From 74e07acf13e77a6f6bf40e97d5e56544c0faf824 Mon Sep 17 00:00:00 2001 From: Stefan Reimer Date: Thu, 26 Nov 2020 05:21:10 -0800 Subject: [PATCH] More fixes now adding ArgoCD --- charts/kubezero-argo-cd/README.md | 12 +- .../kubezero-argo-cd/templates/kubezero.yaml | 30 ++ charts/kubezero-argo-cd/values.yaml | 57 ++-- charts/kubezero-istio-ingress/README.md | 2 +- .../templates/namespace.yaml | 7 - charts/kubezero-istio/README.md | 2 +- .../kubezero-istio/templates/namespace.yaml | 7 - charts/kubezero-logging/README.md | 1 - charts/kubezero/.gitignore | 3 + charts/kubezero/.helmignore | 1 + charts/kubezero/Chart.yaml | 4 +- charts/kubezero/README.md | 3 +- {deploy => charts/kubezero}/bootstrap.sh | 7 +- .../kubezero/scripts}/argocd_password.py | 0 charts/kubezero/templates/_app.tpl | 22 +- charts/kubezero/templates/argo.yaml | 31 +++ charts/kubezero/templates/argoless.yaml | 19 ++ .../templates/aws-ebs-csi-driver.yaml | 15 +- .../templates/aws-efs-csi-driver.yaml | 25 +- charts/kubezero/templates/calico.yaml | 12 +- charts/kubezero/templates/cert-manager.yaml | 30 +- charts/kubezero/templates/istio-ingress.yaml | 42 ++- charts/kubezero/templates/istio.yaml | 18 +- charts/kubezero/templates/kiam.yaml | 21 +- .../templates/local-volume-provisioner.yaml | 8 +- charts/kubezero/templates/logging.yaml | 94 ++++++- charts/kubezero/templates/metrics.yaml | 39 ++- charts/kubezero/values-all.yaml | 41 --- charts/kubezero/values-calico.yaml | 17 -- charts/kubezero/values.yaml | 14 +- deploy/.gitignore | 1 - deploy/.helmignore | 23 -- deploy/Chart.yaml | 6 - deploy/argocd.sh | 30 -- deploy/argocd/app.yaml | 26 -- deploy/templates/values.yaml | 259 ------------------ deploy/values.yaml | 57 ---- 37 files changed, 398 insertions(+), 588 deletions(-) rename deploy/argocd/project.yaml => charts/kubezero-argo-cd/templates/kubezero.yaml (58%) delete mode 100644 charts/kubezero-istio-ingress/templates/namespace.yaml delete mode 100644 charts/kubezero-istio/templates/namespace.yaml create mode 100644 charts/kubezero/.gitignore rename {deploy => charts/kubezero}/bootstrap.sh (98%) rename {deploy => charts/kubezero/scripts}/argocd_password.py (100%) create mode 100644 charts/kubezero/templates/argo.yaml create mode 100644 charts/kubezero/templates/argoless.yaml delete mode 100644 charts/kubezero/values-all.yaml delete mode 100644 charts/kubezero/values-calico.yaml delete mode 100644 deploy/.gitignore delete mode 100644 deploy/.helmignore delete mode 100644 deploy/Chart.yaml delete mode 100755 deploy/argocd.sh delete mode 100644 deploy/argocd/app.yaml delete mode 100644 deploy/templates/values.yaml delete mode 100644 deploy/values.yaml diff --git a/charts/kubezero-argo-cd/README.md b/charts/kubezero-argo-cd/README.md index 43b4c4b..41222fa 100644 --- a/charts/kubezero-argo-cd/README.md +++ b/charts/kubezero-argo-cd/README.md @@ -14,7 +14,7 @@ KubeZero ArgoCD Helm chart to install ArgoCD itself and the KubeZero ArgoCD Appl ## Requirements -Kubernetes: `>= 1.17.0` +Kubernetes: `>= 1.16.0` | Repository | Name | Version | |------------|------|---------| @@ -52,10 +52,12 @@ Kubernetes: `>= 1.17.0` | istio.enabled | bool | `false` | Deploy Istio VirtualService to expose ArgoCD | | istio.gateway | string | `"istio-ingress/ingressgateway"` | Name of the Istio gateway to add the VirtualService to | | istio.ipBlocks | list | `[]` | | -| kubezero.global.defaultDestination | object | `{"server":"https://kubernetes.default.svc"}` | Destination cluster | -| kubezero.global.defaultSource.pathPrefix | string | `""` | optional path prefix within repoURL to support eg. remote subtrees | -| kubezero.global.defaultSource.repoURL | string | `"https://github.com/zero-down-time/kubezero"` | default repository for argocd applications | -| kubezero.global.defaultSource.targetRevision | string | `"HEAD"` | default tracking of repoURL | +| kubezero.enabled | bool | `false` | | +| kubezero.path | string | `"charts/kubezero"` | path within repoURL | +| kubezero.repoURL | string | `"https://github.com/zero-down-time/kubezero"` | repository for kubezero argo applications | +| kubezero.server | string | `"https://kubernetes.default.svc"` | destination cluster | +| kubezero.targetRevision | string | `"HEAD"` | git branch to track | +| kubezero.valuesFiles[0] | string | `"values.yaml"` | | ## Resources - https://argoproj.github.io/argo-cd/operator-manual/metrics/ diff --git a/deploy/argocd/project.yaml b/charts/kubezero-argo-cd/templates/kubezero.yaml similarity index 58% rename from deploy/argocd/project.yaml rename to charts/kubezero-argo-cd/templates/kubezero.yaml index 9d992f2..36808fd 100644 --- a/deploy/argocd/project.yaml +++ b/charts/kubezero-argo-cd/templates/kubezero.yaml @@ -1,3 +1,4 @@ +{{- if .Values.kubezero.enabled }} apiVersion: argoproj.io/v1alpha1 kind: AppProject metadata: @@ -33,3 +34,32 @@ spec: clusterResourceWhitelist: - group: '*' kind: '*' + +--- +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: kubezero + namespace: argocd + labels: +{{ include "kubezero-lib.labels" . | indent 4 }} +spec: + project: kubezero + source: + repoURL: {{ .Values.kubezero.repoURL }} + targetRevision: {{ .Values.kubezero.targetRevision }} + path: {{ .Values.kubezero.path }} + + helm: + valueFiles: + {{- toYaml .Values.kubezero.valuesFiles | nindent 6 }} + + destination: + server: {{ .Values.kubezero.server }} + namespace: argocd + + {{- with .Values.kubezero.syncPolicy }} + syncPolicy: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/kubezero-argo-cd/values.yaml b/charts/kubezero-argo-cd/values.yaml index e128ece..481fd85 100644 --- a/charts/kubezero-argo-cd/values.yaml +++ b/charts/kubezero-argo-cd/values.yaml @@ -1,24 +1,35 @@ +# Configure app of apps kubezero: - global: - # kubezero.global.defaultDestination -- Destination cluster - defaultDestination: - server: https://kubernetes.default.svc + enabled: false - # This repoURL is used a base for all the repoURLs applications - # Setting this to a eg. private git repo incl. the use of pathPrefix allows kubezero to be - # integrated into any repository as a git subtree if for example public internet access is unavailable - defaultSource: - # kubezero.global.defaultSource.repoURL -- default repository for argocd applications - repoURL: https://github.com/zero-down-time/kubezero - # kubezero.global.defaultSource.targetRevision -- default tracking of repoURL - targetRevision: HEAD - # kubezero.global.defaultSource.pathPrefix -- optional path prefix within repoURL to support eg. remote subtrees - pathPrefix: '' + # kubezero.server -- destination cluster + server: https://kubernetes.default.svc - # syncPolicy, details see: https://argoproj.github.io/argo-cd/user-guide/auto_sync - #syncPolicy: - # automated: - # prune: true + # This repoURL is used a base for all the repoURLs applications + # Setting this to a eg. private git repo incl. the use of pathPrefix allows kubezero to be + # integrated into any repository as a git subtree if for example public internet access is unavailable + # kubezero.repoURL -- repository for kubezero argo applications + repoURL: https://github.com/zero-down-time/kubezero + # kubezero.targetRevision -- git branch to track + targetRevision: HEAD + # kubezero.path -- path within repoURL + path: 'charts/kubezero' + + # syncPolicy, details see: https://argoproj.github.io/argo-cd/user-guide/auto_sync + #syncPolicy: + # automated: + # prune: true + + valuesFiles: + - values.yaml + +# Support for Istio Ingress for ArgoCD +istio: + # istio.enabled -- Deploy Istio VirtualService to expose ArgoCD + enabled: false + # istio.gateway -- Name of the Istio gateway to add the VirtualService to + gateway: istio-ingress/ingressgateway + ipBlocks: [] argo-cd: installCRDs: false @@ -70,6 +81,9 @@ argo-cd: # argo-cd.server.config.url -- ArgoCD hostname to be exposed via Istio url: argocd.example.com + #repositories: | + # - url: https://zero-down-time.github.io/kubezero.git + resource.customizations: | cert-manager.io/Certificate: # Lua script for customizing the health status assessment @@ -115,10 +129,3 @@ argo-cd: dex: enabled: false - -istio: - # istio.enabled -- Deploy Istio VirtualService to expose ArgoCD - enabled: false - # istio.gateway -- Name of the Istio gateway to add the VirtualService to - gateway: istio-ingress/ingressgateway - ipBlocks: [] diff --git a/charts/kubezero-istio-ingress/README.md b/charts/kubezero-istio-ingress/README.md index 0f29ec0..f865751 100644 --- a/charts/kubezero-istio-ingress/README.md +++ b/charts/kubezero-istio-ingress/README.md @@ -16,7 +16,7 @@ Installs Istio Ingress Gateways, requires kubezero-istio to be installed ! ## Requirements -Kubernetes: `>= 1.17.0` +Kubernetes: `>= 1.16.0` | Repository | Name | Version | |------------|------|---------| diff --git a/charts/kubezero-istio-ingress/templates/namespace.yaml b/charts/kubezero-istio-ingress/templates/namespace.yaml deleted file mode 100644 index 00d40d7..0000000 --- a/charts/kubezero-istio-ingress/templates/namespace.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: istio-ingress - labels: - istio-injection: disabled -{{ include "kubezero-lib.labels" . | indent 4 }} diff --git a/charts/kubezero-istio/README.md b/charts/kubezero-istio/README.md index 5bcbce4..ed991a0 100644 --- a/charts/kubezero-istio/README.md +++ b/charts/kubezero-istio/README.md @@ -16,7 +16,7 @@ Installs the Istio control plane ## Requirements -Kubernetes: `>= 1.17.0` +Kubernetes: `>= 1.16.0` | Repository | Name | Version | |------------|------|---------| diff --git a/charts/kubezero-istio/templates/namespace.yaml b/charts/kubezero-istio/templates/namespace.yaml deleted file mode 100644 index 92cf7fe..0000000 --- a/charts/kubezero-istio/templates/namespace.