203 lines
6.0 KiB
YAML
203 lines
6.0 KiB
YAML
{{- define "addons-values" }}
|
|
clusterBackup:
|
|
enabled: {{ ternary "true" "false" (or (hasKey .Values.global.aws "region") .Values.addons.clusterBackup.enabled) }}
|
|
|
|
{{- with omit .Values.addons.clusterBackup "enabled" }}
|
|
{{- toYaml . | nindent 2 }}
|
|
{{- end }}
|
|
|
|
{{- if eq .Values.global.platform "aws" }}
|
|
# AWS
|
|
extraEnv:
|
|
- name: AWS_DEFAULT_REGION
|
|
value: {{ .Values.global.aws.region }}
|
|
{{- end }}
|
|
|
|
forseti:
|
|
enabled: {{ ternary "true" "false" (or (hasKey .Values.global.aws "region") .Values.addons.forseti.enabled) }}
|
|
|
|
{{- with omit .Values.addons.forseti "enabled" }}
|
|
{{- toYaml . | nindent 2 }}
|
|
{{- end }}
|
|
|
|
{{- if eq .Values.global.platform "aws" }}
|
|
# AWS
|
|
aws:
|
|
region: {{ $.Values.global.aws.region }}
|
|
iamRoleArn: "arn:aws:iam::{{ .Values.global.aws.accountId }}:role/{{ .Values.global.aws.region }}.{{ .Values.global.clusterName }}.kubezeroForseti"
|
|
{{- end }}
|
|
|
|
external-dns:
|
|
enabled: {{ ternary "true" "false" (or (hasKey .Values.global.aws "region") (index .Values "addons" "external-dns" "enabled")) }}
|
|
|
|
{{- with omit (index .Values "addons" "external-dns") "enabled" }}
|
|
{{- toYaml . | nindent 2 }}
|
|
{{- end }}
|
|
|
|
{{- if eq .Values.global.platform "aws" }}
|
|
# AWS
|
|
txtOwnerId: {{ .Values.global.clusterName }}
|
|
provider: aws
|
|
extraArgs:
|
|
- "--aws-zone-type=public"
|
|
- "--aws-zones-cache-duration=1h"
|
|
env:
|
|
- name: AWS_ROLE_ARN
|
|
value: "arn:aws:iam::{{ .Values.global.aws.accountId }}:role/{{ .Values.global.aws.region }}.{{ .Values.global.clusterName }}.externalDNS"
|
|
- name: AWS_WEB_IDENTITY_TOKEN_FILE
|
|
value: "/var/run/secrets/sts.amazonaws.com/serviceaccount/token"
|
|
- name: AWS_STS_REGIONAL_ENDPOINTS
|
|
value: "regional"
|
|
- name: METADATA_TRIES
|
|
value: "0"
|
|
extraVolumes:
|
|
- name: aws-token
|
|
projected:
|
|
sources:
|
|
- serviceAccountToken:
|
|
path: token
|
|
expirationSeconds: 86400
|
|
audience: "sts.amazonaws.com"
|
|
extraVolumeMounts:
|
|
- name: aws-token
|
|
mountPath: "/var/run/secrets/sts.amazonaws.com/serviceaccount/"
|
|
readOnly: true
|
|
{{- end }}
|
|
|
|
cluster-autoscaler:
|
|
enabled: {{ ternary "true" "false" (or (hasKey .Values.global.aws "region") (index .Values "addons" "cluster-autoscaler" "enabled")) }}
|
|
|
|
autoDiscovery:
|
|
clusterName: {{ .Values.global.clusterName }}
|
|
|
|
{{- if not .Values.global.highAvailable }}
|
|
extraArgs:
|
|
leader-elect: false
|
|
{{- end }}
|
|
|
|
{{- with omit (index .Values "addons" "cluster-autoscaler") "enabled" }}
|
|
{{- toYaml . | nindent 2 }}
|
|
{{- end }}
|
|
|
|
{{- with .Values.metrics }}
|
|
serviceMonitor:
|
|
enabled: {{ .enabled }}
|
|
# Buggy atm due to integer vs. string issue
|
|
# prometheusRule:
|
|
# enabled: {{ .enabled }}
|
|
{{- end }}
|
|
|
|
{{- if eq .Values.global.platform "aws" }}
|
|
# AWS
|
|
awsRegion: {{ .Values.global.aws.region }}
|
|
|
|
extraEnv:
|
|
AWS_ROLE_ARN: "arn:aws:iam::{{ .Values.global.aws.accountId }}:role/{{ .Values.global.aws.region }}.{{ .Values.global.clusterName }}.clusterAutoScaler"
|
|
AWS_WEB_IDENTITY_TOKEN_FILE: "/var/run/secrets/sts.amazonaws.com/serviceaccount/token"
|
