feat: reorg network and core addons
This commit is contained in:
parent
26b66016ad
commit
a222c507f6
@ -1 +0,0 @@
|
||||
../containers/admin/v1.21/kubeadm
|
@ -2,19 +2,20 @@ apiVersion: v2
|
||||
name: kubezero-addons
|
||||
description: KubeZero umbrella chart for various optional cluster addons
|
||||
type: application
|
||||
version: 0.1.0
|
||||
version: 0.2.0
|
||||
home: https://kubezero.com
|
||||
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
||||
keywords:
|
||||
- kubezero
|
||||
- fuse-device-plugin
|
||||
- metallb
|
||||
- k8s-ecr-login-renew
|
||||
- aws-node-termination-handler
|
||||
maintainers:
|
||||
- name: Quarky9
|
||||
- name: Stefan Reimer
|
||||
email: stefan@zero-downtime.net
|
||||
dependencies:
|
||||
- name: metallb
|
||||
version: 0.10.2
|
||||
repository: https://metallb.github.io/metallb
|
||||
condition: metallb.enabled
|
||||
kubeVersion: ">= 1.18.0"
|
||||
- name: aws-node-termination-handler
|
||||
version: 0.16.0
|
||||
repository: https://aws.github.io/eks-charts
|
||||
condition: aws-node-termination-handler.enabled
|
||||
kubeVersion: ">= 1.20.0"
|
||||
|
55
charts/kubezero-addons/templates/cluster-backup/cronjob.yaml
Normal file
55
charts/kubezero-addons/templates/cluster-backup/cronjob.yaml
Normal file
@ -0,0 +1,55 @@
|
||||
{{- if .Values.clusterBackup.enabled }}
|
||||
apiVersion: batch/v1
|
||||
kind: CronJob
|
||||
metadata:
|
||||
name: kubezero-backup
|
||||
namespace: kube-system
|
||||
spec:
|
||||
schedule: "0 * * * *"
|
||||
jobTemplate:
|
||||
spec:
|
||||
backoffLimit: 1
|
||||
template:
|
||||
spec:
|
||||
containers:
|
||||
- name: kubezero-admin
|
||||
image: "{{ .Values.clusterBackup.image.name }}:{{ .Values.clusterBackup.image.tag }}"
|
||||
imagePullPolicy: Always
|
||||
command: ["kubezero.sh"]
|
||||
args:
|
||||
- backup
|
||||
volumeMounts:
|
||||
- name: host
|
||||
mountPath: /host
|
||||
- name: workdir
|
||||
mountPath: /tmp
|
||||
env:
|
||||
- name: DEBUG
|
||||
value: "1"
|
||||
- name: RESTIC_REPOSITORY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: kubezero-backup-restic
|
||||
key: repository
|
||||
- name: RESTIC_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: kubezero-backup-restic
|
||||
key: password
|
||||
#securityContext:
|
||||
# readOnlyRootFilesystem: true
|
||||
hostNetwork: true
|
||||
volumes:
|
||||
- name: host
|
||||
hostPath:
|
||||
path: /
|
||||
type: Directory
|
||||
- name: workdir
|
||||
emptyDir: {}
|
||||
nodeSelector:
|
||||
node-role.kubernetes.io/control-plane: ""
|
||||
tolerations:
|
||||
- key: node-role.kubernetes.io/master
|
||||
effect: NoSchedule
|
||||
restartPolicy: Never
|
||||
{{- end }}
|
11
charts/kubezero-addons/templates/cluster-backup/secret.yaml
Normal file
11
charts/kubezero-addons/templates/cluster-backup/secret.yaml
Normal file
@ -0,0 +1,11 @@
|
||||
{{- if .Values.clusterBackup.enabled }}
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: kubezero-backup-restic
