From a222c507f6a35720860192dd7f50548478658d36 Mon Sep 17 00:00:00 2001 From: Stefan Reimer Date: Wed, 1 Dec 2021 13:35:18 +0100 Subject: [PATCH] feat: reorg network and core addons --- charts/kubeadm | 1 - charts/kubezero-addons/Chart.yaml | 17 +- .../templates/cluster-backup/cronjob.yaml | 55 ++++++ .../templates/cluster-backup/secret.yaml | 11 ++ charts/kubezero-addons/values.yaml | 47 +++-- charts/kubezero-network/Chart.yaml | 30 ++++ charts/kubezero-network/README.md | 36 ++++ charts/kubezero-network/README.md.gotmpl | 18 ++ .../charts/calico}/Chart.yaml | 6 +- .../charts/calico}/README.md | 6 +- .../charts/calico}/README.md.gotmpl | 0 .../charts/calico}/calico-v3.16.5.patch | 0 .../charts/calico}/crds/crds.yaml | 0 .../charts/calico}/templates/calico.yaml | 0 .../charts/calico}/templates/service.yaml | 0 .../calico}/templates/servicemonitor.yaml | 0 .../charts/calico}/test-pod.yaml | 0 .../charts/calico}/values.yaml | 0 .../templates/multus/crds.yaml | 46 +++++ .../templates/multus/daemonset.yaml | 163 ++++++++++++++++++ charts/kubezero-network/values.yaml | 45 +++++ 21 files changed, 452 insertions(+), 29 deletions(-) delete mode 120000 charts/kubeadm create mode 100644 charts/kubezero-addons/templates/cluster-backup/cronjob.yaml create mode 100644 charts/kubezero-addons/templates/cluster-backup/secret.yaml create mode 100644 charts/kubezero-network/Chart.yaml create mode 100644 charts/kubezero-network/README.md create mode 100644 charts/kubezero-network/README.md.gotmpl rename charts/{kubezero-calico => kubezero-network/charts/calico}/Chart.yaml (78%) rename charts/{kubezero-calico => kubezero-network/charts/calico}/README.md (95%) rename charts/{kubezero-calico => kubezero-network/charts/calico}/README.md.gotmpl (100%) rename charts/{kubezero-calico => kubezero-network/charts/calico}/calico-v3.16.5.patch (100%) rename charts/{kubezero-calico => kubezero-network/charts/calico}/crds/crds.yaml (100%) rename charts/{kubezero-calico => kubezero-network/charts/calico}/templates/calico.yaml (100%) rename charts/{kubezero-calico => kubezero-network/charts/calico}/templates/service.yaml (100%) rename charts/{kubezero-calico => kubezero-network/charts/calico}/templates/servicemonitor.yaml (100%) rename charts/{kubezero-calico => kubezero-network/charts/calico}/test-pod.yaml (100%) rename charts/{kubezero-calico => kubezero-network/charts/calico}/values.yaml (100%) create mode 100644 charts/kubezero-network/templates/multus/crds.yaml create mode 100644 charts/kubezero-network/templates/multus/daemonset.yaml create mode 100644 charts/kubezero-network/values.yaml diff --git a/charts/kubeadm b/charts/kubeadm deleted file mode 120000 index 09002112..00000000 --- a/charts/kubeadm +++ /dev/null @@ -1 +0,0 @@ -../containers/admin/v1.21/kubeadm \ No newline at end of file diff --git a/charts/kubezero-addons/Chart.yaml b/charts/kubezero-addons/Chart.yaml index 6c40a7bd..d89e253a 100644 --- a/charts/kubezero-addons/Chart.yaml +++ b/charts/kubezero-addons/Chart.yaml @@ -2,19 +2,20 @@ apiVersion: v2 name: kubezero-addons description: KubeZero umbrella chart for various optional cluster addons type: application -version: 0.1.0 +version: 0.2.0 home: https://kubezero.com icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png keywords: - kubezero - fuse-device-plugin - - metallb - k8s-ecr-login-renew + - aws-node-termination-handler maintainers: - - name: Quarky9 + - name: Stefan Reimer + email: stefan@zero-downtime.net dependencies: - - name: metallb - version: 0.10.2 - repository: https://metallb.github.io/metallb - condition: metallb.enabled -kubeVersion: ">= 1.18.0" + - name: aws-node-termination-handler + version: 0.16.0 + repository: https://aws.github.io/eks-charts + condition: aws-node-termination-handler.enabled +kubeVersion: ">= 1.20.0" diff --git