docs: update support timeline
This commit is contained in:
parent
751cf663cf
commit
cfeea63555
24
README.md
24
README.md
@ -18,7 +18,7 @@ KubeZero is a Kubernetes distribution providing an integrated container platform
|
|||||||
|
|
||||||
|
|
||||||
# Version / Support Matrix
|
# Version / Support Matrix
|
||||||
KubeZero releases track the same *minor* version of Kubernetes.
|
KubeZero releases track the same *minor* version of Kubernetes.
|
||||||
Any 1.26.X-Y release of Kubezero supports any Kubernetes cluster 1.26.X.
|
Any 1.26.X-Y release of Kubezero supports any Kubernetes cluster 1.26.X.
|
||||||
|
|
||||||
KubeZero is distributed as a collection of versioned Helm charts, allowing custom upgrade schedules and module versions as needed.
|
KubeZero is distributed as a collection of versioned Helm charts, allowing custom upgrade schedules and module versions as needed.
|
||||||
@ -28,15 +28,15 @@ KubeZero is distributed as a collection of versioned Helm charts, allowing custo
|
|||||||
gantt
|
gantt
|
||||||
title KubeZero Support Timeline
|
title KubeZero Support Timeline
|
||||||
dateFormat YYYY-MM-DD
|
dateFormat YYYY-MM-DD
|
||||||
section 1.25
|
|
||||||
beta :125b, 2023-03-01, 2023-03-31
|
|
||||||
release :after 125b, 2023-08-01
|
|
||||||
section 1.26
|
|
||||||
beta :126b, 2023-06-01, 2023-06-30
|
|
||||||
release :after 126b, 2023-11-01
|
|
||||||
section 1.27
|
section 1.27
|
||||||
beta :127b, 2023-09-01, 2023-09-30
|
beta :127b, 2023-09-01, 2023-09-30
|
||||||
release :after 127b, 2024-02-01
|
release :after 127b, 2024-04-30
|
||||||
|
section 1.28
|
||||||
|
beta :128b, 2024-03-01, 2024-04-30
|
||||||
|
release :after 128b, 2023-08-31
|
||||||
|
section 1.29
|
||||||
|
beta :129b, 2024-06-01, 2024-06-30
|
||||||
|
release :after 129b, 2024-11-30
|
||||||
```
|
```
|
||||||
|
|
||||||
[Upstream release policy](https://kubernetes.io/releases/)
|
[Upstream release policy](https://kubernetes.io/releases/)
|
||||||
@ -57,7 +57,7 @@ gantt
|
|||||||
|
|
||||||
## Featured workloads
|
## Featured workloads
|
||||||
- rootless CI/CD build platform to build containers as part of a CI pipeline, using podman / fuse device plugin support
|
- rootless CI/CD build platform to build containers as part of a CI pipeline, using podman / fuse device plugin support
|
||||||
- containerized AI models via integrated out of the box support for Nvidia GPU workers as well as AWS Neuron
|
- containerized AI models via integrated out of the box support for Nvidia GPU workers as well as AWS Neuron
|
||||||
|
|
||||||
## Control plane
|
## Control plane
|
||||||
- all Kubernetes components compiled against Alpine OS using `buildmode=pie`
|
- all Kubernetes components compiled against Alpine OS using `buildmode=pie`
|
||||||
@ -85,12 +85,12 @@ gantt
|
|||||||
- CSI Snapshot controller and Gemini snapshot groups and retention
|
- CSI Snapshot controller and Gemini snapshot groups and retention
|
||||||
|
|
||||||
## Ingress
|
## Ingress
|
||||||
- AWS Network Loadbalancer and Istio Ingress controllers
|
- AWS Network Loadbalancer and Istio Ingress controllers
|
||||||
- no additional costs per exposed service
|
- no additional costs per exposed service
|
||||||
- real client source IP available to workloads via HTTP header and access logs
|
- real client source IP available to workloads via HTTP header and access logs
|
||||||
- ACME SSL Certificate handling via cert-manager incl. renewal etc.
|
- ACME SSL Certificate handling via cert-manager incl. renewal etc.
