feat: set network pullpolicy to Never, fix for cert-manager on AWS, doc updates

2024-08-29 12:49:31 +00:00 · 2024-08-29 12:49:31 +00:00 · 0fddeed052
commit 0fddeed052
parent 48e58c00ce
5 changed files with 10 additions and 6 deletions
--- a/charts/kubezero-ci/README.md
+++ b/charts/kubezero-ci/README.md
@ -1,6 +1,6 @@
 # kubezero-ci

-![Version: 0.8.15](https://img.shields.io/badge/Version-0.8.15-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
+![Version: 0.8.16](https://img.shields.io/badge/Version-0.8.16-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)

 KubeZero umbrella chart for all things CI

@ -22,7 +22,7 @@ Kubernetes: `>= 1.25.0`
 | https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.6 |
 | https://charts.jenkins.io | jenkins | 5.5.8 |
 | https://dl.gitea.io/charts/ | gitea | 10.4.0 |
-| https://docs.renovatebot.com/helm-charts | renovate | 37.440.7 |
+| https://docs.renovatebot.com/helm-charts | renovate | 38.57.0 |

 # Jenkins
 - default build retention 10 builds, 32days
--- a/charts/kubezero-istio-gateway/README.md.gotmpl
+++ b/charts/kubezero-istio-gateway/README.md.gotmpl
@ -19,6 +19,5 @@ Installs Istio Ingress Gateways, requires kubezero-istio to be installed !

 ## Resources

- https://istio.io/latest/docs/reference/config/istio.operator.v1alpha1/#IstioOperatorSpec
- https://github.com/istio/istio/blob/master/manifests/profiles/default.yaml
- https://istio.io/latest/docs/setup/install/standalone-operator/
+- https://github.com/cilium/cilium/blob/main/operator/pkg/model/translation/envoy_listener.go#L134
+
--- a/charts/kubezero-network/templates/multus/daemonset.yaml
+++ b/charts/kubezero-network/templates/multus/daemonset.yaml
@ -28,6 +28,8 @@ spec:
      containers:
      - name: kube-multus
        image: {{ .Values.multus.image.repository }}:{{ .Values.multus.image.tag }}
+        # Always used cached images
+        imagePullPolicy: Never
        command: ["/entrypoint.sh"]
        args:
        - "--multus-conf-file=/tmp/multus-conf/00-multus.conf"
@ -45,6 +47,7 @@ spec:
          privileged: true
          capabilities:
            add: ["SYS_ADMIN"]
+        terminationMessagePolicy: FallbackToLogsOnError
        volumeMounts:
        - name: run
          mountPath: /run
--- a/charts/kubezero-network/values.yaml
+++ b/charts/kubezero-network/values.yaml
@ -27,9 +27,10 @@ multus:
 cilium:
  enabled: false

-  # breaks preloaded images otherwise
+  # Always use cached images
  image:
    useDigest: false
+    pullPolicy: Never

  resources:
    requests:
--- a/charts/kubezero/templates/addons.yaml
+++ b/charts/kubezero/templates/addons.yaml
@ -181,6 +181,7 @@ aws-eks-asg-rolling-update-handler:
    - name: AWS_WEB_IDENTITY_TOKEN_FILE
      value: "/var/run/secrets/sts.amazonaws.com/serviceaccount/token"
    - name: AWS_STS_REGIONAL_ENDPOINTS
+      value: "regional"
 {{- end }}

 {{- end }}