More fixes now adding ArgoCD

This commit is contained in:
Stefan Reimer 2020-11-26 05:21:10 -08:00
parent ec6d7a4d11
commit c8a903110f
37 changed files with 398 additions and 588 deletions

View File

@ -14,7 +14,7 @@ KubeZero ArgoCD Helm chart to install ArgoCD itself and the KubeZero ArgoCD Appl
## Requirements ## Requirements
Kubernetes: `>= 1.17.0` Kubernetes: `>= 1.16.0`
| Repository | Name | Version | | Repository | Name | Version |
|------------|------|---------| |------------|------|---------|
@ -52,10 +52,12 @@ Kubernetes: `>= 1.17.0`
| istio.enabled | bool | `false` | Deploy Istio VirtualService to expose ArgoCD | | istio.enabled | bool | `false` | Deploy Istio VirtualService to expose ArgoCD |
| istio.gateway | string | `"istio-ingress/ingressgateway"` | Name of the Istio gateway to add the VirtualService to | | istio.gateway | string | `"istio-ingress/ingressgateway"` | Name of the Istio gateway to add the VirtualService to |
| istio.ipBlocks | list | `[]` | | | istio.ipBlocks | list | `[]` | |
| kubezero.global.defaultDestination | object | `{"server":"https://kubernetes.default.svc"}` | Destination cluster | | kubezero.enabled | bool | `false` | |
| kubezero.global.defaultSource.pathPrefix | string | `""` | optional path prefix within repoURL to support eg. remote subtrees | | kubezero.path | string | `"charts/kubezero"` | path within repoURL |
| kubezero.global.defaultSource.repoURL | string | `"https://github.com/zero-down-time/kubezero"` | default repository for argocd applications | | kubezero.repoURL | string | `"https://github.com/zero-down-time/kubezero"` | repository for kubezero argo applications |
| kubezero.global.defaultSource.targetRevision | string | `"HEAD"` | default tracking of repoURL | | kubezero.server | string | `"https://kubernetes.default.svc"` | destination cluster |
| kubezero.targetRevision | string | `"HEAD"` | git branch to track |
| kubezero.valuesFiles[0] | string | `"values.yaml"` | |
## Resources ## Resources
- https://argoproj.github.io/argo-cd/operator-manual/metrics/ - https://argoproj.github.io/argo-cd/operator-manual/metrics/

View File

@ -1,3 +1,4 @@
{{- if .Values.kubezero.enabled }}
apiVersion: argoproj.io/v1alpha1 apiVersion: argoproj.io/v1alpha1
kind: AppProject kind: AppProject
metadata: metadata:
@ -33,3 +34,32 @@ spec:
clusterResourceWhitelist: clusterResourceWhitelist:
- group: '*' - group: '*'
kind: '*' kind: '*'
---
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: kubezero
namespace: argocd
labels:
{{ include "kubezero-lib.labels" . | indent 4 }}
spec:
project: kubezero
source:
repoURL: {{ .Values.kubezero.repoURL }}
targetRevision: {{ .Values.kubezero.targetRevision }}
path: {{ .Values.kubezero.path }}
helm:
valueFiles:
{{- toYaml .Values.kubezero.valuesFiles | nindent 6 }}
destination:
server: {{ .Values.kubezero.server }}
namespace: argocd
{{- with .Values.kubezero.syncPolicy }}
syncPolicy:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}

View File

@ -1,25 +1,36 @@
# Configure app of apps
kubezero: kubezero:
global: enabled: false
# kubezero.global.defaultDestination -- Destination cluster
defaultDestination: # kubezero.server -- destination cluster
server: https://kubernetes.default.svc server: https://kubernetes.default.svc
# This repoURL is used a base for all the repoURLs applications # This repoURL is used a base for all the repoURLs applications
# Setting this to a eg. private git repo incl. the use of pathPrefix allows kubezero to be # Setting this to a eg. private git repo incl. the use of pathPrefix allows kubezero to be
# integrated into any repository as a git subtree if for example public internet access is unavailable # integrated into any repository as a git subtree if for example public internet access is unavailable
defaultSource: # kubezero.repoURL -- repository for kubezero argo applications
# kubezero.global.defaultSource.repoURL -- default repository for argocd applications
repoURL: https://github.com/zero-down-time/kubezero repoURL: https://github.com/zero-down-time/kubezero
# kubezero.global.defaultSource.targetRevision -- default tracking of repoURL # kubezero.targetRevision -- git branch to track
targetRevision: HEAD targetRevision: HEAD
# kubezero.global.defaultSource.pathPrefix -- optional path prefix within repoURL to support eg. remote subtrees # kubezero.path -- path within repoURL
pathPrefix: '' path: 'charts/kubezero'
# syncPolicy, details see: https://argoproj.github.io/argo-cd/user-guide/auto_sync # syncPolicy, details see: https://argoproj.github.io/argo-cd/user-guide/auto_sync
#syncPolicy: #syncPolicy:
# automated: # automated:
# prune: true # prune: true
valuesFiles:
- values.yaml
# Support for Istio Ingress for ArgoCD
istio:
# istio.enabled -- Deploy Istio VirtualService to expose ArgoCD
enabled: false
# istio.gateway -- Name of the Istio gateway to add the VirtualService to
gateway: istio-ingress/ingressgateway
ipBlocks: []
argo-cd: argo-cd:
installCRDs: false installCRDs: false
@ -70,6 +81,9 @@ argo-cd:
# argo-cd.server.config.url -- ArgoCD hostname to be exposed via Istio # argo-cd.server.config.url -- ArgoCD hostname to be exposed via Istio
url: argocd.example.com url: argocd.example.com
#repositories: |
# - url: https://zero-down-time.github.io/kubezero.git
resource.customizations: | resource.customizations: |
cert-manager.io/Certificate: cert-manager.io/Certificate:
# Lua script for customizing the health status assessment # Lua script for customizing the health status assessment
@ -115,10 +129,3 @@ argo-cd:
dex: dex:
enabled: false enabled: false
istio:
# istio.enabled -- Deploy Istio VirtualService to expose ArgoCD
enabled: false
# istio.gateway -- Name of the Istio gateway to add the VirtualService to
gateway: istio-ingress/ingressgateway
ipBlocks: []

