docs: update support timeline

This commit is contained in:
Stefan Reimer 2024-03-27 11:34:19 +00:00
parent 751cf663cf
commit cfeea63555
6 changed files with 200 additions and 12 deletions

View File

@ -18,7 +18,7 @@ KubeZero is a Kubernetes distribution providing an integrated container platform
# Version / Support Matrix
KubeZero releases track the same *minor* version of Kubernetes.
KubeZero releases track the same *minor* version of Kubernetes.
Any 1.26.X-Y release of Kubezero supports any Kubernetes cluster 1.26.X.
KubeZero is distributed as a collection of versioned Helm charts, allowing custom upgrade schedules and module versions as needed.
@ -28,15 +28,15 @@ KubeZero is distributed as a collection of versioned Helm charts, allowing custo
gantt
title KubeZero Support Timeline
dateFormat YYYY-MM-DD
section 1.25
beta :125b, 2023-03-01, 2023-03-31
release :after 125b, 2023-08-01
section 1.26
beta :126b, 2023-06-01, 2023-06-30
release :after 126b, 2023-11-01
section 1.27
beta :127b, 2023-09-01, 2023-09-30
release :after 127b, 2024-02-01
release :after 127b, 2024-04-30
section 1.28
beta :128b, 2024-03-01, 2024-04-30
release :after 128b, 2023-08-31
section 1.29
beta :129b, 2024-06-01, 2024-06-30
release :after 129b, 2024-11-30
```
[Upstream release policy](https://kubernetes.io/releases/)
@ -57,7 +57,7 @@ gantt
## Featured workloads
- rootless CI/CD build platform to build containers as part of a CI pipeline, using podman / fuse device plugin support
- containerized AI models via integrated out of the box support for Nvidia GPU workers as well as AWS Neuron
- containerized AI models via integrated out of the box support for Nvidia GPU workers as well as AWS Neuron
## Control plane
- all Kubernetes components compiled against Alpine OS using `buildmode=pie`
@ -85,12 +85,12 @@ gantt
- CSI Snapshot controller and Gemini snapshot groups and retention
## Ingress
- AWS Network Loadbalancer and Istio Ingress controllers
- AWS Network Loadbalancer and Istio Ingress controllers
- no additional costs per exposed service
- real client source IP available to workloads via HTTP header and access logs
- ACME SSL Certificate handling via cert-manager incl. renewal etc.
- support for TCP services
- optional rate limiting support
- optional rate limiting support
- optional full service mesh
## Metrics
@ -104,4 +104,4 @@ gantt
- flexible ElasticSearch setup, leveraging the ECK operator, for easy maintenance & minimal admin knowledge required, incl. automated backups to S3
- Kibana allowing easy search and dashboards for all logs, incl. pre configured index templates and index management
- [fluentd-concerter](https://git.zero-downtime.net/ZeroDownTime/container-park/src/branch/master/fluentd-concenter) service providing queuing during highload as well as additional parsing options
- lightweight fluent-bit agents on each node requiring minimal resources forwarding logs secure via TLS to fluentd-concenter
- lightweight fluent-bit agents on each node requiring minimal resources forwarding logs secure via TLS to fluentd-concenter

View File

@ -0,0 +1,9 @@
configmap: grafana-dashboards
gzip: true
condition: 'index .Values "argo-cd" "controller" "metrics" "enabled"'
folder: KubeZero
dashboards:
- name: ArgoCD
url: https://grafana.com/api/dashboards/14584/revisions/1/download
tags:
- ArgoCD

File diff suppressed because one or more lines are too long

View File

@ -0,0 +1,28 @@
{{- if index .Values "argo-cd" "istio" "enabled" }}
{{- if index .Values "argo-cd" "istio" "ipBlocks" }}
apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
name: argocd-deny-not-in-ipblocks
namespace: istio-system
labels:
{{- include "kubezero-lib.labels" . | nindent 4 }}
spec:
selector:
matchLabels:
app: istio-ingressgateway
action: DENY
rules:
- from:
- source:
notIpBlocks:
{{- toYaml .Values.istio.ipBlocks | nindent 8 }}
to:
- operation:
hosts: [{{ index .Values "argo-cd" "configs" "cm" "url" | quote }}]
when:
- key: connection.sni
values:
- '*'
{{- end }}
{{- end }}

View File

@ -0,0 +1,31 @@
{{- if index .Values "argo-cd" "istio" "enabled" }}
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: argocd-server
namespace: {{ $.Release.Namespace }}
labels:
{{- include "kubezero-lib.labels" . | nindent 4 }}
spec:
gateways:
- {{ .Values.istio.gateway }}
hosts:
- {{ get (urlParse (index .Values "argo-cd" "configs" "cm" "url")) "host" }}
http:
- name: grpc
match:
- headers:
user-agent:
prefix: argocd-client
route:
- destination:
host: argocd-server
port:
number: 443
- name: http
route:
- destination:
host: argocd-server
port:
number: 80
{{- end }}

View File

@ -0,0 +1,105 @@
{{- define "argo-values" }}
argo-cd:
enabled: {{ default "false" (index .Values "argo" "argo-cd" "enabled") }}
{{- with index .Values "argo" "argo-cd" "configs" }}
configs:
{{- toYaml . | nindent 4 }}
{{- end }}
controller:
metrics:
enabled: {{ .Values.metrics.enabled }}
repoServer:
metrics:
enabled: {{ .Values.metrics.enabled }}
server:
metrics:
enabled: {{ .Values.metrics.enabled }}
{{- if and ( index .Values "argo" "argo-cd" "istio" "enabled" ) .Values.istio.enabled }}
istio:
{{- with index .Values "argo" "argo-cd" "istio" }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
argocd-apps:
projects:
kubezero:
namespace: argocd
description: KubeZero - ZeroDownTime Kubernetes Platform
sourceRepos:
- {{ .Values.kubezero.repoURL }}
{{- with .Values.kubezero.gitSync.repoURL }}
- {{ . }}
{{- end }}
destinations:
- namespace: '*'
server: https://kubernetes.default.svc
clusterResourceWhitelist:
- group: '*'
kind: '*'
applications:
kubezero-git-sync:
namespace: argocd
project: kubezero
source:
repoURL: {{ .Values.kubezero.gitSync.repoURL }}
targetRevision: {{ .Values.kubezero.gitSync.targetRevision }}
path: {{ .Values.kubezero.gitSync.path }}
directory:
recurse: true
destination:
server: https://kubernetes.default.svc
namespace: argocd
{{- with .Values.kubezero.syncPolicy }}
syncPolicy:
{{- toYaml . | nindent 8 }}
{{- end }}
argocd-image-updater:
enabled: {{ default "false" (index .Values "argo" "argocd-image-updater" "enabled") }}
{{- with omit (index .Values "argo" "argocd-image-updater") "enabled" }}
{{- toYaml . | nindent 2 }}
{{- end }}
{{- if .Values.global.aws }}
extraEnv:
- name: AWS_ROLE_ARN
value: "arn:aws:iam::{{ .Values.global.aws.accountId }}:role/{{ .Values.global.aws.region }}.{{ .Values.global.clusterName }}.argocd-image-updater"
- name: AWS_WEB_IDENTITY_TOKEN_FILE
value: "/var/run/secrets/sts.amazonaws.com/serviceaccount/token"
- name: AWS_STS_REGIONAL_ENDPOINTS
value: "regional"
- name: METADATA_TRIES
value: "0"
- name: AWS_REGION
value: {{ .Values.global.aws.region }}
volumes:
- name: aws-token
projected:
sources:
- serviceAccountToken:
path: token
expirationSeconds: 86400
audience: "sts.amazonaws.com"
volumeMounts:
- name: aws-token
mountPath: "/var/run/secrets/sts.amazonaws.com/serviceaccount/"
readOnly: true
{{- end }}
metrics:
enabled: {{ .Values.metrics.enabled }}
{{- end }}
{{- define "argo-argo" }}
{{- end }}
{{ include "kubezero-app.app" . }}