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: istio-system - labels: - istio-injection: disabled -{{ include "kubezero-lib.labels" . | indent 4 }} diff --git a/charts/kubezero-logging/README.md b/charts/kubezero-logging/README.md index 8788a32..e83b7fc 100644 --- a/charts/kubezero-logging/README.md +++ b/charts/kubezero-logging/README.md @@ -74,7 +74,6 @@ Kubernetes: `>= 1.16.0` | fluent-bit.config.service | string | `"[SERVICE]\n Flush 1\n Daemon Off\n Log_Level warn\n Parsers_File parsers.conf\n Parsers_File custom_parsers.conf\n HTTP_Server On\n HTTP_Listen 0.0.0.0\n HTTP_Port 2020\n"` | | | fluent-bit.enabled | bool | `false` | | | fluent-bit.serviceMonitor.enabled | bool | `true` | | -| fluent-bit.serviceMonitor.namespace | string | `"monitoring"` | | | fluent-bit.serviceMonitor.selector.release | string | `"metrics"` | | | fluent-bit.test.enabled | bool | `false` | | | fluent-bit.tolerations[0].effect | string | `"NoSchedule"` | | diff --git a/charts/kubezero/.gitignore b/charts/kubezero/.gitignore new file mode 100644 index 0000000..9466e0c --- /dev/null +++ b/charts/kubezero/.gitignore @@ -0,0 +1,3 @@ +kubezero.??? +charts/*.tgz +Chart.lock diff --git a/charts/kubezero/.helmignore b/charts/kubezero/.helmignore index 0e8a0eb..4a84d83 100644 --- a/charts/kubezero/.helmignore +++ b/charts/kubezero/.helmignore @@ -21,3 +21,4 @@ .idea/ *.tmproj .vscode/ +Chart.lock diff --git a/charts/kubezero/Chart.yaml b/charts/kubezero/Chart.yaml index a39534d..5266f58 100644 --- a/charts/kubezero/Chart.yaml +++ b/charts/kubezero/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 name: kubezero -description: KubeZero ArgoCD Application - Root App of Apps chart of KubeZero +description: KubeZero - Bootstrap and ArgoCD Root App of Apps chart type: application -version: 0.4.5 +version: 0.5.0 home: https://kubezero.com icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png keywords: diff --git a/charts/kubezero/README.md b/charts/kubezero/README.md index 4e6d150..0a6deb8 100644 --- a/charts/kubezero/README.md +++ b/charts/kubezero/README.md @@ -1,6 +1,6 @@ # kubezero -![Version: 0.4.5](https://img.shields.io/badge/Version-0.4.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) +![Version: 0.5.0](https://img.shields.io/badge/Version-0.5.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) KubeZero ArgoCD Application - Root App of Apps chart of KubeZero @@ -46,7 +46,6 @@ Kubernetes: `>= 1.16.0` | logging.namespace | string | `"logging"` | | | metrics.enabled | bool | `false` | | | metrics.namespace | string | `"monitoring"` | | -| platform | string | `"aws"` | | ---------------------------------------------- Autogenerated from chart metadata using [helm-docs v1.2.1](https://github.com/norwoodj/helm-docs/releases/v1.2.1) diff --git a/deploy/bootstrap.sh b/charts/kubezero/bootstrap.sh similarity index 98% rename from deploy/bootstrap.sh rename to charts/kubezero/bootstrap.sh index 370a16c..7a5bdbd 100755 --- a/deploy/bootstrap.sh +++ b/charts/kubezero/bootstrap.sh @@ -3,7 +3,8 @@ set -ex ACTION=$1 ARTIFACTS=("$2") -LOCATION=${3:-""} +VALUES=$3 +LOCATION=${4:-""} DEPLOY_DIR=$( dirname $( realpath $0 )) which yq || { echo "yq not found!"; exit 1; } @@ -12,7 +13,7 @@ TMPDIR=$(mktemp -d kubezero.XXX) # First lets generate kubezero.yaml # This will be stored as secret during the initial kubezero chart install -helm template $DEPLOY_DIR -f values.yaml -f cloudbender.yaml > $TMPDIR/kubezero.yaml +helm template $DEPLOY_DIR -f $VALUES -f cloudbender.yaml --set argo=false > $TMPDIR/kubezero.yaml if [ ${ARTIFACTS[0]} == "all" ]; then ARTIFACTS=($(yq r -p p $TMPDIR/kubezero.yaml "*.enabled" | awk -F "." '{print $1}')) @@ -316,7 +317,7 @@ function argo-cd() { deploy $chart $release $namespace -f $TMPDIR/values.yaml # Install the kubezero app of apps - deploy kubezero kubezero argocd -f $TMPDIR/kubezero.yaml + # deploy kubezero kubezero $namespace -f $TMPDIR/kubezero.yaml elif [ $task == "delete" ]; then delete $chart $release $namespace -f $TMPDIR/values.yaml diff --git a/deploy/argocd_password.py b/charts/kubezero/scripts/argocd_password.py similarity index 100% rename from deploy/argocd_password.py rename to charts/kubezero/scripts/argocd_password.py diff --git a/charts/kubezero/templates/_app.tpl b/charts/kubezero/templates/_app.tpl index 166550d..3404a9e 100644 --- a/charts/kubezero/templates/_app.tpl +++ b/charts/kubezero/templates/_app.tpl @@ -1,7 +1,7 @@ {{- define "kubezero-app.app" }} {{- $name := regexReplaceAll "kubezero/templates/([a-z-]*)..*" .Template.Name "${1}" }} -{{- $my_values := index .Values $name "values" }} +{{- if and .Values.argo ( index .Values $name "enabled" ) }} apiVersion: argoproj.io/v1alpha1 kind: Application metadata: @@ -17,21 +17,23 @@ spec: project: kubezero source: - repoURL: {{ .Values.global.defaultSource.repoURL }} - targetRevision: {{ .Values.global.defaultSource.targetRevision }} - path: {{ .Values.global.defaultSource.pathPrefix}}charts/kubezero-{{ $name }} - {{- if $my_values }} + repoURL: {{ .Values.global.kubezero.repoURL }} + targetRevision: {{ .Values.global.kubezero.targetRevision }} + path: {{ .Values.global.kubezero.pathPrefix}}charts/kubezero-{{ $name }} helm: values: | -{{- toYaml $my_values | nindent 8 }} - {{- end }} +{{- include (print $name "-values") $ | nindent 8 }} destination: - server: {{ .Values.global.defaultDestination.server }} + server: {{ .Values.global.kubezero.server }} namespace: {{ default "kube-system" ( index .Values $name "namespace" ) }} - {{- if .Values.global.syncPolicy }} + {{- with .Values.global.kubezero.syncPolicy }} syncPolicy: - {{- toYaml .Values.global.syncPolicy | nindent 4 }} + {{- toYaml . | nindent 4 }} {{- end }} + +{{- include (print $name "-argo") $ }} +{{- end }} + {{- end }} diff --git a/charts/kubezero/templates/argo.yaml