feat: Remove TC, add Jenkins to CI, bugfixes for 1.21

charts/kubezero-addons/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 name: kubezero-addons
 description: KubeZero umbrella chart for various optional cluster addons
 type: application
-version: 0.2.2
+version: 0.2.3
 home: https://kubezero.com
 icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
 keywords:

charts/kubezero-addons/templates/cluster-backup/secret.yaml

@@ -1,4 +1,4 @@
-{{- if .Values.clusterBackup.enabled }}
+{{- if and .Values.clusterBackup.enabled .Values.clusterBackup.repository }}
 apiVersion: v1
 kind: Secret
 metadata:

charts/kubezero-ci/Chart.yaml

@@ -2,17 +2,17 @@ apiVersion: v2
 name: kubezero-ci
 description: KubeZero umbrella chart for all things CI
 type: application
-version: 0.2.5
+version: 0.3.0
 home: https://kubezero.com
 icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
 keywords:
   - kubezero
   - jenkins
   - goCD
-  - teamcity
   - gitea
 maintainers:
-  - name: Quarky9
+  - name: Stefan Reimer
+    email: stefan@zero-downtime.net
 dependencies:
   - name: kubezero-lib
     version: ">= 0.1.4"
@@ -25,8 +25,9 @@ dependencies:
     version: 4.1.1
     repository: https://dl.gitea.io/charts/
     condition: gitea.enabled
-  - name: teamcity
+  - name: jenkins
-    version: 0.1.0
+    version: 3.9.4
-    condition: teamcity.enabled
+    repository: https://charts.jenkins.io
+    condition: jenkins.enabled
 
-kubeVersion: ">= 1.18.0"
+kubeVersion: ">= 1.20.0"

charts/kubezero-ci/charts/teamcity/Chart.yaml

@@ -1,18 +0,0 @@
-apiVersion: v2
-name: teamcity
-description: A Helm chart to install a simple TeamCity installation
-type: application
-version: 0.1.0
-appVersion: "2021.2"
-home: https://kubezero.com
-icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
-keywords:
-  - kubezero
-  - teamcity
-maintainers:
-  - name: Quarky9
-dependencies:
-  - name: kubezero-lib
-    version: ">= 0.1.4"
-    repository: https://cdn.zero-downtime.net/charts/
-kubeVersion: ">= 1.18.0"

charts/kubezero-ci/charts/teamcity/templates/_helpers.tpl

@@ -1,62 +0,0 @@
-{{/*
-Expand the name of the chart.
-*/}}
-{{- define "teamcity.name" -}}
-{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
-{{- end }}
-
-{{/*
-Create a default fully qualified app name.
-We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
-If release name contains chart name it will be used as a full name.
-*/}}
-{{- define "teamcity.fullname" -}}
-{{- if .Values.fullnameOverride }}
-{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
-{{- else }}
-{{- $name := default .Chart.Name .Values.nameOverride }}
-{{- if contains $name .Release.Name }}
-{{- .Release.Name | trunc 63 | trimSuffix "-" }}
-{{- else }}
-{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
-{{- end }}
-{{- end }}
-{{- end }}
-
-{{/*
-Create chart name and version as used by the chart label.
-*/}}
-{{- define "teamcity.chart" -}}
-{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
-{{- end }}
-
-{{/*
-Common labels
-*/}}
-{{- define "teamcity.labels" -}}
-helm.sh/chart: {{ include "teamcity.chart" . }}
-{{ include "teamcity.selectorLabels" . }}
-{{- if .Chart.AppVersion }}
-app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
-{{- end }}
-app.kubernetes.io/managed-by: {{ .Release.Service }}
-{{- end }}
-
-{{/*
-Selector labels
-*/}}
-{{- define "teamcity.selectorLabels" -}}
-app.kubernetes.io/name: {{ include "teamcity.name" . }}
-app.kubernetes.io/instance: {{ .Release.Name }}
-{{- end }}
-
-{{/*
-Create the name of the service account to use
-*/}}
-{{- define "teamcity.serviceAccountName" -}}
-{{- if .Values.serviceAccount.create }}
-{{- default (include "teamcity.fullname" .) .Values.serviceAccount.name }}
-{{- else }}
-{{- default "default" .Values.serviceAccount.name }}
-{{- end }}
-{{- end }}

