ZeroDownTime/KubeZero
3
0
Fork 0
Code Issues 1 Pull Requests 25 Packages Projects Releases Wiki Activity

Latest deploy bootstrap tweaks

Browse Source
This commit is contained in:
Stefan Reimer 2020-09-14 15:24:40 +01:00
parent 189899c296
commit f9770ce483
9 changed files with 101 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
charts/kubezero-kiam/Chart.yaml
View File

@ -2,7 +2,7 @@ apiVersion: v2
name: kubezero-kiam name: kubezero-kiam
description: KubeZero Umbrella Chart for Kiam description: KubeZero Umbrella Chart for Kiam
type: application type: application
version: 0.2.9 version: 0.2.10
appVersion: 3.6 appVersion: 3.6
home: https://kubezero.com home: https://kubezero.com
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
@ -18,4 +18,5 @@ dependencies:
- name: kiam - name: kiam
version: 5.8.1 version: 5.8.1
repository: https://uswitch.github.io/kiam-helm-charts/charts/ repository: https://uswitch.github.io/kiam-helm-charts/charts/
condition: kiam.enabled
kubeVersion: ">= 1.16.0" kubeVersion: ">= 1.16.0"

1
charts/kubezero-kiam/values.yaml
View File

@ -1,4 +1,5 @@
kiam: kiam:
enabled: false
server: server:
image: image:
tag: "v3.6" tag: "v3.6"

