Compare commits
1 Commits
main
...
renovate/k
| Author | SHA1 | Date | |
|---|---|---|---|
| 6f0f602d64 |
@ -1,9 +1,9 @@
|
||||
ARG ALPINE_VERSION=3.21
|
||||
ARG ALPINE_VERSION=3.20
|
||||
|
||||
FROM docker.io/alpine:${ALPINE_VERSION}
|
||||
|
||||
ARG ALPINE_VERSION
|
||||
ARG KUBE_VERSION=1.31.4
|
||||
ARG KUBE_VERSION=1.30.6
|
||||
|
||||
ARG SOPS_VERSION="3.9.1"
|
||||
ARG VALS_VERSION="0.37.6"
|
||||
@ -12,7 +12,7 @@ ARG HELM_SECRETS_VERSION="4.6.2"
|
||||
RUN cd /etc/apk/keys && \
|
||||
wget "https://cdn.zero-downtime.net/alpine/stefan@zero-downtime.net-61bb6bfb.rsa.pub" && \
|
||||
echo "@kubezero https://cdn.zero-downtime.net/alpine/v${ALPINE_VERSION}/kubezero" >> /etc/apk/repositories && \
|
||||
echo "@testing http://dl-cdn.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories && \
|
||||
echo "@edge-testing http://dl-cdn.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories && \
|
||||
echo "@edge-community http://dl-cdn.alpinelinux.org/alpine/edge/community" >> /etc/apk/repositories && \
|
||||
apk upgrade -U -a --no-cache && \
|
||||
apk --no-cache add \
|
||||
@ -24,7 +24,6 @@ RUN cd /etc/apk/keys && \
|
||||
py3-yaml \
|
||||
restic \
|
||||
helm \
|
||||
ytt@testing \
|
||||
etcd-ctl@edge-community \
|
||||
cri-tools@kubezero \
|
||||
etcdhelper@kubezero \
|
||||
|
||||
@ -69,9 +69,9 @@ render_kubeadm() {
|
||||
fi
|
||||
|
||||
# "uncloak" the json patches after they got processed by helm
|
||||
for s in kube-apiserver kube-controller-manager kube-scheduler corednsdeployment; do
|
||||
yq eval '.json' ${WORKDIR}/kubeadm/templates/patches/${s}1\+json.yaml > /tmp/_tmp.yaml && \
|
||||
mv /tmp/_tmp.yaml ${WORKDIR}/kubeadm/templates/patches/${s}1\+json.yaml
|
||||
for s in apiserver controller-manager scheduler; do
|
||||
yq eval '.json' ${WORKDIR}/kubeadm/templates/patches/kube-${s}1\+json.yaml > /tmp/_tmp.yaml && \
|
||||
mv /tmp/_tmp.yaml ${WORKDIR}/kubeadm/templates/patches/kube-${s}1\+json.yaml
|
||||
done
|
||||
}
|
||||
|
||||
@ -117,12 +117,40 @@ post_kubeadm() {
|
||||
for f in ${WORKDIR}/kubeadm/templates/resources/*.yaml; do
|
||||
kubectl apply -f $f $LOG
|
||||
done
|
||||
|
||||
# Patch coreDNS addon, ideally we prevent kubeadm to reset coreDNS to its defaults
|
||||
kubectl patch deployment coredns -n kube-system --patch-file ${WORKDIR}/kubeadm/templates/patches/coredns0.yaml $LOG
|
||||
}
|
||||
|
||||
|
||||
kubeadm_upgrade() {
|
||||
# pre upgrade hook
|
||||
|
||||
### Remove with 1.31
|
||||
# migrate kubezero CM to kubezero NS
|
||||
# migrate ArgoCD app from values to valuesObject
|
||||
create_ns kubezero
|
||||
|
||||
if [ "$ARGOCD" == "True" ]; then
|
||||
kubectl get app kubezero -n argocd -o yaml > $WORKDIR/kubezero-argo-app.yaml
|
||||
if [ "$(yq '(.spec.source.helm | has "values")' $WORKDIR/kubezero-argo-app.yaml)" == "true" ]; then
|
||||
yq '.spec.source.helm.valuesObject = (.spec.source.helm.values | from_yaml)' \
|
||||
$WORKDIR/kubezero-argo-app.yaml | kubectl apply --server-side --force-conflicts -f -
|
||||
|
||||
kubectl patch app kubezero -n argocd --type json -p='[{"op": "remove", "path": "/spec/source/helm/values"}]'
|
||||
kubectl delete cm kubezero-values -n kube-system > /dev/null || true
|
||||
kubectl create configmap -n kubezero kubezero-values || true
|
||||
fi
|
||||
|
||||
else
|
||||
kubectl get cm kubezero-values -n kubezero > /dev/null || \
|
||||
{ kubectl get cm kubezero-values -n kube-system -o yaml | \
|
||||
sed 's/^ namespace: kube-system/ namespace: kubezero/' | \
|
||||
kubectl create -f - && \
|
||||
kubectl delete cm kubezero-values -n kube-system ; }
|
||||
fi
|
||||
###
|
||||
|
||||
# get current values, argo app over cm
|
||||
get_kubezero_values $ARGOCD
|
||||
|
||||
@ -163,6 +191,14 @@ kubeadm_upgrade() {
|
||||
|
||||
# post upgrade
|
||||
|
||||
# Update kubezero-values CM
|
||||
kubectl get cm -n kube-system kubelet-config -o=yaml | \
|
||||
yq e '.data.kubelet' | yq e '.containerRuntimeEndpoint = "unix:///run/containerd/containerd.sock"' > $WORKDIR/new-kubelet.cm
|
||||
|
||||
kubectl get cm -n kube-system kubelet-config -o=yaml | \
|
||||