charts/kubezero-ci/charts/teamcity/templates/agent.yaml

@@ -1,50 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: {{ include "teamcity.fullname" . }}-agent
-  labels:
-    {{- include "kubezero-lib.labels" . | nindent 4 }}
-spec:
-  replicas: {{ .Values.agentReplicaCount }}
-  selector:
-    matchLabels:
-      app.kubernetes.io/instance: teamcity-agent
-      app.kubernetes.io/name: teamcity
-  template:
-    metadata:
-      labels:
-        app.kubernetes.io/instance: teamcity-agent
-        app.kubernetes.io/name: teamcity
-    spec:
-      # serviceAccountName: {{ include "teamcity.serviceAccountName" . }}
-      securityContext:
-        {{- toYaml .Values.podSecurityContext | nindent 8 }}
-      containers:
-      - name: "{{ .Chart.Name }}-agent"
-        securityContext:
-          {{- toYaml .Values.securityContext | nindent 10 }}
-        image: "{{ .Values.image.agent.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
-        imagePullPolicy: {{ .Values.image.pullPolicy }}
-        env:
-        - name: SERVER_URL
-          value: "{{ include "teamcity.fullname" . }}:8111"
-        resources:
-          {{- toYaml .Values.resources | nindent 10 }}
-        volumeMounts:
-        - name: teamcity-config
-          mountPath: /data/teamcity_agent/conf
-      volumes:
-      - name: teamcity-config
-        emptyDir: {}
-      {{- with .Values.nodeSelector }}
-      nodeSelector:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.affinity }}
-      affinity:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.tolerations }}
-      tolerations:
-        {{- toYaml . | nindent 8 }}
-      {{- end -}}

charts/kubezero-ci/charts/teamcity/templates/istio-service.yaml

@@ -1,18 +0,0 @@
-{{- if .Values.istio.enabled }}
-apiVersion: networking.istio.io/v1beta1
-kind: VirtualService
-metadata:
-  name: {{ include "kubezero-lib.fullname" . }}
-  namespace: {{ .Release.Namespace }}
-  labels:
-    {{- include "kubezero-lib.labels" . | nindent 4 }}
-spec:
-  gateways:
-  - {{ .Values.istio.gateway }}
-  hosts:
-  - {{ .Values.istio.url }}
-  http:
-  - route:
-    - destination:
-        host: {{ include "teamcity.fullname" . }}
-{{- end }}

charts/kubezero-ci/charts/teamcity/templates/rbac.yaml

@@ -1,28 +0,0 @@
-{{- if .Values.rbac.create }}
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: {{ include "teamcity.fullname" . }}-manage-agents
-rules:
-- apiGroups: [""]
-  resources: ["namespaces"]
-  verbs: ["list", "get"]
-- apiGroups: [""]
-  resources: ["pods"]
-  verbs: ["get", "create", "list", "delete"]
-- apiGroups: ["extensions", "apps"]
-  resources: ["deployments"]
-  verbs: ["list", "get"]
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: {{ include "teamcity.fullname" . }}-manage-agents
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: {{ include "teamcity.fullname" . }}-manage-agents
-subjects:
-  - kind: ServiceAccount
-    name: {{ include "teamcity.serviceAccountName" . }}
-{{- end }}

charts/kubezero-ci/charts/teamcity/templates/server-pvc.yaml

@@ -1,33 +0,0 @@
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
-  name: {{ include "teamcity.fullname" . }}-data
-  labels:
-    {{- include "kubezero-lib.labels" . | nindent 4 }}
-spec:
-{{- if .Values.pvc.data.storageClass }}
-  storageClassName: {{ .Values.pvc.data.storageClass }}
-{{- end }}
-  accessModes:
-    - ReadWriteOnce
-  resources:
-    requests:
-      storage: {{ .Values.pvc.data.storageSize }}
-
----
-
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
-  name: {{ include "teamcity.fullname" . }}-logs
-  labels:
-    {{- include "kubezero-lib.labels" . | nindent 4 }}
-spec:
-{{- if .Values.pvc.logs.storageClass }}
-  storageClassName: {{ .Values.pvc.logs.storageClass }}
-{{- end }}
-  accessModes:
-    - ReadWriteOnce
-  resources:
-    requests:
-      storage: {{ .Values.pvc.logs.storageSize }}