12
deploy/deploy.sh
View File

@ -40,8 +40,8 @@ else
EOF EOF
fi fi
# Deploy initial argo-cad # Deploy initial argocd
helm template $DEPLOY_DIR -f values.yaml -f cloudbender.yaml --set kiam.not_ready=true --set cert-manager.not_ready=true --set istio.enabled=false --set metrics.enabled=false --set logging.enabled=false > generated-values.yaml helm template $DEPLOY_DIR -f values.yaml -f cloudbender.yaml -f $DEPLOY_DIR/values-step-1.yaml > generated-values.yaml
helm install -n argocd kubezero kubezero/kubezero-argo-cd --create-namespace -f generated-values.yaml helm install -n argocd kubezero kubezero/kubezero-argo-cd --create-namespace -f generated-values.yaml
# Wait for argocd-server to be running # Wait for argocd-server to be running
kubectl rollout status deployment -n argocd kubezero-argocd-server kubectl rollout status deployment -n argocd kubezero-argocd-server
@ -55,7 +55,7 @@ EOF
if [ -f cert-manager-backup.yaml ]; then if [ -f cert-manager-backup.yaml ]; then
kubectl apply -f cert-manager-backup.yaml kubectl apply -f cert-manager-backup.yaml
else else
helm template $DEPLOY_DIR -f values.yaml -f cloudbender.yaml --set kiam.not_ready=true --set istio.enabled=false --set metrics.enabled=false --set logging.enabled=false > generated-values.yaml helm template $DEPLOY_DIR -f values.yaml -f cloudbender.yaml -f $DEPLOY_DIR/values-step-2.yaml > generated-values.yaml
helm upgrade -n argocd kubezero kubezero/kubezero-argo-cd -f generated-values.yaml helm upgrade -n argocd kubezero kubezero/kubezero-argo-cd -f generated-values.yaml
wait_for kubectl get Issuer -n kube-system kubezero-local-ca-issuer 2>/dev/null 1>&2 wait_for kubectl get Issuer -n kube-system kubezero-local-ca-issuer 2>/dev/null 1>&2
wait_for kubectl get ClusterIssuer letsencrypt-dns-prod 2>/dev/null 1>&2 wait_for kubectl get ClusterIssuer letsencrypt-dns-prod 2>/dev/null 1>&2
@ -64,17 +64,17 @@ EOF
fi fi
# Now that we have the cert-manager webhook, get the kiam certs in place but do NOT deploy kiam yet # Now that we have the cert-manager webhook, get the kiam certs in place but do NOT deploy kiam yet
helm template $DEPLOY_DIR -f values.yaml -f cloudbender.yaml --set kiam.not_ready=true --set kiam.enabled=false --set istio.enabled=false --set metrics.enabled=false --set logging.enabled=false > generated-values.yaml helm template $DEPLOY_DIR -f values.yaml -f cloudbender.yaml -f $DEPLOY_DIR/values-step-3.yaml > generated-values.yaml
helm upgrade -n argocd kubezero kubezero/kubezero-argo-cd -f generated-values.yaml helm upgrade -n argocd kubezero kubezero/kubezero-argo-cd -f generated-values.yaml
# Now lets make sure kiam is working # Now lets make sure kiam is working
helm template $DEPLOY_DIR -f values.yaml -f cloudbender.yaml --set kiam.not_ready=true --set istio.enabled=false --set metrics.enabled=false --set logging.enabled=false > generated-values.yaml helm template $DEPLOY_DIR -f values.yaml -f cloudbender.yaml -f $DEPLOY_DIR/values-step-4.yaml > generated-values.yaml
helm upgrade -n argocd kubezero kubezero/kubezero-argo-cd -f generated-values.yaml helm upgrade -n argocd kubezero kubezero/kubezero-argo-cd -f generated-values.yaml
wait_for kubectl get daemonset -n kube-system kiam-agent 2>/dev/null 1>&2 wait_for kubectl get daemonset -n kube-system kiam-agent 2>/dev/null 1>&2
kubectl rollout status daemonset -n kube-system kiam-agent kubectl rollout status daemonset -n kube-system kiam-agent
# Install Istio if enabled, but keep ArgoCD istio support disabled for now in case # Install Istio if enabled, but keep ArgoCD istio support disabled for now in case
helm template $DEPLOY_DIR -f values.yaml -f cloudbender.yaml --set argo-cd.istio.enabled=false --set metrics.istio.prometheus.enabled=false --set metrics.istio.grafana.enabled=false > generated-values.yaml helm template $DEPLOY_DIR -f values.yaml -f cloudbender.yaml -f $DEPLOY_DIR/values-step-5.yaml > generated-values.yaml
helm upgrade -n argocd kubezero kubezero/kubezero-argo-cd -f generated-values.yaml helm upgrade -n argocd kubezero kubezero/kubezero-argo-cd -f generated-values.yaml
wait_for kubectl get deployment -n istio-operator istio-operator 2>/dev/null 1>&2 wait_for kubectl get deployment -n istio-operator istio-operator 2>/dev/null 1>&2
kubectl rollout status deployment -n istio-operator istio-operator kubectl rollout status deployment -n istio-operator istio-operator

