From 9e87f92d45a2092446dc9395bbb458c09a1cf554 Mon Sep 17 00:00:00 2001 From: Stefan Reimer Date: Sun, 1 Jun 2025 17:27:13 +0000 Subject: [PATCH] feat: merge kubezero and module values by default --- admin/libhelm.sh | 8 ++++++++ admin/migrate_argo_values.py | 7 +++++++ charts/kubezero-lib/templates/_helpers.tpl | 14 ------------- charts/kubezero-metrics/values.yaml | 2 +- charts/kubezero-network/values.yaml | 20 +++++++++++++------ charts/kubezero/templates/_app.tpl | 2 +- charts/kubezero/templates/istio-ingress.yaml | 3 +-- .../templates/istio-private-ingress.yaml | 3 +-- charts/kubezero/templates/network.yaml | 8 +++----- charts/kubezero/values.yaml | 6 +++--- 10 files changed, 39 insertions(+), 34 deletions(-) diff --git a/admin/libhelm.sh b/admin/libhelm.sh index 2b42355b..d71a00ce 100644 --- a/admin/libhelm.sh +++ b/admin/libhelm.sh @@ -83,6 +83,9 @@ function get_kubezero_secret() { function ensure_kubezero_secret_key() { + local ns=$1 + local secret=$2 + local secret="$(kubectl get secret -n $ns $secret -o yaml)" local key local val @@ -264,6 +267,11 @@ function _helm() { crds + elif [ $action == "dryrun" ]; then + cat $WORKDIR/values.yaml + render + cat $WORKDIR/helm.yaml + elif [ $action == "apply" -o $action == "replace" ]; then echo "using values to $action of module $module: " cat $WORKDIR/values.yaml diff --git a/admin/migrate_argo_values.py b/admin/migrate_argo_values.py index e24ec1d4..94b3ac72 100755 --- a/admin/migrate_argo_values.py +++ b/admin/migrate_argo_values.py @@ -10,7 +10,14 @@ def migrate(values): # 1.32 try: + values["istio-ingress"]["gateway"]["service"]["extraPorts"] = values["istio-ingress"]["gateway"]["service"]["ports"] + values["istio-ingress"]["gateway"]["service"].pop("ports") + except KeyError: pass + + try: + values["istio-private-ingress"]["gateway"]["service"]["extraPorts"] = values["istio-private-ingress"]["gateway"]["service"]["ports"] + values["istio-private-ingress"]["gateway"]["service"].pop("ports") except KeyError: pass diff --git a/charts/kubezero-lib/templates/_helpers.tpl b/charts/kubezero-lib/templates/_helpers.tpl index 52e5da48..f2b5d184 100644 --- a/charts/kubezero-lib/templates/_helpers.tpl +++ b/charts/kubezero-lib/templates/_helpers.tpl @@ -42,17 +42,3 @@ helm.sh/chart: {{ include "kubezero-lib.chart" . }} app.kubernetes.io/managed-by: {{ .Release.Service }} app.kubernetes.io/part-of: kubezero {{- end -}} - -{{- /* -kubezero-lib.util.merge will merge two YAML templates and output the result. -This takes an array of three values: -- the top context -- the template name of the overrides (destination) -- the template name of the base (source) -*/ -}} -{{- define "kubezero-lib.util.merge" -}} -{{- $top := first . -}} -{{- $overrides := fromYaml (include (index . 1) $top) | default (dict ) -}} -{{- $tpl := fromYaml (include (index . 2) $top) | default (dict ) -}} -{{- toYaml (merge $overrides $tpl) -}} -{{- end -}} diff --git a/charts/kubezero-metrics/values.yaml b/charts/kubezero-metrics/values.yaml index dbc0eb8c..ec870864 100644 --- a/charts/kubezero-metrics/values.yaml +++ b/charts/kubezero-metrics/values.yaml @@ -12,7 +12,7 @@ kube-prometheus-stack: kubeStateMetrics: enabled: true kubeProxy: - enabled: true + enabled: false kubeEtcd: enabled: true diff --git a/charts/kubezero-network/values.yaml b/charts/kubezero-network/values.yaml index 985d946c..c99bed7f 100644 --- a/charts/kubezero-network/values.yaml +++ b/charts/kubezero-network/values.yaml @@ -33,11 +33,11 @@ cilium: resources: requests: - cpu: 10m - memory: 160Mi - limits: - memory: 1Gi - # cpu: 4000m + cpu: 50m + memory: 256Mi +# limits: +# memory: 1Gi +# cpu: 4000m cni: binPath: "/usr/libexec/cni" @@ -68,6 +68,13 @@ cilium: dnsProxy: enableTransparentMode: true +# For LB support via L2announcement or BGP - on-prem only +# l2announcements: +# enabled: true +# Not needed normally +# externalIPs: +# enabled: true + k8sServiceHost: "" k8sServicePort: 6443 # k8s: @@ -80,8 +87,9 @@ cilium: enabled: false hostRoot: "/sys/fs/cgroup" + bpf: + preallocateMaps: true # we need biDirectional so use helm init-container - #bpf: # autoMount: # enabled: false diff --git a/charts/kubezero/templates/_app.tpl b/charts/kubezero/templates/_app.tpl index 2a6205cb..664a8bf7 100644 --- a/charts/kubezero/templates/_app.tpl +++ b/charts/kubezero/templates/_app.tpl @@ -28,7 +28,7 @@ spec: helm: skipTests: true valuesObject: - {{- include (print $name "-values") $ | nindent 8 }} + {{- toYaml (merge (omit (index .Values $name) "enabled" "namespace" "retain" "targetRevision") (fromYaml (include (print $name "-values") $ ))) | nindent 8 }} destination: server: "https://kubernetes.default.svc" diff --git a/charts/kubezero/templates/istio-ingress.yaml b/charts/kubezero/templates/istio-ingress.yaml index afd46712..13d03a73 100644 --- a/charts/kubezero/templates/istio-ingress.yaml +++ b/charts/kubezero/templates/istio-ingress.yaml @@ -67,7 +67,7 @@ gateway: gatewayProtocol: HTTPS tls: mode: SIMPLE - {{- with index .Values "istio-ingress" "gateway" "service" "ports" }} + {{- with index .Values "istio-ingress" "gateway" "service" "extraPorts" }} {{- toYaml . | nindent 4 }} {{- end }} @@ -93,7 +93,6 @@ certificates: {{- toYaml $cert.dnsNames | nindent 4 }} {{- end }} {{- end }} -proxyProtocol: {{ default true (index .Values "istio-ingress" "proxyProtocol") }} {{- with (index .Values "istio-ingress" "hardening") }} hardening: {{- toYaml . | nindent 2 }} diff --git a/charts/kubezero/templates/istio-private-ingress.yaml b/charts/kubezero/templates/istio-private-ingress.yaml index 5ec9062a..caf0c7dd 100644 --- a/charts/kubezero/templates/istio-private-ingress.yaml +++ b/charts/kubezero/templates/istio-private-ingress.yaml @@ -64,7 +64,7 @@ gateway: gatewayProtocol: HTTPS tls: mode: SIMPLE - {{- with index .Values "istio-private-ingress" "gateway" "service" "ports" }} + {{- with index .Values "istio-private-ingress" "gateway" "service" "extraPorts" }} {{- toYaml . | nindent 4 }} {{- end }} @@ -88,7 +88,6 @@ certificates: dnsNames: {{- toYaml $cert.dnsNames | nindent 4 }} {{- end }} -proxyProtocol: {{ default true (index .Values "istio-private-ingress" "proxyProtocol") }} {{- with (index .Values "istio-private-ingress" "hardening") }} hardening: {{- toYaml . | nindent 2 }} diff --git a/charts/kubezero/templates/network.yaml b/charts/kubezero/templates/network.yaml index f40fb6b0..a18418ea 100644 --- a/charts/kubezero/templates/network.yaml +++ b/charts/kubezero/templates/network.yaml @@ -9,25 +9,23 @@ multus: # {{- end }} cilium: - enabled: true + k8sServiceHost: {{ .Values.global.apiServerUrl }} # {{- if eq .Values.global.platform "aws" }} # image: # pullPolicy: Never # {{- end }} - k8sServiceHost: {{ .Values.global.apiServerUrl }} # k8s: # apiServerURLs: "https://{{ .Values.global.apiServerUrl }}" cluster: name: {{ .Values.global.clusterName }} - {{- with .Values.network.cilium.cluster.id }} - id: {{ . }} + {{- with .Values.network.cilium.cluster.id }} ipam: operator: clusterPoolIPv4PodCIDRList: - 10.{{ . }}.0.0/16 - {{- end }} + {{- end }} prometheus: enabled: {{ .Values.metrics.enabled }} diff --git a/charts/kubezero/values.yaml b/charts/kubezero/values.yaml index 809b820c..92e6f383 100644 --- a/charts/kubezero/values.yaml +++ b/charts/kubezero/values.yaml @@ -61,13 +61,13 @@ storage: istio: enabled: false namespace: istio-system - targetRevision: 0.24.3 + targetRevision: 0.24.6 istio-ingress: enabled: false chart: kubezero-istio-gateway namespace: istio-ingress - targetRevision: 0.24.3 + targetRevision: 0.24.6 gateway: service: {} @@ -75,7 +75,7 @@ istio-private-ingress: enabled: false chart: kubezero-istio-gateway namespace: istio-ingress - targetRevision: 0.24.3 + targetRevision: 0.24.6 gateway: service: {}