yq e '.data.kubelet |= load_str("/tmp/kubezero/new-kubelet.cm")' | \
|
||||
kubectl apply --server-side --force-conflicts -f -
|
||||
|
||||
# Cleanup after kubeadm on the host
|
||||
rm -rf ${HOSTFS}/etc/kubernetes/tmp
|
||||
|
||||
|
||||
@ -46,16 +46,6 @@ function get_kubezero_values() {
|
||||
}
|
||||
|
||||
|
||||
# Update kubezero-values CM
|
||||
function update_kubezero_cm() {
|
||||
kubectl get application kubezero -n argocd -o yaml | yq .spec.source.helm.valuesObject > ${WORKDIR}/kubezero-values.yaml
|
||||
|
||||
kubectl get cm -n kubezero kubezero-values -o=yaml | \
|
||||
yq e '.data."values.yaml" |= load_str("/tmp/kubezero/kubezero-values.yaml")' | \
|
||||
kubectl apply --server-side --force-conflicts -f -
|
||||
}
|
||||
|
||||
|
||||
function disable_argo() {
|
||||
cat > _argoapp_patch.yaml <<EOF
|
||||
spec:
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
set -eE
|
||||
set -o pipefail
|
||||
|
||||
KUBE_VERSION=v1.31
|
||||
KUBE_VERSION=v1.30
|
||||
|
||||
ARGO_APP=${1:-/tmp/new-kubezero-argoapp.yaml}
|
||||
|
||||
@ -19,6 +19,11 @@ echo "Checking that all pods in kube-system are running ..."
|
||||
|
||||
[ "$ARGOCD" == "True" ] && disable_argo
|
||||
|
||||
# 1.30 fix for the missing kubeadm socket annotations
|
||||
for c in $(kubectl get nodes -l "node-role.kubernetes.io/control-plane=" | grep v1.29 | awk {'print $1}'); do
|
||||
kubectl annotate node $c 'kubeadm.alpha.kubernetes.io/cri-socket=unix:///var/run/crio/crio.sock'
|
||||
done
|
||||
|
||||
control_plane_upgrade kubeadm_upgrade
|
||||
|
||||
echo "Control plane upgraded, <Return> to continue"
|
||||
@ -28,7 +33,8 @@ read -r
|
||||
# shellcheck disable=SC2015
|
||||
#[ "$ARGOCD" == "True" ] && kubectl edit app kubezero -n argocd || kubectl edit cm kubezero-values -n kubezero
|
||||
|
||||
### v1.31
|
||||
### v1.30
|
||||
kubectl delete runtimeclass crio || true
|
||||
|
||||
# upgrade modules
|
||||
#
|
||||
@ -37,8 +43,9 @@ read -r
|
||||
|
||||
control_plane_upgrade "apply_network, apply_addons, apply_storage, apply_operators"
|
||||
|
||||
echo "Checking that all pods in kube-system are running ..."
|
||||
waitSystemPodsRunning
|
||||
# Disabled during 1.30 due to nvidia runtime deadlock
|
||||
#echo "Checking that all pods in kube-system are running ..."
|
||||
#waitSystemPodsRunning
|
||||
|
||||
echo "Applying remaining KubeZero modules..."
|
||||
|
||||
|
||||
@ -2,7 +2,7 @@ apiVersion: v2
|
||||
name: kubeadm
|
||||
description: KubeZero Kubeadm cluster config
|
||||
type: application
|
||||
version: 1.31.4
|
||||
version: 1.30.6
|
||||
home: https://kubezero.com
|
||||
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
||||
keywords:
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
{{- /* v1.28: PodAndContainerStatsFromCRI still not working */ -}}
|
||||
{{- /* v1.28: UnknownVersionInteroperabilityProxy requires StorageVersionAPI which is still alpha in 1.30 */ -}}
|
||||
{{- define "kubeadm.featuregates" }}
|
||||
{{- $gates := list "CustomCPUCFSQuotaPeriod" "AuthorizeWithSelectors" "AuthorizeNodeWithSelectors" "ConsistentListFromCache" "VolumeAttributesClass" "WatchList"}}
|
||||
{{- $gates := list "CustomCPUCFSQuotaPeriod" }}
|
||||
{{- if eq .return "csv" }}
|
||||
{{- range $key := $gates }}
|
||||
{{- $key }}=true,
|
||||
|
||||
@ -1,4 +1,5 @@
|
||||
spec:
|
||||
replicas: {{ ternary 3 1 .Values.global.highAvailable }}
|
||||
template:
|
||||
spec:
|
||||
containers:
|
||||
@ -1,4 +0,0 @@
|
||||
json:
|
||||
- op: replace
|
||||
path: /spec/replicas
|
||||
value: {{ ternary 3 1 .Values.global.highAvailable }}
|
||||
@ -33,11 +33,6 @@ dependencies:
|
||||
# https://github.com/NVIDIA/k8s-device-plugin
|
||||
repository: https://nvidia.github.io/k8s-device-plugin
|
||||
condition: nvidia-device-plugin.enabled
|
||||
- name: neuron-helm-chart
|
||||
version: 1.1.1
|
||||
# https://github.com/aws-neuron/neuron-helm-charts/tree/main/charts/neuron-helm-chart
|
||||
repository: oci://public.ecr.aws/neuron #/neuron-helm-chart
|
||||
condition: neuron-helm-chart.enabled
|
||||
- name: sealed-secrets
|
||||
version: 2.16.2
|
||||
repository: https://bitnami-labs.github.io/sealed-secrets