|
AWS_STS_REGIONAL_ENDPOINTS: "regional"
|
|
extraVolumes:
|
|
- name: aws-token
|
|
projected:
|
|
sources:
|
|
- serviceAccountToken:
|
|
path: token
|
|
expirationSeconds: 86400
|
|
audience: "sts.amazonaws.com"
|
|
extraVolumeMounts:
|
|
- name: aws-token
|
|
mountPath: "/var/run/secrets/sts.amazonaws.com/serviceaccount/"
|
|
readOnly: true
|
|
{{- end }}
|
|
|
|
{{- with .Values.addons.fuseDevicePlugin }}
|
|
fuseDevicePlugin:
|
|
{{- toYaml . | nindent 2 }}
|
|
{{- end }}
|
|
|
|
{{- with index .Values "addons" "nvidia-device-plugin" }}
|
|
nvidia-device-plugin:
|
|
{{- toYaml . | nindent 2 }}
|
|
{{- end }}
|
|
|
|
{{- with index .Values "addons" "sealed-secrets" }}
|
|
sealed-secrets:
|
|
{{- toYaml . | nindent 2 }}
|
|
|
|
{{- with $.Values.metrics }}
|
|
metrics:
|
|
serviceMonitor:
|
|
enabled: {{ .enabled }}
|
|
{{- end }}
|
|
{{- end }}
|
|
|
|
{{- with index .Values "addons" "py-kube-downscaler" }}
|
|
py-kube-downscaler:
|
|
{{- toYaml . | nindent 2 }}
|
|
{{- end }}
|
|
|
|
# AWS only
|
|
{{- if eq .Values.global.platform "aws" }}
|
|
aws-node-termination-handler:
|
|
enabled: {{ default "true" (index .Values "addons" "aws-node-termination-handler" "enabled") }}
|
|
|
|
{{- with omit (index .Values "addons" "aws-node-termination-handler") "enabled" }}
|
|
{{- toYaml . | nindent 2 }}
|
|
{{- end }}
|
|
|
|
{{- with .Values.metrics }}
|
|
enablePrometheusServer: {{ .enabled }}
|
|
{{- end }}
|
|
|
|
queueURL: "https://sqs.{{ .Values.global.aws.region }}.amazonaws.com/{{ .Values.global.aws.accountId }}/{{ .Values.global.clusterName }}_Nth"
|
|
managedTag: "zdt:kubezero:nth:{{ .Values.global.clusterName }}"
|
|
extraEnv:
|
|
- name: AWS_ROLE_ARN
|
|
value: "arn:aws:iam::{{ .Values.global.aws.accountId }}:role/{{ .Values.global.aws.region }}.{{ .Values.global.clusterName }}.awsNth"
|
|
- name: AWS_WEB_IDENTITY_TOKEN_FILE
|
|
value: "/var/run/secrets/sts.amazonaws.com/serviceaccount/token"
|
|
- name: AWS_STS_REGIONAL_ENDPOINTS
|
|
value: "regional"
|
|
- name: METADATA_TRIES
|
|
value: "0"
|
|
|
|
aws-eks-asg-rolling-update-handler:
|
|
enabled: {{ default "true" (index .Values "addons" "aws-eks-asg-rolling-update-handler" "enabled") }}
|
|
|
|
{{- with omit (index .Values "addons" "aws-eks-asg-rolling-update-handler") "enabled" }}
|
|
{{- toYaml . | nindent 2 }}
|
|
{{- end }}
|
|
|
|
environmentVars:
|
|
- name: CLUSTER_NAME
|
|
value: {{ .Values.global.clusterName }}
|
|
- name: AWS_REGION
|
|
value: {{ .Values.global.aws.region }}
|
|
- name: EXECUTION_INTERVAL
|
|
value: "60"
|
|
- name: METRICS
|
|
value: "{{ .Values.metrics.enabled }}"
|
|
- name: EAGER_CORDONING
|
|
value: "true"
|
|
- name: SLOW_MODE
|
|
value: "true"
|
|
- name: AWS_ROLE_ARN
|
|
value: "arn:aws:iam::{{ .Values.global.aws.accountId }}:role/{{ .Values.global.aws.region }}.{{ .Values.global.clusterName }}.awsRuh"
|
|
- name: AWS_WEB_IDENTITY_TOKEN_FILE
|
|
value: "/var/run/secrets/sts.amazonaws.com/serviceaccount/token"
|
|
- name: AWS_STS_REGIONAL_ENDPOINTS
|
|
value: "regional"
|
|
|
|
{{- with .Values.addons.awsNeuron }}
|
|
awsNeuron:
|
|
{{- toYaml . | nindent 2 }}
|
|
{{- end }}
|
|
|
|
{{- end }}
|
|
|
|
{{- end }}
|
|
|
|
{{- define "addons-argo" }}
|
|
{{- end }}
|
|
|
|
{{ include "kubezero-app.app" . }}
|