b/charts/kubezero/templates/argo.yaml new file mode 100644 index 0000000..ab4940b --- /dev/null +++ b/charts/kubezero/templates/argo.yaml @@ -0,0 +1,31 @@ +{{- define "argo-cd-values" }} +argo-cd: + controller: + metrics: + enabled: {{ .Values.metrics.enabled }} + repoServer: + metrics: + enabled: {{ .Values.metrics.enabled }} + server: + metrics: + enabled: {{ .Values.metrics.enabled }} + {{- with index .Values "argo-cd" "server" }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with index .Values "argo-cd" "configs" }} + configs: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- if and ( index .Values "argo-cd" "istio" "enabled" ) .Values.istio.enabled }} +istio: + {{- with index .Values "argo-cd" "istio" }} + {{- toYaml . | nindent 2 }} + {{- end }} +{{- end }} + +{{- with index .Values "argo-cd" "kubezero" }} +kubezero: + {{- toYaml . | nindent 2 }} +{{- end }} + +{{- end }} diff --git a/charts/kubezero/templates/argoless.yaml b/charts/kubezero/templates/argoless.yaml new file mode 100644 index 0000000..00cfb8b --- /dev/null +++ b/charts/kubezero/templates/argoless.yaml @@ -0,0 +1,19 @@ +{{- if not .Values.argo }} + +{{- $artifacts := list "calico" "cert-manager" "kiam" "aws-ebs-csi-driver" "aws-efs-csi-driver" "local-volume-provisioner" "istio" "istio-ingress" "metrics" "logging" "argo-cd" }} + +{{- if .Values.global }} +global: + {{- toYaml .Values.global | nindent 2 }} +{{- end }} + +{{- range $artifacts }} +{{- if index $.Values . }} +{{ . }}: + enabled: {{ index $.Values . "enabled" }} + values: + {{- include (print . "-values") $ | nindent 4 }} +{{- end }} +{{- end }} + +{{- end }} diff --git a/charts/kubezero/templates/aws-ebs-csi-driver.yaml b/charts/kubezero/templates/aws-ebs-csi-driver.yaml index 66d7215..3f404db 100644 --- a/charts/kubezero/templates/aws-ebs-csi-driver.yaml +++ b/charts/kubezero/templates/aws-ebs-csi-driver.yaml @@ -1,3 +1,14 @@ -{{- if index .Values "aws-ebs-csi-driver" "enabled" }} -{{ include "kubezero-app.app" . }} +{{- define "aws-ebs-csi-driver-values" }} +aws-ebs-csi-driver: + replicaCount: {{ ternary 2 1 .Values.HighAvailableControlplane }} + podAnnotations: + iam.amazonaws.com/role: {{ index .Values "aws-ebs-csi-driver" "IamArn" | quote }} + extraVolumeTags: + Name: {{ .Values.ClusterName }} {{- end }} + + +{{- define "aws-ebs-csi-driver-argo" }} +{{- end }} + +{{ include "kubezero-app.app" . }} diff --git a/charts/kubezero/templates/aws-efs-csi-driver.yaml b/charts/kubezero/templates/aws-efs-csi-driver.yaml index f3675d3..a3de0f9 100644 --- a/charts/kubezero/templates/aws-efs-csi-driver.yaml +++ b/charts/kubezero/templates/aws-efs-csi-driver.yaml @@ -1,3 +1,24 @@ -{{- if index .Values "aws-efs-csi-driver" "enabled" }} -{{ include "kubezero-app.app" . }} +{{- define "aws-efs-csi-driver-values" }} +{{- with index .Values "aws-efs-csi-driver" "nodeSelector" }} +aws-efs-csi-driver: + nodeSelector: + {{- toYaml . | nindent 4 }} {{- end }} +{{- with index .Values "aws-efs-csi-driver" "PersistentVolumes" }} +PersistentVolumes: +{{- toYaml . | nindent 2 }} +{{- end }} +{{- if index .Values "aws-efs-csi-driver" "EfsId" }} +PersistentVolume: + create: true + EfsId: {{ index .Values "aws-efs-csi-driver" "EfsId" }} + Name: {{ default "kubezero-efs-pv" ( index .Values "aws-efs-csi-driver" "PVName" ) }} +{{- end }} + +{{- end }} + + +{{- define "aws-efs-csi-driver-argo" }} +{{- end }} + +{{ include "kubezero-app.app" . }} diff --git a/charts/kubezero/templates/calico.yaml b/charts/kubezero/templates/calico.yaml index fa61d2a..432da71 100644 --- a/charts/kubezero/templates/calico.yaml +++ b/charts/kubezero/templates/calico.yaml @@ -1,5 +1,11 @@ -{{- if .Values.calico.enabled }} -{{ include "kubezero-app.app" . }} +{{- define "calico-values" }} +network: {{ default "vxlan" .Values.calico.network }} +mtu: {{ default "8941" .Values.calico.mtu }} +prometheus: {{ .Values.metrics.enabled }} +{{- end }} + + +{{- define "calico-argo" }} ignoreDifferences: - group: apiextensions.k8s.io @@ -7,3 +13,5 @@ jsonPointers: - /status {{- end }} + +{{ include "kubezero-app.app" . }} diff --git a/charts/kubezero/templates/cert-manager.yaml b/charts/kubezero/templates/cert-manager.yaml index d7bd21b..d561363 100644 --- a/charts/kubezero/templates/cert-manager.yaml +++ b/charts/kubezero/templates/cert-manager.yaml @@ -1,13 +1,23 @@ -{{- if index .Values "cert-manager" "enabled" }} -{{ include "kubezero-app.app" . }} +{{- define "cert-manager-values" }} +localCA: + enabled: true +{{ with index .Values "cert-manager" "IamArn" }} +cert-manager: + podAnnotations: + iam.amazonaws.com/role: "{{ . }}" +{{- end }} ---- -apiVersion: v1 -kind: Namespace -metadata: - name: cert-manager -{{- if index .Values "kiam" "enabled" }} - annotations: - iam.amazonaws.com/permitted: ".*CertManagerRole.