diff --git a/admin/dev_apply.sh b/admin/dev_apply.sh index 53b5555c..1e75ba9f 100755 --- a/admin/dev_apply.sh +++ b/admin/dev_apply.sh @@ -19,6 +19,22 @@ SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) . "$SCRIPT_DIR"/libhelm.sh CHARTS="$(dirname $SCRIPT_DIR)/charts" +# Guess platform from current context +_auth_cmd=$(kubectl config view | yq .users[0].user.exec.command) +if [ "$_auth_cmd" == "gke-gcloud-auth-plugin" ]; then + PLATFORM=gke +elif [ "$_auth_cmd" == "aws-iam-authenticator" ]; then + PLATFORM=aws +else + PLATFORM=nocloud +fi + +parse_version() { + echo $([[ $1 =~ ^v[0-9]+\.[0-9]+\.[0-9]+ ]] && echo "${BASH_REMATCH[0]//v/}") +} + +KUBE_VERSION=$(parse_version $KUBE_VERSION) + ### Various hooks for modules ################ @@ -71,7 +87,7 @@ if [ ${ARTIFACTS[0]} == "all" ]; then fi # Delete in reverse order, continue even if errors -if [ $ACTION == "delete" ]; then +if [ "$ACTION" == "delete" ]; then set +e for (( idx=${#ARTIFACTS[@]}-1 ; idx>=0 ; idx-- )) ; do _helm delete ${ARTIFACTS[idx]} || true diff --git a/admin/kubezero.sh b/admin/kubezero.sh index a84975b0..ff59db1e 100755 --- a/admin/kubezero.sh +++ b/admin/kubezero.sh @@ -66,6 +66,7 @@ render_kubeadm() { parse_kubezero() { export CLUSTERNAME=$(yq eval '.global.clusterName // .clusterName' ${HOSTFS}/etc/kubernetes/kubeadm-values.yaml) + export PLATFORM=$(yq eval '.global.platform // "nocloud"' ${HOSTFS}/etc/kubernetes/kubeadm-values.yaml) export HIGHAVAILABLE=$(yq eval '.global.highAvailable // .highAvailable // "false"' ${HOSTFS}/etc/kubernetes/kubeadm-values.yaml) export ETCD_NODENAME=$(yq eval '.etcd.nodeName' ${HOSTFS}/etc/kubernetes/kubeadm-values.yaml) export NODENAME=$(yq eval '.nodeName' ${HOSTFS}/etc/kubernetes/kubeadm-values.yaml) diff --git a/admin/libhelm.sh b/admin/libhelm.sh index b1aca74d..1774adb6 100644 --- a/admin/libhelm.sh +++ b/admin/libhelm.sh @@ -34,9 +34,11 @@ function argo_used() { # get kubezero-values from ArgoCD if available or use in-cluster CM without Argo function get_kubezero_values() { + local _namespace="kube-system" + [ "$PLATFORM" == "gke" ] && _namespace=kubezero argo_used && \ { kubectl get application kubezero -n argocd -o yaml | yq .spec.source.helm.values > ${WORKDIR}/kubezero-values.yaml; } || \ - { kubectl get configmap -n kube-system kubezero-values -o yaml | yq '.data."values.yaml"' > ${WORKDIR}/kubezero-values.yaml ;} + { kubectl get configmap -n $_namespace kubezero-values -o yaml | yq '.data."values.yaml"' > ${WORKDIR}/kubezero-values.yaml ;} } @@ -169,14 +171,14 @@ function _helm() { yq eval '.spec.source.helm.values' $WORKDIR/kubezero/templates/${module}.yaml > $WORKDIR/values.yaml - echo "using values to $action of module $module: " - cat $WORKDIR/values.yaml - if [ $action == "crds" ]; then # Allow custom CRD handling declare -F ${module}-crds && ${module}-crds || _crds elif [ $action == "apply" ]; then + echo "using values to $action of module $module: " + cat $WORKDIR/values.yaml + # namespace must exist prior to apply create_ns $namespace diff --git a/charts/kubezero-argo/Chart.yaml