|
||||
namespace: kube-system
|
||||
type: Opaque
|
||||
data:
|
||||
repository: {{ default "" .Values.clusterBackup.repository | b64enc }}
|
||||
password: {{ default "" .Values.clusterBackup.password | b64enc }}
|
||||
{{- end }}
|
@ -1,21 +1,40 @@
|
||||
metallb:
|
||||
clusterBackup:
|
||||
enabled: false
|
||||
psp:
|
||||
|
||||
image:
|
||||
name: public.ecr.aws/zero-downtime/kubezero-admin
|
||||
tag: v1.21.7
|
||||
|
||||
repository: ""
|
||||
password: ""
|
||||
|
||||
aws-node-termination-handler:
|
||||
enabled: false
|
||||
|
||||
fullnameOverride: "aws-node-termination-handler"
|
||||
|
||||
enableSqsTerminationDraining: true
|
||||
|
||||
# -- SQS queue ARN from kube controller stack
|
||||
queueURL: ""
|
||||
|
||||
deleteLocalData: true
|
||||
taintNode: true
|
||||
|
||||
enablePrometheusServer: false
|
||||
podMonitor:
|
||||
create: false
|
||||
|
||||
controller:
|
||||
tolerations:
|
||||
- key: node-role.kubernetes.io/master
|
||||
effect: NoSchedule
|
||||
nodeSelector:
|
||||
node-role.kubernetes.io/master: ""
|
||||
jsonLogging: true
|
||||
|
||||
configInline: {}
|
||||
# address-pools:
|
||||
# - name: my-ip-space
|
||||
# protocol: layer2
|
||||
# addresses:
|
||||
# - 192.168.42.0/24
|
||||
tolerations:
|
||||
- key: node-role.kubernetes.io/master
|
||||
effect: NoSchedule
|
||||
nodeSelector:
|
||||
node-role.kubernetes.io/control-plane: ""
|
||||
|
||||
rbac:
|
||||
pspEnabled: false
|
||||
|
||||
fuseDevicePlugin:
|
||||
enabled: false
|
||||
|
30
charts/kubezero-network/Chart.yaml
Normal file
30
charts/kubezero-network/Chart.yaml
Normal file
@ -0,0 +1,30 @@
|
||||
apiVersion: v2
|
||||
name: kubezero-network
|
||||
description: KubeZero umbrella chart for all things network
|
||||
type: application
|
||||
version: 0.1.0
|
||||
home: https://kubezero.com
|
||||
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
||||
keywords:
|
||||
- kubezero
|
||||
- multus
|
||||
- cilium
|
||||
- aws-cni
|
||||
- metallb
|
||||
maintainers:
|
||||
- name: Stefan Reimer
|
||||
email: stefan@zero-downtime.net
|
||||
dependencies:
|
||||
- name: cilium
|
||||
version: 1.10.5
|
||||
repository: https://helm.cilium.io/
|
||||
condition: cilium.enabled
|
||||
- name: metallb
|
||||
version: 0.10.2
|
||||
repository: https://metallb.github.io/metallb
|
||||
condition: metallb.enabled
|
||||
# Legact / Testing support
|
||||
- name: calico
|
||||
version: 0.2.2
|
||||
condition: calico.enabled
|
||||
kubeVersion: ">= 1.20.0"
|
36
charts/kubezero-network/README.md
Normal file
36
charts/kubezero-network/README.md
Normal file
@ -0,0 +1,36 @@
|
||||
# kubezero-network
|
||||
|
||||
![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
|
||||
|
||||
KubeZero umbrella chart for all things network
|
||||
|
||||
**Homepage:** <https://kubezero.com>
|
||||
|
||||
## Maintainers
|
||||
|
||||
| Name | Email | Url |
|
||||
| ---- | ------ | --- |
|
||||
