diff --git a/charts/kubezero-argocd/README.md b/charts/kubezero-argocd/README.md index fcd21f5d..9e5dab2f 100644 --- a/charts/kubezero-argocd/README.md +++ b/charts/kubezero-argocd/README.md @@ -34,7 +34,7 @@ Kubernetes: `>= 1.26.0` | argo-cd.configs.cm."ui.bannerpermanent" | string | `"true"` | | | argo-cd.configs.cm."ui.bannerposition" | string | `"bottom"` | | | argo-cd.configs.cm."ui.bannerurl" | string | `"https://kubezero.com/releases/v1.27"` | | -| argo-cd.configs.cm.url | string | `"argocd.example.com"` | | +| argo-cd.configs.cm.url | string | `"https://argocd.example.com"` | | | argo-cd.configs.knownHosts.data.ssh_known_hosts | string | `"bitbucket.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPIQmuzMBuKdWeF4+a2sjSSpBK0iqitSQ+5BM9KhpexuGt20JpTVM7u5BDZngncgrqDMbWdxMWWOGtZ9UgbqgZE=\nbitbucket.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIazEu89wgQZ4bqs3d63QSMzYVa0MuJ2e2gKTKqu+UUO\nbitbucket.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDQeJzhupRu0u0cdegZIa8e86EG2qOCsIsD1Xw0xSeiPDlCr7kq97NLmMbpKTX6Esc30NuoqEEHCuc7yWtwp8dI76EEEB1VqY9QJq6vk+aySyboD5QF61I/1WeTwu+deCbgKMGbUijeXhtfbxSxm6JwGrXrhBdofTsbKRUsrN1WoNgUa8uqN1Vx6WAJw1JHPhglEGGHea6QICwJOAr/6mrui/oB7pkaWKHj3z7d1IC4KWLtY47elvjbaTlkN04Kc/5LFEirorGYVbt15kAUlqGM65pk6ZBxtaO3+30LVlORZkxOh+LKL/BvbZ/iRNhItLqNyieoQj/uh/7Iv4uyH/cV/0b4WDSd3DptigWq84lJubb9t/DnZlrJazxyDCulTmKdOR7vs9gMTo+uoIrPSb8ScTtvw65+odKAlBj59dhnVp9zd7QUojOpXlL62Aw56U4oO+FALuevvMjiWeavKhJqlR7i5n9srYcrNV7ttmDw7kf/97P5zauIhxcjX+xHv4M=\ngithub.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg=\ngithub.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl\ngithub.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==\ngitlab.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFSMqzJeV9rUzU4kWitGjeR4PWSa29SPqJ1fVkhtj3Hw9xjLVXVYrU9QlYWrOLXBpQ6KWjbjTDTdDkoohFzgbEY=\ngitlab.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAfuCHKVTjquxvt6CM6tdG4SLp1Btn/nOeHHE5UOzRdf\ngitlab.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bNKTBSpIYDEGk9KxsGh3mySTRgMtXL583qmBpzeQ+jqCMRgBqB98u3z++J1sKlXHWfM9dyhSevkMwSbhoR8XIq/U0tCNyokEi/ueaBMCvbcTHhO7FcwzY92WK4Yt0aGROY5qX2UKSeOvuP4D6TPqKF1onrSzH9bx9XUf2lEdWT/ia1NEKjunUqu1xOB/StKDHMoX4/OKyIzuS0q/T1zOATthvasJFoPrAjkohTyaDUz2LN5JoH839hViyEG82yB+MjcFV5MU3N1l1QL3cVUCh93xSaua1N85qivl+siMkPGbO5xR/En4iEY6K2XPASUEMaieWVNTRCtJ4S8H+9\ngit.zero-downtime.net ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC8YdJ4YcOK7A0K7qOWsRjCS+wHTStXRcwBe7gjG43HPSNijiCKoGf/c+tfNsRhyouawg7Law6M6ahmS/jKWBpznRIM+OdOFVSuhnK/nr6h6wG3/ZfdLicyAPvx1/STGY/Fc6/zXA88i/9PV+g84gSVmhf3fGY92wokiASiu9DU4T9dT1gIkdyOX6fbMi1/mMKLSrHnAQcjyasYDvw9ISCJ95EoSwbj7O4c+7jo9fxYvdCfZZZAEZGozTRLAAO0AnjVcRah7bZV/jfHJuhOipV/TB7UVAhlVv1dfGV7hoTp9UKtKZFJF4cjIrSGxqQA/mdhSdLgkepK7yc4Jp2xGnaarhY29DfqsQqop+ugFpTbj7Xy5Rco07mXc6XssbAZhI1xtCOX20N4PufBuYippCK5AE6AiAyVtJmvfGQk4HP+TjOyhFo7PZm3wc9Hym7IBBVC0Sl30K8ddufkAgHwNGvvu1ZmD9ZWaMOXJDHBCZGMMr16QREZwVtZTwMEQalc7/yqmuqMhmcJIfs/GA2Lt91y+pq9C8XyeUL0VFPch0vkcLSRe3ghMZpRFJ/ht307xPcLzgTJqN6oQtNNDzSQglSEjwhge2K4GyWcIh+oGsWxWz5dHyk1iJmw90Y976BZIl/mYVgbTtZAJ81oGe/0k5rAe+LDL+Yq6tG28QFOg0QmiQ==\n"` | | | argo-cd.configs.params."controller.operation.processors" | string | `"5"` | | | argo-cd.configs.params."controller.status.processors" | string | `"10"` | | diff --git a/charts/kubezero-argocd/templates/istio-service.yaml b/charts/kubezero-argocd/templates/istio-service.yaml index a5bfbbdd..e3ed7b00 100644 --- a/charts/kubezero-argocd/templates/istio-service.yaml +++ b/charts/kubezero-argocd/templates/istio-service.yaml @@ -10,7 +10,7 @@ spec: gateways: - {{ .Values.istio.gateway }} hosts: - - {{ index .Values "argo-cd" "configs" "cm" "url" }} + - {{ get (urlParse (index .Values "argo-cd" "configs" "cm" "url")) "host" }} http: - name: grpc match: diff --git a/charts/kubezero-argocd/values.yaml