b/charts/kubezero-argo/Chart.yaml index baedc483..bb243482 100644 --- a/charts/kubezero-argo/Chart.yaml +++ b/charts/kubezero-argo/Chart.yaml @@ -33,4 +33,4 @@ dependencies: version: 0.11.0 repository: https://argoproj.github.io/argo-helm condition: argocd-image-updater.enabled -kubeVersion: ">= 1.26.0" +kubeVersion: ">= 1.26.0-0" diff --git a/charts/kubezero-argo/README.md b/charts/kubezero-argo/README.md index f58b1ae9..b7afac0e 100644 --- a/charts/kubezero-argo/README.md +++ b/charts/kubezero-argo/README.md @@ -14,7 +14,7 @@ KubeZero Argo - Events, Workflow, CD ## Requirements -Kubernetes: `>= 1.26.0` +Kubernetes: `>= 1.26.0-0` | Repository | Name | Version | |------------|------|---------| @@ -65,7 +65,7 @@ Kubernetes: `>= 1.26.0` | argo-cd.repoServer.initContainers[0].command[0] | string | `"/usr/local/bin/sa2kubeconfig.sh"` | | | argo-cd.repoServer.initContainers[0].command[1] | string | `"/home/argocd/.kube/config"` | | | argo-cd.repoServer.initContainers[0].image | string | `"{{ default .Values.global.image.repository .Values.repoServer.image.repository }}:{{ default (include \"argo-cd.defaultTag\" .) .Values.repoServer.image.tag }}"` | | -| argo-cd.repoServer.initContainers[0].imagePullPolicy | string | `"IfNotPresent"` | | +| argo-cd.repoServer.initContainers[0].imagePullPolicy | string | `"{{ default .Values.global.image.imagePullPolicy .Values.repoServer.image.imagePullPolicy }}"` | | | argo-cd.repoServer.initContainers[0].name | string | `"create-kubeconfig"` | | | argo-cd.repoServer.initContainers[0].securityContext.allowPrivilegeEscalation | bool | `false` | | | argo-cd.repoServer.initContainers[0].securityContext.capabilities.drop[0] | string | `"ALL"` | | diff --git a/charts/kubezero-argo/values.yaml b/charts/kubezero-argo/values.yaml index 53d3069d..936e5380 100644 --- a/charts/kubezero-argo/values.yaml +++ b/charts/kubezero-argo/values.yaml @@ -91,7 +91,7 @@ argo-cd: secret: createSecret: false - # `htpasswd -nbBC 10 "" $ARGO_PWD | tr -d ':\n' | sed 's/$2y/$2a/'` + # `htpasswd -nbBC 10 "" $ARGO_PWD | tr -d ':\n' | sed 's/$2y/$2a/' | base64 -w0` # argocdServerAdminPassword: "$2a$10$ivKzaXVxMqdeDSfS3nqi1Od3iDbnL7oXrixzDfZFRHlXHnAG6LydG" # argocdServerAdminPassword: "ref+file://secrets.yaml#/test" # argocdServerAdminPasswordMtime: "2020-04-24T15:33:09BST" diff --git a/charts/kubezero-cert-manager/Chart.yaml b/charts/kubezero-cert-manager/Chart.yaml index 08203b59..ed8156a9 100644 --- a/charts/kubezero-cert-manager/Chart.yaml +++ b/charts/kubezero-cert-manager/Chart.yaml @@ -18,4 +18,4 @@ dependencies: - name: cert-manager version: v1.15.2 repository: https://charts.jetstack.io -kubeVersion: ">= 1.26.0" +kubeVersion: ">= 1.26.0-0" diff --git a/charts/kubezero-cert-manager/README.md b/charts/kubezero-cert-manager/README.md index 4f3fcef9..35a8d7ef 100644 --- a/charts/kubezero-cert-manager/README.md +++ b/charts/kubezero-cert-manager/README.md @@ -1,6 +1,6 @@ # kubezero-cert-manager -![Version: 0.9.8](https://img.shields.io/badge/Version-0.9.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) +![Version: 0.9.9](https://img.shields.io/badge/Version-0.9.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) KubeZero Umbrella Chart for cert-manager @@ -14,12 +14,12 @@ KubeZero Umbrella Chart for cert-manager ## Requirements -Kubernetes: `>= 1.26.0` +Kubernetes: `>= 1.26.0-0` | Repository | Name | Version | |------------|------|---------| | https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.6 | -| https://charts.jetstack.io | cert-manager | v1.15.1 | +| https://charts.jetstack.io | cert-manager | v1.15.2 | ## AWS - OIDC IAM roles @@ -34,9 +34,6 @@ If your resolvers need additional sercrets like CloudFlare API tokens etc. make |-----|------|---------|-------------| | cert-manager.cainjector.extraArgs[0] | string | `"--logging-format=json"` | | | cert-manager.cainjector.extraArgs[1] | string | `"--leader-elect=false"` | | -| cert-manager.cainjector.nodeSelector."node-role.kubernetes.io/control-plane" | string | `""` | | -| cert-manager.cainjector.tolerations[0].effect | string | `"NoSchedule"` | | -| cert-manager.cainjector.tolerations[0].key | string | `"node-role.kubernetes.io/control-plane"` | | | cert-manager.crds.enabled | bool | `true` | | | cert-manager.enableCertificateOwnerRef | bool | `true` | | | cert-manager.enabled | bool | `true` | | @@ -46,15 +43,9 @@ If your resolvers need additional sercrets like CloudFlare API tokens etc. make | cert-manager.global.leaderElection.namespace | string | `"cert-manager"` | | | cert-manager.ingressShim.defaultIssuerKind | string | `"ClusterIssuer"` | | | cert-manager.ingressShim.defaultIssuerName | string | `"letsencrypt-dns-prod"` | | -| cert-manager.nodeSelector."node-role.kubernetes.io/control-plane" | string | `""` | | | cert-manager.prometheus.servicemonitor.enabled | bool | `false` | | | cert-manager.startupapicheck.enabled | bool | `false` | | -| cert-manager.tolerations[0].effect | string | `"NoSchedule"` | | -| cert-manager.tolerations[0].key | string | `"node-role.kubernetes.io/control-plane"` | | | cert-manager.webhook.extraArgs[0] | string | `"--logging-format=json"` | | -| cert-manager.webhook.nodeSelector."node-role.kubernetes.io/control-plane" | string | `""` | | -| cert-manager.webhook.tolerations[0].effect | string | `"NoSchedule"` | | -| cert-manager.webhook.tolerations[0].key | string | `"node-role.kubernetes.io/control-plane"` | | | clusterIssuer | object | `{}` | | | localCA.enabled | bool | `false` | | | localCA.selfsigning | bool | `true` | | diff --git a/charts/kubezero-cert-manager/jsonnetfile.lock.json b/charts/kubezero-cert-manager/jsonnetfile.lock.json index 80cbb9e6..7257aa75 100644 --- a/charts/kubezero-cert-manager/jsonnetfile.lock.json +++ b/charts/kubezero-cert-manager/jsonnetfile.lock.json @@ -18,7 +18,7 @@ "subdir": "contrib/mixin" } }, - "version": "010d462c0ff03a70f5c5fd32efbb76ad4c1e7c81", + "version": "df4e472a2d09813560ba44b21a29c0453dbec18c", "sum": "IXI3LQIT9NmTPJAk8WLUJd5+qZfcGpeNCyWIK7oEpws=" }, { @@ -58,7 +58,7 @@ "subdir": "gen/grafonnet-latest" } }, - "version": "5a66b0f6a0f4f7caec754dd39a0e263b56a0f90a", + "version": "733beadbc8dab55c5fe1bcdcf0d8a2d215759a55", "sum": "eyuJ0jOXeA4MrobbNgU4/v5a7ASDHslHZ0eS6hDdWoI=" }, { @@ -68,7 +68,7 @@ "subdir": "gen/grafonnet-v10.0.0" } }, - "version": "5a66b0f6a0f4f7caec754dd39a0e263b56a0f90a", + "version": "733beadbc8dab55c5fe1bcdcf0d8a2d215759a55", "sum": "xdcrJPJlpkq4+5LpGwN4tPAuheNNLXZjE6tDcyvFjr0=" }, { @@ -78,8 +78,8 @@ "subdir": "gen/grafonnet-v11.0.0" } }, - "version": "5a66b0f6a0f4f7caec754dd39a0e263b56a0f90a", - "sum": "Fuo+qTZZzF+sHDBWX/8fkPsUmwW6qhH8hRVz45HznfI=" + "version": "733beadbc8dab55c5fe1bcdcf0d8a2d215759a55", + "sum": "0BvzR0i4bS4hc2O3xDv6i9m52z7mPrjvqxtcPrGhynA=" }, { "source": { @@ -88,8 +88,8 @@ "subdir": "grafana-builder" } }, - "version": "1d877bb0651ef92176f651d0be473c06e372a8a0", - "sum": "udZaafkbKYMGodLqsFhEe+Oy/St2p0edrK7hiMPEey0=" + "version": "d9ba581fb27aa6689e911f288d4df06948eb8aad", + "sum": "yxqWcq/N3E/a/XreeU6EuE6X7kYPnG0AspAQFKOjASo=" }, { "source": { @@ -128,8 +128,8 @@ "subdir": "" } }, - "version": "3dfa72d1d1ab31a686b1f52ec28bbf77c972bd23", - "sum": "7ufhpvzoDqAYLrfAsGkTAIRmu2yWQkmHukTE//jOsJU=" + "version": "1b71e399caee334af8ba2d15d0dd615043a652d0", + "sum": "qcRxavmCpuWQuwCMqYaOZ+soA8jxwWLrK7LYqohN5NA=" }, { "source": { @@ -138,8 +138,8 @@ "subdir": "jsonnet/kube-state-metrics" } }, - "version": "7104d579e93d672754c018a924d6c3f7ec23874e", - "sum": "pvInhJNQVDOcC3NGWRMKRIP954mAvLXCQpTlafIg7fA=" + "version": "f8aa7d9bb9d8e29876e19f4859391a54a7e61d63", + "sum": "lO7jUSzAIy8Yk9pOWJIWgPRhubkWzVh56W6wtYfbVH4=" }, { "source": { @@ -148,7 +148,7 @@ "subdir": "jsonnet/kube-state-metrics-mixin" } }, - "version": "7104d579e93d672754c018a924d6c3f7ec23874e", + "version": "f8aa7d9bb9d8e29876e19f4859391a54a7e61d63", "sum": "qclI7LwucTjBef3PkGBkKxF0mfZPbHnn4rlNWKGtR4c=" }, { @@ -158,8 +158,8 @@ "subdir": "jsonnet/kube-prometheus" } }, - "version": "defa2bd1e242519c62a5c2b3b786b1caa6d906d4", - "sum": "INKeZ+QIIPImq+TrfHT8CpYdoRzzxRk0txG07XlOo/Q=" + "version": "33c43a4067a174a99529e41d537eef290a7028ea", + "sum": "/jU8uXWR202aR7K/3zOefhc4JBUAUkTdHvE9rhfzI/g=" }, { "source": { @@ -168,7 +168,7 @@ "subdir": "jsonnet/mixin" } }, - "version": "609424db53853b992277b7a9a0e5cf59f4cc24f3", + "version": "aa74b0d377d32648ca50f2531fe2253895629d9f", "sum": "gi+knjdxs2T715iIQIntrimbHRgHnpM8IFBJDD1gYfs=", "name": "prometheus-operator-mixin" }, @@ -179,8 +179,8 @@ "subdir": "jsonnet/prometheus-operator" } }, - "version": "609424db53853b992277b7a9a0e5cf59f4cc24f3", - "sum": "z2/5LjQpWC7snhT+n/mtQqoy5986uI95sTqcKQziwGU=" + "version": "aa74b0d377d32648ca50f2531fe2253895629d9f", + "sum": "EZR4sBAtmFRsUR7U4SybuBUhK9ncMCvEu9xHtu8B9KA=" }, { "source": { @@ -189,7 +189,7 @@ "subdir": "doc/alertmanager-mixin" } }, - "version": "eb8369ec510d76f63901379a8437c4b55885d6c5", + "version": "27b6eb7ce02680c84b9a06503edbddc9213f586d", "sum": "IpF46ZXsm+0wJJAPtAre8+yxTNZA57mBqGpBP/r7/kw=", "name": "alertmanager" }, @@ -210,7 +210,7 @@ "subdir": "documentation/prometheus-mixin" } }, - "version": "ac85bd47e1cfa0d63520e4c0b4e26900c42c326b", + "version": "616038f2b64656b2c9c6053f02aee544c5b8bb17", "sum": "dYLcLzGH4yF3qB7OGC/7z4nqeTNjv42L7Q3BENU8XJI=", "name": "prometheus" }, @@ -232,7 +232,7 @@ "subdir": "mixin" } }, - "version": "35c0dbec856f97683a846e9c53f83156a3a44ff3", + "version": "dcadaae80fcce1fb05452b37ca8d3b2809d7cef9", "sum": "HhSSbGGCNHCMy1ee5jElYDm0yS9Vesa7QB2/SHKdjsY=", "name": "thanos-mixin" } diff --git a/charts/kubezero-cert-manager/values.yaml b/charts/kubezero-cert-manager/values.yaml index a0913d98..2706d22b 100644 --- a/charts/kubezero-cert-manager/values.yaml +++ b/charts/kubezero-cert-manager/values.yaml @@ -61,31 +61,15 @@ cert-manager: # mountPath: "/var/run/secrets/sts.amazonaws.com/serviceaccount/" # readOnly: true - tolerations: - - key: node-role.kubernetes.io/control-plane - effect: NoSchedule - nodeSelector: - node-role.kubernetes.io/control-plane: "" - ingressShim: defaultIssuerName: letsencrypt-dns-prod defaultIssuerKind: ClusterIssuer webhook: - tolerations: - - key: node-role.kubernetes.io/control-plane - effect: NoSchedule - nodeSelector: - node-role.kubernetes.io/control-plane: "" extraArgs: - "--logging-format=json" cainjector: - tolerations: - - key: node-role.kubernetes.io/control-plane - effect: NoSchedule - nodeSelector: - node-role.kubernetes.io/control-plane: "" extraArgs: - "--logging-format=json" - "--leader-elect=false" diff --git a/charts/kubezero-istio-gateway/Chart.yaml b/charts/kubezero-istio-gateway/Chart.yaml index 06f0ed17..30e8ff90 100644 --- a/charts/kubezero-istio-gateway/Chart.yaml +++ b/charts/kubezero-istio-gateway/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: kubezero-istio-gateway description: KubeZero Umbrella Chart for Istio gateways type: application -version: 0.22.3 +version: 0.22.3-1 home: https://kubezero.com icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png keywords: @@ -19,4 +19,4 @@ dependencies: - name: gateway version: 1.22.3 repository: https://istio-release.storage.googleapis.com/charts -kubeVersion: ">= 1.26.0" +kubeVersion: ">= 1.26.0-0" diff --git a/charts/kubezero-istio-gateway/README.md b/charts/kubezero-istio-gateway/README.md index 7d723183..dabe0f78 100644 --- a/charts/kubezero-istio-gateway/README.md +++ b/charts/kubezero-istio-gateway/README.md @@ -1,6 +1,6 @@ # kubezero-istio-gateway -![Version: 0.22.3](https://img.shields.io/badge/Version-0.22.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) +![Version: 0.22.3-1](https://img.shields.io/badge/Version-0.22.3--1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) KubeZero Umbrella Chart for Istio gateways @@ -16,7 +16,7 @@ Installs Istio Ingress Gateways, requires kubezero-istio to be installed ! ## Requirements -Kubernetes: `>= 1.26.0` +Kubernetes: `>= 1.26.0-0` | Repository | Name | Version | |------------|------|---------| @@ -33,7 +33,6 @@ Kubernetes: `>= 1.26.0` | gateway.autoscaling.minReplicas | int | `1` | | | gateway.autoscaling.targetCPUUtilizationPercentage | int | `80` | | | gateway.podAnnotations."proxy.istio.io/config" | string | `"{ \"terminationDrainDuration\": \"20s\" }"` | | -| gateway.priorityClassName | string | `"system-cluster-critical"` | | | gateway.replicaCount | int | `1` | | | gateway.resources.limits.memory | string | `"512Mi"` | | | gateway.resources.requests.cpu | string | `"50m"` | | diff --git a/charts/kubezero-istio-gateway/values.yaml b/charts/kubezero-istio-gateway/values.yaml index ae51063b..86c859c5 100644 --- a/charts/kubezero-istio-gateway/values.yaml +++ b/charts/kubezero-istio-gateway/values.yaml @@ -8,7 +8,6 @@ gateway: replicaCount: 1 terminationGracePeriodSeconds: 120 - priorityClassName: system-cluster-critical resources: requests: diff --git a/charts/kubezero-istio/Chart.yaml b/charts/kubezero-istio/Chart.yaml index ddc24d02..39507c0a 100644 --- a/charts/kubezero-istio/Chart.yaml +++ b/charts/kubezero-istio/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: kubezero-istio description: KubeZero Umbrella Chart for Istio type: application -version: 0.22.3 +version: 0.22.3-1 home: https://kubezero.com icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png keywords: @@ -22,7 +22,7 @@ dependencies: version: 1.22.3 repository: https://istio-release.storage.googleapis.com/charts - name: kiali-server - version: "1.87.0" + version: "1.88.0" repository: https://kiali.org/helm-charts condition: kiali-server.enabled -kubeVersion: ">= 1.26.0" +kubeVersion: ">= 1.26.0-0" diff --git a/charts/kubezero-istio/README.md b/charts/kubezero-istio/README.md index 3a84a75d..99f2a6ac 100644 --- a/charts/kubezero-istio/README.md +++ b/charts/kubezero-istio/README.md @@ -1,6 +1,6 @@ # kubezero-istio -![Version: 0.22.3](https://img.shields.io/badge/Version-0.22.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) +![Version: 0.22.3-1](https://img.shields.io/badge/Version-0.22.3--1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) KubeZero Umbrella Chart for Istio @@ -16,14 +16,14 @@ Installs the Istio control plane ## Requirements -Kubernetes: `>= 1.26.0` +Kubernetes: `>= 1.26.0-0` | Repository | Name | Version | |------------|------|---------| | https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.6 | | https://istio-release.storage.googleapis.com/charts | base | 1.22.3 | | https://istio-release.storage.googleapis.com/charts | istiod | 1.22.3 | -| https://kiali.org/helm-charts | kiali-server | 1.87.0 | +| https://kiali.org/helm-charts | kiali-server | 1.88.0 | ## Values @@ -31,19 +31,15 @@ Kubernetes: `>= 1.26.0` |-----|------|---------|-------------| | global.defaultPodDisruptionBudget.enabled | bool | `false` | | | global.logAsJson | bool | `true` | | -| global.priorityClassName | string | `"system-cluster-critical"` | | | global.variant | string | `"distroless"` | | | istiod.meshConfig.accessLogEncoding | string | `"JSON"` | | | istiod.meshConfig.accessLogFile | string | `"/dev/stdout"` | | | istiod.meshConfig.tcpKeepalive.interval | string | `"60s"` | | | istiod.meshConfig.tcpKeepalive.time | string | `"120s"` | | | istiod.pilot.autoscaleEnabled | bool | `false` | | -| istiod.pilot.nodeSelector."node-role.kubernetes.io/control-plane" | string | `""` | | | istiod.pilot.replicaCount | int | `1` | | | istiod.pilot.resources.requests.cpu | string | `"100m"` | | | istiod.pilot.resources.requests.memory | string | `"128Mi"` | | -| istiod.pilot.tolerations[0].effect | string | `"NoSchedule"` | | -| istiod.pilot.tolerations[0].key | string | `"node-role.kubernetes.io/control-plane"` | | | istiod.telemetry.enabled | bool | `false` | | | kiali-server.auth.strategy | string | `"anonymous"` | | | kiali-server.deployment.ingress_enabled | bool | `false` | | diff --git a/charts/kubezero-istio/values.yaml b/charts/kubezero-istio/values.yaml index bc0716fb..71b44e3b 100644 --- a/charts/kubezero-istio/values.yaml +++ b/charts/kubezero-istio/values.yaml @@ -6,19 +6,11 @@ global: defaultPodDisruptionBudget: enabled: false - priorityClassName: "system-cluster-critical" - istiod: pilot: autoscaleEnabled: false replicaCount: 1 - nodeSelector: - node-role.kubernetes.io/control-plane: "" - tolerations: - - key: node-role.kubernetes.io/control-plane - effect: NoSchedule - resources: requests: cpu: 100m @@ -57,7 +49,7 @@ kiali-server: prometheus: url: "http://metrics-kube-prometheus-st-prometheus.monitoring:9090" - + istio: enabled: false gateway: istio-ingress/private-ingressgateway diff --git a/charts/kubezero/Chart.yaml b/charts/kubezero/Chart.yaml index cfed442b..862dcabd 100644 --- a/charts/kubezero/Chart.yaml +++ b/charts/kubezero/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: kubezero description: KubeZero - Root App of Apps chart type: application -version: 1.29.7 +version: 1.29.7-1 home: https://kubezero.com icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png keywords: @@ -15,4 +15,4 @@ dependencies: - name: kubezero-lib version: ">= 0.1.6" repository: https://cdn.zero-downtime.net/charts -kubeVersion: ">= 1.26.0" +kubeVersion: ">= 1.26.0-0" diff --git a/charts/kubezero/templates/cert-manager.yaml b/charts/kubezero/templates/cert-manager.yaml index b920d150..e0083796 100644 --- a/charts/kubezero/templates/cert-manager.yaml +++ b/charts/kubezero/templates/cert-manager.yaml @@ -9,10 +9,29 @@ cert-manager: type: Recreate {{- end }} - prometheus: - servicemonitor: - enabled: {{ $.Values.metrics.enabled }} -{{ with index .Values "cert-manager" "IamArn" }} + {{- if eq .Values.global.platform "aws" }} + # map everything to the control-plane + nodeSelector: + node-role.kubernetes.io/control-plane: "" + tolerations: + - key: node-role.kubernetes.io/control-plane + effect: NoSchedule + + webhook: + tolerations: + - key: node-role.kubernetes.io/control-plane + effect: NoSchedule + nodeSelector: + node-role.kubernetes.io/control-plane: "" + + cainjector: + tolerations: + - key: node-role.kubernetes.io/control-plane + effect: NoSchedule + nodeSelector: + node-role.kubernetes.io/control-plane: "" + + {{ with index .Values "cert-manager" "IamArn" }} extraEnv: - name: AWS_ROLE_ARN value: "{{ . }}" @@ -34,7 +53,19 @@ cert-manager: - name: aws-token mountPath: "/var/run/secrets/sts.amazonaws.com/serviceaccount/" readOnly: true -{{- end }} + {{- end }} + + {{- end }} + + {{- if eq .Values.global.platform "gke" }} + serviceAccount: + annotations: + iam.gke.io/gcp-service-account: "dns01-solver@{{ .Values.global.gcp.projectId }}.iam.gserviceaccount.com" + {{- end }} + + prometheus: + servicemonitor: + enabled: {{ $.Values.metrics.enabled }} {{- with index .Values "cert-manager" "clusterIssuer" }} clusterIssuer: diff --git a/charts/kubezero/templates/istio-ingress.yaml b/charts/kubezero/templates/istio-ingress.yaml index 1c170e8f..cdfa3e45 100644 --- a/charts/kubezero/templates/istio-ingress.yaml +++ b/charts/kubezero/templates/istio-ingress.yaml @@ -3,6 +3,10 @@ gateway: name: istio-ingressgateway + {{- if ne .Values.global.platform "gke" }} + priorityClassName: "system-cluster-critical" + {{- end }} + {{- with index .Values "istio-ingress" "gateway" "replicaCount" }} replicaCount: {{ . }} {{- if gt (int .) 1 }} @@ -11,7 +15,7 @@ gateway: {{- end }} {{- end }} - {{- if not (index .Values "istio-ingress" "gateway" "affinity") }} + {{- if eq .Values.global.platform "aws" }} # Only nodes who are fronted with matching LB affinity: nodeAffinity: diff --git a/charts/kubezero/templates/istio.yaml b/charts/kubezero/templates/istio.yaml index 0b0719ac..9705bf96 100644 --- a/charts/kubezero/templates/istio.yaml +++ b/charts/kubezero/templates/istio.yaml @@ -1,21 +1,37 @@ {{- define "istio-values" }} + +{{- if .Values.global.highAvailable }} +global: + defaultPodDisruptionBudget: + enabled: true + {{- if ne .Values.global.platform "gke" }} + priorityClassName: "system-cluster-critical" + {{- end }} +{{- end }} + istiod: telemetry: enabled: {{ $.Values.metrics.enabled }} pilot: +{{- if eq .Values.global.platform "aws" }} + nodeSelector: + node-role.kubernetes.io/control-plane: "" + tolerations: + - key: node-role.kubernetes.io/control-plane + effect: NoSchedule +{{- end }} {{- if .Values.global.highAvailable }} replicaCount: 2 -global: - defaultPodDisruptionBudget: - enabled: true {{- else }} extraContainerArgs: - --leader-elect=false {{- end }} + {{- with index .Values "istio" "kiali-server" }} kiali-server: {{- toYaml . | nindent 2 }} {{- end }} + {{- with .Values.istio.rateLimiting }} rateLimiting: {{- toYaml . | nindent 2 }} diff --git a/charts/kubezero/values.yaml b/charts/kubezero/values.yaml index 2a20af5f..65d10005 100644 --- a/charts/kubezero/values.yaml +++ b/charts/kubezero/values.yaml @@ -5,9 +5,15 @@ kubezero: gitSync: {} global: - highAvailable: false clusterName: zdt-trial-cluster + + # platform: aws (kubeadm), gke, or nocloud ( default ) + platform: "nocloud" + + highAvailable: false + aws: {} + gcp: {} addons: enabled: true @@ -37,7 +43,7 @@ network: cert-manager: enabled: false namespace: cert-manager - targetRevision: 0.9.8 + targetRevision: 0.9.9 storage: enabled: false @@ -58,13 +64,13 @@ storage: istio: enabled: false namespace: istio-system - targetRevision: 0.22.3 + targetRevision: 0.22.3-1 istio-ingress: enabled: false chart: kubezero-istio-gateway namespace: istio-ingress - targetRevision: 0.22.3 + targetRevision: 0.22.3-1 gateway: service: {} @@ -72,7 +78,7 @@ istio-private-ingress: enabled: false chart: kubezero-istio-gateway namespace: istio-ingress - targetRevision: 0.22.3 + targetRevision: 0.22.3-1 gateway: service: {}