Compare commits
10 Commits
d48d73c23a
...
5b8193ef4f
| Author | SHA1 | Date | |
|---|---|---|---|
| 5b8193ef4f | |||
| 7f1d4333d7 | |||
| cc9983742d | |||
| a0f3230fab | |||
| 0b761fc5c4 | |||
| 22748995bc | |||
| b00d3a6a14 | |||
| fd2c32ed30 | |||
| 12e0b0cfcf | |||
| db1f237a69 |
@ -3,7 +3,7 @@ name: kubezero-addons
|
||||
description: KubeZero umbrella chart for various optional cluster addons
|
||||
type: application
|
||||
version: 0.8.15
|
||||
appVersion: v1.31
|
||||
appVersion: v1.32
|
||||
home: https://kubezero.com
|
||||
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
||||
keywords:
|
||||
@ -54,4 +54,4 @@ dependencies:
|
||||
version: 0.3.2
|
||||
repository: https://caas-team.github.io/helm-charts/
|
||||
condition: py-kube-downscaler.enabled
|
||||
kubeVersion: ">= 1.30.0-0"
|
||||
kubeVersion: ">= 1.31.0-0"
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
# kubezero-addons
|
||||
|
||||
  
|
||||
  
|
||||
|
||||
KubeZero umbrella chart for various optional cluster addons
|
||||
|
||||
@ -14,7 +14,7 @@ KubeZero umbrella chart for various optional cluster addons
|
||||
|
||||
## Requirements
|
||||
|
||||
Kubernetes: `>= 1.30.0-0`
|
||||
Kubernetes: `>= 1.31.0-0`
|
||||
|
||||
| Repository | Name | Version |
|
||||
|------------|------|---------|
|
||||
@ -24,8 +24,8 @@ Kubernetes: `>= 1.30.0-0`
|
||||
| https://kubernetes.github.io/autoscaler | cluster-autoscaler | 9.46.6 |
|
||||
| https://nvidia.github.io/k8s-device-plugin | nvidia-device-plugin | 0.17.1 |
|
||||
| https://twin.github.io/helm-charts | aws-eks-asg-rolling-update-handler | 1.5.0 |
|
||||
| oci://public.ecr.aws/aws-ec2/helm | aws-node-termination-handler | 0.27.0 |
|
||||
| oci://public.ecr.aws/neuron | neuron-helm-chart | 1.1.1 |
|
||||
| oci://public.ecr.aws/aws-ec2/helm | aws-node-termination-handler | 0.27.1 |
|
||||
| oci://public.ecr.aws/neuron | neuron-helm-chart | 1.1.2 |
|
||||
|
||||
# MetalLB
|
||||
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
apiVersion: v2
|
||||
appVersion: 1.25.0
|
||||
appVersion: 1.25.1
|
||||
description: A Helm chart for the AWS Node Termination Handler.
