From a8cc1003eadd2adf3e004f2e01fa03d810e18de7 Mon Sep 17 00:00:00 2001 From: Stefan Reimer Date: Thu, 9 Dec 2021 14:03:34 +0100 Subject: [PATCH] feat: cert-manager version bump --- charts/kubezero-cert-manager/Chart.yaml | 13 ++--- charts/kubezero-cert-manager/README.md.gotmpl | 9 ++-- .../jsonnetfile.lock.json | 52 +++++++++---------- charts/kubezero/Chart.yaml | 2 +- charts/kubezero/values.yaml | 2 +- containers/admin/v1.21/kubeadm/README.md | 17 +++--- containers/admin/v1.21/kubezero_121.sh | 3 ++ 7 files changed, 52 insertions(+), 46 deletions(-) diff --git a/charts/kubezero-cert-manager/Chart.yaml b/charts/kubezero-cert-manager/Chart.yaml index 6faa09f..95c074c 100644 --- a/charts/kubezero-cert-manager/Chart.yaml +++ b/charts/kubezero-cert-manager/Chart.yaml @@ -2,21 +2,22 @@ apiVersion: v2 name: kubezero-cert-manager description: KubeZero Umbrella Chart for cert-manager type: application -version: 0.7.3 -appVersion: 1.5.3 +version: 0.8.0 +appVersion: 1.6.1 home: https://kubezero.com icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png keywords: - kubezero - cert-manager maintainers: - + - name: Stefan Reimer + email: stefan@zero-downtime.net dependencies: - name: kubezero-lib - version: ">= 0.1.3" + version: ">= 0.1.4" repository: https://cdn.zero-downtime.net/charts/ - name: cert-manager - version: 1.5.3 + version: 1.6.1 condition: cert-manager.enabled repository: https://charts.jetstack.io -kubeVersion: ">= 1.18.0" +kubeVersion: ">= 1.20.0" diff --git a/charts/kubezero-cert-manager/README.md.gotmpl b/charts/kubezero-cert-manager/README.md.gotmpl index 2a2c695..0d3b906 100644 --- a/charts/kubezero-cert-manager/README.md.gotmpl +++ b/charts/kubezero-cert-manager/README.md.gotmpl @@ -13,14 +13,11 @@ {{ template "chart.requirementsSection" . }} -## AWS - IAM Role -If you use kiam or kube2iam and restrict access on nodes running cert-manager please adjust: -``` -cert-manager.podAnnotations: - iam.amazonaws.com/role: -``` +## AWS - OIDC IAM roles ## Resolver Secrets If your resolvers need additional sercrets like CloudFlare API tokens etc. make sure to provide these secrets separatly matching your defined issuers. +## Resources +- [Backup & Restore](https://cert-manager.io/docs/tutorials/backup/) {{ template "chart.valuesSection" . }} diff --git a/charts/kubezero-cert-manager/jsonnetfile.lock.json b/charts/kubezero-cert-manager/jsonnetfile.lock.json index 31e99f6..6be481e 100644 --- a/charts/kubezero-cert-manager/jsonnetfile.lock.json +++ b/charts/kubezero-cert-manager/jsonnetfile.lock.json @@ -8,8 +8,8 @@ "subdir": "grafana" } }, - "version": "c3b14b24b83cfe9abf1064649d19e2d679f033fb", - "sum": "YrE4DNQsWgYWs6h0j/FjQETt8xDXdYdsslb1WK7xQEk=" + "version": "199e363523104ff8b3a12483a4e3eca86372b078", + "sum": "/jDHzVAjHB4AOLkJHw1GyATX5ogZ1iMdcJXZAgaG3+g=" }, { "source": { @@ -18,8 +18,8 @@ "subdir": "contrib/mixin" } }, - "version": "3df272774672366beb02c5447782805ab5fec957", - "sum": "5XhYOigrKipOWDbIn9hlrz7JcbelzvJnormxSaup9JI=" + "version": "29292aa7bdafaf65cb5e054591fe0ff07b36f5ee", + "sum": "cdKL5kPYfpWSpTCu4qctmh+gWQqL+4YWom6rw9qLYJU=" }, { "source": { @@ -28,7 +28,7 @@ "subdir": "grafonnet" } }, - "version": "19b27b272abf4263af1365ec485784c49815a332", + "version": "3626fc4dc2326931c530861ac5bebe39444f6cbf", "sum": "gF8foHByYcB25jcUOBqP6jxk0OPifQMjPvKY0HaCk6w=" }, { @@ -38,8 +38,8 @@ "subdir": "grafana-builder" } }, - "version": "b7eae75972a369bf8ebfb03dcb0d4c14464ef85a", - "sum": "GRf2GvwEU4jhXV+JOonXSZ4wdDv8mnHBPCQ6TUVd+g8=" + "version": "b102f9ac7d1290ac025c2a7ac99f7fd9a9948503", + "sum": "0KkygBQd/AFzUvVzezE4qF/uDYgrwUXVpZfINBti0oc=" }, { "source": { @@ -48,8 +48,8 @@ "subdir": "" } }, - "version": "ff4641bcd83314c955150bea6b147df9ca335c4a", - "sum": "oUVGwcCbmdH8qz9B+lbRawI9s23GY9HeW7MwYZRbZ/0=" + "version": "9821d07e94e9a9916575a234fb699ae3331fa939", + "sum": "xubNXyvDwUw9GZzi9BRb6ob3bYzfoMr5F5zCVn2d7ag=" }, { "source": { @@ -58,7 +58,7 @@ "subdir": "lib/promgrafonnet" } }, - "version": "ff4641bcd83314c955150bea6b147df9ca335c4a", + "version": "9821d07e94e9a9916575a234fb699ae3331fa939", "sum": "zv7hXGui6BfHzE9wPatHI/AGZa4A2WKo6pq7ZdqBsps=" }, { @@ -68,8 +68,8 @@ "subdir": "jsonnet/kube-state-metrics" } }, - "version": "8dab6f7472c26987ab7f8899a4a2f753fed8e8a8", - "sum": "S5qI+PJUdNeYOv76jH5nxwYS9N6U7CRxvyuB1wI4cTE=" + "version": "e3056ae518d0234105276ec916296923968ad294", + "sum": "U1wzIpTAtOvC1yj43Y8PfvT0JfvnAcMfNH12Wi+ab0Y=" }, { "source": { @@ -78,7 +78,7 @@ "subdir": "jsonnet/kube-state-metrics-mixin" } }, - "version": "8dab6f7472c26987ab7f8899a4a2f753fed8e8a8", + "version": "e3056ae518d0234105276ec916296923968ad294", "sum": "u8gaydJoxEjzizQ8jY8xSjYgWooPmxw+wIWdDxifMAk=" }, { @@ -88,8 +88,8 @@ "subdir": "jsonnet/kube-prometheus" } }, - "version": "a2eee1803a074fb40cad109d690732c22f0130cf", - "sum": "kqVnoNBux2YF1s03m+O3w/5jreAnjXx2/NjvNP1Hoy4=" + "version": "9ca30579f61ec51e63d87927d19b9d2a433c7e25", + "sum": "EYlmVYtdVovF3ziMZ9dhV0trzXww6YSz8A2tH2YF9Zw=" }, { "source": { @@ -98,8 +98,8 @@ "subdir": "jsonnet/mixin" } }, - "version": "42fc15967e35e0cca68cf935f844086edbc82d0e", - "sum": "6reUygVmQrLEWQzTKcH8ceDbvM+2ztK3z2VBR2K2l+U=", + "version": "335ebbc2f6ecf10b699821fa8cebcbff4a718ca7", + "sum": "qZ4WgiweaE6eeKtFK60QUjLO8sf2L9Q8fgafWvDcyfY=", "name": "prometheus-operator-mixin" }, { @@ -109,8 +109,8 @@ "subdir": "jsonnet/prometheus-operator" } }, - "version": "42fc15967e35e0cca68cf935f844086edbc82d0e", - "sum": "sECNXs/aIEreFUma1BWVyknBygqh3AVJEB3msmrAYYY=" + "version": "335ebbc2f6ecf10b699821fa8cebcbff4a718ca7", + "sum": "Vr2IY6Uz1lYYyGDF7QaEAVkJwAtOEikCfuXJN2eAUM0=" }, { "source": { @@ -119,7 +119,7 @@ "subdir": "doc/alertmanager-mixin" } }, - "version": "e35efbddb66a73fd8723be5334477e76f21fbd19", + "version": "e2a10119aaf7777fa523d216e05897c5b719134c", "sum": "pep+dHzfIjh2SU5pEkwilMCAT/NoL6YYflV4x8cr7vU=", "name": "alertmanager" }, @@ -130,8 +130,8 @@ "subdir": "docs/node-mixin" } }, - "version": "0e6b23c338e98809c9872c70a2f5dfa8d6d370d4", - "sum": "MnfAA4+l2BkgJncnYfV8uHC7CxHZut8+ap8KkEqyB5Y=" + "version": "7dbf35891570f9ce3bccb25a55176ea4923b35dd", + "sum": "MlWDAKGZ+JArozRKdKEvewHeWn8j2DNBzesJfLVd0dk=" }, { "source": { @@ -140,8 +140,8 @@ "subdir": "documentation/prometheus-mixin" } }, - "version": "a05b510fc32c3ecc2fc369002576179ae1cbcc23", - "sum": "m4VHwft4fUcxzL4+52lLZG/V5aH5ZEdjaweb88vISL0=", + "version": "c965a7555b7ffcee1a127d782abd5bb478a16750", + "sum": "ZjQoYhvgKwJNkg+h+m9lW3SYjnjv5Yx5btEipLhru88=", "name": "prometheus" }, { @@ -151,8 +151,8 @@ "subdir": "mixin" } }, - "version": "360b39e1c6ab3ac8dcefa225a6205142f9362c68", - "sum": "Og+wEHfgzXBvBLAeeQvGNoiCw3FY4LQHlJdpsG/owj8=", + "version": "d1acaea2a11a3e4db6bb435c98dea63c517e3530", + "sum": "1Y1cPIeoPg2nCAEhKPCt8bAGuwuOP2eZ3kVF432mlMA=", "name": "thanos-mixin" }, { diff --git a/charts/kubezero/Chart.yaml b/charts/kubezero/Chart.yaml index e7c5f71..4d9e16f 100644 --- a/charts/kubezero/Chart.yaml +++ b/charts/kubezero/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: kubezero description: KubeZero - Root App of Apps chart type: application -version: 