diff --git a/admin/upgrade_cluster.sh b/admin/upgrade_cluster.sh index 653c7a2..3cf7097 100755 --- a/admin/upgrade_cluster.sh +++ b/admin/upgrade_cluster.sh @@ -146,7 +146,7 @@ waitSystemPodsRunning argo_used && disable_argo -# all_nodes_upgrade "" +#all_nodes_upgrade "" control_plane_upgrade kubeadm_upgrade @@ -154,10 +154,18 @@ echo "Adjust kubezero values as needed:" # shellcheck disable=SC2015 argo_used && kubectl edit app kubezero -n argocd || kubectl edit cm kubezero-values -n kube-system +# Remove calico +#kubectl delete deployment calico-kube-controllers -n kube-system || true +#kubectl delete daemonset calico-node -n kube-system || true +#kubectl delete network-attachment-definitions calico -n kube-system || true + +# Remove previous cilium config as the helm options are additive only -> fail +kubectl delete configmap cilium-config -n kube-system || true + control_plane_upgrade "apply_network, apply_addons, apply_storage" -kubectl rollout restart daemonset/cilium -n kube-system kubectl rollout restart daemonset/kube-multus-ds -n kube-system +kubectl rollout restart daemonset/cilium -n kube-system echo "Checking that all pods in kube-system are running ..." waitSystemPodsRunning diff --git a/charts/kubeadm/templates/KubeletConfiguration.yaml b/charts/kubeadm/templates/KubeletConfiguration.yaml index 8fdfd48..f107c4f 100644 --- a/charts/kubeadm/templates/KubeletConfiguration.yaml +++ b/charts/kubeadm/templates/KubeletConfiguration.yaml @@ -17,8 +17,8 @@ protectKernelDefaults: {{ .Values.protectKernelDefaults }} tlsCipherSuites: [TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_GCM_SHA256] featureGates: {{- include "kubeadm.featuregates" ( dict "return" "map" ) | nindent 2 }} -# Minimal unit is 50m per pod -podsPerCore: 20 +# Minimal unit is 40m per pod +podsPerCore: 25 # cpuCFSQuotaPeriod: 10ms # Basic OS incl. crio systemReserved: diff --git a/charts/kubeadm/templates/resources/51-aws-iam-authenticator-deployment.yaml b/charts/kubeadm/templates/resources/51-aws-iam-authenticator-deployment.yaml index 5145b7a..6896cea 100644 --- a/charts/kubeadm/templates/resources/51-aws-iam-authenticator-deployment.yaml +++ b/charts/kubeadm/templates/resources/51-aws-iam-authenticator-deployment.yaml @@ -133,7 +133,7 @@ spec: resources: requests: - memory: 20Mi + memory: 32Mi cpu: 10m limits: memory: 64Mi diff --git a/charts/kubezero-addons/Chart.yaml b/charts/kubezero-addons/Chart.yaml index a33484d..9f104a2 100644 --- a/charts/kubezero-addons/Chart.yaml +++ b/charts/kubezero-addons/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: kubezero-addons description: KubeZero umbrella chart for various optional cluster addons type: application -version: 0.7.2 +version: 0.7.3 appVersion: v1.24 home: https://kubezero.com icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png @@ -11,18 +11,14 @@ keywords: - fuse-device-plugin - neuron-device-plugin - nvidia-device-plugin - - aws-node-termination-handler - cluster-autoscaler - sealed-secrets - external-dns + - aws-node-termination-handler maintainers: - name: Stefan Reimer email: stefan@zero-downtime.net dependencies: - - name: aws-node-termination-handler - version: 0.20.1 - # repository: https://aws.github.io/eks-charts - condition: aws-node-termination-handler.enabled - name: external-dns version: 1.11.0 repository: https://kubernetes-sigs.github.io/external-dns/ @@ -32,7 +28,7 @@ dependencies: repository: https://kubernetes.github.io/autoscaler condition: cluster-autoscaler.enabled - name: nvidia-device-plugin - version: 0.12.3 + version: 0.13.0 # https://github.com/NVIDIA/k8s-device-plugin repository: https://nvidia.github.io/k8s-device-plugin condition: nvidia-device-plugin.enabled @@ -40,4 +36,12 @@ dependencies: version: 2.7.1 repository: https://bitnami-labs.github.io/sealed-secrets condition: sealed-secrets.enabled + - name: aws-node-termination-handler + version: 0.20.1 + # repository: https://aws.github.io/eks-charts + condition: aws-node-termination-handler.enabled + - name: aws-eks-asg-rolling-update-handler + version: 1.2.7 + # repository: https://twin.github.io/helm-charts + condition: aws-eks-asg-rolling-update-handler.enabled kubeVersion: ">= 1.24.0" diff --git a/charts/kubezero-addons/README.md b/charts/kubezero-addons/README.md index ec25721..d1aea26 100644 --- a/charts/kubezero-addons/README.md +++ b/charts/kubezero-addons/README.md @@ -1,6 +1,6 @@ # kubezero-addons -![Version: 0.7.2](https://img.shields.io/badge/Version-0.7.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v1.24](https://img.shields.io/badge/AppVersion-v1.24-informational?style=flat-square) +![Version: 0.7.3](https://img.shields.io/badge/Version-0.7.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v1.24](https://img.shields.io/badge/AppVersion-v1.24-informational?style=flat-square) KubeZero umbrella chart for various optional cluster addons @@ -18,11 +18,12 @@ Kubernetes: `>= 1.24.0` | Repository | Name | Version | |------------|------|---------| +| | aws-eks-asg-rolling-update-handler | 1.2.7 | | | aws-node-termination-handler | 0.20.1 | | https://bitnami-labs.github.io/sealed-secrets | sealed-secrets | 2.7.1 | | https://kubernetes-sigs.github.io/external-dns/ | external-dns | 1.11.0 | | https://kubernetes.github.io/autoscaler | cluster-autoscaler | 9.21.0 | -| https://nvidia.github.io/k8s-device-plugin | nvidia-device-plugin | 0.12.3 | +| https://nvidia.github.io/k8s-device-plugin | nvidia-device-plugin | 0.13.0 | # MetalLB @@ -40,6 +41,34 @@ Device plugin for [AWS Neuron](https://aws.amazon.com/machine-learning/neuron/) | Key | Type | Default | Description | |-----|------|---------|-------------| +| aws-eks-asg-rolling-update-handler.enabled | bool | `false` | | +| aws-eks-asg-rolling-update-handler.environmentVars[0].name | string | `"CLUSTER_NAME"` | | +| aws-eks-asg-rolling-update-handler.environmentVars[0].value | string | `""` | | +| aws-eks-asg-rolling-update-handler.environmentVars[1].name | string | `"AWS_REGION"` | | +| aws-eks-asg-rolling-update-handler.environmentVars[1].value | string | `"us-west-2"` | | +| aws-eks-asg-rolling-update-handler.environmentVars[2].name | string | `"EXECUTION_INTERVAL"` | | +| aws-eks-asg-rolling-update-handler.environmentVars[2].value | string | `"60"` | | +| aws-eks-asg-rolling-update-handler.environmentVars[3].name | string | `"METRICS"` | | +| aws-eks-asg-rolling-update-handler.environmentVars[3].value | string | `"true"` | | +| aws-eks-asg-rolling-update-handler.environmentVars[4].name | string | `"EAGER_CORDONING"` | | +| aws-eks-asg-rolling-update-handler.environmentVars[4].value | string | `"true"` | | +| aws-eks-asg-rolling-update-handler.environmentVars[5].name | string | `"SLOW_MODE"` | | +| aws-eks-asg-rolling-update-handler.environmentVars[5].value | string | `"true"` | | +| aws-eks-asg-rolling-update-handler.environmentVars[6].name | string | `"AWS_ROLE_ARN"` | | +| aws-eks-asg-rolling-update-handler.environmentVars[6].value | string | `""` | | +| aws-eks-asg-rolling-update-handler.environmentVars[7].name | string | `"AWS_WEB_IDENTITY_TOKEN_FILE"` | | +| aws-eks-asg-rolling-update-handler.environmentVars[7].value | string | `"/var/run/secrets/sts.amazonaws.com/serviceaccount/token"` | | +| aws-eks-asg-rolling-update-handler.environmentVars[8].name | string | `"AWS_STS_REGIONAL_ENDPOINTS"` | | +| aws-eks-asg-rolling-update-handler.environmentVars[8].value | string | `"regional"` | | +| aws-eks-asg-rolling-update-handler.image.tag | string | `"v1.7.0"` | | +| aws-eks-asg-rolling-update-handler.nodeSelector."node-role.kubernetes.io/control-plane" | string | `""` | | +| aws-eks-asg-rolling-update-handler.resources.limits.memory | string | `"128Mi"` | | +| aws-eks-asg-rolling-update-handler.resources.requests.cpu | string | `"10m"` | | +| aws-eks-asg-rolling-update-handler.resources.requests.memory | string | `"32Mi"` | | +| aws-eks-asg-rolling-update-handler.tolerations[0].effect | string | `"NoSchedule"` | | +| aws-eks-asg-rolling-update-handler.tolerations[0].key | string | `"node-role.kubernetes.io/master"` | | +| aws-eks-asg-rolling-update-handler.tolerations[1].effect | string | `"NoSchedule"` | | +| aws-eks-asg-rolling-update-handler.tolerations[1].key | string | `"node-role.kubernetes.io/control-plane"` | | | aws-node-termination-handler.deleteLocalData | bool | `true` | | | aws-node-termination-handler.emitKubernetesEvents | bool | `true` | | | aws-node-termination-handler.enableProbesServer | bool | `true` | | diff --git a/charts/kubezero-addons/charts/aws-eks-asg-rolling-update-handler/Chart.yaml b/charts/kubezero-addons/charts/aws-eks-asg-rolling-update-handler/Chart.yaml new file mode 100644 index 0000000..91ce0de --- /dev/null +++ b/charts/kubezero-addons/charts/aws-eks-asg-rolling-update-handler/Chart.yaml @@ -0,0 +1,8 @@ +apiVersion: v2 +description: Handles rolling upgrades for AWS ASGs for EKS by replacing outdated nodes + by new nodes. +home: https://github.com/TwiN/aws-eks-asg-rolling-update-handler +maintainers: +- name: TwiN +name: aws-eks-asg-rolling-update-handler +version: 1.2.7 diff --git a/charts/kubezero-addons/charts/aws-eks-asg-rolling-update-handler/templates/_helpers.tpl b/charts/kubezero-addons/charts/aws-eks-asg-rolling-update-handler/templates/_helpers.tpl new file mode 100644 index 0000000..404193d --- /dev/null +++ b/charts/kubezero-addons/charts/aws-eks-asg-rolling-update-handler/templates/_helpers.tpl @@ -0,0 +1,31 @@ +{{/* +Create a default app name. +*/}} +{{- define "aws-eks-asg-rolling-update-handler.name" -}} +{{- .Chart.Name -}} +{{- end -}} + +{{/* +Create a default namespace. +*/}} +{{- define "aws-eks-asg-rolling-update-handler.namespace" -}} +{{- .Release.Namespace -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "aws-eks-asg-rolling-update-handler.labels" -}} +app.kubernetes.io/name: {{ include "aws-eks-asg-rolling-update-handler.name" . }} +{{- end -}} + +{{/* +Create the name of the service account to use. +*/}} +{{- define "aws-eks-asg-rolling-update-handler.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "aws-eks-asg-rolling-update-handler.name" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/charts/kubezero-addons/charts/aws-eks-asg-rolling-update-handler/templates/cluster-role-binding.yaml b/charts/kubezero-addons/charts/aws-eks-asg-rolling-update-handler/templates/cluster-role-binding.yaml new file mode 100644 index 0000000..e6c8bbd --- /dev/null +++ b/charts/kubezero-addons/charts/aws-eks-asg-rolling-update-handler/templates/cluster-role-binding.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "aws-eks-asg-rolling-update-handler.name" . }} + labels: +{{ include "aws-eks-asg-rolling-update-handler.labels" . | indent 4 }} +roleRef: + kind: ClusterRole + name: {{ template "aws-eks-asg-rolling-update-handler.name" . }} + apiGroup: rbac.authorization.k8s.io +subjects: + - kind: ServiceAccount + name: {{ template "aws-eks-asg-rolling-update-handler.serviceAccountName" . }} + namespace: {{ template "aws-eks-asg-rolling-update-handler.namespace" . }} \ No newline at end of file diff --git a/charts/kubezero-addons/charts/aws-eks-asg-rolling-update-handler/templates/cluster-role.yaml b/charts/kubezero-addons/charts/aws-eks-asg-rolling-update-handler/templates/cluster-role.yaml new file mode 100644 index 0000000..33b8215 --- /dev/null +++ b/charts/kubezero-addons/charts/aws-eks-asg-rolling-update-handler/templates/cluster-role.yaml @@ -0,0 +1,41 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "aws-eks-asg-rolling-update-handler.name" . }} + labels: +{{ include "aws-eks-asg-rolling-update-handler.labels" . | indent 4 }} +rules: + - apiGroups: + - "*" + resources: + - "*" + verbs: + - get + - list + - watch + - apiGroups: + - "*" + resources: + - nodes + verbs: + - get + - list + - watch + - update + - patch + - apiGroups: + - "*" + resources: + - pods/eviction + verbs: + - get + - list + - create + - apiGroups: + - "*" + resources: + - pods + verbs: + - get + - list \ No newline at end of file diff --git a/charts/kubezero-addons/charts/aws-eks-asg-rolling-update-handler/templates/deployment.yaml b/charts/kubezero-addons/charts/aws-eks-asg-rolling-update-handler/templates/deployment.yaml new file mode 100644 index 0000000..c4894cf --- /dev/null +++ b/charts/kubezero-addons/charts/aws-eks-asg-rolling-update-handler/templates/deployment.yaml @@ -0,0 +1,56 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "aws-eks-asg-rolling-update-handler.name" . }} + namespace: {{ template "aws-eks-asg-rolling-update-handler.namespace" . }} + labels: +{{ include "aws-eks-asg-rolling-update-handler.labels" . | indent 4 }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: +{{ include "aws-eks-asg-rolling-update-handler.labels" . | indent 6 }} + template: + metadata: + labels: +{{ include "aws-eks-asg-rolling-update-handler.labels" . | indent 8 }} + spec: + automountServiceAccountToken: true + serviceAccountName: {{ template "aws-eks-asg-rolling-update-handler.serviceAccountName" . }} + restartPolicy: Always + dnsPolicy: Default + containers: + - name: {{ template "aws-eks-asg-rolling-update-handler.name" . }} + image: {{ .Values.image.repository }}:{{ .Values.image.tag }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + env: + {{- toYaml .Values.environmentVars | nindent 12 }} + {{- with .Values.resources }} + resources: + {{- toYaml . | nindent 12 }} + {{- end }} + volumeMounts: + - name: aws-token + mountPath: "/var/run/secrets/sts.amazonaws.com/serviceaccount/" + readOnly: