Compare commits
32 Commits
78d788eaa1
...
ef27447550
Author | SHA1 | Date |
---|---|---|
Renovate Bot | ef27447550 | |
Stefan Reimer | 5116e52bc9 | |
Stefan Reimer | 26d59f63da | |
Stefan Reimer | 8c2ef9cf2c | |
Stefan Reimer | 9fed97db49 | |
Stefan Reimer | 588e50f56e | |
Stefan Reimer | 908055bd36 | |
Renovate Bot | 7b153ac7cc | |
Renovate Bot | 3e1d8e9c3e | |
Stefan Reimer | 78639b623a | |
Stefan Reimer | 4e9c147b7e | |
Stefan Reimer | 64d76c283a | |
Renovate Bot | 71f909e49e | |
Stefan Reimer | ed4a47dcec | |
Stefan Reimer | 3ab37e7a7b | |
Stefan Reimer | 798c3cba57 | |
Renovate Bot | 3b536f7c44 | |
Renovate Bot | 69e132c857 | |
Stefan Reimer | 53f0bbffb6 | |
Stefan Reimer | b0a6326a09 | |
Stefan Reimer | 358042d38b | |
Stefan Reimer | 22b774c939 | |
Renovate Bot | 71061475c8 | |
Stefan Reimer | 3ea16b311b | |
Stefan Reimer | 46e115e4f5 | |
Stefan Reimer | e55f986de8 | |
Stefan Reimer | 9ed2dbca96 | |
Renovate Bot | fcd2192cb4 | |
Renovate Bot | 8aa50e4129 | |
Renovate Bot | 48e381cb0f | |
Renovate Bot | cfda9b6a92 | |
Renovate Bot | 1a0bd7f312 |
|
@ -3,7 +3,7 @@ ARG ALPINE_VERSION=3.19
|
|||
FROM docker.io/alpine:${ALPINE_VERSION}
|
||||
|
||||
ARG ALPINE_VERSION
|
||||
ARG KUBE_VERSION=1.27
|
||||
ARG KUBE_VERSION=1.28.8
|
||||
|
||||
RUN cd /etc/apk/keys && \
|
||||
wget "https://cdn.zero-downtime.net/alpine/stefan@zero-downtime.net-61bb6bfb.rsa.pub" && \
|
||||
|
|
14
README.md
14
README.md
|
@ -28,15 +28,15 @@ KubeZero is distributed as a collection of versioned Helm charts, allowing custo
|
|||
gantt
|
||||
title KubeZero Support Timeline
|
||||
dateFormat YYYY-MM-DD
|
||||
section 1.25
|
||||
beta :125b, 2023-03-01, 2023-03-31
|
||||
release :after 125b, 2023-08-01
|
||||
section 1.26
|
||||
beta :126b, 2023-06-01, 2023-06-30
|
||||
release :after 126b, 2023-11-01
|
||||
section 1.27
|
||||
beta :127b, 2023-09-01, 2023-09-30
|
||||
release :after 127b, 2024-02-01
|
||||
release :after 127b, 2024-04-30
|
||||
section 1.28
|
||||
beta :128b, 2024-03-01, 2024-04-30
|
||||
release :after 128b, 2024-08-31
|
||||
section 1.29
|
||||
beta :129b, 2024-07-01, 2024-08-30
|
||||
release :after 129b, 2024-11-30
|
||||
```
|
||||
|
||||
[Upstream release policy](https://kubernetes.io/releases/)
|
||||
|
|
|
@ -4,7 +4,7 @@
|
|||
API_VERSIONS="-a monitoring.coreos.com/v1 -a snapshot.storage.k8s.io/v1 -a policy/v1/PodDisruptionBudget"
|
||||
|
||||
#VERSION="latest"
|
||||
VERSION="v1.27"
|
||||
VERSION="v1.28"
|
||||
|
||||
# Waits for max 300s and retries
|
||||
function wait_for() {
|
||||
|
@ -211,8 +211,7 @@ spec:
|
|||
hostIPC: true
|
||||
hostPID: true
|
||||
tolerations:
|
||||
- key: node-role.kubernetes.io/control-plane
|
||||
operator: Exists
|
||||
- operator: Exists
|
||||
effect: NoSchedule
|
||||
initContainers:
|
||||
- name: node-upgrade
|
||||
|
|
|
@ -8,27 +8,11 @@ import yaml
|
|||
def migrate(values):
|
||||
"""Actual changes here"""
|
||||
|
||||
# Cleanup
|
||||
values.pop("Domain", None)
|
||||
values.pop("clusterName", None)
|
||||
if "addons" in values:
|
||||
if not values["addons"]:
|
||||
values.pop("addons")
|
||||
|
||||
# fix argoCD CM
|
||||
# argoCD moves to argo module
|
||||
try:
|
||||
if not values["argocd"]["configs"]["cm"]["url"].startswith("http"):
|
||||
values["argocd"]["configs"]["cm"]["url"] = "https://" + values["argocd"]["configs"]["cm"]["url"]
|
||||
except KeyError:
|
||||
pass
|
||||
|
||||
# migrate eck operator to new operator module
|
||||
try:
|
||||
if values["logging"]["eck-operator"]["enabled"]:
|
||||
if "operators" not in values:
|
||||
values["operators"] = { "enabled": True }
|
||||
values["operators"]["eck-operator"] = { "enabled": True }
|
||||
values["logging"].pop("eck-operator", None)
|
||||
if values["argocd"]["enabled"]:
|
||||
values["argo"] = { "enabled": True, "argo-cd": values["argocd"] }
|
||||
values.pop("argocd")
|
||||
except KeyError:
|
||||
pass
|
||||
|
||||
|
|
|
@ -23,52 +23,22 @@ control_plane_upgrade kubeadm_upgrade
|
|||
# shellcheck disable=SC2015
|
||||
#argo_used && kubectl edit app kubezero -n argocd || kubectl edit cm kubezero-values -n kube-system
|
||||
|
||||
# v1.27
|
||||
# We need to restore the network ready file as cilium decided to rename it
|
||||
control_plane_upgrade apply_network
|
||||
|
||||
echo "Wait for all CNI agents to be running ..."
|
||||
kubectl rollout status ds/cilium -n kube-system --timeout=300s
|
||||
|
||||
all_nodes_upgrade "cd /host/etc/cni/net.d && ln -s 05-cilium.conflist 05-cilium.conf || true"
|
||||
# v1.27
|
||||
|
||||
# now the rest
|
||||
control_plane_upgrade "apply_addons, apply_storage, apply_operators"
|
||||
|
||||
# v1.27
|
||||
# Remove legacy eck-operator as part of logging if running
|
||||
kubectl delete statefulset elastic-operator -n logging || true
|
||||
# v1.27
|
||||
# upgrade modules
|
||||
control_plane_upgrade "apply_network apply_addons, apply_storage, apply_operators"
|
||||
|
||||
echo "Checking that all pods in kube-system are running ..."
|
||||
waitSystemPodsRunning
|
||||
|
||||
echo "Applying remaining KubeZero modules..."
|
||||
|
||||
# v1.27
|
||||
### Cleanup of some deprecated Istio Crds
|
||||
for crd in clusterrbacconfigs.rbac.istio.io rbacconfigs.rbac.istio.io servicerolebindings.rbac.istio.io serviceroles.rbac.istio.io; do
|
||||
kubectl delete crds $crd || true
|
||||
done
|
||||
### v1.28
|
||||
# - remove old argocd app, all resources will be taken over by argo.argo-cd
|
||||
kubectl patch app argocd -n argocd \
|
||||
--type json \
|
||||
--patch='[ { "op": "remove", "path": "/metadata/finalizers" } ]' && \
|
||||
kubectl delete app argocd -n argocd || true
|
||||
|
||||
# Cleanup of some legacy node labels and annotations
|
||||
controllers=$(kubectl get nodes -l node-role.kubernetes.io/control-plane -o json | jq .items[].metadata.name -r)
|
||||
for c in $controllers; do
|
||||
for l in projectcalico.org/IPv4VXLANTunnelAddr projectcalico.org/IPv4Address; do
|
||||
kubectl annotate node $c ${l}-
|
||||
done
|
||||
kubectl label node $c topology.ebs.csi.aws.com/zone-
|
||||
done
|
||||
|
||||
# Fix for legacy cert-manager CRDs to be upgraded
|
||||
for crd_name in certificaterequests.cert-manager.io certificates.cert-manager.io challenges.acme.cert-manager.io clusterissuers.cert-manager.io issuers.cert-manager.io orders.acme.cert-manager.io; do
|
||||
manager_index="$(kubectl get crd "${crd_name}" --show-managed-fields --output json | jq -r '.metadata.managedFields | map(.manager == "cainjector") | index(true)')"
|
||||
[ "$manager_index" != "null" ] && kubectl patch crd "${crd_name}" --type=json -p="[{\"op\": \"remove\", \"path\": \"/metadata/managedFields/${manager_index}\"}]"
|
||||
done
|
||||
# v1.27
|
||||
|
||||
control_plane_upgrade "apply_cert-manager, apply_istio, apply_istio-ingress, apply_istio-private-ingress, apply_logging, apply_metrics, apply_telemetry, apply_argocd"
|
||||
control_plane_upgrade "apply_cert-manager, apply_istio, apply_istio-ingress, apply_istio-private-ingress, apply_logging, apply_metrics, apply_telemetry, apply_argo"
|
||||
|
||||
# Trigger backup of upgraded cluster state
|
||||
kubectl create job --from=cronjob/kubezero-backup kubezero-backup-$VERSION -n kube-system
|
||||
|
|
|
@ -2,7 +2,7 @@ apiVersion: v2
|
|||
name: kubeadm
|
||||
description: KubeZero Kubeadm cluster config
|
||||
type: application
|
||||
version: 1.27.8
|
||||
version: 1.28.8
|
||||
home: https://kubezero.com
|
||||
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
||||
keywords:
|
||||
|
|
|
@ -9,7 +9,7 @@ networking:
|
|||
podSubnet: 10.244.0.0/16
|
||||
etcd:
|
||||
local:
|
||||
# imageTag: 3.5.5-0
|
||||
# imageTag: 3.5.12-0
|
||||
extraArgs:
|
||||
### DNS discovery
|
||||
#discovery-srv: {{ .Values.domain }}
|
||||
|
@ -73,6 +73,7 @@ apiServer:
|
|||
{{- end }}
|
||||
{{- if .Values.api.awsIamAuth.enabled }}
|
||||
authentication-token-webhook-config-file: /etc/kubernetes/apiserver/aws-iam-authenticator.yaml
|
||||
authentication-token-webhook-cache-ttl: 3600s
|
||||
{{- end }}
|
||||
feature-gates: {{ include "kubeadm.featuregates" ( dict "return" "csv" ) | trimSuffix "," | quote }}
|
||||
enable-admission-plugins: DenyServiceExternalIPs,NodeRestriction,EventRateLimit,ExtendedResourceToleration
|
||||
|
|
|
@ -2,6 +2,6 @@ apiVersion: kubeproxy.config.k8s.io/v1alpha1
|
|||
kind: KubeProxyConfiguration
|
||||
# kube-proxy doesnt really support setting dynamic bind-address via config, replaced by cilium long-term anyways
|
||||
metricsBindAddress: "0.0.0.0:10249"
|
||||
# calico < 3.22.1 breaks starting with 1.23, see https://github.com/projectcalico/calico/issues/5011
|
||||
# we go Cilium anyways
|
||||
mode: "iptables"
|
||||
logging:
|
||||
format: json
|
||||
|
|
|
@ -1,9 +1,9 @@
|
|||
{{- /* Feature gates for all control plane components */ -}}
|
||||
{{- /* ToAdd: "PodAndContainerStatsFromCRI" */ -}}
|
||||
{{- /* Issues: "MemoryQoS" */ -}}
|
||||
{{- /* v1.28: "NodeSwap" */ -}}
|
||||
{{- /* v1.30?: "NodeSwap" */ -}}
|
||||