1.21.7-6 +version: 1.21.7-7 home: https://kubezero.com icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png keywords: diff --git a/charts/kubezero/values.yaml b/charts/kubezero/values.yaml index 7148486..82cbc3e 100644 --- a/charts/kubezero/values.yaml +++ b/charts/kubezero/values.yaml @@ -18,7 +18,7 @@ network: cert-manager: enabled: false namespace: cert-manager - targetRevision: 0.7.3 + targetRevision: 0.8.0 # deprecated - removed with 1.22 kiam: diff --git a/containers/admin/v1.21/kubeadm/README.md b/containers/admin/v1.21/kubeadm/README.md index 8f1953a..c893431 100644 --- a/containers/admin/v1.21/kubeadm/README.md +++ b/containers/admin/v1.21/kubeadm/README.md @@ -20,25 +20,30 @@ Kubernetes: `>= 1.20.0` | Key | Type | Default | Description | |-----|------|---------|-------------| +| addons.aws-node-termination-handler.enabled | bool | `false` | | +| addons.aws-node-termination-handler.queueURL | string | `""` | arn:aws:sqs:${REGION}:${AWS_ACCOUNT_ID}:${CLUSTERNAME}_Nth | +| addons.clusterBackup.enabled | bool | `false` | | +| addons.clusterBackup.passwordFile | string | `""` | /etc/cloudbender/clusterBackup.passphrase | +| addons.clusterBackup.repository | string | `""` | s3:https://s3.amazonaws.com/${CFN[ConfigBucket]}/k8s/${CLUSTERNAME}/clusterBackup | | api.allEtcdEndpoints | string | `""` | | | api.apiAudiences | string | `"istio-ca"` | | +| api.awsIamAuth.enabled | bool | `false` | | +| api.awsIamAuth.kubeAdminRole | string | `"arn:aws:iam::000000000000:role/KubernetesNode"` | | +| api.awsIamAuth.workerNodeRole | string | `"arn:aws:iam::000000000000:role/KubernetesNode"` | | | api.endpoint | string | `"kube-api.changeme.org:6443"` | | | api.extraArgs | object | `{}` | | | api.listenPort | int | `6443` | | | api.oidcEndpoint | string | `""` | s3://${CFN[ConfigBucket]}/k8s/$CLUSTERNAME | | api.serviceAccountIssuer | string | `""` | https://s3.${REGION}.amazonaws.com/${CFN[ConfigBucket]}/k8s/$CLUSTERNAME | -| awsIamAuth.enabled | bool | `false` | | -| awsIamAuth.kubeAdminRole | string | `"arn:aws:iam::000000000000:role/KubernetesNode"` | | -| awsIamAuth.workerNodeRole | string | `"arn:aws:iam::000000000000:role/KubernetesNode"` | | -| backup.passwordFile | string | `""` | /etc/cloudbender/clusterBackup.passphrase | -| backup.repository | string | `""` | s3:https://s3.amazonaws.com/${CFN[ConfigBucket]}/k8s/${CLUSTERNAME}/clusterBackup | | clusterName | string | `"pleasechangeme"` | | | domain | string | `"changeme.org"` | | | etcd.extraArgs | object | `{}` | | | etcd.nodeName | string | `"set_via_cmdline"` | | | highAvailable | bool | `false` | | | listenAddress | string | `"0.0.0.0"` | Needs to be set to primary node IP | -| network.multus.enabled | bool | `true` | | +| network.calico.enabled | bool | `false` | | +| network.cilium.enabled | bool | `false` | | +| network.multus.enabled | bool | `false` | | | network.multus.tag | string | `"v3.8"` | | | nodeName | string | `"localhost"` | set to $HOSTNAME | | protectKernelDefaults | bool | `true` | | diff --git a/containers/admin/v1.21/kubezero_121.sh b/containers/admin/v1.21/kubezero_121.sh index 47116c7..49270d8 100755 --- a/containers/admin/v1.21/kubezero_121.sh +++ b/containers/admin/v1.21/kubezero_121.sh @@ -14,3 +14,6 @@ kubectl delete statefulset ebs-snapshot-controller -n kube-system kubectl delete deployment efs-csi-controller -n kube-system kubectl delete daemonSet efs-csi-node -n kube-system + +# Remove calico Servicemonitor in case still around +# kubectl delete servicemonitor calico-node -n kube-system