feat: reorg network and core addons

This commit is contained in:
Stefan Reimer 2021-12-01 13:35:18 +01:00
parent 26b66016ad
commit a222c507f6
21 changed files with 452 additions and 29 deletions

View File

@ -1 +0,0 @@
../containers/admin/v1.21/kubeadm

View File

@ -2,19 +2,20 @@ apiVersion: v2
name: kubezero-addons
description: KubeZero umbrella chart for various optional cluster addons
type: application
version: 0.1.0
version: 0.2.0
home: https://kubezero.com
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
keywords:
- kubezero
- fuse-device-plugin
- metallb
- k8s-ecr-login-renew
- aws-node-termination-handler
maintainers:
- name: Quarky9
- name: Stefan Reimer
email: stefan@zero-downtime.net
dependencies:
- name: metallb
version: 0.10.2
repository: https://metallb.github.io/metallb
condition: metallb.enabled
kubeVersion: ">= 1.18.0"
- name: aws-node-termination-handler
version: 0.16.0
repository: https://aws.github.io/eks-charts
condition: aws-node-termination-handler.enabled
kubeVersion: ">= 1.20.0"

View File

@ -0,0 +1,55 @@
{{- if .Values.clusterBackup.enabled }}
apiVersion: batch/v1
kind: CronJob
metadata:
name: kubezero-backup
namespace: kube-system
spec:
schedule: "0 * * * *"
jobTemplate:
spec:
backoffLimit: 1
template:
spec:
containers:
- name: kubezero-admin
image: "{{ .Values.clusterBackup.image.name }}:{{ .Values.clusterBackup.image.tag }}"
imagePullPolicy: Always
command: ["kubezero.sh"]
args:
- backup
volumeMounts:
- name: host
mountPath: /host
- name: workdir
mountPath: /tmp
env:
- name: DEBUG
value: "1"
- name: RESTIC_REPOSITORY
valueFrom:
secretKeyRef:
name: kubezero-backup-restic
key: repository
- name: RESTIC_PASSWORD
valueFrom:
secretKeyRef:
name: kubezero-backup-restic
key: password
#securityContext:
# readOnlyRootFilesystem: true
hostNetwork: true
volumes:
- name: host
hostPath:
path: /
type: Directory
- name: workdir
emptyDir: {}
nodeSelector:
node-role.kubernetes.io/control-plane: ""
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
restartPolicy: Never
{{- end }}

View File

@ -0,0 +1,11 @@
{{- if .Values.clusterBackup.enabled }}
apiVersion: v1
kind: Secret
metadata:
name: kubezero-backup-restic
namespace: kube-system
type: Opaque
data:
repository: {{ default "" .Values.clusterBackup.repository | b64enc }}
password: {{ default "" .Values.clusterBackup.password | b64enc }}
{{- end }}

View File

@ -1,21 +1,40 @@
metallb:
clusterBackup:
enabled: false
psp:
image:
name: public.ecr.aws/zero-downtime/kubezero-admin
tag: v1.21.7
repository: ""
password: ""
aws-node-termination-handler:
enabled: false
fullnameOverride: "aws-node-termination-handler"
enableSqsTerminationDraining: true
# -- SQS queue ARN from kube controller stack
queueURL: ""
deleteLocalData: true
taintNode: true
enablePrometheusServer: false
podMonitor:
create: false
controller:
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
nodeSelector:
node-role.kubernetes.io/master: ""
jsonLogging: true
configInline: {}
# address-pools:
# - name: my-ip-space
# protocol: layer2
# addresses:
# - 192.168.42.0/24
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
nodeSelector:
node-role.kubernetes.io/control-plane: ""
rbac:
pspEnabled: false
fuseDevicePlugin:
enabled: false