|
||||
|
||||
@ -25,7 +25,6 @@ Kubernetes: `>= 1.26.0`
|
||||
| https://nvidia.github.io/k8s-device-plugin | nvidia-device-plugin | 0.17.0 |
|
||||
| https://twin.github.io/helm-charts | aws-eks-asg-rolling-update-handler | 1.5.0 |
|
||||
| oci://public.ecr.aws/aws-ec2/helm | aws-node-termination-handler | 0.24.1 |
|
||||
| oci://public.ecr.aws/neuron | neuron-helm-chart | 1.1.1 |
|
||||
|
||||
# MetalLB
|
||||
|
||||
@ -101,11 +100,13 @@ Device plugin for [AWS Neuron](https://aws.amazon.com/machine-learning/neuron/)
|
||||
| aws-node-termination-handler.tolerations[0].effect | string | `"NoSchedule"` | |
|
||||
| aws-node-termination-handler.tolerations[0].key | string | `"node-role.kubernetes.io/control-plane"` | |
|
||||
| aws-node-termination-handler.useProviderId | bool | `true` | |
|
||||
| awsNeuron.enabled | bool | `false` | |
|
||||
| awsNeuron.image.name | string | `"public.ecr.aws/neuron/neuron-device-plugin"` | |
|
||||
| awsNeuron.image.tag | string | `"2.22.4.0"` | |
|
||||
| cluster-autoscaler.autoDiscovery.clusterName | string | `""` | |
|
||||
| cluster-autoscaler.awsRegion | string | `"us-west-2"` | |
|
||||
| cluster-autoscaler.enabled | bool | `false` | |
|
||||
| cluster-autoscaler.extraArgs.balance-similar-node-groups | bool | `true` | |
|
||||
| cluster-autoscaler.extraArgs.ignore-daemonsets-utilization | bool | `true` | |
|
||||
| cluster-autoscaler.extraArgs.ignore-taint | string | `"node.cilium.io/agent-not-ready"` | |
|
||||
| cluster-autoscaler.extraArgs.scan-interval | string | `"30s"` | |
|
||||
| cluster-autoscaler.extraArgs.skip-nodes-with-local-storage | bool | `false` | |
|
||||
@ -140,24 +141,22 @@ Device plugin for [AWS Neuron](https://aws.amazon.com/machine-learning/neuron/)
|
||||
| fuseDevicePlugin.enabled | bool | `false` | |
|
||||
| fuseDevicePlugin.image.name | string | `"public.ecr.aws/zero-downtime/fuse-device-plugin"` | |
|
||||
| fuseDevicePlugin.image.tag | string | `"v1.2.0"` | |
|
||||
| neuron-helm-chart.devicePlugin.tolerations[0].key | string | `"CriticalAddonsOnly"` | |
|
||||
| neuron-helm-chart.devicePlugin.tolerations[0].operator | string | `"Exists"` | |
|
||||
| neuron-helm-chart.devicePlugin.tolerations[1].effect | string | `"NoSchedule"` | |
|
||||
| neuron-helm-chart.devicePlugin.tolerations[1].key | string | `"aws.amazon.com/neuron"` | |
|
||||
| neuron-helm-chart.devicePlugin.tolerations[1].operator | string | `"Exists"` | |
|
||||
| neuron-helm-chart.devicePlugin.tolerations[2].effect | string | `"NoSchedule"` | |
|
||||
| neuron-helm-chart.devicePlugin.tolerations[2].key | string | `"kubezero-workergroup"` | |
|
||||
| neuron-helm-chart.devicePlugin.tolerations[2].operator | string | `"Exists"` | |
|
||||
| neuron-helm-chart.devicePlugin.volumeMounts[0].mountPath | string | `"/var/lib/kubelet/device-plugins"` | |
|
||||
| neuron-helm-chart.devicePlugin.volumeMounts[0].name | string | `"device-plugin"` | |
|
||||
| neuron-helm-chart.devicePlugin.volumeMounts[1].mountPath | string | `"/run"` | |
|
||||
| neuron-helm-chart.devicePlugin.volumeMounts[1].name | string | `"infa-map"` | |
|
||||
| neuron-helm-chart.devicePlugin.volumes[0].hostPath.path | string | `"/var/lib/kubelet/device-plugins"` | |
|
||||
| neuron-helm-chart.devicePlugin.volumes[0].name | string | `"device-plugin"` | |
|
||||
| neuron-helm-chart.devicePlugin.volumes[1].hostPath.path | string | `"/run"` | |
|
||||
| neuron-helm-chart.devicePlugin.volumes[1].name | string | `"infa-map"` | |
|
||||
| neuron-helm-chart.enabled | bool | `false` | |
|
||||
| neuron-helm-chart.npd.enabled | bool | `false` | |
|
||||
| nvidia-device-plugin.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].key | string | `"node.kubernetes.io/instance-type"` | |
|
||||
| nvidia-device-plugin.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].operator | string | `"In"` | |
|
||||
| nvidia-device-plugin.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].values[0] | string | `"g5.xlarge"` | |
|
||||
| nvidia-device-plugin.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].values[10] | string | `"g4dn.4xlarge"` | |
|
||||
