feat: merge kubezero and module values by default

admin/libhelm.sh

@@ -83,6 +83,9 @@ function get_kubezero_secret() {
 
 
 function ensure_kubezero_secret_key() {
+  local ns=$1
+  local secret=$2
+
   local secret="$(kubectl get secret -n $ns $secret -o yaml)"
   local key
   local val
@@ -264,6 +267,11 @@ function _helm() {
 
     crds
 
+  elif [ $action == "dryrun" ]; then
+    cat $WORKDIR/values.yaml
+    render
+    cat $WORKDIR/helm.yaml
+
   elif [ $action == "apply" -o $action == "replace" ]; then
     echo "using values to $action of module $module: "
     cat $WORKDIR/values.yaml

admin/migrate_argo_values.py

@@ -10,7 +10,14 @@ def migrate(values):
 
     # 1.32
     try:
+        values["istio-ingress"]["gateway"]["service"]["extraPorts"] = values["istio-ingress"]["gateway"]["service"]["ports"]
+        values["istio-ingress"]["gateway"]["service"].pop("ports")
+    except KeyError:
         pass
+
+    try:
+        values["istio-private-ingress"]["gateway"]["service"]["extraPorts"] = values["istio-private-ingress"]["gateway"]["service"]["ports"]
+        values["istio-private-ingress"]["gateway"]["service"].pop("ports")
     except KeyError:
         pass
 

charts/kubezero-lib/templates/_helpers.tpl

@@ -42,17 +42,3 @@ helm.sh/chart: {{ include "kubezero-lib.chart" . }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
 app.kubernetes.io/part-of: kubezero
 {{- end -}}
-
-{{- /*
-kubezero-lib.util.merge will merge two YAML templates and output the result.
-This takes an array of three values:
-- the top context
-- the template name of the overrides (destination)
-- the template name of the base (source)
-*/ -}}
-{{- define "kubezero-lib.util.merge" -}}
-{{- $top := first . -}}
-{{- $overrides := fromYaml (include (index . 1) $top) | default (dict ) -}}
-{{- $tpl := fromYaml (include (index . 2) $top) | default (dict ) -}}
-{{- toYaml (merge $overrides $tpl) -}}
-{{- end -}}

charts/kubezero-metrics/values.yaml

@@ -12,7 +12,7 @@ kube-prometheus-stack:
   kubeStateMetrics:
     enabled: true
   kubeProxy:
-    enabled: true
+    enabled: false
 
   kubeEtcd:
     enabled: true

charts/kubezero-network/values.yaml

@@ -33,11 +33,11 @@ cilium:
 
   resources:
     requests:
-      cpu: 10m
+      cpu: 50m
-      memory: 160Mi
+      memory: 256Mi
-    limits:
+#   limits:
-      memory: 1Gi
+#     memory: 1Gi
-      # cpu: 4000m
+#     cpu: 4000m
 
   cni:
     binPath: "/usr/libexec/cni"
@@ -68,6 +68,13 @@ cilium:
   dnsProxy:
     enableTransparentMode: true
 
+# For LB support via L2announcement or BGP - on-prem only
+# l2announcements:
+#   enabled: true
+# Not needed normally
+# externalIPs:
+#   enabled: true
+
   k8sServiceHost: ""
   k8sServicePort: 6443
 # k8s:
@@ -80,8 +87,9 @@ cilium:
       enabled: false
     hostRoot: "/sys/fs/cgroup"
 
+  bpf:
+    preallocateMaps: true
   # we need biDirectional so use helm init-container
-  #bpf:
   # autoMount:
   #   enabled: false
 

charts/kubezero/templates/_app.tpl

@@ -28,7 +28,7 @@ spec:
     helm:
       skipTests: true
       valuesObject:
-        {{- include (print $name "-values") $ | nindent 8 }}
+        {{- toYaml (merge (omit (index .Values $name) "enabled" "namespace" "retain" "targetRevision") (fromYaml (include (print $name "-values") $ ))) | nindent 8 }}
 
   destination:
     server: "https://kubernetes.default.svc"

charts/kubezero/templates/istio-ingress.yaml

@@ -67,7 +67,7 @@ gateway:
       gatewayProtocol: HTTPS
       tls:
         mode: SIMPLE
-    {{- with index .Values "istio-ingress" "gateway" "service" "ports" }}
+    {{- with index .Values "istio-ingress" "gateway" "service" "extraPorts" }}
     {{- toYaml . | nindent 4 }}
     {{- end }}
 
@@ -93,7 +93,6 @@ certificates:
   {{- toYaml $cert.dnsNames | nindent 4 }}
 {{- end }}
 {{- end }}
-proxyProtocol: {{ default true (index .Values "istio-ingress" "proxyProtocol") }}
 {{- with (index .Values "istio-ingress" "hardening") }}
 hardening:
   {{- toYaml . | nindent 2 }}

charts/kubezero/templates/istio-private-ingress.yaml

@@ -64,7 +64,7 @@ gateway:
       gatewayProtocol: HTTPS
       tls:
         mode: SIMPLE
-  {{- with index .Values "istio-private-ingress" "gateway" "service" "ports" }}
+  {{- with index .Values "istio-private-ingress" "gateway" "service" "extraPorts" }}
   {{- toYaml . | nindent 4 }}
   {{- end }}
 
@@ -88,7 +88,6 @@ certificates:
   dnsNames:
   {{- toYaml $cert.dnsNames | nindent 4 }}
 {{- end }}
-proxyProtocol: {{ default true (index .Values "istio-private-ingress" "proxyProtocol") }}
 {{- with (index .Values "istio-private-ingress" "hardening") }}
 hardening:
   {{- toYaml . | nindent 2 }}

charts/kubezero/templates/network.yaml

@@ -9,25 +9,23 @@ multus:
 # {{- end }}
 
 cilium:
-  enabled: true
+  k8sServiceHost: {{ .Values.global.apiServerUrl }}
 
 # {{- if eq .Values.global.platform "aws" }}
 # image:
 #   pullPolicy: Never
 # {{- end }}
-  k8sServiceHost: {{ .Values.global.apiServerUrl }}
 # k8s:
 #   apiServerURLs: "https://{{ .Values.global.apiServerUrl }}"
 
   cluster:
     name: {{ .Values.global.clusterName }}
-    {{- with .Values.network.cilium.cluster.id }}
+  {{- with .Values.network.cilium.cluster.id }}
-    id: {{ . }}
   ipam:
     operator:
       clusterPoolIPv4PodCIDRList:
         - 10.{{ . }}.0.0/16
-    {{- end }}
+  {{- end }}
 
   prometheus:
     enabled: {{ .Values.metrics.enabled }}

charts/kubezero/values.yaml

@@ -61,13 +61,13 @@ storage:
 istio:
   enabled: false
   namespace: istio-system
-  targetRevision: 0.24.3
+  targetRevision: 0.24.6
 
 istio-ingress:
   enabled: false
   chart: kubezero-istio-gateway
   namespace: istio-ingress
-  targetRevision: 0.24.3
+  targetRevision: 0.24.6
   gateway:
     service: {}
 
@@ -75,7 +75,7 @@ istio-private-ingress:
   enabled: false
   chart: kubezero-istio-gateway
   namespace: istio-ingress
-  targetRevision: 0.24.3
+  targetRevision: 0.24.6
   gateway:
     service: {}