feat: various fixes and version bumps for >= 1.22.8

This commit is contained in:
Stefan Reimer 2022-04-08 17:11:34 +02:00
parent dd0ef79dee
commit 8b18ec3920
22 changed files with 95 additions and 95 deletions

View File

@ -1,7 +1,7 @@
apiVersion: v2 apiVersion: v2
description: KubeZero ArgoCD Helm chart to install ArgoCD itself and the KubeZero ArgoCD Application description: KubeZero ArgoCD Helm chart to install ArgoCD itself and the KubeZero ArgoCD Application
name: kubezero-argocd name: kubezero-argocd
version: 0.9.5 version: 0.9.6
home: https://kubezero.com home: https://kubezero.com
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
keywords: keywords:
@ -16,6 +16,6 @@ dependencies:
version: ">= 0.1.4" version: ">= 0.1.4"
repository: https://cdn.zero-downtime.net/charts/ repository: https://cdn.zero-downtime.net/charts/
- name: argo-cd - name: argo-cd
version: 3.32.1 version: 3.33.8
repository: https://argoproj.github.io/argo-helm repository: https://argoproj.github.io/argo-helm
kubeVersion: ">= 1.20.0" kubeVersion: ">= 1.20.0"

View File

@ -2,7 +2,7 @@ apiVersion: v2
name: kubezero-cert-manager name: kubezero-cert-manager
description: KubeZero Umbrella Chart for cert-manager description: KubeZero Umbrella Chart for cert-manager
type: application type: application
version: 0.8.0 version: 0.8.2
appVersion: 1.6.1 appVersion: 1.6.1
home: https://kubezero.com home: https://kubezero.com
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png

View File

@ -1,6 +1,6 @@
# kubezero-cert-manager # kubezero-cert-manager
![Version: 0.8.0](https://img.shields.io/badge/Version-0.8.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.6.1](https://img.shields.io/badge/AppVersion-1.6.1-informational?style=flat-square) ![Version: 0.8.1](https://img.shields.io/badge/Version-0.8.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.6.1](https://img.shields.io/badge/AppVersion-1.6.1-informational?style=flat-square)
KubeZero Umbrella Chart for cert-manager KubeZero Umbrella Chart for cert-manager

View File

@ -1,3 +1,4 @@
{{- if index .Values "cert-manager" "prometheus" "servicemonitor" "enabled" }}
apiVersion: monitoring.coreos.com/v1 apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule kind: PrometheusRule
metadata: metadata:
@ -50,4 +51,4 @@ spec:
for: 5m for: 5m
labels: labels:
severity: critical severity: critical
{{- end }}

View File

@ -2,7 +2,7 @@ apiVersion: v2
name: kubezero-ci name: kubezero-ci
description: KubeZero umbrella chart for all things CI description: KubeZero umbrella chart for all things CI
type: application type: application
version: 0.4.26 version: 0.4.44
home: https://kubezero.com home: https://kubezero.com
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
keywords: keywords:
@ -18,19 +18,19 @@ dependencies:
version: ">= 0.1.5" version: ">= 0.1.5"
repository: https://cdn.zero-downtime.net/charts/ repository: https://cdn.zero-downtime.net/charts/
- name: gocd - name: gocd
version: 1.39.4 version: 1.40.8
repository: https://gocd.github.io/helm-chart repository: https://gocd.github.io/helm-chart
condition: gocd.enabled condition: gocd.enabled
- name: gitea - name: gitea
version: 5.0.0 version: 5.0.3
repository: https://dl.gitea.io/charts/ repository: https://dl.gitea.io/charts/
condition: gitea.enabled condition: gitea.enabled
- name: jenkins - name: jenkins
version: 3.11.3 version: 3.11.10
repository: https://charts.jenkins.io repository: https://charts.jenkins.io
condition: jenkins.enabled condition: jenkins.enabled
- name: trivy - name: trivy
version: 0.4.9 version: 0.4.12
repository: https://aquasecurity.github.io/helm-charts/ repository: https://aquasecurity.github.io/helm-charts/
condition: trivy.enabled condition: trivy.enabled

View File

@ -28,4 +28,7 @@
## Resources ## Resources
### JVM tuning in containers
- https://developers.redhat.com/blog/2017/04/04/openjdk-and-containers?extIdCarryOver=true&sc_cid=701f2000001Css5AAC
{{ template "chart.valuesSection" . }} {{ template "chart.valuesSection" . }}

