Latest deploy bootstrap tweaks

charts/kubezero-kiam/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 name: kubezero-kiam
 description: KubeZero Umbrella Chart for Kiam
 type: application
-version: 0.2.9
+version: 0.2.10
 appVersion: 3.6
 home: https://kubezero.com
 icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
@@ -18,4 +18,5 @@ dependencies:
   - name: kiam
     version: 5.8.1
     repository: https://uswitch.github.io/kiam-helm-charts/charts/
+    condition: kiam.enabled
 kubeVersion: ">= 1.16.0"

charts/kubezero-kiam/values.yaml

@@ -1,4 +1,5 @@
 kiam:
+  enabled: false
   server:
     image:
       tag: "v3.6"

deploy/deploy.sh

@@ -40,8 +40,8 @@ else
 EOF
   fi
 
-  # Deploy initial argo-cad
-  helm template $DEPLOY_DIR -f values.yaml -f cloudbender.yaml --set kiam.not_ready=true --set cert-manager.not_ready=true --set istio.enabled=false --set metrics.enabled=false --set logging.enabled=false > generated-values.yaml
+  # Deploy initial argocd
+  helm template $DEPLOY_DIR -f values.yaml -f cloudbender.yaml -f $DEPLOY_DIR/values-step-1.yaml > generated-values.yaml
   helm install -n argocd kubezero kubezero/kubezero-argo-cd --create-namespace -f generated-values.yaml
   # Wait for argocd-server to be running
   kubectl rollout status deployment -n argocd kubezero-argocd-server
@@ -55,7 +55,7 @@ EOF
   if [ -f cert-manager-backup.yaml ]; then
     kubectl apply -f cert-manager-backup.yaml
   else
-    helm template $DEPLOY_DIR -f values.yaml -f cloudbender.yaml --set kiam.not_ready=true --set istio.enabled=false --set metrics.enabled=false --set logging.enabled=false > generated-values.yaml
+    helm template $DEPLOY_DIR -f values.yaml -f cloudbender.yaml -f $DEPLOY_DIR/values-step-2.yaml > generated-values.yaml
     helm upgrade -n argocd kubezero kubezero/kubezero-argo-cd -f generated-values.yaml
     wait_for kubectl get Issuer -n kube-system kubezero-local-ca-issuer 2>/dev/null 1>&2
     wait_for kubectl get ClusterIssuer letsencrypt-dns-prod 2>/dev/null 1>&2
@@ -64,17 +64,17 @@ EOF
   fi
 
   # Now that we have the cert-manager webhook, get the kiam certs in place but do NOT deploy kiam yet
-  helm template $DEPLOY_DIR -f values.yaml -f cloudbender.yaml --set kiam.not_ready=true --set kiam.enabled=false --set istio.enabled=false --set metrics.enabled=false --set logging.enabled=false > generated-values.yaml
+  helm template $DEPLOY_DIR -f values.yaml -f cloudbender.yaml -f $DEPLOY_DIR/values-step-3.yaml > generated-values.yaml
   helm upgrade -n argocd kubezero kubezero/kubezero-argo-cd -f generated-values.yaml
 
   # Now lets make sure kiam is working
-  helm template $DEPLOY_DIR -f values.yaml -f cloudbender.yaml --set kiam.not_ready=true --set istio.enabled=false --set metrics.enabled=false --set logging.enabled=false > generated-values.yaml
+  helm template $DEPLOY_DIR -f values.yaml -f cloudbender.yaml -f $DEPLOY_DIR/values-step-4.yaml > generated-values.yaml
   helm upgrade -n argocd kubezero kubezero/kubezero-argo-cd -f generated-values.yaml
   wait_for kubectl get daemonset -n kube-system kiam-agent 2>/dev/null 1>&2
   kubectl rollout status daemonset -n kube-system kiam-agent
 
   # Install Istio if enabled, but keep ArgoCD istio support disabled for now in case
-  helm template $DEPLOY_DIR -f values.yaml -f cloudbender.yaml --set argo-cd.istio.enabled=false --set metrics.istio.prometheus.enabled=false --set metrics.istio.grafana.enabled=false > generated-values.yaml
+  helm template $DEPLOY_DIR -f values.yaml -f cloudbender.yaml -f $DEPLOY_DIR/values-step-5.yaml  > generated-values.yaml
   helm upgrade -n argocd kubezero kubezero/kubezero-argo-cd -f generated-values.yaml
   wait_for kubectl get deployment -n istio-operator istio-operator 2>/dev/null 1>&2
   kubectl rollout status deployment -n istio-operator istio-operator

deploy/templates/values.yaml

@@ -8,12 +8,12 @@ kubezero:
     values:
       network: {{ default "vxlan" .Values.calico.network }}
       mtu: {{ default "8941" .Values.calico.mtu }}
-      prometheus: {{ .Values.metrics.enabled }}
+      prometheus: {{ .Values.metrics.ready }}
   cert-manager:
     enabled: {{ index .Values "cert-manager" "enabled" }}
     values:
       # Disable all until webhook is in place
-      {{- if index .Values "cert-manager" "not_ready" }}
+      {{- if not ( index .Values "cert-manager" "ready" ) }}
       localCA:
         enabled: false
       {{- end }}
@@ -23,7 +23,7 @@ kubezero:
           iam.amazonaws.com/role: "{{ index .Values "cert-manager" "IamArn" }}"
       {{- end }}
 
-      {{- if not .Values.kiam.not_ready }}
+      {{- if .Values.kiam.ready }}
       clusterIssuer:
         name: letsencrypt-dns-prod
         server: https://acme-v02.api.letsencrypt.org/directory
@@ -47,25 +47,24 @@ kubezero:
 
 
   {{- if eq .Values.platform "aws" }}
-  {{- if not ( index .Values "cert-manager" "not_ready" ) }}
   kiam:
     enabled: {{ .Values.kiam.enabled }}
     values:
       kiam:
+        enabled: {{ ( not .Values.kiam.certsOnly ) }}
         server:
           assumeRoleArn: "{{ .Values.kiam.IamArn }}"
           deployment:
             replicas: {{ ternary 2 1 .Values.HighAvailableControlplane }}
           prometheus:
             servicemonitor:
-              enabled: {{ .Values.metrics.enabled }}
+              enabled: {{ .Values.metrics.ready }}
         agent:
           prometheus:
             servicemonitor:
-              enabled: {{ .Values.metrics.enabled }}
-  {{- end }}
+              enabled: {{ .Values.metrics.ready }}
 
-  {{- if not .Values.kiam.not_ready }}
+  {{- if .Values.kiam.ready }}
   # AWS only components
   aws-ebs-csi-driver:
     enabled: {{ index .Values "aws-ebs-csi-driver" "enabled" }}
@@ -95,7 +94,7 @@ kubezero:
     values:
       istiod:
         replicaCount: {{ ternary 2 1 .Values.HighAvailableControlplane }}
-      {{- if not ( index .Values "cert-manager" "not_ready" ) }}
+      {{- if index .Values "cert-manager" "ready" }}
       {{- if .Values.istio.ingress }}
       ingress:
         {{- toYaml .Values.istio.ingress | nindent 8 }}
@@ -103,16 +102,16 @@ kubezero:
       {{- end }}
 
   metrics:
-    enabled: {{ .Values.metrics.enabled }}
+    enabled: {{ .Values.metrics.ready }}
     values:
-      {{- if and .Values.metrics.istio.grafana.enabled .Values.istio.enabled }}
+      {{- if and .Values.metrics.istio.grafana.enabled .Values.istio.ready }}
       grafana:
         istio:
           {{- with .Values.metrics.istio.grafana }}
           {{- toYaml . | nindent 10 }}
           {{- end }}
       {{- end }}
-      {{- if and .Values.metrics.istio.prometheus.enabled .Values.istio.enabled }}
+      {{- if and .Values.metrics.istio.prometheus.enabled .Values.istio.ready }}
       prometheus:
         istio:
           {{- with .Values.metrics.istio.prometheus }}
@@ -149,7 +148,7 @@ kubezero:
         {{- toYaml . | nindent 8 }}
         {{- end }}
         {{- end }}
-        prometheus: {{ .Values.metrics.enabled }}
+        prometheus: {{ .Values.metrics.ready }}
 
         {{- if .Values.logging.es.s3Snapshot }}
         s3Snapshot:
@@ -169,9 +168,9 @@ kubezero:
       fluentd:
         enabled: {{ .Values.logging.fluentd.enabled }}
         metrics:
-          enabled: {{ .Values.metrics.enabled }}
+          enabled: {{ .Values.metrics.ready }}
         url: {{ .Values.logging.fluentd.url }}
-        {{- if and .Values.logging.fluentd.istio .Values.istio.enabled }}
+        {{- if and .Values.logging.fluentd.istio .Values.istio.ready }}
         istio:
           {{- with .Values.logging.fluentd.istio }}
           {{- toYaml . | nindent 10 }}
@@ -181,7 +180,7 @@ kubezero:
       fluent-bit:
         enabled: {{ index .Values.logging "fluent-bit" "enabled" }}
         metrics:
-          enabled: {{ .Values.metrics.enabled }}
+          enabled: {{ .Values.metrics.ready }}
         {{- if index .Values.logging "fluent-bit" "config" }}
         config:
           {{- with index .Values.logging "fluent-bit" "config" }}
@@ -192,13 +191,13 @@ kubezero:
 argo-cd:
   controller:
     metrics:
-      enabled: {{ .Values.metrics.enabled }}
+      enabled: {{ .Values.metrics.ready }}
   repoServer:
     metrics:
-      enabled: {{ .Values.metrics.enabled }}
+      enabled: {{ .Values.metrics.ready }}
   server:
     metrics:
-      enabled: {{ .Values.metrics.enabled }}
+      enabled: {{ .Values.metrics.ready }}
     {{- with index .Values "argo-cd" "server" }}
     {{- toYaml . | nindent 4 }}
     {{- end }}
@@ -206,7 +205,7 @@ argo-cd:
   configs:
     {{- toYaml . | nindent 4 }}
   {{- end }}
-  {{- if and ( index .Values "argo-cd" "istio" "enabled" ) .Values.istio.enabled }}
+  {{- if and ( index .Values "argo-cd" "istio" "enabled" ) .Values.istio.ready }}
   istio:
     {{- with index .Values "argo-cd" "istio" }}
     {{- toYaml . | nindent 4 }}

deploy/values-step-1.yaml

@@ -0,0 +1,17 @@
+kiam:
+  enabled: false
+  ready: false
+
+cert-manager:
+  ready: false
+
+istio:
+  enabled: false
+  ready: false
+
+metrics:
+  enabled: false
+  ready: false
+
+logging:
+  enabled: false

deploy/values-step-2.yaml

@@ -0,0 +1,17 @@
+kiam:
+  enabled: false
+  ready: false
+
+cert-manager:
+  ready: true
+
+istio:
+  enabled: false
+  ready: false
+
+metrics:
+  enabled: false
+  ready: false
+
+logging:
+  enabled: false

deploy/values-step-3.yaml

@@ -0,0 +1,17 @@
+kiam:
+  certsOnly: true
+  ready: false
+
+cert-manager:
+  ready: true
+
+istio:
+  enabled: false
+  ready: false
+
+metrics:
+  enabled: false
+  ready: false
+
+logging:
+  enabled: false

deploy/values-step-4.yaml

@@ -0,0 +1,16 @@
+kiam:
+  ready: false
+
+cert-manager:
+  ready: true
+
+istio:
+  enabled: false
+  ready: false
+
+metrics:
+  enabled: false
+  ready: false
+
+logging:
+  enabled: false

deploy/values-step-5.yaml

@@ -0,0 +1,6 @@
+istio:
+  ready: false
+
+metrics:
+  enabled: false
+  ready: false