View File

@ -16,7 +16,7 @@ Installs Istio Ingress Gateways, requires kubezero-istio to be installed !
## Requirements ## Requirements
Kubernetes: `>= 1.17.0` Kubernetes: `>= 1.16.0`
| Repository | Name | Version | | Repository | Name | Version |
|------------|------|---------| |------------|------|---------|

View File

@ -1,7 +0,0 @@
apiVersion: v1
kind: Namespace
metadata:
name: istio-ingress
labels:
istio-injection: disabled
{{ include "kubezero-lib.labels" . | indent 4 }}

View File

@ -16,7 +16,7 @@ Installs the Istio control plane
## Requirements ## Requirements
Kubernetes: `>= 1.17.0` Kubernetes: `>= 1.16.0`
| Repository | Name | Version | | Repository | Name | Version |
|------------|------|---------| |------------|------|---------|

View File

@ -1,7 +0,0 @@
apiVersion: v1
kind: Namespace
metadata:
name: istio-system
labels:
istio-injection: disabled
{{ include "kubezero-lib.labels" . | indent 4 }}

View File

@ -74,7 +74,6 @@ Kubernetes: `>= 1.16.0`
| fluent-bit.config.service | string | `"[SERVICE]\n Flush 1\n Daemon Off\n Log_Level warn\n Parsers_File parsers.conf\n Parsers_File custom_parsers.conf\n HTTP_Server On\n HTTP_Listen 0.0.0.0\n HTTP_Port 2020\n"` | | | fluent-bit.config.service | string | `"[SERVICE]\n Flush 1\n Daemon Off\n Log_Level warn\n Parsers_File parsers.conf\n Parsers_File custom_parsers.conf\n HTTP_Server On\n HTTP_Listen 0.0.0.0\n HTTP_Port 2020\n"` | |
| fluent-bit.enabled | bool | `false` | | | fluent-bit.enabled | bool | `false` | |
| fluent-bit.serviceMonitor.enabled | bool | `true` | | | fluent-bit.serviceMonitor.enabled | bool | `true` | |
| fluent-bit.serviceMonitor.namespace | string | `"monitoring"` | |
| fluent-bit.serviceMonitor.selector.release | string | `"metrics"` | | | fluent-bit.serviceMonitor.selector.release | string | `"metrics"` | |
| fluent-bit.test.enabled | bool | `false` | | | fluent-bit.test.enabled | bool | `false` | |
| fluent-bit.tolerations[0].effect | string | `"NoSchedule"` | | | fluent-bit.tolerations[0].effect | string | `"NoSchedule"` | |

3
charts/kubezero/.gitignore vendored Normal file
View File

@ -0,0 +1,3 @@
kubezero.???
charts/*.tgz
Chart.lock

View File

@ -21,3 +21,4 @@
.idea/ .idea/
*.tmproj *.tmproj
.vscode/ .vscode/
Chart.lock

View File

@ -1,8 +1,8 @@
apiVersion: v2 apiVersion: v2
name: kubezero name: kubezero
description: KubeZero ArgoCD Application - Root App of Apps chart of KubeZero description: KubeZero - Bootstrap and ArgoCD Root App of Apps chart
type: application type: application
version: 0.4.5 version: 0.5.0
home: https://kubezero.com home: https://kubezero.com
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
keywords: keywords:

View File

@ -1,6 +1,6 @@
# kubezero # kubezero
![Version: 0.4.5](https://img.shields.io/badge/Version-0.4.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![Version: 0.5.0](https://img.shields.io/badge/Version-0.5.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
KubeZero ArgoCD Application - Root App of Apps chart of KubeZero KubeZero ArgoCD Application - Root App of Apps chart of KubeZero
@ -46,7 +46,6 @@ Kubernetes: `>= 1.16.0`
| logging.namespace | string | `"logging"` | | | logging.namespace | string | `"logging"` | |
| metrics.enabled | bool | `false` | | | metrics.enabled | bool | `false` | |
| metrics.namespace | string | `"monitoring"` | | | metrics.namespace | string | `"monitoring"` | |
| platform | string | `"aws"` | |
---------------------------------------------- ----------------------------------------------
Autogenerated from chart metadata using [helm-docs v1.2.1](https://github.com/norwoodj/helm-docs/releases/v1.2.1) Autogenerated from chart metadata using [helm-docs v1.2.1](https://github.com/norwoodj/helm-docs/releases/v1.2.1)

