diff --git a/charts/kubezero-kiam/Chart.yaml b/charts/kubezero-kiam/Chart.yaml index 30afad95..812628f2 100644 --- a/charts/kubezero-kiam/Chart.yaml +++ b/charts/kubezero-kiam/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: kubezero-kiam description: KubeZero Umbrella Chart for Kiam type: application -version: 0.2.9 +version: 0.2.10 appVersion: 3.6 home: https://kubezero.com icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png @@ -18,4 +18,5 @@ dependencies: - name: kiam version: 5.8.1 repository: https://uswitch.github.io/kiam-helm-charts/charts/ + condition: kiam.enabled kubeVersion: ">= 1.16.0" diff --git a/charts/kubezero-kiam/values.yaml b/charts/kubezero-kiam/values.yaml index 07b95e01..866680b3 100644 --- a/charts/kubezero-kiam/values.yaml +++ b/charts/kubezero-kiam/values.yaml @@ -1,4 +1,5 @@ kiam: + enabled: false server: image: tag: "v3.6" diff --git a/deploy/deploy.sh b/deploy/deploy.sh index 2961135b..b1ea4e90 100755 --- a/deploy/deploy.sh +++ b/deploy/deploy.sh @@ -40,8 +40,8 @@ else EOF fi - # Deploy initial argo-cad - helm template $DEPLOY_DIR -f values.yaml -f cloudbender.yaml --set kiam.not_ready=true --set cert-manager.not_ready=true --set istio.enabled=false --set metrics.enabled=false --set logging.enabled=false > generated-values.yaml + # Deploy initial argocd + helm template $DEPLOY_DIR -f values.yaml -f cloudbender.yaml -f $DEPLOY_DIR/values-step-1.yaml > generated-values.yaml helm install -n argocd kubezero kubezero/kubezero-argo-cd --create-namespace -f generated-values.yaml # Wait for argocd-server to be running kubectl rollout status deployment -n argocd kubezero-argocd-server @@ -55,7 +55,7 @@ EOF if [ -f cert-manager-backup.yaml ]; then kubectl apply -f cert-manager-backup.yaml else - helm template $DEPLOY_DIR -f values.yaml -f cloudbender.yaml --set kiam.not_ready=true --set istio.enabled=false --set metrics.enabled=false --set logging.enabled=false > generated-values.yaml + helm template $DEPLOY_DIR -f values.yaml -f cloudbender.yaml -f $DEPLOY_DIR/values-step-2.yaml > generated-values.yaml helm upgrade -n argocd kubezero kubezero/kubezero-argo-cd -f generated-values.yaml wait_for kubectl get Issuer -n kube-system kubezero-local-ca-issuer 2>/dev/null 1>&2 wait_for kubectl get ClusterIssuer letsencrypt-dns-prod 2>/dev/null 1>&2 @@ -64,17 +64,17 @@ EOF fi # Now that we have the cert-manager webhook, get the kiam certs in place but do NOT deploy kiam yet - helm template $DEPLOY_DIR -f values.yaml -f cloudbender.yaml --set kiam.not_ready=true --set kiam.enabled=false --set istio.enabled=false --set metrics.enabled=false --set logging.enabled=false > generated-values.yaml + helm template $DEPLOY_DIR -f values.yaml -f cloudbender.yaml -f $DEPLOY_DIR/values-step-3.yaml > generated-values.yaml helm upgrade -n argocd kubezero kubezero/kubezero-argo-cd -f generated-values.yaml # Now lets make sure kiam is working - helm template $DEPLOY_DIR -f values.yaml -f cloudbender.yaml --set kiam.not_ready=true --set istio.enabled=false --set metrics.enabled=false --set logging.enabled=false > generated-values.yaml + helm template $DEPLOY_DIR -f values.yaml -f cloudbender.yaml -f $DEPLOY_DIR/values-step-4.yaml > generated-values.yaml helm upgrade -n argocd kubezero kubezero/kubezero-argo-cd -f generated-values.yaml wait_for kubectl get daemonset -n kube-system kiam-agent 