charts/kubezero-ci/charts/teamcity/templates/server.yaml

@@ -1,63 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: {{ include "teamcity.fullname" . }}
-  labels:
-    {{- include "kubezero-lib.labels" . | nindent 4 }}
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      {{- include "kubezero-lib.selectorLabels" . | nindent 6 }}
-  template:
-    metadata:
-      labels:
-        {{- include "kubezero-lib.labels" . | nindent 8 }}
-    spec:
-      serviceAccountName: {{ include "teamcity.serviceAccountName" . }}
-      securityContext:
-        {{- toYaml .Values.podSecurityContext | nindent 8 }}
-      containers:
-      - name: {{ .Chart.Name }}
-        securityContext:
-          {{- toYaml .Values.securityContext | nindent 10 }}
-        image: "{{ .Values.image.server.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
-        imagePullPolicy: {{ .Values.image.pullPolicy }}
-        ports:
-        - name: app
-          containerPort: 8111
-          protocol: TCP
-        resources:
-          {{- toYaml .Values.resources | nindent 12 }}
-        volumeMounts:
-        - name: teamcity-data
-          mountPath: /data/teamcity_server/datadir
-        - name: teamcity-logs
-          mountPath: /opt/teamcity/logs
-      volumes:
-      - name: teamcity-data
-      {{- if .Values.pvc.data }}
-        persistentVolumeClaim:
-          claimName: {{ include "teamcity.fullname" . }}-data
-      {{- else }}
-        emptyDir: {}
-      {{- end }}
-      - name: teamcity-logs
-      {{- if .Values.pvc.logs }}
-        persistentVolumeClaim:
-          claimName: {{ include "teamcity.fullname" . }}-logs
-      {{- else }}
-        emptyDir: {}
-      {{- end -}}
-      {{- with .Values.nodeSelector }}
-      nodeSelector:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.affinity }}
-      affinity:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.tolerations }}
-      tolerations:
-        {{- toYaml . | nindent 8 }}
-      {{- end -}}

charts/kubezero-ci/charts/teamcity/templates/service.yaml

@@ -1,16 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: "{{ include "teamcity.fullname" . }}"
-  labels:
-    {{- include "kubezero-lib.labels" . | nindent 4 }}
-spec:
-  type: {{ .Values.service.type }}
-  ports:
-  - port: {{ .Values.service.port }}
-    protocol: TCP
-    targetPort: app
-    name: app
-  selector:
-    {{- include "kubezero-lib.selectorLabels" . | nindent 4 }}
-  sessionAffinity: None

charts/kubezero-ci/charts/teamcity/templates/serviceaccount.yaml

@@ -1,12 +0,0 @@
-{{- if .Values.serviceAccount.create -}}
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: {{ include "teamcity.serviceAccountName" . }}
-  labels:
-    {{- include "kubezero-lib.labels" . | nindent 4 }}
-  {{- with .Values.serviceAccount.annotations }}
-  annotations:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
-{{- end }}

charts/kubezero-ci/charts/teamcity/values.yaml

@@ -1,57 +0,0 @@
-# Default values for teamcity.
-
-agentReplicaCount: 0
-
-image:
-  server:
-    repository: jetbrains/teamcity-server
-  agent:
-    repository: jetbrains/teamcity-agent
-  tag: ""
-  pullPolicy: IfNotPresent
-
-pvc:
-  data:
-    #storageClass: default
-    storageSize: 4Gi
-  logs:
-    #storageClass: default
-    storageSize: 1Gi
-
-serviceAccount:
-  create: true
-  annotations: {}
-  name: ""
-
-rbac:
-  create: true
-
-podAnnotations: {}
-
-podSecurityContext:
-  fsGroup: 1000
-
-securityContext: {}
-
-service:
-  type: ClusterIP
-  port: 8111
-
-istio:
-  enabled: false
-  gateway: istio-ingress/private-ingressgateway
-  url: "" # tc.example.com
-
-resources: {}
-  # limits:
-  #   cpu: 100m
-  #   memory: 128Mi
-  # requests:
-  #   cpu: 100m
-  #   memory: 128Mi
-
-nodeSelector: {}
-
-tolerations: []
-
-affinity: {}

charts/kubezero-ci/templates/jenkins/istio-authorization-policy.yaml

@@ -0,0 +1,18 @@
+{{- if and .Values.jenkins.enabled .Values.jenkins.istio.enabled .Values.jenkins.istio.allowBlocks }}
+apiVersion: security.istio.io/v1beta1
+kind: AuthorizationPolicy
+metadata:
+  name: {{ .Release.Name }}-jenkins-allowlist
+  namespace: istio-ingress
+spec:
+  selector:
+    matchLabels:
+      app: istio-ingressgateway
+  rules:
+  - from:
+    - source:
+        ipBlocks: {{ .Values.jenkins.istio.allowBlocks | toYaml | nindent 8 }}
+    to:
+    - operation:
+        hosts: [{{ .Values.jenkins.istio.url }}]
+{{- end }}