{{- /* v1.29: remove/beta now "SidecarContainers" */ -}}
|
||||
{{- define "kubeadm.featuregates" }}
|
||||
{{- $gates := list "CustomCPUCFSQuotaPeriod" }}
|
||||
{{- $gates := list "CustomCPUCFSQuotaPeriod" "SidecarContainers" "PodAndContainerStatsFromCRI" }}
|
||||
{{- if eq .return "csv" }}
|
||||
{{- range $key := $gates }}
|
||||
{{- $key }}=true,
|
||||
|
|
|
@ -117,7 +117,7 @@ spec:
|
|||
|
||||
containers:
|
||||
- name: aws-iam-authenticator
|
||||
image: public.ecr.aws/zero-downtime/aws-iam-authenticator:v0.6.11
|
||||
image: public.ecr.aws/zero-downtime/aws-iam-authenticator:v0.6.14
|
||||
args:
|
||||
- server
|
||||
- --backend-mode=CRD,MountedFile
|
||||
|
|
|
@ -2,8 +2,8 @@ apiVersion: v2
|
|||
name: kubezero-addons
|
||||
description: KubeZero umbrella chart for various optional cluster addons
|
||||
type: application
|
||||
version: 0.8.4
|
||||
appVersion: v1.27
|
||||
version: 0.8.5
|
||||
appVersion: v1.28
|
||||
home: https://kubezero.com
|
||||
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
||||
keywords:
|
||||
|
@ -20,24 +20,24 @@ maintainers:
|
|||
email: stefan@zero-downtime.net
|
||||
dependencies:
|
||||
- name: external-dns
|
||||
version: 1.13.1
|
||||
version: 1.14.3
|
||||
repository: https://kubernetes-sigs.github.io/external-dns/
|
||||
condition: external-dns.enabled
|
||||
- name: cluster-autoscaler
|
||||
version: 9.29.5
|
||||
version: 9.36.0
|
||||
repository: https://kubernetes.github.io/autoscaler
|
||||
condition: cluster-autoscaler.enabled
|
||||
- name: nvidia-device-plugin
|
||||
version: 0.14.2
|
||||
version: 0.14.5
|
||||
# https://github.com/NVIDIA/k8s-device-plugin
|
||||
repository: https://nvidia.github.io/k8s-device-plugin
|
||||
condition: nvidia-device-plugin.enabled
|
||||
- name: sealed-secrets
|
||||
version: 2.13.2
|
||||
version: 2.15.1
|
||||
repository: https://bitnami-labs.github.io/sealed-secrets
|
||||
condition: sealed-secrets.enabled
|
||||
- name: aws-node-termination-handler
|
||||
version: 0.22.0
|
||||
version: 0.23.0
|
||||
repository: "oci://public.ecr.aws/aws-ec2/helm"
|
||||
condition: aws-node-termination-handler.enabled
|
||||
- name: aws-eks-asg-rolling-update-handler
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# kubezero-addons
|
||||
|
||||
![Version: 0.8.4](https://img.shields.io/badge/Version-0.8.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v1.27](https://img.shields.io/badge/AppVersion-v1.27-informational?style=flat-square)
|
||||
![Version: 0.8.5](https://img.shields.io/badge/Version-0.8.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v1.28](https://img.shields.io/badge/AppVersion-v1.28-informational?style=flat-square)
|
||||
|
||||
KubeZero umbrella chart for various optional cluster addons
|
||||
|
||||
|
@ -18,12 +18,12 @@ Kubernetes: `>= 1.26.0`
|
|||
|
||||
| Repository | Name | Version |
|
||||
|------------|------|---------|
|
||||
| https://bitnami-labs.github.io/sealed-secrets | sealed-secrets | 2.13.2 |
|
||||
| https://kubernetes-sigs.github.io/external-dns/ | external-dns | 1.13.1 |
|
||||
| https://kubernetes.github.io/autoscaler | cluster-autoscaler | 9.29.5 |
|
||||
| https://nvidia.github.io/k8s-device-plugin | nvidia-device-plugin | 0.14.2 |
|
||||
| https://bitnami-labs.github.io/sealed-secrets | sealed-secrets | 2.15.1 |
|
||||
| https://kubernetes-sigs.github.io/external-dns/ | external-dns | 1.14.3 |
|
||||
| https://kubernetes.github.io/autoscaler | cluster-autoscaler | 9.36.0 |
|
||||
| https://nvidia.github.io/k8s-device-plugin | nvidia-device-plugin | 0.14.5 |
|
||||
| https://twin.github.io/helm-charts | aws-eks-asg-rolling-update-handler | 1.5.0 |
|
||||
| oci://public.ecr.aws/aws-ec2/helm | aws-node-termination-handler | 0.22.0 |
|
||||
| oci://public.ecr.aws/aws-ec2/helm | aws-node-termination-handler | 0.23.0 |
|
||||
|
||||
# MetalLB
|
||||
|
||||
|
@ -63,7 +63,7 @@ Device plugin for [AWS Neuron](https://aws.amazon.com/machine-learning/neuron/)
|
|||
| aws-eks-asg-rolling-update-handler.environmentVars[8].name | string | `"AWS_STS_REGIONAL_ENDPOINTS"` | |
|
||||
| aws-eks-asg-rolling-update-handler.environmentVars[8].value | string | `"regional"` | |
|
||||
| aws-eks-asg-rolling-update-handler.image.repository | string | `"twinproduction/aws-eks-asg-rolling-update-handler"` | |
|
||||
| aws-eks-asg-rolling-update-handler.image.tag | string | `"v1.8.2"` | |
|
||||
| aws-eks-asg-rolling-update-handler.image.tag | string | `"v1.8.3"` | |
|
||||
| aws-eks-asg-rolling-update-handler.nodeSelector."node-role.kubernetes.io/control-plane" | string | `""` | |
|
||||
| aws-eks-asg-rolling-update-handler.resources.limits.memory | string | `"128Mi"` | |
|
||||
| aws-eks-asg-rolling-update-handler.resources.requests.cpu | string | `"10m"` | |
|
||||
|
@ -102,7 +102,7 @@ Device plugin for [AWS Neuron](https://aws.amazon.com/machine-learning/neuron/)
|
|||
| aws-node-termination-handler.useProviderId | bool | `true` | |
|
||||
| awsNeuron.enabled | bool | `false` | |
|
||||
| awsNeuron.image.name | string | `"public.ecr.aws/neuron/neuron-device-plugin"` | |
|
||||
| awsNeuron.image.tag | string | `"2.12.5.0"` | |
|
||||
| awsNeuron.image.tag | string | `"2.19.16.0"` | |
|
||||
| cluster-autoscaler.autoDiscovery.clusterName | string | `""` | |
|
||||
| cluster-autoscaler.awsRegion | string | `"us-west-2"` | |
|
||||
| cluster-autoscaler.enabled | bool | `false` | |
|
||||
|
@ -111,7 +111,7 @@ Device plugin for [AWS Neuron](https://aws.amazon.com/machine-learning/neuron/)
|
|||
| cluster-autoscaler.extraArgs.scan-interval | string | `"30s"` | |
|
||||
| cluster-autoscaler.extraArgs.skip-nodes-with-local-storage | bool | `false` | |
|
||||
| cluster-autoscaler.image.repository | string | `"registry.k8s.io/autoscaling/cluster-autoscaler"` | |
|
||||
| cluster-autoscaler.image.tag | string | `"v1.27.3"` | |
|
||||
| cluster-autoscaler.image.tag | string | `"v1.28.2"` | |
|
||||
| cluster-autoscaler.nodeSelector."node-role.kubernetes.io/control-plane" | string | `""` | |
|
||||
| cluster-autoscaler.podDisruptionBudget | bool | `false` | |
|
||||
| cluster-autoscaler.prometheusRule.enabled | bool | `false` | |
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
apiVersion: v2
|
||||
appVersion: 1.20.0
|
||||
appVersion: 1.21.0
|
||||
description: A Helm chart for the AWS Node Termination Handler.
|
||||
home: https://github.com/aws/aws-node-termination-handler/
|
||||
icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png
|
||||
|
@ -21,4 +21,4 @@ name: aws-node-termination-handler
|
|||
sources:
|
||||
- https://github.com/aws/aws-node-termination-handler/
|
||||
type: application
|
||||
version: 0.22.0
|
||||
version: 0.23.0
|
||||
|
|
|
@ -119,7 +119,7 @@ The configuration in this table applies to AWS Node Termination Handler in queue
|
|||
| `checkASGTagBeforeDraining` | [DEPRECATED](Use `checkTagBeforeDraining` instead) If `true`, check that the instance is tagged with the `managedAsgTag` before draining the node. If `false`, disables calls ASG API. | `true` |
|
||||
| `managedAsgTag` | [DEPRECATED](Use `managedTag` instead) The node tag to check if `checkASGTagBeforeDraining` is `true`.
|
||||
| `useProviderId` | If `true`, fetch node name through Kubernetes node spec ProviderID instead of AWS event PrivateDnsHostname. | `false` |
|
||||
|
||||
| `topologySpreadConstraints` | [Topology Spread Constraints](https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/) for pod scheduling. Useful with a highly available deployment to reduce the risk of running multiple replicas on the same Node | `[]` |
|
||||
### IMDS Mode Configuration
|
||||
|
||||
The configuration in this table applies to AWS Node Termination Handler in IMDS mode.
|
||||
|
@ -174,6 +174,6 @@ The configuration in this table applies to AWS Node Termination Handler testing
|
|||
|
||||
## Metrics Endpoint Considerations
|
||||
|
||||
AWS Node Termination HAndler in IMDS mode runs as a DaemonSet with `useHostNetwork: true` by default. If the Prometheus server is enabled with `enablePrometheusServer: true` nothing else will be able to bind to the configured port (by default `prometheusServerPort: 9092`) in the root network namespace. Therefore, it will need to have a firewall/security group configured on the nodes to block access to the `/metrics` endpoint.
|
||||
AWS Node Termination Handler in IMDS mode runs as a DaemonSet with `useHostNetwork: true` by default. If the Prometheus server is enabled with `enablePrometheusServer: true` nothing else will be able to bind to the configured port (by default `prometheusServerPort: 9092`) in the root network namespace. Therefore, it will need to have a firewall/security group configured on the nodes to block access to the `/metrics` endpoint.
|
||||
|
||||
You can switch NTH in IMDS mode to run w/ `useHostNetwork: false`, but you will need to make sure that IMDSv1 is enabled or IMDSv2 IP hop count will need to be incremented to 2 (see the [IMDSv2 documentation](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html).