|
||||
home: https://github.com/aws/aws-node-termination-handler/
|
||||
icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png
|
||||
@ -21,4 +21,4 @@ name: aws-node-termination-handler
|
||||
sources:
|
||||
- https://github.com/aws/aws-node-termination-handler/
|
||||
type: application
|
||||
version: 0.27.0
|
||||
version: 0.27.1
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
apiVersion: v2
|
||||
description: KubeZero Argo - Events, Workflow, CD
|
||||
name: kubezero-argo
|
||||
version: 0.4.0
|
||||
version: 0.4.1
|
||||
home: https://kubezero.com
|
||||
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
||||
keywords:
|
||||
@ -22,11 +22,11 @@ dependencies:
|
||||
repository: https://argoproj.github.io/argo-helm
|
||||
condition: argo-events.enabled
|
||||
- name: argo-cd
|
||||
version: 8.0.9
|
||||
version: 8.0.14
|
||||
repository: https://argoproj.github.io/argo-helm
|
||||
condition: argo-cd.enabled
|
||||
- name: argocd-image-updater
|
||||
version: 0.12.1
|
||||
version: 0.12.2
|
||||
repository: https://argoproj.github.io/argo-helm
|
||||
condition: argocd-image-updater.enabled
|
||||
kubeVersion: ">= 1.30.0-0"
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
# kubezero-argo
|
||||
|
||||
|
||||
|
||||
|
||||
KubeZero Argo - Events, Workflow, CD
|
||||
|
||||
@ -18,9 +18,9 @@ Kubernetes: `>= 1.30.0-0`
|
||||
|
||||
| Repository | Name | Version |
|
||||
|------------|------|---------|
|
||||
| https://argoproj.github.io/argo-helm | argo-cd | 8.0.9 |
|
||||
| https://argoproj.github.io/argo-helm | argo-cd | 8.0.14 |
|
||||
| https://argoproj.github.io/argo-helm | argo-events | 2.4.15 |
|
||||
| https://argoproj.github.io/argo-helm | argocd-image-updater | 0.12.1 |
|
||||
| https://argoproj.github.io/argo-helm | argocd-image-updater | 0.12.2 |
|
||||
| https://cdn.zero-downtime.net/charts/ | kubezero-lib | 0.2.1 |
|
||||
|
||||
## Values
|
||||
@ -53,7 +53,7 @@ Kubernetes: `>= 1.30.0-0`
|
||||
| argo-cd.dex.enabled | bool | `false` | |
|
||||
| argo-cd.enabled | bool | `false` | |
|
||||
| argo-cd.global.image.repository | string | `"public.ecr.aws/zero-downtime/zdt-argocd"` | |
|
||||
| argo-cd.global.image.tag | string | `"v3.0.3"` | |
|
||||
| argo-cd.global.image.tag | string | `"v3.0.5"` | |
|
||||
| argo-cd.global.logging.format | string | `"json"` | |
|
||||
| argo-cd.global.networkPolicy.create | bool | `true` | |
|
||||
| argo-cd.istio.enabled | bool | `false` | |
|
||||
@ -83,8 +83,8 @@ Kubernetes: `>= 1.30.0-0`
|
||||
| argo-events.configs.jetstream.streamConfig.maxMsgs | int | `1000000` | Maximum number of messages before expiring oldest message |
|
||||
| argo-events.configs.jetstream.streamConfig.replicas | int | `1` | Number of replicas, defaults to 3 and requires minimal 3 |
|
||||
| argo-events.configs.jetstream.versions[0].configReloaderImage | string | `"natsio/nats-server-config-reloader:0.14.1"` | |
|
||||
| argo-events.configs.jetstream.versions[0].metricsExporterImage | string | `"natsio/prometheus-nats-exporter:0.17.2"` | |
|
||||
| argo-events.configs.jetstream.versions[0].natsImage | string | `"nats:2.11.1-scratch"` | |
|
||||
| argo-events.configs.jetstream.versions[0].metricsExporterImage | string | `"natsio/prometheus-nats-exporter:0.17.3"` | |
|
||||
| argo-events.configs.jetstream.versions[0].natsImage | string | `"nats:2.11.4-scratch"` | |
|
||||
| argo-events.configs.jetstream.versions[0].startCommand | string | `"/nats-server"` | |
|
||||
| argo-events.configs.jetstream.versions[0].version | string | `"2.10.11"` | |
|
||||
| argo-events.enabled | bool | `false` | |
|
||||
|
||||
@ -26,6 +26,7 @@ spec:
|
||||
prune: true
|
||||
syncOptions:
|
||||
- ApplyOutOfSyncOnly=true
|
||||
- ServerSideApply=true
|
||||
info:
|
||||
- name: "Source:"
|
||||
value: "https://git.zero-downtime.net/ZeroDownTime/KubeZero/src/branch/release/v1.32/"
|
||||
|
||||
@ -25,7 +25,7 @@ argo-events:
|
||||
# do NOT use -alpine tag as the entrypoint differs
|
||||
versions:
|
||||
- version: 2.10.11
|
||||
natsImage: nats:2.11.1-scratch
|
||||
natsImage: nats:2.11.4-scratch
|
||||
metricsExporterImage: natsio/prometheus-nats-exporter:0.17.3
|
||||
configReloaderImage: natsio/nats-server-config-reloader:0.14.1
|
||||
startCommand: /nats-server
|
||||
@ -38,7 +38,7 @@ argo-cd:
|
||||
format: json
|
||||
image:
|
||||
repository: public.ecr.aws/zero-downtime/zdt-argocd
|
||||
tag: v3.0.3
|
||||
tag: v3.0.5
|
||||
networkPolicy:
|
||||
create: true
|
||||
|
||||
@ -63,6 +63,10 @@ argo-cd:
|
||||
application.instanceLabelKey: Null
|
||||
server.rbac.log.enforce.enable: Null
|
||||
|
||||
resource.compareoptions: |
|
||||
# disables status field diffing in specified resource types
|
||||
ignoreAggregatedRoles: true
|
||||
|
||||
resource.customizations: |
|
||||
argoproj.io/Application:
|
||||
health.lua: |
|
||||
|
||||
@ -30,7 +30,7 @@ dependencies:
|
||||
repository: https://aquasecurity.github.io/helm-charts/
|
||||
condition: trivy.enabled
|
||||
- name: renovate
|
||||
version: 40.36.8
|
||||
version: 40.44.0
|
||||
repository: https://docs.renovatebot.com/helm-charts
|
||||
condition: renovate.enabled
|
||||
kubeVersion: ">= 1.25.0"
|
||||
|
||||
23
charts/kubezero-policy/Chart.yaml
Normal file
23
charts/kubezero-policy/Chart.yaml
Normal file
@ -0,0 +1,23 @@
|
||||
apiVersion: v2
|
||||
name: kubezero-policy
|
||||
description: KubeZero umbrella chart for Kyverno
|
||||
type: application
|
||||
version: 0.1.0
|
||||
appVersion: v1.14
|
||||
home: https://kubezero.com
|
||||
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
||||
keywords:
|
||||
- kubezero
|
||||
- kyverno
|
||||
maintainers:
|
||||
- name: Stefan Reimer
|
||||
email: stefan@zero-downtime.net
|
||||
dependencies:
|
||||
- name: kubezero-lib
|
||||
version: 0.2.1
|
||||
repository: https://cdn.zero-downtime.net/charts/
|
||||
- name: kyverno
|
||||
version: 3.4.2
|
||||
repository: https://kyverno.github.io/kyverno/
|
||||
condition: kyverno.enabled
|
||||
kubeVersion: ">= 1.30.0-0"
|
||||
30
charts/kubezero-policy/README.md
Normal file
30
charts/kubezero-policy/README.md
Normal file
@ -0,0 +1,30 @@
|
||||
# kubezero-policy
|
||||
|
||||
  
|
||||
|
||||
KubeZero umbrella chart for Kyverno
|
||||
|
||||
**Homepage:** <https://kubezero.com>
|
||||
|
||||
## Maintainers
|
||||
|
||||
| Name | Email | Url |
|
||||
| ---- | ------ | --- |
|
||||
| Stefan Reimer | <stefan@zero-downtime.net> | |
|
||||
|
||||
## Requirements
|
||||
|
||||
Kubernetes: `>= 1.30.0-0`
|
||||
|
||||
| Repository | Name | Version |
|
||||