View File

@ -17,7 +17,7 @@ gitea:
enabled: false enabled: false
image: image:
tag: 1.16.1 tag: 1.16.5
rootless: true rootless: true
securityContext: securityContext:
@ -69,14 +69,14 @@ jenkins:
enabled: false enabled: false
controller: controller:
tagLabel: alpine tag: 2.332.2-lts-jdk17-preview
#tagLabel: alpine
disableRememberMe: true disableRememberMe: true
prometheus: prometheus:
enabled: false enabled: false
testEnabled: false testEnabled: false
enableRawHtmlMarkupFormatter: true enableRawHtmlMarkupFormatter: true
# javaOpts: "-Xms512m -Xmx512m" javaOpts: "-XX:+UseContainerSupport -XX:+UseStringDeduplication -Dhudson.model.DirectoryBrowserSupport.CSP=\"sandbox allow-popups; default-src 'none'; img-src 'self' cdn.zero-downtime.net; style-src 'unsafe-inline';\""
javaOpts: "-XX:+UseStringDeduplication -Dhudson.model.DirectoryBrowserSupport.CSP=\"sandbox allow-popups; default-src 'none'; img-src 'self' cdn.zero-downtime.net; style-src 'unsafe-inline';\""
jenkinsOpts: "--sessionTimeout=180 --sessionEviction=3600" jenkinsOpts: "--sessionTimeout=180 --sessionEviction=3600"
resources: resources:
@ -114,14 +114,15 @@ jenkins:
numToKeepStr: "10" numToKeepStr: "10"
installPlugins: installPlugins:
- kubernetes:1.31.3 - kubernetes:3580.v78271e5631dc
- workflow-aggregator:2.6 - workflow-aggregator:2.6
- git:4.10.3 - git:4.11.0
- configuration-as-code:1346.ve8cfa_3473c94 - configuration-as-code:1414.v878271fc496f
- antisamy-markup-formatter:2.7 - antisamy-markup-formatter:2.7
- prometheus:2.0.10 - prometheus:2.0.11
- htmlpublisher:1.29 - htmlpublisher:1.29
- build-discarder:60.v1747b0eb632a - build-discarder:60.v1747b0eb632a
- dark-theme:156.v6cf16af6f9ef
serviceAccountAgent: serviceAccountAgent:
create: true create: true
@ -130,22 +131,22 @@ jenkins:
# Preconfigure agents to use zdt podman requires fuse/overlayfs # Preconfigure agents to use zdt podman requires fuse/overlayfs
agent: agent:
image: public.ecr.aws/zero-downtime/jenkins-podman image: public.ecr.aws/zero-downtime/jenkins-podman
tag: v0.2.4-6 tag: v0.2.4-21
resources: resources:
requests: requests:
cpu: "512m" cpu: "512m"
memory: "512Mi" memory: "1024Mi"
limits: limits:
cpu: "1" cpu: "4"
memory: "2048Mi" memory: "6144Mi"
alwaysPullImage: true #alwaysPullImage: true
podRetention: "Default" podRetention: "Default"
showRawYaml: false showRawYaml: false
podName: "podman-aws" podName: "podman-aws"
customJenkinsLabels: customJenkinsLabels:
- podman-aws-trivy - podman-aws-trivy
idleMinutes: 10 idleMinutes: 10
containerCap: 4 containerCap: 2
annotations: annotations:
container.apparmor.security.beta.kubernetes.io/jnlp: unconfined container.apparmor.security.beta.kubernetes.io/jnlp: unconfined
# envVars: # envVars:

View File

@ -10,7 +10,7 @@ if [ -r jsonnetfile.lock.json ]; then
jb update jb update
else else
#jb install github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus@main #jb install github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus@main
jb install github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus@release-0.9 jb install github.com/prometheus-operator/kube-prometheus/jsonnet/kube-prometheus@release-0.10
fi fi
make clean make clean

View File

@ -73,6 +73,8 @@ kube-prometheus-stack:
enabled: true enabled: true
prometheus-node-exporter: prometheus-node-exporter:
hostRootFsMount:
enabled: false
prometheus: prometheus:
monitor: monitor:
relabelings: relabelings:

View File

@ -2,7 +2,7 @@ apiVersion: v2
name: kubezero-network name: kubezero-network
description: KubeZero umbrella chart for all things network description: KubeZero umbrella chart for all things network
type: application type: application
version: 0.1.7 version: 0.2.1
home: https://kubezero.com home: https://kubezero.com
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
keywords: keywords:
@ -16,7 +16,7 @@ maintainers:
email: stefan@zero-downtime.net email: stefan@zero-downtime.net
dependencies: dependencies:
- name: cilium - name: cilium
version: 1.10.5 version: 1.11.3
repository: https://helm.cilium.io/ repository: https://helm.cilium.io/
condition: cilium.enabled condition: cilium.enabled
- name: metallb - name: metallb