View File

@ -3,7 +3,8 @@ set -ex
ACTION=$1 ACTION=$1
ARTIFACTS=("$2") ARTIFACTS=("$2")
LOCATION=${3:-""} VALUES=$3
LOCATION=${4:-""}
DEPLOY_DIR=$( dirname $( realpath $0 )) DEPLOY_DIR=$( dirname $( realpath $0 ))
which yq || { echo "yq not found!"; exit 1; } which yq || { echo "yq not found!"; exit 1; }
@ -12,7 +13,7 @@ TMPDIR=$(mktemp -d kubezero.XXX)
# First lets generate kubezero.yaml # First lets generate kubezero.yaml
# This will be stored as secret during the initial kubezero chart install # This will be stored as secret during the initial kubezero chart install
helm template $DEPLOY_DIR -f values.yaml -f cloudbender.yaml > $TMPDIR/kubezero.yaml helm template $DEPLOY_DIR -f $VALUES -f cloudbender.yaml --set argo=false > $TMPDIR/kubezero.yaml
if [ ${ARTIFACTS[0]} == "all" ]; then if [ ${ARTIFACTS[0]} == "all" ]; then
ARTIFACTS=($(yq r -p p $TMPDIR/kubezero.yaml "*.enabled" | awk -F "." '{print $1}')) ARTIFACTS=($(yq r -p p $TMPDIR/kubezero.yaml "*.enabled" | awk -F "." '{print $1}'))
@ -316,7 +317,7 @@ function argo-cd() {
deploy $chart $release $namespace -f $TMPDIR/values.yaml deploy $chart $release $namespace -f $TMPDIR/values.yaml
# Install the kubezero app of apps # Install the kubezero app of apps
deploy kubezero kubezero argocd -f $TMPDIR/kubezero.yaml # deploy kubezero kubezero $namespace -f $TMPDIR/kubezero.yaml
elif [ $task == "delete" ]; then elif [ $task == "delete" ]; then
delete $chart $release $namespace -f $TMPDIR/values.yaml delete $chart $release $namespace -f $TMPDIR/values.yaml

View File

@ -1,7 +1,7 @@
{{- define "kubezero-app.app" }} {{- define "kubezero-app.app" }}
{{- $name := regexReplaceAll "kubezero/templates/([a-z-]*)..*" .Template.Name "${1}" }} {{- $name := regexReplaceAll "kubezero/templates/([a-z-]*)..*" .Template.Name "${1}" }}
{{- $my_values := index .Values $name "values" }}
{{- if and .Values.argo ( index .Values $name "enabled" ) }}
apiVersion: argoproj.io/v1alpha1 apiVersion: argoproj.io/v1alpha1
kind: Application kind: Application
metadata: metadata:
@ -17,21 +17,23 @@ spec:
project: kubezero project: kubezero
source: source:
repoURL: {{ .Values.global.defaultSource.repoURL }} repoURL: {{ .Values.global.kubezero.repoURL }}
targetRevision: {{ .Values.global.defaultSource.targetRevision }} targetRevision: {{ .Values.global.kubezero.targetRevision }}
path: {{ .Values.global.defaultSource.pathPrefix}}charts/kubezero-{{ $name }} path: {{ .Values.global.kubezero.pathPrefix}}charts/kubezero-{{ $name }}
{{- if $my_values }}
helm: helm:
values: | values: |
{{- toYaml $my_values | nindent 8 }} {{- include (print $name "-values") $ | nindent 8 }}
{{- end }}
destination: destination:
server: {{ .Values.global.defaultDestination.server }} server: {{ .Values.global.kubezero.server }}
namespace: {{ default "kube-system" ( index .Values $name "namespace" ) }} namespace: {{ default "kube-system" ( index .Values $name "namespace" ) }}
{{- if .Values.global.syncPolicy }} {{- with .Values.global.kubezero.syncPolicy }}
syncPolicy: syncPolicy:
{{- toYaml .Values.global.syncPolicy | nindent 4 }} {{- toYaml . | nindent 4 }}
{{- end }} {{- end }}
{{- include (print $name "-argo") $ }}
{{- end }}
{{- end }} {{- end }}

View File

@ -0,0 +1,31 @@
{{- define "argo-cd-values" }}
argo-cd:
controller:
metrics:
enabled: {{ .Values.metrics.enabled }}
repoServer:
metrics:
enabled: {{ .Values.metrics.enabled }}
server:
metrics:
enabled: {{ .Values.metrics.enabled }}
{{- with index .Values "argo-cd" "server" }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with index .Values "argo-cd" "configs" }}
configs:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- if and ( index .Values "argo-cd" "istio" "enabled" ) .Values.istio.enabled }}
istio:
{{- with index .Values "argo-cd" "istio" }}
{{- toYaml . | nindent 2 }}
{{- end }}
{{- end }}
{{- with index .Values "argo-cd" "kubezero" }}
kubezero:
{{- toYaml . | nindent 2 }}
{{- end }}
{{- end }}