true + volumes: + - name: aws-token + projected: + sources: + - serviceAccountToken: + path: token + expirationSeconds: 86400 + audience: "sts.amazonaws.com" + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.imagePullSecrets }} + imagePullSecrets: +{{- toYaml . | nindent 8 }} + {{- end }} diff --git a/charts/kubezero-addons/charts/aws-eks-asg-rolling-update-handler/templates/service-account.yaml b/charts/kubezero-addons/charts/aws-eks-asg-rolling-update-handler/templates/service-account.yaml new file mode 100644 index 0000000..958b1db --- /dev/null +++ b/charts/kubezero-addons/charts/aws-eks-asg-rolling-update-handler/templates/service-account.yaml @@ -0,0 +1,13 @@ +{{ if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "aws-eks-asg-rolling-update-handler.serviceAccountName" . }} + namespace: {{ template "aws-eks-asg-rolling-update-handler.namespace" . }} + labels: +{{ include "aws-eks-asg-rolling-update-handler.labels" . | indent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{ end }} \ No newline at end of file diff --git a/charts/kubezero-addons/charts/aws-eks-asg-rolling-update-handler/values.yaml b/charts/kubezero-addons/charts/aws-eks-asg-rolling-update-handler/values.yaml new file mode 100644 index 0000000..8a5d57a --- /dev/null +++ b/charts/kubezero-addons/charts/aws-eks-asg-rolling-update-handler/values.yaml @@ -0,0 +1,28 @@ +replicaCount: 1 + +image: + repository: twinproduction/aws-eks-asg-rolling-update-handler + tag: v1.4.3 + pullPolicy: IfNotPresent + +#imagePullSecrets: +#- imagePullSecret + +environmentVars: +- name: CLUSTER_NAME + value: "cluster-name" # REPLACE THIS WITH THE NAME OF YOUR EKS CLUSTER +#- name: AUTO_SCALING_GROUP_NAMES +# value: "asg-1,asg-2,asg-3" # REPLACE THESE VALUES FOR THE NAMES OF THE ASGs, if CLUSTER_NAME is provided, this is ignored +#- name: IGNORE_DAEMON_SETS +# value: "true" +#- name: DELETE_LOCAL_DATA +# value: "true" +#- name: AWS_REGION +# value: us-west-2 +#- name: ENVIRONMENT +# value: "" + +serviceAccount: + create: true + #name: aws-eks-asg-rolling-update-handler + annotations: {} diff --git a/charts/kubezero-addons/ruh.patch b/charts/kubezero-addons/ruh.patch new file mode 100644 index 0000000..b88c55f --- /dev/null +++ b/charts/kubezero-addons/ruh.patch @@ -0,0 +1,36 @@ +diff -tuNr charts/aws-eks-asg-rolling-update-handler.orig/templates/deployment.yaml charts/aws-eks-asg-rolling-update-handler/templates/deployment.yaml +--- charts/aws-eks-asg-rolling-update-handler.orig/templates/deployment.yaml 2022-12-16 13:10:26.049272371 +0000 ++++ charts/aws-eks-asg-rolling-update-handler/templates/deployment.yaml 2022-12-16 15:56:00.880666339 +0000 +@@ -25,7 +25,31 @@ + image: {{ .Values.image.repository }}:{{ .Values.image.tag }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + env: +-{{- toYaml .Values.environmentVars | nindent 12 }} ++ {{- toYaml .Values.environmentVars | nindent 12 }} ++ {{- with .Values.resources }} ++ resources: ++ {{- toYaml . | nindent 12 }} ++ {{- end }} ++ volumeMounts: ++ - name: aws-token ++ mountPath: "/var/run/secrets/sts.amazonaws.com/serviceaccount/" ++ readOnly: true ++ volumes: ++ - name: aws-token ++ projected: ++ sources: ++ - serviceAccountToken: ++ path: token ++ expirationSeconds: 86400 ++ audience: "sts.amazonaws.com" ++ {{- with .Values.nodeSelector }} ++ nodeSelector: ++ {{- toYaml . | nindent 8 }} ++ {{- end }} ++ {{- with .Values.tolerations }} ++ tolerations: ++ {{- toYaml . | nindent 8 }} ++ {{- end }} + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} diff --git a/charts/kubezero-addons/update.sh b/charts/kubezero-addons/update.sh index c29d465..4b2cf20 100755 --- a/charts/kubezero-addons/update.sh +++ b/charts/kubezero-addons/update.sh @@ -4,6 +4,7 @@ set -ex helm repo update NTH_VERSION=$(yq eval '.dependencies[] | select(.name=="aws-node-termination-handler") | .version' Chart.yaml) +RUH_VERSION=$(yq eval '.dependencies[] | select(.name=="aws-eks-asg-rolling-update-handler") | .version' Chart.yaml) rm -rf charts/aws-node-termination-handler helm pull eks/aws-node-termination-handler --untar --untardir charts --version $NTH_VERSION @@ -11,4 +12,8 @@ helm pull eks/aws-node-termination-handler --untar --untardir charts --version $ # diff -tuNr charts/aws-node-termination-handler.orig charts/aws-node-termination-handler > nth.patch patch -p0 -i nth.patch --no-backup-if-mismatch +rm -rf charts/aws-eks-asg-rolling-update-handler +helm pull twin/aws-eks-asg-rolling-update-handler --untar --untardir charts --version $RUH_VERSION +patch -p0 -i ruh.patch --no-backup-if-mismatch + helm dep update diff --git a/charts/kubezero-addons/values.yaml b/charts/kubezero-addons/values.yaml index 460cc28..8aae885 100644 --- a/charts/kubezero-addons/values.yaml +++ b/charts/kubezero-addons/values.yaml @@ -52,6 +52,47 @@ sealed-secrets: - key: node-role.kubernetes.io/control-plane effect: NoSchedule +aws-eks-asg-rolling-update-handler: + enabled: false + image: + tag: v1.7.0 + + environmentVars: + - name: CLUSTER_NAME + value: "" + - name: AWS_REGION + value: us-west-2 + - name: EXECUTION_INTERVAL + value: "60" + - name: METRICS + value: "true" + - name: EAGER_CORDONING + value: "true" + # Only disable if all services have PDBs across AZs + - name: SLOW_MODE + value: "true" + - name: AWS_ROLE_ARN + value: "" + - name: AWS_WEB_IDENTITY_TOKEN_FILE + value: "/var/run/secrets/sts.amazonaws.com/serviceaccount/token" + - name: AWS_STS_REGIONAL_ENDPOINTS + value: "regional" + + resources: + requests: + cpu: 10m + memory: 32Mi + limits: + memory: 128Mi + + nodeSelector: + node-role.kubernetes.io/control-plane: "" + tolerations: + - key: node-role.kubernetes.io/master + effect: NoSchedule + - key: node-role.kubernetes.io/control-plane + effect: NoSchedule + aws-node-termination-handler: enabled: false diff --git a/charts/kubezero-argocd/Chart.yaml b/charts/kubezero-argocd/Chart.yaml index e488131..390cf37 100644 --- a/charts/kubezero-argocd/Chart.yaml +++ b/charts/kubezero-argocd/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 description: KubeZero ArgoCD - config, branding, image-updater (optional) name: kubezero-argocd -version: 0.11.1 +version: 0.11.2 home: https://kubezero.com icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png keywords: @@ -17,10 +17,10 @@ dependencies: version: ">= 0.1.6" repository: https://cdn.zero-downtime.net/charts/ - name: argo-cd - version: 5.16.1 + version: 5.16.10 repository: https://argoproj.github.io/argo-helm - name: argocd-apps - version: 0.0.4 + version: 0.0.6 repository: https://argoproj.github.io/argo-helm - name: argocd-image-updater version: 0.8.1 diff --git a/charts/kubezero-argocd/README.md b/charts/kubezero-argocd/README.md index 0d73327..a579dab 100644 --- a/charts/kubezero-argocd/README.md +++ b/charts/kubezero-argocd/README.md @@ -1,6 +1,6 @@ # kubezero-argocd -![Version: 0.11.1](https://img.shields.io/badge/Version-0.11.1-informational?style=flat-square) +![Version: 0.11.2](https://img.shields.io/badge/Version-0.11.2-informational?style=flat-square) KubeZero ArgoCD - config, branding, image-updater (optional) @@ -18,8 +18,8 @@ Kubernetes: `>= 1.24.0` | Repository | Name | Version | |------------|------|---------| -| https://argoproj.github.io/argo-helm | argo-cd | 5.16.1 | -| https://argoproj.github.io/argo-helm | argocd-apps | 0.0.4 | +| https://argoproj.github.io/argo-helm | argo-cd | 5.16.10 | +| https://argoproj.github.io/argo-helm | argocd-apps | 0.0.6 | | https://argoproj.github.io/argo-helm | argocd-image-updater | 0.8.1 | | https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.6 | @@ -36,16 +36,16 @@ Kubernetes: `>= 1.24.0` | argo-cd.configs.cm."ui.bannerurl" | string | `"https://kubezero.com/releases/v1.24"` | | | argo-cd.configs.cm.url | string | `"argocd.example.com"` | | | argo-cd.configs.knownHosts.data.ssh_known_hosts | string | `"bitbucket.org ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAubiN81eDcafrgMeLzaFPsw2kNvEcqTKl/VqLat/MaB33pZy0y3rJZtnqwR2qOOvbwKZYKiEO1O6VqNEBxKvJJelCq0dTXWT5pbO2gDXC6h6QDXCaHo6pOHGPUy+YBaGQRGuSusMEASYiWunYN0vCAI8QaXnWMXNMdFP3jHAJH0eDsoiGnLPBlBp4TNm6rYI74nMzgz3B9IikW4WVK+dc8KZJZWYjAuORU3jc1c/NPskD2ASinf8v3xnfXeukU0sJ5N6m5E8VLjObPEO+mN2t/FZTMZLiFqPWc/ALSqnMnnhwrNi2rbfg/rd/IpL8Le3pSBne8+seeFVBoGqzHM9yXw==\ngithub.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg=\ngithub.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl\ngithub.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==\ngitlab.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFSMqzJeV9rUzU4kWitGjeR4PWSa29SPqJ1fVkhtj3Hw9xjLVXVYrU9QlYWrOLXBpQ6KWjbjTDTdDkoohFzgbEY=\ngitlab.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAfuCHKVTjquxvt6CM6tdG4SLp1Btn/nOeHHE5UOzRdf\ngitlab.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bNKTBSpIYDEGk9KxsGh3mySTRgMtXL583qmBpzeQ+jqCMRgBqB98u3z++J1sKlXHWfM9dyhSevkMwSbhoR8XIq/U0tCNyokEi/ueaBMCvbcTHhO7FcwzY92WK4Yt0aGROY5qX2UKSeOvuP4D6TPqKF1onrSzH9bx9XUf2lEdWT/ia1NEKjunUqu1xOB/StKDHMoX4/OKyIzuS0q/T1zOATthvasJFoPrAjkohTyaDUz2LN5JoH839hViyEG82yB+MjcFV5MU3N1l1QL3cVUCh93xSaua1N85qivl+siMkPGbO5xR/En4iEY6K2XPASUEMaieWVNTRCtJ4S8H+9\ngit.zero-downtime.net ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC8YdJ4YcOK7A0K7qOWsRjCS+wHTStXRcwBe7gjG43HPSNijiCKoGf/c+tfNsRhyouawg7Law6M6ahmS/jKWBpznRIM+OdOFVSuhnK/nr6h6wG3/ZfdLicyAPvx1/STGY/Fc6/zXA88i/9PV+g84gSVmhf3fGY92wokiASiu9DU4T9dT1gIkdyOX6fbMi1/mMKLSrHnAQcjyasYDvw9ISCJ95EoSwbj7O4c+7jo9fxYvdCfZZZAEZGozTRLAAO0AnjVcRah7bZV/jfHJuhOipV/TB7UVAhlVv1dfGV7hoTp9UKtKZFJF4cjIrSGxqQA/mdhSdLgkepK7yc4Jp2xGnaarhY29DfqsQqop+ugFpTbj7Xy5Rco07mXc6XssbAZhI1xtCOX20N4PufBuYippCK5AE6AiAyVtJmvfGQk4HP+TjOyhFo7PZm3wc9Hym7IBBVC0Sl30K8ddufkAgHwNGvvu1ZmD9ZWaMOXJDHBCZGMMr16QREZwVtZTwMEQalc7/yqmuqMhmcJIfs/GA2Lt91y+pq9C8XyeUL0VFPch0vkcLSRe3ghMZpRFJ/ht307xPcLzgTJqN6oQtNNDzSQglSEjwhge2K4GyWcIh+oGsWxWz5dHyk1iJmw90Y976BZIl/mYVgbTtZAJ81oGe/0k5rAe+LDL+Yq6tG28QFOg0QmiQ==\n"` | | -| argo-cd.configs.metrics.enabled | bool | `false` | | -| argo-cd.configs.metrics.serviceMonitor.enabled | bool | `true` | | | argo-cd.configs.params."controller.operation.processors" | string | `"5"` | | | argo-cd.configs.params."controller.status.processors" | string | `"10"` | | | argo-cd.configs.params."server.enable.gzip" | bool | `true` | | | argo-cd.configs.params."server.insecure" | bool | `true` | | -| argo-cd.configs.resources.requests.cpu | string | `"100m"` | | -| argo-cd.configs.resources.requests.memory | string | `"256Mi"` | | | argo-cd.configs.secret.createSecret | bool | `false` | | | argo-cd.configs.styles | string | `".sidebar__logo img { content: url(https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png); }\n.sidebar { background: linear-gradient(to bottom, #6A4D79, #493558, #2D1B30, #0D0711); }\n"` | | +| argo-cd.controller.metrics.enabled | bool | `false` | | +| argo-cd.controller.metrics.serviceMonitor.enabled | bool | `true` | | +| argo-cd.controller.resources.requests.cpu | string | `"100m"` | | +| argo-cd.controller.resources.requests.memory | string | `"256Mi"` | | | argo-cd.dex.enabled | bool | `false` | | | argo-cd.global.logging.format | string | `"json"` | | | argo-cd.notifications.enabled | bool | `false` | | diff --git a/charts/kubezero-argocd/values.yaml b/charts/kubezero-argocd/values.yaml index e6c44f5..1bfc7c2 100644 --- a/charts/kubezero-argocd/values.yaml +++ b/charts/kubezero-argocd/values.yaml @@ -86,6 +86,7 @@ argo-cd: server.insecure: true server.enable.gzip: true + controller: metrics: enabled: false serviceMonitor: diff --git a/charts/kubezero-ci/Chart.yaml b/charts/kubezero-ci/Chart.yaml index 5b2273d..4a9d608 100644 --- a/charts/kubezero-ci/Chart.yaml +++ b/charts/kubezero-ci/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: kubezero-ci description: KubeZero umbrella chart for all things CI type: application -version: 0.5.23 +version: 0.5.24 home: https://kubezero.com icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png keywords: @@ -22,7 +22,7 @@ dependencies: repository: https://gocd.github.io/helm-chart condition: gocd.enabled - name: gitea - version: 6.0.3 + version: 6.0.5 repository: https://dl.gitea.io/charts/ condition: gitea.enabled - name: jenkins diff --git a/charts/kubezero-ci/README.md b/charts/kubezero-ci/README.md index 02071b2..dc80155 100644 --- a/charts/kubezero-ci/README.md +++ b/charts/kubezero-ci/README.md @@ -1,6 +1,6 @@ # kubezero-ci -![Version: 0.5.20](https://img.shields.io/badge/Version-0.5.20-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) +![Version: 0.5.24](https://img.shields.io/badge/Version-0.5.24-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) KubeZero umbrella chart for all things CI @@ -20,8 +20,8 @@ Kubernetes: `>= 1.20.0` |------------|------|---------| | https://aquasecurity.github.io/helm-charts/ | trivy | 0.4.17 | | https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.6 | -| https://charts.jenkins.io | jenkins | 4.2.13 | -| https://dl.gitea.io/charts/ | gitea | 6.0.3 | +| https://charts.jenkins.io | jenkins | 4.2.17 | +| https://dl.gitea.io/charts/ | gitea | 6.0.5 | | https://gocd.github.io/helm-chart | gocd | 1.40.8 | # Jenkins @@ -52,9 +52,8 @@ Kubernetes: `>= 1.20.0` | gitea.gitea.config.database.DB_TYPE | string | `"sqlite3"` | | | gitea.gitea.demo | bool | `false` | | | gitea.gitea.metrics.enabled | bool | `false` | | -| gitea.gitea.metrics.serviceMonitor.enabled | bool | `false` | | +| gitea.gitea.metrics.serviceMonitor.enabled | bool | `true` | | | gitea.image.rootless | bool | `true` | | -| gitea.image.tag | string | `"1.17.3"` | | | gitea.istio.enabled | bool | `false` | | | gitea.istio.gateway | string | `"istio-ingress/private-ingressgateway"` | | | gitea.istio.url | string | `"git.example.com"` | | @@ -64,6 +63,9 @@ Kubernetes: `>= 1.20.0` | gitea.persistence.enabled | bool | `true` | | | gitea.persistence.size | string | `"4Gi"` | | | gitea.postgresql.enabled | bool | `false` | | +| gitea.resources.limits.memory | string | `"2048Mi"` | | +| gitea.resources.requests.cpu | string | `"150m"` | | +| gitea.resources.requests.memory | string | `"320Mi"` | | | gitea.securityContext.allowPrivilegeEscalation | bool | `false` | | | gitea.securityContext.capabilities.add[0] | string | `"SYS_CHROOT"` | | | gitea.securityContext.capabilities.drop[0] | string | `"ALL"` | | @@ -76,39 +78,36 @@ Kubernetes: `>= 1.20.0` | jenkins.agent.annotations."container.apparmor.security.beta.kubernetes.io/jnlp" | string | `"unconfined"` | | | jenkins.agent.containerCap | int | `2` | | | jenkins.agent.customJenkinsLabels[0] | string | `"podman-aws-trivy"` | | -| jenkins.agent.idleMinutes | int | `10` | | +| jenkins.agent.idleMinutes | int | `15` | | | jenkins.agent.image | string | `"public.ecr.aws/zero-downtime/jenkins-podman"` | | | jenkins.agent.podName | string | `"podman-aws"` | | | jenkins.agent.podRetention | string | `"Default"` | | -| jenkins.agent.resources.limits.cpu | string | `"4"` | | -| jenkins.agent.resources.limits.memory | string | `"6144Mi"` | | -| jenkins.agent.resources.requests.cpu | string | `"512m"` | | -| jenkins.agent.resources.requests.memory | string | `"1024Mi"` | | | jenkins.agent.showRawYaml | bool | `false` | | | jenkins.agent.tag | string | `"v0.4.1"` | | | jenkins.agent.yamlMergeStrategy | string | `"merge"` | | -| jenkins.agent.yamlTemplate | string | `"apiVersion: v1\nkind: Pod\nspec:\n securityContext:\n fsGroup: 1000\n serviceAccountName: jenkins-podman-aws\n containers:\n - name: jnlp\n resources:\n limits:\n github.com/fuse: 1\n volumeMounts:\n - name: aws-token\n mountPath: \"/var/run/secrets/sts.amazonaws.com/serviceaccount/\"\n readOnly: true\n - name: host-registries-conf\n mountPath: \"/home/jenkins/.config/containers/registries.conf\"\n readOnly: true\n volumes:\n - name: aws-token\n projected:\n sources:\n - serviceAccountToken:\n path: token\n expirationSeconds: 86400\n audience: \"sts.amazonaws.com\"\n - name: host-registries-conf\n hostPath:\n path: /etc/containers/registries.conf\n type: File"` | | +| jenkins.agent.yamlTemplate | string | `"apiVersion: v1\nkind: Pod\nspec:\n securityContext:\n fsGroup: 1000\n serviceAccountName: jenkins-podman-aws\n containers:\n - name: jnlp\n resources:\n requests:\n cpu: \"512m\"\n memory: \"1024Mi\"\n limits:\n cpu: \"4\"\n memory: \"6144Mi\"\n github.com/fuse: 1\n volumeMounts:\n - name: aws-token\n mountPath: \"/var/run/secrets/sts.amazonaws.com/serviceaccount/\"\n readOnly: true\n - name: host-registries-conf\n mountPath: \"/home/jenkins/.config/containers/registries.conf\"\n readOnly: true\n volumes:\n - name: aws-token\n projected:\n sources:\n - serviceAccountToken:\n path: token\n expirationSeconds: 86400\n audience: \"sts.amazonaws.com\"\n - name: host-registries-conf\n hostPath:\n path: /etc/containers/registries.conf\n type: File"` | | | jenkins.controller.JCasC.configScripts.zdt-settings | string | `"jenkins:\n noUsageStatistics: true\n disabledAdministrativeMonitors:\n - \"jenkins.security.ResourceDomainRecommendation\"\nunclassified:\n buildDiscarders:\n configuredBuildDiscarders:\n - \"jobBuildDiscarder\"\n - defaultBuildDiscarder:\n discarder:\n logRotator:\n artifactDaysToKeepStr: \"32\"\n artifactNumToKeepStr: \"10\"\n daysToKeepStr: \"100\"\n numToKeepStr: \"10\"\n"` | | | jenkins.controller.disableRememberMe | bool | `true` | | | jenkins.controller.enableRawHtmlMarkupFormatter | bool | `true` | | -| jenkins.controller.initContainerResources.limits.cpu | string | `"1000m"` | | | jenkins.controller.initContainerResources.limits.memory | string | `"1024Mi"` | | | jenkins.controller.initContainerResources.requests.cpu | string | `"50m"` | | | jenkins.controller.initContainerResources.requests.memory | string | `"256Mi"` | | -| jenkins.controller.installPlugins[0] | string | `"kubernetes:3734.v562b_b_a_627ea_c"` | | +| jenkins.controller.installPlugins[0] | string | `"kubernetes:3743.v1fa_4c724c3b_7"` | | +| jenkins.controller.installPlugins[10] | string | `"build-discarder:139.v05696a_7fe240"` | | +| jenkins.controller.installPlugins[11] | string | `"dark-theme:262.v0202a_4c8fb_6a"` | | +| jenkins.controller.installPlugins[12] | string | `"kubernetes-credentials-provider:1.206.v7ce2cf7b_0c8b"` | | | jenkins.controller.installPlugins[1] | string | `"workflow-aggregator:581.v0c46fa_697ffd"` | | -| jenkins.controller.installPlugins[2] | string | `"git:4.14.2"` | | -| jenkins.controller.installPlugins[3] | string | `"configuration-as-code:1569.vb_72405b_80249"` | | -| jenkins.controller.installPlugins[4] | string | `"antisamy-markup-formatter:155.v795fb_8702324"` | | -| jenkins.controller.installPlugins[5] | string | `"prometheus:2.0.11"` | | -| jenkins.controller.installPlugins[6] | string | `"htmlpublisher:1.31"` | | -| jenkins.controller.installPlugins[7] | string | `"build-discarder:139.v05696a_7fe240"` | | -| jenkins.controller.installPlugins[8] | string | `"dark-theme:262.v0202a_4c8fb_6a"` | | -| jenkins.controller.installPlugins[9] | string | `"kubernetes-credentials-provider:1.206.v7ce2cf7b_0c8b"` | | +| jenkins.controller.installPlugins[2] | string | `"git:4.14.3"` | | +| jenkins.controller.installPlugins[3] | string | `"basic-branch-build-strategies:71.vc1421f89888e"` | | +| jenkins.controller.installPlugins[4] | string | `"pipeline-graph-view:144.vf3924feb_7e35"` | | +| jenkins.controller.installPlugins[5] | string | `"pipeline-stage-view:2.28"` | | +| jenkins.controller.installPlugins[6] | string | `"configuration-as-code:1569.vb_72405b_80249"` | | +| jenkins.controller.installPlugins[7] | string | `"antisamy-markup-formatter:155.v795fb_8702324"` | | +| jenkins.controller.installPlugins[8] | string | `"prometheus:2.0.11"` | | +| jenkins.controller.installPlugins[9] | string | `"htmlpublisher:1.31"` | | | jenkins.controller.javaOpts | string | `"-XX:+UseContainerSupport -XX:+UseStringDeduplication -Dhudson.model.DirectoryBrowserSupport.CSP=\"sandbox allow-popups; default-src 'none'; img-src 'self' cdn.zero-downtime.net; style-src 'unsafe-inline';\""` | | | jenkins.controller.jenkinsOpts | string | `"--sessionTimeout=180 --sessionEviction=3600"` | | | jenkins.controller.prometheus.enabled | bool | `false` | | -| jenkins.controller.resources.limits.cpu | string | `"2000m"` | | | jenkins.controller.resources.limits.memory | string | `"4096Mi"` | | | jenkins.controller.resources.requests.cpu | string | `"250m"` | | | jenkins.controller.resources.requests.memory | string | `"1280Mi"` | | @@ -129,7 +128,7 @@ Kubernetes: `>= 1.20.0` | jenkins.serviceAccountAgent.create | bool | `true` | | | jenkins.serviceAccountAgent.name | string | `"jenkins-podman-aws"` | | | trivy.enabled | bool | `false` | | -| trivy.image.tag | string | `"0.34.0"` | | +| trivy.image.tag | string | `"0.35.0"` | | | trivy.persistence.enabled | bool | `true` | | | trivy.persistence.size | string | `"1Gi"` | | | trivy.rbac.create | bool | `false` | | diff --git a/charts/kubezero-ci/dashboard-gitea.yaml b/charts/kubezero-ci/dashboard-gitea.yaml new file mode 100644 index 0000000..41ad30b --- /dev/null +++ b/charts/kubezero-ci/dashboard-gitea.yaml @@ -0,0 +1,9 @@ +configmap: grafana-dashboards +gzip: true +condition: '.Values.gitea.gitea.metrics.enabled' +folder: KubeZero +dashboards: +- name: Gitea + url: https://grafana.com/api/dashboards/13192/revisions/1/download + tags: + - CI diff --git a/charts/kubezero-ci/dashboards.yaml b/charts/kubezero-ci/dashboard-jenkins.yaml similarity index 100% rename from charts/kubezero-ci/dashboards.yaml rename to charts/kubezero-ci/dashboard-jenkins.yaml diff --git a/charts/kubezero-ci/templates/gitea/grafana-dashboard.yaml b/charts/kubezero-ci/templates/gitea/grafana-dashboard.yaml new file mode 100644 index 0000000..f008aa8 --- /dev/null +++ b/charts/kubezero-ci/templates/gitea/grafana-dashboard.yaml @@ -0,0 +1,15 @@ +{{- if .Values.gitea.gitea.metrics.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ printf "%s-%s" (include "kubezero-lib.fullname" $) "grafana-dashboards" | trunc 63 | trimSuffix "-" }} + namespace: {{ .Release.Namespace }} + labels: + grafana_dashboard: "1" + {{- include "kubezero-lib.labels" . | nindent 4 }} + annotations: + k8s-sidecar-target-directory: KubeZero +binaryData: + Gitea.json.gz: + H4sIAAAAAAAC/+1cW2/bNhR+z68QhGLYgDSwnMRJC+whS5cuaG5I2vVhDQxKomU2FKmSVBw38H8fSd2oixNjSBqrY4G61jmSeK7fR4ku7zccxx2PEUlSwd23zj/y2HHu9afUEBBDKXXfXY0vLs9P//z415+frtzNQo2BD7HSXzAaQzGFKa+UIeQBQ4lAlKhTKoWYJ/qmIRCA05QFsNIlOI0QOQ6VPum4aaY/y80yhtUnLOTn9WbmEoPfUsRgh1PF+BEDE0BAdXMUdoqLILxvKm4h47l3o629re3ciM3u4RJAZLDagyXTzqFMsTHQw2N0hRQtDSZph7FrSG9rsDX4D75xAUR7sKuatO1ZmUJACJXnSq3KYTakixEXZUYrQ6Tm1asp4NMPcK7uRf2vMBBvh4O93XIseY6fIiyO1WieITWC1h0MeQ4kwMdKL1gKDfkUhR1SFFBySDFl6oYs8sGvg01n6HnyY3d30/F+M29dBOag8tf5xTnAkImaCVWO+dSngIVurlvof6838vQ0G++UEiQoc94jAYHDIZMx1/d1YYhEwy03IlDo9vO2vTfDTKSK8SOlWKBEKgZaqFNMUoz1EUbkRndaljpdDh2dBzACXAdGp3RRloEPtGQCMIcVgEhHTyCJxFSZM6jJYdfpj6TRnSCMzdxrgWy1EEGiqmq3VEQMhRe0qrss1/JwZCRkJo/3jeO7Ijj5sarEQZGj8tayYkJIriBDHT7oqG5XBmIYQRLWzQC3UfM6KQ1SxjIvmpoY3HVJEemQ8imddYiFLEzcIb8FOK28aLkqq0Jrze7QwhkKdVKrnKpKuqCIiFOqG0oLqszRpI4DZcJPysJrjZ5AWQpEgAi2wpyxyN9N+K70yhJVF6m697Aub2dNBj6EDOpun2BqwBvXaT6XHScLClYdkikTEMCuApfAGdy0RuECJgkMpcdthwRgETQIvI6NqtXvEpbTQAA5l+zIpUFEjGMYUzYf+3MB+f1X6v/+xY0UUHxxFwb4qNIkQkKHLgO3rsmK9IiyGIi2lsFJRucHbile5N+qWIiptGhKcdiIkUAxPJKtbIBNKb+EUV4UjQuupmgi2lcIjXTuZe66k7luzEtKiLs3OwIwGLYhnlMmGv2uu2FcwDQiIbpFYSoj1ipNWVtEZj9v2Fp7GJMTcwZwB+5Qo/z9NLjJcm76qVo7byEVig6iaZydt3zDvbKzOxprDu7gA6U2KQtB3pqJRq3kM8a6EUpBoz8Ah3VqLtGrdXoGXy2x4UxVbJs9sbPVFPN20iWDRl3AreUn8LY0ujY3aE7bfn4e3n8KHh5aHrY8/Lw8HCTpmEP5uBDysc7uIxwsTeoqrp+Jnw8vPjk16rLEbInZEvNPQsze6CmYedsys2Xm52VmmkAynoQPPxRXUKUwfZw58xScXWiOQCD0a0Svz5R+LmPpHL27spRuKf3/RumPs+5SLt1pcOnokZfNo1b5aLYcPkwSgZpuFKSia9Es5AmCODzvuE5dCXBQL848n1ycUXGm+MnQXNeyEsIJSLFo3lNnN0kQieog04VZ9euMZgQ+pzgV0N1snqEYom1xs1zrocnWXNjNa78eGuO8LGq1Yqj+LBqS641l2kUtQrSTE5fPKmrXZ5hWThUoqSX1a8oFmswLtZoE5GtCxdhMzfhAsYQEUkHbyPrYHGFlytXcOgaB4t02fT7rY+0DXPcwpZ2lsQ+ZQyfOQdPuklf0AuiPBoXRaqDg7VtUsKiw/qjAYEK5Wr9G/UOGyy7bXxYdvOGKc4YdCw8WHtYfHlL5yN07XPhUM/qFAWF/NUDYtXhg8WD98QBxnvZvonBct/rHIsLOI28VvMGSJwjPQsKTQMIcYkxnFhSe8c1CVma9e7FQN/tlYWFnVVgYWFiwsNAHWNDrDr1DhZO61S8LCvsrgsLQzhUsKPQCFCiLAEHfQS9nDOedxr8sRLTeOC6dOIwsRliM6ANGyL9x77DhY83oF8aE0YqYYBcpLST0AhImVAW4d6Bw1DD7ZWFhuOqrx6F9x2BxoRe4kKQ+RsENnPcOGi605R9My9dsXWJnyXPEngWHJwGHJGUJtouVzwcOso369+OFq5rRa7YmsQwS7K+ZLCT0AhJm0J9SetM7VPjctHvN1iWWAcMbCwwWGPrxO2gMAe/jb6Abdq/basQSZLAPERYYegEMAY1jSETvgOGwafe6LUksAYZtCwwWGPoADDHCkAtK+jdnOG1bvm4LE0vAYWj/m4RFh368aAAimPYPGj43zO7ChXIHaWmWKmGl3h5k17hcXh6DKozDbI9jLuYYFtWXnSlAVEXTPTx2y/sKGCdYpotE7Y2pq22Y9ZYgpX6SOS6LY/baKzYbcWWiM5lbuyxRS0asujh3ZFzkx8xy6Zo+8OLq+67x3TMPtgemxtj5ZGh89/L9pesOfad6bx3XZ3TGi32kyzzpLaYzWZrtAU7OvnnHs9333zPpLWBI7TjNHwpctSf43sbiX1mpsRuhXgAA +{{- end }} diff --git a/charts/kubezero-ci/templates/grafana-dashboards.yaml b/charts/kubezero-ci/templates/jenkins/grafana-dashboard.yaml similarity index 100% rename from charts/kubezero-ci/templates/grafana-dashboards.yaml rename to charts/kubezero-ci/templates/jenkins/grafana-dashboard.yaml diff --git a/charts/kubezero-ci/update.sh b/charts/kubezero-ci/update.sh index 035ab68..0ded8aa 100755 --- a/charts/kubezero-ci/update.sh +++ b/charts/kubezero-ci/update.sh @@ -3,4 +3,5 @@ helm dep update # Create ZDT dashboard configmap -../kubezero-metrics/sync_grafana_dashboards.py dashboards.yaml templates/grafana-dashboards.yaml +../kubezero-metrics/sync_grafana_dashboards.py dashboard-jenkins.yaml templates/jenkins/grafana-dashboard.yaml +../kubezero-metrics/sync_grafana_dashboards.py dashboard-gitea.yaml templates/gitea/grafana-dashboard.yaml diff --git a/charts/kubezero-ci/values.yaml b/charts/kubezero-ci/values.yaml index 40f1e4e..3706241 100644 --- a/charts/kubezero-ci/values.yaml +++ b/charts/kubezero-ci/values.yaml @@ -17,7 +17,7 @@ gitea: enabled: false image: - tag: 1.17.3 + #tag: 1.17.4 rootless: true securityContext: @@ -49,7 +49,7 @@ gitea: metrics: enabled: false serviceMonitor: - enabled: false + enabled: true config: database: diff --git a/charts/kubezero-metrics/Chart.yaml b/charts/kubezero-metrics/Chart.yaml index 603bf75..7d1bb5f 100644 --- a/charts/kubezero-metrics/Chart.yaml +++ b/charts/kubezero-metrics/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: kubezero-metrics description: KubeZero Umbrella Chart for Prometheus, Grafana and Alertmanager as well as all Kubernetes integrations. type: application -version: 0.8.8 +version: 0.8.9 home: https://kubezero.com icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png keywords: @@ -19,11 +19,11 @@ dependencies: repository: https://cdn.zero-downtime.net/charts/ # https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack - name: kube-prometheus-stack - version: 42.2.1 + version: 43.2.0 # Switch back to upstream once all alerts are fixed eg. etcd gpcr # repository: https://prometheus-community.github.io/helm-charts - name: prometheus-adapter - version: 3.4.2 + version: 3.5.0 repository: https://prometheus-community.github.io/helm-charts condition: prometheus-adapter.enabled - name: prometheus-pushgateway diff --git a/charts/kubezero-metrics/README.md b/charts/kubezero-metrics/README.md index 87563ac..82ea042 100644 --- a/charts/kubezero-metrics/README.md +++ b/charts/kubezero-metrics/README.md @@ -1,6 +1,6 @@ # kubezero-metrics -![Version: 0.8.8](https://img.shields.io/badge/Version-0.8.