ delete_module() {
|
|||||||
# backup etcd + /etc/kubernetes/pki
|
# backup etcd + /etc/kubernetes/pki
|
||||||
backup() {
|
backup() {
|
||||||
# Display all ENVs, careful this exposes the password !
|
# Display all ENVs, careful this exposes the password !
|
||||||
[ -n "$DEBUG" ] && env
|
[ -n "$DEBUG" ] && env
|
||||||
|
|
||||||
restic snapshots || restic init || exit 1
|
restic snapshots || restic init || exit 1
|
||||||
|
|
||||||
@ -361,7 +361,8 @@ backup() {
|
|||||||
|
|
||||||
# pki & cluster-admin access
|
# pki & cluster-admin access
|
||||||
cp -r ${HOSTFS}/etc/kubernetes/pki ${WORKDIR}
|
cp -r ${HOSTFS}/etc/kubernetes/pki ${WORKDIR}
|
||||||
cp -r ${HOSTFS}/etc/kubernetes/admin.conf ${WORKDIR}
|
cp ${HOSTFS}/etc/kubernetes/admin.conf ${WORKDIR}
|
||||||
|
cp ${HOSTFS}/etc/kubernetes/super-admin.conf ${WORKDIR}
|
||||||
|
|
||||||
# Backup via restic
|
# Backup via restic
|
||||||
restic backup ${WORKDIR} -H $CLUSTERNAME --tag $CLUSTER_VERSION
|
restic backup ${WORKDIR} -H $CLUSTERNAME --tag $CLUSTER_VERSION
|
||||||
|
@ -2,7 +2,7 @@ apiVersion: v2
|
|||||||
name: kubeadm
|
name: kubeadm
|
||||||
description: KubeZero Kubeadm cluster config
|
description: KubeZero Kubeadm cluster config
|
||||||
type: application
|
type: application
|
||||||
version: 1.28.9
|
version: 1.29.7
|
||||||
home: https://kubezero.com
|
home: https://kubezero.com
|
||||||
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
||||||
keywords:
|
keywords:
|
||||||
|
@ -33,5 +33,6 @@ kubeReserved:
|
|||||||
#evictionHard:
|
#evictionHard:
|
||||||
# memory.available: "484Mi"
|
# memory.available: "484Mi"
|
||||||
imageGCLowThresholdPercent: 70
|
imageGCLowThresholdPercent: 70
|
||||||
|
imageMaximumGCAge: 168h
|
||||||
serializeImagePulls: false
|
serializeImagePulls: false
|
||||||
maxParallelImagePulls: 4
|
maxParallelImagePulls: 4
|
||||||
|
@ -2,10 +2,9 @@
|
|||||||
{{- /* Issues: MemoryQoS */ -}}
|
{{- /* Issues: MemoryQoS */ -}}
|
||||||
{{- /* v1.28: PodAndContainerStatsFromCRI still not working */ -}}
|
{{- /* v1.28: PodAndContainerStatsFromCRI still not working */ -}}
|
||||||
{{- /* v1.28: UnknownVersionInteroperabilityProxy requires StorageVersionAPI which is still alpha in 1.30 */ -}}
|
{{- /* v1.28: UnknownVersionInteroperabilityProxy requires StorageVersionAPI which is still alpha in 1.30 */ -}}
|
||||||
{{- /* v1.29: remove/beta SidecarContainers */ -}}
|
|
||||||
{{- /* v1.30: remove/beta KubeProxyDrainingTerminatingNodes */ -}}
|
{{- /* v1.30: remove/beta KubeProxyDrainingTerminatingNodes */ -}}
|
||||||
{{- define "kubeadm.featuregates" }}
|
{{- define "kubeadm.featuregates" }}
|
||||||
{{- $gates := list "CustomCPUCFSQuotaPeriod" "SidecarContainers" "KubeProxyDrainingTerminatingNodes" }}
|
{{- $gates := list "CustomCPUCFSQuotaPeriod" "KubeProxyDrainingTerminatingNodes" "ImageMaximumGCAge" }}
|
||||||
{{- if eq .return "csv" }}
|
{{- if eq .return "csv" }}
|
||||||
{{- range $key := $gates }}
|
{{- range $key := $gates }}
|
||||||
{{- $key }}=true,
|
{{- $key }}=true,
|
||||||
|
@ -117,7 +117,7 @@ spec:
|
|||||||
|
|
||||||
containers:
|
containers:
|
||||||
- name: aws-iam-authenticator
|
- name: aws-iam-authenticator
|
||||||
image: public.ecr.aws/zero-downtime/aws-iam-authenticator:v0.6.14
|
image: public.ecr.aws/zero-downtime/aws-iam-authenticator:v0.6.22
|
||||||
args:
|
args:
|
||||||
- server
|
- server
|
||||||
- --backend-mode=CRD,MountedFile
|
- --backend-mode=CRD,MountedFile