| Stefan Reimer | stefan@zero-downtime.net | |
|
||||
|
||||
## Requirements
|
||||
|
||||
Kubernetes: `>= 1.20.0`
|
||||
|
||||
| Repository | Name | Version |
|
||||
|------------|------|---------|
|
||||
| https://metallb.github.io/metallb | metallb | 0.10.2 |
|
||||
|
||||
# MetalLB
|
||||
|
||||
## Values
|
||||
|
||||
| Key | Type | Default | Description |
|
||||
|-----|------|---------|-------------|
|
||||
| cilium.enabled | bool | `false` | |
|
||||
| metallb.configInline | object | `{}` | |
|
||||
| metallb.controller.nodeSelector."node-role.kubernetes.io/master" | string | `""` | |
|
||||
| metallb.controller.tolerations[0].effect | string | `"NoSchedule"` | |
|
||||
| metallb.controller.tolerations[0].key | string | `"node-role.kubernetes.io/master"` | |
|
||||
| metallb.enabled | bool | `false` | |
|
||||
| metallb.psp.create | bool | `false` | |
|
||||
| multus.enabled | bool | `false` | |
|
18
charts/kubezero-network/README.md.gotmpl
Normal file
18
charts/kubezero-network/README.md.gotmpl
Normal file
@ -0,0 +1,18 @@
|
||||
{{ template "chart.header" . }}
|
||||
{{ template "chart.deprecationWarning" . }}
|
||||
|
||||
{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }}
|
||||
|
||||
{{ template "chart.description" . }}
|
||||
|
||||
{{ template "chart.homepageLine" . }}
|
||||
|
||||
{{ template "chart.maintainersSection" . }}
|
||||
|
||||
{{ template "chart.sourcesSection" . }}
|
||||
|
||||
{{ template "chart.requirementsSection" . }}
|
||||
|
||||
# MetalLB
|
||||
|
||||
{{ template "chart.valuesSection" . }}
|
@ -1,6 +1,6 @@
|
||||
apiVersion: v2
|
||||
name: kubezero-calico
|
||||
description: KubeZero Umbrella Chart for Calico
|
||||
name: calico
|
||||
description: KubeZero Chart for Calico
|
||||
type: application
|
||||
version: 0.2.2
|
||||
appVersion: v3.16.5
|
||||
@ -15,4 +15,4 @@ dependencies:
|
||||
- name: kubezero-lib
|
||||
version: ">= 0.1.3"
|
||||
repository: https://zero-down-time.github.io/kubezero/
|
||||
kubeVersion: ">= 1.16.0"
|
||||
kubeVersion: ">= 1.20.0"
|
@ -1,8 +1,8 @@
|
||||
# kubezero-calico
|
||||
# calico
|
||||
|
||||
![Version: 0.2.2](https://img.shields.io/badge/Version-0.2.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v3.16.5](https://img.shields.io/badge/AppVersion-v3.16.5-informational?style=flat-square)
|
||||
|
||||
KubeZero Umbrella Chart for Calico
|
||||
KubeZero Chart for Calico
|
||||
|
||||
**Homepage:** <https://kubezero.com>
|
||||
|
||||
@ -14,7 +14,7 @@ KubeZero Umbrella Chart for Calico
|
||||
|
||||
## Requirements
|
||||
|
||||
Kubernetes: `>= 1.16.0`
|
||||
Kubernetes: `>= 1.20.0`
|
||||
|
||||
| Repository | Name | Version |
|
||||
|------------|------|---------|
|
46
charts/kubezero-network/templates/multus/crds.yaml
Normal file
46
charts/kubezero-network/templates/multus/crds.yaml
Normal file
@ -0,0 +1,46 @@
|
||||
{{- if .Values.multus.enabled }}
|
||||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