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) +![Version: 0.8.9](https://img.shields.io/badge/Version-0.8.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) KubeZero Umbrella Chart for Prometheus, Grafana and Alertmanager as well as all Kubernetes integrations. @@ -18,9 +18,9 @@ Kubernetes: `>= 1.24.0` | Repository | Name | Version | |------------|------|---------| -| | kube-prometheus-stack | 42.2.1 | +| | kube-prometheus-stack | 43.2.0 | | https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.6 | -| https://prometheus-community.github.io/helm-charts | prometheus-adapter | 3.4.2 | +| https://prometheus-community.github.io/helm-charts | prometheus-adapter | 3.5.0 | | https://prometheus-community.github.io/helm-charts | prometheus-pushgateway | 2.0.2 | ## Values @@ -87,15 +87,15 @@ Kubernetes: `>= 1.24.0` | kube-prometheus-stack.alertmanager.config.inhibit_rules[2].equal[0] | string | `"namespace"` | | | kube-prometheus-stack.alertmanager.config.inhibit_rules[2].source_matchers[0] | string | `"alertname = InfoInhibitor"` | | | kube-prometheus-stack.alertmanager.config.inhibit_rules[2].target_matchers[0] | string | `"severity = info"` | | +| kube-prometheus-stack.alertmanager.config.inhibit_rules[3].source_matchers[0] | string | `"alertname = ClusterAutoscalerNodeGroupsEnabled"` | | +| kube-prometheus-stack.alertmanager.config.inhibit_rules[3].target_matchers[0] | string | `"alertname =~ \"KubeCPUOvercommit|KubeMemoryOvercommit\""` | | | kube-prometheus-stack.alertmanager.config.route.group_by[0] | string | `"severity"` | | | kube-prometheus-stack.alertmanager.config.route.group_by[1] | string | `"clusterName"` | | | kube-prometheus-stack.alertmanager.config.route.group_interval | string | `"5m"` | | -| kube-prometheus-stack.alertmanager.config.route.group_wait | string | `"30s"` | | -| kube-prometheus-stack.alertmanager.config.route.repeat_interval | string | `"6h"` | | -| kube-prometheus-stack.alertmanager.config.route.routes[0].matchers[0] | string | `"alertname = Watchdog"` | | +| kube-prometheus-stack.alertmanager.config.route.group_wait | string | `"10s"` | | +| kube-prometheus-stack.alertmanager.config.route.repeat_interval | string | `"4h"` | | +| kube-prometheus-stack.alertmanager.config.route.routes[0].matchers[0] | string | `"severity = none"` | | | kube-prometheus-stack.alertmanager.config.route.routes[0].receiver | string | `"null"` | | -| kube-prometheus-stack.alertmanager.config.route.routes[1].matchers[0] | string | `"alertname = InfoInhibitor"` | | -| kube-prometheus-stack.alertmanager.config.route.routes[1].receiver | string | `"null"` | | | kube-prometheus-stack.alertmanager.enabled | bool | `false` | | | kube-prometheus-stack.coreDns.enabled | bool | `true` | | | kube-prometheus-stack.defaultRules.create | bool | `false` | | diff --git a/charts/kubezero-metrics/charts/kube-prometheus-stack/Chart.yaml b/charts/kubezero-metrics/charts/kube-prometheus-stack/Chart.yaml index 6d9fdc7..8c4575f 100644 --- a/charts/kubezero-metrics/charts/kube-prometheus-stack/Chart.yaml +++ b/charts/kubezero-metrics/charts/kube-prometheus-stack/Chart.yaml @@ -1,4 +1,5 @@ annotations: + artifacthub.io/license: Apache-2.0 artifacthub.io/links: | - name: Chart Source url: https://github.com/prometheus-community/helm-charts @@ -6,7 +7,7 @@ annotations: url: https://github.com/prometheus-operator/kube-prometheus artifacthub.io/operator: "true" apiVersion: v2 -appVersion: 0.60.1 +appVersion: 0.61.1 dependencies: - condition: kubeStateMetrics.enabled name: kube-state-metrics @@ -19,7 +20,7 @@ dependencies: - condition: grafana.enabled name: grafana repository: https://grafana.github.io/helm-charts - version: 6.45.* + version: 6.48.* description: kube-prometheus-stack collects Kubernetes manifests, Grafana dashboards, and Prometheus rules combined with documentation and scripts to provide easy to operate end-to-end Kubernetes cluster monitoring with Prometheus using the Prometheus @@ -51,4 +52,4 @@ sources: - https://github.com/prometheus-community/helm-charts - https://github.com/prometheus-operator/kube-prometheus type: application -version: 42.2.1 +version: 43.2.0 diff --git a/charts/kubezero-metrics/charts/kube-prometheus-stack/README.md b/charts/kubezero-metrics/charts/kube-prometheus-stack/README.md index 9cee74e..e32bba5 100644 --- a/charts/kubezero-metrics/charts/kube-prometheus-stack/README.md +++ b/charts/kubezero-metrics/charts/kube-prometheus-stack/README.md @@ -80,6 +80,23 @@ _See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documen A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an incompatible breaking change needing manual actions. +### From 42.x to 43.x + +This version upgrades Prometheus-Operator to v0.61.1, Prometheus to v2.40.5 and Thanos to v0.29.0. + +Run these commands to update the CRDs before applying the upgrade. + +```console +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.61.1/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.61.1/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.61.1/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.61.1/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.61.1/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.61.1/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.61.1/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.61.1/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml +``` + ### From 41.x to 42.x This includes the overridability of container registry for all containers at the global level using `global.imageRegistry` or per container image. The defaults have not changed but if you were using a custom image, you will have to override the registry of said custom container image before you upgrade. diff --git a/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/Chart.yaml b/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/Chart.yaml index 83233ef..849916a 100644 --- a/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/Chart.yaml +++ b/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 9.3.0 +appVersion: 9.3.1 description: The leading tool for querying and visualizing time series and metrics. home: https://grafana.net icon: https://raw.githubusercontent.com/grafana/grafana/master/public/img/logo_transparent_400x.png @@ -19,4 +19,4 @@ name: grafana sources: - https://github.com/grafana/grafana type: application -version: 6.45.0 +version: 6.48.0 diff --git a/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/README.md b/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/README.md index b5dd1e6..d5210ca 100644 --- a/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/README.md +++ b/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/README.md @@ -179,6 +179,8 @@ This version requires Helm >= 3.1.0. | `sidecar.dashboards.defaultFolderName` | The default folder name, it will create a subfolder under the `sidecar.dashboards.folder` and put dashboards in there instead | `nil` | | `sidecar.dashboards.searchNamespace` | Namespaces list. If specified, the sidecar will search for dashboards config-maps inside these namespaces. Otherwise the namespace in which the sidecar is running will be used. It's also possible to specify ALL to search in all namespaces. | `nil` | | `sidecar.dashboards.script` | Absolute path to shell script to execute after a configmap got reloaded. | `nil` | +| `sidecar.dashboards.reloadURL` | Full url of dashboards configuration reload API endpoint, to invoke after a config-map change | `"http://localhost:3000/api/admin/provisioning/dashboards/reload"` | +| `sidecar.dashboards.skipReload` | Enabling this omits defining the REQ_URL and REQ_METHOD environment variables | `false` | | `sidecar.dashboards.resource` | Should the sidecar looks into secrets, configmaps or both. | `both` | | `sidecar.dashboards.extraMounts` | Additional dashboard sidecar volume mounts. | `[]` | | `sidecar.datasources.enabled` | Enables the cluster wide search for datasources and adds/updates/deletes them in grafana |`false` | diff --git a/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/templates/_helpers.tpl b/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/templates/_helpers.tpl index eb079b8..cb41fcc 100644 --- a/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/templates/_helpers.tpl +++ b/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/templates/_helpers.tpl @@ -141,6 +141,17 @@ Return the appropriate apiVersion for ingress. {{- end }} {{- end }} +{{/* +Return the appropriate apiVersion for Horizontal Pod Autoscaler. +*/}} +{{- define "grafana.hpa.apiVersion" -}} +{{- if semverCompare "<1.23-0" .Capabilities.KubeVersion.Version }} +{{- print "autoscaling/v2beta1" }} +{{- else }} +{{- print "autoscaling/v2" }} +{{- end }} +{{- end }} + {{/* Return the appropriate apiVersion for podDisruptionBudget. */}} diff --git a/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/templates/_pod.tpl b/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/templates/_pod.tpl index 95795bb..95ec1f8 100644 --- a/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/templates/_pod.tpl +++ b/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/templates/_pod.tpl @@ -1,4 +1,5 @@ {{- define "grafana.pod" -}} +{{- $sts := list "sts" "StatefulSet" "statefulset" -}} {{- $root := . -}} {{- with .Values.schedulerName }} schedulerName: "{{ . }}" @@ -384,6 +385,26 @@ containers: - name: SCRIPT value: "{{ . }}" {{- end }} + {{- if and (not .Values.env.GF_SECURITY_ADMIN_USER) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }} + - name: REQ_USERNAME + valueFrom: + secretKeyRef: + name: {{ (tpl .Values.admin.existingSecret .) | default (include "grafana.fullname" .) }} + key: {{ .Values.admin.userKey | default "admin-user" }} + {{- end }} + {{- if and (not .Values.env.GF_SECURITY_ADMIN_PASSWORD) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }} + - name: REQ_PASSWORD + valueFrom: + secretKeyRef: + name: {{ (tpl .Values.admin.existingSecret .) | default (include "grafana.fullname" .) }} + key: {{ .Values.admin.passwordKey | default "admin-password" }} + {{- end }} + {{- if not .Values.sidecar.dashboards.skipReload }} + - name: REQ_URL + value: {{ .Values.sidecar.dashboards.reloadURL }} + - name: REQ_METHOD + value: POST + {{- end }} {{- if .Values.sidecar.dashboards.watchServerTimeout }} {{- if ne .Values.sidecar.dashboards.watchMethod "WATCH" }} {{- fail (printf "Cannot use .Values.sidecar.dashboards.watchServerTimeout with .Values.sidecar.dashboards.watchMethod %s" .Values.sidecar.dashboards.watchMethod) }} @@ -561,7 +582,7 @@ containers: - name: UNIQUE_FILENAMES value: "{{ .Values.sidecar.enableUniqueFilenames }}" {{- end }} - {{- if .Values.sidecar.notifiers.searchNamespace }} + {{- with .Values.sidecar.notifiers.searchNamespace }} - name: NAMESPACE value: "{{ tpl (. | join ",") $root }}" {{- end }} @@ -1013,8 +1034,8 @@ volumes: - name: storage persistentVolumeClaim: claimName: {{ tpl (.Values.persistence.existingClaim | default (include "grafana.fullname" .)) . }} - {{- else if and .Values.persistence.enabled (eq .Values.persistence.type "statefulset") }} - # nothing + {{- else if and .Values.persistence.enabled (has .Values.persistence.type $sts) }} + {{/* nothing */}} {{- else }} - name: storage {{- if .Values.persistence.inMemory.enabled }} diff --git a/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/templates/headless-service.yaml b/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/templates/headless-service.yaml index 1140a2d..caaed5d 100644 --- a/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/templates/headless-service.yaml +++ b/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/templates/headless-service.yaml @@ -1,4 +1,4 @@ -{{- $sts := list "sts" "StatefulSet" -}} +{{- $sts := list "sts" "StatefulSet" "statefulset" -}} {{- if or .Values.headlessService (and .Values.persistence.enabled (not .Values.persistence.existingClaim) (has .Values.persistence.type $sts)) }} apiVersion: v1 kind: Service diff --git a/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/templates/hpa.yaml b/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/templates/hpa.yaml index 42d7c67..f53dfc8 100644 --- a/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/templates/hpa.yaml +++ b/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/templates/hpa.yaml @@ -1,6 +1,6 @@ -{{- $sts := list "sts" "StatefulSet" -}} +{{- $sts := list "sts" "StatefulSet" "statefulset" -}} {{- if .Values.autoscaling.enabled }} -apiVersion: autoscaling/v2beta1 +apiVersion: {{ include "grafana.hpa.apiVersion" . }} kind: HorizontalPodAutoscaler metadata: name: {{ include "grafana.fullname" . }} @@ -22,5 +22,28 @@ spec: minReplicas: {{ .Values.autoscaling.minReplicas }} maxReplicas: {{ .Values.autoscaling.maxReplicas }} metrics: - {{- toYaml .Values.autoscaling.metrics | nindent 4 }} + {{- if .Values.autoscaling.targetMemory }} + - type: Resource + resource: + name: memory + {{- if semverCompare "<1.23-0" .Capabilities.KubeVersion.Version }} + targetAverageUtilization: {{ .Values.autoscaling.targetMemory }} + {{- else }} + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetMemory }} + {{- end }} + {{- end }} + {{- if .Values.autoscaling.targetCPU }} + - type: Resource + resource: + name: cpu + {{- if semverCompare "<1.23-0" .Capabilities.KubeVersion.Version }} + targetAverageUtilization: {{ .Values.autoscaling.targetCPU }} + {{- else }} + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetCPU }} + {{- end }} + {{- end }} {{- end }} diff --git a/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/templates/statefulset.yaml b/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/templates/statefulset.yaml index 4cde0eb..acfab4d 100644 --- a/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/templates/statefulset.yaml +++ b/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/templates/statefulset.yaml @@ -1,4 +1,4 @@ -{{- $sts := list "sts" "StatefulSet" -}} +{{- $sts := list "sts" "StatefulSet" "statefulset" -}} {{- if (or (.Values.useStatefulSet) (and .Values.persistence.enabled (not .Values.persistence.existingClaim) (has .Values.persistence.type $sts)))}} apiVersion: apps/v1 kind: StatefulSet diff --git a/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/templates/tests/test-podsecuritypolicy.yaml b/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/templates/tests/test-podsecuritypolicy.yaml index 6fae392..1821772 100644 --- a/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/templates/tests/test-podsecuritypolicy.yaml +++ b/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/templates/tests/test-podsecuritypolicy.