diff --git a/artifacts/kubezero-calico/README.md b/artifacts/kubezero-calico/README.md index 6f831856..a3789791 100644 --- a/artifacts/kubezero-calico/README.md +++ b/artifacts/kubezero-calico/README.md @@ -9,7 +9,18 @@ Calico is setup based on the upstream calico-vxlan config from Changes: +- VxLAN set to Always to not expose cluster communication to VPC + + -> EC2 SecurityGroups still apply and only need to allow UDP 4789 for VxLAN traffic + -> No need to disable source/destination check on EC2 instances + -> Prepared for optional WireGuard encryption for all inter node traffic + - MTU set to 8941 -- Disable BGB and BIRD healthchecks + +- Removed migration init-container + +- Disable BGB and BIRD health checks + - Set FELIX log level to warning + - Enable Prometheus metrics diff --git a/charts/kubezero/templates/_app.yaml b/charts/kubezero/templates/_app.yaml index 2a59e75f..398705f9 100644 --- a/charts/kubezero/templates/_app.yaml +++ b/charts/kubezero/templates/_app.yaml @@ -9,7 +9,7 @@ metadata: {{- if not .retain }} finalizers: - resources-finalizer.argocd.argoproj.io - {{ end }} + {{- end }} spec: project: kubezero @@ -18,14 +18,14 @@ spec: targetRevision: {{ .root.Values.global.defaultSource.targetRevision }} {{- if eq .type "helm" }} {{- $my_values := index .root.Values .name "values" }} - path: {{ .root.Values.global.defaultSource.pathPrefix}}charts/kubezero-{{ .name }} + path: {{ .root.Values.global.defaultSource.pathPrefix}}charts/kubezero-{{ default .name .path }} {{- if $my_values }} helm: values: | {{- toYaml $my_values | nindent 8 }} {{- end }} {{- else }} - path: {{ .root.Values.global.defaultSource.pathPrefix }}artifacts/kubezero-{{ .name }} + path: {{ .root.Values.global.defaultSource.pathPrefix }}artifacts/kubezero-{{ default .name .path }} {{- end }} destination: diff --git a/charts/kubezero/templates/calico.yaml b/charts/kubezero/templates/calico.yaml index 33aa8442..605f6d55 100644 --- a/charts/kubezero/templates/calico.yaml +++ b/charts/kubezero/templates/calico.yaml @@ -1,3 +1,8 @@ +# {{ .Values.calico.network }} {{- if .Values.calico.enabled }} +{{- if .Values.calico.network }} +{{ template "kubezero-app.app" dict "root" . "name" "calico" "type" "kustomize" "retain" true "path" (printf "%s/%s" "calico" .Values.platform) }} +{{- else }} {{ template "kubezero-app.app" dict "root" . "name" "calico" "type" "kustomize" "retain" true }} {{- end }} +{{- end }} diff --git a/charts/kubezero/values.yaml b/charts/kubezero/values.yaml index 0682f2bd..17cf62a3 100644 --- a/charts/kubezero/values.yaml +++ b/charts/kubezero/values.yaml @@ -13,6 +13,8 @@ global: # defaultSource.pathPrefix -- optional path prefix within repoURL to support eg. remote subtrees pathPrefix: '' +platform: aws + calico: enabled: true diff --git a/deploy/templates/values.yaml b/deploy/templates/values.yaml index de9017b7..48ad6d32 100644 --- a/deploy/templates/values.yaml +++ b/deploy/templates/values.yaml @@ -5,6 +5,9 @@ kubezero: {{- end }} calico: enabled: {{ .Values.calico.enabled }} + {{- if .Values.calico.network }} + network: {{ .Values.calico.network }} + {{- end }} cert-manager: enabled: {{ index .Values "cert-manager" "enabled" }} values: