diff --git a/charts/kubezero-addons/Chart.yaml b/charts/kubezero-addons/Chart.yaml index d9601e3e..a3df2af5 100644 --- a/charts/kubezero-addons/Chart.yaml +++ b/charts/kubezero-addons/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: kubezero-addons description: KubeZero umbrella chart for various optional cluster addons type: application -version: 0.2.2 +version: 0.2.3 home: https://kubezero.com icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png keywords: diff --git a/charts/kubezero-addons/templates/cluster-backup/secret.yaml b/charts/kubezero-addons/templates/cluster-backup/secret.yaml index 4d264bf3..e87f17ac 100644 --- a/charts/kubezero-addons/templates/cluster-backup/secret.yaml +++ b/charts/kubezero-addons/templates/cluster-backup/secret.yaml @@ -1,4 +1,4 @@ -{{- if .Values.clusterBackup.enabled }} +{{- if and .Values.clusterBackup.enabled .Values.clusterBackup.repository }} apiVersion: v1 kind: Secret metadata: diff --git a/charts/kubezero-ci/Chart.yaml b/charts/kubezero-ci/Chart.yaml index 093a9dd5..0c76230a 100644 --- a/charts/kubezero-ci/Chart.yaml +++ b/charts/kubezero-ci/Chart.yaml @@ -2,17 +2,17 @@ apiVersion: v2 name: kubezero-ci description: KubeZero umbrella chart for all things CI type: application -version: 0.2.5 +version: 0.3.0 home: https://kubezero.com icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png keywords: - kubezero - jenkins - goCD - - teamcity - gitea maintainers: - - name: Quarky9 + - name: Stefan Reimer + email: stefan@zero-downtime.net dependencies: - name: kubezero-lib version: ">= 0.1.4" @@ -25,8 +25,9 @@ dependencies: version: 4.1.1 repository: https://dl.gitea.io/charts/ condition: gitea.enabled - - name: teamcity - version: 0.1.0 - condition: teamcity.enabled + - name: jenkins + version: 3.9.4 + repository: https://charts.jenkins.io + condition: jenkins.enabled -kubeVersion: ">= 1.18.0" +kubeVersion: ">= 1.20.0" diff --git a/charts/kubezero-ci/charts/teamcity/Chart.yaml b/charts/kubezero-ci/charts/teamcity/Chart.yaml deleted file mode 100644 index 3d828779..00000000 --- a/charts/kubezero-ci/charts/teamcity/Chart.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: v2 -name: teamcity -description: A Helm chart to install a simple TeamCity installation -type: application -version: 0.1.0 -appVersion: "2021.2" -home: https://kubezero.com -icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png -keywords: - - kubezero - - teamcity -maintainers: - - name: Quarky9 -dependencies: - - name: kubezero-lib - version: ">= 0.1.4" - repository: https://cdn.zero-downtime.net/charts/ -kubeVersion: ">= 1.18.0" diff --git a/charts/kubezero-ci/charts/teamcity/templates/_helpers.tpl b/charts/kubezero-ci/charts/teamcity/templates/_helpers.tpl deleted file mode 100644 index 9f76f687..00000000 --- a/charts/kubezero-ci/charts/teamcity/templates/_helpers.tpl +++ /dev/null @@ -1,62 +0,0 @@ -{{/* -Expand the name of the chart. -*/}} -{{- define "teamcity.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "teamcity.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "teamcity.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "teamcity.labels" -}} -helm.sh/chart: {{ include "teamcity.chart" . }} -{{ include "teamcity.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "teamcity.selectorLabels" -}} -app.kubernetes.io/name: {{ include "teamcity.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "teamcity.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "teamcity.fullname" .) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} diff --git a/charts/kubezero-ci/charts/teamcity/templates/agent.yaml b/charts/kubezero-ci/charts/teamcity/templates/agent.yaml deleted file mode 100644 index 20d3b187..00000000 --- a/charts/kubezero-ci/charts/teamcity/templates/agent.yaml +++ /dev/null @@ -1,50 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "teamcity.fullname" . }}-agent - labels: - {{- include "kubezero-lib.labels" . | nindent 4 }} -spec: - replicas: {{ .Values.agentReplicaCount }} - selector: - matchLabels: - app.kubernetes.io/instance: teamcity-agent - app.kubernetes.io/name: teamcity - template: - metadata: - labels: - app.kubernetes.io/instance: teamcity-agent - app.kubernetes.io/name: teamcity - spec: - # serviceAccountName: {{ include "teamcity.serviceAccountName" . }} - securityContext: - {{- toYaml .Values.podSecurityContext | nindent 8 }} - containers: - - name: "{{ .Chart.Name }}-agent" - securityContext: - {{- toYaml .Values.securityContext | nindent 10 }} - image: "{{ .Values.image.agent.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - env: - - name: SERVER_URL - value: "{{ include "teamcity.fullname" . }}:8111" - resources: - {{- toYaml .Values.resources | nindent 10 }} - volumeMounts: - - name: teamcity-config - mountPath: /data/teamcity_agent/conf - volumes: - - name: teamcity-config - emptyDir: {} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end -}} diff --git a/charts/kubezero-ci/charts/teamcity/templates/istio-service.yaml b/charts/kubezero-ci/charts/teamcity/templates/istio-service.yaml deleted file mode 100644 index 129d5c42..00000000 --- a/charts/kubezero-ci/charts/teamcity/templates/istio-service.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if .Values.istio.enabled }} -apiVersion: networking.istio.io/v1beta1 -kind: VirtualService -metadata: - name: {{ include "kubezero-lib.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "kubezero-lib.labels" . | nindent 4 }} -spec: - gateways: - - {{ .Values.istio.gateway }} - hosts: - - {{ .Values.istio.url }} - http: - - route: - - destination: - host: {{ include "teamcity.fullname" . }} -{{- end }} diff --git a/charts/kubezero-ci/charts/teamcity/templates/rbac.yaml b/charts/kubezero-ci/charts/teamcity/templates/rbac.yaml deleted file mode 100644 index 46bfc34d..00000000 --- a/charts/kubezero-ci/charts/teamcity/templates/rbac.yaml +++ /dev/null @@ -1,28 +0,0 @@ -{{- if .Values.rbac.create }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ include "teamcity.fullname" . }}-manage-agents -rules: -- apiGroups: [""] - resources: ["namespaces"] - verbs: ["list", "get"] -- apiGroups: [""] - resources: ["pods"] - verbs: ["get", "create", "list", "delete"] -- apiGroups: ["extensions", "apps"] - resources: ["deployments"] - verbs: ["list", "get"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ include "teamcity.fullname" . }}-manage-agents -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ include "teamcity.fullname" . }}-manage-agents -subjects: - - kind: ServiceAccount - name: {{ include "teamcity.serviceAccountName" . }} -{{- end }} diff --git a/charts/kubezero-ci/charts/teamcity/templates/server-pvc.yaml b/charts/kubezero-ci/charts/teamcity/templates/server-pvc.yaml deleted file mode 100644 index 1e3cc3f0..00000000 --- a/charts/kubezero-ci/charts/teamcity/templates/server-pvc.yaml +++ /dev/null @@ -1,33 +0,0 @@ -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ include "teamcity.fullname" . }}-data - labels: - {{- include "kubezero-lib.labels" . | nindent 4 }} -spec: -{{- if .Values.pvc.data.storageClass }} - storageClassName: {{ .Values.pvc.data.storageClass }} -{{- end }} - accessModes: - - ReadWriteOnce - resources: - requests: - storage: {{ .Values.pvc.data.storageSize }} - ---- - -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ include "teamcity.fullname" . }}-logs - labels: - {{- include "kubezero-lib.labels" . | nindent 4 }} -spec: -{{- if .Values.pvc.logs.storageClass }} - storageClassName: {{ .Values.pvc.logs.storageClass }} -{{- end }} - accessModes: - - ReadWriteOnce - resources: - requests: - storage: {{ .Values.pvc.logs.storageSize }} diff --git a/charts/kubezero-ci/charts/teamcity/templates/server.yaml b/charts/kubezero-ci/charts/teamcity/templates/server.yaml deleted file mode 100644 index 28ad3db1..00000000 --- a/charts/kubezero-ci/charts/teamcity/templates/server.yaml +++ /dev/null @@ -1,63 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "teamcity.fullname" . }} - labels: - {{- include "kubezero-lib.labels" . | nindent 4 }} -spec: - replicas: 1 - selector: - matchLabels: - {{- include "kubezero-lib.selectorLabels" . | nindent 6 }} - template: - metadata: - labels: - {{- include "kubezero-lib.labels" . | nindent 8 }} - spec: - serviceAccountName: {{ include "teamcity.serviceAccountName" . }} - securityContext: - {{- toYaml .Values.podSecurityContext | nindent 8 }} - containers: - - name: {{ .Chart.Name }} - securityContext: - {{- toYaml .Values.securityContext | nindent 10 }} - image: "{{ .Values.image.server.