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.testFramework.enabled .Values.rbac.pspEnabled (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }} +{{- if and (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") .Values.testFramework.enabled .Values.rbac.pspEnabled }} apiVersion: policy/v1beta1 kind: PodSecurityPolicy metadata: diff --git a/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/templates/tests/test-role.yaml b/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/templates/tests/test-role.yaml index cdace2c..cb4c782 100644 --- a/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/templates/tests/test-role.yaml +++ b/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/templates/tests/test-role.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.testFramework.enabled .Values.rbac.pspEnabled }} +{{- if and (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") .Values.testFramework.enabled .Values.rbac.pspEnabled }} apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: diff --git a/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/templates/tests/test-rolebinding.yaml b/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/templates/tests/test-rolebinding.yaml index 91d4524..f40d791 100644 --- a/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/templates/tests/test-rolebinding.yaml +++ b/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/templates/tests/test-rolebinding.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.testFramework.enabled .Values.rbac.pspEnabled }} +{{- if and (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") .Values.testFramework.enabled .Values.rbac.pspEnabled }} apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: diff --git a/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/values.yaml b/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/values.yaml index 527cd42..bc1834f 100644 --- a/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/values.yaml +++ b/charts/kubezero-metrics/charts/kube-prometheus-stack/charts/grafana/values.yaml @@ -48,17 +48,10 @@ headlessService: false # autoscaling: enabled: false -# minReplicas: 1 -# maxReplicas: 10 -# metrics: -# - type: Resource -# resource: -# name: cpu -# targetAverageUtilization: 60 -# - type: Resource -# resource: -# name: memory -# targetAverageUtilization: 60 + minReplicas: 1 + maxReplicas: 5 + targetCPU: "60" + targetMemory: "" ## See `kubectl explain poddisruptionbudget.spec` for more ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ @@ -101,7 +94,7 @@ image: ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ ## Can be templated. ## - # pullSecrets: + pullSecrets: [] # - myRegistrKeySecretName testFramework: @@ -761,7 +754,7 @@ smtp: sidecar: image: repository: quay.io/kiwigrid/k8s-sidecar - tag: 1.19.2 + tag: 1.21.0 sha: "" imagePullPolicy: IfNotPresent resources: {} @@ -845,8 +838,11 @@ sidecar: # If specified, the sidecar will look for annotation with this name to create folder and put graph here. # You can use this parameter together with `provider.foldersFromFilesStructure`to annotate configmaps and create folder structure. folderAnnotation: null + # Endpoint to send request to reload alerts + reloadURL: "http://localhost:3000/api/admin/provisioning/dashboards/reload" # Absolute path to shell script to execute after a configmap got reloaded script: null + skipReload: false # watchServerTimeout: request to the server, asking it to cleanly close the connection after that. # defaults to 60sec; much higher values like 3600 seconds (1h) are feasible for non-Azure K8S # watchServerTimeout: 3600 diff --git a/charts/kubezero-metrics/charts/kube-prometheus-stack/crds/crd-alertmanagerconfigs.yaml b/charts/kubezero-metrics/charts/kube-prometheus-stack/crds/crd-alertmanagerconfigs.yaml index 744a9f9..858e8dc 100644 --- a/charts/kubezero-metrics/charts/kube-prometheus-stack/crds/crd-alertmanagerconfigs.yaml +++ b/charts/kubezero-metrics/charts/kube-prometheus-stack/crds/crd-alertmanagerconfigs.yaml @@ -1,4 +1,4 @@ -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.60.1/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.61.1/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition @@ -313,8 +313,8 @@ spec: description: TLS configuration properties: ca: - description: Struct containing the CA cert to use - for the targets. + description: Certificate authority used when verifying + server certificates. properties: configMap: description: ConfigMap containing data to use @@ -361,8 +361,8 @@ spec: x-kubernetes-map-type: atomic type: object cert: - description: Struct containing the client cert file - for the targets. + description: Client certificate to present when doing + client-authentication. properties: configMap: description: ConfigMap containing data to use @@ -724,8 +724,8 @@ spec: description: TLS configuration for the client. properties: ca: - description: Struct containing the CA cert to - use for the targets. + description: Certificate authority used when verifying + server certificates. properties: configMap: description: ConfigMap containing data to @@ -773,8 +773,8 @@ spec: x-kubernetes-map-type: atomic type: object cert: - description: Struct containing the client cert - file for the targets. + description: Client certificate to present when + doing client-authentication. properties: configMap: description: ConfigMap containing data to @@ -1170,8 +1170,8 @@ spec: description: TLS configuration for the client. properties: ca: - description: Struct containing the CA cert to - use for the targets. + description: Certificate authority used when verifying + server certificates. properties: configMap: description: ConfigMap containing data to @@ -1219,8 +1219,8 @@ spec: x-kubernetes-map-type: atomic type: object cert: - description: Struct containing the client cert - file for the targets. + description: Client certificate to present when + doing client-authentication. properties: configMap: description: ConfigMap containing data to @@ -1626,8 +1626,8 @@ spec: description: TLS configuration for the client. properties: ca: - description: Struct containing the CA cert to - use for the targets. + description: Certificate authority used when verifying + server certificates. properties: configMap: description: ConfigMap containing data to @@ -1675,8 +1675,8 @@ spec: x-kubernetes-map-type: atomic type: object cert: - description: Struct containing the client cert - file for the targets. + description: Client certificate to present when + doing client-authentication. properties: configMap: description: ConfigMap containing data to @@ -2160,8 +2160,8 @@ spec: description: TLS configuration for the client. properties: ca: - description: Struct containing the CA cert to - use for the targets. + description: Certificate authority used when verifying + server certificates. properties: configMap: description: ConfigMap containing data to @@ -2209,8 +2209,8 @@ spec: x-kubernetes-map-type: atomic type: object cert: - description: Struct containing the client cert - file for the targets. + description: Client certificate to present when + doing client-authentication. properties: configMap: description: ConfigMap containing data to @@ -2552,8 +2552,8 @@ spec: description: TLS configuration for the client. properties: ca: - description: Struct containing the CA cert to - use for the targets. + description: Certificate authority used when verifying + server certificates. properties: configMap: description: ConfigMap containing data to @@ -2601,8 +2601,8 @@ spec: x-kubernetes-map-type: atomic type: object cert: - description: Struct containing the client cert - file for the targets. + description: Client certificate to present when + doing client-authentication. properties: configMap: description: ConfigMap containing data to @@ -3026,8 +3026,8 @@ spec: description: TLS configuration for the client. properties: ca: - description: Struct containing the CA cert to - use for the targets. + description: Certificate authority used when verifying + server certificates. properties: configMap: description: ConfigMap containing data to @@ -3075,8 +3075,8 @@ spec: x-kubernetes-map-type: atomic type: object cert: - description: Struct containing the client cert - file for the targets. + description: Client certificate to present when + doing client-authentication. properties: configMap: description: ConfigMap containing data to @@ -3437,8 +3437,8 @@ spec: description: TLS configuration for the client. properties: ca: - description: Struct containing the CA cert to - use for the targets. + description: Certificate authority used when verifying + server certificates. properties: configMap: description: ConfigMap containing data to @@ -3486,8 +3486,8 @@ spec: x-kubernetes-map-type: atomic type: object cert: - description: Struct containing the client cert - file for the targets. + description: Client certificate to present when + doing client-authentication. properties: configMap: description: ConfigMap containing data to @@ -3808,8 +3808,8 @@ spec: description: TLS configuration for the client. properties: ca: - description: Struct containing the CA cert to - use for the targets. + description: Certificate authority used when verifying + server certificates. properties: configMap: description: ConfigMap containing data to @@ -3857,8 +3857,8 @@ spec: x-kubernetes-map-type: atomic type: object cert: - description: Struct containing the client cert - file for the targets. + description: Client certificate to present when + doing client-authentication. properties: configMap: description: ConfigMap containing data to @@ -4229,8 +4229,8 @@ spec: description: TLS configuration for the client. properties: ca: - description: Struct containing the CA cert to - use for the targets. + description: Certificate authority used when verifying + server certificates. properties: configMap: description: ConfigMap containing data to @@ -4278,8 +4278,8 @@ spec: x-kubernetes-map-type: atomic type: object cert: - description: Struct containing the client cert - file for the targets. + description: Client certificate to present when + doing client-authentication. properties: configMap: description: ConfigMap containing data to diff --git a/charts/kubezero-metrics/charts/kube-prometheus-stack/crds/crd-alertmanagers.yaml b/charts/kubezero-metrics/charts/kube-prometheus-stack/crds/crd-alertmanagers.yaml index 06457f0..b2bc5bc 100644 --- a/charts/kubezero-metrics/charts/kube-prometheus-stack/crds/crd-alertmanagers.yaml +++ b/charts/kubezero-metrics/charts/kube-prometheus-stack/crds/crd-alertmanagers.yaml @@ -1,4 +1,4 @@ -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.60.1/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.61.1/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition @@ -892,6 +892,22 @@ spec: type: array type: object type: object + alertmanagerConfigMatcherStrategy: + description: The AlertmanagerConfigMatcherStrategy defines how AlertmanagerConfig + objects match the alerts. In the future more options may be added. + properties: + type: + default: OnNamespace + description: If set to `OnNamespace`, the operator injects a label + matcher matching the namespace of the AlertmanagerConfig object + for all its routes and inhibition rules. `None` will not add + any additional matchers other than the ones specified in the + AlertmanagerConfig. Default is `OnNamespace`. + enum: + - OnNamespace + - None + type: string + type: object alertmanagerConfigNamespaceSelector: description: Namespaces to be selected for AlertmanagerConfig discovery. If nil, only check own namespace. @@ -1205,8 +1221,8 @@ spec: description: TLS configuration for the client. properties: ca: - description: Struct containing the CA cert to use - for the targets. + description: Certificate authority used when verifying + server certificates. properties: configMap: description: ConfigMap containing data to use @@ -1253,8 +1269,8 @@ spec: x-kubernetes-map-type: atomic type: object cert: - description: Struct containing