View File

@ -0,0 +1,30 @@
apiVersion: v2
name: kubezero-network
description: KubeZero umbrella chart for all things network
type: application
version: 0.1.0
home: https://kubezero.com
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
keywords:
- kubezero
- multus
- cilium
- aws-cni
- metallb
maintainers:
- name: Stefan Reimer
email: stefan@zero-downtime.net
dependencies:
- name: cilium
version: 1.10.5
repository: https://helm.cilium.io/
condition: cilium.enabled
- name: metallb
version: 0.10.2
repository: https://metallb.github.io/metallb
condition: metallb.enabled
# Legact / Testing support
- name: calico
version: 0.2.2
condition: calico.enabled
kubeVersion: ">= 1.20.0"

View File

@ -0,0 +1,36 @@
# kubezero-network
![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
KubeZero umbrella chart for all things network
**Homepage:** <https://kubezero.com>
## Maintainers
| Name | Email | Url |
| ---- | ------ | --- |
| Stefan Reimer | stefan@zero-downtime.net | |
## Requirements
Kubernetes: `>= 1.20.0`
| Repository | Name | Version |
|------------|------|---------|
| https://metallb.github.io/metallb | metallb | 0.10.2 |
# MetalLB
## Values
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| cilium.enabled | bool | `false` | |
| metallb.configInline | object | `{}` | |
| metallb.controller.nodeSelector."node-role.kubernetes.io/master" | string | `""` | |
| metallb.controller.tolerations[0].effect | string | `"NoSchedule"` | |
| metallb.controller.tolerations[0].key | string | `"node-role.kubernetes.io/master"` | |
| metallb.enabled | bool | `false` | |
| metallb.psp.create | bool | `false` | |
| multus.enabled | bool | `false` | |

View File

@ -0,0 +1,18 @@
{{ template "chart.header" . }}
{{ template "chart.deprecationWarning" . }}
{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }}
{{ template "chart.description" . }}
{{ template "chart.homepageLine" . }}
{{ template "chart.maintainersSection" . }}
{{ template "chart.sourcesSection" . }}
{{ template "chart.requirementsSection" . }}
# MetalLB
{{ template "chart.valuesSection" . }}

View File

@ -1,6 +1,6 @@
apiVersion: v2
name: kubezero-calico
description: KubeZero Umbrella Chart for Calico
name: calico
description: KubeZero Chart for Calico
type: application
version: 0.2.2
appVersion: v3.16.5
@ -15,4 +15,4 @@ dependencies:
- name: kubezero-lib
version: ">= 0.1.3"
repository: https://zero-down-time.github.io/kubezero/
kubeVersion: ">= 1.16.0"
kubeVersion: ">= 1.20.0"

View File

@ -1,8 +1,8 @@
# kubezero-calico
# calico
![Version: 0.2.2](https://img.shields.io/badge/Version-0.2.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v3.16.5](https://img.shields.io/badge/AppVersion-v3.16.5-informational?style=flat-square)
KubeZero Umbrella Chart for Calico
KubeZero Chart for Calico
**Homepage:** <https://kubezero.com>
@ -14,7 +14,7 @@ KubeZero Umbrella Chart for Calico
## Requirements
Kubernetes: `>= 1.16.0`
Kubernetes: `>= 1.20.0`
| Repository | Name | Version |
|------------|------|---------|

View File

@ -0,0 +1,46 @@
{{- if .Values.multus.enabled }}
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: network-attachment-definitions.k8s.cni.cncf.io
spec:
group: k8s.cni.cncf.io
scope: Namespaced
names:
plural: network-attachment-definitions
singular: network-attachment-definition
kind: NetworkAttachmentDefinition
shortNames:
- net-attach-def
versions:
- name: v1
served: true
storage: true
schema:
openAPIV3Schema:
description: 'NetworkAttachmentDefinition is a CRD schema specified by the Network Plumbing
Working Group to express the intent for attaching pods to one or more logical or physical
networks. More information available at: https://github.com/k8snetworkplumbingwg/multi-net-spec'
type: object
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this represen
tation of an object. Servers should convert recognized schemas to the
latest internal value, and may reject unrecognized values. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: 'NetworkAttachmentDefinition spec defines the desired state of a network attachment'
type: object
properties:
config:
description: 'NetworkAttachmentDefinition config is a JSON-formatted CNI configuration'
type: string
{{- end }}