|
||||
|
|
|
@ -220,4 +220,8 @@ spec:
|
|||
tolerations:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.topologySpreadConstraints }}
|
||||
topologySpreadConstraints:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
|
|
@ -52,6 +52,8 @@ affinity: {}
|
|||
|
||||
tolerations: []
|
||||
|
||||
topologySpreadConstraints: []
|
||||
|
||||
# Extra environment variables
|
||||
extraEnv: []
|
||||
|
||||
|
|
|
@ -24,6 +24,7 @@ spec:
|
|||
volumeMounts:
|
||||
- name: host
|
||||
mountPath: /host
|
||||
readOnly: true
|
||||
- name: workdir
|
||||
mountPath: /tmp
|
||||
env:
|
||||
|
|
|
@ -54,7 +54,7 @@ aws-eks-asg-rolling-update-handler:
|
|||
enabled: false
|
||||
image:
|
||||
repository: twinproduction/aws-eks-asg-rolling-update-handler
|
||||
tag: v1.8.2
|
||||
tag: v1.8.3
|
||||
|
||||
environmentVars:
|
||||
- name: CLUSTER_NAME
|
||||
|
@ -107,7 +107,6 @@ aws-node-termination-handler:
|
|||
|
||||
fullnameOverride: "aws-node-termination-handler"
|
||||
|
||||
checkASGTagBeforeDraining: false
|
||||
# -- "zdt:kubezero:nth:${ClusterName}"
|
||||
managedTag: "zdt:kubezero:nth:${ClusterName}"
|
||||
|
||||
|
@ -161,7 +160,7 @@ awsNeuron:
|
|||
|
||||
image:
|
||||
name: public.ecr.aws/neuron/neuron-device-plugin
|
||||
tag: 2.12.5.0
|
||||
tag: 2.19.16.0
|
||||
|
||||
nvidia-device-plugin:
|
||||
enabled: false
|
||||
|
@ -201,7 +200,7 @@ cluster-autoscaler:
|
|||
|
||||
image:
|
||||
repository: registry.k8s.io/autoscaling/cluster-autoscaler
|
||||
tag: v1.27.3
|
||||
tag: v1.28.2
|
||||
|
||||
autoDiscovery:
|
||||
clusterName: ""
|
||||
|
|
|
@ -1,11 +1,12 @@
|
|||
apiVersion: v2
|
||||
description: KubeZero Argo - Events, Workflow, CD
|
||||
name: kubezero-argo
|
||||
version: 0.1.0
|
||||
version: 0.2.0
|
||||
home: https://kubezero.com
|
||||
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
||||
keywords:
|
||||
- kubezero
|
||||
- argocd
|
||||
- argo-events
|
||||
- argo-workflow
|
||||
maintainers:
|
||||
|
@ -17,7 +18,19 @@ dependencies:
|
|||
version: ">= 0.1.6"
|
||||
repository: https://cdn.zero-downtime.net/charts/
|
||||
- name: argo-events
|
||||
version: 2.4.3
|
||||
version: 2.4.4
|
||||
repository: https://argoproj.github.io/argo-helm
|
||||
condition: argo-events.enabled
|
||||
- name: argo-cd
|
||||
version: 6.7.3
|
||||
repository: https://argoproj.github.io/argo-helm
|
||||
condition: argo-cd.enabled
|
||||
- name: argocd-apps
|
||||
version: 2.0.0
|
||||
repository: https://argoproj.github.io/argo-helm
|
||||
condition: argo-cd.enabled
|
||||
- name: argocd-image-updater
|
||||
version: 0.9.6
|
||||
repository: https://argoproj.github.io/argo-helm
|
||||
condition: argocd-image-updater.enabled
|
||||
kubeVersion: ">= 1.26.0"
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# kubezero-argo
|
||||
|
||||
![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square)
|
||||
![Version: 0.2.0](https://img.shields.io/badge/Version-0.2.0-informational?style=flat-square)
|
||||
|
||||
KubeZero Argo - Events, Workflow, CD
|
||||
|
||||
|
@ -18,13 +18,48 @@ Kubernetes: `>= 1.26.0`
|
|||
|
||||
| Repository | Name | Version |
|
||||
|------------|------|---------|
|
||||
| https://argoproj.github.io/argo-helm | argo-events | 2.4.3 |
|
||||
| https://argoproj.github.io/argo-helm | argo-cd | 6.7.3 |
|
||||
| https://argoproj.github.io/argo-helm | argo-events | 2.4.4 |
|
||||
| https://argoproj.github.io/argo-helm | argocd-apps | 2.0.0 |
|
||||
| https://argoproj.github.io/argo-helm | argocd-image-updater | 0.9.6 |
|
||||
| https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.6 |
|
||||
|
||||
## Values
|
||||
|
||||
| Key | Type | Default | Description |
|
||||
|-----|------|---------|-------------|
|
||||
| argo-cd.applicationSet.enabled | bool | `false` | |
|
||||
| argo-cd.configs.cm."resource.customizations" | string | `"cert-manager.io/Certificate:\n # Lua script for customizing the health status assessment\n health.lua: |\n hs = {}\n if obj.status ~= nil then\n if obj.status.conditions ~= nil then\n for i, condition in ipairs(obj.status.conditions) do\n if condition.type == \"Ready\" and condition.status == \"False\" then\n hs.status = \"Degraded\"\n hs.message = condition.message\n return hs\n end\n if condition.type == \"Ready\" and condition.status == \"True\" then\n hs.status = \"Healthy\"\n hs.message = condition.message\n return hs\n end\n end\n end\n end\n hs.status = \"Progressing\"\n hs.message = \"Waiting for certificate\"\n return hs\n"` | |
|
||||
| argo-cd.configs.cm."timeout.reconciliation" | int | `300` | |
|
||||
| argo-cd.configs.cm."ui.bannercontent" | string | `"KubeZero v1.27 - Release notes"` | |
|
||||
| argo-cd.configs.cm."ui.bannerpermanent" | string | `"true"` | |
|
||||
| argo-cd.configs.cm."ui.bannerposition" | string | `"bottom"` | |
|
||||
| argo-cd.configs.cm."ui.bannerurl" | string | `"https://kubezero.com/releases/v1.27"` | |
|
||||
| argo-cd.configs.cm.url | string | `"https://argocd.example.com"` | |
|
||||
| argo-cd.configs.knownHosts.data.ssh_known_hosts | string | `"bitbucket.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPIQmuzMBuKdWeF4+a2sjSSpBK0iqitSQ+5BM9KhpexuGt20JpTVM7u5BDZngncgrqDMbWdxMWWOGtZ9UgbqgZE=\nbitbucket.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIazEu89wgQZ4bqs3d63QSMzYVa0MuJ2e2gKTKqu+UUO\nbitbucket.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDQeJzhupRu0u0cdegZIa8e86EG2qOCsIsD1Xw0xSeiPDlCr7kq97NLmMbpKTX6Esc30NuoqEEHCuc7yWtwp8dI76EEEB1VqY9QJq6vk+aySyboD5QF61I/1WeTwu+deCbgKMGbUijeXhtfbxSxm6JwGrXrhBdofTsbKRUsrN1WoNgUa8uqN1Vx6WAJw1JHPhglEGGHea6QICwJOAr/6mrui/oB7pkaWKHj3z7d1IC4KWLtY47elvjbaTlkN04Kc/5LFEirorGYVbt15kAUlqGM65pk6ZBxtaO3+30LVlORZkxOh+LKL/BvbZ/iRNhItLqNyieoQj/uh/7Iv4uyH/cV/0b4WDSd3DptigWq84lJubb9t/DnZlrJazxyDCulTmKdOR7vs9gMTo+uoIrPSb8ScTtvw65+odKAlBj59dhnVp9zd7QUojOpXlL62Aw56U4oO+FALuevvMjiWeavKhJqlR7i5n9srYcrNV7ttmDw7kf/97P5zauIhxcjX+xHv4M=\ngithub.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg=\ngithub.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl\ngithub.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==\ngitlab.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFSMqzJeV9rUzU4kWitGjeR4PWSa29SPqJ1fVkhtj3Hw9xjLVXVYrU9QlYWrOLXBpQ6KWjbjTDTdDkoohFzgbEY=\ngitlab.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAfuCHKVTjquxvt6CM6tdG4SLp1Btn/nOeHHE5UOzRdf\ngitlab.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bNKTBSpIYDEGk9KxsGh3mySTRgMtXL583qmBpzeQ+jqCMRgBqB98u3z++J1sKlXHWfM9dyhSevkMwSbhoR8XIq/U0tCNyokEi/ueaBMCvbcTHhO7FcwzY92WK4Yt0aGROY5qX2UKSeOvuP4D6TPqKF1onrSzH9bx9XUf2lEdWT/ia1NEKjunUqu1xOB/StKDHMoX4/OKyIzuS0q/T1zOATthvasJFoPrAjkohTyaDUz2LN5JoH839hViyEG82yB+MjcFV5MU3N1l1QL3cVUCh93xSaua1N85qivl+siMkPGbO5xR/En4iEY6K2XPASUEMaieWVNTRCtJ4S8H+9\ngit.zero-downtime.net ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC8YdJ4YcOK7A0K7qOWsRjCS+wHTStXRcwBe7gjG43HPSNijiCKoGf/c+tfNsRhyouawg7Law6M6ahmS/jKWBpznRIM+OdOFVSuhnK/nr6h6wG3/ZfdLicyAPvx1/STGY/Fc6/zXA88i/9PV+g84gSVmhf3fGY92wokiASiu9DU4T9dT1gIkdyOX6fbMi1/mMKLSrHnAQcjyasYDvw9ISCJ95EoSwbj7O4c+7jo9fxYvdCfZZZAEZGozTRLAAO0AnjVcRah7bZV/jfHJuhOipV/TB7UVAhlVv1dfGV7hoTp9UKtKZFJF4cjIrSGxqQA/mdhSdLgkepK7yc4Jp2xGnaarhY29DfqsQqop+ugFpTbj7Xy5Rco07mXc6XssbAZhI1xtCOX20N4PufBuYippCK5AE6AiAyVtJmvfGQk4HP+TjOyhFo7PZm3wc9Hym7IBBVC0Sl30K8ddufkAgHwNGvvu1ZmD9ZWaMOXJDHBCZGMMr16QREZwVtZTwMEQalc7/yqmuqMhmcJIfs/GA2Lt91y+pq9C8XyeUL0VFPch0vkcLSRe3ghMZpRFJ/ht307xPcLzgTJqN6oQtNNDzSQglSEjwhge2K4GyWcIh+oGsWxWz5dHyk1iJmw90Y976BZIl/mYVgbTtZAJ81oGe/0k5rAe+LDL+Yq6tG28QFOg0QmiQ==\n"` | |
|
||||
| argo-cd.configs.params."controller.operation.processors" | string | `"5"` | |
|
||||
| argo-cd.configs.params."controller.status.processors" | string | `"10"` | |
|
||||
| argo-cd.configs.params."server.enable.gzip" | bool | `true` | |
|
||||
| argo-cd.configs.params."server.insecure" | bool | `true` | |
|
||||
| argo-cd.configs.secret.createSecret | bool | `false` | |
|
||||
| argo-cd.configs.styles | string | `".sidebar__logo img { content: url(https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png); }\n.sidebar__logo__text-logo { height: 0em; }\n.sidebar { background: linear-gradient(to bottom, #6A4D79, #493558, #2D1B30, #0D0711); }\n"` | |
|
||||
| argo-cd.controller.metrics.enabled | bool | `false` | |
|
||||
| argo-cd.controller.metrics.serviceMonitor.enabled | bool | `true` | |
|
||||
| argo-cd.controller.resources.limits.memory | string | `"2048Mi"` | |
|
||||
| argo-cd.controller.resources.requests.cpu | string | `"100m"` | |
|
||||
| argo-cd.controller.resources.requests.memory | string | `"512Mi"` | |
|
||||
| argo-cd.dex.enabled | bool | `false` | |
|
||||
| argo-cd.enabled | bool | `false` | |
|
||||
| argo-cd.global.logging.format | string | `"json"` | |
|
||||
| argo-cd.istio.enabled | bool | `false` | |
|
||||
| argo-cd.istio.gateway | string | `"istio-ingress/ingressgateway"` | |
|
||||
| argo-cd.istio.ipBlocks | list | `[]` | |
|
||||
| argo-cd.notifications.enabled | bool | `false` | |
|
||||
| argo-cd.repoServer.metrics.enabled | bool | `false` | |
|
||||
| argo-cd.repoServer.metrics.serviceMonitor.enabled | bool | `true` | |
|
||||
| argo-cd.server.metrics.enabled | bool | `false` | |
|
||||
| argo-cd.server.metrics.serviceMonitor.enabled | bool | `true` | |
|
||||
| argo-cd.server.service.servicePortHttpsName | string | `"grpc"` | |
|
||||
| argo-events.configs.jetstream.settings.maxFileStore | int | `-1` | Maximum size of the file storage (e.g. 20G) |
|
||||
| argo-events.configs.jetstream.settings.maxMemoryStore | int | `-1` | Maximum size of the memory storage (e.g. 1G) |
|
||||
| argo-events.configs.jetstream.streamConfig.duplicates | string | `"300s"` | Not documented at the moment |
|
||||
|
@ -38,6 +73,20 @@ Kubernetes: `>= 1.26.0`
|
|||
| argo-events.configs.jetstream.versions[0].startCommand | string | `"/nats-server"` | |