|------------|------|---------|
|
||||
| https://cdn.zero-downtime.net/charts/ | kubezero-lib | 0.2.1 |
|
||||
| https://kyverno.github.io/kyverno/ | kyverno | 3.4.2 |
|
||||
|
||||
# Kyverno
|
||||
|
||||
## Values
|
||||
|
||||
| Key | Type | Default | Description |
|
||||
|-----|------|---------|-------------|
|
||||
| kyverno.enabled | bool | `false` | |
|
||||
18
charts/kubezero-policy/README.md.gotmpl
Normal file
18
charts/kubezero-policy/README.md.gotmpl
Normal file
@ -0,0 +1,18 @@
|
||||
{{ template "chart.header" . }}
|
||||
{{ template "chart.deprecationWarning" . }}
|
||||
|
||||
{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }}
|
||||
|
||||
{{ template "chart.description" . }}
|
||||
|
||||
{{ template "chart.homepageLine" . }}
|
||||
|
||||
{{ template "chart.maintainersSection" . }}
|
||||
|
||||
{{ template "chart.sourcesSection" . }}
|
||||
|
||||
{{ template "chart.requirementsSection" . }}
|
||||
|
||||
# Kyverno
|
||||
|
||||
{{ template "chart.valuesSection" . }}
|
||||
52
charts/kubezero-policy/templates/kyverno/certifcates.yaml
Normal file
52
charts/kubezero-policy/templates/kyverno/certifcates.yaml
Normal file
@ -0,0 +1,52 @@
|
||||
{{- if and false .Values.kyverno.enabled }}
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: Certificate
|
||||
metadata:
|
||||
name: {{ template "kubezero-lib.fullname" . }}-admission-tls
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
{{ include "kubezero-lib.labels" . | nindent 4 }}
|
||||
spec:
|
||||
secretName: {{ template "kubezero-lib.fullname" . }}-kyverno-svc.{{ .Release.Namespace }}.svc.kyverno-tls-pair
|
||||
issuerRef:
|
||||
name: kubezero-local-ca-issuer
|
||||
kind: ClusterIssuer
|
||||
duration: 8760h0m0s
|
||||
privateKey:
|
||||
encoding: PKCS8
|
||||
usages:
|
||||
- "client auth"
|
||||
- "server auth"
|
||||
commonName: {{ template "kubezero-lib.fullname" . }}-admission
|
||||
dnsNames:
|
||||
# <cluster-name>-<nodepool-component>-<index>
|
||||
- 'kyverno-svc'
|
||||
- 'kyverno-svc.{{ .Release.Namespace }}'
|
||||
- 'kyverno-svc.{{ .Release.Namespace }}.svc'
|
||||
---
|
||||
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: Certificate
|
||||
metadata:
|
||||
name: {{ template "kubezero-lib.fullname" . }}-cleanup-tls
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
{{ include "kubezero-lib.labels" . | nindent 4 }}
|
||||
spec:
|
||||
secretName: {{ template "kubezero-lib.fullname" . }}-kyverno-cleanup-controller.{{ .Release.Namespace }}.svc.kyverno-tls-pair
|
||||
issuerRef:
|
||||
name: kubezero-local-ca-issuer
|
||||
kind: ClusterIssuer
|
||||
duration: 8760h0m0s
|
||||
privateKey:
|
||||
encoding: PKCS8
|
||||
usages:
|
||||
- "client auth"
|
||||
- "server auth"
|
||||
commonName: {{ template "kubezero-lib.fullname" . }}-cleanup-controller
|
||||
dnsNames:
|
||||
# <cluster-name>-<nodepool-component>-<index>
|
||||
- 'kyverno-cleanup-controller'
|
||||
- 'kyverno-cleanup-controller.{{ .Release.Namespace }}'
|
||||
- 'kyverno-cleanup-controller.{{ .Release.Namespace }}.svc'
|
||||
{{- end }}
|
||||
9
charts/kubezero-policy/update.sh
Executable file
9
charts/kubezero-policy/update.sh
Executable file
@ -0,0 +1,9 @@
|
||||
#!/bin/bash
|
||||
set -ex
|
||||
|
||||
. ../../scripts/lib-update.sh
|
||||
|
||||
login_ecr_public