2>/dev/null 1>&2 kubectl rollout status daemonset -n kube-system kiam-agent # Install Istio if enabled, but keep ArgoCD istio support disabled for now in case - helm template $DEPLOY_DIR -f values.yaml -f cloudbender.yaml --set argo-cd.istio.enabled=false --set metrics.istio.prometheus.enabled=false --set metrics.istio.grafana.enabled=false > generated-values.yaml + helm template $DEPLOY_DIR -f values.yaml -f cloudbender.yaml -f $DEPLOY_DIR/values-step-5.yaml > generated-values.yaml helm upgrade -n argocd kubezero kubezero/kubezero-argo-cd -f generated-values.yaml wait_for kubectl get deployment -n istio-operator istio-operator 2>/dev/null 1>&2 kubectl rollout status deployment -n istio-operator istio-operator diff --git a/deploy/templates/values.yaml b/deploy/templates/values.yaml index bc5af0d1..cb14d44f 100644 --- a/deploy/templates/values.yaml +++ b/deploy/templates/values.yaml @@ -8,12 +8,12 @@ kubezero: values: network: {{ default "vxlan" .Values.calico.network }} mtu: {{ default "8941" .Values.calico.mtu }} - prometheus: {{ .Values.metrics.enabled }} + prometheus: {{ .Values.metrics.ready }} cert-manager: enabled: {{ index .Values "cert-manager" "enabled" }} values: # Disable all until webhook is in place - {{- if index .Values "cert-manager" "not_ready" }} + {{- if not ( index .Values "cert-manager" "ready" ) }} localCA: enabled: false {{- end }} @@ -23,7 +23,7 @@ kubezero: iam.amazonaws.com/role: "{{ index .Values "cert-manager" "IamArn" }}" {{- end }} - {{- if not .Values.kiam.not_ready }} + {{- if .Values.kiam.ready }} clusterIssuer: name: letsencrypt-dns-prod server: https://acme-v02.api.letsencrypt.org/directory @@ -47,25 +47,24 @@ kubezero: {{- if eq .Values.platform "aws" }} - {{- if not ( index .Values "cert-manager" "not_ready" ) }} kiam: enabled: {{ .Values.kiam.enabled }} values: kiam: + enabled: {{ ( not .Values.kiam.certsOnly ) }} server: assumeRoleArn: "{{ .Values.kiam.IamArn }}" deployment: replicas: {{ ternary 2 1 .Values.HighAvailableControlplane }} prometheus: servicemonitor: - enabled: {{ .Values.metrics.enabled }} + enabled: {{ .Values.metrics.ready }} agent: prometheus: servicemonitor: - enabled: {{ .Values.metrics.enabled }} - {{- end }} + enabled: {{ .Values.metrics.ready }} - {{- if not .Values.kiam.not_ready }} + {{- if .Values.kiam.ready }} # AWS only components aws-ebs-csi-driver: enabled: {{ index .Values "aws-ebs-csi-driver" "enabled" }} @@ -95,7 +94,7 @@ kubezero: values: istiod: replicaCount: {{ ternary 2 1 .Values.HighAvailableControlplane }} - {{- if not ( index .Values "cert-manager" "not_ready" ) }} + {{- if index .Values "cert-manager" "ready" }} {{- if .Values.istio.ingress }} ingress: {{- toYaml .Values.istio.ingress | nindent 8 }} @@ -103,16 +102,16 @@ kubezero: {{- end }} metrics: - enabled: {{ .Values.metrics.enabled }} + enabled: {{ .Values.metrics.ready }} values: - {{- if and .Values.metrics.istio.grafana.enabled .Values.istio.enabled }} + {{- if and .Values.metrics.istio.grafana.enabled .Values.istio.ready }} grafana: istio: {{- with .Values.metrics.istio.grafana }} {{- toYaml . | nindent 10 }} {{- end }} {{- end }} - {{- if and .Values.metrics.istio.prometheus.enabled .Values.istio.enabled }} + {{- if and .Values.metrics.istio.prometheus.enabled .Values.istio.ready }} prometheus: istio: {{- with .Values.metrics.istio.prometheus }} @@ -149,7 +148,7 @@ kubezero: {{- toYaml . | nindent 8 }} {{- end }} {{- end }} - prometheus: {{ .Values.metrics.enabled }} + prometheus: {{ .Values.metrics.ready }} {{- if .Values.logging.es.s3Snapshot }} s3Snapshot: @@ -169,9 +168,9 @@ kubezero: fluentd: enabled: {{ .Values.logging.fluentd.enabled }} metrics: - enabled: {{ .Values.metrics.enabled }} + enabled: {{ .Values.metrics.ready }} url: {{ .Values.logging.fluentd.url }} - {{- if and .Values.logging.fluentd.istio .Values.istio.enabled }} + {{- if and .Values.logging.fluentd.istio .Values.istio.ready }} istio: {{- with .Values.logging.fluentd.istio }} {{- toYaml . | nindent 10 }} @@ -181,7 +180,7 @@ kubezero: fluent-bit: enabled: {{ index .Values.logging "fluent-bit" "enabled" }} metrics: - enabled: {{ .Values.metrics.enabled }} + enabled: {{ .Values.metrics.ready }} {{- if index .Values.logging "fluent-bit" "config" }} config: {{- with index .Values.logging "fluent-bit" "config" }} @@ -192,13 +191,13 @@ kubezero: argo-cd: controller: metrics: - enabled: {{ .Values.metrics.enabled }} + enabled: {{ .Values.metrics.ready }} repoServer: metrics: - enabled: {{ .Values.metrics.enabled }} + enabled: {{ .Values.metrics.ready }} server: metrics: - enabled: {{ .Values.metrics.enabled }} + enabled: {{ .Values.metrics.ready }} {{- with index .Values "argo-cd" "server" }} {{- toYaml . | nindent 4 }} {{- end }} @@ -206,7 +205,7 @@ argo-cd: configs: {{- toYaml . | nindent 4 }} {{- end }} - {{- if and ( index .Values "argo-cd" "istio" "enabled" ) .Values.istio.enabled }} + {{- if and ( index .Values "argo-cd" "istio" "enabled" ) .Values.istio.ready }} istio: {{- with index .Values "argo-cd" "istio" }} {{- toYaml . | nindent 4 }} diff --git a/deploy/values-step-1.yaml b/deploy/values-step-1.yaml new file mode 100644 index 00000000..4a78cef2 --- /dev/null +++ b/deploy/values-step-1.yaml @@ -0,0 +1,17 @@ +kiam: + enabled: false + ready: false + +cert-manager: + ready: false + +istio: + enabled: false + ready: false + +metrics: + enabled: false + ready: false + +logging: + enabled: false diff --git a/deploy/values-step-2.yaml b/deploy/values-step-2.yaml new file mode 100644 index 00000000..23ee9418 --- /dev/null +++ b/deploy/values-step-2.yaml @@ -0,0 +1,17 @@ +kiam: + enabled: false + ready: false + +cert-manager: + ready: true + +istio: + enabled: false + ready: false + +metrics: + enabled: false + ready: false + +logging: + enabled: false diff --git a/deploy/values-step-3.yaml b/deploy/values-step-3.yaml new file mode 100644 index 00000000..c5522496 --- /dev/null +++ b/deploy/values-step-3.yaml @@ -0,0 +1,17 @@ +kiam: + certsOnly: true + ready: false + +cert-manager: + ready: true + +istio: + enabled: false + ready: false + +metrics: + enabled: false + ready: false + +logging: + enabled: false diff --git a/deploy/values-step-4.yaml b/deploy/values-step-4.yaml new file mode 100644 index 00000000..4091229e --- /dev/null +++ b/deploy/values-step-4.yaml @@ -0,0 +1,16 @@ +kiam: + ready: false + +cert-manager: + ready: true + +istio: + enabled: false + ready: false + +metrics: + enabled: false + ready: false + +logging: + enabled: false diff --git a/deploy/values-step-5.yaml b/deploy/values-step-5.yaml new file mode 100644 index 00000000..d37a3c3b --- /dev/null +++ b/deploy/values-step-5.yaml @@ -0,0 +1,6 @@ +istio: + ready: false + +metrics: + enabled: false + ready: false