*" +{{- with index .Values "cert-manager" "clusterIssuer" }} +clusterIssuer: + {{- . | toYaml | nindent 2 }} {{- end }} + {{- end }} + + +{{- define "cert-manager-argo" }} +{{- end }} + +{{- end }} + +{{ include "kubezero-app.app" . }} diff --git a/charts/kubezero/templates/istio-ingress.yaml b/charts/kubezero/templates/istio-ingress.yaml index c385e10..39fa737 100644 --- a/charts/kubezero/templates/istio-ingress.yaml +++ b/charts/kubezero/templates/istio-ingress.yaml @@ -1,8 +1,36 @@ -{{- if index .Values "istio-ingress" "enabled" }} -{{ include "kubezero-app.app" . }} ---- -apiVersion: v1 -kind: Namespace -metadata: - name: istio-ingress +{{- define "istio-ingress-values" }} +{{- if index .Values "istio-ingress" "public" }} +istio-ingress: + enabled: {{ index .Values "istio-ingress" "public" "enabled" }} + {{- with index .Values "istio-ingress" "public" "gateway" }} + gateways: + istio-ingressgateway: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with index .Values "istio-ingress" "public" "dnsNames" }} + dnsNames: + {{- toYaml . | nindent 2 }} + {{- end }} {{- end }} + +{{- if index .Values "istio-ingress" "private" }} +istio-private-ingress: + enabled: {{ index .Values "istio-ingress" "private" "enabled" }} + {{- with index .Values "istio-ingress" "private" "gateway" }} + gateways: + istio-ingressgateway: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with index .Values "istio-ingress" "private" "dnsNames" }} + dnsNames: + {{- toYaml . | nindent 2 }} + {{- end }} +{{- end }} + +{{- end }} + + +{{- define "istio-ingress-argo" }} +{{- end }} + +{{ include "kubezero-app.app" . }} diff --git a/charts/kubezero/templates/istio.yaml b/charts/kubezero/templates/istio.yaml index 00233d0..eae91c7 100644 --- a/charts/kubezero/templates/istio.yaml +++ b/charts/kubezero/templates/istio.yaml @@ -1,5 +1,11 @@ -{{- if .Values.istio.enabled }} -{{ include "kubezero-app.app" . }} +{{- define "istio-values" }} +istio-discovery: + pilot: + replicaCount: {{ ternary 2 1 .Values.HighAvailableControlplane }} +{{- end }} + + +{{- define "istio-argo" }} ignoreDifferences: - group: apiextensions.k8s.io @@ -17,10 +23,6 @@ jsonPointers: - /webhooks/0/clientConfig/caBundle - /webhooks/0/failurePolicy - ---- -apiVersion: v1 -kind: Namespace -metadata: - name: istio-system {{- end }} + +{{ include "kubezero-app.app" . }} diff --git a/charts/kubezero/templates/kiam.yaml b/charts/kubezero/templates/kiam.yaml index a23ed62..3e4cb12 100644 --- a/charts/kubezero/templates/kiam.yaml +++ b/charts/kubezero/templates/kiam.yaml @@ -1,3 +1,20 @@ -{{- if index .Values "kiam" "enabled" }} -{{ include "kubezero-app.app" . }} +{{- define "kiam-values" }} +kiam: + server: + assumeRoleArn: "{{ .Values.kiam.IamArn }}" + deployment: + replicas: {{ ternary 2 1 .Values.HighAvailableControlplane }} + prometheus: + servicemonitor: + enabled: {{ .Values.metrics.enabled }} + agent: + prometheus: + servicemonitor: + enabled: {{ .Values.metrics.enabled }} {{- end }} + + +{{- define "kiam-argo" }} +{{- end }} + +{{ include "kubezero-app.app" . }} diff --git a/charts/kubezero/templates/local-volume-provisioner.yaml b/charts/kubezero/templates/local-volume-provisioner.yaml index 5961f72..0cc9bf8 100644 --- a/charts/kubezero/templates/local-volume-provisioner.yaml +++ b/charts/kubezero/templates/local-volume-provisioner.yaml @@ -1,3 +1,7 @@ -{{- if index .Values "local-volume-provisioner" "enabled" }} -{{ include "kubezero-app.app" . }} +{{- define "local-volume-provisioner-values" }} {{- end }} + +{{- define "local-volume-provisioner-argo" }} +{{- end }} + +{{ include "kubezero-app.app" . }} diff --git a/charts/kubezero/templates/logging.yaml b/charts/kubezero/templates/logging.yaml index ef8f5e4..3bee94e 100644 --- a/charts/kubezero/templates/logging.yaml +++ b/charts/kubezero/templates/logging.yaml @@ -1,5 +1,86 @@ -{{- if index .Values "logging" "enabled" }} -{{ include "kubezero-app.app" . }} +{{- define "logging-values" }} + +{{- with index .Values "logging" "eck-operator" }} +eck-operator: + {{- toYaml . | nindent 2 }} +{{- end }} + +{{- if .Values.logging.elastic_password }} +elastic_password: {{ .Values.logging.elastic_password }} +{{- end }} + +{{- if .Values.logging.version }} +version: {{ .Values.logging.version }} +{{- end }} + +{{- if .Values.logging.fullnameOverride }} +fullnameOverride: {{ .Values.logging.fullnameOverride }} +{{- end }} + +{{- if .Values.logging.es }} +es: + {{- if .Values.logging.es.nodeSets }} + nodeSets: + {{- with .Values.logging.es.nodeSets }} + {{- toYaml . | nindent 2 }} + {{- end }} + {{- end }} + prometheus: {{ .Values.metrics.enabled }} + + {{- if .Values.logging.es.s3Snapshot }} + s3Snapshot: + {{- with .Values.logging.es.s3Snapshot }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} + +{{- if .Values.logging.kibana }} +kibana: + {{- with .Values.logging.kibana }} + {{- toYaml . | nindent 2 }} + {{- end }} +{{- end }} + +{{- if .Values.logging.fluentd }} +fluentd: + enabled: {{ .Values.logging.fluentd.enabled }} + metrics: + enabled: {{ .Values.metrics.enabled }} + url: {{ .Values.logging.fluentd.url }} + {{- if .Values.logging.fluentd.output }} + output: + host: {{ .Values.logging.fluentd.output.host }} + {{- end }} + {{- if .Values.logging.fluentd.extraEnvVars }} + extraEnvVars: + {{- toYaml .Values.logging.fluentd.extraEnvVars | nindent 8 }} + {{- end }} + {{- if and .Values.logging.fluentd.istio .Values.istio.enabled }} + istio: + {{- with .Values.logging.fluentd.istio }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} + +{{- if index .Values "logging" "fluent-bit" }} +fluent-bit: + enabled: {{ index .Values.logging "fluent-bit" "enabled" }} + serviceMonitor: + enabled: {{ .Values.metrics.enabled }} + {{- if index .Values.logging "fluent-bit" "config" }} + config: + {{- with index .Values.logging "fluent-bit" "config" }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} + +{{- end }} + + +{{- define "logging-argo" }} ignoreDifferences: - group: admissionregistration.k8s.io @@ -16,11 +97,6 @@ kind: CustomResourceDefinition jsonPointers: - /status ---- -apiVersion: v1 -kind: Namespace -metadata: - name: logging - annotations: - iam.amazonaws.com/permitted: ".