a/charts/kubezero-addons/templates/cluster-backup/cronjob.yaml b/charts/kubezero-addons/templates/cluster-backup/cronjob.yaml new file mode 100644 index 00000000..d4262b45 --- /dev/null +++ b/charts/kubezero-addons/templates/cluster-backup/cronjob.yaml @@ -0,0 +1,55 @@ +{{- if .Values.clusterBackup.enabled }} +apiVersion: batch/v1 +kind: CronJob +metadata: + name: kubezero-backup + namespace: kube-system +spec: + schedule: "0 * * * *" + jobTemplate: + spec: + backoffLimit: 1 + template: + spec: + containers: + - name: kubezero-admin + image: "{{ .Values.clusterBackup.image.name }}:{{ .Values.clusterBackup.image.tag }}" + imagePullPolicy: Always + command: ["kubezero.sh"] + args: + - backup + volumeMounts: + - name: host + mountPath: /host + - name: workdir + mountPath: /tmp + env: + - name: DEBUG + value: "1" + - name: RESTIC_REPOSITORY + valueFrom: + secretKeyRef: + name: kubezero-backup-restic + key: repository + - name: RESTIC_PASSWORD + valueFrom: + secretKeyRef: + name: kubezero-backup-restic + key: password + #securityContext: + # readOnlyRootFilesystem: true + hostNetwork: true + volumes: + - name: host + hostPath: + path: / + type: Directory + - name: workdir + emptyDir: {} + nodeSelector: + node-role.kubernetes.io/control-plane: "" + tolerations: + - key: node-role.kubernetes.io/master + effect: NoSchedule + restartPolicy: Never +{{- end }} diff --git a/charts/kubezero-addons/templates/cluster-backup/secret.yaml b/charts/kubezero-addons/templates/cluster-backup/secret.yaml new file mode 100644 index 00000000..4d264bf3 --- /dev/null +++ b/charts/kubezero-addons/templates/cluster-backup/secret.yaml @@ -0,0 +1,11 @@ +{{- if .Values.clusterBackup.enabled }} +apiVersion: v1 +kind: Secret +metadata: + name: kubezero-backup-restic + namespace: kube-system +type: Opaque +data: + repository: {{ default "" .Values.clusterBackup.repository | b64enc }} + password: {{ default "" .Values.clusterBackup.password | b64enc }} +{{- end }} diff --git a/charts/kubezero-addons/values.yaml b/charts/kubezero-addons/values.yaml index 3a8756db..41274bde 100644 --- a/charts/kubezero-addons/values.yaml +++ b/charts/kubezero-addons/values.yaml @@ -1,21 +1,40 @@ -metallb: +clusterBackup: enabled: false - psp: + + image: + name: public.ecr.aws/zero-downtime/kubezero-admin + tag: v1.21.7 + + repository: "" + password: "" + +aws-node-termination-handler: + enabled: false + + fullnameOverride: "aws-node-termination-handler" + + enableSqsTerminationDraining: true + + # -- SQS queue ARN from kube controller stack + queueURL: "" + + deleteLocalData: true + taintNode: true + + enablePrometheusServer: false + podMonitor: create: false - controller: - tolerations: - - key: node-role.kubernetes.io/master - effect: NoSchedule - nodeSelector: - node-role.kubernetes.io/master: "" + jsonLogging: true - configInline: {} -# address-pools: -# - name: my-ip-space -# protocol: layer2 -# addresses: -# - 192.168.42.0/24 + tolerations: + - key: node-role.kubernetes.io/master + effect: NoSchedule + nodeSelector: + node-role.kubernetes.io/control-plane: "" + + rbac: + pspEnabled: false fuseDevicePlugin: enabled: false diff --git a/charts/kubezero-network/Chart.yaml b/charts/kubezero-network/Chart.yaml new file mode 100644 index 00000000..077e2372 --- /dev/null +++ b/charts/kubezero-network/Chart.yaml @@ -0,0 +1,30 @@ +apiVersion: v2 +name: kubezero-network +description: KubeZero umbrella chart for all things network +type: application +version: 0.1.0 +home: https://kubezero.com +icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png +keywords: + - kubezero + - multus + - cilium + - aws-cni + - metallb +maintainers: + - name: Stefan Reimer + email: stefan@zero-downtime.net +dependencies: + - name: cilium + version: 1.10.5 + repository: https://helm.cilium.io/ + condition: cilium.enabled + - name: metallb + version: 