View File

@ -0,0 +1,19 @@
{{- if not .Values.argo }}
{{- $artifacts := list "calico" "cert-manager" "kiam" "aws-ebs-csi-driver" "aws-efs-csi-driver" "local-volume-provisioner" "istio" "istio-ingress" "metrics" "logging" "argo-cd" }}
{{- if .Values.global }}
global:
{{- toYaml .Values.global | nindent 2 }}
{{- end }}
{{- range $artifacts }}
{{- if index $.Values . }}
{{ . }}:
enabled: {{ index $.Values . "enabled" }}
values:
{{- include (print . "-values") $ | nindent 4 }}
{{- end }}
{{- end }}
{{- end }}

View File

@ -1,3 +1,14 @@
{{- if index .Values "aws-ebs-csi-driver" "enabled" }} {{- define "aws-ebs-csi-driver-values" }}
{{ include "kubezero-app.app" . }} aws-ebs-csi-driver:
replicaCount: {{ ternary 2 1 .Values.HighAvailableControlplane }}
podAnnotations:
iam.amazonaws.com/role: {{ index .Values "aws-ebs-csi-driver" "IamArn" | quote }}
extraVolumeTags:
Name: {{ .Values.ClusterName }}
{{- end }} {{- end }}
{{- define "aws-ebs-csi-driver-argo" }}
{{- end }}
{{ include "kubezero-app.app" . }}

View File

@ -1,3 +1,24 @@
{{- if index .Values "aws-efs-csi-driver" "enabled" }} {{- define "aws-efs-csi-driver-values" }}
{{ include "kubezero-app.app" . }} {{- with index .Values "aws-efs-csi-driver" "nodeSelector" }}
aws-efs-csi-driver:
nodeSelector:
{{- toYaml . | nindent 4 }}
{{- end }} {{- end }}
{{- with index .Values "aws-efs-csi-driver" "PersistentVolumes" }}
PersistentVolumes:
{{- toYaml . | nindent 2 }}
{{- end }}
{{- if index .Values "aws-efs-csi-driver" "EfsId" }}
PersistentVolume:
create: true
EfsId: {{ index .Values "aws-efs-csi-driver" "EfsId" }}
Name: {{ default "kubezero-efs-pv" ( index .Values "aws-efs-csi-driver" "PVName" ) }}
{{- end }}
{{- end }}
{{- define "aws-efs-csi-driver-argo" }}
{{- end }}
{{ include "kubezero-app.app" . }}

View File

@ -1,5 +1,11 @@
{{- if .Values.calico.enabled }} {{- define "calico-values" }}
{{ include "kubezero-app.app" . }} network: {{ default "vxlan" .Values.calico.network }}
mtu: {{ default "8941" .Values.calico.mtu }}
prometheus: {{ .Values.metrics.enabled }}
{{- end }}
{{- define "calico-argo" }}
ignoreDifferences: ignoreDifferences:
- group: apiextensions.k8s.io - group: apiextensions.k8s.io
@ -7,3 +13,5 @@
jsonPointers: jsonPointers:
- /status - /status
{{- end }} {{- end }}
{{ include "kubezero-app.app" . }}

View File

@ -1,13 +1,23 @@
{{- if index .Values "cert-manager" "enabled" }} {{- define "cert-manager-values" }}
{{ include "kubezero-app.app" . }} localCA:
enabled: true
{{ with index .Values "cert-manager" "IamArn" }}
cert-manager:
podAnnotations:
iam.amazonaws.com/role: "{{ . }}"
{{- end }}
--- {{- with index .Values "cert-manager" "clusterIssuer" }}
apiVersion: v1 clusterIssuer:
kind: Namespace {{- . | toYaml | nindent 2 }}
metadata:
name: cert-manager
{{- if index .Values "kiam" "enabled" }}
annotations:
iam.amazonaws.com/permitted: ".*CertManagerRole.*"
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- define "cert-manager-argo" }}
{{- end }}
{{- end }}
{{ include "kubezero-app.app" . }}

View File

@ -1,8 +1,36 @@
{{- if index .Values "istio-ingress" "enabled" }} {{- define "istio-ingress-values" }}
{{ include "kubezero-app.app" . }} {{- if index .Values "istio-ingress" "public" }}
--- istio-ingress:
apiVersion: v1 enabled: {{ index .Values "istio-ingress" "public" "enabled" }}
kind: Namespace {{- with index .Values "istio-ingress" "public" "gateway" }}
metadata: gateways:
name: istio-ingress istio-ingressgateway:
{{- toYaml . | nindent 6 }}
{{- end }} {{- end }}
{{- with index .Values "istio-ingress" "public" "dnsNames" }}
dnsNames:
{{- toYaml . | nindent 2 }}
{{- end }}
{{- end }}
{{- if index .Values "istio-ingress" "private" }}
istio-private-ingress:
enabled: {{ index .Values "istio-ingress" "private" "enabled" }}
{{- with index .Values "istio-ingress" "private" "gateway" }}
gateways:
istio-ingressgateway:
{{- toYaml . | nindent 6 }}
{{- end }}
{{- with index .Values "istio-ingress" "private" "dnsNames" }}
dnsNames:
{{- toYaml . | nindent 2 }}
{{- end }}
{{- end }}
{{- end }}
{{- define "istio-ingress-argo" }}
{{- end }}
{{ include "kubezero-app.app" . }}