|
||||||
- support for TCP services
|
- support for TCP services
|
||||||
- optional rate limiting support
|
- optional rate limiting support
|
||||||
- optional full service mesh
|
- optional full service mesh
|
||||||
|
|
||||||
## Metrics
|
## Metrics
|
||||||
@ -104,4 +104,4 @@ gantt
|
|||||||
- flexible ElasticSearch setup, leveraging the ECK operator, for easy maintenance & minimal admin knowledge required, incl. automated backups to S3
|
- flexible ElasticSearch setup, leveraging the ECK operator, for easy maintenance & minimal admin knowledge required, incl. automated backups to S3
|
||||||
- Kibana allowing easy search and dashboards for all logs, incl. pre configured index templates and index management
|
- Kibana allowing easy search and dashboards for all logs, incl. pre configured index templates and index management
|
||||||
- [fluentd-concerter](https://git.zero-downtime.net/ZeroDownTime/container-park/src/branch/master/fluentd-concenter) service providing queuing during highload as well as additional parsing options
|
- [fluentd-concerter](https://git.zero-downtime.net/ZeroDownTime/container-park/src/branch/master/fluentd-concenter) service providing queuing during highload as well as additional parsing options
|
||||||
- lightweight fluent-bit agents on each node requiring minimal resources forwarding logs secure via TLS to fluentd-concenter
|
- lightweight fluent-bit agents on each node requiring minimal resources forwarding logs secure via TLS to fluentd-concenter
|
||||||
|
9
charts/kubezero-argo/dashboards.yaml
Normal file
9
charts/kubezero-argo/dashboards.yaml
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
configmap: grafana-dashboards
|
||||||
|
gzip: true
|
||||||
|
condition: 'index .Values "argo-cd" "controller" "metrics" "enabled"'
|
||||||
|
folder: KubeZero
|
||||||
|
dashboards:
|
||||||
|
- name: ArgoCD
|
||||||
|
url: https://grafana.com/api/dashboards/14584/revisions/1/download
|
||||||
|
tags:
|
||||||
|
- ArgoCD
|
File diff suppressed because one or more lines are too long
@ -0,0 +1,28 @@
|
|||||||
|
{{- if index .Values "argo-cd" "istio" "enabled" }}
|
||||||
|
{{- if index .Values "argo-cd" "istio" "ipBlocks" }}
|
||||||
|
apiVersion: security.istio.io/v1beta1
|
||||||
|
kind: AuthorizationPolicy
|
||||||
|
metadata:
|
||||||
|
name: argocd-deny-not-in-ipblocks
|
||||||
|
namespace: istio-system
|
||||||
|
labels:
|
||||||
|
{{- include "kubezero-lib.labels" . | nindent 4 }}
|
||||||
|
spec:
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
app: istio-ingressgateway
|
||||||
|
action: DENY
|
||||||
|
rules:
|
||||||
|
- from:
|
||||||
|
- source:
|
||||||
|
notIpBlocks:
|
||||||
|
{{- toYaml .Values.istio.ipBlocks | nindent 8 }}
|
||||||
|
to:
|
||||||
|
- operation:
|
||||||
|
hosts: [{{ index .Values "argo-cd" "configs" "cm" "url" | quote }}]
|
||||||
|
when:
|
||||||
|
- key: connection.sni
|
||||||
|
values:
|
||||||
|
- '*'
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
31
charts/kubezero-argo/templates/argo-cd/istio-service.yaml
Normal file
31
charts/kubezero-argo/templates/argo-cd/istio-service.yaml
Normal file
@ -0,0 +1,31 @@
|
|||||||
|
{{- if index .Values "argo-cd" "istio" "enabled" }}
|
||||||
|
apiVersion: networking.istio.io/v1alpha3
|
||||||
|
kind: VirtualService
|
||||||
|
metadata:
|
||||||
|
name: argocd-server
|
||||||
|
namespace: {{ $.Release.Namespace }}
|
||||||
|
labels:
|
||||||
|
{{- include "kubezero-lib.labels" . | nindent 4 }}
|
||||||
|
spec:
|
||||||
|
gateways:
|
||||||
|
- {{ .Values.istio.gateway }}
|
||||||
|
hosts:
|
||||||
|
- {{ get (urlParse (index .Values "argo-cd" "configs" "cm" "url")) "host" }}
|
||||||
|
http:
|
||||||
|
- name: grpc
|
||||||
|
match:
|
||||||
|
- headers:
|
||||||
|
user-agent:
|
||||||
|
prefix: argocd-client
|
||||||
|
route:
|
||||||
|
- destination:
|
||||||
|
host: argocd-server
|
||||||
|
port:
|
||||||
|