b/charts/kubezero-argocd/values.yaml index 965c296d..1b82f5fe 100644 --- a/charts/kubezero-argocd/values.yaml +++ b/charts/kubezero-argocd/values.yaml @@ -35,8 +35,8 @@ argo-cd: ui.bannerpermanent: "true" ui.bannerposition: "bottom" - # argo-cd.server.config.url -- ArgoCD hostname to be exposed via Istio - url: argocd.example.com + # argo-cd.server.config.url -- ArgoCD URL being exposed via Istio + url: https://argocd.example.com timeout.reconciliation: 300 diff --git a/charts/kubezero-ci/README.md b/charts/kubezero-ci/README.md index 06c8d486..ecd3c596 100644 --- a/charts/kubezero-ci/README.md +++ b/charts/kubezero-ci/README.md @@ -1,6 +1,6 @@ # kubezero-ci -![Version: 0.8.3](https://img.shields.io/badge/Version-0.8.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) +![Version: 0.8.4](https://img.shields.io/badge/Version-0.8.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) KubeZero umbrella chart for all things CI @@ -20,9 +20,9 @@ Kubernetes: `>= 1.25.0` |------------|------|---------| | https://aquasecurity.github.io/helm-charts/ | trivy | 0.7.0 | | https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.6 | -| https://charts.jenkins.io | jenkins | 4.8.3 | -| https://dl.gitea.io/charts/ | gitea | 9.6.0 | -| https://docs.renovatebot.com/helm-charts | renovate | 37.64.3 | +| https://charts.jenkins.io | jenkins | 4.9.1 | +| https://dl.gitea.io/charts/ | gitea | 9.6.1 | +| https://docs.renovatebot.com/helm-charts | renovate | 37.68.4 | # Jenkins - default build retention 10 builds, 32days @@ -84,6 +84,7 @@ Kubernetes: `>= 1.25.0` | gitea.securityContext.capabilities.drop[0] | string | `"ALL"` | | | gitea.strategy.type | string | `"Recreate"` | | | gitea.test.enabled | bool | `false` | | +| jenkins.agent.annotations."container.apparmor.security.beta.kubernetes.io/jnlp" | string | `"unconfined"` | | | jenkins.agent.containerCap | int | `2` | | | jenkins.agent.customJenkinsLabels[0] | string | `"podman-aws-trivy"` | | | jenkins.agent.idleMinutes | int | `30` | | diff --git a/charts/kubezero-ci/values.yaml b/charts/kubezero-ci/values.yaml index 667faa42..f953fe75 100644 --- a/charts/kubezero-ci/values.yaml +++ b/charts/kubezero-ci/values.yaml @@ -250,7 +250,7 @@ jenkins: trivy: enabled: false image: - tag: 0.45.1 + tag: 0.47.0 persistence: enabled: true size: 1Gi diff --git a/charts/kubezero-metrics/values.yaml b/charts/kubezero-metrics/values.yaml index 147fb061..671963ba 100644 --- a/charts/kubezero-metrics/values.yaml +++ b/charts/kubezero-metrics/values.yaml @@ -318,6 +318,7 @@ kube-prometheus-stack: prometheus-adapter: enabled: true logLevel: 1 + metricsRelistInterval: 3m prometheus: url: http://metrics-kube-prometheus-st-prometheus tolerations: @@ -334,11 +335,11 @@ prometheus-adapter: containerQuery: | sum by (<<.GroupBy>>) ( irate ( - container_cpu_usage_seconds_total{<<.LabelMatchers>>,container!="",pod!=""}[60s] + container_cpu_usage_seconds_total{<<.LabelMatchers>>,container!="",pod!=""}[120s] ) ) nodeQuery: | - sum(1 - irate(node_cpu_seconds_total{<<.LabelMatchers>>, mode="idle"}[60s])) by (<<.GroupBy>>) + sum(1 - irate(node_cpu_seconds_total{<<.LabelMatchers>>, mode="idle"}[120s])) by (<<.GroupBy>>) resources: overrides: instance: @@ -364,7 +365,7 @@ prometheus-adapter: pod: resource: pod containerLabel: container - window: 5m + window: 2m # Pushgateway prometheus-pushgateway: diff --git a/docs/v1.27.md b/docs/v1.27.md index 4dbec096..8ba86f4c 100644 --- a/docs/v1.27.md +++ b/docs/v1.27.md @@ -5,6 +5,7 @@ ## What's new - Major themes - all KubeZero and support AMIs based on latest Alpine 3.18.4 - updated and improved hardening of Istio Ingress Gateways +- IPv6 support for Ingress - moved ECK operator into new kubezero-operators module - new, optional, OpenSearch operator - all instances now enforce IMDSv2