39
deploy/templates/values.yaml
View File

@ -8,12 +8,12 @@ kubezero:
values: values:
network: {{ default "vxlan" .Values.calico.network }} network: {{ default "vxlan" .Values.calico.network }}
mtu: {{ default "8941" .Values.calico.mtu }} mtu: {{ default "8941" .Values.calico.mtu }}
prometheus: {{ .Values.metrics.enabled }} prometheus: {{ .Values.metrics.ready }}
cert-manager: cert-manager:
enabled: {{ index .Values "cert-manager" "enabled" }} enabled: {{ index .Values "cert-manager" "enabled" }}
values: values:
# Disable all until webhook is in place # Disable all until webhook is in place
{{- if index .Values "cert-manager" "not_ready" }} {{- if not ( index .Values "cert-manager" "ready" ) }}
localCA: localCA:
enabled: false enabled: false
{{- end }} {{- end }}
@ -23,7 +23,7 @@ kubezero:
iam.amazonaws.com/role: "{{ index .Values "cert-manager" "IamArn" }}" iam.amazonaws.com/role: "{{ index .Values "cert-manager" "IamArn" }}"
{{- end }} {{- end }}
{{- if not .Values.kiam.not_ready }} {{- if .Values.kiam.ready }}
clusterIssuer: clusterIssuer:
name: letsencrypt-dns-prod name: letsencrypt-dns-prod
server: https://acme-v02.api.letsencrypt.org/directory server: https://acme-v02.api.letsencrypt.org/directory
@ -47,25 +47,24 @@ kubezero:
{{- if eq .Values.platform "aws" }} {{- if eq .Values.platform "aws" }}
{{- if not ( index .Values "cert-manager" "not_ready" ) }}
kiam: kiam:
enabled: {{ .Values.kiam.enabled }} enabled: {{ .Values.kiam.enabled }}
values: values:
kiam: kiam:
enabled: {{ ( not .Values.kiam.certsOnly ) }}
server: server:
assumeRoleArn: "{{ .Values.kiam.IamArn }}" assumeRoleArn: "{{ .Values.kiam.IamArn }}"
deployment: deployment:
replicas: {{ ternary 2 1 .Values.HighAvailableControlplane }} replicas: {{ ternary 2 1 .Values.HighAvailableControlplane }}
prometheus: prometheus:
servicemonitor: servicemonitor:
enabled: {{ .Values.metrics.enabled }} enabled: {{ .Values.metrics.ready }}
agent: agent:
prometheus: prometheus:
servicemonitor: servicemonitor:
enabled: {{ .Values.metrics.enabled }} enabled: {{ .Values.metrics.ready }}
{{- end }}
{{- if not .Values.kiam.not_ready }} {{- if .Values.kiam.ready }}
# AWS only components # AWS only components
aws-ebs-csi-driver: aws-ebs-csi-driver:
enabled: {{ index .Values "aws-ebs-csi-driver" "enabled" }} enabled: {{ index .Values "aws-ebs-csi-driver" "enabled" }}
@ -95,7 +94,7 @@ kubezero:
values: values:
istiod: istiod:
replicaCount: {{ ternary 2 1 .Values.HighAvailableControlplane }} replicaCount: {{ ternary 2 1 .Values.HighAvailableControlplane }}
{{- if not ( index .Values "cert-manager" "not_ready" ) }} {{- if index .Values "cert-manager" "ready" }}
{{- if .Values.istio.ingress }} {{- if .Values.istio.ingress }}
ingress: ingress:
{{- toYaml .Values.istio.ingress | nindent 8 }} {{- toYaml .Values.istio.ingress | nindent 8 }}
@ -103,16 +102,16 @@ kubezero:
{{- end }} {{- end }}
metrics: metrics:
enabled: {{ .Values.metrics.enabled }} enabled: {{ .Values.metrics.ready }}
values: values:
{{- if and .Values.metrics.istio.grafana.enabled .Values.istio.enabled }} {{- if and .Values.metrics.istio.grafana.enabled .Values.istio.ready }}
grafana: grafana:
istio: istio:
{{- with .Values.metrics.istio.grafana }} {{- with .Values.metrics.istio.grafana }}
{{- toYaml . | nindent 10 }} {{- toYaml . | nindent 10 }}
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- if and .Values.metrics.istio.prometheus.enabled .Values.istio.enabled }} {{- if and .Values.metrics.istio.prometheus.enabled .Values.istio.ready }}
prometheus: prometheus:
istio: istio:
{{- with .Values.metrics.istio.prometheus }} {{- with .Values.metrics.istio.prometheus }}
@ -149,7 +148,7 @@ kubezero:
{{- toYaml . | nindent 8 }} {{- toYaml . | nindent 8 }}
{{- end }} {{- end }}
{{- end }} {{- end }}
prometheus: {{ .Values.metrics.enabled }} prometheus: {{ .Values.metrics.ready }}
{{- if .Values.logging.es.s3Snapshot }} {{- if .Values.logging.es.s3Snapshot }}
s3Snapshot: s3Snapshot:
@ -169,9 +168,9 @@ kubezero:
fluentd: fluentd:
enabled: {{ .Values.logging.fluentd.enabled }} enabled: {{ .Values.logging.fluentd.enabled }}
metrics: metrics:
enabled: {{ .Values.metrics.enabled }} enabled: {{ .Values.metrics.ready }}
url: {{ .Values.logging.fluentd.url }} url: {{ .Values.logging.fluentd.url }}
{{- if and .Values.logging.fluentd.istio .Values.istio.enabled }} {{- if and .Values.logging.fluentd.istio .Values.istio.ready }}
istio: istio:
{{- with .Values.logging.fluentd.istio }} {{- with .Values.logging.fluentd.istio }}
{{- toYaml . | nindent 10 }} {{- toYaml . | nindent 10 }}
@ -181,7 +180,7 @@ kubezero:
fluent-bit: fluent-bit:
enabled: {{ index .Values.logging "fluent-bit" "enabled" }} enabled: {{ index .Values.logging "fluent-bit" "enabled" }}
metrics: metrics:
enabled: {{ .Values.metrics.enabled }} enabled: {{ .Values.metrics.ready }}
{{- if index .Values.logging "fluent-bit" "config" }} {{- if index .Values.logging "fluent-bit" "config" }}
config: config:
{{- with index .Values.logging "fluent-bit" "config" }} {{- with index .Values.logging "fluent-bit" "config" }}
@ -192,13 +191,13 @@ kubezero:
argo-cd: argo-cd:
controller: controller:
metrics: metrics:
enabled: {{ .Values.metrics.enabled }} enabled: {{ .Values.metrics.ready }}
repoServer: repoServer:
metrics: metrics:
enabled: {{ .Values.metrics.enabled }} enabled: {{ .Values.metrics.ready }}
server: server:
metrics: metrics:
enabled: {{ .Values.metrics.enabled }} enabled: {{ .Values.metrics.ready }}
{{- with index .Values "argo-cd" "server" }} {{- with index .Values "argo-cd" "server" }}
{{- toYaml . | nindent 4 }} {{- toYaml . | nindent 4 }}
{{- end }} {{- end }}
@ -206,7 +205,7 @@ argo-cd:
configs: configs:
{{- toYaml . | nindent 4 }} {{- toYaml . | nindent 4 }}
{{- end }} {{- end }}
{{- if and ( index .Values "argo-cd" "istio" "enabled" ) .Values.istio.enabled }} {{- if and ( index .Values "argo-cd" "istio" "enabled" ) .Values.istio.ready }}
istio: istio:
{{- with index .Values "argo-cd" "istio" }} {{- with index .Values "argo-cd" "istio" }}
{{- toYaml . | nindent 4 }} {{- toYaml . | nindent 4 }}

17
deploy/values-step-1.yaml Normal file
View File

@ -0,0 +1,17 @@
kiam:
enabled: false
ready: false
cert-manager:
ready: false
istio:
enabled: false
ready: false
metrics:
enabled: false
ready: false
logging:
enabled: false

17
deploy/values-step-2.yaml Normal file
View File

@ -0,0 +1,17 @@
kiam:
enabled: false
ready: false
cert-manager:
ready: true
istio:
enabled: false
ready: false
metrics:
enabled: false
ready: false
logging:
enabled: false

17
deploy/values-step-3.yaml Normal file
View File

@ -0,0 +1,17 @@
kiam:
certsOnly: true
ready: false
cert-manager:
ready: true
istio:
enabled: false
ready: false
metrics:
enabled: false
ready: false
logging:
enabled: false

16
deploy/values-step-4.yaml Normal file
View File

@ -0,0 +1,16 @@
kiam:
ready: false
cert-manager:
ready: true
istio:
enabled: false
ready: false
metrics:
enabled: false
ready: false
logging:
enabled: false

6
deploy/values-step-5.yaml Normal file
View File

@ -0,0 +1,6 @@
istio:
ready: false
metrics:
enabled: false
ready: false