number: 443
|
||||||
|
- name: http
|
||||||
|
route:
|
||||||
|
- destination:
|
||||||
|
host: argocd-server
|
||||||
|
port:
|
||||||
|
number: 80
|
||||||
|
{{- end }}
|
105
charts/kubezero/templates/argo.yaml
Normal file
105
charts/kubezero/templates/argo.yaml
Normal file
@ -0,0 +1,105 @@
|
|||||||
|
{{- define "argo-values" }}
|
||||||
|
|
||||||
|
argo-cd:
|
||||||
|
enabled: {{ default "false" (index .Values "argo" "argo-cd" "enabled") }}
|
||||||
|
{{- with index .Values "argo" "argo-cd" "configs" }}
|
||||||
|
configs:
|
||||||
|
{{- toYaml . | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
controller:
|
||||||
|
metrics:
|
||||||
|
enabled: {{ .Values.metrics.enabled }}
|
||||||
|
repoServer:
|
||||||
|
metrics:
|
||||||
|
enabled: {{ .Values.metrics.enabled }}
|
||||||
|
server:
|
||||||
|
metrics:
|
||||||
|
enabled: {{ .Values.metrics.enabled }}
|
||||||
|
|
||||||
|
{{- if and ( index .Values "argo" "argo-cd" "istio" "enabled" ) .Values.istio.enabled }}
|
||||||
|
istio:
|
||||||
|
{{- with index .Values "argo" "argo-cd" "istio" }}
|
||||||
|
{{- toYaml . | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
argocd-apps:
|
||||||
|
projects:
|
||||||
|
kubezero:
|
||||||
|
namespace: argocd
|
||||||
|
description: KubeZero - ZeroDownTime Kubernetes Platform
|
||||||
|
sourceRepos:
|
||||||
|
- {{ .Values.kubezero.repoURL }}
|
||||||
|
{{- with .Values.kubezero.gitSync.repoURL }}
|
||||||
|
- {{ . }}
|
||||||
|
{{- end }}
|
||||||
|
destinations:
|
||||||
|
- namespace: '*'
|
||||||
|
server: https://kubernetes.default.svc
|
||||||
|
clusterResourceWhitelist:
|
||||||
|
- group: '*'
|
||||||
|
kind: '*'
|
||||||
|
applications:
|
||||||
|
kubezero-git-sync:
|
||||||
|
namespace: argocd
|
||||||
|
project: kubezero
|
||||||
|
source:
|
||||||
|
repoURL: {{ .Values.kubezero.gitSync.repoURL }}
|
||||||
|
targetRevision: {{ .Values.kubezero.gitSync.targetRevision }}
|
||||||
|
path: {{ .Values.kubezero.gitSync.path }}
|
||||||
|
|
||||||
|
directory:
|
||||||
|
recurse: true
|
||||||
|
|
||||||
|
destination:
|
||||||
|
server: https://kubernetes.default.svc
|
||||||
|
namespace: argocd
|
||||||
|
|
||||||
|
{{- with .Values.kubezero.syncPolicy }}
|
||||||
|
syncPolicy:
|
||||||
|
{{- toYaml . | nindent 8 }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
argocd-image-updater:
|
||||||
|
enabled: {{ default "false" (index .Values "argo" "argocd-image-updater" "enabled") }}
|
||||||
|
|
||||||
|
{{- with omit (index .Values "argo" "argocd-image-updater") "enabled" }}
|
||||||
|
{{- toYaml . | nindent 2 }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{- if .Values.global.aws }}
|
||||||
|
extraEnv:
|
||||||
|
- name: AWS_ROLE_ARN
|
||||||
|
value: "arn:aws:iam::{{ .Values.global.aws.accountId }}:role/{{ .Values.global.aws.region }}.{{ .Values.global.clusterName }}.argocd-image-updater"
|
||||||
|
- name: AWS_WEB_IDENTITY_TOKEN_FILE
|
||||||
|
value: "/var/run/secrets/sts.amazonaws.com/serviceaccount/token"
|
||||||
|
- name: AWS_STS_REGIONAL_ENDPOINTS
|
||||||
|
value: "regional"
|
||||||
|
- name: METADATA_TRIES
|
||||||
|
value: "0"
|
||||||
|
- name: AWS_REGION
|
||||||
|
value: {{ .Values.global.aws.region }}
|
||||||
|
volumes:
|
||||||
|
- name: aws-token
|
||||||
|
projected:
|
||||||
|
sources:
|
||||||
|
- serviceAccountToken:
|
||||||
|
path: token
|
||||||
|
expirationSeconds: 86400
|
||||||
|
audience: "sts.amazonaws.com"
|
||||||
|
volumeMounts:
|
||||||
|
- name: aws-token
|
||||||
|
mountPath: "/var/run/secrets/sts.amazonaws.com/serviceaccount/"
|
||||||
|
readOnly: true
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
metrics:
|
||||||
|
enabled: {{ .Values.metrics.enabled }}
|
||||||
|
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{- define "argo-argo" }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{ include "kubezero-app.app" . }}
|
Loading…
Reference in New Issue
Block a user