docs: update support timeline
This commit is contained in:
parent
751cf663cf
commit
cfeea63555
24
README.md
24
README.md
@ -18,7 +18,7 @@ KubeZero is a Kubernetes distribution providing an integrated container platform
|
||||
|
||||
|
||||
# Version / Support Matrix
|
||||
KubeZero releases track the same *minor* version of Kubernetes.
|
||||
KubeZero releases track the same *minor* version of Kubernetes.
|
||||
Any 1.26.X-Y release of Kubezero supports any Kubernetes cluster 1.26.X.
|
||||
|
||||
KubeZero is distributed as a collection of versioned Helm charts, allowing custom upgrade schedules and module versions as needed.
|
||||
@ -28,15 +28,15 @@ KubeZero is distributed as a collection of versioned Helm charts, allowing custo
|
||||
gantt
|
||||
title KubeZero Support Timeline
|
||||
dateFormat YYYY-MM-DD
|
||||
section 1.25
|
||||
beta :125b, 2023-03-01, 2023-03-31
|
||||
release :after 125b, 2023-08-01
|
||||
section 1.26
|
||||
beta :126b, 2023-06-01, 2023-06-30
|
||||
release :after 126b, 2023-11-01
|
||||
section 1.27
|
||||
beta :127b, 2023-09-01, 2023-09-30
|
||||
release :after 127b, 2024-02-01
|
||||
release :after 127b, 2024-04-30
|
||||
section 1.28
|
||||
beta :128b, 2024-03-01, 2024-04-30
|
||||
release :after 128b, 2023-08-31
|
||||
section 1.29
|
||||
beta :129b, 2024-06-01, 2024-06-30
|
||||
release :after 129b, 2024-11-30
|
||||
```
|
||||
|
||||
[Upstream release policy](https://kubernetes.io/releases/)
|
||||
@ -57,7 +57,7 @@ gantt
|
||||
|
||||
## Featured workloads
|
||||
- rootless CI/CD build platform to build containers as part of a CI pipeline, using podman / fuse device plugin support
|
||||
- containerized AI models via integrated out of the box support for Nvidia GPU workers as well as AWS Neuron
|
||||
- containerized AI models via integrated out of the box support for Nvidia GPU workers as well as AWS Neuron
|
||||
|
||||
## Control plane
|
||||
- all Kubernetes components compiled against Alpine OS using `buildmode=pie`
|
||||
@ -85,12 +85,12 @@ gantt
|
||||
- CSI Snapshot controller and Gemini snapshot groups and retention
|
||||
|
||||
## Ingress
|
||||
- AWS Network Loadbalancer and Istio Ingress controllers
|
||||
- AWS Network Loadbalancer and Istio Ingress controllers
|
||||
- no additional costs per exposed service
|
||||
- real client source IP available to workloads via HTTP header and access logs
|
||||
- ACME SSL Certificate handling via cert-manager incl. renewal etc.
|
||||
- support for TCP services
|
||||
- optional rate limiting support
|
||||
- optional rate limiting support
|
||||
- optional full service mesh
|
||||
|
||||
## Metrics
|
||||
@ -104,4 +104,4 @@ gantt
|
||||
- flexible ElasticSearch setup, leveraging the ECK operator, for easy maintenance & minimal admin knowledge required, incl. automated backups to S3
|
||||
- Kibana allowing easy search and dashboards for all logs, incl. pre configured index templates and index management
|
||||
- [fluentd-concerter](https://git.zero-downtime.net/ZeroDownTime/container-park/src/branch/master/fluentd-concenter) service providing queuing during highload as well as additional parsing options
|
||||
- lightweight fluent-bit agents on each node requiring minimal resources forwarding logs secure via TLS to fluentd-concenter
|
||||
- lightweight fluent-bit agents on each node requiring minimal resources forwarding logs secure via TLS to fluentd-concenter
|
||||
|
9
charts/kubezero-argo/dashboards.yaml
Normal file
9
charts/kubezero-argo/dashboards.yaml
Normal file
@ -0,0 +1,9 @@
|
||||
configmap: grafana-dashboards
|
||||
gzip: true
|
||||
condition: 'index .Values "argo-cd" "controller" "metrics" "enabled"'
|
||||
folder: KubeZero
|
||||
dashboards:
|
||||
- name: ArgoCD
|
||||
url: https://grafana.com/api/dashboards/14584/revisions/1/download
|
||||
tags:
|
||||
- ArgoCD
|
File diff suppressed because one or more lines are too long
@ -0,0 +1,28 @@
|
||||
{{- if index .Values "argo-cd" "istio" "enabled" }}
|
||||
{{- if index .Values "argo-cd" "istio" "ipBlocks" }}
|
||||
apiVersion: security.istio.io/v1beta1
|
||||
kind: AuthorizationPolicy
|
||||
metadata:
|
||||
name: argocd-deny-not-in-ipblocks
|
||||
namespace: istio-system
|
||||
labels:
|
||||
{{- include "kubezero-lib.labels" . | nindent 4 }}
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app: istio-ingressgateway
|
||||
action: DENY
|
||||
rules:
|
||||
- from:
|
||||
- source:
|
||||
notIpBlocks:
|
||||