|
||||
update_helm
|
||||
|
||||
update_docs
|
||||
28
charts/kubezero-policy/values.yaml
Normal file
28
charts/kubezero-policy/values.yaml
Normal file
@ -0,0 +1,28 @@
|
||||
kyverno:
|
||||
enabled: false
|
||||
|
||||
# templating:
|
||||
# enabled: true
|
||||
|
||||
admissionController:
|
||||
revisionHistoryLimit: 2
|
||||
|
||||
nodeSelector:
|
||||
node-role.kubernetes.io/control-plane: ""
|
||||
tolerations:
|
||||
- key: node-role.kubernetes.io/control-plane
|
||||
effect: NoSchedule
|
||||
|
||||
# container:
|
||||
# extraArgs:
|
||||
# caSecretName: kubezero-policy-admission-tls
|
||||
# tlsSecretName: kubezero-policy-admission-tls
|
||||
|
||||
backgroundController:
|
||||
enabled: false
|
||||
|
||||
# cleanupController:
|
||||
# enabled: false
|
||||
|
||||
reportsController:
|
||||
enabled: false
|
||||
@ -10,7 +10,8 @@ metadata:
|
||||
labels:
|
||||
{{- include "kubezero-lib.labels" . | nindent 4 }}
|
||||
annotations:
|
||||
argocd.argoproj.io/sync-options: Replace=true
|
||||
argocd.argoproj.io/compare-options: IncludeMutationWebhook=true
|
||||
# argocd.argoproj.io/sync-options: Replace=true
|
||||
{{- with ( index .Values $name "annotations" ) }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
@ -41,6 +42,7 @@ spec:
|
||||
syncOptions:
|
||||
- CreateNamespace=true
|
||||
- ApplyOutOfSyncOnly=true
|
||||
- ServerSideApply=true
|
||||
info:
|
||||
- name: "Source:"
|
||||
value: "https://git.zero-downtime.net/ZeroDownTime/KubeZero/src/branch/release/v1.31/charts/kubezero-{{ $name }}"
|
||||
|
||||
@ -10,9 +10,9 @@ argo-cd:
|
||||
params:
|
||||
{{- if not $.Values.global.highAvailable }}
|
||||
# Reduce load on API server on single node control plane
|
||||
controller.status.processors: 2
|
||||
controller.operation.processors: 1
|
||||
controller.kubectl.parallelism.limit: 1
|
||||
controller.status.processors: 4
|
||||
controller.operation.processors: 2
|
||||
controller.kubectl.parallelism.limit: 2
|
||||
{{- else }}
|
||||
controller.status.processors: 8
|
||||
controller.operation.processors: 4
|
||||
|
||||
@ -41,12 +41,6 @@ haproxy:
|
||||
|
||||
|
||||
{{- define "network-argo" }}
|
||||
# Metallb
|
||||
ignoreDifferences:
|
||||
- group: apiextensions.k8s.io
|
||||
kind: CustomResourceDefinition
|
||||
jsonPointers:
|
||||
- /spec/conversion/webhook/clientConfig/caBundle
|
||||
{{- end }}
|
||||
|
||||
{{ include "kubezero-app.app" . }}
|
||||
|
||||
9
charts/kubezero/templates/policy.yaml
Normal file
9
charts/kubezero/templates/policy.yaml
Normal file
@ -0,0 +1,9 @@
|
||||
{{- define "policy-values" }}
|
||||
kyverno:
|
||||
dummy: test
|
||||
{{- end }}
|
||||
|
||||
{{- define "policy-argo" }}
|
||||
{{- end }}
|
||||
|
||||
{{ include "kubezero-app.app" . }}
|
||||
@ -30,6 +30,11 @@ addons:
|
||||
aws-eks-asg-rolling-update-handler:
|
||||
enabled: false
|
||||
|
||||
policy:
|
||||
enabled: false
|
||||
namespace: kyverno
|
||||
targetRevision: 0.1.0
|
||||
|
||||
network:
|
||||
enabled: true
|
||||
retain: true
|
||||
@ -118,7 +123,7 @@ logging:
|
||||
argo:
|
||||
enabled: false
|
||||
namespace: argocd
|
||||
targetRevision: 0.4.0
|
||||
targetRevision: 0.4.1
|
||||
argo-cd:
|
||||
enabled: false
|
||||
istio:
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user