the client cert file - for the targets. + description: Client certificate to present when doing + client-authentication. properties: configMap: description: ConfigMap containing data to use @@ -1430,10 +1446,11 @@ spec: for this Alertmanager instance. If empty, it defaults to `alertmanager-`. \n The Alertmanager configuration should be available under the `alertmanager.yaml` key. Additional keys from the original secret - are copied to the generated secret. \n If either the secret or the - `alertmanager.yaml` key is missing, the operator provisions an Alertmanager - configuration with one empty receiver (effectively dropping alert - notifications)." + are copied to the generated secret and mounted into the `/etc/alertmanager/config` + directory in the `alertmanager` container. \n If either the secret + or the `alertmanager.yaml` key is missing, the operator provisions + a minimal Alertmanager configuration with one empty receiver (effectively + dropping alert notifications)." type: string containers: description: 'Containers allows injecting additional containers. This diff --git a/charts/kubezero-metrics/charts/kube-prometheus-stack/crds/crd-podmonitors.yaml b/charts/kubezero-metrics/charts/kube-prometheus-stack/crds/crd-podmonitors.yaml index a507478..d39a552 100644 --- a/charts/kubezero-metrics/charts/kube-prometheus-stack/crds/crd-podmonitors.yaml +++ b/charts/kubezero-metrics/charts/kube-prometheus-stack/crds/crd-podmonitors.yaml @@ -1,4 +1,4 @@ -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.60.1/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.61.1/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition @@ -42,8 +42,8 @@ spec: by Prometheus. properties: attachMetadata: - description: 'Attaches node metadata to discovered targets. Only valid - for role: pod. Only valid in Prometheus versions 2.35.0 and newer.' + description: Attaches node metadata to discovered targets. Requires + Prometheus v2.35.0 and above. properties: node: description: When set to true, Prometheus must have permissions @@ -477,8 +477,8 @@ spec: description: TLS configuration to use when scraping the endpoint. properties: ca: - description: Struct containing the CA cert to use for the - targets. + description: Certificate authority used when verifying server + certificates. properties: configMap: description: ConfigMap containing data to use for the @@ -522,8 +522,7 @@ spec: x-kubernetes-map-type: atomic type: object cert: - description: Struct containing the client cert file for - the targets. + description: Client certificate to present when doing client-authentication. properties: configMap: description: ConfigMap containing data to use for the diff --git a/charts/kubezero-metrics/charts/kube-prometheus-stack/crds/crd-probes.yaml b/charts/kubezero-metrics/charts/kube-prometheus-stack/crds/crd-probes.yaml index 8960962..d82abd8 100644 --- a/charts/kubezero-metrics/charts/kube-prometheus-stack/crds/crd-probes.yaml +++ b/charts/kubezero-metrics/charts/kube-prometheus-stack/crds/crd-probes.yaml @@ -1,4 +1,4 @@ -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.60.1/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.61.1/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition @@ -589,7 +589,8 @@ spec: description: TLS configuration to use when scraping the endpoint. properties: ca: - description: Struct containing the CA cert to use for the targets. + description: Certificate authority used when verifying server + certificates. properties: configMap: description: ConfigMap containing data to use for the targets. @@ -630,7 +631,7 @@ spec: x-kubernetes-map-type: atomic type: object cert: - description: Struct containing the client cert file for the targets. + description: Client certificate to present when doing client-authentication. properties: configMap: description: ConfigMap containing data to use for the targets. diff --git a/charts/kubezero-metrics/charts/kube-prometheus-stack/crds/crd-prometheuses.yaml b/charts/kubezero-metrics/charts/kube-prometheus-stack/crds/crd-prometheuses.yaml index 589e20e..7da4e7b 100644 --- a/charts/kubezero-metrics/charts/kube-prometheus-stack/crds/crd-prometheuses.yaml +++ b/charts/kubezero-metrics/charts/kube-prometheus-stack/crds/crd-prometheuses.yaml @@ -1,4 +1,4 @@ -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.60.1/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.61.1/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition @@ -1055,6 +1055,9 @@ spec: description: BearerTokenFile to read from filesystem to use when authenticating to Alertmanager. type: string + enableHttp2: + description: Whether to enable HTTP2. + type: boolean name: description: Name of Endpoints object in Namespace. type: string @@ -1083,8 +1086,8 @@ spec: description: TLS Config to use for alertmanager connection. properties: ca: - description: Struct containing the CA cert to use for - the targets. + description: Certificate authority used when verifying + server certificates. properties: configMap: description: ConfigMap containing data to use for @@ -1135,8 +1138,8 @@ spec: to use for the targets. type: string cert: - description: Struct containing the client cert file - for the targets. + description: Client certificate to present when doing + client-authentication. properties: configMap: description: ConfigMap containing data to use for @@ -1329,8 +1332,8 @@ spec: description: TLS Config to use for accessing apiserver. properties: ca: - description: Struct containing the CA cert to use for the - targets. + description: Certificate authority used when verifying server + certificates. properties: configMap: description: ConfigMap containing data to use for the @@ -1378,8 +1381,7 @@ spec: to use for the targets. type: string cert: - description: Struct containing the client cert file for the - targets. + description: Client certificate to present when doing client-authentication. properties: configMap: description: ConfigMap containing data to use for the @@ -4575,6 +4577,11 @@ spec: bearerTokenFile: description: File to read bearer token for remote read. type: string + filterExternalLabels: + description: Whether to use the external labels as selectors + for the remote read endpoint. Requires Prometheus v2.34.0 + and above. + type: boolean headers: additionalProperties: type: string @@ -4697,8 +4704,8 @@ spec: description: TLS Config to use for remote read. properties: ca: - description: Struct containing the CA cert to use for the - targets. + description: Certificate authority used when verifying server + certificates. properties: configMap: description: ConfigMap containing data to use for the @@ -4746,8 +4753,7 @@ spec: to use for the targets. type: string cert: - description: Struct containing the client cert file for - the targets. + description: Client certificate to present when doing client-authentication. properties: configMap: description: ConfigMap containing data to use for the @@ -5148,8 +5154,8 @@ spec: description: TLS Config to use for remote write. properties: ca: - description: Struct containing the CA cert to use for the - targets. + description: Certificate authority used when verifying server + certificates. properties: configMap: description: ConfigMap containing data to use for the @@ -5197,8 +5203,7 @@ spec: to use for the targets. type: string cert: - description: Struct containing the client cert file for - the targets. + description: Client certificate to present when doing client-authentication. properties: configMap: description: ConfigMap containing data to use for the @@ -6437,8 +6442,8 @@ spec: Maps to the ''--grpc-server-tls-*'' CLI args.' properties: ca: - description: Struct containing the CA cert to use for the - targets. + description: Certificate authority used when verifying server + certificates. properties: configMap: description: ConfigMap containing data to use for the @@ -6486,8 +6491,7 @@ spec: to use for the targets. type: string cert: - description: Struct containing the client cert file for the - targets. + description: Client certificate to present when doing client-authentication. properties: configMap: description: ConfigMap containing data to use for the diff --git a/charts/kubezero-metrics/charts/kube-prometheus-stack/crds/crd-prometheusrules.yaml b/charts/kubezero-metrics/charts/kube-prometheus-stack/crds/crd-prometheusrules.yaml index 6fd613b..f139ffe 100644 --- a/charts/kubezero-metrics/charts/kube-prometheus-stack/crds/crd-prometheusrules.yaml +++ b/charts/kubezero-metrics/charts/kube-prometheus-stack/crds/crd-prometheusrules.yaml @@ -1,4 +1,4 @@ -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.60.1/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.61.1/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition @@ -44,18 +44,26 @@ spec: groups: description: Content of Prometheus rule file items: - description: 'RuleGroup is a list of sequentially evaluated recording - and alerting rules. Note: PartialResponseStrategy is only used - by ThanosRuler and will be ignored by Prometheus instances. Valid - values for this field are ''warn'' or ''abort''. More info: https://github.com/thanos-io/thanos/blob/main/docs/components/rule.md#partial-response' + description: RuleGroup is a list of sequentially evaluated recording + and alerting rules. properties: interval: + description: Interval determines how often rules in the group + are evaluated. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string name: + description: Name of the rule group. + minLength: 1 type: string partial_response_strategy: + default: "" + description: 'PartialResponseStrategy is only used by ThanosRuler + and will be ignored by Prometheus instances. More info: https://github.com/thanos-io/thanos/blob/main/docs/components/rule.md#partial-response' + pattern: ^(?i)(abort|warn)?$ type: string rules: + description: List of alerting and recording rules. items: description: 'Rule describes an alerting or recording rule See Prometheus documentation: [alerting](https://www.prometheus.io/docs/prometheus/latest/configuration/alerting_rules/) @@ -63,23 +71,35 @@ spec: rule' properties: alert: + description: Name of the alert. Must be a valid label + value. Only one of `record` and `alert` must be set. type: string annotations: additionalProperties: type: string + description: Annotations to add to each alert. Only valid + for alerting rules. type: object expr: anyOf: - type: integer - type: string + description: PromQL expression to evaluate. x-kubernetes-int-or-string: true for: + description: Alerts are considered firing once they have + been returned for this long. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string labels: additionalProperties: type: string + description: Labels to add or overwrite. type: object record: + description: Name of the time series to output to. Must + be a valid metric name. Only one of `record` and `alert` + must be set. type: string required: - expr @@ -90,6 +110,9 @@ spec: - rules type: object type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map type: object required: - spec diff --git a/charts/kubezero-metrics/charts/kube-prometheus-stack/crds/crd-servicemonitors.yaml b/charts/kubezero-metrics/charts/kube-prometheus-stack/crds/crd-servicemonitors.yaml index a3159b6..92ecc35 100644 --- a/charts/kubezero-metrics/charts/kube-prometheus-stack/crds/crd-servicemonitors.yaml +++ b/charts/kubezero-metrics/charts/kube-prometheus-stack/crds/crd-servicemonitors.yaml @@ -1,4 +1,4 @@ -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.60.1/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.61.1/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition @@ -41,6 +41,15 @@ spec: description: Specification of desired Service selection for target discovery by Prometheus. properties: + attachMetadata: + description: Attaches node metadata to discovered targets. Requires + Prometheus v2.37.0 and above. + properties: + node: + description: When set to true, Prometheus must have permissions + to get Nodes. + type: boolean + type: object endpoints: description: A list of endpoints allowed as part of this ServiceMonitor. items: @@ -147,6 +156,10 @@ spec: enableHttp2: description: Whether to enable HTTP2. type: boolean + filterRunning: + description: 'Drop pods that are not running. (Failed, Succeeded). + Enabled by default. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-phase' + type: boolean followRedirects: description: FollowRedirects configures whether scrape requests follow HTTP 3xx redirects. @@ -436,8 +449,8 @@ spec: description: TLS configuration to use when scraping the endpoint properties: ca: - description: Struct containing the CA cert to use for the - targets. + description: Certificate authority used when verifying server + certificates. properties: configMap: description: ConfigMap containing data to use for the @@ -485,8 +498,7 @@ spec: to use for the targets. type: string cert: - description: Struct containing the client cert file for - the targets. + description: Client certificate to present when doing client-authentication. properties: configMap: description: ConfigMap containing data to use for the diff --git a/charts/kubezero-metrics/charts/kube-prometheus-stack/crds/crd-thanosrulers.yaml b/charts/kubezero-metrics/charts/kube-prometheus-stack/crds/crd-thanosrulers.yaml index 0b8cf0d..7559727 100644 --- a/charts/kubezero-metrics/charts/kube-prometheus-stack/crds/crd-thanosrulers.yaml +++ b/charts/kubezero-metrics/charts/kube-prometheus-stack/crds/crd-thanosrulers.yaml @@ -1,4 +1,4 @@ -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.60.1/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.61.1/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition @@ -2238,7 +2238,8 @@ spec: the ''--grpc-server-tls-*'' CLI args.' properties: ca: - description: Struct containing the CA cert to use for the targets. + description: Certificate authority used when verifying server + certificates. properties: configMap: description: ConfigMap containing data to use for the targets. @@ -2283,7 +2284,7 @@ spec: use for the targets. type: string cert: - description: Struct containing the client cert file for the targets. + description: Client certificate to present when doing client-authentication. properties: configMap: description: ConfigMap containing data to use for the targets. diff --git a/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/grafana/configmaps-datasources.yaml b/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/grafana/configmaps-datasources.yaml index b5f0bf8..755168a 100644 --- a/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/grafana/configmaps-datasources.yaml +++ b/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/grafana/configmaps-datasources.yaml @@ -31,7 +31,7 @@ data: url: http://{{ template "kube-prometheus-stack.fullname" . }}-prometheus.{{ template "kube-prometheus-stack.namespace" . }}:{{ .Values.prometheus.service.port }}/{{ trimPrefix "/" .Values.prometheus.prometheusSpec.routePrefix }} {{- end }} access: proxy - isDefault: true + isDefault: {{ .Values.grafana.sidecar.datasources.isDefaultDatasource }} jsonData: timeInterval: {{ $scrapeInterval }} {{- if .Values.grafana.sidecar.datasources.exemplarTraceIdDestinations }} diff --git a/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/prometheus-operator/verticalpodautoscaler.yaml b/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/prometheus-operator/verticalpodautoscaler.yaml index 9208c34..fe2c68e 100644 --- a/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/prometheus-operator/verticalpodautoscaler.yaml +++ b/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/prometheus-operator/verticalpodautoscaler.yaml @@ -16,16 +16,16 @@ spec: {{- end }} {{- if .Values.prometheusOperator.verticalPodAutoscaler.maxAllowed }} maxAllowed: - {{ toYaml .Values.prometheusOperator.verticalPodAutoscaler.maxAllowed | nindent 8 }} + {{- toYaml .Values.prometheusOperator.verticalPodAutoscaler.maxAllowed | nindent 8 }} {{- end }} {{- if .Values.prometheusOperator.verticalPodAutoscaler.minAllowed }} minAllowed: - {{ toYaml .Values.prometheusOperator.verticalPodAutoscaler.minAllowed | nindent 8 }} + {{- toYaml .Values.prometheusOperator.verticalPodAutoscaler.minAllowed | nindent 8 }} {{- end }} targetRef: apiVersion: apps/v1 kind: Deployment - name: {{ template "kube-prometheus-stack.fullname" . }} + name: {{ template "kube-prometheus-stack.fullname" . }}-operator {{- if .Values.prometheusOperator.verticalPodAutoscaler.updatePolicy }} updatePolicy: {{- if .Values.prometheusOperator.verticalPodAutoscaler.updatePolicy.updateMode }} diff --git a/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/prometheus/prometheus.yaml b/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/prometheus/prometheus.yaml index 82f8f64..5235f74 100644 --- a/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/prometheus/prometheus.yaml +++ b/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/prometheus/prometheus.yaml @@ -210,6 +210,7 @@ spec: {{ else }} ruleNamespaceSelector: {} {{- end }} +{{- if not (has "agent" .Values.prometheus.prometheusSpec.enableFeatures) }} {{- if .Values.prometheus.prometheusSpec.ruleSelector }} ruleSelector: {{ toYaml .Values.prometheus.prometheusSpec.ruleSelector | indent 4}} @@ -220,6 +221,7 @@ spec: {{ else }} ruleSelector: {} {{- end }} +{{- end }} {{- if .Values.prometheus.prometheusSpec.storageSpec }} storage: {{ tpl (toYaml .Values.prometheus.prometheusSpec.storageSpec | indent 4) . }} diff --git a/charts/kubezero-metrics/charts/kube-prometheus-stack/values.yaml b/charts/kubezero-metrics/charts/kube-prometheus-stack/values.yaml index e5d805c..4ad72b4 100644 --- a/charts/kubezero-metrics/charts/kube-prometheus-stack/values.yaml +++ b/charts/kubezero-metrics/charts/kube-prometheus-stack/values.yaml @@ -463,7 +463,7 @@ alertmanager: image: registry: quay.io repository: prometheus/alertmanager - tag: v0.24.0 + tag: v0.25.0 sha: "" ## If true then the user will be responsible to provide a secret with alertmanager configuration @@ -798,6 +798,7 @@ grafana: datasources: enabled: true defaultDatasourceEnabled: true + isDefaultDatasource: true uid: prometheus @@ -1908,7 +1909,7 @@ prometheusOperator: image: registry: quay.io repository: prometheus-operator/prometheus-operator - tag: v0.60.1 + tag: v0.61.1 sha: "" pullPolicy: IfNotPresent @@ -1934,7 +1935,7 @@ prometheusOperator: image: registry: quay.io repository: prometheus-operator/prometheus-config-reloader - tag: v0.60.1 + tag: v0.61.1 sha: "" # resource config for prometheusConfigReloader @@ -1951,7 +1952,7 @@ prometheusOperator: thanosImage: registry: quay.io repository: thanos/thanos - tag: v0.28.1 + tag: v0.29.0 sha: "" ## Set a Field Selector to filter watched secrets @@ -2389,7 +2390,7 @@ prometheus: image: registry: quay.io repository: prometheus/prometheus - tag: v2.39.1 + tag: v2.40.5 sha: "" ## Tolerations for use with node taints @@ -3231,7 +3232,7 @@ thanosRuler: image: registry: quay.io repository: thanos/thanos - tag: v0.28.1 + tag: v0.29.0 sha: "" ## Namespaces to be selected for PrometheusRules discovery. diff --git a/charts/kubezero-metrics/jsonnet/jsonnetfile.lock.json b/charts/kubezero-metrics/jsonnet/jsonnetfile.lock.json index 38c75a1..abb6d35 100644 --- a/charts/kubezero-metrics/jsonnet/jsonnetfile.lock.json +++ b/charts/kubezero-metrics/jsonnet/jsonnetfile.lock.json @@ -18,7 +18,7 @@ "subdir": "contrib/mixin" } }, - "version": "f1842b6ecf67a8102766cc914eaa2a8c7ad97314", + "version": "9e3966fbce6dccd2271b7ade588fefeb4ca7b247", "sum": "W/Azptf1PoqjyMwJON96UY69MFugDA4IAYiKURscryc=" }, { @@ -48,7 +48,7 @@ "subdir": "grafana-builder" } }, - "version": "ae961c84758825e4e3fd7b70a3b391ffec76e4ae", + "version": "d68f9a6e0b1af7c4c4056dc2b43fb8f3bac01f43", "sum": "tDR6yT2GVfw0wTU12iZH+m01HrbIr6g/xN+/8nzNkU0=" }, { diff --git a/charts/kubezero-metrics/jsonnet/k8s-rules.yaml b/charts/kubezero-metrics/jsonnet/k8s-rules.yaml index c919591..ed9b4b0 100644 --- a/charts/kubezero-metrics/jsonnet/k8s-rules.yaml +++ b/charts/kubezero-metrics/jsonnet/k8s-rules.yaml @@ -1,4 +1,4 @@ - # cd rules; for f in *-prometheusRule; do echo "- name: ${f%%-prometheusRule}" >> ../k8s-rules.yaml; echo " url: file://rules/$f" >> ../k8s-rules.yaml; done; cd - +# cd rules; for f in *-prometheusRule; do echo "- name: ${f%%-prometheusRule}" >> ../k8s-rules.yaml; echo " url: file://rules/$f" >> ../k8s-rules.yaml; done; cd - rules: - name: alertmanager url: file://rules/alertmanager-prometheusRule diff --git a/charts/kubezero-metrics/templates/rules/zdt-inhibitors.yaml b/charts/kubezero-metrics/templates/rules/zdt-inhibitors.yaml new file mode 100644 index 0000000..30509f1 --- /dev/null +++ b/charts/kubezero-metrics/templates/rules/zdt-inhibitors.yaml @@ -0,0 +1,19 @@ +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ printf "%s-%s" (include "kubezero-lib.fullname" $) "zdt-inhibitors" | trunc 63 | trimSuffix "-" }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "kubezero-lib.labels" . | nindent 4 }} +spec: + groups: + - name: zdt-inhibitors + rules: + - alert: ClusterAutoscalerNodeGroupsEnabled + annotations: + description: "This rule is meant to inhibit other rules and should not be forwarded.\nThe Cluster Autoscaler found at least one node group" + summary: Cluster Autoscaler found at least one node group. + expr: 'cluster_autoscaler_node_groups_count{job="addons-aws-cluster-autoscaler",node_group_type="autoscaled"} > 0' + for: 15m + labels: + severity: none diff --git a/charts/kubezero-metrics/update.sh b/charts/kubezero-metrics/update.sh index 60ce078..a0a2108 100755 --- a/charts/kubezero-metrics/update.sh +++ b/charts/kubezero-metrics/update.sh @@ -1,7 +1,7 @@ #!/bin/bash set -ex -helm dep update +helm repo update VERSION=$(yq eval '.dependencies[] | select(.name=="kube-prometheus-stack") | .version' Chart.yaml) rm -rf charts/kube-prometheus-stack @@ -10,6 +10,8 @@ helm pull prometheus-community/kube-prometheus-stack --untar --untardir charts - # workaround for https://github.com/prometheus-community/helm-charts/issues/1500 patch -p0 -i zdt.patch --no-backup-if-mismatch +helm dep update + # Create ZDT dashboard, alerts etc configmaps cd jsonnet && make diff --git a/charts/kubezero-metrics/values.yaml b/charts/kubezero-metrics/values.yaml index 8a0c1f9..d8e6dac 100644 --- a/charts/kubezero-metrics/values.yaml +++ b/charts/kubezero-metrics/values.yaml @@ -225,15 +225,12 @@ kube-prometheus-stack: resolve_timeout: 5m route: group_by: ['severity', 'clusterName'] - group_wait: 30s + group_wait: 10s group_interval: 5m - repeat_interval: 6h + repeat_interval: 4h routes: - matchers: - - alertname = Watchdog - receiver: 'null' - - matchers: - - alertname = InfoInhibitor + - severity = none receiver: 'null' inhibit_rules: - equal: @@ -256,6 +253,11 @@ kube-prometheus-stack: - alertname = InfoInhibitor target_matchers: - severity = info + # Disable cluster overcommiy alerts if we have cluster autoscaler available + - source_matchers: + - alertname = ClusterAutoscalerNodeGroupsEnabled + target_matchers: + - alertname =~ "KubeCPUOvercommit|KubeMemoryOvercommit" alertmanagerSpec: # externalUrl: logFormat: json diff --git a/charts/kubezero-network/Chart.yaml b/charts/kubezero-network/Chart.yaml index fab3804..98a1bf9 100644 --- a/charts/kubezero-network/Chart.yaml +++ b/charts/kubezero-network/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: kubezero-network description: KubeZero umbrella chart for all things network type: application -version: 0.4.1 +version: 0.4.2 home: https://kubezero.com icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png keywords: @@ -19,7 +19,7 @@ dependencies: version: ">= 0.1.5" repository: https://cdn.zero-downtime.net/charts/ - name: cilium - version: 1.12.3 + version: 1.12.5 repository: https://helm.cilium.io/ condition: cilium.enabled - name: metallb diff --git a/charts/kubezero-network/README.md b/charts/kubezero-network/README.md index 6893893..8b2d601 100644 --- a/charts/kubezero-network/README.md +++ b/charts/kubezero-network/README.md @@ -1,6 +1,6 @@ # kubezero-network -![Version: 0.4.1](https://img.shields.io/badge/Version-0.4.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) +![Version: 0.4.2](https://img.shields.io/badge/Version-0.4.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) KubeZero umbrella chart for all things network @@ -19,7 +19,7 @@ Kubernetes: `>= 1.24.0` | Repository | Name | Version | |------------|------|---------| | https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.5 | -| https://helm.cilium.io/ | cilium | 1.12.3 | +| https://helm.cilium.io/ | cilium | 1.12.5 | | https://metallb.github.io/metallb | metallb | 0.13.7 | ## Values @@ -52,6 +52,9 @@ Kubernetes: `>= 1.24.0` | cilium.operator.tolerations[1].key | string | `"node-role.kubernetes.io/control-plane"` | | | cilium.prometheus.enabled | bool | `false` | | | cilium.prometheus.port | int | `9091` | | +| cilium.resources.limits.memory | string | `"1024Mi"` | | +| cilium.resources.requests.cpu | string | `"10m"` | | +| cilium.resources.requests.memory | string | `"256Mi"` | | | cilium.securityContext.privileged | bool | `true` | | | cilium.tunnel | string | `"geneve"` | | | metallb.controller.nodeSelector."node-role.kubernetes.io/control-plane" | string | `""` | | diff --git a/charts/kubezero-network/values.yaml b/charts/kubezero-network/values.yaml index 019dd04..0a85c94 100644 --- a/charts/kubezero-network/values.yaml +++ b/charts/kubezero-network/values.yaml @@ -34,6 +34,14 @@ cilium: securityContext: privileged: true + resources: + requests: + cpu: 10m + memory: 256Mi + limits: + memory: 1024Mi + # cpu: 4000m + cni: binPath: "/usr/libexec/cni" logFile: /var/log/cilium-cni.log diff --git a/charts/kubezero-sql/Chart.yaml b/charts/kubezero-sql/Chart.yaml index 6840e27..812e169 100644 --- a/charts/kubezero-sql/Chart.yaml +++ b/charts/kubezero-sql/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: kubezero-sql description: KubeZero umbrella chart for SQL databases, Percona XtraDB Cluster type: application -version: 0.3.0 +version: 0.3.1 home: https://kubezero.com icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png keywords: @@ -18,7 +18,7 @@ dependencies: version: ">= 0.1.5" repository: https://cdn.zero-downtime.net/charts/ - name: pxc-operator - version: 1.11.1 + version: 1.12.0 repository: https://percona.github.io/percona-helm-charts/ condition: pxc-operator.enabled - name: mariadb-galera diff --git a/charts/kubezero-sql/README.md b/charts/kubezero-sql/README.md index 492e81a..c875929 100644 --- a/charts/kubezero-sql/README.md +++ b/charts/kubezero-sql/README.md @@ -1,6 +1,6 @@ # kubezero-sql -![Version: 0.3.0](https://img.shields.io/badge/Version-0.3.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) +![Version: 0.3.1](https://img.shields.io/badge/Version-0.3.