diff --git a/admin/upgrade_cluster.sh b/admin/upgrade_cluster.sh index c3796c8..ecec0c2 100755 --- a/admin/upgrade_cluster.sh +++ b/admin/upgrade_cluster.sh @@ -138,7 +138,7 @@ waitSystemPodsRunning argo_used && disable_argo -all_nodes_upgrade "nsenter -m/hostproc/1/ns/mnt mount --make-shared /sys/fs/cgroup; mount --make-shared /sys; sleep 3;" +all_nodes_upgrade "nsenter -m/hostproc/1/ns/mnt mount --make-shared /sys/fs/cgroup; nsenter -m/hostproc/1/ns/mnt mount --make-shared /sys; nsenter -r/host /usr/bin/podman image prune -a -f;" control_plane_upgrade kubeadm_upgrade @@ -155,6 +155,9 @@ kubectl delete daemonset metrics-prometheus-node-exporter -n monitoring || true # AWS EBS CSI driver change their fsGroupPolicy kubectl delete CSIDriver ebs.csi.aws.com || true +# Delete external-dns deployment as upstream changed strategy to 'recreate' +kubectl delete deployment addons-external-dns -n kube-system || true + control_plane_upgrade "apply_network, apply_addons, apply_storage" kubectl rollout restart daemonset/calico-node -n kube-system @@ -165,8 +168,17 @@ echo "Checking that all pods in kube-system are running ..." waitSystemPodsRunning echo "Applying remaining KubeZero modules..." + +# Delete outdated cert-manager CRDs, otherwise serverside apply will fail +for c in certificaterequests.cert-manager.io certificates.cert-manager.io challenges.acme.cert-manager.io clusterissuers.cert-manager.io issuers.cert-manager.io orders.acme.cert-manager.io; do + kubectl delete crd $c +done + control_plane_upgrade "apply_cert-manager, apply_istio, apply_istio-ingress, apply_istio-private-ingress, apply_logging, apply_metrics, apply_argocd" +# delete legace ArgCD controller which is now a statefulSet +kubectl delete deployment argocd-application-controller -n argocd || true + # Final step is to commit the new argocd kubezero app kubectl get app kubezero -n argocd -o yaml | yq 'del(.status) | del(.metadata) | del(.operation) | .metadata.name="kubezero" | .metadata.namespace="argocd"' | yq 'sort_keys(..) | .spec.source.helm.values |= (from_yaml | to_yaml)' > $ARGO_APP diff --git a/charts/kubezero-addons/Chart.yaml b/charts/kubezero-addons/Chart.yaml index 255dd1f..27d69f4 100644 --- a/charts/kubezero-addons/Chart.yaml +++ b/charts/kubezero-addons/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: kubezero-addons description: KubeZero umbrella chart for various optional cluster addons type: application -version: 0.6.2 +version: 0.6.3 appVersion: v1.23.11 home: https://kubezero.com icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png diff --git a/charts/kubezero-addons/README.md b/charts/kubezero-addons/README.md index f003329..d3d0527 100644 --- a/charts/kubezero-addons/README.md +++ b/charts/kubezero-addons/README.md @@ -1,6 +1,6 @@ # kubezero-addons -![Version: 0.6.2](https://img.shields.io/badge/Version-0.6.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v1.23.10](https://img.shields.io/badge/AppVersion-v1.23.10-informational?style=flat-square) +![Version: 0.6.3](https://img.shields.io/badge/Version-0.6.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v1.23.11](https://img.shields.io/badge/AppVersion-v1.23.11-informational?style=flat-square) KubeZero umbrella chart for various optional cluster addons @@ -70,9 +70,12 @@ Device plugin for [AWS Neuron](https://aws.amazon.com/machine-learning/neuron/) | cluster-autoscaler.autoDiscovery.clusterName | string | `""` | | | cluster-autoscaler.awsRegion | string | `"us-west-2"` | | | cluster-autoscaler.enabled | bool | `false` | | +| cluster-autoscaler.extraArgs.scan-interval | string | `"30s"` | | +| cluster-autoscaler.extraArgs.skip-nodes-with-local-storage | bool | `false` | | | cluster-autoscaler.nodeSelector."node-role.kubernetes.io/control-plane" | string | `""` | | | cluster-autoscaler.podDisruptionBudget | bool | `false` | | | cluster-autoscaler.prometheusRule.enabled | bool | `false` | | +| cluster-autoscaler.prometheusRule.interval | string | `"30"` | | | cluster-autoscaler.serviceMonitor.enabled | bool | `false` | | | cluster-autoscaler.serviceMonitor.interval | string | `"30s"` | | | cluster-autoscaler.tolerations[0].effect | string | `"NoSchedule"` | | diff --git a/charts/kubezero-addons/values.yaml b/charts/kubezero-addons/values.yaml index a8a6d1c..1c6bba9 100644 --- a/charts/kubezero-addons/values.yaml +++ b/charts/kubezero-addons/values.yaml @@ -123,10 +123,15 @@ cluster-autoscaler: prometheusRule: enabled: false + interval: "30" # Disable pdb for now podDisruptionBudget: false + extraArgs: + scan-interval: 30s + skip-nodes-with-local-storage: false + #securityContext: # runAsNonRoot: true @@ -170,7 +175,7 @@ external-dns: #logLevel: debug sources: - - service + - service #- istio-gateway provider: inmemory diff --git a/charts/kubezero-ci/Chart.yaml b/charts/kubezero-ci/Chart.yaml index e309a0c..cb49ced 100644 --- a/charts/kubezero-ci/Chart.yaml +++ b/charts/kubezero-ci/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: kubezero-ci description: KubeZero umbrella chart for all things CI type: application -version: 0.5.13 +version: 0.5.14 home: https://kubezero.com icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png keywords: @@ -26,11 +26,11 @@ dependencies: repository: https://dl.gitea.io/charts/ condition: gitea.enabled - name: jenkins - version: 4.2.1 + version: 4.2.6 repository: https://charts.jenkins.io condition: jenkins.enabled - name: trivy - version: 0.4.16 + version: 0.4.17 repository: https://aquasecurity.github.io/helm-charts/ condition: trivy.enabled diff --git a/charts/kubezero-ci/README.md b/charts/kubezero-ci/README.md index bfcbde8..0bf825b 100644 --- a/charts/kubezero-ci/README.md +++ b/charts/kubezero-ci/README.md @@ -1,6 +1,6 @@ # kubezero-ci -![Version: 0.5.13](https://img.shields.io/badge/Version-0.5.13-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) +![Version: 0.5.14](https://img.shields.io/badge/Version-0.5.14-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) KubeZero umbrella chart for all things CI @@ -18,9 +18,9 @@ Kubernetes: `>= 1.20.0` | Repository | Name | Version | |------------|------|---------| -| https://aquasecurity.github.io/helm-charts/ | trivy | 0.4.16 | +| https://aquasecurity.github.io/helm-charts/ | trivy | 0.4.17 | | https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.5 | -| https://charts.jenkins.io | jenkins | 4.2.1 | +| https://charts.jenkins.io | jenkins | 4.2.6 | | https://dl.gitea.io/charts/ | gitea | 5.0.9 | | https://gocd.github.io/helm-chart | gocd | 1.40.8 | @@ -95,13 +95,13 @@ Kubernetes: `>= 1.20.0` | jenkins.controller.initContainerResources.limits.memory | string | `"1024Mi"` | | | jenkins.controller.initContainerResources.requests.cpu | string | `"50m"` | | | jenkins.controller.initContainerResources.requests.memory | string | `"256Mi"` | | -| jenkins.controller.installPlugins[0] | string | `"kubernetes:3704.va_08f0206b_95e"` | | +| jenkins.controller.installPlugins[0] | string | `"kubernetes:3706.vdfb_d599579f3"` | | | jenkins.controller.installPlugins[1] | string | `"workflow-aggregator:581.v0c46fa_697ffd"` | | -| jenkins.controller.installPlugins[2] | string | `"git:4.11.5"` | | +| jenkins.controller.installPlugins[2] | string | `"git:4.12.1"` | | | jenkins.controller.installPlugins[3] | string | `"configuration-as-code:1512.vb_79d418d5fc8"` | | | jenkins.controller.installPlugins[4] | string | `"antisamy-markup-formatter:2.7"` | | | jenkins.controller.installPlugins[5] | string | `"prometheus:2.0.11"` | | -| jenkins.controller.installPlugins[6] | string | `"htmlpublisher:1.30"` | | +| jenkins.controller.installPlugins[6] | string | `"htmlpublisher:1.31"` | | | jenkins.controller.installPlugins[7] | string | `"build-discarder:139.v05696a_7fe240"` | | | jenkins.controller.installPlugins[8] | string | `"dark-theme:245.vb_a_2b_b_010ea_96"` | | | jenkins.controller.installPlugins[9] | string | `"kubernetes-credentials-provider:1.196.va_55f5e31e3c2"` | | @@ -112,7 +112,7 @@ Kubernetes: `>= 1.20.0` | jenkins.controller.resources.limits.memory | string | `"4096Mi"` | | | jenkins.controller.resources.requests.cpu | string | `"250m"` | | | jenkins.controller.resources.requests.memory | string | `"1280Mi"` | | -| jenkins.controller.tag | string | `"2.362-alpine-jdk17"` | | +| jenkins.controller.tag | string | `"2.370-alpine-jdk17"` | | | jenkins.controller.testEnabled | bool | `false` | | | jenkins.enabled | bool | `false` | | | jenkins.istio.agent.enabled | bool | `false` | | diff --git a/charts/kubezero-ci/values.yaml b/charts/kubezero-ci/values.yaml index 91dff8d..ec3b5d4 100644 --- a/charts/kubezero-ci/values.yaml +++ b/charts/kubezero-ci/values.yaml @@ -69,7 +69,7 @@ jenkins: enabled: false controller: - tag: 2.362-alpine-jdk17 + tag: 2.370-alpine-jdk17 #tagLabel: alpine disableRememberMe: true prometheus: @@ -114,13 +114,13 @@ jenkins: numToKeepStr: "10" installPlugins: - - kubernetes:3704.va_08f0206b_95e + - kubernetes:3706.vdfb_d599579f3 - workflow-aggregator:581.v0c46fa_697ffd - - git:4.11.5 + - git:4.12.1 - configuration-as-code:1512.vb_79d418d5fc8 - antisamy-markup-formatter:2.7 - prometheus:2.0.11 - - htmlpublisher:1.30 + - htmlpublisher:1.31 - build-discarder:139.v05696a_7fe240 - dark-theme:245.vb_a_2b_b_010ea_96 - kubernetes-credentials-provider:1.196.va_55f5e31e3c2 diff --git a/charts/kubezero-logging/Chart.yaml b/charts/kubezero-logging/Chart.yaml index cdf6075..dadb87c 100644 --- a/charts/kubezero-logging/Chart.yaml +++ b/charts/kubezero-logging/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: kubezero-logging description: KubeZero Umbrella Chart for complete EFK stack type: application -version: 0.8.2 +version: 0.8.3 appVersion: 1.6.0 home: https://kubezero.com icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png diff --git a/charts/kubezero-logging/README.md b/charts/kubezero-logging/README.md index a4103ac..26ff9bf 100644 --- a/charts/kubezero-logging/README.md +++ b/charts/kubezero-logging/README.md @@ -1,6 +1,6 @@ # kubezero-logging -![Version: 0.8.2](https://img.shields.io/badge/Version-0.8.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.6.0](https://img.shields.io/badge/AppVersion-1.6.0-informational?style=flat-square) +![Version: 0.8.3](https://img.shields.io/badge/Version-0.8.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.6.0](https://img.shields.io/badge/AppVersion-1.6.0-informational?style=flat-square) KubeZero Umbrella Chart for complete EFK stack @@ -96,10 +96,7 @@ Kubernetes: `>= 1.20.0` | fluent-bit.serviceMonitor.enabled | bool | `false` | | | fluent-bit.serviceMonitor.selector.release | string | `"metrics"` | | | fluent-bit.tolerations[0].effect | string | `"NoSchedule"` | | -| fluent-bit.tolerations[0].key | string | `"node-role.kubernetes.io/master"` | | -| fluent-bit.tolerations[1].effect | string | `"NoSchedule"` | | -| fluent-bit.tolerations[1].key | string | `"kubezero-workergroup"` | | -| fluent-bit.tolerations[1].operator | string | `"Exists"` | | +| fluent-bit.tolerations[0].operator | string | `"Exists"` | | | fluentd.dashboards.enabled | bool | `false` | | | fluentd.enabled | bool | `false` | | | fluentd.env[0].name | string | `"FLUENTD_CONF"` | | diff --git a/charts/kubezero-logging/values.yaml b/charts/kubezero-logging/values.yaml index 0e1968d..55399df 100644 --- a/charts/kubezero-logging/values.yaml +++ b/charts/kubezero-logging/values.yaml @@ -257,11 +257,8 @@ fluent-bit: #dnsPolicy: ClusterFirstWithHostNet tolerations: - - key: node-role.kubernetes.io/master - effect: NoSchedule - - key: kubezero-workergroup - effect: NoSchedule - operator: Exists + - effect: NoSchedule + operator: Exists resources: requests: diff --git a/charts/kubezero-metrics/README.md b/charts/kubezero-metrics/README.md index 2e20e64..fb24852 100644 --- a/charts/kubezero-metrics/README.md +++ b/charts/kubezero-metrics/README.md @@ -1,6 +1,6 @@ # kubezero-metrics -![Version: 0.8.1](https://img.shields.io/badge/Version-0.8.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) +![Version: 0.8.5](https://img.shields.io/badge/Version-0.8.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) KubeZero Umbrella Chart for Prometheus, Grafana and Alertmanager as well as all Kubernetes integrations. @@ -18,7 +18,7 @@ Kubernetes: `>= 1.20.0` | Repository | Name | Version | |------------|------|---------| -| | kube-prometheus-stack | 39.9.0 | +| | kube-prometheus-stack | 40.0.0 | | | prometheus-pushgateway | 1.18.2 | | https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.5 | | https://prometheus-community.github.io/helm-charts | prometheus-adapter | 3.4.0 | diff --git a/charts/kubezero-network/README.md b/charts/kubezero-network/README.md index 2cde126..dfbb211 100644 --- a/charts/kubezero-network/README.md +++ b/charts/kubezero-network/README.md @@ -1,6 +1,6 @@ # kubezero-network -![Version: 0.3.3](https://img.shields.io/badge/Version-0.3.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) +![Version: 0.3.4](https://img.shields.io/badge/Version-0.3.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) KubeZero umbrella chart for all things network @@ -28,16 +28,18 @@ Kubernetes: `>= 1.20.0` | Key | Type | Default | Description | |-----|------|---------|-------------| | calico.enabled | bool | `false` | | +| cilium.bpf.hostLegacyRouting | bool | `true` | | | cilium.cgroup.autoMount.enabled | bool | `false` | | | cilium.cgroup.hostRoot | string | `"/sys/fs/cgroup"` | | -| cilium.cluster.id | int | `1` | | +| cilium.cluster.id | int | `240` | | | cilium.cluster.name | string | `"default"` | | | cilium.cni.binPath | string | `"/usr/libexec/cni"` | | +| cilium.cni.chainingMode | string | `"generic-veth"` | | | cilium.cni.exclusive | bool | `false` | | | cilium.containerRuntime.integration | string | `"crio"` | | | cilium.enabled | bool | `false` | | | cilium.hubble.enabled | bool | `false` | | -| cilium.ipam.operator.clusterPoolIPv4PodCIDRList[0] | string | `"10.1.0.0/16"` | | +| cilium.ipam.operator.clusterPoolIPv4PodCIDRList[0] | string | `"10.240.0.0/16"` | | | cilium.l2NeighDiscovery.enabled | bool | `false` | | | cilium.l7Proxy | bool | `false` | | | cilium.nodePort.enabled | bool | `false` | | @@ -45,7 +47,7 @@ Kubernetes: `>= 1.20.0` | cilium.operator.replicas | int | `1` | | | cilium.operator.tolerations[0].effect | string | `"NoSchedule"` | | | cilium.operator.tolerations[0].key | string | `"node-role.kubernetes.io/master"` | | -| cilium.policyEnforcementMode | string | `"audit"` | | +| cilium.policyEnforcementMode | string | `"never"` | | | cilium.prometheus.enabled | bool | `false` | | | cilium.prometheus.port | int | `9091` | | | cilium.securityContext.privileged | bool | `true` | | diff --git a/charts/kubezero-storage/README.md b/charts/kubezero-storage/README.md index 6aa1979..601ce88 100644 --- a/charts/kubezero-storage/README.md +++ b/charts/kubezero-storage/README.md @@ -1,6 +1,6 @@ # kubezero-storage -![Version: 0.7.0](https://img.shields.io/badge/Version-0.7.