View File

@ -1,5 +1,11 @@
{{- if .Values.istio.enabled }} {{- define "istio-values" }}
{{ include "kubezero-app.app" . }} istio-discovery:
pilot:
replicaCount: {{ ternary 2 1 .Values.HighAvailableControlplane }}
{{- end }}
{{- define "istio-argo" }}
ignoreDifferences: ignoreDifferences:
- group: apiextensions.k8s.io - group: apiextensions.k8s.io
@ -17,10 +23,6 @@
jsonPointers: jsonPointers:
- /webhooks/0/clientConfig/caBundle - /webhooks/0/clientConfig/caBundle
- /webhooks/0/failurePolicy - /webhooks/0/failurePolicy
---
apiVersion: v1
kind: Namespace
metadata:
name: istio-system
{{- end }} {{- end }}
{{ include "kubezero-app.app" . }}

View File

@ -1,3 +1,20 @@
{{- if index .Values "kiam" "enabled" }} {{- define "kiam-values" }}
{{ include "kubezero-app.app" . }} kiam:
server:
assumeRoleArn: "{{ .Values.kiam.IamArn }}"
deployment:
replicas: {{ ternary 2 1 .Values.HighAvailableControlplane }}
prometheus:
servicemonitor:
enabled: {{ .Values.metrics.enabled }}
agent:
prometheus:
servicemonitor:
enabled: {{ .Values.metrics.enabled }}
{{- end }} {{- end }}
{{- define "kiam-argo" }}
{{- end }}
{{ include "kubezero-app.app" . }}

View File

@ -1,3 +1,7 @@
{{- if index .Values "local-volume-provisioner" "enabled" }} {{- define "local-volume-provisioner-values" }}
{{ include "kubezero-app.app" . }}
{{- end }} {{- end }}
{{- define "local-volume-provisioner-argo" }}
{{- end }}
{{ include "kubezero-app.app" . }}

View File

@ -1,5 +1,86 @@
{{- if index .Values "logging" "enabled" }} {{- define "logging-values" }}
{{ include "kubezero-app.app" . }}
{{- with index .Values "logging" "eck-operator" }}
eck-operator:
{{- toYaml . | nindent 2 }}
{{- end }}
{{- if .Values.logging.elastic_password }}
elastic_password: {{ .Values.logging.elastic_password }}
{{- end }}
{{- if .Values.logging.version }}
version: {{ .Values.logging.version }}
{{- end }}
{{- if .Values.logging.fullnameOverride }}
fullnameOverride: {{ .Values.logging.fullnameOverride }}
{{- end }}
{{- if .Values.logging.es }}
es:
{{- if .Values.logging.es.nodeSets }}
nodeSets:
{{- with .Values.logging.es.nodeSets }}
{{- toYaml . | nindent 2 }}
{{- end }}
{{- end }}
prometheus: {{ .Values.metrics.enabled }}
{{- if .Values.logging.es.s3Snapshot }}
s3Snapshot:
{{- with .Values.logging.es.s3Snapshot }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
{{- end }}
{{- if .Values.logging.kibana }}
kibana:
{{- with .Values.logging.kibana }}
{{- toYaml . | nindent 2 }}
{{- end }}
{{- end }}
{{- if .Values.logging.fluentd }}
fluentd:
enabled: {{ .Values.logging.fluentd.enabled }}
metrics:
enabled: {{ .Values.metrics.enabled }}
url: {{ .Values.logging.fluentd.url }}
{{- if .Values.logging.fluentd.output }}
output:
host: {{ .Values.logging.fluentd.output.host }}
{{- end }}
{{- if .Values.logging.fluentd.extraEnvVars }}
extraEnvVars:
{{- toYaml .Values.logging.fluentd.extraEnvVars | nindent 8 }}
{{- end }}
{{- if and .Values.logging.fluentd.istio .Values.istio.enabled }}
istio:
{{- with .Values.logging.fluentd.istio }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
{{- end }}
{{- if index .Values "logging" "fluent-bit" }}
fluent-bit:
enabled: {{ index .Values.logging "fluent-bit" "enabled" }}
serviceMonitor:
enabled: {{ .Values.metrics.enabled }}
{{- if index .Values.logging "fluent-bit" "config" }}
config:
{{- with index .Values.logging "fluent-bit" "config" }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{- define "logging-argo" }}
ignoreDifferences: ignoreDifferences:
- group: admissionregistration.k8s.io - group: admissionregistration.k8s.io
@ -16,11 +97,6 @@
kind: CustomResourceDefinition kind: CustomResourceDefinition
jsonPointers: jsonPointers:
- /status - /status
---
apiVersion: v1
kind: Namespace
metadata:
name: logging
annotations:
iam.amazonaws.com/permitted: ".*ElasticSearchSnapshots.*"
{{- end }} {{- end }}
{{ include "kubezero-app.app" . }}