*ElasticSearchSnapshots.*" {{- end }} + +{{ include "kubezero-app.app" . }} diff --git a/charts/kubezero/templates/metrics.yaml b/charts/kubezero/templates/metrics.yaml index 428f8d4..3d7309a 100644 --- a/charts/kubezero/templates/metrics.yaml +++ b/charts/kubezero/templates/metrics.yaml @@ -1,21 +1,42 @@ -{{- if index .Values "metrics" "enabled" }} -{{ include "kubezero-app.app" . }} +{{- define "metrics-values" }} + +{{- if .Values.metrics.istio.grafana.enabled }} +grafana: + istio: + {{- with .Values.metrics.istio.grafana }} + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} +{{- if .Values.metrics.istio.prometheus.enabled }} +prometheus: + istio: + {{- with .Values.metrics.istio.prometheus }} + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} +{{- if index .Values "metrics" "kube-prometheus-stack" }} +kube-prometheus-stack: + {{- with index .Values "metrics" "kube-prometheus-stack" }} + {{- toYaml . | nindent 2 }} + {{- end }} +{{- end }} + +{{- end }} + + +{{- define "metrics-argo" }} ignoreDifferences: - group: admissionregistration.k8s.io kind: ValidatingWebhookConfiguration jsonPointers: - - /webhooks/0/clientConfig/caBundle - /webhooks/0/failurePolicy - group: admissionregistration.k8s.io kind: MutatingWebhookConfiguration jsonPointers: - - /webhooks/0/clientConfig/caBundle - /webhooks/0/failurePolicy ---- -apiVersion: v1 -kind: Namespace -metadata: - name: monitoring {{- end }} + + +{{ include "kubezero-app.app" . }} diff --git a/charts/kubezero/values-all.yaml b/charts/kubezero/values-all.yaml deleted file mode 100644 index e99e14c..0000000 --- a/charts/kubezero/values-all.yaml +++ /dev/null @@ -1,41 +0,0 @@ -global: - defaultDestination: - server: https://kubernetes.default.svc - - # This repoURL is used a base for all the repoURLs applications - # Setting this to a eg. private git repo incl. the use of pathPrefix allows kubezero to be - # integrated into any repository as a git subtree if for example public internet access is unavailable - defaultSource: - # defaultSource.repoURL -- default repository for argocd applications - repoURL: https://github.com/zero-down-time/kubezero - # defaultSource.targetRevision -- default tracking of repoURL - targetRevision: HEAD - # defaultSource.pathPrefix -- optional path prefix within repoURL to support eg. remote subtrees - pathPrefix: '' - -calico: - enabled: true - -local-volume-provisioner: - enabled: true - -cert-manager: - enabled: true - -kiam: - enabled: true - -aws-ebs-csi-driver: - enabled: true - -aws-efs-csi-driver: - enabled: true - -istio: - enabled: true - -metrics: - enabled: true - -logging: - enabled: true diff --git a/charts/kubezero/values-calico.yaml b/charts/kubezero/values-calico.yaml deleted file mode 100644 index 618c328..0000000 --- a/charts/kubezero/values-calico.yaml +++ /dev/null @@ -1,17 +0,0 @@ -global: - defaultDestination: - server: https://kubernetes.default.svc - - # This repoURL is used a base for all the repoURLs applications - # Setting this to a eg. private git repo incl. the use of pathPrefix allows kubezero to be - # integrated into any repository as a git subtree if for example public internet access is unavailable - defaultSource: - # defaultSource.repoURL -- default repository for argocd applications - repoURL: https://github.com/zero-down-time/kubezero - # defaultSource.targetRevision -- default tracking of repoURL - targetRevision: HEAD - # defaultSource.pathPrefix -- optional path prefix within repoURL to support eg. remote subtrees - pathPrefix: '' - -calico: - enabled: true diff --git a/charts/kubezero/values.yaml b/charts/kubezero/values.yaml index 297b28a..3ac9c51 100644 --- a/charts/kubezero/values.yaml +++ b/charts/kubezero/values.yaml @@ -1,20 +1,12 @@ +argo: {} + global: - defaultDestination: + argo: server: https://kubernetes.default.svc - - # This repoURL is used a base for all the repoURLs applications - # Setting this to a eg. private git repo incl. the use of pathPrefix allows kubezero to be - # integrated into any repository as a git subtree if for example public internet access is unavailable - defaultSource: - # defaultSource.repoURL -- default repository for argocd applications repoURL: https://github.com/zero-down-time/kubezero - # defaultSource.targetRevision -- default tracking of repoURL targetRevision: HEAD - # defaultSource.pathPrefix -- optional path prefix within repoURL to support eg. remote subtrees pathPrefix: '' -platform: aws - calico: enabled: false retain: true diff --git a/deploy/.gitignore b/deploy/.gitignore deleted file mode 100644 index 58d6106..0000000 --- a/deploy/.gitignore +++ /dev/null @@ -1 +0,0 @@ -generated-values.yaml diff --git a/deploy/.helmignore b/deploy/.helmignore deleted file mode 100644 index 0e8a0eb..0000000 --- a/deploy/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/deploy/Chart.yaml b/deploy/Chart.yaml deleted file mode 100644 index 6769f33..0000000 --- a/deploy/Chart.