From cfeea63555fbc3440ded5e3f1bda034ae91c34ad Mon Sep 17 00:00:00 2001 From: Stefan Reimer Date: Wed, 27 Mar 2024 11:34:19 +0000 Subject: [PATCH] docs: update support timeline --- README.md | 24 ++-- charts/kubezero-argo/dashboards.yaml | 9 ++ .../templates/argo-cd/grafana-dashboards.yaml | 15 +++ .../argo-cd/istio-authorization-policy.yaml | 28 +++++ .../templates/argo-cd/istio-service.yaml | 31 ++++++ charts/kubezero/templates/argo.yaml | 105 ++++++++++++++++++ 6 files changed, 200 insertions(+), 12 deletions(-) create mode 100644 charts/kubezero-argo/dashboards.yaml create mode 100644 charts/kubezero-argo/templates/argo-cd/grafana-dashboards.yaml create mode 100644 charts/kubezero-argo/templates/argo-cd/istio-authorization-policy.yaml create mode 100644 charts/kubezero-argo/templates/argo-cd/istio-service.yaml create mode 100644 charts/kubezero/templates/argo.yaml diff --git a/README.md b/README.md index 26601354..3b70e259 100644 --- a/README.md +++ b/README.md @@ -18,7 +18,7 @@ KubeZero is a Kubernetes distribution providing an integrated container platform # Version / Support Matrix -KubeZero releases track the same *minor* version of Kubernetes. +KubeZero releases track the same *minor* version of Kubernetes. Any 1.26.X-Y release of Kubezero supports any Kubernetes cluster 1.26.X. KubeZero is distributed as a collection of versioned Helm charts, allowing custom upgrade schedules and module versions as needed. @@ -28,15 +28,15 @@ KubeZero is distributed as a collection of versioned Helm charts, allowing custo gantt title KubeZero Support Timeline dateFormat YYYY-MM-DD - section 1.25 - beta :125b, 2023-03-01, 2023-03-31 - release :after 125b, 2023-08-01 - section 1.26 - beta :126b, 2023-06-01, 2023-06-30 - release :after 126b, 2023-11-01 section 1.27 beta :127b, 2023-09-01, 2023-09-30 - release :after 127b, 2024-02-01 + release :after 127b, 2024-04-30 + section 1.28 + beta :128b, 2024-03-01, 2024-04-30 + release :after 128b, 2023-08-31 + section 1.29 + beta :129b, 2024-06-01, 2024-06-30 + release :after 129b, 2024-11-30 ``` [Upstream release policy](https://kubernetes.io/releases/) @@ -57,7 +57,7 @@ gantt ## Featured workloads - rootless CI/CD build platform to build containers as part of a CI pipeline, using podman / fuse device plugin support -- containerized AI models via integrated out of the box support for Nvidia GPU workers as well as AWS Neuron +- containerized AI models via integrated out of the box support for Nvidia GPU workers as well as AWS Neuron ## Control