ZeroDownTime/KubeZero
3
0
Fork 0
Code Issues 1 Pull Requests 25 Packages Projects Releases Wiki Activity

Bug fix for legacy cert-manager CRDs and disable CM edit for now

Browse Source
This commit is contained in:
Stefan Reimer 2023-11-30 20:04:13 +00:00
parent f4fc46f7be
commit 9c06b052ea
2 changed files with 172 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

164
[B Normal file
View File

@ -0,0 +1,164 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: kubezero
namespace: argocd
spec:
destination:
namespace: argocd
server: https://kubernetes.default.svc
project: kubezero
source:
chart: kubezero
helm:
values: |
argocd:
enabled: true
configs:
cm:
url: https://argocd.vi.epmyalptest.com
istio:
enabled: true
gateway: istio-ingress/private-ingressgateway
cert-manager:
enabled: true
IamArn: arn:aws:iam::561550319853:role/us-east-1.plaympe-test-vi.cert-manager
clusterIssuer:
name: letsencrypt-dns-prod
email: admin@dice.net
server: https://acme-v02.api.letsencrypt.org/directory
solvers:
- dns01:
route53:
region: us-east-1
selector:
dnsZones:
- epmyalptest.com
- vi.epmyalptest.com
- plaympetest.com
- vi.plaympetest.com
global:
aws:
accountId: '561550319853'
region: us-east-1
clusterName: plaympe-test-vi
highAvailable: false
istio:
enabled: true
rateLimiting:
enabled: true
istio-ingress:
enabled: true
certificates:
- name: ingress-cert
dnsNames:
- '*.epmyalptest.com'
- '*.vi.epmyalptest.com'
- '*.plaympetest.com'
- '*.vi.plaympetest.com'
istio-private-ingress:
enabled: true
certificates:
- name: private-ingress-cert
dnsNames:
- '*.epmyalptest.com'
- '*.vi.epmyalptest.com'
- '*.plaympetest.com'
- '*.vi.plaympetest.com'
kubezero:
gitSync:
path: clusters/plaympe-test/us-east-1
repoURL: https://bitbucket.org/destinymedia/kubernetes
targetRevision: HEAD
syncPolicy:
automated:
prune: true
logging:
enabled: true
fluent-bit:
enabled: true
config:
extraRecords:
source.clustername: plaympe-test-vi
output:
host: fluentd.or.epmyalptest.com
tls: true
metrics:
enabled: true
istio:
alertmanager:
enabled: true
gateway: istio-ingress/private-ingressgateway
url: alertmanager.vi.epmyalptest.com
grafana:
enabled: true
gateway: istio-ingress/private-ingressgateway
url: metrics.vi.epmyalptest.com
prometheus:
enabled: true
gateway: istio-ingress/private-ingressgateway
url: prometheus.vi.epmyalptest.com
kube-prometheus-stack:
alertmanager:
enabled: true
alertmanagerSpec:
externalUrl: https://alertmanager.vi.epmyalptest.com
prometheus:
prometheusSpec:
externalUrl: https://prometheus.vi.epmyalptest.com
network:
cilium:
enabled: true
cluster:
name: plaympe-test-vi
id: 221
ipam:
operator:
clusterPoolIPv4PodCIDRList:
- 10.221.0.0/16
operators:
enabled: true
eck-operator:
enabled: true
storage:
enabled: true
aws-ebs-csi-driver:
enabled: true
IamArn: arn:aws:iam::561550319853:role/us-east-1.plaympe-test-vi.ebs-csi-controller-sa
aws-efs-csi-driver:
enabled: true
IamArn: arn:aws:iam::561550319853:role/us-east-1.plaympe-test-vi.efs-csi-controller-sa
PersistentVolumes:
- name: services-dsny-cache
claimRef:
name: dsny-cache
namespace: services
volumeAttributes:
encryptInTransit: 'false'
volumeHandle: fs-ec4ad96f:/services/dsny-cache
- name: services-geolocation
claimRef:
name: geolocation
namespace: services
volumeAttributes:
encryptInTransit: 'false'
volumeHandle: fs-ec4ad96f:/services/geolocation
- name: platform-geolocation
claimRef:
name: geolocation
namespace: platform
volumeAttributes:
encryptInTransit: 'false'
volumeHandle: fs-ec4ad96f:/platform/geolocation
- name: services-soundmouse
claimRef:
name: soundmouse
namespace: services
volumeAttributes:
encryptInTransit: 'false'
volumeHandle: fs-ec4ad96f:/services/soundmouse
repoURL: https://cdn.zero-downtime.net/charts
targetRevision: 1.27.8
syncPolicy:
automated:
prune: true

10
admin/upgrade_cluster.sh
View File

@ -145,9 +145,9 @@ argo_used && disable_argo
control_plane_upgrade kubeadm_upgrade control_plane_upgrade kubeadm_upgrade
echo "Adjust kubezero values as needed:" #echo "Adjust kubezero values as needed:"
# shellcheck disable=SC2015 # shellcheck disable=SC2015
argo_used && kubectl edit app kubezero -n argocd || kubectl edit cm kubezero-values -n kube-system #argo_used && kubectl edit app kubezero -n argocd || kubectl edit cm kubezero-values -n kube-system
# v1.27 # v1.27
# We need to restore the network ready file as cilium decided to rename it # We need to restore the network ready file as cilium decided to rename it
@ -186,6 +186,12 @@ for c in $controllers; do
done done
kubectl label node $c topology.ebs.csi.aws.com/zone- kubectl label node $c topology.ebs.csi.aws.com/zone-
done done
# Fix for legacy cert-manager CRDs to be upgraded
for crd_name in certificaterequests.cert-manager.io certificates.cert-manager.io challenges.acme.cert-manager.io clusterissuers.cert-manager.io issuers.cert-manager.io orders.acme.cert-manager.io; do
manager_index="$(kubectl get crd "${crd_name}" --show-managed-fields --output json | jq -r '.metadata.managedFields | map(.manager == "cainjector") | index(true)')"
[ "$manager_index" != "null" ] && kubectl patch crd "${crd_name}" --type=json -p="[{\"op\": \"remove\", \"path\": \"/metadata/managedFields/${manager_index}\"}]"
done
# v1.27 # v1.27
control_plane_upgrade "apply_cert-manager, apply_istio, apply_istio-ingress, apply_istio-private-ingress, apply_logging, apply_metrics, apply_telemetry, apply_argocd" control_plane_upgrade "apply_cert-manager, apply_istio, apply_istio-ingress, apply_istio-private-ingress, apply_logging, apply_metrics, apply_telemetry, apply_argocd"