View File

@ -3,7 +3,7 @@ name: calico
description: KubeZero Chart for Calico description: KubeZero Chart for Calico
type: application type: application
version: 0.2.2 version: 0.2.2
appVersion: v3.16.5 appVersion: v3.16.10
home: https://kubezero.com home: https://kubezero.com
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
keywords: keywords:

View File

@ -518,7 +518,7 @@ spec:
mountPath: /sys/fs/ mountPath: /sys/fs/
# Bidirectional means that, if we mount the BPF filesystem at /sys/fs/bpf it will propagate to the host. # Bidirectional means that, if we mount the BPF filesystem at /sys/fs/bpf it will propagate to the host.
# If the host is known to mount that filesystem already then Bidirectional can be omitted. # If the host is known to mount that filesystem already then Bidirectional can be omitted.
mountPropagation: Bidirectional # mountPropagation: Bidirectional
volumes: volumes:
# Used by calico-node. # Used by calico-node.
- name: lib-modules - name: lib-modules
@ -541,7 +541,7 @@ spec:
# Used to install CNI. # Used to install CNI.
- name: cni-bin-dir - name: cni-bin-dir
hostPath: hostPath:
path: /opt/cni/bin path: /usr/libexec/cni
- name: cni-net-dir - name: cni-net-dir
hostPath: hostPath:
path: /etc/cni/net.d path: /etc/cni/net.d

View File

@ -115,6 +115,7 @@ spec:
args: args:
- "--multus-conf-file=auto" - "--multus-conf-file=auto"
- "--rename-conf-file=true" - "--rename-conf-file=true"
- "--cni-bin-dir=/host/usr/libexec/cni"
- "--cni-version=0.3.1" - "--cni-version=0.3.1"
resources: resources:
requests: requests:
@ -133,7 +134,7 @@ spec:
- name: cni - name: cni
mountPath: /host/etc/cni/net.d mountPath: /host/etc/cni/net.d
- name: cnibin - name: cnibin
mountPath: /host/opt/cni/bin mountPath: /host/usr/libexec/cni
- name: multus-cfg - name: multus-cfg
mountPath: /tmp/multus-conf mountPath: /tmp/multus-conf
terminationGracePeriodSeconds: 10 terminationGracePeriodSeconds: 10
@ -146,7 +147,7 @@ spec:
path: /etc/cni/net.d path: /etc/cni/net.d
- name: cnibin - name: cnibin
hostPath: hostPath:
path: /opt/cni/bin path: /usr/libexec/cni
- name: multus-cfg - name: multus-cfg
configMap: configMap:
name: multus-cni-config name: multus-cni-config

View File

@ -28,7 +28,7 @@ dependencies:
condition: gemini.enabled condition: gemini.enabled
# repository: https://charts.fairwinds.com/stable # repository: https://charts.fairwinds.com/stable
- name: aws-ebs-csi-driver - name: aws-ebs-csi-driver
version: 2.6.3 version: 2.6.4
condition: aws-ebs-csi-driver.enabled condition: aws-ebs-csi-driver.enabled
# repository: https://kubernetes-sigs.github.io/aws-ebs-csi-driver # repository: https://kubernetes-sigs.github.io/aws-ebs-csi-driver
- name: aws-efs-csi-driver - name: aws-efs-csi-driver

View File

@ -1,5 +1,9 @@
# Helm chart # Helm chart
## v2.6.4
* Remove exposure all secrets to external-snapshotter-role
## v2.6.3 ## v2.6.3
* Bump app/driver to version `v1.5.1` * Bump app/driver to version `v1.5.1`

View File

@ -19,4 +19,4 @@ maintainers:
name: aws-ebs-csi-driver name: aws-ebs-csi-driver
sources: sources:
- https://github.com/kubernetes-sigs/aws-ebs-csi-driver - https://github.com/kubernetes-sigs/aws-ebs-csi-driver
version: 2.6.3 version: 2.6.4