View File

@ -1,21 +1,42 @@
{{- if index .Values "metrics" "enabled" }} {{- define "metrics-values" }}
{{ include "kubezero-app.app" . }}
{{- if .Values.metrics.istio.grafana.enabled }}
grafana:
istio:
{{- with .Values.metrics.istio.grafana }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
{{- if .Values.metrics.istio.prometheus.enabled }}
prometheus:
istio:
{{- with .Values.metrics.istio.prometheus }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
{{- if index .Values "metrics" "kube-prometheus-stack" }}
kube-prometheus-stack:
{{- with index .Values "metrics" "kube-prometheus-stack" }}
{{- toYaml . | nindent 2 }}
{{- end }}
{{- end }}
{{- end }}
{{- define "metrics-argo" }}
ignoreDifferences: ignoreDifferences:
- group: admissionregistration.k8s.io - group: admissionregistration.k8s.io
kind: ValidatingWebhookConfiguration kind: ValidatingWebhookConfiguration
jsonPointers: jsonPointers:
- /webhooks/0/clientConfig/caBundle
- /webhooks/0/failurePolicy - /webhooks/0/failurePolicy
- group: admissionregistration.k8s.io - group: admissionregistration.k8s.io
kind: MutatingWebhookConfiguration kind: MutatingWebhookConfiguration
jsonPointers: jsonPointers:
- /webhooks/0/clientConfig/caBundle
- /webhooks/0/failurePolicy - /webhooks/0/failurePolicy
---
apiVersion: v1
kind: Namespace
metadata:
name: monitoring
{{- end }} {{- end }}
{{ include "kubezero-app.app" . }}

View File

@ -1,41 +0,0 @@
global:
defaultDestination:
server: https://kubernetes.default.svc
# This repoURL is used a base for all the repoURLs applications
# Setting this to a eg. private git repo incl. the use of pathPrefix allows kubezero to be
# integrated into any repository as a git subtree if for example public internet access is unavailable
defaultSource:
# defaultSource.repoURL -- default repository for argocd applications
repoURL: https://github.com/zero-down-time/kubezero
# defaultSource.targetRevision -- default tracking of repoURL
targetRevision: HEAD
# defaultSource.pathPrefix -- optional path prefix within repoURL to support eg. remote subtrees
pathPrefix: ''
calico:
enabled: true
local-volume-provisioner:
enabled: true
cert-manager:
enabled: true
kiam:
enabled: true
aws-ebs-csi-driver:
enabled: true
aws-efs-csi-driver:
enabled: true
istio:
enabled: true
metrics:
enabled: true
logging:
enabled: true

View File

@ -1,17 +0,0 @@
global:
defaultDestination:
server: https://kubernetes.default.svc
# This repoURL is used a base for all the repoURLs applications
# Setting this to a eg. private git repo incl. the use of pathPrefix allows kubezero to be
# integrated into any repository as a git subtree if for example public internet access is unavailable
defaultSource:
# defaultSource.repoURL -- default repository for argocd applications
repoURL: https://github.com/zero-down-time/kubezero
# defaultSource.targetRevision -- default tracking of repoURL
targetRevision: HEAD
# defaultSource.pathPrefix -- optional path prefix within repoURL to support eg. remote subtrees
pathPrefix: ''
calico:
enabled: true

View File

@ -1,20 +1,12 @@
argo: {}
global: global:
defaultDestination: argo:
server: https://kubernetes.default.svc server: https://kubernetes.default.svc
# This repoURL is used a base for all the repoURLs applications
# Setting this to a eg. private git repo incl. the use of pathPrefix allows kubezero to be
# integrated into any repository as a git subtree if for example public internet access is unavailable
defaultSource:
# defaultSource.repoURL -- default repository for argocd applications
repoURL: https://github.com/zero-down-time/kubezero repoURL: https://github.com/zero-down-time/kubezero
# defaultSource.targetRevision -- default tracking of repoURL
targetRevision: HEAD targetRevision: HEAD
# defaultSource.pathPrefix -- optional path prefix within repoURL to support eg. remote subtrees
pathPrefix: '' pathPrefix: ''
platform: aws
calico: calico:
enabled: false enabled: false
retain: true retain: true

1
deploy/.gitignore vendored
View File

@ -1 +0,0 @@
generated-values.yaml

View File

@ -1,23 +0,0 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

View File

@ -1,6 +0,0 @@
apiVersion: v2
name: deploy
description: "This chart is only used to generate the values.yaml for KubeZero !! Once something like https://github.com/helm/helm/pull/6876 gets merged this will be removed !"
type: application
version: 0.0.1
appVersion: 1.16.0