{{- toYaml .Values.istio.ipBlocks | nindent 8 }}
|
||||
to:
|
||||
- operation:
|
||||
hosts: [{{ index .Values "argo-cd" "configs" "cm" "url" | quote }}]
|
||||
when:
|
||||
- key: connection.sni
|
||||
values:
|
||||
- '*'
|
||||
{{- end }}
|
||||
{{- end }}
|
31
charts/kubezero-argo/templates/argo-cd/istio-service.yaml
Normal file
31
charts/kubezero-argo/templates/argo-cd/istio-service.yaml
Normal file
@ -0,0 +1,31 @@
|
||||
{{- if index .Values "argo-cd" "istio" "enabled" }}
|
||||
apiVersion: networking.istio.io/v1alpha3
|
||||
kind: VirtualService
|
||||
metadata:
|
||||
name: argocd-server
|
||||
namespace: {{ $.Release.Namespace }}
|
||||
labels:
|
||||
{{- include "kubezero-lib.labels" . | nindent 4 }}
|
||||
spec:
|
||||
gateways:
|
||||
- {{ .Values.istio.gateway }}
|
||||
hosts:
|
||||
- {{ get (urlParse (index .Values "argo-cd" "configs" "cm" "url")) "host" }}
|
||||
http:
|
||||
- name: grpc
|
||||
match:
|
||||
- headers:
|
||||
user-agent:
|
||||
prefix: argocd-client
|
||||
route:
|
||||
- destination:
|
||||
host: argocd-server
|
||||
port:
|
||||
number: 443
|
||||
- name: http
|
||||
route:
|
||||
- destination:
|
||||
host: argocd-server
|
||||
port:
|
||||
number: 80
|
||||
{{- end }}
|
105
charts/kubezero/templates/argo.yaml
Normal file
105
charts/kubezero/templates/argo.yaml
Normal file
@ -0,0 +1,105 @@
|
||||
{{- define "argo-values" }}
|
||||
|
||||
argo-cd:
|
||||
enabled: {{ default "false" (index .Values "argo" "argo-cd" "enabled") }}
|
||||
{{- with index .Values "argo" "argo-cd" "configs" }}
|
||||
configs:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
|
||||
controller:
|
||||
metrics:
|
||||
enabled: {{ .Values.metrics.enabled }}
|
||||
repoServer:
|
||||
metrics:
|
||||
enabled: {{ .Values.metrics.enabled }}
|
||||
server:
|
||||
metrics:
|
||||
enabled: {{ .Values.metrics.enabled }}
|
||||
|
||||
{{- if and ( index .Values "argo" "argo-cd" "istio" "enabled" ) .Values.istio.enabled }}
|
||||
istio:
|
||||
{{- with index .Values "argo" "argo-cd" "istio" }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
argocd-apps:
|
||||
projects:
|
||||
kubezero:
|
||||
namespace: argocd
|
||||
description: KubeZero - ZeroDownTime Kubernetes Platform
|
||||
sourceRepos:
|
||||
- {{ .Values.kubezero.repoURL }}
|
||||
{{- with .Values.kubezero.gitSync.repoURL }}
|
||||
- {{ . }}
|
||||
{{- end }}
|
||||
destinations:
|
||||
- namespace: '*'
|
||||
server: https://kubernetes.default.svc
|
||||
clusterResourceWhitelist:
|
||||
- group: '*'
|
||||
kind: '*'
|
||||
applications:
|
||||
kubezero-git-sync:
|
||||
namespace: argocd
|
||||
project: kubezero
|
||||
source:
|
||||
repoURL: {{ .Values.kubezero.gitSync.repoURL }}
|
||||
targetRevision: {{ .Values.kubezero.gitSync.targetRevision }}
|
||||
path: {{ .Values.kubezero.gitSync.path }}
|
||||
|
||||
directory:
|
||||
recurse: true
|
||||
|
||||
destination:
|
||||
server: https://kubernetes.default.svc
|
||||
namespace: argocd
|
||||
|
||||
{{- with .Values.kubezero.syncPolicy }}
|
||||
syncPolicy:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
|
||||
argocd-image-updater:
|
||||
enabled: {{ default "false" (index .Values "argo" "argocd-image-updater" "enabled") }}
|
||||
|
||||
{{- with omit (index .Values "argo" "argocd-image-updater") "enabled" }}
|
||||
{{- toYaml . | nindent 2 }}
|
||||
{{- end }}
|
||||
|
||||
{{- if .Values.global.aws }}
|
||||
extraEnv:
|
||||
- name: AWS_ROLE_ARN
|
||||
value: "arn:aws:iam::{{ .Values.global.aws.accountId }}:role/{{ .Values.global.aws.region }}.{{ .Values.global.clusterName }}.argocd-image-updater"
|
||||
- name: AWS_WEB_IDENTITY_TOKEN_FILE
|
||||
value: "/var/run/secrets/sts.amazonaws.com/serviceaccount/token"
|
||||
- name: AWS_STS_REGIONAL_ENDPOINTS
|
||||
value: "regional"
|
||||
- name: METADATA_TRIES
|
||||
value: "0"
|
||||
- name: AWS_REGION
|
||||
value: {{ .Values.global.aws.region }}
|
||||
volumes:
|
||||
- name: aws-token
|
||||
projected:
|
||||
sources:
|
||||
- serviceAccountToken:
|
||||
path: token
|
||||
expirationSeconds: 86400
|
||||
audience: "sts.amazonaws.com"
|
||||
volumeMounts:
|
||||
- name: aws-token
|
||||
mountPath: "/var/run/secrets/sts.amazonaws.com/serviceaccount/"
|
||||
readOnly: true
|
||||
{{- end }}
|
||||
|
||||
metrics:
|
||||
enabled: {{ .Values.metrics.enabled }}
|
||||
|
||||
{{- end }}
|
||||
|
||||
{{- define "argo-argo" }}
|
||||
{{- end }}
|
||||
|
||||
{{ include "kubezero-app.app" . }}
|
Loading…
Reference in New Issue
Block a user