|
||||
| argo-events.configs.jetstream.versions[0].version | string | `"2.10.11"` | |
|
||||
| argo-events.enabled | bool | `false` | |
|
||||
| argocd-apps.applications | object | `{}` | |
|
||||
| argocd-apps.enabled | bool | `false` | |
|
||||
| argocd-apps.projects | object | `{}` | |
|
||||
| argocd-image-updater.authScripts.enabled | bool | `true` | |
|
||||
| argocd-image-updater.authScripts.scripts."ecr-login.sh" | string | `"#!/bin/sh\naws ecr --region $AWS_REGION get-authorization-token --output text --query 'authorizationData[].authorizationToken' | base64 -d\n"` | |
|
||||
| argocd-image-updater.authScripts.scripts."ecr-public-login.sh" | string | `"#!/bin/sh\naws ecr-public --region us-east-1 get-authorization-token --output text --query 'authorizationData.authorizationToken' | base64 -d\n"` | |
|
||||
| argocd-image-updater.config.argocd.plaintext | bool | `true` | |
|
||||
| argocd-image-updater.enabled | bool | `false` | |
|
||||
| argocd-image-updater.fullnameOverride | string | `"argocd-image-updater"` | |
|
||||
| argocd-image-updater.metrics.enabled | bool | `false` | |
|
||||
| argocd-image-updater.metrics.serviceMonitor.enabled | bool | `true` | |
|
||||
| argocd-image-updater.sshConfig.config | string | `"Host *\n PubkeyAcceptedAlgorithms +ssh-rsa\n HostkeyAlgorithms +ssh-rsa\n"` | |
|
||||
|
||||
## Resources
|
||||
- https://argoproj.github.io/argo-cd/operator-manual/metrics/
|
||||
- https://raw.githubusercontent.com/argoproj/argo-cd/master/examples/dashboard.json
|
||||
|
||||
|
|
|
@ -16,4 +16,6 @@
|
|||
{{ template "chart.valuesSection" . }}
|
||||
|
||||
## Resources
|
||||
- https://argoproj.github.io/argo-cd/operator-manual/metrics/
|
||||
- https://raw.githubusercontent.com/argoproj/argo-cd/master/examples/dashboard.json
|
||||
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
{{- if .Values.istio.enabled }}
|
||||
{{- if .Values.istio.ipBlocks }}
|
||||
{{- if index .Values "argo-cd" "istio" "enabled" }}
|
||||
{{- if index .Values "argo-cd" "istio" "ipBlocks" }}
|
||||
apiVersion: security.istio.io/v1beta1
|
||||
kind: AuthorizationPolicy
|
||||
metadata:
|
||||
|
@ -16,7 +16,7 @@ spec:
|
|||
- from:
|
||||
- source:
|
||||
notIpBlocks:
|
||||
{{- toYaml .Values.istio.ipBlocks | nindent 8 }}
|
||||
{{- toYaml (index .Values "argo-cd" "istio" "ipBlocks") | nindent 8 }}
|
||||
to:
|
||||
- operation:
|
||||
hosts: [{{ index .Values "argo-cd" "configs" "cm" "url" | quote }}]
|
|
@ -1,4 +1,4 @@
|
|||
{{- if .Values.istio.enabled }}
|
||||
{{- if index .Values "argo-cd" "istio" "enabled" }}
|
||||
apiVersion: networking.istio.io/v1alpha3
|
||||
kind: VirtualService
|
||||
metadata:
|
||||
|
@ -8,7 +8,7 @@ metadata:
|
|||
{{- include "kubezero-lib.labels" . | nindent 4 }}
|
||||
spec:
|
||||
gateways:
|
||||
- {{ .Values.istio.gateway }}
|
||||
- {{ index .Values "argo-cd" "istio" "gateway" }}
|
||||
hosts:
|
||||
- {{ get (urlParse (index .Values "argo-cd" "configs" "cm" "url")) "host" }}
|
||||
http:
|
||||
|
@ -19,13 +19,13 @@ spec:
|
|||
prefix: argocd-client
|
||||
route:
|
||||
- destination:
|
||||
host: argocd-server
|
||||
host: argo-argocd-server
|
||||
port:
|
||||
number: 443
|
||||
- name: http
|
||||
route:
|
||||
- destination:
|
||||
host: argocd-server
|
||||
host: argo-argocd-server
|
||||
port:
|
||||
number: 80
|
||||
{{- end }}
|
|
@ -5,6 +5,6 @@
|
|||
update_helm
|
||||
|
||||
# Create ZDT dashboard configmap
|
||||
#../kubezero-metrics/sync_grafana_dashboards.py dashboards.yaml templates/grafana-dashboards.yaml
|
||||
../kubezero-metrics/sync_grafana_dashboards.py dashboards.yaml templates/argo-cd/grafana-dashboards.yaml
|
||||
|
||||
update_docs
|
||||
|
|
|
@ -30,3 +30,157 @@ argo-events:
|
|||
configReloaderImage: natsio/nats-server-config-reloader:0.14.1
|
||||
startCommand: /nats-server
|
||||
|
||||
|
||||
argocd-apps:
|
||||
enabled: false
|
||||
projects: {}
|
||||
applications: {}
|
||||
|
||||
argo-cd:
|
||||
enabled: false
|
||||
#configs:
|
||||
# secret:
|
||||
# `htpasswd -nbBC 10 "" $ARGO_PWD | tr -d ':\n' | sed 's/$2y/$2a/'`
|
||||
# argocdServerAdminPassword: "$2a$10$ivKzaXVxMqdeDSfS3nqi1Od3iDbnL7oXrixzDfZFRHlXHnAG6LydG"
|
||||
# argocdServerAdminPasswordMtime: "2020-04-24T15:33:09BST"
|
||||
|
||||
global:
|
||||
logging:
|
||||
format: json
|
||||
# image:
|
||||
# tag: v2.1.6
|
||||
|
||||
configs:
|
||||
styles: |
|
||||
.sidebar__logo img { content: url(https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png); }
|
||||
.sidebar__logo__text-logo { height: 0em; }
|
||||
.sidebar { background: linear-gradient(to bottom, #6A4D79, #493558, #2D1B30, #0D0711); }
|
||||
|
||||
cm:
|
||||
ui.bannercontent: "KubeZero v1.27 - Release notes"
|
||||
ui.bannerurl: "https://kubezero.com/releases/v1.27"
|
||||
ui.bannerpermanent: "true"
|
||||
ui.bannerposition: "bottom"
|
||||
|
||||
# argo-cd.server.config.url -- ArgoCD URL being exposed via Istio
|
||||
url: https://argocd.example.com
|
||||
|
||||
timeout.reconciliation: 300s
|
||||
|
||||
resource.customizations: |
|
||||
cert-manager.io/Certificate:
|
||||
# Lua script for customizing the health status assessment
|
||||
health.lua: |
|
||||
hs = {}
|
||||
if obj.status ~= nil then
|
||||
if obj.status.conditions ~= nil then
|
||||
for i, condition in ipairs(obj.status.conditions) do
|
||||
if condition.type == "Ready" and condition.status == "False" then
|
||||
hs.status = "Degraded"
|
||||
hs.message = condition.message
|
||||
return hs
|
||||
end
|
||||
if condition.type == "Ready" and condition.status == "True" then
|
||||
hs.status = "Healthy"
|
||||
hs.message = condition.message
|
||||
return hs
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
hs.status = "Progressing"
|
||||
hs.message = "Waiting for certificate"
|
||||
return hs
|
||||
|
||||
secret:
|
||||
createSecret: false
|
||||
|
||||
ssh:
|
||||
extraHosts: "git.zero-downtime.net ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC8YdJ4YcOK7A0K7qOWsRjCS+wHTStXRcwBe7gjG43HPSNijiCKoGf/c+tfNsRhyouawg7Law6M6ahmS/jKWBpznRIM+OdOFVSuhnK/nr6h6wG3/ZfdLicyAPvx1/STGY/Fc6/zXA88i/9PV+g84gSVmhf3fGY92wokiASiu9DU4T9dT1gIkdyOX6fbMi1/mMKLSrHnAQcjyasYDvw9ISCJ95EoSwbj7O4c+7jo9fxYvdCfZZZAEZGozTRLAAO0AnjVcRah7bZV/jfHJuhOipV/TB7UVAhlVv1dfGV7hoTp9UKtKZFJF4cjIrSGxqQA/mdhSdLgkepK7yc4Jp2xGnaarhY29DfqsQqop+ugFpTbj7Xy5Rco07mXc6XssbAZhI1xtCOX20N4PufBuYippCK5AE6AiAyVtJmvfGQk4HP+TjOyhFo7PZm3wc9Hym7IBBVC0Sl30K8ddufkAgHwNGvvu1ZmD9ZWaMOXJDHBCZGMMr16QREZwVtZTwMEQalc7/yqmuqMhmcJIfs/GA2Lt91y+pq9C8XyeUL0VFPch0vkcLSRe3ghMZpRFJ/ht307xPcLzgTJqN6oQtNNDzSQglSEjwhge2K4GyWcIh+oGsWxWz5dHyk1iJmw90Y976BZIl/mYVgbTtZAJ81oGe/0k5rAe+LDL+Yq6tG28QFOg0QmiQ=="
|
||||
|
||||
params:
|
||||
controller.status.processors: "10"
|
||||
controller.operation.processors: "5"
|
||||
|
||||
server.insecure: true
|
||||
server.enable.gzip: true
|
||||
|
||||
controller:
|
||||
metrics:
|
||||
enabled: false
|
||||
serviceMonitor:
|
||||
enabled: true
|
||||
|
||||
resources:
|
||||
limits:
|
||||
# cpu: 500m
|
||||
memory: 2048Mi
|
||||
requests:
|
||||
cpu: 100m
|
||||
memory: 512Mi
|
||||
|
||||
repoServer:
|
||||
metrics:
|
||||
enabled: false
|
||||
serviceMonitor:
|
||||
enabled: true
|
||||
|
||||
server:
|
||||
# Rename former https port to grpc, works with istio + insecure
|
||||
service:
|
||||
servicePortHttpsName: grpc
|
||||
metrics:
|
||||
enabled: false
|
||||
serviceMonitor:
|
||||
enabled: true
|
||||
|
||||
# redis:
|
||||
# We might want to try to keep redis close to the controller
|
||||
# affinity:
|
||||
|
||||
dex:
|
||||
enabled: false
|
||||
|
||||
applicationSet:
|
||||
enabled: false
|
||||
|
||||
notifications:
|
||||
enabled: false
|
||||
|
||||
# Support for Istio Ingress for ArgoCD
|
||||
istio:
|
||||
# istio.enabled -- Deploy Istio VirtualService to expose ArgoCD
|
||||
enabled: false
|
||||
# istio.gateway -- Name of the Istio gateway to add the VirtualService to
|
||||
gateway: istio-ingress/ingressgateway
|
||||
ipBlocks: []
|
||||
|
||||
argocd-image-updater:
|
||||
enabled: false
|
||||
|
||||
# Unify all ArgoCD pieces under the same argocd namespace
|
||||
fullnameOverride: argocd-image-updater
|
||||
|
||||
config:
|
||||
argocd:
|
||||
plaintext: true
|
||||
|
||||
metrics:
|
||||
enabled: false
|
||||
serviceMonitor:
|
||||
enabled: true
|
||||
|
||||
authScripts:
|
||||
enabled: true
|
||||
scripts:
|
||||
ecr-login.sh: |
|
||||
#!/bin/sh
|
||||
aws ecr --region $AWS_REGION get-authorization-token --output text --query 'authorizationData[].authorizationToken' | base64 -d
|
||||
ecr-public-login.sh: |
|
||||
#!/bin/sh
|
||||
aws ecr-public --region us-east-1 get-authorization-token --output text --query 'authorizationData.authorizationToken' | base64 -d
|
||||
sshConfig:
|
||||
config: |
|
||||
Host *
|
||||
PubkeyAcceptedAlgorithms +ssh-rsa
|
||||
HostkeyAlgorithms +ssh-rsa
|
||||
|
|
|
@ -1,29 +0,0 @@
|
|||
apiVersion: v2
|
||||
description: KubeZero ArgoCD - config, branding, image-updater (optional)
|
||||
name: kubezero-argocd
|
||||
version: 0.13.3
|
||||
home: https://kubezero.com
|
||||
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
||||
keywords:
|
||||
- kubezero
|
||||
- argocd
|
||||
- argocd-image-updater
|
||||
maintainers:
|
||||
- name: Stefan Reimer
|
||||
email: stefan@zero-downtime.net
|
||||
# Url: https://github.com/argoproj/argo-helm/tree/main/charts
|
||||
dependencies:
|
||||
- name: kubezero-lib
|
||||
version: ">= 0.1.6"
|
||||
repository: https://cdn.zero-downtime.net/charts/
|
||||
- name: argo-cd
|
||||
version: 5.51.4
|
||||
repository: https://argoproj.github.io/argo-helm
|
||||
- name: argocd-apps
|
||||
version: 1.4.1
|
||||
repository: https://argoproj.github.io/argo-helm
|
||||
- name: argocd-image-updater
|
||||
version: 0.9.1
|
||||
repository: https://argoproj.github.io/argo-helm
|
||||