| nvidia-device-plugin.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].values[11] | string | `"g4dn.8xlarge"` | |
|
||||
| nvidia-device-plugin.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].values[12] | string | `"g4dn.12xlarge"` | |
|
||||
| nvidia-device-plugin.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].values[13] | string | `"g4dn.16xlarge"` | |
|
||||
| nvidia-device-plugin.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].values[1] | string | `"g5.2xlarge"` | |
|
||||
| nvidia-device-plugin.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].values[2] | string | `"g5.4xlarge"` | |
|
||||
| nvidia-device-plugin.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].values[3] | string | `"g5.8xlarge"` | |
|
||||
| nvidia-device-plugin.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].values[4] | string | `"g5.12xlarge"` | |
|
||||
| nvidia-device-plugin.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].values[5] | string | `"g5.16xlarge"` | |
|
||||
| nvidia-device-plugin.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].values[6] | string | `"g5.24xlarge"` | |
|
||||
| nvidia-device-plugin.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].values[7] | string | `"g5.48xlarge"` | |
|
||||
| nvidia-device-plugin.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].values[8] | string | `"g4dn.xlarge"` | |
|
||||
| nvidia-device-plugin.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].values[9] | string | `"g4dn.2xlarge"` | |
|
||||
| nvidia-device-plugin.cdi.nvidiaHookPath | string | `"/usr/bin"` | |
|
||||
| nvidia-device-plugin.deviceDiscoveryStrategy | string | `"nvml"` | |
|
||||
| nvidia-device-plugin.enabled | bool | `false` | |
|
||||
@ -168,23 +167,6 @@ Device plugin for [AWS Neuron](https://aws.amazon.com/machine-learning/neuron/)
|
||||
| nvidia-device-plugin.tolerations[1].effect | string | `"NoSchedule"` | |
|
||||
| nvidia-device-plugin.tolerations[1].key | string | `"kubezero-workergroup"` | |
|
||||
| nvidia-device-plugin.tolerations[1].operator | string | `"Exists"` | |
|
||||
| py-kube-downscaler.enabled | bool | `false` | |
|
||||
| py-kube-downscaler.excludedNamespaces[0] | string | `"kube-system"` | |
|
||||
| py-kube-downscaler.excludedNamespaces[1] | string | `"operators"` | |
|
||||
| py-kube-downscaler.excludedNamespaces[2] | string | `"monitoring"` | |
|
||||
| py-kube-downscaler.excludedNamespaces[3] | string | `"logging"` | |
|
||||
| py-kube-downscaler.excludedNamespaces[4] | string | `"telemetry"` | |
|
||||
| py-kube-downscaler.excludedNamespaces[5] | string | `"istio-system"` | |
|
||||
| py-kube-downscaler.excludedNamespaces[6] | string | `"istio-ingress"` | |
|
||||
| py-kube-downscaler.excludedNamespaces[7] | string | `"cert-manager"` | |
|
||||
| py-kube-downscaler.excludedNamespaces[8] | string | `"argocd"` | |
|
||||
| py-kube-downscaler.nodeSelector."node-role.kubernetes.io/control-plane" | string | `""` | |
|
||||
| py-kube-downscaler.resources.limits.cpu | string | `nil` | |
|
||||
| py-kube-downscaler.resources.limits.memory | string | `"256Mi"` | |
|
||||
| py-kube-downscaler.resources.requests.cpu | string | `"20m"` | |
|
||||
| py-kube-downscaler.resources.requests.memory | string | `"48Mi"` | |
|
||||
| py-kube-downscaler.tolerations[0].effect | string | `"NoSchedule"` | |
|
||||
| py-kube-downscaler.tolerations[0].key | string | `"node-role.kubernetes.io/control-plane"` | |
|
||||
| sealed-secrets.enabled | bool | `false` | |
|
||||
| sealed-secrets.fullnameOverride | string | `"sealed-secrets-controller"` | |
|
||||
| sealed-secrets.keyrenewperiod | string | `"0"` | |
|
||||
|
||||
@ -0,0 +1,80 @@
|
||||
{{- if .Values.awsNeuron.enabled }}
|
||||
apiVersion: apps/v1
|
||||
kind: DaemonSet
|
||||
metadata:
|
||||
name: neuron-device-plugin
|
||||
namespace: kube-system
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
name: neuron-device-plugin-ds
|
||||
updateStrategy:
|
||||
type: RollingUpdate
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
name: neuron-device-plugin-ds
|
||||
spec:
|
||||
serviceAccount: neuron-device-plugin
|
||||
tolerations:
|
||||
- key: CriticalAddonsOnly
|
||||
operator: Exists
|
||||
- key: aws.amazon.com/neuron
|
||||
operator: Exists
|
||||
effect: NoSchedule
|
||||
- key: kubezero-workergroup
|
||||
effect: NoSchedule
|
||||
operator: Exists
|
||||
# Mark this pod as a critical add-on; when enabled, the critical add-on
|
||||
# scheduler reserves resources for critical add-on pods so that they can
|
||||
# be rescheduled after a failure.
|
||||
# See https://kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/
|
||||
priorityClassName: "system-node-critical"
|
||||
affinity:
|
||||
nodeAffinity:
|
||||
requiredDuringSchedulingIgnoredDuringExecution:
|
||||
nodeSelectorTerms:
|
||||
- matchExpressions:
|
||||
- key: "node.kubernetes.io/instance-type"
|
||||
operator: In
|
||||
values:
|
||||
- inf1.xlarge
|
||||
- inf1.2xlarge
|
||||
- inf1.6xlarge
|
||||
- inf1.24xlarge
|
||||
- inf2.xlarge
|
||||
- inf2.4xlarge
|
||||
- inf2.8xlarge
|
||||
- inf2.24xlarge
|
||||
- inf2.48xlarge
|
||||
- trn1.2xlarge
|
||||
- trn1.32xlarge
|
||||
- trn1n.32xlarge
|
||||
containers:
|
||||
- image: "{{ .Values.awsNeuron.image.name }}:{{ .Values.awsNeuron.image.tag }}"
|
||||
imagePullPolicy: IfNotPresent
|
||||
name: neuron-device-plugin
|
||||
env:
|
||||
- name: KUBECONFIG
|
||||
value: /etc/kubernetes/kubelet.conf
|
||||
- name: NODE_NAME
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: spec.nodeName
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop: ["ALL"]
|
||||
volumeMounts:
|
||||
- name: device-plugin
|
||||
mountPath: /var/lib/kubelet/device-plugins
|
||||
- name: infa-map
|
||||
mountPath: /run
|
||||
volumes:
|
||||
- name: device-plugin
|
||||
hostPath:
|
||||
path: /var/lib/kubelet/device-plugins
|
||||
- name: infa-map
|
||||
hostPath:
|
||||
path: /run
|
||||
{{- end }}
|
||||
@ -0,0 +1,59 @@
|
||||
{{- if .Values.awsNeuron.enabled }}
|
||||
kind: ClusterRole
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
name: neuron-device-plugin
|
||||
rules:
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- nodes
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- events
|
||||
verbs:
|
||||
- create
|
||||
- patch
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- pods
|
||||
verbs:
|
||||
- update
|
||||
- patch
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- nodes/status
|
||||
verbs:
|
||||
- patch
|
||||
- update
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: neuron-device-plugin
|
||||
namespace: kube-system
|
||||
---
|
||||
kind: ClusterRoleBinding
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
name: neuron-device-plugin
|
||||
namespace: kube-system
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: neuron-device-plugin
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: neuron-device-plugin
|
||||
namespace: kube-system
|
||||
{{- end }}
|
||||
@ -155,35 +155,12 @@ fuseDevicePlugin:
|
||||
name: public.ecr.aws/zero-downtime/fuse-device-plugin
|
||||
tag: v1.2.0
|
||||
|
||||
neuron-helm-chart:
|
||||
awsNeuron:
|
||||
enabled: false
|
||||
|
||||
npd:
|
||||
enabled: false
|
||||
|
||||
devicePlugin:
|
||||
tolerations:
|
||||
- key: CriticalAddonsOnly
|
||||
operator: Exists
|
||||
- key: aws.amazon.com/neuron
|
||||
operator: Exists
|
||||
effect: NoSchedule
|
||||
- key: kubezero-workergroup
|
||||
effect: NoSchedule
|
||||
operator: Exists
|
||||
|
||||
volumeMounts:
|
||||
- name: device-plugin
|
||||
mountPath: /var/lib/kubelet/device-plugins
|
||||
- name: infa-map
|
||||
mountPath: /run
|
||||
volumes:
|
||||
- name: device-plugin
|
||||
hostPath:
|
||||
path: /var/lib/kubelet/device-plugins
|
||||
- name: infa-map
|
||||
hostPath:
|
||||
path: /run
|
||||
image:
|
||||
name: public.ecr.aws/neuron/neuron-device-plugin
|
||||
tag: 2.22.4.0
|
||||
|
||||
nvidia-device-plugin:
|
||||
enabled: false
|
||||
@ -201,6 +178,29 @@ nvidia-device-plugin:
|
||||
effect: NoSchedule
|
||||
operator: Exists
|
||||
|
||||
affinity:
|
||||
nodeAffinity:
|
||||
requiredDuringSchedulingIgnoredDuringExecution:
|
||||
nodeSelectorTerms:
|
||||
