feat: First v1.29 basic control plane working

This commit is contained in:
Stefan Reimer 2024-07-18 18:58:14 +00:00
parent 155b2ce63a
commit 90edf83794
16 changed files with 48 additions and 32 deletions

View File

@ -3,7 +3,9 @@ ARG ALPINE_VERSION=3.20
FROM docker.io/alpine:${ALPINE_VERSION}
ARG ALPINE_VERSION
ARG KUBE_VERSION=1.28.9
ARG KUBE_VERSION=1.29.7
ARG SECRETS_VERSION=4.6.0
ARG VALS_VERSION=0.37.3
RUN cd /etc/apk/keys && \
wget "https://cdn.zero-downtime.net/alpine/stefan@zero-downtime.net-61bb6bfb.rsa.pub" && \
@ -29,6 +31,13 @@ RUN cd /etc/apk/keys && \
RUN helm repo add kubezero https://cdn.zero-downtime.net/charts && \
mkdir -p /var/lib/kubezero
# helm secrets
RUN mkdir -p $(helm env HELM_PLUGINS) && \
wget -qO - https://github.com/jkroepke/helm-secrets/releases/download/v${SECRETS_VERSION}/helm-secrets.tar.gz | tar -C "$(helm env HELM_PLUGINS)" -xzf-
# vals
RUN wget -qO - https://github.com/helmfile/vals/releases/download/v${VALS_VERSION}/vals_${VALS_VERSION}_linux_amd64.tar.gz | tar -C /usr/local/bin -xzf- vals
ADD admin/kubezero.sh admin/libhelm.sh admin/migrate_argo_values.py /usr/bin
ADD admin/libhelm.sh /var/lib/kubezero

View File

@ -149,8 +149,8 @@ kubeadm_upgrade() {
post_kubeadm
# If we have a re-cert kubectl config install for root
if [ -f ${HOSTFS}/etc/kubernetes/admin.conf ]; then
cp ${HOSTFS}/etc/kubernetes/admin.conf ${HOSTFS}/root/.kube/config
if [ -f ${HOSTFS}/etc/kubernetes/super-admin.conf ]; then
cp ${HOSTFS}/etc/kubernetes/super-admin.conf ${HOSTFS}/root/.kube/config
fi
# post upgrade hook
@ -190,7 +190,7 @@ control_plane_node() {
cp -r ${WORKDIR}/pki ${HOSTFS}/etc/kubernetes
# Always use kubeadm kubectl config to never run into chicken egg with custom auth hooks
cp ${WORKDIR}/admin.conf ${HOSTFS}/root/.kube/config
cp ${WORKDIR}/super-admin.conf ${HOSTFS}/root/.kube/config
# Only restore etcd data during "restore" and none exists already
if [[ "$CMD" =~ ^(restore)$ ]]; then
@ -258,7 +258,7 @@ control_plane_node() {
_kubeadm init phase kubelet-start
cp ${HOSTFS}/etc/kubernetes/admin.conf ${HOSTFS}/root/.kube/config
cp ${HOSTFS}/etc/kubernetes/super-admin.conf ${HOSTFS}/root/.kube/config
# Wait for api to be online
echo "Waiting for Kubernetes API to be online ..."
@ -347,7 +347,7 @@ delete_module() {
# backup etcd + /etc/kubernetes/pki
backup() {
# Display all ENVs, careful this exposes the password !
[ -n "$DEBUG" ] && env
[ -n "$DEBUG" ] && env
restic snapshots || restic init || exit 1
@ -361,7 +361,8 @@ backup() {
# pki & cluster-admin access
cp -r ${HOSTFS}/etc/kubernetes/pki ${WORKDIR}
cp -r ${HOSTFS}/etc/kubernetes/admin.conf ${WORKDIR}
cp ${HOSTFS}/etc/kubernetes/admin.conf ${WORKDIR}
cp ${HOSTFS}/etc/kubernetes/super-admin.conf ${WORKDIR}
# Backup via restic
restic backup ${WORKDIR} -H $CLUSTERNAME --tag $CLUSTER_VERSION

View File

@ -2,7 +2,7 @@ apiVersion: v2
name: kubeadm
description: KubeZero Kubeadm cluster config
type: application
version: 1.28.9
version: 1.29.7
home: https://kubezero.com
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
keywords:

View File

@ -33,5 +33,6 @@ kubeReserved:
#evictionHard:
# memory.available: "484Mi"
imageGCLowThresholdPercent: 70
imageMaximumGCAge: 168h
serializeImagePulls: false
maxParallelImagePulls: 4

View File

@ -2,10 +2,9 @@
{{- /* Issues: MemoryQoS */ -}}
{{- /* v1.28: PodAndContainerStatsFromCRI still not working */ -}}
{{- /* v1.28: UnknownVersionInteroperabilityProxy requires StorageVersionAPI which is still alpha in 1.30 */ -}}
{{- /* v1.29: remove/beta SidecarContainers */ -}}
{{- /* v1.30: remove/beta KubeProxyDrainingTerminatingNodes */ -}}
{{- define "kubeadm.featuregates" }}
{{- $gates := list "CustomCPUCFSQuotaPeriod" "SidecarContainers" "KubeProxyDrainingTerminatingNodes" }}
{{- $gates := list "CustomCPUCFSQuotaPeriod" "KubeProxyDrainingTerminatingNodes" "ImageMaximumGCAge" }}
{{- if eq .return "csv" }}
{{- range $key := $gates }}
{{- $key }}=true,

View File

@ -117,7 +117,7 @@ spec:
containers:
- name: aws-iam-authenticator
image: public.ecr.aws/zero-downtime/aws-iam-authenticator:v0.6.14
image: public.ecr.aws/zero-downtime/aws-iam-authenticator:v0.6.22
args:
- server
- --backend-mode=CRD,MountedFile