condition: argocd-image-updater.enabled
|
||||
kubeVersion: ">= 1.26.0"
|
|
@ -1,74 +0,0 @@
|
|||
# kubezero-argocd
|
||||
|
||||
![Version: 0.13.3](https://img.shields.io/badge/Version-0.13.3-informational?style=flat-square)
|
||||
|
||||
KubeZero ArgoCD - config, branding, image-updater (optional)
|
||||
|
||||
**Homepage:** <https://kubezero.com>
|
||||
|
||||
## Maintainers
|
||||
|
||||
| Name | Email | Url |
|
||||
| ---- | ------ | --- |
|
||||
| Stefan Reimer | <stefan@zero-downtime.net> | |
|
||||
|
||||
## Requirements
|
||||
|
||||
Kubernetes: `>= 1.26.0`
|
||||
|
||||
| Repository | Name | Version |
|
||||
|------------|------|---------|
|
||||
| https://argoproj.github.io/argo-helm | argo-cd | 5.51.4 |
|
||||
| https://argoproj.github.io/argo-helm | argocd-apps | 1.4.1 |
|
||||
| https://argoproj.github.io/argo-helm | argocd-image-updater | 0.9.1 |
|
||||
| https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.6 |
|
||||
|
||||
## Values
|
||||
|
||||
| Key | Type | Default | Description |
|
||||
|-----|------|---------|-------------|
|
||||
| argo-cd.applicationSet.enabled | bool | `false` | |
|
||||
| argo-cd.configs.cm."resource.customizations" | string | `"cert-manager.io/Certificate:\n # Lua script for customizing the health status assessment\n health.lua: |\n hs = {}\n if obj.status ~= nil then\n if obj.status.conditions ~= nil then\n for i, condition in ipairs(obj.status.conditions) do\n if condition.type == \"Ready\" and condition.status == \"False\" then\n hs.status = \"Degraded\"\n hs.message = condition.message\n return hs\n end\n if condition.type == \"Ready\" and condition.status == \"True\" then\n hs.status = \"Healthy\"\n hs.message = condition.message\n return hs\n end\n end\n end\n end\n hs.status = \"Progressing\"\n hs.message = \"Waiting for certificate\"\n return hs\n"` | |
|
||||
| argo-cd.configs.cm."timeout.reconciliation" | int | `300` | |
|
||||
| argo-cd.configs.cm."ui.bannercontent" | string | `"KubeZero v1.27 - Release notes"` | |
|
||||
| argo-cd.configs.cm."ui.bannerpermanent" | string | `"true"` | |
|
||||
| argo-cd.configs.cm."ui.bannerposition" | string | `"bottom"` | |
|
||||
| argo-cd.configs.cm."ui.bannerurl" | string | `"https://kubezero.com/releases/v1.27"` | |
|
||||
| argo-cd.configs.cm.url | string | `"https://argocd.example.com"` | |
|
||||
| argo-cd.configs.knownHosts.data.ssh_known_hosts | string | `"bitbucket.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPIQmuzMBuKdWeF4+a2sjSSpBK0iqitSQ+5BM9KhpexuGt20JpTVM7u5BDZngncgrqDMbWdxMWWOGtZ9UgbqgZE=\nbitbucket.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIazEu89wgQZ4bqs3d63QSMzYVa0MuJ2e2gKTKqu+UUO\nbitbucket.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDQeJzhupRu0u0cdegZIa8e86EG2qOCsIsD1Xw0xSeiPDlCr7kq97NLmMbpKTX6Esc30NuoqEEHCuc7yWtwp8dI76EEEB1VqY9QJq6vk+aySyboD5QF61I/1WeTwu+deCbgKMGbUijeXhtfbxSxm6JwGrXrhBdofTsbKRUsrN1WoNgUa8uqN1Vx6WAJw1JHPhglEGGHea6QICwJOAr/6mrui/oB7pkaWKHj3z7d1IC4KWLtY47elvjbaTlkN04Kc/5LFEirorGYVbt15kAUlqGM65pk6ZBxtaO3+30LVlORZkxOh+LKL/BvbZ/iRNhItLqNyieoQj/uh/7Iv4uyH/cV/0b4WDSd3DptigWq84lJubb9t/DnZlrJazxyDCulTmKdOR7vs9gMTo+uoIrPSb8ScTtvw65+odKAlBj59dhnVp9zd7QUojOpXlL62Aw56U4oO+FALuevvMjiWeavKhJqlR7i5n9srYcrNV7ttmDw7kf/97P5zauIhxcjX+xHv4M=\ngithub.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg=\ngithub.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl\ngithub.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==\ngitlab.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFSMqzJeV9rUzU4kWitGjeR4PWSa29SPqJ1fVkhtj3Hw9xjLVXVYrU9QlYWrOLXBpQ6KWjbjTDTdDkoohFzgbEY=\ngitlab.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAfuCHKVTjquxvt6CM6tdG4SLp1Btn/nOeHHE5UOzRdf\ngitlab.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bNKTBSpIYDEGk9KxsGh3mySTRgMtXL583qmBpzeQ+jqCMRgBqB98u3z++J1sKlXHWfM9dyhSevkMwSbhoR8XIq/U0tCNyokEi/ueaBMCvbcTHhO7FcwzY92WK4Yt0aGROY5qX2UKSeOvuP4D6TPqKF1onrSzH9bx9XUf2lEdWT/ia1NEKjunUqu1xOB/StKDHMoX4/OKyIzuS0q/T1zOATthvasJFoPrAjkohTyaDUz2LN5JoH839hViyEG82yB+MjcFV5MU3N1l1QL3cVUCh93xSaua1N85qivl+siMkPGbO5xR/En4iEY6K2XPASUEMaieWVNTRCtJ4S8H+9\ngit.zero-downtime.net ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC8YdJ4YcOK7A0K7qOWsRjCS+wHTStXRcwBe7gjG43HPSNijiCKoGf/c+tfNsRhyouawg7Law6M6ahmS/jKWBpznRIM+OdOFVSuhnK/nr6h6wG3/ZfdLicyAPvx1/STGY/Fc6/zXA88i/9PV+g84gSVmhf3fGY92wokiASiu9DU4T9dT1gIkdyOX6fbMi1/mMKLSrHnAQcjyasYDvw9ISCJ95EoSwbj7O4c+7jo9fxYvdCfZZZAEZGozTRLAAO0AnjVcRah7bZV/jfHJuhOipV/TB7UVAhlVv1dfGV7hoTp9UKtKZFJF4cjIrSGxqQA/mdhSdLgkepK7yc4Jp2xGnaarhY29DfqsQqop+ugFpTbj7Xy5Rco07mXc6XssbAZhI1xtCOX20N4PufBuYippCK5AE6AiAyVtJmvfGQk4HP+TjOyhFo7PZm3wc9Hym7IBBVC0Sl30K8ddufkAgHwNGvvu1ZmD9ZWaMOXJDHBCZGMMr16QREZwVtZTwMEQalc7/yqmuqMhmcJIfs/GA2Lt91y+pq9C8XyeUL0VFPch0vkcLSRe3ghMZpRFJ/ht307xPcLzgTJqN6oQtNNDzSQglSEjwhge2K4GyWcIh+oGsWxWz5dHyk1iJmw90Y976BZIl/mYVgbTtZAJ81oGe/0k5rAe+LDL+Yq6tG28QFOg0QmiQ==\n"` | |
|
||||
| argo-cd.configs.params."controller.operation.processors" | string | `"5"` | |
|
||||
| argo-cd.configs.params."controller.status.processors" | string | `"10"` | |
|
||||
| argo-cd.configs.params."server.enable.gzip" | bool | `true` | |
|
||||
| argo-cd.configs.params."server.insecure" | bool | `true` | |
|
||||
| argo-cd.configs.secret.createSecret | bool | `false` | |
|
||||
| argo-cd.configs.styles | string | `".sidebar__logo img { content: url(https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png); }\n.sidebar__logo__text-logo { height: 0em; }\n.sidebar { background: linear-gradient(to bottom, #6A4D79, #493558, #2D1B30, #0D0711); }\n"` | |
|
||||
| argo-cd.controller.metrics.enabled | bool | `false` | |
|
||||
| argo-cd.controller.metrics.serviceMonitor.enabled | bool | `true` | |
|
||||
| argo-cd.controller.resources.requests.cpu | string | `"100m"` | |
|
||||
| argo-cd.controller.resources.requests.memory | string | `"256Mi"` | |
|
||||
| argo-cd.dex.enabled | bool | `false` | |
|
||||
| argo-cd.global.logging.format | string | `"json"` | |
|
||||
| argo-cd.notifications.enabled | bool | `false` | |
|
||||
| argo-cd.repoServer.metrics.enabled | bool | `false` | |
|
||||
| argo-cd.repoServer.metrics.serviceMonitor.enabled | bool | `true` | |
|
||||
| argo-cd.server.metrics.enabled | bool | `false` | |
|
||||
| argo-cd.server.metrics.serviceMonitor.enabled | bool | `true` | |
|
||||
| argo-cd.server.service.servicePortHttpsName | string | `"grpc"` | |
|
||||
| argocd-apps.applications | list | `[]` | |
|
||||
| argocd-apps.projects | list | `[]` | |
|
||||
| argocd-image-updater.authScripts.enabled | bool | `true` | |
|
||||
| argocd-image-updater.authScripts.scripts."ecr-login.sh" | string | `"#!/bin/sh\naws ecr --region $AWS_REGION get-authorization-token --output text --query 'authorizationData[].authorizationToken' | base64 -d\n"` | |
|
||||
| argocd-image-updater.authScripts.scripts."ecr-public-login.sh" | string | `"#!/bin/sh\naws ecr-public --region us-east-1 get-authorization-token --output text --query 'authorizationData.authorizationToken' | base64 -d\n"` | |
|
||||
| argocd-image-updater.config.argocd.plaintext | bool | `true` | |
|
||||
| argocd-image-updater.enabled | bool | `false` | |
|
||||
| argocd-image-updater.fullnameOverride | string | `"argocd-image-updater"` | |
|
||||
| argocd-image-updater.metrics.enabled | bool | `false` | |
|
||||
| argocd-image-updater.metrics.serviceMonitor.enabled | bool | `true` | |
|
||||
| argocd-image-updater.sshConfig.config | string | `"Host *\n PubkeyAcceptedAlgorithms +ssh-rsa\n HostkeyAlgorithms +ssh-rsa\n"` | |
|
||||
| istio.enabled | bool | `false` | Deploy Istio VirtualService to expose ArgoCD |
|
||||
| istio.gateway | string | `"istio-ingress/ingressgateway"` | Name of the Istio gateway to add the VirtualService to |
|
||||
| istio.ipBlocks | list | `[]` | |
|
||||
|
||||
## Resources
|
||||
- https://argoproj.github.io/argo-cd/operator-manual/metrics/
|
||||
- https://raw.githubusercontent.com/argoproj/argo-cd/master/examples/dashboard.json
|
|
@ -1,20 +0,0 @@
|
|||
{{ template "chart.header" . }}
|
||||
{{ template "chart.deprecationWarning" . }}
|
||||
|
||||
{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }}
|
||||
|
||||
{{ template "chart.description" . }}
|
||||
|
||||
{{ template "chart.homepageLine" . }}
|
||||
|
||||
{{ template "chart.maintainersSection" . }}
|
||||
|
||||
{{ template "chart.sourcesSection" . }}
|
||||
|
||||
{{ template "chart.requirementsSection" . }}
|
||||
|
||||
{{ template "chart.valuesSection" . }}
|
||||
|
||||
## Resources
|
||||
- https://argoproj.github.io/argo-cd/operator-manual/metrics/
|
||||
- https://raw.githubusercontent.com/argoproj/argo-cd/master/examples/dashboard.json
|
|
@ -1,10 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
. ../../scripts/lib-update.sh
|
||||
|
||||
update_helm
|
||||
|
||||
# Create ZDT dashboard configmap
|
||||
../kubezero-metrics/sync_grafana_dashboards.py dashboards.yaml templates/grafana-dashboards.yaml
|
||||
|
||||
update_docs
|
|
@ -1,162 +0,0 @@
|
|||
# Support for Istio Ingress for ArgoCD
|
||||
istio:
|
||||
# istio.enabled -- Deploy Istio VirtualService to expose ArgoCD
|
||||
enabled: false
|
||||
# istio.gateway -- Name of the Istio gateway to add the VirtualService to
|
||||
gateway: istio-ingress/ingressgateway
|
||||
ipBlocks: []
|
||||
|
||||
argocd-apps:
|
||||
projects: []
|
||||
applications: []
|
||||
|
||||
argo-cd:
|
||||
#configs:
|
||||
# secret:
|
||||
# `htpasswd -nbBC 10 "" $ARGO_PWD | tr -d ':\n' | sed 's/$2y/$2a/'`
|
||||
# argocdServerAdminPassword: "$2a$10$ivKzaXVxMqdeDSfS3nqi1Od3iDbnL7oXrixzDfZFRHlXHnAG6LydG"
|
||||
# argocdServerAdminPasswordMtime: "2020-04-24T15:33:09BST"
|
||||
|
||||
global:
|
||||
logging:
|
||||
format: json
|
||||
# image:
|
||||
# tag: v2.1.6
|
||||
|
||||
configs:
|
||||
styles: |
|
||||
.sidebar__logo img { content: url(https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png); }