View File

@ -0,0 +1,163 @@
{{- if .Values.multus.enabled }}
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: multus
rules:
- apiGroups: ["k8s.cni.cncf.io"]
resources:
- '*'
verbs:
- '*'
- apiGroups:
- ""
resources:
- pods
- pods/status
verbs:
- get
- update
- apiGroups:
- ""
- events.k8s.io
resources:
- events
verbs:
- create
- patch
- update
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: multus
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: multus
subjects:
- kind: ServiceAccount
name: multus
namespace: kube-system
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: multus
namespace: kube-system
---
kind: ConfigMap
apiVersion: v1
metadata:
name: multus-cni-config
namespace: kube-system
labels:
tier: node
app: multus
data:
# NOTE: If you'd prefer to manually apply a configuration file, you may create one here.
# In the case you'd like to customize the Multus installation, you should change the arguments to the Multus pod
# change the "args" line below from
# - "--multus-conf-file=auto"
# to:
# "--multus-conf-file=/tmp/multus-conf/70-multus.conf"
# Additionally -- you should ensure that the name "70-multus.conf" is the alphabetically first name in the
# /etc/cni/net.d/ directory on each node, otherwise, it will not be used by the Kubelet.
cni-conf.json: |
{
"cniVersion": "0.3.1",
"name": "multus-cni-network",
"type": "multus",
"kubeconfig": "/etc/cni/net.d/multus.d/multus.kubeconfig",
"delegates": [
{
"cniVersion": "0.3.1",
"name": "cilium",
"type": "cilium-cni",
"enable-debug": false
}
]
}
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: kube-multus-ds
namespace: kube-system
labels:
tier: node
app: multus
name: multus
spec:
selector:
matchLabels:
name: multus
updateStrategy:
type: RollingUpdate
template:
metadata:
labels:
tier: node
app: multus
name: multus
spec:
hostNetwork: true
tolerations:
- operator: Exists
effect: NoSchedule
serviceAccountName: multus
containers:
- name: kube-multus
image: ghcr.io/k8snetworkplumbingwg/multus-cni:{{ .Values.multus.tag }}
command: ["/entrypoint.sh"]
args:
- "--multus-conf-file=auto"
- "--cni-version=0.3.1"
resources:
requests:
cpu: "100m"
memory: "50Mi"
limits:
cpu: "100m"
memory: "50Mi"
securityContext:
privileged: true
volumeMounts:
- name: cni
mountPath: /host/etc/cni/net.d
- name: cnibin
mountPath: /host/opt/cni/bin
- name: multus-cfg
mountPath: /tmp/multus-conf
initContainers:
- name: install-multus-binary
image: ghcr.io/k8snetworkplumbingwg/multus-cni:{{ .Values.multus.tag }}
command:
- "cp"
- "/usr/src/multus-cni/bin/multus"
- "/host/opt/cni/bin/multus"
resources:
requests:
cpu: "10m"
memory: "15Mi"
securityContext:
privileged: true
volumeMounts:
- name: cnibin
mountPath: /host/opt/cni/bin
mountPropagation: Bidirectional
terminationGracePeriodSeconds: 10
volumes:
- name: cni
hostPath:
path: /etc/cni/net.d
- name: cnibin
hostPath:
path: /opt/cni/bin
- name: multus-cfg
configMap:
name: multus-cni-config
items:
- key: cni-conf.json
path: 70-multus.conf
{{- end }}

View File

@ -0,0 +1,45 @@
metallb:
enabled: false
psp:
create: false
controller:
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
nodeSelector:
node-role.kubernetes.io/control-plane: ""
configInline: {}
# address-pools:
# - name: my-ip-space
# protocol: layer2
# addresses:
# - 192.168.42.0/24
multus:
enabled: false
tag: "v3.8"
cilium:
enabled: false
cni:
#-- Ensure this is false if multus is enabled
exclusive: true
tunnel: geneve
prometheus:
enabled: false
port: 9091
operator:
replicas: 1
hubble:
enabled: false
# Legacy / Testing
calico:
enabled: false