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v2 -name: deploy -description: "This chart is only used to generate the values.yaml for KubeZero !! Once something like https://github.com/helm/helm/pull/6876 gets merged this will be removed !" -type: application -version: 0.0.1 -appVersion: 1.16.0 diff --git a/deploy/argocd.sh b/deploy/argocd.sh deleted file mode 100755 index 0441710..0000000 --- a/deploy/argocd.sh +++ /dev/null @@ -1,30 +0,0 @@ -#!/bin/bash -set -ex - -LOCATION=${1:-""} - -DEPLOY_DIR=$( dirname $( realpath $0 )) - -function chart_location() { - if [ -z "$LOCATION" ]; then - echo "$1 --repo https://zero-down-time.github.io/kubezero" - else - echo "$LOCATION/$1" - fi -} - -# Update only if we use upstream -if [ -z "$LOCATION" ]; then - helm repo add kubezero https://zero-down-time.github.io/kubezero - helm repo update -fi - -TMPDIR=$(mktemp -d kubezero.XXX) - -# This will be stored as secret during the initial kubezero chart install -helm template $DEPLOY_DIR -f values.yaml -f cloudbender.yaml > $TMPDIR/kubezero.yaml - -helm template $(chart_location kubezero) --namespace argocd --name-template kubezero --skip-crds -f $TMPDIR/kubezero.yaml > $TMPDIR/helm.yaml -kubectl apply --namespace argocd -f $TMPDIR/helm.yaml - -[ "$DEBUG" == "" ] && rm -rf $TMPDIR diff --git a/deploy/argocd/app.yaml b/deploy/argocd/app.yaml deleted file mode 100644 index b2ccd8c..0000000 --- a/deploy/argocd/app.yaml +++ /dev/null @@ -1,26 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: kubezero - namespace: argocd - labels: -{{ include "kubezero-lib.labels" . | indent 4 }} -spec: - project: kubezero - source: - repoURL: {{ .Values.global.defaultSource.repoURL }} - targetRevision: {{ .Values.global.defaultSource.targetRevision }} - path: {{ .Values.global.defaultSource.pathPrefix}}charts/kubezero - - helm: - values: | - {{- toYaml .Values | nindent 8 }} - - destination: - server: {{ .Values.global.defaultDestination.server }} - namespace: argocd - - {{- if .Values.global.syncPolicy }} - syncPolicy: - {{- toYaml .Values.global.syncPolicy | nindent 4 }} - {{- end }} diff --git a/deploy/templates/values.yaml b/deploy/templates/values.yaml deleted file mode 100644 index 718ecf4..0000000 --- a/deploy/templates/values.yaml +++ /dev/null @@ -1,259 +0,0 @@ -{{- if .Values.global }} -global: - {{- toYaml .Values.global | nindent 2 }} -{{- end }} -calico: - enabled: {{ .Values.calico.enabled }} - values: - network: {{ default "vxlan" .Values.calico.network }} - mtu: {{ default "8941" .Values.calico.mtu }} - prometheus: {{ .Values.metrics.enabled }} -cert-manager: - enabled: {{ index .Values "cert-manager" "enabled" }} - values: - localCA: - enabled: true - {{- if eq .Values.platform "aws" }} - cert-manager: - podAnnotations: - iam.amazonaws.com/role: "{{ index .Values "cert-manager" "IamArn" }}" - {{- end }} - - {{- if .Values.kiam.enabled }} - clusterIssuer: - name: letsencrypt-dns-prod - server: https://acme-v02.api.letsencrypt.org/directory - email: {{ index .Values "cert-manager" "email" }} - solvers: - - selector: - dnsZones: - {{- with index .Values "cert-manager" "dnsZones" }} - {{- . | toYaml | nindent 12 }} - {{- end }} - dns01: - {{- if eq .Values.platform "aws" }} - route53: - region: {{ .Values.region }} - {{- else }} - {{- with index .Values "cert-manager" "solvers" }} - {{- . | toYaml | nindent 12 }} - {{- end }} - {{- end }} - {{- end }} - - -{{- if eq .Values.platform "aws" }} -kiam: - enabled: {{ .Values.kiam.enabled }} - values: - kiam: - enabled: {{ not .Values.kiam.certsOnly }} - server: - assumeRoleArn: "{{ .Values.kiam.IamArn }}" - deployment: - replicas: {{ ternary 2 1 .Values.HighAvailableControlplane }} - prometheus: - servicemonitor: - enabled: {{ .Values.metrics.enabled }} - agent: - prometheus: - servicemonitor: - enabled: {{ .Values.metrics.enabled }} - -{{- if .Values.kiam.enabled }} -# AWS only components -aws-ebs-csi-driver: - enabled: {{ index .Values "aws-ebs-csi-driver" "enabled" }} - values: - aws-ebs-csi-driver: - replicaCount: {{ ternary 2 1 .Values.HighAvailableControlplane }} - podAnnotations: - iam.amazonaws.com/role: "{{ index .Values "aws-ebs-csi-driver" "IamArn" }}" - extraVolumeTags: - Name: {{ .Values.ClusterName }} -{{- end }} - -aws-efs-csi-driver: - enabled: {{ index .Values "aws-efs-csi-driver" "enabled" }} - values: - {{- with index .Values "aws-efs-csi-driver" "nodeSelector" }} - aws-efs-csi-driver: - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with index .Values "aws-efs-csi-driver" "PersistentVolumes" }} - PersistentVolumes: - {{- toYaml . | nindent 6 }} - {{- end }} - {{- if index .Values "aws-efs-csi-driver" "EfsId" }} - PersistentVolume: - create: true - EfsId: {{ index .Values "aws-efs-csi-driver" "EfsId" }} - Name: {{ default "kubezero-efs-pv" ( index .Values "aws-efs-csi-driver" "PVName" ) }} - {{- end }} -{{- end }} - -istio: - enabled: {{ .Values.istio.enabled }} - values: - istio-discovery: - pilot: - replicaCount: {{ ternary 2 1 .Values.HighAvailableControlplane }} - -istio-ingress: - enabled: {{ index .Values "istio-ingress" "enabled" }} - values: - {{- if index .Values "istio-ingress" "public" "enabled" }} - istio-ingress: - enabled: true - {{- with index .Values "istio-ingress" "public" "gateway" }} - gateways: - istio-ingressgateway: - {{- toYaml . | nindent 10 }} - {{- end }} - {{- with index .Values "istio-ingress" "public" "dnsNames" }} - dnsNames: - {{- toYaml . | nindent 6 }} - {{- end }} - {{- end }} - - {{- if index .Values "istio-ingress" "private" "enabled" }} - istio-private-ingress: - enabled: true - {{- with index .Values "istio-ingress" "private" "gateway" }} - gateways: - istio-ingressgateway: - {{- toYaml . | nindent 10 }} - {{- end }} - {{- with index .Values "istio-ingress" "private" "dnsNames" }} - dnsNames: - {{- toYaml . | nindent 6 }} - {{- end }} - {{- end }} - -metrics: - enabled: {{ .Values.metrics.enabled }} - values: - {{- if .Values.metrics.istio.grafana.enabled }} - grafana: - istio: - {{- with .Values.metrics.istio.grafana }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- end }} - {{- if .Values.metrics.istio.prometheus.enabled }} - prometheus: - istio: - {{- with .Values.metrics.istio.prometheus }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- end }} - {{- if index .Values "metrics" "kube-prometheus-stack" }} - kube-prometheus-stack: - {{- with index .Values "metrics" "kube-prometheus-stack" }} - {{- toYaml . | nindent 6 }} - {{- end }} - {{- end }} - -logging: - enabled: {{ .Values.logging.enabled }} - values: - {{- with index .Values "logging" "eck-operator" }} - eck-operator: - {{- toYaml . | nindent 6 }} - {{- end }} - - {{- if .Values.logging.elastic_password }} - elastic_password: {{ .Values.logging.elastic_password }} - {{- end }} - - {{- if .Values.logging.version }} - version: {{ .Values.logging.version }} - {{- end }} - - {{- if .Values.logging.fullnameOverride }} - fullnameOverride: {{ .Values.logging.fullnameOverride }} - {{- end }} - - {{- if .Values.logging.es }} - es: - {{- if .Values.logging.es.nodeSets }} - nodeSets: - {{- with .Values.logging.es.nodeSets }} - {{- toYaml . | nindent 6 }} - {{- end }} - {{- end }} - prometheus: {{ .Values.metrics.enabled }} - - {{- if .Values.logging.es.s3Snapshot }} - s3Snapshot: - {{- with .Values.logging.es.s3Snapshot }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- end }} - {{- end }} - - {{- if .Values.logging.kibana }} - kibana: - {{- with .Values.logging.kibana }} - {{- toYaml . | nindent 6 }} - {{- end }} - {{- end }} - - fluentd: - enabled: {{ .Values.logging.fluentd.enabled }} - metrics: - enabled: {{ .Values.metrics.enabled }} - url: {{ .Values.logging.fluentd.url }} - {{- if .Values.logging.fluentd.output }} - output: - host: {{ .Values.logging.fluentd.output.host }} - {{- end }} - {{- if .Values.logging.fluentd.extraEnvVars }} - extraEnvVars: - {{- toYaml .Values.logging.fluentd.extraEnvVars | nindent 8 }} - {{- end }} - {{- if and .Values.logging.fluentd.istio .Values.istio.enabled }} - istio: - {{- with .Values.logging.fluentd.istio }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- end }} - - fluent-bit: - enabled: {{ index .Values.logging "fluent-bit" "enabled" }} - serviceMonitor: - enabled: {{ .Values.metrics.enabled }} - {{- if index .Values.logging "fluent-bit" "config" }} - config: - {{- with index .Values.logging "fluent-bit" "config" }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- end }} - -argo-cd: - enabled: {{ index .Values "argo-cd" "enabled" }} - values: - argo-cd: - controller: - metrics: - enabled: {{ .Values.metrics.enabled }} - repoServer: - metrics: - enabled: {{ .Values.metrics.enabled }} - server: - metrics: - enabled: {{ .Values.metrics.enabled }} - {{- with index .Values "argo-cd" "server" }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with index .Values "argo-cd" "configs" }} - configs: - {{- toYaml . | nindent 8}} - {{- end }} - {{- if and ( index .Values "argo-cd" "istio" "enabled" ) .Values.istio.enabled }} - istio: - {{- with index .Values "argo-cd" "istio" }} - {{- toYaml . | nindent 6 }} - {{- end }} - {{- end }} diff --git a/deploy/values.yaml b/deploy/values.yaml deleted file mode 100644 index 09ab224..0000000 --- a/deploy/values.yaml +++ /dev/null @@ -1,57 +0,0 @@ -ClusterName: Test-cluster -Domain: example.com - -platform: aws -HighAvailableControlplane: false - -calico: - enabled: true - -cert-manager: - enabled: true - IamArn: "" - -aws-ebs-csi-driver: - enabled: true - IamArn: "" - -aws-efs-csi-driver: - enabled: false - -kiam: - enabled: true - IamArn: "" - -istio: - enabled: false - -istio-ingress: - enabled: false - public: - enabled: false - private: - enabled: false - -metrics: - enabled: false - istio: - grafana: - enabled: false - prometheus: - enabled: false - -logging: - enabled: false - eck-operator: - enabled: false - fluentd: - enabled: false - fluent-bit: - enabled: false - -argo-cd: - enabled: false - server: {} - istio: - enabled: false - gateway: istio-ingress/private-ingressgateway