plane - all Kubernetes components compiled against Alpine OS using `buildmode=pie` @@ -85,12 +85,12 @@ gantt - CSI Snapshot controller and Gemini snapshot groups and retention ## Ingress -- AWS Network Loadbalancer and Istio Ingress controllers +- AWS Network Loadbalancer and Istio Ingress controllers - no additional costs per exposed service - real client source IP available to workloads via HTTP header and access logs - ACME SSL Certificate handling via cert-manager incl. renewal etc. - support for TCP services -- optional rate limiting support +- optional rate limiting support - optional full service mesh ## Metrics @@ -104,4 +104,4 @@ gantt - flexible ElasticSearch setup, leveraging the ECK operator, for easy maintenance & minimal admin knowledge required, incl. automated backups to S3 - Kibana allowing easy search and dashboards for all logs, incl. pre configured index templates and index management - [fluentd-concerter](https://git.zero-downtime.net/ZeroDownTime/container-park/src/branch/master/fluentd-concenter) service providing queuing during highload as well as additional parsing options -- lightweight fluent-bit agents on each node requiring minimal resources forwarding logs secure via TLS to fluentd-concenter \ No newline at end of file +- lightweight fluent-bit agents on each node requiring minimal resources forwarding logs secure via TLS to fluentd-concenter diff --git a/charts/kubezero-argo/dashboards.yaml b/charts/kubezero-argo/dashboards.yaml new file mode 100644 index 00000000..86f759d8 --- /dev/null +++ b/charts/kubezero-argo/dashboards.yaml @@ -0,0 +1,9 @@ +configmap: grafana-dashboards +gzip: true +condition: 'index .Values "argo-cd" "controller" "metrics" "enabled"' +folder: KubeZero +dashboards: +- name: ArgoCD + url: https://grafana.com/api/dashboards/14584/revisions/1/download + tags: + - ArgoCD diff --git a/charts/kubezero-argo/templates/argo-cd/grafana-dashboards.yaml b/charts/kubezero-argo/templates/argo-cd/grafana-dashboards.yaml new file mode 100644 index 00000000..26895285 --- /dev/null +++ b/charts/kubezero-argo/templates/argo-cd/grafana-dashboards.yaml @@ -0,0 +1,15 @@ +{{- if index .Values "argo-cd" "controller" "metrics" "enabled" }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ printf "%s-%s" (include "kubezero-lib.fullname" $) "grafana-dashboards" | trunc 63 | trimSuffix "-" }} + namespace: {{ .Release.Namespace }} + labels: + grafana_dashboard: "1" + {{- include "kubezero-lib.labels" . | nindent 4 }} + annotations: + k8s-sidecar-target-directory: KubeZero +binaryData: + ArgoCD.json.gz: + H4sIAAAAAAAC/+2d63PbtpbAv+ev4OXt3LE7sivKsiV3JrPjJn3tpo0bJ72z22Q0EAlJrCmSJcHEqtf7ty8eJAWSIKkHZVH2yYckAijhdXDO7xyAwP0LTdNHI9v1IxLq32p/fOqIlAD/FdkB5mk0RdPu+d80jyx8TFN1H7nY0TtJsm2xxCmKpniZ6KI5f/bHbPJnHIS257Icnac9dNRlTAM0QS4qlJJPTsvJZ0glDU+7p93q4tRNCpA/Uxblz7Qjz7GON2iYsqQZRmSO/GJZP+UzVi7HQgSFXhSYOF+YH3hzTGY4CovlXSvypCKNDXsyJIgUC7vJpG7XgwTfKUp4n0ktlkD/FmKPXNejtaG5TO5FkbpjhySdBcuK0JxxZDvkZ/ZLRmeZKnW5uivpM9hFY4flkyDCUvrMthSptum5rzzHC9gPBtMxOup2tJ5h0L/OzzuacSz/dNLoq2VbtH9pVw4OSKYKSwkJZ2MPBZYe5z3wfz+9iLtex5ZNcrXVpy4mP7MeN/rnw75IYvPhvec5xPZpRpcn8lFxI8cRnwgOeI3YFy96ZxeDweBs0D/nvUf72b2VVBAfX4X6MT3HQX6I2S9PkBOmHVXf8frExo71ynMn9jQdX/FVPEGRwzXg/YPUSR4VloCOiahX0kHp701p3rUXZn9rlpOHL/Rzry8l3CXdE39esM+F3+ZddzFMPy/741OaRmzCx0V/S+v52cZflk1NhjfwvqjnUX1vlbaun29dTeMMdeN6F+nn7NiLrvez8zAefJdgl01H/R9/oGDq2XM0xZ+OZoT44bfffIM+01YFoXE6tcksGkchDuKvnJre/Jvom7Nu7+JyMOz+R/jSMLr/+vyyn5k8c4/PP32OglvL++LqhZr7TjS13d/zZmXZ7wFyQx8FopbyRE6HhCsp5ZiYyJzh9/YcexGRJk6T0p2miqnEdYqcKHUCmVH7P6MGLtSlB6TpwZ5Fvm+70+zYidYuv11aAhqHnhMRrHey+SHBfijp3OTPfe6z1AYqrRi7uR8S+h45EY57M5f70FmjgICqnIqfH3bzP575/Km0CyPX5gJtESsKYuPzQvHoxsooP13PctO1t9p0PestP9MpFdCG52VUMY3n6O41ldxrj36HZRndbt0Up/39SywgonOl+nErk+S6npvJ/DMKiT1ZJNkoIp6c7QU2nZWJAdJn9PPfVDkgR36IjnJk4reKmvH56ZhFudQdFJJfPfIr7Qp5pmTnA5+dIaeOTDpvYpgYM+XAc4WRs0wsLdPQ9TUV1Z+YZJuTaS2+87ngE6qQjo61E42O5RHFRhOH4YiyXEBGLGsUYqpjrfD+T2/88qPOtLJpnVDNS8X1hCqpwDbDj3qHcQlVjCZ++X8f9a/STx/1h+Nsh0y8YI5IUjD9dTpsYfaRRP5+QCbhk9PIZAd4wuFEv5Im0ovcoCyN5wefFVQ0nRxXQU+Dns7qaa51HlVBn6+moC/7bVPQFIMQKOidK2jTi1xyxP/WxgvtSOjeY+1I6OKR6dB+x8HIdifefYUe3kQRUyXJSTfjijWppOf4B6pD84LM0m9m9oQUM2Kt/ko0OgS9Dnq9pXp9uJpeH5yDXn9Kej3APkYF/SJSX9sBNtOO2sAWhNE8UftUNdSo/A6VaTIS5oLnxZaC5swwcsiMYT6JQp6XSaFPhAvXlPOlzxtCfWttyZXvO7YZ++ZgT8CetNOeGMZqBsXoDsCigKdAPQVqdLyln1BvMJ6Yj/CONj+0iZep9JPX6y+qNKTQEN28YqQTnBX1sqAxE4nWu4os0ZFGISPRsbqbm2dZLfsp14S7rNIRqbabry+YqgMwVf1VTVV37UXCgzUOVGa/vE9k9w0ai/XenNbMPvULCm5ZkKOwZyA1NBu6J61xRDw/3jTwj5cf9S0di2wf1dsfB0+xa/2QFqE/qnV6m7RcYZvEPiulcUKOjUK+XSS7nUEfo6AgTzWmLJy9we6U8C0N3Uw6DjfYf2Fh054jLtWZgta2iEtVsInWmtiOI481T/gxQJYtVu276+u3QV6/DWr128y2LOzeCIHN96XYILHc/SEkMVsPOtBT9yp8r95KhD5PFcrDjALF1oR459H3c58s1Fn/gwOvmCNMcr4MYZLzqYE9nZEb5f4mptEUqV7AJ11S5VzWaxyaCrXnEe7L5EtPtS97vjAUVJxwXofyxC+2RTL7eVRGiIkyd4oSiDc916XKUzLaakOF2KasVJWXVY5pSNUspNrBZHZuigvSU6fifVZbJu9RKK//i/SiMNLut3CAuVqfOJ60l06o27eZ6bbMLKs5Vcfmbb67GXj52HpDe71QgcOLfnHvKi3rUZ2mvNG6X/bAw8NGFkzG6T9Ws2zv8DSW99wXNgq0pbsK72WlgYLiJsCl3ujlZ/8osZ22a9mfbStCTtHTljYey5t+79CdnZu848i8FTIpN0V2y+RNBcuNmbmn1bovVVcK67VAd7hiKkg2tlsidbTMgGQlwWG0Wagdy/Cm36Gw4MbFqr/wuND9hWSplSqDfd/qehYmxKIoDdwWK4SRp7/Bn9NKZzbZFuIK0t7WjHI85K2t5yWrWgPF1la1ROSINuuUvcZ0rlpYbDDHc/vEoi7RSdFjZpvoqQZflDns+i92GNruNPs7fhT4TiFIQAeA/oTi8XE2xskfvolCnxnQXA29ALnTwsMf3FuX7TsVG72P+P7u5K/j8vCOCu3r8L4K8Sswf9U97uW4r2TwSg4vlchUKi9y/cgk0+jlEu+KkS0uoRel/VrF6HKQ4lxpoIsuowLj61G+HOcrkb6A9aovS2yvylYCfjnk14B+ucETOfQ7/46BOy8vlf5AtU9Q5ReU+gZFUVD5COV+QomvoPYXWIKGQu1vNhCZRz1lfCqegG+KTnC+0iUEXuM/VPkIFX5Cta9Q6y9U+gwZv6FYaoXzUOpAKKPfLXMkst9PImDcucjkHBeD7/VORp2jsYKzUeJwZOqWczpKHY/q6H+JE1LliFQ6I5UOSdYpEeCg3fDWZOVZ5ZlkvROVnis4KCs5KcXZrXZWShyWSqelynEpd15q9HnRiSk2oejMKKdllU9Q6RfkfINeIU/tH1T4CKV+gmJVZ2ftMHbdjtJ5uFALVon/U+kDZQsqcwdbB/9vI/J2ckO1dPbhBXYc78vjeQqsBvknlU0Dl2LHLkUhsRmf4gJ8CvApwKcAn+LxfArpuZZ5FFLNDt6fYJYbvAnwJsCb2KE3Uf66r7TGmJ+F9admPMkVmouyvXf9TZdoVnQlnrKrIPd65erD2ZaewvlBOAol2cp9RXtwE2I/QCD9Rl5AlcnapxPQUvg32gT/ha7fCfsHXuRaR7ZrBpjaXdkV4HTLBWkTh+Dhj6+SSf/p+FiQ/FdTWhrb8b8Nx2/A6Wm5T4PSr0xCuZkqMOD0PXB62Vam9eBX15tFX9WbLpsSvNTCE6PXnjY+kcWCZ4ah59tg6OWWGDo4e0TYLAs7r0ab+49KA24+51jzQeCmP6PfYqnfB4EX/O8PyHawtTGGdjT+e49Mo7zMhwcqfU8NTNlwRAGGAHKbwTR3PuUBcSmA5/px5XRZ59nHkwclh1kfdDi5TSFjo7dtzHjYKKwrMioDw0INqDKAtYG1D3FfhwqzA3YuskmxecQP3Nk+tAuR3UYA+l08LrZYA940xqvSUsDSe9uMYcBmjEOL1pooUB3RxJKvkWWJPdMKuWQPvGPRDUWhnRUOzmLfT+/T+ee4P5l0876T+OqNiYTKCP8qjGjyxAzP41lNlarvOYjgGx+b1BwWaIMaDOoRClI8PVeiT8XcDfmvRvNypcEM/VJlkzBRCRvQbiW7DrZi12E5u8bXXBWIP4ndfpfquKLZnlFAdBgkvoqlqnjYD3dCuiuRr3r2PKyCahKHPeRwh109hf+7qhU7gA8hBRVn+hUZw6kO1OXvKdti62d3BfJwcEPIUYMVa5PDNQ54p7gmXhkeSt0UmvOTHRKPWvx5neTFv/+67KiHhB5UA6XfXSnV/CoSfydE99doPubUXuip+IEb+28VUugLddEVS2S1hrXccpbazXJVWzE8vmOTVGwrjc5C9MF3sYHKn126fKK8GxeFbjzElc82RUx651tGTIbdvUZMDmgrHbxxA2/ctDwyczsM+QW3LOxStw66YliGPjPuaAEWanF0S538lr1Cw2r48KDd32cqefDRnP8ahtrV9c+wVQ+iOBDFgT13uyDPwTaHS50ZW5Ln5cXeybMOLTdeyVPG0DdFy9bTYcNUCORXTX5fvOCWMh612Rb2yayC8dj/WSJjw9OvM+e3PvIqGyvy4JHs30nHa69ZxwORPTMi28tOtD03A3isHe9ADLY6tWd7WBu2BdbKX3JYi9bKdRXgFuCW4mib22iMTeKM8B02R+w4M9udVl0oxknL9OZztF3EbAPYiks9eN66Fr2sxV2vBZELzAUvrO74hdVDbWGrXhp45VGr4TkODuDVAQZgw7KjaHrw7kAz+696255MedZ/du8OPL3F6uIVVe1aqT5/ZgA99UZzPGcHHIajGUb+CDmOZ47GC4LD+z+98cuPuuDrE6pgAtsM46ilGqofP2apul7q8ED6Fzz3goX2IURTDK8D7DlsyWUfFpJhIRnATcQmz7Y+Unx46HsYHxf7WDMB+QD5doN8doAIPvIDz8RhODL9iFIZHSMrjLckrk19fxjzT8eAfpuh36vrD8B97QidGhsfqQJMCEz4rJiw392SCS96rUHCja+SgVjgkz1K5BmGAade4EWEjTbE/R4L/n5M+xzoD14fAcLb3yL4e+xgpukWz30h/FK9ED4cwjp4Q+vgg223enb3e7vKXk6sBvqFnaJN7RSNX6ceId8epe8ke+M/sUnCdV/Iju8v5FmPHAMVhT6BU/HECGhvxQhor9ihhcDDwMPAwxDxbM9tef1tsa3X6kvxgOqA6g6P6jSthusA6B4d6NihOAnUAc0BzQHNAc09ufXr4UULXkYBWgNaO/RjERNoo4qOtr6pUxGB37bYkSj6VfuejwgAHAAcANx+lqfjiQgvaHOrpV6YHnRhYTrt1eE2B0Zuuy49XDHAueE1y5sgbzzPVVkrcSnPBDB9lmA6tUnurO70E1XALz/qTngS4LlHGJZqVW/HdOcJlqbp8LrMpjsmbaK9E+MQakfpEBzDuUPAp8CnEGDcB0wpT3Tcmqb6QFNAU8+HpiaYmDMgqX2RlDnD5q0XEQCpdoNU0ycYAkbBVbTtuYq2dTfObhVQM873euOsYfTXuXK2ms72f7msTBBWFPCbUNOTS+K7ZjdgigbvoD3sO2YZD/zAOmyn18tWSxncH6s9t/tjwQA+DQOoDILs3QJePHMLuOoaBVhByQq+CU/e8U4DSwiWEG5S321EffX35rc9hnRgQES9qYg6nOnZrpD76se4B9j3TsRO1RYd6eR71tM5xD0/KyCIDke4QxgddiPs8Qj3ba+XHMDezjbvRgBs2hibyo69BE5q36GXgEmwaRMwabuXit5RvabdcL0GLxbxNQpD/WLRxcWTe7Fod8G54WWpVhKdCbG3XcfeAAJ3HjsTONjCE9EhfAZceMjhsyZvCgcsfLLRs0p+udyGXy4H1fxydgH8srv4F6BL8/ErYBUIYUEIC0JYwCpPjVWM7kUNrAzbCiubng8IsZYnBCxmYfNyDblof0XIJbbDNjQb1RuZm0OZ3nNBmVfae/qg9lvcxw0STReIBogGiKaOaKgKJMLa6v+kf7Tpu+tXfIXONnH47Rrv6vS2ooqKd3U4VZz3V7GgyRSbo+DW8r64ulrr5JID5FINXnLccaoFCL4j+iECYsXbEQ3B4+rvJBs1ka5+tzUXM5dkx/cy7+BU7PXINTkWWxDsRodiV9mUfZ6JraFQ+5t1M1Bv4y/zTQPfHAnGHc2QaznYik/Eqabg9HvULLDHfN+xTY7Rp1fL/8d2ozLeV3zbj/+2SQWgo/H/Mi3mWY98tE5aiYeHTvxJ1OPwb0QpjE968g4crA24DbgNAcRdMaD6tfxaCOwBBK4XvgSSA5LbkOTie0xO4+P+geBaSHDZsQF6A3oDegN6208Er1ez/NvvA7wBvAG8PQq8+YH3JzbJ6bX4F+CthfCWHZuN4Q0WuoHdgN2A3baKvNXC28XzgjeAM4CzncEZO8MjtCkCLU7fpf8FRFsN0aqHjR98nO6SDWxim4VNEEv9WpzD8TQsy/N8TkMKs5pYLdo9E9LUubBbAmZBuIAxgTGBMYEx9xIfPKvZyNkfAmICYgJiNoKYIQ5DtgXvRvwLcNnC+F92bIDNgM2AzYDN9hP/q4WzS4AzgDOAs0bgjN3LxODsd/EvwFkL4Sw7NgBnAGcAZwBnewmc9fs1b0B3gc2AzYDNmnl/1TS9yCWnV+JfYLMWsll2bIDNgM2AzYDN9hM4q4OzSwicAZwBnDW1qkmI7U7D05v4P4BnrVzXzAwO8BnwGfDZnq7V2umNWnK/tPkmrZ76Ji1jaRxbfJXWaifz7ekC18st7281jB6cCV3DsI9xUes6INt7ziArQHVEAcUO6d8cbGKSXYdAJ8imCHx84KCXgB1rEq0EVfKAeIB4gHiPfXMq1UX1hPci/jJTMUxjsNyzrviKHpozPEfxngd2VUNXJJOFKMNCwa14khqJpUTqV1Qdvnqtp79N8Nx3EPP+0k6gli0kkgxLNLe03fdZy+CIuw2U6psdtlwRAOTTKveAKpBJsTQ0A5sbzsL469QocUc+lzwTp3nIgEktgxNZ+MpRgEGJvOpzqiltxeOxGpH5T+bl1MjLylqnKjhgKMaOfCj2iDTaRiZ1iu9yB17r4a3tfwicm4VrKiqXSJRUuTxWS0OLHOf3ZCROv5ZLkQY9Mxz14V3mSdiuHY+Y6NyRUKNHt9EYj3zPGtnuxJNuYjjWdzzkWc2+6Yin9V1jwDNzJpWCtXtFho5lt5+kz578jgKbhaVPfuNlKCdTjZSdfi24KSsJ1fJW5ACme7hQhb8lrdWzuSUZseSKPpIyohC/F+pMhnalOEekGCPnqSO+FJmqTDknvkPSmJeI/9o6j9dCre2+Go14mQlopv/ZqfIrkfZEqtM6qIX6RRkKyL2hcsPKumPNDskBSXkdlHcZxpXIjG62CjSr2bLOy8s6b7oso1vRsG7TpZ1VlHbWeGnGrLxps4bL6pWX1Wu6rH55Wf2myxqWlzXMlvVCgcpLe2XMO+fzDpWoDh3njjHr9Gad/qyT+XnJvPTW5pX8vK+jlfWUdfFSkLh/VBZd7qRl/qHR6TTwIp8R/m60urrjarquEZHmDawqtOHy4jPaSotM8lefTGnP8OXQTrGAFeeMGYXEm7eJ7+O4W3wmccyzYrn4QBA/rnqzgL9it5Qwfvy1Jgh/ba432sH1q4jxuqr/Kh+ez0Cp4zyexm9GcmcYOWQ2Cgki2fnaoNbP91lVrzWifH/ijVqUFprkN1sqnXzTgL32nTGfhcBV+kyzpd9Eoc/WZKzSspdPNFvyL3Z1m5P8Zkt9jacBqmpu+kCz5X5wb938HXNysUn+6oY9lsaOJBuddKw6ce91kuZ0ihV4XMP/3DVmSHv5ielLJjhVikNkN1vm24i8nXCJLSt2+UTbZ7DooE5a4cbmKP+XLSE+iBUYm4tgvPYyEYu/Oi3pJI166DyWydL0zNd827zlq/Xxl2PkSyNnsuDq59Jik9GVPpzJH6TomBy90g35gxz8kWMzcuxEN2Lh+pS0gW3ILE6o8lLkH76Qf1gupdeXPyzFXR9Ycn2TumS672/PXQYQpJdVxBIZT4z4phf9r+vb6Y8/TQfxktrndNmNQ3FOr+lvJxPbtJGjiV/SXqNwNvZQYLENy95E+8/IxVqv2zP0Fw//D4RhmGe/kgEA +{{- end }} diff --git a/charts/kubezero-argo/templates/argo-cd/istio-authorization-policy.yaml b/charts/kubezero-argo/templates/argo-cd/istio-authorization-policy.yaml new file mode 100644 index 00000000..9f0d4cbc --- /dev/null +++ b/charts/kubezero-argo/templates/argo-cd/istio-authorization-policy.yaml @@ -0,0 +1,28 @@ +{{- if index .Values "argo-cd" "istio" "enabled" }} +{{- if index .Values "argo-cd" "istio" "ipBlocks" }} +apiVersion: security.istio.io/v1beta1 +kind: AuthorizationPolicy +metadata: + name: argocd-deny-not-in-ipblocks + namespace: istio-system + labels: + {{- include "kubezero-lib.labels" . | nindent 4 }} +spec: + selector: + matchLabels: + app: istio-ingressgateway + action: DENY + rules: + - from: + - source: + notIpBlocks: + {{- toYaml .Values.istio.ipBlocks | nindent 8 }} + to: + - operation: + hosts: [{{ index .Values "argo-cd" "configs" "cm" "url" | quote }}] + when: + - key: connection.sni + values: + - '*' +{{- end }} +{{- end }} diff --git a/charts/kubezero-argo/templates/argo-cd/istio-service.yaml b/charts/kubezero-argo/templates/argo-cd/istio-service.yaml new file mode 100644 index 00000000..8f11bc59 --- /dev/null +++ b/charts/kubezero-argo/templates/argo-cd/istio-service.yaml @@ -0,0 +1,31 @@ +{{- if index .Values "argo-cd" "istio" "enabled" }} +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + name: argocd-server + namespace: {{ $.Release.Namespace }} + labels: + {{- include "kubezero-lib.labels" . | nindent 4 }} +spec: + gateways: + - {{ .Values.istio.gateway }} + hosts: + - {{ get (urlParse (index .Values "argo-cd" "configs" "cm" "url")) "host" }} + http: + - name: grpc + match: + - headers: + user-agent: + prefix: argocd-client + route: + - destination: + host: argocd-server + port: + number: 443 + - name: http + route: + - destination: + host: argocd-server + port: + number: 80 +{{- end }} diff --git a/charts/kubezero/templates/argo.yaml b/charts/kubezero/templates/argo.yaml new file mode 100644 index 00000000..8ea8c8b8 --- /dev/null +++ b/charts/kubezero/templates/argo.yaml @@ -0,0 +1,105 @@ +{{- define "argo-values" }} + +argo-cd: + enabled: {{ default "false" (index .Values "argo" "argo-cd" "enabled") }} + {{- with index .Values "argo" "argo-cd" "configs" }} + configs: + {{- toYaml . | nindent 4 }} + {{- end }} + + controller: + metrics: + enabled: {{ .Values.metrics.enabled }} + repoServer: + metrics: + enabled: {{ .Values.metrics.enabled }} + server: + metrics: + enabled: {{ .Values.metrics.enabled }} + + {{- if and ( index .Values "argo" "argo-cd" "istio" "enabled" ) .Values.istio.enabled }} + istio: + {{- with index .Values "argo" "argo-cd" "istio" }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- end }} + +argocd-apps: + projects: + kubezero: + namespace: argocd + description: KubeZero - ZeroDownTime Kubernetes Platform + sourceRepos: + - {{ .Values.kubezero.repoURL }} + {{- with .Values.kubezero.gitSync.repoURL }} + - {{ . }} + {{- end }} + destinations: + - namespace: '*' + server: https://kubernetes.default.svc + clusterResourceWhitelist: + - group: '*' + kind: '*' + applications: + kubezero-git-sync: + namespace: argocd + project: kubezero + source: + repoURL: {{ .Values.kubezero.gitSync.repoURL }} + targetRevision: {{ .Values.kubezero.gitSync.targetRevision }} + path: {{ .Values.kubezero.gitSync.path }} + + directory: + recurse: true + + destination: + server: https://kubernetes.default.svc + namespace: argocd + + {{- with .Values.kubezero.syncPolicy }} + syncPolicy: + {{- toYaml . | nindent 8 }} + {{- end }} + +argocd-image-updater: + enabled: {{ default "false" (index .Values "argo" "argocd-image-updater" "enabled") }} + + {{- with omit (index .Values "argo" "argocd-image-updater") "enabled" }} + {{- toYaml . | nindent 2 }} + {{- end }} + + {{- if .Values.global.aws }} + extraEnv: + - name: AWS_ROLE_ARN + value: "arn:aws:iam::{{ .Values.global.aws.accountId }}:role/{{ .Values.global.aws.region }}.{{ .Values.global.clusterName }}.argocd-image-updater" + - name: AWS_WEB_IDENTITY_TOKEN_FILE + value: "/var/run/secrets/sts.amazonaws.com/serviceaccount/token" + - name: AWS_STS_REGIONAL_ENDPOINTS + value: "regional" + - name: METADATA_TRIES + value: "0" + - name: AWS_REGION + value: {{ .Values.global.aws.region }} + volumes: + - name: aws-token + projected: + sources: + - serviceAccountToken: + path: token + expirationSeconds: 86400 + audience: "sts.amazonaws.com" + volumeMounts: + - name: aws-token + mountPath: "/var/run/secrets/sts.amazonaws.com/serviceaccount/" + readOnly: true + {{- end }} + + metrics: + enabled: {{ .Values.metrics.enabled }} + +{{- end }} + +{{- define "argo-argo" }} +{{- end }} + +{{ include "kubezero-app.app" . }}