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
# kubezero-addons
|
# kubezero-addons
|
||||||
|
|
||||||
![Version: 0.8.7](https://img.shields.io/badge/Version-0.8.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v1.28](https://img.shields.io/badge/AppVersion-v1.28-informational?style=flat-square)
|
![Version: 0.8.8](https://img.shields.io/badge/Version-0.8.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v1.28](https://img.shields.io/badge/AppVersion-v1.28-informational?style=flat-square)
|
||||||
|
|
||||||
KubeZero umbrella chart for various optional cluster addons
|
KubeZero umbrella chart for various optional cluster addons
|
||||||
|
|
||||||
@ -18,12 +18,12 @@ Kubernetes: `>= 1.26.0`
|
|||||||
|
|
||||||
| Repository | Name | Version |
|
| Repository | Name | Version |
|
||||||
|------------|------|---------|
|
|------------|------|---------|
|
||||||
| https://bitnami-labs.github.io/sealed-secrets | sealed-secrets | 2.15.3 |
|
| https://bitnami-labs.github.io/sealed-secrets | sealed-secrets | 2.16.0 |
|
||||||
| https://kubernetes-sigs.github.io/external-dns/ | external-dns | 1.14.4 |
|
| https://kubernetes-sigs.github.io/external-dns/ | external-dns | 1.14.5 |
|
||||||
| https://kubernetes.github.io/autoscaler | cluster-autoscaler | 9.36.0 |
|
| https://kubernetes.github.io/autoscaler | cluster-autoscaler | 9.37.0 |
|
||||||
| https://nvidia.github.io/k8s-device-plugin | nvidia-device-plugin | 0.15.0 |
|
| https://nvidia.github.io/k8s-device-plugin | nvidia-device-plugin | 0.16.0 |
|
||||||
| https://twin.github.io/helm-charts | aws-eks-asg-rolling-update-handler | 1.5.0 |
|
| https://twin.github.io/helm-charts | aws-eks-asg-rolling-update-handler | 1.5.0 |
|
||||||
| oci://public.ecr.aws/aws-ec2/helm | aws-node-termination-handler | 0.23.0 |
|
| oci://public.ecr.aws/aws-ec2/helm | aws-node-termination-handler | 0.24.0 |
|
||||||
|
|
||||||
# MetalLB
|
# MetalLB
|
||||||
|
|
||||||
@ -110,7 +110,7 @@ Device plugin for [AWS Neuron](https://aws.amazon.com/machine-learning/neuron/)
|
|||||||
| cluster-autoscaler.extraArgs.scan-interval | string | `"30s"` | |
|
| cluster-autoscaler.extraArgs.scan-interval | string | `"30s"` | |
|
||||||
| cluster-autoscaler.extraArgs.skip-nodes-with-local-storage | bool | `false` | |
|
| cluster-autoscaler.extraArgs.skip-nodes-with-local-storage | bool | `false` | |
|
||||||
| cluster-autoscaler.image.repository | string | `"registry.k8s.io/autoscaling/cluster-autoscaler"` | |
|
| cluster-autoscaler.image.repository | string | `"registry.k8s.io/autoscaling/cluster-autoscaler"` | |
|
||||||
| cluster-autoscaler.image.tag | string | `"v1.28.2"` | |
|
| cluster-autoscaler.image.tag | string | `"v1.29.4"` | |
|
||||||
| cluster-autoscaler.nodeSelector."node-role.kubernetes.io/control-plane" | string | `""` | |
|
| cluster-autoscaler.nodeSelector."node-role.kubernetes.io/control-plane" | string | `""` | |
|
||||||
| cluster-autoscaler.podDisruptionBudget | bool | `false` | |
|
| cluster-autoscaler.podDisruptionBudget | bool | `false` | |
|
||||||
| cluster-autoscaler.prometheusRule.enabled | bool | `false` | |
|
| cluster-autoscaler.prometheusRule.enabled | bool | `false` | |
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
apiVersion: v2
|
apiVersion: v2
|
||||||
appVersion: 1.21.0
|
appVersion: 1.22.0
|
||||||
description: A Helm chart for the AWS Node Termination Handler.
|
description: A Helm chart for the AWS Node Termination Handler.
