From e991e7247aced37f3413dfb38abc791b24197d17 Mon Sep 17 00:00:00 2001 From: Stefan Reimer Date: Fri, 5 Mar 2021 18:18:45 +0100 Subject: [PATCH] Initial aws-node-termination still disabled, local-volume tweaks for new tag layout --- .../templates/KubeletConfiguration.yaml | 5 ++- .../Chart.yaml | 23 ++++++++++ .../README.md | 42 +++++++++++++++++++ .../README.md.gotmpl | 27 ++++++++++++ .../values.yaml | 19 +++++++++ .../Chart.yaml | 2 +- .../values.yaml | 9 +++- charts/kubezero/templates/argoless.yaml | 2 +- .../aws-node-termination-handler.yaml | 17 ++++++++ charts/kubezero/templates/logging.yaml | 1 + charts/kubezero/values.yaml | 3 ++ 11 files changed, 144 insertions(+), 6 deletions(-) create mode 100644 charts/kubezero-aws-node-termination-handler/Chart.yaml create mode 100644 charts/kubezero-aws-node-termination-handler/README.md create mode 100644 charts/kubezero-aws-node-termination-handler/README.md.gotmpl create mode 100644 charts/kubezero-aws-node-termination-handler/values.yaml create mode 100644 charts/kubezero/templates/aws-node-termination-handler.yaml diff --git a/charts/kubeadm/templates/KubeletConfiguration.yaml b/charts/kubeadm/templates/KubeletConfiguration.yaml index 442e4bf4..eaa960f0 100644 --- a/charts/kubeadm/templates/KubeletConfiguration.yaml +++ b/charts/kubeadm/templates/KubeletConfiguration.yaml @@ -16,12 +16,13 @@ eventRecordQPS: 0 # tlsCertFile: /var/lib/kubelet/pki/kubelet.crt # tlsPrivateKeyFile: /var/lib/kubelet/pki/kubelet.key tlsCipherSuites: [TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_GCM_SHA256] -{{- if eq .Values.platform "aws" }} featureGates: + CustomCPUCFSQuotaPeriod: true +{{- if eq .Values.platform "aws" }} CSIMigrationAWS: true CSIMigrationAWSComplete: true - CustomCPUCFSQuotaPeriod: true {{- end }} kubeReserved: cpu: 50m memory: 128m +# cpuCFSQuotaPeriod: 10ms diff --git a/charts/kubezero-aws-node-termination-handler/Chart.yaml b/charts/kubezero-aws-node-termination-handler/Chart.yaml new file mode 100644 index 00000000..93f9bace --- /dev/null +++ b/charts/kubezero-aws-node-termination-handler/Chart.yaml @@ -0,0 +1,23 @@ +apiVersion: v2 +name: kubezero-aws-node-termination-handler +description: Umbrella chart for all KubeZero AWS addons +type: application +version: 0.1.0 +home: https://kubezero.com +icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png +keywords: + - kubezero + - kiam + - aws-ebs-csi-driver + - aws-efs-csi-driver + - aws-node-termination-handler +maintainers: + - name: Quarky9 +dependencies: + - name: kubezero-lib + version: ">= 0.1.3" + repository: https://zero-down-time.github.io/kubezero/ + - name: aws-node-termination-handler + version: ">= 0.13.3" + repository: https://aws.github.io/eks-charts +kubeVersion: ">= 1.18.0" diff --git a/charts/kubezero-aws-node-termination-handler/README.md b/charts/kubezero-aws-node-termination-handler/README.md new file mode 100644 index 00000000..a09236e8 --- /dev/null +++ b/charts/kubezero-aws-node-termination-handler/README.md @@ -0,0 +1,42 @@ +# kubezero-local-volume-provisioner + +![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.3.4](https://img.shields.io/badge/AppVersion-2.3.4-informational?style=flat-square) + +KubeZero Umbrella Chart for local-static-provisioner + +Provides persistent volumes backed by local volumes, eg. additional SSDs or spindles. + +**Homepage:** + +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| Quarky9 | | | + +## Requirements + +Kubernetes: `>= 1.16.0` + +| Repository | Name | Version | +|------------|------|---------| +| https://zero-down-time.github.io/kubezero/ | kubezero-lib | >= 0.1.3 | + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| local-static-provisioner.classes[0].hostDir | string | `"/mnt/disks"` | | +| local-static-provisioner.classes[0].name | string | `"local-sc-xfs"` | | +| local-static-provisioner.common.namespace | string | `"kube-system"` | | +| local-static-provisioner.daemonset.nodeSelector."node.kubernetes.io/localVolume" | string | `"present"` | | +| local-static-provisioner.prometheus.operator.enabled | bool | `false` | | + +## KubeZero default configuration + +- add nodeSelector to only install on nodes actually having ephemeral local storage +- provide matching storage class to expose mounted disks under `/mnt/disks` + +## Resources + +- https://github.com/kubernetes-sigs/sig-storage-local-static-provisioner diff --git a/charts/kubezero-aws-node-termination-handler/README.md.gotmpl b/charts/kubezero-aws-node-termination-handler/README.md.gotmpl new file mode 100644 index 00000000..c236518a --- /dev/null +++ b/charts/kubezero-aws-node-termination-handler/README.md.gotmpl @@ -0,0 +1,27 @@ +{{ template "chart.header" . }} +{{ template "chart.deprecationWarning" . }} + +{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }} + +{{ template "chart.description" . }} + +{{ template "chart.homepageLine" . }} + +{{ template "chart.maintainersSection" . }} + +{{ template "chart.sourcesSection" . }} + +{{ template "chart.requirementsSection" . }} + +{{ template "chart.valuesSection" . }} + +## KubeZero default configuration + +- enable SQS Mode +- allow draining of localdata +- enable prometheus + +## Resources + +- https://github.com/aws/aws-node-termination-handler +- https://github.com/aws/eks-charts/tree/master/stable/aws-node-termination-handler diff --git a/charts/kubezero-aws-node-termination-handler/values.yaml b/charts/kubezero-aws-node-termination-handler/values.yaml new file mode 100644 index 00000000..02e5a7d0 --- /dev/null +++ b/charts/kubezero-aws-node-termination-handler/values.yaml @@ -0,0 +1,19 @@ +aws-node-termination-handler: + enableSqsTerminationDraining: true + # queueURL: + deleteLocalData: true + taintNode: true + + enablePrometheusServer: false + podMonitor: + create: false + labels: + release: metrics + + jsonLogging: true + + tolerations: + - key: node-role.kubernetes.io/master + effect: NoSchedule + nodeSelector: + node-role.kubernetes.io/master: "" diff --git a/charts/kubezero-local-volume-provisioner/Chart.yaml b/charts/kubezero-local-volume-provisioner/Chart.yaml index 303887f3..35b4a86d 100644 --- a/charts/kubezero-local-volume-provisioner/Chart.yaml +++ b/charts/kubezero-local-volume-provisioner/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: kubezero-local-volume-provisioner description: KubeZero Umbrella Chart for local-static-provisioner type: application -version: 0.1.0 +version: 0.1.1 appVersion: 2.3.4 home: https://kubezero.com icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png diff --git a/charts/kubezero-local-volume-provisioner/values.yaml b/charts/kubezero-local-volume-provisioner/values.yaml index c01ce934..7d60c09c 100644 --- a/charts/kubezero-local-volume-provisioner/values.yaml +++ b/charts/kubezero-local-volume-provisioner/values.yaml @@ -5,8 +5,13 @@ local-static-provisioner: - name: local-sc-xfs hostDir: /mnt/disks daemonset: - nodeSelector: - node.kubernetes.io/localVolume: present + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: node.kubernetes.io/localVolumes + operator: Exists prometheus: operator: enabled: false diff --git a/charts/kubezero/templates/argoless.yaml b/charts/kubezero/templates/argoless.yaml index 09a4ced7..229f6b4c 100644 --- a/charts/kubezero/templates/argoless.yaml +++ b/charts/kubezero/templates/argoless.yaml @@ -1,6 +1,6 @@ {{- if not .Values.argo }} -{{- $artifacts := list "calico" "cert-manager" "kiam" "aws-ebs-csi-driver" "aws-efs-csi-driver" "local-volume-provisioner" "local-path-provisioner" "istio" "istio-ingress" "metrics" "logging" "argocd" }} +{{- $artifacts := list "calico" "cert-manager" "kiam" "aws-node-termination-handler" "aws-ebs-csi-driver" "aws-efs-csi-driver" "local-volume-provisioner" "local-path-provisioner" "istio" "istio-ingress" "metrics" "logging" "argocd" }} {{- if .Values.global }} global: diff --git a/charts/kubezero/templates/aws-node-termination-handler.yaml b/charts/kubezero/templates/aws-node-termination-handler.yaml new file mode 100644 index 00000000..a1dfe69a --- /dev/null +++ b/charts/kubezero/templates/aws-node-termination-handler.yaml @@ -0,0 +1,17 @@ +{{- define "aws-node-termination-handler-values" }} + +aws-node-termination-handler: +{{- with index .Values "aws-node-termination-handler" "queueURL" }} + queueURL: "{{ . }}" +{{- end }} +{{ with index .Values "aws-node-termination-handler" "IamArn" }} + podAnnotations: + iam.amazonaws.com/role: "{{ . }}" +{{- end }} + +{{- end }} + +{{- define "aws-node-termination-handler-argo" }} +{{- end }} + +{{ include "kubezero-app.app" . }} diff --git a/charts/kubezero/templates/logging.yaml b/charts/kubezero/templates/logging.yaml index 8b1f93ff..2a654bc5 100644 --- a/charts/kubezero/templates/logging.yaml +++ b/charts/kubezero/templates/logging.yaml @@ -96,6 +96,7 @@ fluent-bit: - /webhooks/5/clientConfig/caBundle - /webhooks/6/clientConfig/caBundle - /webhooks/7/clientConfig/caBundle + - /webhooks/8/clientConfig/caBundle - group: apiextensions.k8s.io kind: CustomResourceDefinition jsonPointers: diff --git a/charts/kubezero/values.yaml b/charts/kubezero/values.yaml index f034c88d..bf9be049 100644 --- a/charts/kubezero/values.yaml +++ b/charts/kubezero/values.yaml @@ -22,6 +22,9 @@ cert-manager: kiam: enabled: false +aws-node-termination-handler: + enabled: false + local-volume-provisioner: enabled: false