View File

@ -1,30 +0,0 @@
#!/bin/bash
set -ex
LOCATION=${1:-""}
DEPLOY_DIR=$( dirname $( realpath $0 ))
function chart_location() {
if [ -z "$LOCATION" ]; then
echo "$1 --repo https://zero-down-time.github.io/kubezero"
else
echo "$LOCATION/$1"
fi
}
# Update only if we use upstream
if [ -z "$LOCATION" ]; then
helm repo add kubezero https://zero-down-time.github.io/kubezero
helm repo update
fi
TMPDIR=$(mktemp -d kubezero.XXX)
# This will be stored as secret during the initial kubezero chart install
helm template $DEPLOY_DIR -f values.yaml -f cloudbender.yaml > $TMPDIR/kubezero.yaml
helm template $(chart_location kubezero) --namespace argocd --name-template kubezero --skip-crds -f $TMPDIR/kubezero.yaml > $TMPDIR/helm.yaml
kubectl apply --namespace argocd -f $TMPDIR/helm.yaml
[ "$DEBUG" == "" ] && rm -rf $TMPDIR

View File

@ -1,26 +0,0 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: kubezero
namespace: argocd
labels:
{{ include "kubezero-lib.labels" . | indent 4 }}
spec:
project: kubezero
source:
repoURL: {{ .Values.global.defaultSource.repoURL }}
targetRevision: {{ .Values.global.defaultSource.targetRevision }}
path: {{ .Values.global.defaultSource.pathPrefix}}charts/kubezero
helm:
values: |
{{- toYaml .Values | nindent 8 }}
destination:
server: {{ .Values.global.defaultDestination.server }}
namespace: argocd
{{- if .Values.global.syncPolicy }}
syncPolicy:
{{- toYaml .Values.global.syncPolicy | nindent 4 }}
{{- end }}