- matchExpressions:
|
||||
- key: "node.kubernetes.io/instance-type"
|
||||
operator: In
|
||||
values:
|
||||
- g5.xlarge
|
||||
- g5.2xlarge
|
||||
- g5.4xlarge
|
||||
- g5.8xlarge
|
||||
- g5.12xlarge
|
||||
- g5.16xlarge
|
||||
- g5.24xlarge
|
||||
- g5.48xlarge
|
||||
- g4dn.xlarge
|
||||
- g4dn.2xlarge
|
||||
- g4dn.4xlarge
|
||||
- g4dn.8xlarge
|
||||
- g4dn.12xlarge
|
||||
- g4dn.16xlarge
|
||||
|
||||
cluster-autoscaler:
|
||||
enabled: false
|
||||
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
# kubezero-argo
|
||||
|
||||
|
||||
|
||||
|
||||
KubeZero Argo - Events, Workflow, CD
|
||||
|
||||
@ -18,8 +18,8 @@ Kubernetes: `>= 1.26.0-0`
|
||||
|
||||
| Repository | Name | Version |
|
||||
|------------|------|---------|
|
||||
| https://argoproj.github.io/argo-helm | argo-cd | 7.7.7 |
|
||||
| https://argoproj.github.io/argo-helm | argo-events | 2.4.9 |
|
||||
| https://argoproj.github.io/argo-helm | argo-cd | 7.7.2 |
|
||||
| https://argoproj.github.io/argo-helm | argo-events | 2.4.8 |
|
||||
| https://argoproj.github.io/argo-helm | argocd-apps | 2.0.2 |
|
||||
| https://argoproj.github.io/argo-helm | argocd-image-updater | 0.11.2 |
|
||||
| https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.6 |
|
||||
@ -28,13 +28,12 @@ Kubernetes: `>= 1.26.0-0`
|
||||
|
||||
| Key | Type | Default | Description |
|
||||
|-----|------|---------|-------------|
|
||||
| argo-cd.configs.cm."application.resourceTrackingMethod" | string | `"annotation"` | |
|
||||
| argo-cd.configs.cm."resource.customizations" | string | `"cert-manager.io/Certificate:\n # Lua script for customizing the health status assessment\n health.lua: |\n hs = {}\n if obj.status ~= nil then\n if obj.status.conditions ~= nil then\n for i, condition in ipairs(obj.status.conditions) do\n if condition.type == \"Ready\" and condition.status == \"False\" then\n hs.status = \"Degraded\"\n hs.message = condition.message\n return hs\n end\n if condition.type == \"Ready\" and condition.status == \"True\" then\n hs.status = \"Healthy\"\n hs.message = condition.message\n return hs\n end\n end\n end\n end\n hs.status = \"Progressing\"\n hs.message = \"Waiting for certificate\"\n return hs\n"` | |
|
||||
| argo-cd.configs.cm."timeout.reconciliation" | string | `"300s"` | |
|
||||
| argo-cd.configs.cm."ui.bannercontent" | string | `"KubeZero v1.31 - Release notes"` | |
|
||||
| argo-cd.configs.cm."ui.bannercontent" | string | `"KubeZero v1.30 - Release notes"` | |
|
||||
| argo-cd.configs.cm."ui.bannerpermanent" | string | `"true"` | |
|
||||
| argo-cd.configs.cm."ui.bannerposition" | string | `"bottom"` | |
|
||||
| argo-cd.configs.cm."ui.bannerurl" | string | `"https://kubezero.com/releases/v1.31"` | |
|
||||
| argo-cd.configs.cm."ui.bannerurl" | string | `"https://kubezero.com/releases/v1.30"` | |
|
||||
| argo-cd.configs.cm.url | string | `"https://argocd.example.com"` | |
|
||||
| argo-cd.configs.params."controller.diff.server.side" | string | `"true"` | |
|
||||
| argo-cd.configs.params."controller.operation.processors" | string | `"5"` | |
|
||||
@ -52,9 +51,8 @@ Kubernetes: `>= 1.26.0-0`
|
||||
| argo-cd.dex.enabled | bool | `false` | |
|
||||
| argo-cd.enabled | bool | `false` | |
|
||||
| argo-cd.global.image.repository | string | `"public.ecr.aws/zero-downtime/zdt-argocd"` | |
|
||||
| argo-cd.global.image.tag | string | `"v2.13.1"` | |
|
||||
| argo-cd.global.image.tag | string | `"v2.12.4"` | |
|
||||
| argo-cd.global.logging.format | string | `"json"` | |
|
||||
| argo-cd.global.networkPolicy.create | bool | `true` | |
|
||||
| argo-cd.istio.enabled | bool | `false` | |
|
||||
| argo-cd.istio.gateway | string | `"istio-ingress/ingressgateway"` | |
|
||||
| argo-cd.istio.ipBlocks | list | `[]` | |
|
||||
|
||||
@ -66,10 +66,6 @@ argo-cd:
|
||||
|
||||
timeout.reconciliation: 300s
|
||||
|
||||
application.resourceTrackingMethod: annotation
|
||||
installationID: "KubeZero-ArgoCD"
|
||||
application.instanceLabelKey: Null
|
||||
|
||||
resource.customizations: |
|
||||
cert-manager.io/Certificate:
|
||||
# Lua script for customizing the health status assessment
|
||||
|
||||
@ -1,23 +0,0 @@
|
||||
# Patterns to ignore when building packages.
|
||||
# This supports shell glob matching, relative path matching, and
|
||||
# negation (prefixed with !). Only one pattern per line.
|
||||
.DS_Store
|
||||
# Common VCS dirs
|
||||
.git/
|
||||
.gitignore
|
||||
.bzr/
|
||||
.bzrignore
|
||||
.hg/
|
||||
.hgignore
|
||||
.svn/
|
||||
# Common backup files
|
||||
*.swp
|
||||
*.bak
|
||||
*.tmp
|
||||
*.orig
|
||||
*~
|
||||
# Various IDEs
|
||||
.project
|
||||
.idea/
|
||||
*.tmproj
|
||||
.vscode/
|
||||
@ -1,23 +0,0 @@
|
||||
apiVersion: v2
|
||||
name: kubezero-graph
|
||||
description: KubeZero GraphQL and GraphDB
|
||||
type: application
|
||||
version: 0.1.0
|
||||
home: https://kubezero.com
|
||||
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
||||
keywords:
|
||||
- kubezero
|
||||
- neo4j
|
||||
maintainers:
|
||||
- name: Stefan Reimer
|
||||
email: stefan@zero-downtime.net
|
||||
dependencies:
|
||||
- name: kubezero-lib
|
||||
version: ">= 0.2.1"
|
||||
repository: https://cdn.zero-downtime.net/charts/
|
||||
- name: neo4j
|
||||
version: 5.26.0
|
||||
repository: https://helm.neo4j.com/neo4j
|
||||
condition: neo4j.enabled
|
||||
|
||||
kubeVersion: ">= 1.29.0-0"
|
||||
@ -1,44 +0,0 @@
|
||||
# kubezero-graph
|
||||
|
||||
 
|
||||
|
||||
KubeZero GraphQL and GraphDB
|
||||
|
||||
**Homepage:** <https://kubezero.com>
|
||||
|
||||
## Maintainers
|
||||
|
||||
| Name | Email | Url |
|
||||
| ---- | ------ | --- |
|
||||
| Stefan Reimer | <stefan@zero-downtime.net> | |
|
||||
|
||||
## Requirements
|
||||
|
||||
Kubernetes: `>= 1.29.0-0`
|
||||
|
||||
| Repository | Name | Version |
|
||||
|------------|------|---------|
|
||||
| https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.2.1 |
|
||||
| https://helm.neo4j.com/neo4j | neo4j | 5.26.0 |
|
||||
|
||||
## Values
|
||||
|
||||
| Key | Type | Default | Description |
|
||||
|-----|------|---------|-------------|
|
||||
| neo4j.disableLookups | bool | `true` | |
|
||||
| neo4j.enabled | bool | `false` | |
|
||||
| neo4j.neo4j.name | string | `"test-db"` | |
|
||||
| neo4j.serviceMonitor.enabled | bool | `false` | |
|
||||
| neo4j.services.neo4j.enabled | bool | `false` | |
|
||||
| neo4j.volumes.data.mode | string | `"defaultStorageClass"` | |
|
||||
|
||||
# Dashboards
|
||||
https://grafana.com/grafana/dashboards/11835
|
||||
|
||||
## Redis
|
||||
|
||||
# Resources
|
||||
- https://ot-container-kit.github.io/redis-operator/
|
||||
- https://github.com/helm/charts/tree/master/stable/redis
|
||||
- https://github.com/rustudorcalin/deploying-redis-cluster
|
||||
-
|
||||
@ -1,27 +0,0 @@
|
||||
{{ template "chart.header" . }}
|
||||
{{ template "chart.deprecationWarning" . }}
|
||||
|
||||
{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }}
|
||||
|
||||
{{ template "chart.description" . }}
|
||||
|
||||
{{ template "chart.homepageLine" . }}
|
||||
|
||||
{{ template "chart.maintainersSection" . }}
|
||||
|
||||
{{ template "chart.sourcesSection" . }}
|
||||
|
||||
{{ template "chart.requirementsSection" . }}
|
||||
|
||||
{{ template "chart.valuesSection" . }}
|
||||
|
||||
# Dashboards
|
||||
https://grafana.com/grafana/dashboards/11835
|
||||
|
||||
## Redis
|
||||
|
||||
# Resources
|
||||
- https://ot-container-kit.github.io/redis-operator/
|
||||
- https://github.com/helm/charts/tree/master/stable/redis
|
||||
- https://github.com/rustudorcalin/deploying-redis-cluster
|
||||
-
|
||||
@ -1,9 +0,0 @@
|
||||
#!/bin/bash
|
||||
set -ex
|
||||
|
||||
. ../../scripts/lib-update.sh
|
||||
|
||||
#login_ecr_public
|
||||
update_helm
|
||||
|
||||
update_docs
|
||||
@ -1,18 +0,0 @@
|
||||
neo4j:
|
||||
enabled: false
|
||||
|
||||
disableLookups: true
|
||||
|
||||
neo4j:
|
||||
name: test-db
|
||||
|
||||
volumes:
|
||||
data:
|
||||
mode: defaultStorageClass
|
||||
|
||||
services:
|
||||
neo4j:
|
||||
enabled: false
|
||||
|
||||
serviceMonitor:
|
||||
enabled: false
|
||||
@ -2,7 +2,7 @@ apiVersion: v2
|
||||
name: kubezero-istio
|
||||
description: KubeZero Umbrella Chart for Istio
|
||||
type: application
|
||||
version: 0.23.2
|
||||
version: 0.23.3
|
||||
home: https://kubezero.com
|
||||
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
||||
keywords:
|
||||
@ -16,10 +16,10 @@ dependencies:
|
||||
version: ">= 0.1.6"
|
||||
repository: https://cdn.zero-downtime.net/charts/
|
||||
- name: base
|
||||
version: 1.23.2
|
||||
version: 1.24.2
|
||||
repository: https://istio-release.storage.googleapis.com/charts
|
||||
- name: istiod
|
||||
version: 1.23.2
|
||||
version: 1.24.2
|
||||
repository: https://istio-release.storage.googleapis.com/charts
|
||||
- name: kiali-server
|
||||
version: "1.89.7"