name: network-attachment-definitions.k8s.cni.cncf.io
|
||||
spec:
|
||||
group: k8s.cni.cncf.io
|
||||
scope: Namespaced
|
||||
names:
|
||||
plural: network-attachment-definitions
|
||||
singular: network-attachment-definition
|
||||
kind: NetworkAttachmentDefinition
|
||||
shortNames:
|
||||
- net-attach-def
|
||||
versions:
|
||||
- name: v1
|
||||
served: true
|
||||
storage: true
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
description: 'NetworkAttachmentDefinition is a CRD schema specified by the Network Plumbing
|
||||
Working Group to express the intent for attaching pods to one or more logical or physical
|
||||
networks. More information available at: https://github.com/k8snetworkplumbingwg/multi-net-spec'
|
||||
type: object
|
||||
properties:
|
||||
apiVersion:
|
||||
description: 'APIVersion defines the versioned schema of this represen
|
||||
tation of an object. Servers should convert recognized schemas to the
|
||||
latest internal value, and may reject unrecognized values. More info:
|
||||
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||
type: string
|
||||
kind:
|
||||
description: 'Kind is a string value representing the REST resource this
|
||||
object represents. Servers may infer this from the endpoint the client
|
||||
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||
type: string
|
||||
metadata:
|
||||
type: object
|
||||
spec:
|
||||
description: 'NetworkAttachmentDefinition spec defines the desired state of a network attachment'
|
||||
type: object
|
||||
properties:
|
||||
config:
|
||||
description: 'NetworkAttachmentDefinition config is a JSON-formatted CNI configuration'
|
||||
type: string
|
||||
{{- end }}
|
163
charts/kubezero-network/templates/multus/daemonset.yaml
Normal file
163
charts/kubezero-network/templates/multus/daemonset.yaml
Normal file
@ -0,0 +1,163 @@
|
||||
{{- if .Values.multus.enabled }}
|
||||
kind: ClusterRole
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
name: multus
|
||||
rules:
|
||||
- apiGroups: ["k8s.cni.cncf.io"]
|
||||
resources:
|
||||
- '*'
|
||||
verbs:
|
||||
- '*'
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- pods
|
||||
- pods/status
|
||||
verbs:
|
||||
- get
|
||||
- update
|
||||
- apiGroups:
|
||||
- ""
|
||||
- events.k8s.io
|
||||
resources:
|
||||
- events
|
||||
verbs:
|
||||
- create
|
||||
- patch
|
||||
- update
|
||||
---
|
||||
kind: ClusterRoleBinding
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
name: multus
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: multus
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: multus
|
||||
namespace: kube-system
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: multus
|
||||
namespace: kube-system
|
||||
---
|
||||
kind: ConfigMap
|
||||
apiVersion: v1
|
||||
metadata:
|
||||
name: multus-cni-config
|
||||
namespace: kube-system
|
||||
labels:
|
||||
tier: node
|
||||
app: multus
|
||||
data:
|
||||
# NOTE: If you'd prefer to manually apply a configuration file, you may create one here.
|
||||
# In the case you'd like to customize the Multus installation, you should change the arguments to the Multus pod
|
||||
# change the "args" line below from
|
||||
# - "--multus-conf-file=auto"
|
||||
# to:
|
||||
# "--multus-conf-file=/tmp/multus-conf/70-multus.conf"
|
||||
# Additionally -- you should ensure that the name "70-multus.conf" is the alphabetically first name in the
|
||||
# /etc/cni/net.d/ directory on each node, otherwise, it will not be used by the Kubelet.
|
||||
cni-conf.json: |
|
||||
{
|
||||
"cniVersion": "0.3.1",
|
||||
"name": "multus-cni-network",
|
||||
"type": "multus",
|
||||
"kubeconfig": "/etc/cni/net.d/multus.d/multus.kubeconfig",
|
||||
"delegates": [
|
||||
{
|
||||
"cniVersion": "0.3.1",
|
||||
"name": "cilium",
|
||||
"type": "cilium-cni",
|
||||
"enable-debug": false
|
||||
}
|
||||
]
|
||||
}
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: DaemonSet
|
||||
metadata:
|
||||
name: kube-multus-ds
|
||||
namespace: kube-system
|
||||
labels:
|
||||
tier: node
|
||||
app: multus
|
||||
name: multus
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
name: multus
|
||||
updateStrategy:
|
||||
type: RollingUpdate
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
tier: node
|
||||
app: multus
|
||||
name: multus
|
||||
spec:
|
||||
hostNetwork: true
|
||||
tolerations:
|
||||
- operator: Exists
|
||||
effect: NoSchedule
|
||||
serviceAccountName: multus
|
||||
containers:
|
||||
- name: kube-multus
|
||||
image: ghcr.io/k8snetworkplumbingwg/multus-cni:{{ .Values.multus.tag }}
|
||||
command: ["/entrypoint.sh"]
|
||||
args:
|
||||
- "--multus-conf-file=auto"
|
||||
- "--cni-version=0.3.1"
|
||||
resources:
|
||||
requests:
|
||||
cpu: "100m"
|
||||
memory: "50Mi"
|
||||
limits:
|
||||
cpu: "100m"
|
||||
memory: "50Mi"
|
||||
securityContext:
|
||||
privileged: true
|
||||
volumeMounts:
|
||||
- name: cni
|
||||
mountPath: /host/etc/cni/net.d
|
||||
- name: cnibin
|
||||
mountPath: /host/opt/cni/bin
|
||||
- name: multus-cfg
|
||||
mountPath: /tmp/multus-conf
|
||||
initContainers:
|
||||
- name: install-multus-binary
|
||||
image: ghcr.io/k8snetworkplumbingwg/multus-cni:{{ .Values.multus.tag }}
|
||||
command:
|
||||
- "cp"
|
||||
- "/usr/src/multus-cni/bin/multus"
|
||||
- "/host/opt/cni/bin/multus"
|
||||
resources:
|
||||
requests:
|
||||
cpu: "10m"
|
||||
memory: "15Mi"
|
||||
securityContext:
|
||||
privileged: true
|
||||
volumeMounts:
|
||||
- name: cnibin
|
||||
mountPath: /host/opt/cni/bin
|
||||
mountPropagation: Bidirectional
|
||||
terminationGracePeriodSeconds: 10
|
||||
volumes:
|
||||
- name: cni
|
||||
hostPath:
|
||||
path: /etc/cni/net.d
|
||||
- name: cnibin
|
||||
hostPath:
|
||||
path: /opt/cni/bin
|
||||
- name: multus-cfg
|
||||
configMap:
|
||||
name: multus-cni-config
|
||||
items:
|
||||
- key: cni-conf.json
|
||||
path: 70-multus.conf
|
||||
{{- end }}
|
45
charts/kubezero-network/values.yaml
Normal file
45
charts/kubezero-network/values.yaml
Normal file
@ -0,0 +1,45 @@
|
||||
metallb:
|
||||
enabled: false
|
||||
psp:
|
||||
create: false
|
||||
|
||||
controller:
|
||||
tolerations:
|
||||
- key: node-role.kubernetes.io/master
|
||||
effect: NoSchedule
|
||||
nodeSelector:
|
||||
node-role.kubernetes.io/control-plane: ""
|
||||
|
||||
configInline: {}
|
||||
# address-pools:
|
||||
# - name: my-ip-space
|
||||
# protocol: layer2
|
||||
# addresses:
|
||||
# - 192.168.42.0/24
|
||||
|
||||
multus:
|
||||
enabled: false
|
||||
tag: "v3.8"
|
||||
|
||||
cilium:
|
||||
enabled: false
|
||||
|
||||
cni:
|
||||
#-- Ensure this is false if multus is enabled
|
||||
exclusive: true
|
||||
|
||||
tunnel: geneve
|
||||
|
||||
prometheus:
|
||||
enabled: false
|
||||
port: 9091
|
||||
|
||||
operator:
|
||||
replicas: 1
|
||||
|
||||
hubble:
|
||||
enabled: false
|
||||
|
||||
# Legacy / Testing
|
||||
calico:
|
||||
enabled: false
|
Loading…
Reference in New Issue
Block a user