View File

@ -1,259 +0,0 @@
{{- if .Values.global }}
global:
{{- toYaml .Values.global | nindent 2 }}
{{- end }}
calico:
enabled: {{ .Values.calico.enabled }}
values:
network: {{ default "vxlan" .Values.calico.network }}
mtu: {{ default "8941" .Values.calico.mtu }}
prometheus: {{ .Values.metrics.enabled }}
cert-manager:
enabled: {{ index .Values "cert-manager" "enabled" }}
values:
localCA:
enabled: true
{{- if eq .Values.platform "aws" }}
cert-manager:
podAnnotations:
iam.amazonaws.com/role: "{{ index .Values "cert-manager" "IamArn" }}"
{{- end }}
{{- if .Values.kiam.enabled }}
clusterIssuer:
name: letsencrypt-dns-prod
server: https://acme-v02.api.letsencrypt.org/directory
email: {{ index .Values "cert-manager" "email" }}
solvers:
- selector:
dnsZones:
{{- with index .Values "cert-manager" "dnsZones" }}
{{- . | toYaml | nindent 12 }}
{{- end }}
dns01:
{{- if eq .Values.platform "aws" }}
route53:
region: {{ .Values.region }}
{{- else }}
{{- with index .Values "cert-manager" "solvers" }}
{{- . | toYaml | nindent 12 }}
{{- end }}
{{- end }}
{{- end }}
{{- if eq .Values.platform "aws" }}
kiam:
enabled: {{ .Values.kiam.enabled }}
values:
kiam:
enabled: {{ not .Values.kiam.certsOnly }}
server:
assumeRoleArn: "{{ .Values.kiam.IamArn }}"
deployment:
replicas: {{ ternary 2 1 .Values.HighAvailableControlplane }}
prometheus:
servicemonitor:
enabled: {{ .Values.metrics.enabled }}
agent:
prometheus:
servicemonitor:
enabled: {{ .Values.metrics.enabled }}
{{- if .Values.kiam.enabled }}
# AWS only components
aws-ebs-csi-driver:
enabled: {{ index .Values "aws-ebs-csi-driver" "enabled" }}
values:
aws-ebs-csi-driver:
replicaCount: {{ ternary 2 1 .Values.HighAvailableControlplane }}
podAnnotations:
iam.amazonaws.com/role: "{{ index .Values "aws-ebs-csi-driver" "IamArn" }}"
extraVolumeTags:
Name: {{ .Values.ClusterName }}
{{- end }}
aws-efs-csi-driver:
enabled: {{ index .Values "aws-efs-csi-driver" "enabled" }}
values:
{{- with index .Values "aws-efs-csi-driver" "nodeSelector" }}
aws-efs-csi-driver:
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with index .Values "aws-efs-csi-driver" "PersistentVolumes" }}
PersistentVolumes:
{{- toYaml . | nindent 6 }}
{{- end }}
{{- if index .Values "aws-efs-csi-driver" "EfsId" }}
PersistentVolume:
create: true
EfsId: {{ index .Values "aws-efs-csi-driver" "EfsId" }}
Name: {{ default "kubezero-efs-pv" ( index .Values "aws-efs-csi-driver" "PVName" ) }}
{{- end }}
{{- end }}
istio:
enabled: {{ .Values.istio.enabled }}
values:
istio-discovery:
pilot:
replicaCount: {{ ternary 2 1 .Values.HighAvailableControlplane }}
istio-ingress:
enabled: {{ index .Values "istio-ingress" "enabled" }}
values:
{{- if index .Values "istio-ingress" "public" "enabled" }}
istio-ingress:
enabled: true
{{- with index .Values "istio-ingress" "public" "gateway" }}
gateways:
istio-ingressgateway:
{{- toYaml . | nindent 10 }}
{{- end }}
{{- with index .Values "istio-ingress" "public" "dnsNames" }}
dnsNames:
{{- toYaml . | nindent 6 }}
{{- end }}
{{- end }}
{{- if index .Values "istio-ingress" "private" "enabled" }}
istio-private-ingress:
enabled: true
{{- with index .Values "istio-ingress" "private" "gateway" }}
gateways:
istio-ingressgateway:
{{- toYaml . | nindent 10 }}
{{- end }}
{{- with index .Values "istio-ingress" "private" "dnsNames" }}
dnsNames:
{{- toYaml . | nindent 6 }}
{{- end }}
{{- end }}
metrics:
enabled: {{ .Values.metrics.enabled }}
values:
{{- if .Values.metrics.istio.grafana.enabled }}
grafana:
istio:
{{- with .Values.metrics.istio.grafana }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}
{{- if .Values.metrics.istio.prometheus.enabled }}
prometheus:
istio:
{{- with .Values.metrics.istio.prometheus }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}
{{- if index .Values "metrics" "kube-prometheus-stack" }}
kube-prometheus-stack:
{{- with index .Values "metrics" "kube-prometheus-stack" }}
{{- toYaml . | nindent 6 }}
{{- end }}
{{- end }}
logging:
enabled: {{ .Values.logging.enabled }}
values:
{{- with index .Values "logging" "eck-operator" }}
eck-operator:
{{- toYaml . | nindent 6 }}
{{- end }}
{{- if .Values.logging.elastic_password }}
elastic_password: {{ .Values.logging.elastic_password }}
{{- end }}
{{- if .Values.logging.version }}
version: {{ .Values.logging.version }}
{{- end }}
{{- if .Values.logging.fullnameOverride }}
fullnameOverride: {{ .Values.logging.fullnameOverride }}
{{- end }}
{{- if .Values.logging.es }}
es:
{{- if .Values.logging.es.nodeSets }}
nodeSets:
{{- with .Values.logging.es.nodeSets }}
{{- toYaml . | nindent 6 }}
{{- end }}
{{- end }}
prometheus: {{ .Values.metrics.enabled }}
{{- if .Values.logging.es.s3Snapshot }}
s3Snapshot:
{{- with .Values.logging.es.s3Snapshot }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}
{{- end }}
{{- if .Values.logging.kibana }}
kibana:
{{- with .Values.logging.kibana }}
{{- toYaml . | nindent 6 }}
{{- end }}
{{- end }}
fluentd:
enabled: {{ .Values.logging.fluentd.enabled }}
metrics:
enabled: {{ .Values.metrics.enabled }}
url: {{ .Values.logging.fluentd.url }}
{{- if .Values.logging.fluentd.output }}
output:
host: {{ .Values.logging.fluentd.output.host }}
{{- end }}
{{- if .Values.logging.fluentd.extraEnvVars }}
extraEnvVars:
{{- toYaml .Values.logging.fluentd.extraEnvVars | nindent 8 }}
{{- end }}
{{- if and .Values.logging.fluentd.istio .Values.istio.enabled }}
istio:
{{- with .Values.logging.fluentd.istio }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}
fluent-bit:
enabled: {{ index .Values.logging "fluent-bit" "enabled" }}
serviceMonitor:
enabled: {{ .Values.metrics.enabled }}
{{- if index .Values.logging "fluent-bit" "config" }}
config:
{{- with index .Values.logging "fluent-bit" "config" }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}
argo-cd:
enabled: {{ index .Values "argo-cd" "enabled" }}
values:
argo-cd:
controller:
metrics:
enabled: {{ .Values.metrics.enabled }}
repoServer:
metrics:
enabled: {{ .Values.metrics.enabled }}
server:
metrics:
enabled: {{ .Values.metrics.enabled }}
{{- with index .Values "argo-cd" "server" }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with index .Values "argo-cd" "configs" }}
configs:
{{- toYaml . | nindent 8}}
{{- end }}
{{- if and ( index .Values "argo-cd" "istio" "enabled" ) .Values.istio.enabled }}
istio:
{{- with index .Values "argo-cd" "istio" }}
{{- toYaml . | nindent 6 }}
{{- end }}
{{- end }}

View File

@ -1,57 +0,0 @@
ClusterName: Test-cluster
Domain: example.com
platform: aws
HighAvailableControlplane: false
calico:
enabled: true
cert-manager:
enabled: true
IamArn: ""
aws-ebs-csi-driver:
enabled: true
IamArn: ""
aws-efs-csi-driver:
enabled: false
kiam:
enabled: true
IamArn: ""
istio:
enabled: false
istio-ingress:
enabled: false
public:
enabled: false
private:
enabled: false
metrics:
enabled: false
istio:
grafana:
enabled: false
prometheus:
enabled: false
logging:
enabled: false
eck-operator:
enabled: false
fluentd:
enabled: false
fluent-bit:
enabled: false
argo-cd:
enabled: false
server: {}
istio:
enabled: false
gateway: istio-ingress/private-ingressgateway