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - ports: - - name: app - containerPort: 8111 - protocol: TCP - resources: - {{- toYaml .Values.resources | nindent 12 }} - volumeMounts: - - name: teamcity-data - mountPath: /data/teamcity_server/datadir - - name: teamcity-logs - mountPath: /opt/teamcity/logs - volumes: - - name: teamcity-data - {{- if .Values.pvc.data }} - persistentVolumeClaim: - claimName: {{ include "teamcity.fullname" . }}-data - {{- else }} - emptyDir: {} - {{- end }} - - name: teamcity-logs - {{- if .Values.pvc.logs }} - persistentVolumeClaim: - claimName: {{ include "teamcity.fullname" . }}-logs - {{- else }} - emptyDir: {} - {{- end -}} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end -}} diff --git a/charts/kubezero-ci/charts/teamcity/templates/service.yaml b/charts/kubezero-ci/charts/teamcity/templates/service.yaml deleted file mode 100644 index 6c104af7..00000000 --- a/charts/kubezero-ci/charts/teamcity/templates/service.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: "{{ include "teamcity.fullname" . }}" - labels: - {{- include "kubezero-lib.labels" . | nindent 4 }} -spec: - type: {{ .Values.service.type }} - ports: - - port: {{ .Values.service.port }} - protocol: TCP - targetPort: app - name: app - selector: - {{- include "kubezero-lib.selectorLabels" . | nindent 4 }} - sessionAffinity: None diff --git a/charts/kubezero-ci/charts/teamcity/templates/serviceaccount.yaml b/charts/kubezero-ci/charts/teamcity/templates/serviceaccount.yaml deleted file mode 100644 index b8ff7f13..00000000 --- a/charts/kubezero-ci/charts/teamcity/templates/serviceaccount.yaml +++ /dev/null @@ -1,12 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "teamcity.serviceAccountName" . }} - labels: - {{- include "kubezero-lib.labels" . | nindent 4 }} - {{- with .Values.serviceAccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -{{- end }} diff --git a/charts/kubezero-ci/charts/teamcity/values.yaml b/charts/kubezero-ci/charts/teamcity/values.yaml deleted file mode 100644 index 2b63c2ca..00000000 --- a/charts/kubezero-ci/charts/teamcity/values.yaml +++ /dev/null @@ -1,57 +0,0 @@ -# Default values for teamcity. - -agentReplicaCount: 0 - -image: - server: - repository: jetbrains/teamcity-server - agent: - repository: jetbrains/teamcity-agent - tag: "" - pullPolicy: IfNotPresent - -pvc: - data: - #storageClass: default - storageSize: 4Gi - logs: - #storageClass: default - storageSize: 1Gi - -serviceAccount: - create: true - annotations: {} - name: "" - -rbac: - create: true - -podAnnotations: {} - -podSecurityContext: - fsGroup: 1000 - -securityContext: {} - -service: - type: ClusterIP - port: 8111 - -istio: - enabled: false - gateway: istio-ingress/private-ingressgateway - url: "" # tc.example.com - -resources: {} - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - -nodeSelector: {} - -tolerations: [] - -affinity: {} diff --git a/charts/kubezero-ci/templates/jenkins/istio-authorization-policy.yaml b/charts/kubezero-ci/templates/jenkins/istio-authorization-policy.yaml new file mode 100644 index 00000000..cc283399 --- /dev/null +++ b/charts/kubezero-ci/templates/jenkins/istio-authorization-policy.yaml @@ -0,0 +1,18 @@ +{{- if and .Values.jenkins.enabled .Values.jenkins.istio.enabled .Values.jenkins.istio.allowBlocks }} +apiVersion: security.istio.io/v1beta1 +kind: AuthorizationPolicy +metadata: + name: {{ .Release.Name }}-jenkins-allowlist + namespace: istio-ingress +spec: + selector: + matchLabels: + app: istio-ingressgateway + rules: + - from: + - source: + ipBlocks: {{ .Values.jenkins.istio.allowBlocks | toYaml | nindent 8 }} + to: + - operation: + hosts: [{{ .Values.jenkins.istio.url }}] +{{- end }} diff --git a/charts/kubezero-ci/templates/jenkins/istio-service.yaml