0.10.2 + repository: https://metallb.github.io/metallb + condition: metallb.enabled + # Legact / Testing support + - name: calico + version: 0.2.2 + condition: calico.enabled +kubeVersion: ">= 1.20.0" diff --git a/charts/kubezero-network/README.md b/charts/kubezero-network/README.md new file mode 100644 index 00000000..7d39260c --- /dev/null +++ b/charts/kubezero-network/README.md @@ -0,0 +1,36 @@ +# kubezero-network + +![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) + +KubeZero umbrella chart for all things network + +**Homepage:** + +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| Stefan Reimer | stefan@zero-downtime.net | | + +## Requirements + +Kubernetes: `>= 1.20.0` + +| Repository | Name | Version | +|------------|------|---------| +| https://metallb.github.io/metallb | metallb | 0.10.2 | + +# MetalLB + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| cilium.enabled | bool | `false` | | +| metallb.configInline | object | `{}` | | +| metallb.controller.nodeSelector."node-role.kubernetes.io/master" | string | `""` | | +| metallb.controller.tolerations[0].effect | string | `"NoSchedule"` | | +| metallb.controller.tolerations[0].key | string | `"node-role.kubernetes.io/master"` | | +| metallb.enabled | bool | `false` | | +| metallb.psp.create | bool | `false` | | +| multus.enabled | bool | `false` | | diff --git a/charts/kubezero-network/README.md.gotmpl b/charts/kubezero-network/README.md.gotmpl new file mode 100644 index 00000000..bdfbcce4 --- /dev/null +++ b/charts/kubezero-network/README.md.gotmpl @@ -0,0 +1,18 @@ +{{ template "chart.header" . }} +{{ template "chart.deprecationWarning" . }} + +{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }} + +{{ template "chart.description" . }} + +{{ template "chart.homepageLine" . }} + +{{ template "chart.maintainersSection" . }} + +{{ template "chart.sourcesSection" . }} + +{{ template "chart.requirementsSection" . }} + +# MetalLB + +{{ template "chart.valuesSection" . }} diff --git a/charts/kubezero-calico/Chart.yaml b/charts/kubezero-network/charts/calico/Chart.yaml similarity index 78% rename from charts/kubezero-calico/Chart.yaml rename to charts/kubezero-network/charts/calico/Chart.yaml index bb95e276..43e1cd76 100644 --- a/charts/kubezero-calico/Chart.yaml +++ b/charts/kubezero-network/charts/calico/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 -name: kubezero-calico -description: KubeZero Umbrella Chart for Calico +name: calico +description: KubeZero Chart for Calico type: application version: 0.2.2 appVersion: v3.16.5 @@ -15,4 +15,4 @@ dependencies: - name: kubezero-lib version: ">= 0.1.3" repository: https://zero-down-time.github.io/kubezero/ -kubeVersion: ">= 1.16.0" +kubeVersion: ">= 1.20.0" diff --git a/charts/kubezero-calico/README.md b/charts/kubezero-network/charts/calico/README.md similarity index 95% rename from charts/kubezero-calico/README.md rename to charts/kubezero-network/charts/calico/README.md index 061455dd..e5f04be8 100644 --- a/charts/kubezero-calico/README.md +++ b/charts/kubezero-network/charts/calico/README.md @@ -1,8 +1,8 @@ -# kubezero-calico +# calico ![Version: 0.2.2](https://img.shields.io/badge/Version-0.2.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v3.16.5](https://img.shields.io/badge/AppVersion-v3.16.5-informational?style=flat-square) -KubeZero Umbrella Chart for Calico +KubeZero Chart for Calico **Homepage:** @@ -14,7 +14,7 @@ KubeZero Umbrella Chart for Calico ## Requirements -Kubernetes: `>= 1.16.0` +Kubernetes: `>= 1.20.0` | Repository | Name | Version | |------------|------|---------| diff --git a/charts/kubezero-calico/README.md.gotmpl b/charts/kubezero-network/charts/calico/README.md.gotmpl similarity index 100% rename from charts/kubezero-calico/README.md.gotmpl rename to charts/kubezero-network/charts/calico/README.md.gotmpl