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) KubeZero umbrella chart for SQL databases, Percona XtraDB Cluster @@ -20,7 +20,7 @@ Kubernetes: `>= 1.20.0` |------------|------|---------| | https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.5 | | https://charts.bitnami.com/bitnami | mariadb-galera | 7.4.7 | -| https://percona.github.io/percona-helm-charts/ | pxc-operator | 1.11.1 | +| https://percona.github.io/percona-helm-charts/ | pxc-operator | 1.12.0 | ## Values diff --git a/charts/kubezero-storage/Chart.yaml b/charts/kubezero-storage/Chart.yaml index 8bc8969..0d8a987 100644 --- a/charts/kubezero-storage/Chart.yaml +++ b/charts/kubezero-storage/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: kubezero-storage description: KubeZero umbrella chart for all things storage incl. AWS EBS/EFS, openEBS-lvm, gemini type: application -version: 0.7.4 +version: 0.7.5 home: https://kubezero.com icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png keywords: @@ -28,7 +28,7 @@ dependencies: condition: gemini.enabled # repository: https://charts.fairwinds.com/stable - name: aws-ebs-csi-driver - version: 2.13.0 + version: 2.14.1 condition: aws-ebs-csi-driver.enabled repository: https://kubernetes-sigs.github.io/aws-ebs-csi-driver - name: aws-efs-csi-driver diff --git a/charts/kubezero-storage/README.md b/charts/kubezero-storage/README.md index 59a0baf..1372cb2 100644 --- a/charts/kubezero-storage/README.md +++ b/charts/kubezero-storage/README.md @@ -1,6 +1,6 @@ # kubezero-storage -![Version: 0.7.4](https://img.shields.io/badge/Version-0.7.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) +![Version: 0.7.5](https://img.shields.io/badge/Version-0.7.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) KubeZero umbrella chart for all things storage incl. AWS EBS/EFS, openEBS-lvm, gemini @@ -22,7 +22,7 @@ Kubernetes: `>= 1.24.0` | | gemini | 1.0.0 | | | lvm-localpv | 1.0.0 | | https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.6 | -| https://kubernetes-sigs.github.io/aws-ebs-csi-driver | aws-ebs-csi-driver | 2.13.0 | +| https://kubernetes-sigs.github.io/aws-ebs-csi-driver | aws-ebs-csi-driver | 2.14.1 | ## Values diff --git a/charts/kubezero-storage/jsonnet/jsonnetfile.lock.json b/charts/kubezero-storage/jsonnet/jsonnetfile.lock.json index e423b62..fe1c4ed 100644 --- a/charts/kubezero-storage/jsonnet/jsonnetfile.lock.json +++ b/charts/kubezero-storage/jsonnet/jsonnetfile.lock.json @@ -18,7 +18,7 @@ "subdir": "contrib/mixin" } }, - "version": "f1842b6ecf67a8102766cc914eaa2a8c7ad97314", + "version": "9e3966fbce6dccd2271b7ade588fefeb4ca7b247", "sum": "W/Azptf1PoqjyMwJON96UY69MFugDA4IAYiKURscryc=" }, { @@ -38,7 +38,7 @@ "subdir": "grafana-builder" } }, - "version": "ae961c84758825e4e3fd7b70a3b391ffec76e4ae", + "version": "d68f9a6e0b1af7c4c4056dc2b43fb8f3bac01f43", "sum": "tDR6yT2GVfw0wTU12iZH+m01HrbIr6g/xN+/8nzNkU0=" }, { diff --git a/charts/kubezero/README.md b/charts/kubezero/README.md index 261cf01..5d5cfe2 100644 --- a/charts/kubezero/README.md +++ b/charts/kubezero/README.md @@ -24,6 +24,7 @@ Kubernetes: `>= 1.24.0` | Key | Type | Default | Description | |-----|------|---------|-------------| +| addons.aws-eks-asg-rolling-update-handler.enabled | bool | `false` | | | addons.aws-node-termination-handler.enabled | bool | `false` | | | addons.cluster-autoscaler.enabled | bool | `false` | | | addons.clusterBackup.enabled | bool | `false` | | @@ -31,12 +32,12 @@ Kubernetes: `>= 1.24.0` | addons.external-dns.enabled | bool | `false` | | | addons.forseti.enabled | bool | `false` | | | addons.sealed-secrets.enabled | bool | `false` | | -| addons.targetRevision | string | `"0.7.2"` | | +| addons.targetRevision | string | `"0.7.3"` | | | argocd.argocd-image-updater.enabled | bool | `false` | | | argocd.enabled | bool | `false` | | | argocd.istio.enabled | bool | `false` | | | argocd.namespace | string | `"argocd"` | | -| argocd.targetRevision | string | `"0.11.1"` | | +| argocd.targetRevision | string | `"0.11.2"` | | | cert-manager.enabled | bool | `false` | | | cert-manager.namespace | string | `"cert-manager"` | | | cert-manager.targetRevision | string | `"0.9.3"` | | @@ -66,17 +67,18 @@ Kubernetes: `>= 1.24.0` | metrics.istio.grafana | object | `{}` | | | metrics.istio.prometheus | object | `{}` | | | metrics.namespace | string | `"monitoring"` | | -| metrics.targetRevision | string | `"0.8.8"` | | +| metrics.targetRevision | string | `"0.8.9"` | | | network.cilium.cluster | object | `{}` | | | network.enabled | bool | `true` | | | network.retain | bool | `true` | | -| network.targetRevision | string | `"0.4.1"` | | +| network.targetRevision | string | `"0.4.2"` | | | storage.aws-ebs-csi-driver.enabled | bool | `false` | | | storage.aws-efs-csi-driver.enabled | bool | `false` | | | storage.enabled | bool | `false` | | | storage.gemini.enabled | bool | `false` | | | storage.snapshotController.enabled | bool | `false` | | | storage.targetRevision | string | `"0.7.4"` | | +| storage.velero.enabled | bool | `false` | | ---------------------------------------------- Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/charts/kubezero/templates/addons.yaml b/charts/kubezero/templates/addons.yaml index e45e908..f0edc0f 100644 --- a/charts/kubezero/templates/addons.yaml +++ b/charts/kubezero/templates/addons.yaml @@ -28,32 +28,6 @@ forseti: iamRoleArn: "arn:aws:iam::{{ .Values.global.aws.accountId }}:role/{{ .Values.global.aws.region }}.{{ .Values.global.clusterName }}.kubezeroForseti" {{- end }} -aws-node-termination-handler: - enabled: {{ ternary "true" "false" (or (hasKey .Values.global "aws") (index .Values "addons" "aws-node-termination-handler" "enabled")) }} - - {{- with omit (index .Values "addons" "aws-node-termination-handler") "enabled" }} - {{- toYaml . | nindent 2 }} - {{- end }} - - {{- with .Values.metrics }} - enablePrometheusServer: {{ .enabled }} - {{- end }} - - {{- if .Values.global.aws }} - # AWS - queueURL: "https://sqs.{{ .Values.global.aws.region }}.amazonaws.com/{{ .Values.global.aws.accountId }}/{{ .Values.global.clusterName }}_Nth" - managedTag: "aws-node-termination-handler/{{ .Values.global.clusterName }}" - extraEnv: - - name: AWS_ROLE_ARN - value: "arn:aws:iam::{{ .Values.global.aws.accountId }}:role/{{ .Values.global.aws.region }}.{{ .Values.global.clusterName }}.awsNth" - - name: AWS_WEB_IDENTITY_TOKEN_FILE - value: "/var/run/secrets/sts.amazonaws.com/serviceaccount/token" - - name: AWS_STS_REGIONAL_ENDPOINTS - value: "regional" - - name: METADATA_TRIES - value: "0" - {{- end }} - external-dns: enabled: {{ ternary "true" "false" (or (hasKey .Values.global "aws") (index .Values "addons" "external-dns" "enabled")) }} @@ -157,6 +131,58 @@ sealed-secrets: {{- end }} {{- end }} +{{- if .Values.global.aws }} +# AWS only +aws-node-termination-handler: + enabled: {{ default "true" (index .Values "addons" "aws-node-termination-handler" "enabled") }} + + {{- with omit (index .Values "addons" "aws-node-termination-handler") "enabled" }} + {{- toYaml . | nindent 2 }} + {{- end }} + + {{- with .Values.metrics }} + enablePrometheusServer: {{ .enabled }} + {{- end }} + + queueURL: "https://sqs.{{ .Values.global.aws.region }}.amazonaws.com/{{ .Values.global.aws.accountId }}/{{ .Values.global.clusterName }}_Nth" + managedTag: "aws-node-termination-handler/{{ .Values.global.clusterName }}" + extraEnv: + - name: AWS_ROLE_ARN + value: "arn:aws:iam::{{ .Values.global.aws.accountId }}:role/{{ .Values.global.aws.region }}.{{ .Values.global.clusterName }}.awsNth" + - name: AWS_WEB_IDENTITY_TOKEN_FILE + value: "/var/run/secrets/sts.amazonaws.com/serviceaccount/token" + - name: AWS_STS_REGIONAL_ENDPOINTS + value: "regional" + - name: METADATA_TRIES + value: "0" + +aws-eks-asg-rolling-update-handler: + enabled: {{ default "true" (index .Values "addons" "aws-eks-asg-rolling-update-handler" "enabled") }} + + {{- with omit (index .Values "addons" "aws-eks-asg-rolling-update-handler") "enabled" }} + {{- toYaml . | nindent 2 }} + {{- end }} + + environmentVars: + - name: CLUSTER_NAME + value: {{ .Values.global.clusterName }} + - name: AWS_REGION + value: {{ .Values.global.aws.region }} + - name: EXECUTION_INTERVAL + value: "60" + - name: METRICS + value: "{{ .Values.metrics.enabled }}" + - name: EAGER_CORDONING + value: "true" + - name: SLOW_MODE + value: "true" + - name: AWS_ROLE_ARN + value: "arn:aws:iam::{{ .Values.global.aws.accountId }}:role/{{ .Values.global.aws.region }}.{{ .Values.global.clusterName }}.awsRuh" + - name: AWS_WEB_IDENTITY_TOKEN_FILE + value: "/var/run/secrets/sts.amazonaws.com/serviceaccount/token" + - name: AWS_STS_REGIONAL_ENDPOINTS +{{- end }} + {{- end }} {{- define "addons-argo" }} diff --git a/charts/kubezero/values.yaml b/charts/kubezero/values.yaml index 69e03dc..6c39133 100644 --- a/charts/kubezero/values.yaml +++ b/charts/kubezero/values.yaml @@ -10,24 +10,26 @@ global: addons: enabled: true - targetRevision: 0.7.2 + targetRevision: 0.7.3 external-dns: enabled: false forseti: enabled: false clusterBackup: enabled: false - aws-node-termination-handler: - enabled: false cluster-autoscaler: enabled: false sealed-secrets: enabled: false + aws-node-termination-handler: + enabled: false + aws-eks-asg-rolling-update-handler: + enabled: false network: enabled: true retain: true - targetRevision: 0.4.1 + targetRevision: 0.4.2 cilium: cluster: {} @@ -74,7 +76,7 @@ istio-private-ingress: metrics: enabled: false namespace: monitoring - targetRevision: 0.8.8 + targetRevision: 0.8.9 istio: grafana: {} prometheus: {} @@ -87,7 +89,7 @@ logging: argocd: enabled: false namespace: argocd - targetRevision: 0.11.1 + targetRevision: 0.11.2 argocd-image-updater: enabled: false istio: diff --git a/charts/manticore/Chart.yaml b/charts/manticore/Chart.yaml index 7335630..f8c61cb 100644 --- a/charts/manticore/Chart.yaml +++ b/charts/manticore/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 name: manticore description: Chart for Manticore type: application -version: 5.0.02 -appVersion: 5.0.02 +version: 5.0.25 +appVersion: 5.0.25 home: https://kubezero.com icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png keywords: @@ -17,5 +17,6 @@ dependencies: version: ">= 0.1.4" repository: https://cdn.zero-downtime.net/charts - name: manticoresearch - version: "=5.0.02" + version: "5.0.25" + repository: https://helm.manticoresearch.com kubeVersion: ">= 1.20.0" diff --git a/charts/manticore/README.md b/charts/manticore/README.md index aa20dec..52f4fb5 100644 --- a/charts/manticore/README.md +++ b/charts/manticore/README.md @@ -1,6 +1,6 @@ # manticore -![Version: 5.0.02](https://img.shields.io/badge/Version-5.0.02-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.02](https://img.shields.io/badge/AppVersion-5.0.02-informational?style=flat-square) +![Version: 5.0.25](https://img.shields.io/badge/Version-5.0.25-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.25](https://img.shields.io/badge/AppVersion-5.0.25-informational?style=flat-square) Chart for Manticore @@ -18,8 +18,8 @@ Kubernetes: `>= 1.20.0` | Repository | Name | Version | |------------|------|---------| -| | manticoresearch | =5.0.02 | | https://cdn.zero-downtime.net/charts | kubezero-lib | >= 0.1.4 | +| https://helm.manticoresearch.com | manticoresearch | 5.0.25 | ## Values diff --git a/docs/v1.24.md b/docs/v1.24.md index 75471dd..e76d08e 100644 --- a/docs/v1.24.md +++ b/docs/v1.24.md @@ -3,8 +3,11 @@ ## TODO ## What's new - Major themes -- Cilium is now the default CNI, calico got removed +- Cilium is now the default CNI, calico gets removed - cluster-autoscaler is enabled by default on AWS +- worker nodes are now automatically update to latest AMI and config in a rolling fashion +- integrated Bitnami Sealed Secrets controller + ## Version upgrades - cilium @@ -13,6 +16,9 @@ - aws-node-termination-handler - aws-ebs-csi-driver - aws-efs-csi-driver +- istio 1.16 +- argocd 2.5.5 + tweaks +- all things prometheus incl. automated muting of certain alarms, eg. CPUOverCommit when cluster-autoscaler is available ### FeatureGates - PodAndContainerStatsFromCRI @@ -21,22 +27,25 @@ # Upgrade `(No, really, you MUST read this before you upgrade)` -- Ensure your Kube context points to the correct cluster ! +Ensure your Kube context points to the correct cluster ! -1. Review CFN config for controller and workers ( enable containerProxy, remove legacy version settings etc ) +1. Review CFN config for controller and workers, no mandatory changes during this release though -2. Upgrade CFN stacks for the control plane and all worker groups +2. Upgrade CFN stacks for the control plane *ONLY* ! + Updating the workers CFN stacks would trigger rolling updates right away ! -3. Trigger fully-automated cluster upgrade: +3. Trigger cluster upgrade: `./admin/upgrade_cluster.sh ` 4. Reboot controller(s) one by one Wait each time for controller to join and all pods running. Might take a while ... -5. Launch new set of workers eg. by doubling `desired` for each worker ASG - once new workers are ready, cordon and drain all old workers -The cluster-autoscaler will remove the old workers automatically after about 10min ! +5. Upgrade CFN stacks for the workers. + This in turn will trigger automated worker updates by evicting pods and launching new workers in a rolling fashion. + Grab a coffee and keep an eye on the cluster to be safe ... 6. If all looks good, commit the ArgoApp resouce for Kubezero, before re-enabling ArgoCD itself. git add / commit / push `` + +7. Head over to ArgoCD and sync all KubeZero modules incl. `pruning` enabled to remove eg. Calico