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
apiVersion: v2
|
||||
name: kubezero-cache
|
||||
description: KubeZero Cache module
|
||||
name: kubezero-keyvalue
|
||||
description: KubeZero KeyValue Module
|
||||
type: application
|
||||
version: 0.1.0
|
||||
home: https://kubezero.com
|
||||
@ -14,7 +14,7 @@ maintainers:
|
||||
email: stefan@zero-downtime.net
|
||||
dependencies:
|
||||
- name: kubezero-lib
|
||||
version: ">= 0.2.1"
|
||||
version: ">= 0.1.6"
|
||||
repository: https://cdn.zero-downtime.net/charts/
|
||||
- name: redis
|
||||
version: 20.0.3
|
||||
@ -25,4 +25,4 @@ dependencies:
|
||||
repository: https://charts.bitnami.com/bitnami
|
||||
condition: redis-cluster.enabled
|
||||
|
||||
kubeVersion: ">= 1.29.0-0"
|
||||
kubeVersion: ">= 1.26.0"
|
||||
@ -1,8 +1,8 @@
|
||||
# kubezero-cache
|
||||
# kubezero-keyvalue
|
||||
|
||||
 
|
||||
|
||||
KubeZero Cache module
|
||||
KubeZero KeyValue Module
|
||||
|
||||
**Homepage:** <https://kubezero.com>
|
||||
|
||||
@ -14,11 +14,11 @@ KubeZero Cache module
|
||||
|
||||
## Requirements
|
||||
|
||||
Kubernetes: `>= 1.29.0-0`
|
||||
Kubernetes: `>= 1.26.0`
|
||||
|
||||
| Repository | Name | Version |
|
||||
|------------|------|---------|
|
||||
| https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.2.1 |
|
||||
| https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.6 |
|
||||
| https://charts.bitnami.com/bitnami | redis | 20.0.3 |
|
||||
| https://charts.bitnami.com/bitnami | redis-cluster | 11.0.2 |
|
||||
|
||||
@ -2,7 +2,7 @@ apiVersion: v2
|
||||
name: kubezero-network
|
||||
description: KubeZero umbrella chart for all things network
|
||||
type: application
|
||||
version: 0.5.6
|
||||
version: 0.5.5
|
||||
home: https://kubezero.com
|
||||
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
||||
keywords:
|
||||
@ -19,11 +19,11 @@ dependencies:
|
||||
version: ">= 0.1.6"
|
||||
repository: https://cdn.zero-downtime.net/charts/
|
||||
- name: cilium
|
||||
version: 1.16.5
|
||||
version: 1.16.3
|
||||
repository: https://helm.cilium.io/
|
||||
condition: cilium.enabled
|
||||
- name: metallb
|
||||
version: 0.14.9
|
||||
version: 0.14.8
|
||||
repository: https://metallb.github.io/metallb
|
||||
condition: metallb.enabled
|
||||
- name: haproxy
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
# kubezero-network
|
||||
|
||||
 
|
||||
 
|
||||
|
||||
KubeZero umbrella chart for all things network
|
||||
|
||||
@ -20,8 +20,8 @@ Kubernetes: `>= 1.26.0`
|
||||
|------------|------|---------|
|
||||
| https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.6 |
|
||||
| https://haproxytech.github.io/helm-charts | haproxy | 1.23.0 |
|
||||
| https://helm.cilium.io/ | cilium | 1.16.5 |
|
||||
| https://metallb.github.io/metallb | metallb | 0.14.9 |
|
||||
| https://helm.cilium.io/ | cilium | 1.16.3 |
|
||||
| https://metallb.github.io/metallb | metallb | 0.14.8 |
|
||||
|
||||
## Values
|
||||
|
||||
|
||||
File diff suppressed because one or more lines are too long
@ -29,22 +29,18 @@ cloudnative-pg:
|
||||
strimzi-kafka-operator:
|
||||
enabled: false
|
||||
|
||||
revisionHistoryLimit: 2
|
||||
revisionHistoryLimit: 3
|
||||
watchAnyNamespace: true
|
||||
|
||||
leaderElection:
|
||||
enable: false
|
||||
|
||||
# extraEnvs:
|
||||
# - name: JAVA_OPTS
|
||||
# value: "-XX:MaxRAMPercentage=75 -XX:+UseParallelGC -XX:ActiveProcessorCount=2"
|
||||
|
||||
# resources:
|
||||
# requests:
|
||||
# cpu: 10m
|
||||
# memory: 256Mi
|
||||
# limits:
|
||||
# memory: 256Mi
|
||||
resources:
|
||||
requests:
|
||||
cpu: 20m
|
||||
memory: 256Mi
|
||||
limits:
|
||||
memory: 384Mi
|
||||
|
||||
monitoring:
|
||||
podMonitorEnabled: false
|
||||
|
||||
@ -36,7 +36,7 @@ addons:
|
||||
network:
|
||||
enabled: true
|
||||
retain: true
|
||||
targetRevision: 0.5.6
|
||||
targetRevision: 0.5.5
|
||||
cilium:
|
||||
cluster: {}
|
||||
|
||||
|
||||
@ -1,16 +1,15 @@
|
||||
#  KubeZero 1.31 - Elli
|
||||
|
||||
## What's new - Major themes
|
||||
- all KubeZero and support AMIs based on [Alpine 3.21](https://alpinelinux.org/posts/Alpine-3.21.0-released.html)
|
||||
- network policies for ArgoCD
|
||||
- all KubeZero and support AMIs based on Alpine 3.21
|
||||
|
||||
## Features and fixes
|
||||
- ArgoCD now tracks ownership by annotations rather than labels
|
||||
|
||||
## Version upgrades
|
||||
<WIP>
|
||||
- cilium 1.16.3
|
||||
- istio 1.22.3
|
||||
- ArgoCD 2.13.1 [custom ZDT image](https://git.zero-downtime.net/ZeroDownTime/zdt-argocd)
|
||||
- ArgoCD 2.13.0 [custom ZDT image](https://git.zero-downtime.net/ZeroDownTime/zdt-argocd)
|
||||
- Prometheus 2.55.1 / Grafana 11.3.0
|
||||
- Nvidia container toolkit 1.17, drivers 565.57.01, Cuda 12.7
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user