diff --git a/charts/kubezero-calico/calico-v3.16.5.patch b/charts/kubezero-network/charts/calico/calico-v3.16.5.patch similarity index 100% rename from charts/kubezero-calico/calico-v3.16.5.patch rename to charts/kubezero-network/charts/calico/calico-v3.16.5.patch diff --git a/charts/kubezero-calico/crds/crds.yaml b/charts/kubezero-network/charts/calico/crds/crds.yaml similarity index 100% rename from charts/kubezero-calico/crds/crds.yaml rename to charts/kubezero-network/charts/calico/crds/crds.yaml diff --git a/charts/kubezero-calico/templates/calico.yaml b/charts/kubezero-network/charts/calico/templates/calico.yaml similarity index 100% rename from charts/kubezero-calico/templates/calico.yaml rename to charts/kubezero-network/charts/calico/templates/calico.yaml diff --git a/charts/kubezero-calico/templates/service.yaml b/charts/kubezero-network/charts/calico/templates/service.yaml similarity index 100% rename from charts/kubezero-calico/templates/service.yaml rename to charts/kubezero-network/charts/calico/templates/service.yaml diff --git a/charts/kubezero-calico/templates/servicemonitor.yaml b/charts/kubezero-network/charts/calico/templates/servicemonitor.yaml similarity index 100% rename from charts/kubezero-calico/templates/servicemonitor.yaml rename to charts/kubezero-network/charts/calico/templates/servicemonitor.yaml diff --git a/charts/kubezero-calico/test-pod.yaml b/charts/kubezero-network/charts/calico/test-pod.yaml similarity index 100% rename from charts/kubezero-calico/test-pod.yaml rename to charts/kubezero-network/charts/calico/test-pod.yaml diff --git a/charts/kubezero-calico/values.yaml b/charts/kubezero-network/charts/calico/values.yaml similarity index 100% rename from charts/kubezero-calico/values.yaml rename to charts/kubezero-network/charts/calico/values.yaml diff --git a/charts/kubezero-network/templates/multus/crds.yaml b/charts/kubezero-network/templates/multus/crds.yaml new file mode 100644 index 00000000..ff4bcf18 --- /dev/null +++ b/charts/kubezero-network/templates/multus/crds.yaml @@ -0,0 +1,46 @@ +{{- if .Values.multus.enabled }} +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: network-attachment-definitions.k8s.cni.cncf.io +spec: + group: k8s.cni.cncf.io + scope: Namespaced + names: + plural: network-attachment-definitions + singular: network-attachment-definition + kind: NetworkAttachmentDefinition + shortNames: + - net-attach-def + versions: + - name: v1 + served: true + storage: true + schema: + openAPIV3Schema: + description: 'NetworkAttachmentDefinition is a CRD schema specified by the Network Plumbing + Working Group to express the intent for attaching pods to one or more logical or physical + networks. More information available at: https://github.com/k8snetworkplumbingwg/multi-net-spec' + type: object + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this represen + tation of an object. Servers should convert recognized schemas to the + latest internal value, and may reject unrecognized values. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: 'NetworkAttachmentDefinition spec defines the desired state of a network attachment' + type: object + properties: + config: + description: 'NetworkAttachmentDefinition config is a JSON-formatted CNI configuration' + type: string +{{- end }} diff --git a/charts/kubezero-network/templates/multus/daemonset.yaml b/charts/kubezero-network/templates/multus/daemonset.yaml new file mode 100644 index 00000000..a7a3a814 --- /dev/null +++ b/charts/kubezero-network/templates/multus/daemonset.yaml @@ -0,0 +1,163 @@ +{{- if .Values.multus.enabled }} +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: multus +rules: + - apiGroups: ["k8s.cni.cncf.io"] + resources: + - '*' + verbs: + - '*' + - apiGroups: + - "" + resources: + - pods + - pods/status + verbs: + - get + - update + - apiGroups: + - "" + - events.k8s.io + resources: + - events + verbs: + - create + - patch + - update +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: multus +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: multus +subjects: +- kind: ServiceAccount + name: multus + namespace: kube-system +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: multus + namespace: kube-system +--- +kind: ConfigMap +apiVersion: v1 +metadata: + name: multus-cni-config + namespace: kube-system + labels: + tier: node + app: multus +data: + # NOTE: If you'd prefer to manually apply a configuration file, you may create one here. + # In the case you'd like to customize the Multus installation, you should change the arguments to the Multus pod + # change the "args" line below from + # - "--multus-conf-file=auto" + # to: + # "--multus-conf-file=/tmp/multus-conf/70-multus.conf" + # Additionally -- you should ensure that the name "70-multus.conf" is the alphabetically first name in the + # /etc/cni/net.d/ directory on each node, otherwise, it will not be used by the Kubelet. + cni-conf.json: | + { + "cniVersion": "0.3.1", + "name": "multus-cni-network", + "type": "multus", + "kubeconfig": "/etc/cni/net.d/multus.d/multus.kubeconfig", + "delegates": [ + { + "cniVersion": "0.3.1", + "name": "cilium", + "type": "cilium-cni", + "enable-debug": false + } + ] + } +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: kube-multus-ds + namespace: kube-system + labels: + tier: node + app: multus + name: multus +spec: + selector: + matchLabels: + name: multus + updateStrategy: + type: RollingUpdate + template: + metadata: + labels: + tier: node + app: multus + name: multus + spec: + hostNetwork: true + tolerations: + - operator: Exists + effect: NoSchedule + serviceAccountName: multus + containers: + - name: kube-multus + image: ghcr.io/k8snetworkplumbingwg/multus-cni:{{ .Values.multus.tag }} + command: ["/entrypoint.sh"] + args: + - "--multus-conf-file=auto" + - "--cni-version=0.3.1" + resources: + requests: + cpu: "100m" + memory: "50Mi" + limits: + cpu: "100m" + memory: "50Mi" + securityContext: + privileged: true + volumeMounts: + - name: cni + mountPath: /host/etc/cni/net.d + - name: cnibin + mountPath: /host/opt/cni/bin + - name: multus-cfg + mountPath: /tmp/multus-conf + initContainers: + - name: install-multus-binary + image: ghcr.io/k8snetworkplumbingwg/multus-cni:{{ .Values.multus.tag }} + command: + - "cp" + - "/usr/src/multus-cni/bin/multus" + - "/host/opt/cni/bin/multus" + resources: + requests: + cpu: "10m" + memory: "15Mi" + securityContext: + privileged: true + volumeMounts: + - name: cnibin + mountPath: /host/opt/cni/bin + mountPropagation: Bidirectional + terminationGracePeriodSeconds: 10 + volumes: + - name: cni + hostPath: + path: /etc/cni/net.d + - name: cnibin + hostPath: + path: /opt/cni/bin + - name: multus-cfg + configMap: + name: multus-cni-config + items: + - key: cni-conf.json + path: 70-multus.conf +{{- end }} diff --git a/charts/kubezero-network/values.yaml b/charts/kubezero-network/values.yaml new file mode 100644 index 00000000..ed8f4e8b --- /dev/null +++ b/charts/kubezero-network/values.yaml @@ -0,0 +1,45 @@ +metallb: + enabled: false + psp: + create: false + + controller: + tolerations: + - key: node-role.kubernetes.io/master + effect: NoSchedule + nodeSelector: + node-role.kubernetes.io/control-plane: "" + + configInline: {} +# address-pools: +# - name: my-ip-space +# protocol: layer2 +# addresses: +# - 192.168.42.0/24 + +multus: + enabled: false + tag: "v3.8" + +cilium: + enabled: false + + cni: + #-- Ensure this is false if multus is enabled + exclusive: true + + tunnel: geneve + + prometheus: + enabled: false + port: 9091 + + operator: + replicas: 1 + + hubble: + enabled: false + +# Legacy / Testing +calico: + enabled: false