|
||||
.sidebar__logo__text-logo { height: 0em; }
|
||||
.sidebar { background: linear-gradient(to bottom, #6A4D79, #493558, #2D1B30, #0D0711); }
|
||||
|
||||
cm:
|
||||
ui.bannercontent: "KubeZero v1.27 - Release notes"
|
||||
ui.bannerurl: "https://kubezero.com/releases/v1.27"
|
||||
ui.bannerpermanent: "true"
|
||||
ui.bannerposition: "bottom"
|
||||
|
||||
# argo-cd.server.config.url -- ArgoCD URL being exposed via Istio
|
||||
url: https://argocd.example.com
|
||||
|
||||
timeout.reconciliation: 300
|
||||
|
||||
resource.customizations: |
|
||||
cert-manager.io/Certificate:
|
||||
# Lua script for customizing the health status assessment
|
||||
health.lua: |
|
||||
hs = {}
|
||||
if obj.status ~= nil then
|
||||
if obj.status.conditions ~= nil then
|
||||
for i, condition in ipairs(obj.status.conditions) do
|
||||
if condition.type == "Ready" and condition.status == "False" then
|
||||
hs.status = "Degraded"
|
||||
hs.message = condition.message
|
||||
return hs
|
||||
end
|
||||
if condition.type == "Ready" and condition.status == "True" then
|
||||
hs.status = "Healthy"
|
||||
hs.message = condition.message
|
||||
return hs
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
hs.status = "Progressing"
|
||||
hs.message = "Waiting for certificate"
|
||||
return hs
|
||||
|
||||
secret:
|
||||
createSecret: false
|
||||
|
||||
knownHosts:
|
||||
data:
|
||||
ssh_known_hosts: |
|
||||
bitbucket.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPIQmuzMBuKdWeF4+a2sjSSpBK0iqitSQ+5BM9KhpexuGt20JpTVM7u5BDZngncgrqDMbWdxMWWOGtZ9UgbqgZE=
|
||||
bitbucket.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIazEu89wgQZ4bqs3d63QSMzYVa0MuJ2e2gKTKqu+UUO
|
||||
bitbucket.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDQeJzhupRu0u0cdegZIa8e86EG2qOCsIsD1Xw0xSeiPDlCr7kq97NLmMbpKTX6Esc30NuoqEEHCuc7yWtwp8dI76EEEB1VqY9QJq6vk+aySyboD5QF61I/1WeTwu+deCbgKMGbUijeXhtfbxSxm6JwGrXrhBdofTsbKRUsrN1WoNgUa8uqN1Vx6WAJw1JHPhglEGGHea6QICwJOAr/6mrui/oB7pkaWKHj3z7d1IC4KWLtY47elvjbaTlkN04Kc/5LFEirorGYVbt15kAUlqGM65pk6ZBxtaO3+30LVlORZkxOh+LKL/BvbZ/iRNhItLqNyieoQj/uh/7Iv4uyH/cV/0b4WDSd3DptigWq84lJubb9t/DnZlrJazxyDCulTmKdOR7vs9gMTo+uoIrPSb8ScTtvw65+odKAlBj59dhnVp9zd7QUojOpXlL62Aw56U4oO+FALuevvMjiWeavKhJqlR7i5n9srYcrNV7ttmDw7kf/97P5zauIhxcjX+xHv4M=
|
||||
github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg=
|
||||
github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl
|
||||
github.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==
|
||||
gitlab.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFSMqzJeV9rUzU4kWitGjeR4PWSa29SPqJ1fVkhtj3Hw9xjLVXVYrU9QlYWrOLXBpQ6KWjbjTDTdDkoohFzgbEY=
|
||||
gitlab.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAfuCHKVTjquxvt6CM6tdG4SLp1Btn/nOeHHE5UOzRdf
|
||||
gitlab.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bNKTBSpIYDEGk9KxsGh3mySTRgMtXL583qmBpzeQ+jqCMRgBqB98u3z++J1sKlXHWfM9dyhSevkMwSbhoR8XIq/U0tCNyokEi/ueaBMCvbcTHhO7FcwzY92WK4Yt0aGROY5qX2UKSeOvuP4D6TPqKF1onrSzH9bx9XUf2lEdWT/ia1NEKjunUqu1xOB/StKDHMoX4/OKyIzuS0q/T1zOATthvasJFoPrAjkohTyaDUz2LN5JoH839hViyEG82yB+MjcFV5MU3N1l1QL3cVUCh93xSaua1N85qivl+siMkPGbO5xR/En4iEY6K2XPASUEMaieWVNTRCtJ4S8H+9
|
||||
git.zero-downtime.net ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC8YdJ4YcOK7A0K7qOWsRjCS+wHTStXRcwBe7gjG43HPSNijiCKoGf/c+tfNsRhyouawg7Law6M6ahmS/jKWBpznRIM+OdOFVSuhnK/nr6h6wG3/ZfdLicyAPvx1/STGY/Fc6/zXA88i/9PV+g84gSVmhf3fGY92wokiASiu9DU4T9dT1gIkdyOX6fbMi1/mMKLSrHnAQcjyasYDvw9ISCJ95EoSwbj7O4c+7jo9fxYvdCfZZZAEZGozTRLAAO0AnjVcRah7bZV/jfHJuhOipV/TB7UVAhlVv1dfGV7hoTp9UKtKZFJF4cjIrSGxqQA/mdhSdLgkepK7yc4Jp2xGnaarhY29DfqsQqop+ugFpTbj7Xy5Rco07mXc6XssbAZhI1xtCOX20N4PufBuYippCK5AE6AiAyVtJmvfGQk4HP+TjOyhFo7PZm3wc9Hym7IBBVC0Sl30K8ddufkAgHwNGvvu1ZmD9ZWaMOXJDHBCZGMMr16QREZwVtZTwMEQalc7/yqmuqMhmcJIfs/GA2Lt91y+pq9C8XyeUL0VFPch0vkcLSRe3ghMZpRFJ/ht307xPcLzgTJqN6oQtNNDzSQglSEjwhge2K4GyWcIh+oGsWxWz5dHyk1iJmw90Y976BZIl/mYVgbTtZAJ81oGe/0k5rAe+LDL+Yq6tG28QFOg0QmiQ==
|
||||
|
||||
params:
|
||||
controller.status.processors: "10"
|
||||
controller.operation.processors: "5"
|
||||
|
||||
server.insecure: true
|
||||
server.enable.gzip: true
|
||||
|
||||
controller:
|
||||
metrics:
|
||||
enabled: false
|
||||
serviceMonitor:
|
||||
enabled: true
|
||||
|
||||
resources:
|
||||
limits:
|
||||
# cpu: 500m
|
||||
memory: 2048Mi
|
||||
requests:
|
||||
cpu: 100m
|
||||
memory: 512Mi
|
||||
|
||||
repoServer:
|
||||
metrics:
|
||||
enabled: false
|
||||
serviceMonitor:
|
||||
enabled: true
|
||||
|
||||
server:
|
||||
# Rename former https port to grpc, works with istio + insecure
|
||||
service:
|
||||
servicePortHttpsName: grpc
|
||||
metrics:
|
||||
enabled: false
|
||||
serviceMonitor:
|
||||
enabled: true
|
||||
|
||||
# redis:
|
||||
# We might want to try to keep redis close to the controller
|
||||
# affinity:
|
||||
|
||||
dex:
|
||||
enabled: false
|
||||
|
||||
applicationSet:
|
||||
enabled: false
|
||||
|
||||
notifications:
|
||||
enabled: false
|
||||
|
||||
argocd-image-updater:
|
||||
enabled: false
|
||||
|
||||
# Unify all ArgoCD pieces under the same argocd namespace
|
||||
fullnameOverride: argocd-image-updater
|
||||
|
||||
config:
|
||||
argocd:
|
||||
plaintext: true
|
||||
|
||||
metrics:
|
||||
enabled: false
|
||||
serviceMonitor:
|
||||
enabled: true
|
||||
|
||||
authScripts:
|
||||
enabled: true
|
||||
scripts:
|
||||
ecr-login.sh: |
|
||||
#!/bin/sh
|
||||
aws ecr --region $AWS_REGION get-authorization-token --output text --query 'authorizationData[].authorizationToken' | base64 -d
|
||||
ecr-public-login.sh: |
|
||||
#!/bin/sh
|
||||
aws ecr-public --region us-east-1 get-authorization-token --output text --query 'authorizationData.authorizationToken' | base64 -d
|
||||
sshConfig:
|
||||
config: |
|
||||
Host *
|
||||
PubkeyAcceptedAlgorithms +ssh-rsa
|
||||
HostkeyAlgorithms +ssh-rsa
|
|
@ -2,7 +2,7 @@ apiVersion: v2
|
|||
name: kubezero-cert-manager
|
||||
description: KubeZero Umbrella Chart for cert-manager
|
||||
type: application
|
||||
version: 0.9.6
|
||||
version: 0.9.7
|
||||
home: https://kubezero.com
|
||||
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
||||
keywords:
|
||||
|
@ -16,6 +16,6 @@ dependencies:
|
|||
version: ">= 0.1.6"
|
||||
repository: https://cdn.zero-downtime.net/charts/
|
||||
- name: cert-manager
|
||||
version: v1.13.2
|
||||
version: v1.14.4
|
||||
repository: https://charts.jetstack.io
|
||||
kubeVersion: ">= 1.26.0"
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# kubezero-cert-manager
|
||||
|
||||
![Version: 0.9.6](https://img.shields.io/badge/Version-0.9.6-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
|
||||
![Version: 0.9.7](https://img.shields.io/badge/Version-0.9.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
|
||||
|
||||
KubeZero Umbrella Chart for cert-manager
|
||||
|
||||
|
@ -19,7 +19,7 @@ Kubernetes: `>= 1.26.0`
|
|||
| Repository | Name | Version |
|
||||
|------------|------|---------|
|
||||
| https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.6 |
|
||||
| https://charts.jetstack.io | cert-manager | v1.13.2 |
|
||||
| https://charts.jetstack.io | cert-manager | v1.14.4 |
|
||||
|
||||
## AWS - OIDC IAM roles
|
||||
|
||||
|
@ -37,6 +37,7 @@ If your resolvers need additional sercrets like CloudFlare API tokens etc. make
|
|||
| cert-manager.cainjector.nodeSelector."node-role.kubernetes.io/control-plane" | string | `""` | |
|
||||
| cert-manager.cainjector.tolerations[0].effect | string | `"NoSchedule"` | |
|
||||
| cert-manager.cainjector.tolerations[0].key | string | `"node-role.kubernetes.io/control-plane"` | |
|
||||
| cert-manager.enableCertificateOwnerRef | bool | `true` | |
|
||||
| cert-manager.enabled | bool | `true` | |
|
||||
| cert-manager.extraArgs[0] | string | `"--logging-format=json"` | |
|
||||
| cert-manager.extraArgs[1] | string | `"--leader-elect=false"` | |
|
||||
|
|
|
@ -18,7 +18,7 @@
|
|||
"subdir": "contrib/mixin"
|
||||
}
|
||||
},
|
||||
"version": "f0708d350e4fc95e95338fb54af7b571e5bce7a8",
|
||||
"version": "5a53a708d8ab9ef936ac5b8062ffc66c77a2c18f",
|
||||
"sum": "xuUBd2vqF7asyVDe5CE08uPT/RxAdy8O75EjFJoMXXU="
|
||||
},
|
||||
{
|
||||
|
@ -51,6 +51,16 @@
|
|||
"version": "a1d61cce1da59c71409b99b5c7568511fec661ea",
|
||||
"sum": "gCtR9s/4D5fxU9aKXg0Bru+/njZhA0YjLjPiASc61FM="
|
||||
},
|
||||
{
|
||||
"source": {
|
||||
"git": {
|
||||
"remote": "https://github.com/grafana/grafonnet.git",
|
||||
"subdir": "gen/grafonnet-latest"
|
||||
}
|
||||
},
|
||||
"version": "6ac1593ca787638da223380ff4a3fd0f96e953e1",
|
||||
"sum": "GxEO83uxgsDclLp/fmlUJZDbSGpeUZY6Ap3G2cgdL1g="
|
||||
},
|
||||
{
|
||||
"source": {
|
||||
"git": {
|
||||
|
@ -58,8 +68,18 @@
|
|||
"subdir": "gen/grafonnet-v10.0.0"
|
||||
}
|
||||
},
|
||||
"version": "bb2afaffbcefeae1035cd691ab06a486e0022002",
|
||||
"sum": "gj/20VIGucG2vDGjG7YdHLC4yUUfrpuaneUYaRmymOM="
|
||||
"version": "6ac1593ca787638da223380ff4a3fd0f96e953e1",
|
||||
"sum": "W7sLuAvMSJPkC7Oo31t45Nz/cUdJV7jzNSJTd3F1daM="
|
||||
},
|
||||
{
|
||||
"source": {
|
||||
"git": {
|
||||
"remote": "https://github.com/grafana/grafonnet.git",
|
||||
"subdir": "gen/grafonnet-v10.4.0"
|
||||
}
|
||||
},
|
||||
"version": "6ac1593ca787638da223380ff4a3fd0f96e953e1",
|
||||
"sum": "ZSmDT7i/qU9P8ggmuPuJT+jonq1ZEsBRCXycW/H5L/A="
|
||||
},
|
||||
{
|
||||
"source": {
|
||||
|
@ -68,8 +88,8 @@
|
|||
"subdir": "grafana-builder"
|
||||
}
|
||||
},
|
||||
"version": "eb731883044fc58f255d79c2a8d78a5854084e05",
|
||||
"sum": "VmOxvg9FuY9UYr3lN6ZJe2HhuIErJoWimPybQr3S3yQ="
|
||||
"version": "7561fd330312538d22b00e0c7caecb4ba66321ea",
|
||||
"sum": "+z5VY+bPBNqXcmNAV8xbJcbsRA+pro1R3IM7aIY8OlU="
|
||||
},
|
||||
{
|
||||
"source": {
|
||||
|
@ -88,8 +108,8 @@
|
|||
"subdir": "doc-util"
|
||||
}
|
||||
},
|
||||
"version": "503e5c8fe96d6b55775037713ac10b184709ad93",