View File

@ -9,9 +9,13 @@ rules:
- apiGroups: [ "" ] - apiGroups: [ "" ]
resources: [ "events" ] resources: [ "events" ]
verbs: [ "list", "watch", "create", "update", "patch" ] verbs: [ "list", "watch", "create", "update", "patch" ]
- apiGroups: [ "" ] # Secret permission is optional.
resources: [ "secrets" ] # Enable it if your driver needs secret.
verbs: [ "get", "list" ] # For example, `csi.storage.k8s.io/snapshotter-secret-name` is set in VolumeSnapshotClass.
# See https://kubernetes-csi.github.io/docs/secrets-and-credentials.html for more details.
# - apiGroups: [ "" ]
# resources: [ "secrets" ]
# verbs: [ "get", "list" ]
- apiGroups: [ "snapshot.storage.k8s.io" ] - apiGroups: [ "snapshot.storage.k8s.io" ]
resources: [ "volumesnapshotclasses" ] resources: [ "volumesnapshotclasses" ]
verbs: [ "get", "list", "watch" ] verbs: [ "get", "list", "watch" ]

View File

@ -2,7 +2,7 @@ apiVersion: v2
name: kubezero name: kubezero
description: KubeZero - Root App of Apps chart description: KubeZero - Root App of Apps chart
type: application type: application
version: 1.21.9-4 version: 1.22.8-1
home: https://kubezero.com home: https://kubezero.com
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
keywords: keywords:

View File

@ -1,6 +1,6 @@
# kubezero # kubezero
![Version: 1.21.9](https://img.shields.io/badge/Version-1.21.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![Version: 1.22.8-1](https://img.shields.io/badge/Version-1.22.8--1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
KubeZero - Root App of Apps chart KubeZero - Root App of Apps chart
@ -14,7 +14,7 @@ KubeZero - Root App of Apps chart
## Requirements ## Requirements
Kubernetes: `>= 1.20.0` Kubernetes: `>= 1.22.0`
| Repository | Name | Version | | Repository | Name | Version |
|------------|------|---------| |------------|------|---------|
@ -26,29 +26,27 @@ Kubernetes: `>= 1.20.0`
|-----|------|---------|-------------| |-----|------|---------|-------------|
| HighAvailableControlplane | bool | `false` | | | HighAvailableControlplane | bool | `false` | |
| addons.enabled | bool | `false` | | | addons.enabled | bool | `false` | |
| addons.targetRevision | string | `"0.2.4"` | | | addons.targetRevision | string | `"0.4.1"` | |
| argocd.enabled | bool | `false` | | | argocd.enabled | bool | `false` | |
| argocd.istio.enabled | bool | `false` | | | argocd.istio.enabled | bool | `false` | |
| argocd.namespace | string | `"argocd"` | | | argocd.namespace | string | `"argocd"` | |
| argocd.targetRevision | string | `"0.9.4"` | | | argocd.targetRevision | string | `"0.9.6"` | |
| cert-manager.enabled | bool | `false` | | | cert-manager.enabled | bool | `false` | |
| cert-manager.namespace | string | `"cert-manager"` | | | cert-manager.namespace | string | `"cert-manager"` | |
| cert-manager.targetRevision | string | `"0.8.0"` | | | cert-manager.targetRevision | string | `"0.8.2"` | |
| istio-ingress.enabled | bool | `false` | | | istio-ingress.enabled | bool | `false` | |
| istio-ingress.namespace | string | `"istio-ingress"` | | | istio-ingress.namespace | string | `"istio-ingress"` | |
| istio-ingress.targetRevision | string | `"0.7.6"` | | | istio-ingress.targetRevision | string | `"0.7.6"` | |
| istio.enabled | bool | `false` | | | istio.enabled | bool | `false` | |
| istio.namespace | string | `"istio-system"` | | | istio.namespace | string | `"istio-system"` | |
| istio.targetRevision | string | `"0.7.6"` | | | istio.targetRevision | string | `"0.7.6"` | |
| kiam.enabled | bool | `false` | |
| kiam.targetRevision | string | `"0.3.5"` | |
| kubezero.defaultTargetRevision | string | `"*"` | | | kubezero.defaultTargetRevision | string | `"*"` | |
| kubezero.gitSync | object | `{}` | | | kubezero.gitSync | object | `{}` | |
| kubezero.repoURL | string | `"https://cdn.zero-downtime.net/charts"` | | | kubezero.repoURL | string | `"https://cdn.zero-downtime.net/charts"` | |
| kubezero.server | string | `"https://kubernetes.default.svc"` | | | kubezero.server | string | `"https://kubernetes.default.svc"` | |
| logging.enabled | bool | `false` | | | logging.enabled | bool | `false` | |
| logging.namespace | string | `"logging"` | | | logging.namespace | string | `"logging"` | |
| logging.targetRevision | string | `"0.7.17"` | | | logging.targetRevision | string | `"0.7.19"` | |
| metrics.enabled | bool | `false` | | | metrics.enabled | bool | `false` | |
| metrics.istio.grafana | object | `{}` | | | metrics.istio.grafana | object | `{}` | |
| metrics.istio.prometheus | object | `{}` | | | metrics.istio.prometheus | object | `{}` | |
@ -56,11 +54,11 @@ Kubernetes: `>= 1.20.0`
| metrics.targetRevision | string | `"0.7.4"` | | | metrics.targetRevision | string | `"0.7.4"` | |
| network.enabled | bool | `false` | | | network.enabled | bool | `false` | |
| network.retain | bool | `true` | | | network.retain | bool | `true` | |
| network.targetRevision | string | `"0.1.0"` | | | network.targetRevision | string | `"0.1.7"` | |
| storage.aws-ebs-csi-driver.enabled | bool | `false` | | | storage.aws-ebs-csi-driver.enabled | bool | `false` | |
| storage.aws-efs-csi-driver.enabled | bool | `false` | | | storage.aws-efs-csi-driver.enabled | bool | `false` | |
| storage.enabled | bool | `false` | | | storage.enabled | bool | `false` | |
| storage.targetRevision | string | `"0.5.2"` | | | storage.targetRevision | string | `"0.5.7"` | |
---------------------------------------------- ----------------------------------------------
Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0)