charts/kubezero-ci/templates/jenkins/istio-service.yaml

@@ -0,0 +1,18 @@
+{{- if and .Values.jenkins.enabled .Values.jenkins.istio.enabled }}
+apiVersion: networking.istio.io/v1alpha3
+kind: VirtualService
+metadata:
+  name: {{ .Release.Name }}-jenkins
+  namespace: {{ template "jenkins.namespace" . }}
+spec:
+  hosts:
+  - {{ .Values.jenkins.istio.url }}
+  gateways:
+  - {{ .Values.jenkins.istio.gateway }}
+  http:
+  - route:
+    - destination:
+        host: {{ .Release.Name }}-jenkins
+        port:
+          number: 8080
+{{- end }}

charts/kubezero-ci/values.yaml

@@ -70,5 +70,17 @@ gitea:
 jenkins:
   enabled: false
 
-teamcity:
+  controller:
-  enabled: false
+    tagLabel: alpine
+    disableRememberMe: true
+    prometheus:
+      enabled: false
+    testEnabled: false
+
+  persistence:
+    size: "2Gi"
+
+  istio:
+    enabled: false
+    gateway: istio-ingress/private-ingressgateway
+    url: jenkins.example.com

charts/kubezero/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 name: kubezero
 description: KubeZero - Root App of Apps chart
 type: application
-version: 1.21.8
+version: 1.21.8-3
 home: https://kubezero.com
 icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
 keywords:

charts/kubezero/templates/addons.yaml

@@ -1,7 +1,22 @@
 {{- define "addons-values" }}
 
-{{- with index .Values "addons" "metallb" }}
+{{- with .Values.addons.clusterBackup }}
-metallb:
+clusterBackup:
+  {{- toYaml . | nindent 2 }}
+{{- end }}
+
+{{- with index .Values "addons" "aws-node-termination-handler" }}
+aws-node-termination-handler:
+  {{- toYaml . | nindent 2 }}
+{{- end }}
+
+{{- with .Values.addons.fuseDevicePlugin }}
+fuseDevicePlugin:
+  {{- toYaml . | nindent 2 }}
+{{- end }}
+
+{{- with .Values.addons.k8sEcrLoginRenew }}
+k8sEcrLoginRenew:
   {{- toYaml . | nindent 2 }}
 {{- end }}
 

charts/kubezero/values.yaml

@@ -8,7 +8,7 @@ HighAvailableControlplane: false
 
 addons:
   enabled: false
-  targetRevision: 0.1.0
+  targetRevision: 0.2.3
 
 network:
   enabled: false
@@ -28,6 +28,10 @@ kiam:
 storage:
   enabled: false
   targetRevision: 0.4.3
+  aws-ebs-csi-driver:
+    enabled: false
+  aws-efs-csi-driver:
+    enabled: false
 
 istio:
   enabled: false

containers/admin/v1.21/kubezero.sh

@@ -199,6 +199,7 @@ elif [[ "$1" == 'node-upgrade' ]]; then
     if [ -n "$restic_repo" ]; then
       yq -i eval '
         .addons.clusterBackup.enabled = "true" | .addons.clusterBackup.repository = strenv(restic_repo) | .addons.clusterBackup.password = strenv(restic_pw)
+      | .addons.clusterBackup.image.tag = strenv(KUBE_VERSION)
       | .addons.clusterBackup.extraEnv[0].name = "AWS_DEFAULT_REGION" | .addons.clusterBackup.extraEnv[0].value = strenv(REGION)
       ' ${HOSTFS}/etc/kubernetes/kubezero.yaml
     fi

containers/admin/v1.21/kubezero_121.sh

@@ -18,7 +18,7 @@ kubectl delete deployment efs-csi-controller -n kube-system
 kubectl delete daemonSet efs-csi-node -n kube-system
 
 # Remove calico Servicemonitor in case still around
-# kubectl delete servicemonitor calico-node -n kube-system
+kubectl delete servicemonitor calico-node -n kube-system
 
 # Upgrade Prometheus stack, requires state metrics to be removed first
 kubectl delete deployment metrics-kube-state-metrics -n monitoring