|
||||
"sum": "BY4u0kLF3Qf/4IB4HnX9S5kEQIpHb4MUrppp6WLDtlU="
|
||||
"version": "6ac6c69685b8c29c54515448eaca583da2d88150",
|
||||
"sum": "BrAL/k23jq+xy9oA7TWIhUx07dsA/QLm3g7ktCwe//U="
|
||||
},
|
||||
{
|
||||
"source": {
|
||||
|
@ -98,8 +118,8 @@
|
|||
"subdir": ""
|
||||
}
|
||||
},
|
||||
"version": "c1a315a7dbead0335a5e0486acc5583395b22a24",
|
||||
"sum": "UVdL+uuFI8BSQgLfMJEJk2WDKsQXNT3dRHcr2Ti9rLI="
|
||||
"version": "fc2e57a8839902ed4ba6cab5a99d642500f7102b",
|
||||
"sum": "43waffw1QzvpY4rKcWoo3L7Vpee+DCYexwLDd5cPG0M="
|
||||
},
|
||||
{
|
||||
"source": {
|
||||
|
@ -108,8 +128,8 @@
|
|||
"subdir": ""
|
||||
}
|
||||
},
|
||||
"version": "2dbe4f9625a811b8b89f0495e74509c74779da82",
|
||||
"sum": "Fe7bN9E6qeKNUdENjQvYttgf4S1DDqXRVB80wdmQgHQ="
|
||||
"version": "a1c276d7a46c4b06fa5d8b4a64441939d398efe5",
|
||||
"sum": "b/mEai1MvVnZ22YvZlXEO4jWDZledrtJg8eOS1ZUj0M="
|
||||
},
|
||||
{
|
||||
"source": {
|
||||
|
@ -118,8 +138,8 @@
|
|||
"subdir": "jsonnet/kube-state-metrics"
|
||||
}
|
||||
},
|
||||
"version": "98b38ba9bbfdff27b359c58adecab30cc1311a78",
|
||||
"sum": "+dOzAK+fwsFf97uZpjcjTcEJEC1H8hh/j8f5uIQK/5g="
|
||||
"version": "9ba1c3702142918e09e8eb5ca530e15198624259",
|
||||
"sum": "msMZyUvcebzRILLzNlTIiSOwa1XgQKtP7jbZTkiqwM0="
|
||||
},
|
||||
{
|
||||
"source": {
|
||||
|
@ -128,7 +148,7 @@
|
|||
"subdir": "jsonnet/kube-state-metrics-mixin"
|
||||
}
|
||||
},
|
||||
"version": "98b38ba9bbfdff27b359c58adecab30cc1311a78",
|
||||
"version": "9ba1c3702142918e09e8eb5ca530e15198624259",
|
||||
"sum": "qclI7LwucTjBef3PkGBkKxF0mfZPbHnn4rlNWKGtR4c="
|
||||
},
|
||||
{
|
||||
|
@ -138,8 +158,8 @@
|
|||
"subdir": "jsonnet/kube-prometheus"
|
||||
}
|
||||
},
|
||||
"version": "80ab54b66a88cd40fc935d17abbd7b50b12cc3f7",
|
||||
"sum": "w35hpzjA5b+xr9dXnpudKRsdTheO9YO1SESoG4oyyL8="
|
||||
"version": "76f2e1ef95be0df752037baa040781c5219e1fb3",
|
||||
"sum": "IgpAgyyBZ7VT2vr9kSYQP/lkZUNQnbqpGh2sYCtUKs0="
|
||||
},
|
||||
{
|
||||
"source": {
|
||||
|
@ -148,8 +168,8 @@
|
|||
"subdir": "jsonnet/mixin"
|
||||
}
|
||||
},
|
||||
"version": "88e86c5caf84dc85338c904e13b0656bf1b56a67",
|
||||
"sum": "n3flMIzlADeyygb0uipZ4KPp2uNSjdtkrwgHjTC7Ca4=",
|
||||
"version": "71d9433ba612f4b826ffa38520b23a7985b50db3",
|
||||
"sum": "gi+knjdxs2T715iIQIntrimbHRgHnpM8IFBJDD1gYfs=",
|
||||
"name": "prometheus-operator-mixin"
|
||||
},
|
||||
{
|
||||
|
@ -159,8 +179,8 @@
|
|||
"subdir": "jsonnet/prometheus-operator"
|
||||
}
|
||||
},
|
||||
"version": "88e86c5caf84dc85338c904e13b0656bf1b56a67",
|
||||
"sum": "3tRcbCxuH5piaixkvwe4UdVVWlxkxKz8eBgbgYqvbRk="
|
||||
"version": "71d9433ba612f4b826ffa38520b23a7985b50db3",
|
||||
"sum": "S4LFa0h1AzANixqGMowtwVswVP+y6f+fXloxpO7hMes="
|
||||
},
|
||||
{
|
||||
"source": {
|
||||
|
@ -169,7 +189,7 @@
|
|||
"subdir": "doc/alertmanager-mixin"
|
||||
}
|
||||
},
|
||||
"version": "4494abfce419d1bbd3cb1a2c0b6584da88ac9b64",
|
||||
"version": "14cbe6301c732658d6fe877ec55ad5b738abcf06",
|
||||
"sum": "IpF46ZXsm+0wJJAPtAre8+yxTNZA57mBqGpBP/r7/kw=",
|
||||
"name": "alertmanager"
|
||||
},
|
||||
|
@ -180,8 +200,8 @@
|
|||
"subdir": "docs/node-mixin"
|
||||
}
|
||||
},
|
||||
"version": "12f1744e799e04373c7a29b42bf8b8a332c82790",
|
||||
"sum": "QZwFBpulndqo799gkR5rP2/WdcQKQkNnaBwhaOI8Jeg="
|
||||
"version": "3accd4cf8286e69d70516abdced6bf186274322a",
|
||||
"sum": "vWhHvFqV7+fxrQddTeGVKi1e4EzB3VWtNyD8TjSmevY="
|
||||
},
|
||||
{
|
||||
"source": {
|
||||
|
@ -190,8 +210,8 @@
|
|||
"subdir": "documentation/prometheus-mixin"
|
||||
}
|
||||
},
|
||||
"version": "5dbbadf59823aea6e9daa5e6c7877f1572b93941",
|
||||
"sum": "rNvddVTMNfaguOGzEGoeKjUsfhlXJBUImC+SIFNNCiM=",
|
||||
"version": "773170f372e0a57949854b74231ee3e09185f728",
|
||||
"sum": "u/Fpz2MPkezy71/q+c7mF0vc3hE9fWt2W/YbvF0LP/8=",
|
||||
"name": "prometheus"
|
||||
},
|
||||
{
|
||||
|
@ -212,7 +232,7 @@
|
|||
"subdir": "mixin"
|
||||
}
|
||||
},
|
||||
"version": "463dd481cc740194cc9504cd6aeb48f342afe020",
|
||||
"version": "93c79b61825ec00889188e35a58635eee247bc36",
|
||||
"sum": "HhSSbGGCNHCMy1ee5jElYDm0yS9Vesa7QB2/SHKdjsY=",
|
||||
"name": "thanos-mixin"
|
||||
}
|
||||
|
|
|
@ -2,7 +2,7 @@ apiVersion: v2
|
|||
name: kubezero-ci
|
||||
description: KubeZero umbrella chart for all things CI
|
||||
type: application
|
||||
version: 0.8.7
|
||||
version: 0.8.8
|
||||
home: https://kubezero.com
|
||||
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
||||
keywords:
|
||||
|
@ -22,7 +22,7 @@ dependencies:
|
|||
repository: https://dl.gitea.io/charts/
|
||||
condition: gitea.enabled
|
||||
- name: jenkins
|
||||
version: 5.1.0
|
||||
version: 5.1.3
|
||||
repository: https://charts.jenkins.io
|
||||
condition: jenkins.enabled
|
||||
- name: trivy
|
||||
|
@ -30,7 +30,7 @@ dependencies:
|
|||
repository: https://aquasecurity.github.io/helm-charts/
|
||||
condition: trivy.enabled
|
||||
- name: renovate
|
||||
version: 37.236.0
|
||||
version: 37.267.1
|
||||
repository: https://docs.renovatebot.com/helm-charts
|
||||
condition: renovate.enabled
|
||||
kubeVersion: ">= 1.25.0"
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# kubezero-ci
|
||||
|
||||
![Version: 0.8.7](https://img.shields.io/badge/Version-0.8.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
|
||||
![Version: 0.8.8](https://img.shields.io/badge/Version-0.8.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
|
||||
|
||||
KubeZero umbrella chart for all things CI
|
||||
|
||||
|
@ -20,9 +20,9 @@ Kubernetes: `>= 1.25.0`
|
|||
|------------|------|---------|
|
||||
| https://aquasecurity.github.io/helm-charts/ | trivy | 0.7.0 |
|
||||
| https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.6 |
|
||||
| https://charts.jenkins.io | jenkins | 5.1.0 |
|
||||
| https://charts.jenkins.io | jenkins | 5.1.3 |
|
||||
| https://dl.gitea.io/charts/ | gitea | 10.1.3 |
|
||||
| https://docs.renovatebot.com/helm-charts | renovate | 37.236.0 |
|
||||
| https://docs.renovatebot.com/helm-charts | renovate | 37.267.1 |
|
||||
|
||||
# Jenkins
|
||||
- default build retention 10 builds, 32days
|
||||
|
@ -66,6 +66,7 @@ Kubernetes: `>= 1.25.0`
|
|||
| gitea.gitea.metrics.enabled | bool | `false` | |
|
||||
| gitea.gitea.metrics.serviceMonitor.enabled | bool | `true` | |
|
||||
| gitea.image.rootless | bool | `true` | |
|
||||
| gitea.image.tag | string | `"1.21.9"` | |
|
||||
| gitea.istio.enabled | bool | `false` | |
|
||||
| gitea.istio.gateway | string | `"istio-ingress/private-ingressgateway"` | |
|
||||
| gitea.istio.url | string | `"git.example.com"` | |
|
||||
|
@ -90,7 +91,7 @@ Kubernetes: `>= 1.25.0`
|
|||
| jenkins.agent.customJenkinsLabels[0] | string | `"podman-aws-trivy"` | |
|
||||
| jenkins.agent.idleMinutes | int | `30` | |
|
||||
| jenkins.agent.image.repository | string | `"public.ecr.aws/zero-downtime/jenkins-podman"` | |
|
||||
| jenkins.agent.image.tag | string | `"v0.4.6"` | |
|
||||
| jenkins.agent.image.tag | string | `"v0.5.0"` | |
|
||||
| jenkins.agent.podName | string | `"podman-aws"` | |
|
||||
| jenkins.agent.podRetention | string | `"Default"` | |
|
||||
| jenkins.agent.resources.limits.cpu | string | `""` | |
|
||||
|
|
|
@ -2,7 +2,7 @@ gitea:
|
|||
enabled: false
|
||||
|
||||
image:
|
||||
#tag: 1.21.4
|
||||
tag: 1.21.9
|
||||
rootless: true
|
||||
|
||||
repliaCount: 1
|
||||
|
@ -72,6 +72,8 @@ gitea:
|
|||
ui:
|
||||
THEMES: "gitea,github-dark"
|
||||
DEFAULT_THEME: "github-dark"
|
||||
log:
|
||||
LEVEL: warn
|
||||
|
||||
redis-cluster:
|
||||
enabled: false
|
||||
|
@ -164,7 +166,7 @@ jenkins:
|
|||
agent:
|
||||
image:
|
||||
repository: public.ecr.aws/zero-downtime/jenkins-podman
|
||||
tag: v0.4.6
|
||||
tag: v0.5.0
|
||||
#alwaysPullImage: true
|
||||
podRetention: "Default"
|
||||
showRawYaml: false
|
||||
|
|
|
@ -2,7 +2,7 @@ apiVersion: v2
|
|||
name: kubezero-network
|
||||
description: KubeZero umbrella chart for all things network
|
||||
type: application
|
||||
version: 0.4.6
|
||||
version: 0.5.1
|
||||
home: https://kubezero.com
|
||||
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
||||
keywords:
|
||||
|
@ -19,11 +19,11 @@ dependencies:
|
|||
version: ">= 0.1.6"
|
||||
repository: https://cdn.zero-downtime.net/charts/
|
||||
- name: cilium
|
||||
version: 1.14.4
|
||||
version: 1.15.3
|
||||
repository: https://helm.cilium.io/
|
||||
condition: cilium.enabled
|
||||
- name: metallb
|
||||
version: 0.13.12
|
||||
version: 0.14.4
|
||||
repository: https://metallb.github.io/metallb
|
||||
condition: metallb.enabled
|
||||
kubeVersion: ">= 1.26.0"
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# kubezero-network
|
||||
|
||||
![Version: 0.4.6](https://img.shields.io/badge/Version-0.4.6-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
|
||||
![Version: 0.5.1](https://img.shields.io/badge/Version-0.5.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
|
||||
|
||||
KubeZero umbrella chart for all things network
|
||||
|
||||
|
@ -19,8 +19,8 @@ Kubernetes: `>= 1.26.0`
|
|||
| Repository | Name | Version |
|
||||
|------------|------|---------|
|
||||
| https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.6 |
|
||||
| https://helm.cilium.io/ | cilium | 1.14.4 |
|
||||
| https://metallb.github.io/metallb | metallb | 0.13.12 |
|
||||
| https://helm.cilium.io/ | cilium | 1.15.3 |
|
||||
| https://metallb.github.io/metallb | metallb | 0.14.4 |
|
||||
|
||||
## Values
|
||||
|
||||
|
@ -56,7 +56,7 @@ Kubernetes: `>= 1.26.0`
|
|||
| cilium.resources.limits.memory | string | `"1024Mi"` | |
|
||||
| cilium.resources.requests.cpu | string | `"10m"` | |
|
||||
| cilium.resources.requests.memory | string | `"256Mi"` | |
|
||||
| cilium.tunnel | string | `"geneve"` | |
|
||||
| cilium.tunnelProtocol | string | `"geneve"` | |
|
||||
| metallb.controller.nodeSelector."node-role.kubernetes.io/control-plane" | string | `""` | |