View File

@ -1,20 +0,0 @@
{{- define "kiam-values" }}
kiam:
server:
assumeRoleArn: "{{ .Values.kiam.IamArn }}"
deployment:
replicas: {{ ternary 2 1 .Values.HighAvailableControlplane }}
prometheus:
servicemonitor:
enabled: {{ .Values.metrics.enabled }}
agent:
prometheus:
servicemonitor:
enabled: {{ .Values.metrics.enabled }}
{{- end }}
{{- define "kiam-argo" }}
{{- end }}
{{ include "kubezero-app.app" . }}

View File

@ -20,11 +20,6 @@ cert-manager:
namespace: cert-manager namespace: cert-manager
targetRevision: 0.8.2 targetRevision: 0.8.2
# deprecated - removed with 1.22
kiam:
enabled: false
targetRevision: 0.3.5
storage: storage:
enabled: false enabled: false
targetRevision: 0.5.7 targetRevision: 0.5.7
@ -54,7 +49,7 @@ metrics:
logging: logging:
enabled: false enabled: false
namespace: logging namespace: logging
targetRevision: 0.7.18 targetRevision: 0.8.0
argocd: argocd:
enabled: false enabled: false

View File

@ -13,8 +13,17 @@ mkdir -p $TMPDIR
[ -z "$DEBUG" ] && trap 'rm -rf $TMPDIR' ERR EXIT [ -z "$DEBUG" ] && trap 'rm -rf $TMPDIR' ERR EXIT
for dir in $(find -L $SRCROOT/charts -mindepth 1 -maxdepth 1 -type d);
do function reset_index() {
aws s3 sync $REPO_URL_S3/ $TMPDIR/
helm repo index $TMPDIR --url $REPO_URL
aws s3 cp $TMPDIR/index.yaml $REPO_URL_S3/ --cache-control max-age=1
}
function publish_chart() {
for dir in $(find -L $SRCROOT/charts -mindepth 1 -maxdepth 1 -type d);
do
name=$(basename $dir) name=$(basename $dir)
[[ $name =~ $CHARTS ]] || continue [[ $name =~ $CHARTS ]] || continue
@ -28,15 +37,17 @@ do
echo "Processing $dir" echo "Processing $dir"
helm lint $dir helm lint $dir
helm package -d $TMPDIR $dir helm package -d $TMPDIR $dir
done done
curl -L -s -o $TMPDIR/index.yaml ${REPO_URL}/index.yaml curl -L -s -o $TMPDIR/index.yaml ${REPO_URL}/index.yaml
helm repo index $TMPDIR --url $REPO_URL --merge $TMPDIR/index.yaml
helm repo index $TMPDIR --url $REPO_URL --merge $TMPDIR/index.yaml for p in $TMPDIR/*.tgz; do
for p in $TMPDIR/*.tgz; do
aws s3 cp $p $REPO_URL_S3/ aws s3 cp $p $REPO_URL_S3/
done done
aws s3 cp $TMPDIR/index.yaml $REPO_URL_S3/ --cache-control max-age=1 aws s3 cp $TMPDIR/index.yaml $REPO_URL_S3/ --cache-control max-age=1
}
rm -rf $TMPDIR
publish_chart
#reset_index