b/charts/kubezero-ci/templates/jenkins/istio-service.yaml new file mode 100644 index 00000000..a52e8d23 --- /dev/null +++ b/charts/kubezero-ci/templates/jenkins/istio-service.yaml @@ -0,0 +1,18 @@ +{{- if and .Values.jenkins.enabled .Values.jenkins.istio.enabled }} +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + name: {{ .Release.Name }}-jenkins + namespace: {{ template "jenkins.namespace" . }} +spec: + hosts: + - {{ .Values.jenkins.istio.url }} + gateways: + - {{ .Values.jenkins.istio.gateway }} + http: + - route: + - destination: + host: {{ .Release.Name }}-jenkins + port: + number: 8080 +{{- end }} diff --git a/charts/kubezero-ci/values.yaml b/charts/kubezero-ci/values.yaml index 1ad1d655..051c01a4 100644 --- a/charts/kubezero-ci/values.yaml +++ b/charts/kubezero-ci/values.yaml @@ -70,5 +70,17 @@ gitea: jenkins: enabled: false -teamcity: - enabled: false + controller: + tagLabel: alpine + disableRememberMe: true + prometheus: + enabled: false + testEnabled: false + + persistence: + size: "2Gi" + + istio: + enabled: false + gateway: istio-ingress/private-ingressgateway + url: jenkins.example.com diff --git a/charts/kubezero/Chart.yaml b/charts/kubezero/Chart.yaml index e4316c1a..b831bdc4 100644 --- a/charts/kubezero/Chart.yaml +++ b/charts/kubezero/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: kubezero description: KubeZero - Root App of Apps chart type: application -version: 1.21.8 +version: 1.21.8-3 home: https://kubezero.com icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png keywords: diff --git a/charts/kubezero/templates/addons.yaml b/charts/kubezero/templates/addons.yaml index 61084059..4c19852c 100644 --- a/charts/kubezero/templates/addons.yaml +++ b/charts/kubezero/templates/addons.yaml @@ -1,7 +1,22 @@ {{- define "addons-values" }} -{{- with index .Values "addons" "metallb" }} -metallb: +{{- with .Values.addons.clusterBackup }} +clusterBackup: + {{- toYaml . | nindent 2 }} +{{- end }} + +{{- with index .Values "addons" "aws-node-termination-handler" }} +aws-node-termination-handler: + {{- toYaml . | nindent 2 }} +{{- end }} + +{{- with .Values.addons.fuseDevicePlugin }} +fuseDevicePlugin: + {{- toYaml . | nindent 2 }} +{{- end }} + +{{- with .Values.addons.k8sEcrLoginRenew }} +k8sEcrLoginRenew: {{- toYaml . | nindent 2 }} {{- end }} diff --git a/charts/kubezero/values.yaml b/charts/kubezero/values.yaml index b60eaad6..8aaf8879 100644 --- a/charts/kubezero/values.yaml +++ b/charts/kubezero/values.yaml @@ -8,7 +8,7 @@ HighAvailableControlplane: false addons: enabled: false - targetRevision: 0.1.0 + targetRevision: 0.2.3 network: enabled: false @@ -28,6 +28,10 @@ kiam: storage: enabled: false targetRevision: 0.4.3 + aws-ebs-csi-driver: + enabled: false + aws-efs-csi-driver: + enabled: false istio: enabled: false diff --git a/containers/admin/v1.21/kubezero.sh b/containers/admin/v1.21/kubezero.sh index 03399f5a..54e7037f 100755 --- a/containers/admin/v1.21/kubezero.sh +++ b/containers/admin/v1.21/kubezero.sh @@ -199,6 +199,7 @@ elif [[ "$1" == 'node-upgrade' ]]; then if [ -n "$restic_repo" ]; then yq -i eval ' .addons.clusterBackup.enabled = "true" | .addons.clusterBackup.repository = strenv(restic_repo) | .addons.clusterBackup.password = strenv(restic_pw) + | .addons.clusterBackup.image.tag = strenv(KUBE_VERSION) | .addons.clusterBackup.extraEnv[0].name = "AWS_DEFAULT_REGION" | .addons.clusterBackup.extraEnv[0].value = strenv(REGION) ' ${HOSTFS}/etc/kubernetes/kubezero.yaml fi diff --git a/containers/admin/v1.21/kubezero_121.sh b/containers/admin/v1.21/kubezero_121.sh index 70d40c8b..a70f3b08 100755 --- a/containers/admin/v1.21/kubezero_121.sh +++ b/containers/admin/v1.21/kubezero_121.sh @@ -18,7 +18,7 @@ kubectl delete deployment efs-csi-controller -n kube-system kubectl delete daemonSet efs-csi-node -n kube-system # Remove calico Servicemonitor in case still around -# kubectl delete servicemonitor calico-node -n kube-system +kubectl delete servicemonitor calico-node -n kube-system # Upgrade Prometheus stack, requires state metrics to be removed first kubectl delete deployment metrics-kube-state-metrics -n monitoring