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) +![Version: 0.7.1](https://img.shields.io/badge/Version-0.7.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) KubeZero umbrella chart for all things storage incl. AWS EBS/EFS, openEBS-lvm, gemini @@ -18,7 +18,7 @@ Kubernetes: `>= 1.20.0` | Repository | Name | Version | |------------|------|---------| -| | aws-ebs-csi-driver | 2.10.1 | +| | aws-ebs-csi-driver | 2.11.0 | | | aws-efs-csi-driver | 2.2.7 | | | gemini | 1.0.0 | | | lvm-localpv | 1.0.0 | diff --git a/charts/kubezero/README.md b/charts/kubezero/README.md index 4bfb0ad..5924217 100644 --- a/charts/kubezero/README.md +++ b/charts/kubezero/README.md @@ -24,12 +24,13 @@ Kubernetes: `>= 1.20.0` | Key | Type | Default | Description | |-----|------|---------|-------------| -| addons.aws-node-termination-handler | object | `{}` | | -| addons.clusterBackup | object | `{}` | | +| addons.aws-node-termination-handler.enabled | bool | `false` | | +| addons.cluster-autoscaler.enabled | bool | `false` | | +| addons.clusterBackup.enabled | bool | `false` | | | addons.enabled | bool | `true` | | -| addons.external-dns | object | `{}` | | -| addons.forseti | object | `{}` | | -| addons.targetRevision | string | `"0.6.2"` | | +| addons.external-dns.enabled | bool | `false` | | +| addons.forseti.enabled | bool | `false` | | +| addons.targetRevision | string | `"0.6.3"` | | | argocd.enabled | bool | `false` | | | argocd.istio.enabled | bool | `false` | | | argocd.namespace | string | `"argocd"` | | @@ -58,7 +59,7 @@ Kubernetes: `>= 1.20.0` | kubezero.server | string | `"https://kubernetes.default.svc"` | | | logging.enabled | bool | `false` | | | logging.namespace | string | `"logging"` | | -| logging.targetRevision | string | `"0.8.2"` | | +| logging.targetRevision | string | `"0.8.3"` | | | metrics.enabled | bool | `false` | | | metrics.istio.grafana | object | `{}` | | | metrics.istio.prometheus | object | `{}` | | @@ -67,7 +68,7 @@ Kubernetes: `>= 1.20.0` | network.cilium.cluster | object | `{}` | | | network.enabled | bool | `true` | | | network.retain | bool | `true` | | -| network.targetRevision | string | `"0.3.3"` | | +| network.targetRevision | string | `"0.3.4"` | | | storage.aws-ebs-csi-driver.enabled | bool | `false` | | | storage.aws-efs-csi-driver.enabled | bool | `false` | | | storage.enabled | bool | `false` | | diff --git a/charts/kubezero/templates/addons.yaml b/charts/kubezero/templates/addons.yaml index 124e2d1..1362e86 100644 --- a/charts/kubezero/templates/addons.yaml +++ b/charts/kubezero/templates/addons.yaml @@ -92,8 +92,9 @@ cluster-autoscaler: {{- with .Values.metrics }} serviceMonitor: enabled: {{ .enabled }} - prometheusRule: - enabled: {{ .enabled }} + # Buggy atm due to integer vs. string issue + # prometheusRule: + # enabled: {{ .enabled }} {{- end }} {{- if .Values.global.aws }} diff --git a/charts/kubezero/values.yaml b/charts/kubezero/values.yaml index 70d8637..df63ec1 100644 --- a/charts/kubezero/values.yaml +++ b/charts/kubezero/values.yaml @@ -10,7 +10,7 @@ global: addons: enabled: true - targetRevision: 0.6.2 + targetRevision: 0.6.3 external-dns: enabled: false forseti: @@ -74,7 +74,7 @@ metrics: logging: enabled: false namespace: logging - targetRevision: 0.8.2 + targetRevision: 0.8.3 argocd: enabled: false