|
||||||
home: https://github.com/aws/aws-node-termination-handler/
|
home: https://github.com/aws/aws-node-termination-handler/
|
||||||
icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png
|
icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png
|
||||||
@ -21,4 +21,4 @@ name: aws-node-termination-handler
|
|||||||
sources:
|
sources:
|
||||||
- https://github.com/aws/aws-node-termination-handler/
|
- https://github.com/aws/aws-node-termination-handler/
|
||||||
type: application
|
type: application
|
||||||
version: 0.23.0
|
version: 0.24.0
|
||||||
|
@ -200,7 +200,7 @@ cluster-autoscaler:
|
|||||||
|
|
||||||
image:
|
image:
|
||||||
repository: registry.k8s.io/autoscaling/cluster-autoscaler
|
repository: registry.k8s.io/autoscaling/cluster-autoscaler
|
||||||
tag: v1.28.2
|
tag: v1.29.4
|
||||||
|
|
||||||
autoDiscovery:
|
autoDiscovery:
|
||||||
clusterName: ""
|
clusterName: ""
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
# kubezero-network
|
# kubezero-network
|
||||||
|
|
||||||
![Version: 0.5.2](https://img.shields.io/badge/Version-0.5.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
|
![Version: 0.5.3](https://img.shields.io/badge/Version-0.5.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
|
||||||
|
|
||||||
KubeZero umbrella chart for all things network
|
KubeZero umbrella chart for all things network
|
||||||
|
|
||||||
@ -20,8 +20,8 @@ Kubernetes: `>= 1.26.0`
|
|||||||
|------------|------|---------|
|
|------------|------|---------|
|
||||||
| https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.6 |
|
| https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.6 |
|
||||||
| https://haproxytech.github.io/helm-charts | haproxy | 1.22.0 |
|
| https://haproxytech.github.io/helm-charts | haproxy | 1.22.0 |
|
||||||
| https://helm.cilium.io/ | cilium | 1.15.5 |
|
| https://helm.cilium.io/ | cilium | 1.15.7 |
|
||||||
| https://metallb.github.io/metallb | metallb | 0.14.5 |
|
| https://metallb.github.io/metallb | metallb | 0.14.7 |
|
||||||
|
|
||||||
## Values
|
## Values
|
||||||
|
|
||||||
|
File diff suppressed because one or more lines are too long
@ -45,10 +45,6 @@ cilium:
|
|||||||
#-- Ensure this is false if multus is enabled
|
#-- Ensure this is false if multus is enabled
|
||||||
exclusive: false
|
exclusive: false
|
||||||
|
|
||||||
# bpf:
|
|
||||||
# autoMount:
|
|
||||||
# enabled: false
|
|
||||||
|
|
||||||
cluster:
|
cluster:
|
||||||
# This should match the second octet of clusterPoolIPv4PodCIDRList
|
# This should match the second octet of clusterPoolIPv4PodCIDRList
|
||||||
# to prevent IP space overlap and easy tracking
|
# to prevent IP space overlap and easy tracking
|
||||||
@ -71,6 +67,14 @@ cilium:
|
|||||||
enabled: false
|
enabled: false
|
||||||
hostRoot: "/sys/fs/cgroup"
|
hostRoot: "/sys/fs/cgroup"
|
||||||
|
|
||||||
|
# we need biDirectional so use helm init-container
|
||||||
|
#bpf:
|
||||||
|
# autoMount:
|
||||||
|
# enabled: false
|
||||||
|
|
||||||
|
sysctlfix:
|
||||||
|
enabled: false
|
||||||
|
|
||||||
routingMode: tunnel
|
routingMode: tunnel
|
||||||
tunnelProtocol: geneve
|
tunnelProtocol: geneve
|
||||||
|
|
||||||
|
@ -21,6 +21,7 @@ spec:
|
|||||||
runAsUser: 1000
|
runAsUser: 1000
|
||||||
runAsGroup: 1000
|
runAsGroup: 1000
|
||||||
runAsNonRoot: true
|
runAsNonRoot: true
|
||||||
|
fsGroup: 1000
|
||||||
securityContext:
|
securityContext:
|
||||||
allowPrivilegeEscalation: false
|
allowPrivilegeEscalation: false
|
||||||
privileged: false
|
privileged: false
|
||||||
|
@ -35,4 +35,5 @@ spec:
|
|||||||
indexPatterns:
|
indexPatterns:
|
||||||
- "logstash-*"
|
- "logstash-*"
|
||||||
- "jaeger-*"
|
- "jaeger-*"
|
||||||
|
- "otel-v1-apm-span-*"
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
@ -2,7 +2,7 @@ apiVersion: v2
|
|||||||
name: kubezero
|
name: kubezero
|
||||||
description: KubeZero - Root App of Apps chart
|
description: KubeZero - Root App of Apps chart
|
||||||
type: application
|
type: application
|
||||||
version: 1.28.9-2
|
version: 1.29.7
|
||||||
home: https://kubezero.com
|
home: https://kubezero.com
|
||||||
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
||||||
keywords:
|
keywords:
|
||||||
|
@ -11,7 +11,7 @@ global:
|
|||||||
|
|
||||||
addons:
|
addons:
|
||||||
enabled: true
|
enabled: true
|
||||||
targetRevision: 0.8.7
|
targetRevision: 0.8.8
|
||||||
external-dns:
|
external-dns:
|
||||||
enabled: false
|
enabled: false
|
||||||
forseti:
|
forseti:
|
||||||
@ -30,7 +30,7 @@ addons:
|
|||||||
network:
|
network:
|
||||||
enabled: true
|
enabled: true
|
||||||
retain: true
|
retain: true
|
||||||
targetRevision: 0.5.1
|
targetRevision: 0.5.3
|
||||||
cilium:
|
cilium:
|
||||||
cluster: {}
|
cluster: {}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user