KubeZero/charts/kubezero/templates/addons.yaml

203 lines
6.0 KiB
YAML

{{- define "addons-values" }}
clusterBackup:
enabled: {{ ternary "true" "false" (or (hasKey .Values.global.aws "region") .Values.addons.clusterBackup.enabled) }}
{{- with omit .Values.addons.clusterBackup "enabled" }}
{{- toYaml . | nindent 2 }}
{{- end }}
{{- if eq .Values.global.platform "aws" }}
# AWS
extraEnv:
- name: AWS_DEFAULT_REGION
value: {{ .Values.global.aws.region }}
{{- end }}
forseti:
enabled: {{ ternary "true" "false" (or (hasKey .Values.global.aws "region") .Values.addons.forseti.enabled) }}
{{- with omit .Values.addons.forseti "enabled" }}
{{- toYaml . | nindent 2 }}
{{- end }}
{{- if eq .Values.global.platform "aws" }}
# AWS
aws:
region: {{ $.Values.global.aws.region }}
iamRoleArn: "arn:aws:iam::{{ .Values.global.aws.accountId }}:role/{{ .Values.global.aws.region }}.{{ .Values.global.clusterName }}.kubezeroForseti"
{{- end }}
external-dns:
enabled: {{ ternary "true" "false" (or (hasKey .Values.global.aws "region") (index .Values "addons" "external-dns" "enabled")) }}
{{- with omit (index .Values "addons" "external-dns") "enabled" }}
{{- toYaml . | nindent 2 }}
{{- end }}
{{- if eq .Values.global.platform "aws" }}
# AWS
txtOwnerId: {{ .Values.global.clusterName }}
provider: aws
extraArgs:
- "--aws-zone-type=public"
- "--aws-zones-cache-duration=1h"
env:
- name: AWS_ROLE_ARN
value: "arn:aws:iam::{{ .Values.global.aws.accountId }}:role/{{ .Values.global.aws.region }}.{{ .Values.global.clusterName }}.externalDNS"
- name: AWS_WEB_IDENTITY_TOKEN_FILE
value: "/var/run/secrets/sts.amazonaws.com/serviceaccount/token"
- name: AWS_STS_REGIONAL_ENDPOINTS
value: "regional"
- name: METADATA_TRIES
value: "0"
extraVolumes:
- name: aws-token
projected:
sources:
- serviceAccountToken:
path: token
expirationSeconds: 86400
audience: "sts.amazonaws.com"
extraVolumeMounts:
- name: aws-token
mountPath: "/var/run/secrets/sts.amazonaws.com/serviceaccount/"
readOnly: true
{{- end }}
cluster-autoscaler:
enabled: {{ ternary "true" "false" (or (hasKey .Values.global.aws "region") (index .Values "addons" "cluster-autoscaler" "enabled")) }}
autoDiscovery:
clusterName: {{ .Values.global.clusterName }}
{{- if not .Values.global.highAvailable }}
extraArgs:
leader-elect: false
{{- end }}
{{- with omit (index .Values "addons" "cluster-autoscaler") "enabled" }}
{{- toYaml . | nindent 2 }}
{{- end }}
{{- with .Values.metrics }}
serviceMonitor:
enabled: {{ .enabled }}
# Buggy atm due to integer vs. string issue
# prometheusRule:
# enabled: {{ .enabled }}
{{- end }}
{{- if eq .Values.global.platform "aws" }}
# AWS
awsRegion: {{ .Values.global.aws.region }}
extraEnv:
AWS_ROLE_ARN: "arn:aws:iam::{{ .Values.global.aws.accountId }}:role/{{ .Values.global.aws.region }}.{{ .Values.global.clusterName }}.clusterAutoScaler"
AWS_WEB_IDENTITY_TOKEN_FILE: "/var/run/secrets/sts.amazonaws.com/serviceaccount/token"
AWS_STS_REGIONAL_ENDPOINTS: "regional"
extraVolumes:
- name: aws-token
projected:
sources:
- serviceAccountToken:
path: token
expirationSeconds: 86400
audience: "sts.amazonaws.com"
extraVolumeMounts:
- name: aws-token
mountPath: "/var/run/secrets/sts.amazonaws.com/serviceaccount/"
readOnly: true
{{- end }}
{{- with .Values.addons.fuseDevicePlugin }}
fuseDevicePlugin:
{{- toYaml . | nindent 2 }}
{{- end }}
{{- with index .Values "addons" "nvidia-device-plugin" }}
nvidia-device-plugin:
{{- toYaml . | nindent 2 }}
{{- end }}
{{- with index .Values "addons" "sealed-secrets" }}
sealed-secrets:
{{- toYaml . | nindent 2 }}
{{- with $.Values.metrics }}
metrics:
serviceMonitor:
enabled: {{ .enabled }}
{{- end }}
{{- end }}
{{- with index .Values "addons" "py-kube-downscaler" }}
py-kube-downscaler:
{{- toYaml . | nindent 2 }}
{{- end }}
# AWS only
{{- if eq .Values.global.platform "aws" }}
aws-node-termination-handler:
enabled: {{ default "true" (index .Values "addons" "aws-node-termination-handler" "enabled") }}
{{- with omit (index .Values "addons" "aws-node-termination-handler") "enabled" }}
{{- toYaml . | nindent 2 }}
{{- end }}
{{- with .Values.metrics }}
enablePrometheusServer: {{ .enabled }}
{{- end }}
queueURL: "https://sqs.{{ .Values.global.aws.region }}.amazonaws.com/{{ .Values.global.aws.accountId }}/{{ .Values.global.clusterName }}_Nth"
managedTag: "zdt:kubezero:nth:{{ .Values.global.clusterName }}"
extraEnv:
- name: AWS_ROLE_ARN
value: "arn:aws:iam::{{ .Values.global.aws.accountId }}:role/{{ .Values.global.aws.region }}.{{ .Values.global.clusterName }}.awsNth"
- name: AWS_WEB_IDENTITY_TOKEN_FILE
value: "/var/run/secrets/sts.amazonaws.com/serviceaccount/token"
- name: AWS_STS_REGIONAL_ENDPOINTS
value: "regional"
- name: METADATA_TRIES
value: "0"
aws-eks-asg-rolling-update-handler:
enabled: {{ default "true" (index .Values "addons" "aws-eks-asg-rolling-update-handler" "enabled") }}
{{- with omit (index .Values "addons" "aws-eks-asg-rolling-update-handler") "enabled" }}
{{- toYaml . | nindent 2 }}
{{- end }}
environmentVars:
- name: CLUSTER_NAME
value: {{ .Values.global.clusterName }}
- name: AWS_REGION
value: {{ .Values.global.aws.region }}
- name: EXECUTION_INTERVAL
value: "60"
- name: METRICS
value: "{{ .Values.metrics.enabled }}"
- name: EAGER_CORDONING
value: "true"
- name: SLOW_MODE
value: "true"
- name: AWS_ROLE_ARN
value: "arn:aws:iam::{{ .Values.global.aws.accountId }}:role/{{ .Values.global.aws.region }}.{{ .Values.global.clusterName }}.awsRuh"
- name: AWS_WEB_IDENTITY_TOKEN_FILE
value: "/var/run/secrets/sts.amazonaws.com/serviceaccount/token"
- name: AWS_STS_REGIONAL_ENDPOINTS
value: "regional"
{{- with .Values.addons.awsNeuron }}
awsNeuron:
{{- toYaml . | nindent 2 }}
{{- end }}
{{- end }}
{{- end }}
{{- define "addons-argo" }}
{{- end }}
{{ include "kubezero-app.app" . }}