View File

@ -1,6 +1,6 @@
# kubezero-addons
![Version: 0.8.7](https://img.shields.io/badge/Version-0.8.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v1.28](https://img.shields.io/badge/AppVersion-v1.28-informational?style=flat-square)
![Version: 0.8.8](https://img.shields.io/badge/Version-0.8.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v1.28](https://img.shields.io/badge/AppVersion-v1.28-informational?style=flat-square)
KubeZero umbrella chart for various optional cluster addons
@ -18,12 +18,12 @@ Kubernetes: `>= 1.26.0`
| Repository | Name | Version |
|------------|------|---------|
| https://bitnami-labs.github.io/sealed-secrets | sealed-secrets | 2.15.3 |
| https://kubernetes-sigs.github.io/external-dns/ | external-dns | 1.14.4 |
| https://kubernetes.github.io/autoscaler | cluster-autoscaler | 9.36.0 |
| https://nvidia.github.io/k8s-device-plugin | nvidia-device-plugin | 0.15.0 |
| https://bitnami-labs.github.io/sealed-secrets | sealed-secrets | 2.16.0 |
| https://kubernetes-sigs.github.io/external-dns/ | external-dns | 1.14.5 |
| https://kubernetes.github.io/autoscaler | cluster-autoscaler | 9.37.0 |
| https://nvidia.github.io/k8s-device-plugin | nvidia-device-plugin | 0.16.0 |
| https://twin.github.io/helm-charts | aws-eks-asg-rolling-update-handler | 1.5.0 |
| oci://public.ecr.aws/aws-ec2/helm | aws-node-termination-handler | 0.23.0 |
| oci://public.ecr.aws/aws-ec2/helm | aws-node-termination-handler | 0.24.0 |
# MetalLB
@ -110,7 +110,7 @@ Device plugin for [AWS Neuron](https://aws.amazon.com/machine-learning/neuron/)
| cluster-autoscaler.extraArgs.scan-interval | string | `"30s"` | |
| cluster-autoscaler.extraArgs.skip-nodes-with-local-storage | bool | `false` | |
| cluster-autoscaler.image.repository | string | `"registry.k8s.io/autoscaling/cluster-autoscaler"` | |
| cluster-autoscaler.image.tag | string | `"v1.28.2"` | |
| cluster-autoscaler.image.tag | string | `"v1.29.4"` | |
| cluster-autoscaler.nodeSelector."node-role.kubernetes.io/control-plane" | string | `""` | |
| cluster-autoscaler.podDisruptionBudget | bool | `false` | |
| cluster-autoscaler.prometheusRule.enabled | bool | `false` | |

View File

@ -1,5 +1,5 @@
apiVersion: v2
appVersion: 1.21.0
appVersion: 1.22.0
description: A Helm chart for the AWS Node Termination Handler.
home: https://github.com/aws/aws-node-termination-handler/
icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png
@ -21,4 +21,4 @@ name: aws-node-termination-handler
sources:
- https://github.com/aws/aws-node-termination-handler/
type: application
version: 0.23.0
version: 0.24.0

View File

@ -200,7 +200,7 @@ cluster-autoscaler:
image:
repository: registry.k8s.io/autoscaling/cluster-autoscaler
tag: v1.28.2
tag: v1.29.4
autoDiscovery:
clusterName: ""

View File

@ -1,6 +1,6 @@
# kubezero-network
![Version: 0.5.2](https://img.shields.io/badge/Version-0.5.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
![Version: 0.5.3](https://img.shields.io/badge/Version-0.5.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
KubeZero umbrella chart for all things network
@ -20,8 +20,8 @@ Kubernetes: `>= 1.26.0`
|------------|------|---------|
| https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.6 |
| https://haproxytech.github.io/helm-charts | haproxy | 1.22.0 |
| https://helm.cilium.io/ | cilium | 1.15.5 |
| https://metallb.github.io/metallb | metallb | 0.14.5 |
| https://helm.cilium.io/ | cilium | 1.15.7 |
| https://metallb.github.io/metallb | metallb | 0.14.7 |
## Values

File diff suppressed because one or more lines are too long

View File

@ -45,10 +45,6 @@ cilium:
#-- Ensure this is false if multus is enabled
exclusive: false
# bpf:
# autoMount:
# enabled: false
cluster:
# This should match the second octet of clusterPoolIPv4PodCIDRList
# to prevent IP space overlap and easy tracking
@ -71,6 +67,14 @@ cilium:
enabled: false
hostRoot: "/sys/fs/cgroup"
# we need biDirectional so use helm init-container
#bpf:
# autoMount:
# enabled: false
sysctlfix:
enabled: false
routingMode: tunnel
tunnelProtocol: geneve

View File

@ -21,6 +21,7 @@ spec:
runAsUser: 1000
runAsGroup: 1000
runAsNonRoot: true
fsGroup: 1000
securityContext:
allowPrivilegeEscalation: false
privileged: false

View File

@ -35,4 +35,5 @@ spec:
indexPatterns:
- "logstash-*"
- "jaeger-*"
- "otel-v1-apm-span-*"
{{- end }}

View File

@ -2,7 +2,7 @@ apiVersion: v2
name: kubezero
description: KubeZero - Root App of Apps chart
type: application
version: 1.28.9-2
version: 1.29.7
home: https://kubezero.com
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
keywords:

View File

@ -11,7 +11,7 @@ global:
addons:
enabled: true
targetRevision: 0.8.7
targetRevision: 0.8.8
external-dns:
enabled: false
forseti:
@ -30,7 +30,7 @@ addons:
network:
enabled: true
retain: true
targetRevision: 0.5.1
targetRevision: 0.5.3
cilium:
cluster: {}