|
||||
| metallb.controller.tolerations[0].effect | string | `"NoSchedule"` | |
|
||||
| metallb.controller.tolerations[0].key | string | `"node-role.kubernetes.io/control-plane"` | |
|
||||
|
|
File diff suppressed because one or more lines are too long
|
@ -17,7 +17,7 @@ dependencies:
|
|||
version: ">= 0.1.6"
|
||||
repository: https://cdn.zero-downtime.net/charts/
|
||||
- name: redis
|
||||
version: 19.0.1
|
||||
version: 19.0.2
|
||||
repository: https://charts.bitnami.com/bitnami
|
||||
condition: redis.enabled
|
||||
- name: redis-cluster
|
||||
|
|
|
@ -2,7 +2,7 @@ apiVersion: v2
|
|||
name: kubezero-storage
|
||||
description: KubeZero umbrella chart for all things storage incl. AWS EBS/EFS, openEBS-lvm, gemini
|
||||
type: application
|
||||
version: 0.8.4
|
||||
version: 0.8.6
|
||||
home: https://kubezero.com
|
||||
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
||||
keywords:
|
||||
|
@ -20,15 +20,15 @@ dependencies:
|
|||
version: ">= 0.1.6"
|
||||
repository: https://cdn.zero-downtime.net/charts/
|
||||
- name: lvm-localpv
|
||||
version: 1.3.0
|
||||
version: 1.5.0
|
||||
condition: lvm-localpv.enabled
|
||||
repository: https://openebs.github.io/lvm-localpv
|
||||
- name: aws-ebs-csi-driver
|
||||
version: 2.25.0
|
||||
version: 2.29.1
|
||||
condition: aws-ebs-csi-driver.enabled
|
||||
repository: https://kubernetes-sigs.github.io/aws-ebs-csi-driver
|
||||
- name: aws-efs-csi-driver
|
||||
version: 2.5.1
|
||||
version: 2.5.6
|
||||
condition: aws-efs-csi-driver.enabled
|
||||
repository: https://kubernetes-sigs.github.io/aws-efs-csi-driver
|
||||
- name: gemini
|
||||
|
@ -36,7 +36,7 @@ dependencies:
|
|||
condition: gemini.enabled
|
||||
repository: https://charts.fairwinds.com/stable
|
||||
- name: k8up
|
||||
version: 4.4.3
|
||||
version: 4.5.0
|
||||
condition: k8up.enabled
|
||||
repository: https://k8up-io.github.io/k8up
|
||||
kubeVersion: ">= 1.26.0"
|
||||
|
|
|
@ -1,4 +1,48 @@
|
|||
# Helm chart
|
||||
## v2.29.0
|
||||
### Urgent Upgrade Notes
|
||||
*(No, really, you MUST read this before you upgrade)*
|
||||
|
||||
The EBS CSI Driver Helm chart no longer supports upgrading with `--reuse-values`. This chart will not test for `--reuse-values` compatibility and upgrading with `--reuse-values` will likely fail. Users of `--reuse-values` are strongly encouraged to migrate to `--reset-then-reuse-values`.
|
||||
|
||||
For more information see [the deprecation announcement](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/issues/1864).
|
||||
|
||||
### Other Changes
|
||||
* Bump driver version to `v1.29.0` and sidecars to latest versions
|
||||
* Add helm-tester enabled flag ([#1954](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1954), [@nunodomingues-td](https://github.com/nunodomingues-td))
|
||||
|
||||
## v2.28.1
|
||||
* Add `reservedVolumeAttachments` that overrides heuristic-determined reserved attachments via `--reserved-volume-attachments` CLI option from [PR #1919](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1919) through Helm ([#1939](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1939), [@AndrewSirenko](https://github.com/AndrewSirenko))
|
||||
* Add `additionalArgs` parameter to node daemonSet ([#1939](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1939), [@AndrewSirenko](https://github.com/AndrewSirenko))
|
||||
|
||||
## v2.28.0
|
||||
### Urgent Upgrade Notes
|
||||
*(No, really, you MUST read this before you upgrade)*
|
||||
|
||||
This is the last minor version of the EBS CSI Driver Helm chart to support upgrading with `--reuse-values`. Future versions of the chart (starting with `v2.29.0`) will not test for `--reuse-values` compatibility and upgrading with `--reuse-values` will likely fail. Users of `--reuse-values` are strongly encouraged to migrate to `--reset-then-reuse-values`.
|
||||
|
||||
For more information see [the deprecation announcement](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/issues/1864).
|
||||
|
||||
### Other Changes
|
||||
* Bump driver version to `v1.28.0` and sidecars to latest versions
|
||||
* Add labels to leases role used by EBS CSI controller ([#1914](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1914), [@cHiv0rz](https://github.com/cHiv0rz))
|
||||
* Enforce `linux` and `amd64` node affinity for helm tester pod ([#1922](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1922), [@AndrewSirenko](https://github.com/AndrewSirenko))
|
||||
* Add configuration for `DaemonSet` annotations ([#1923](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1923), [@AndrewSirenko](https://github.com/AndrewSirenko))
|
||||
* Incorporate KubeLinter recommended best practices for chart tester pod ([#1924](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1924), [@torredil](https://github.com/torredil))
|
||||
* Add configuration for chart tester pod image ([#1928](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1928), [@AndrewSirenko](https://github.com/AndrewSirenko))
|
||||
|
||||
## v2.27.0
|
||||
* Bump driver version to `v1.27.0`
|
||||
* Add parameters for tuning revisionHistoryLimit and emptyDir volumes ([#1840](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1840), [@bodgit](https://github.com/bodgit))
|
||||
|
||||
## v2.26.1
|
||||
* Bump driver version to `v1.26.1`
|
||||
* Bump sidecar container versions to fix [restart bug in external attacher, provisioner, resizer, snapshotter, and node-driver-registrar](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/issues/1875) ([#1886](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1886), [@AndrewSirenko](https://github.com/AndrewSirenko))
|
||||
|
||||
## v2.26.0
|
||||
* Bump driver version to `v1.26.0`
|
||||
* Bump sidecar container versions ([#1867](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1867), [@AndrewSirenko](https://github.com/AndrewSirenko))
|
||||
* Add warning about --reuse-values deprecation to NOTES.txt ([#1865](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1865), [@ConnorJC3](https://github.com/ConnorJC3))
|
||||
|
||||
## v2.25.0
|
||||
* Bump driver version to `v1.25.0`
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
apiVersion: v2
|
||||
appVersion: 1.25.0
|
||||
appVersion: 1.29.0
|
||||
description: A Helm chart for AWS EBS CSI Driver
|
||||
home: https://github.com/kubernetes-sigs/aws-ebs-csi-driver
|
||||
keywords:
|
||||
|
@ -13,4 +13,4 @@ maintainers:
|
|||
name: aws-ebs-csi-driver
|
||||
sources:
|
||||
- https://github.com/kubernetes-sigs/aws-ebs-csi-driver
|
||||
version: 2.25.0
|
||||
version: 2.29.0
|
||||
|
|
|
@ -3,3 +3,5 @@ To verify that aws-ebs-csi-driver has started, run:
|
|||
kubectl get pod -n {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "aws-ebs-csi-driver.name" . }},app.kubernetes.io/instance={{ .Release.Name }}"
|
||||
|
||||
NOTE: The [CSI Snapshotter](https://github.com/kubernetes-csi/external-snapshotter) controller and CRDs will no longer be installed as part of this chart and moving forward will be a prerequisite of using the snap shotting functionality.
|
||||
|
||||
WARNING: Upgrading the EBS CSI Driver Helm chart with --reuse-values will no longer be supported in a future release. For more information, see https://github.com/kubernetes-sigs/aws-ebs-csi-driver/issues/1864
|
||||
|
|
|
@ -9,6 +9,9 @@ metadata:
|
|||
labels:
|
||||
{{- include "aws-ebs-csi-driver.labels" . | nindent 4 }}
|
||||
spec:
|
||||
{{- if or (kindIs "float64" .Values.node.revisionHistoryLimit) (kindIs "int64" .Values.node.revisionHistoryLimit) }}
|
||||
revisionHistoryLimit: {{ .Values.node.revisionHistoryLimit }}
|
||||
{{- end }}
|
||||
selector:
|
||||
matchLabels:
|
||||
app: {{ .NodeName }}
|
||||
|
@ -199,6 +202,10 @@ spec:
|
|||
path: \\.\pipe\csi-proxy-filesystem-v1
|
||||
type: ""
|
||||
- name: probe-dir
|
||||
{{- if .Values.node.probeDirVolume }}
|
||||
{{- toYaml .Values.node.probeDirVolume | nindent 10 }}
|
||||
{{- else }}
|
||||
emptyDir: {}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
|
|
@ -8,7 +8,14 @@ metadata:
|
|||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
{{- include "aws-ebs-csi-driver.labels" . | nindent 4 }}
|
||||
{{- with .Values.node.daemonSetAnnotations }}
|
||||
annotations:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- if or (kindIs "float64" .Values.node.revisionHistoryLimit) (kindIs "int64" .Values.node.revisionHistoryLimit) }}
|
||||
revisionHistoryLimit: {{ .Values.node.revisionHistoryLimit }}
|
||||
{{- end }}
|
||||
selector:
|
||||
matchLabels:
|
||||
app: {{ .NodeName }}
|
||||
|
@ -60,6 +67,9 @@ spec:
|
|||
args:
|
||||
- node
|
||||
- --endpoint=$(CSI_ENDPOINT)
|
||||
{{- with .Values.node.reservedVolumeAttachments }}
|
||||
- --reserved-volume-attachments={{ . }}
|
||||
{{- end }}
|
||||
{{- with .Values.node.volumeAttachLimit }}
|
||||
- --volume-attach-limit={{ . }}
|
||||
{{- end }}
|
||||
|
@ -70,6 +80,9 @@ spec:
|
|||
{{- if .Values.node.otelTracing }}
|
||||
- --enable-otel-tracing=true
|
||||
{{- end}}
|
||||
{{- range .Values.node.additionalArgs }}
|
||||
- {{ . }}
|
||||
{{- end }}
|
||||
env:
|
||||
- name: CSI_ENDPOINT
|
||||
value: unix:/csi/csi.sock
|
||||
|
@ -219,7 +232,11 @@ spec:
|
|||
path: /dev
|
||||
type: Directory
|
||||
- name: probe-dir
|
||||
{{- if .Values.node.probeDirVolume }}
|
||||
{{- toYaml .Values.node.probeDirVolume | nindent 10 }}
|
||||
{{- else }}
|
||||
emptyDir: {}
|
||||
{{- end }}
|
||||
{{- with .Values.node.volumes }}
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
|
|
|
@ -11,4 +11,7 @@ rules:
|
|||
verbs: ["get", "patch"]
|
||||
- apiGroups: ["storage.k8s.io"]
|
||||
resources: ["volumeattachments"]
|
||||
verbs: ["list"]
|
||||
verbs: ["get", "list", "watch"]
|
||||
- apiGroups: ["storage.k8s.io"]
|
||||
resources: ["csinodes"]
|
||||
verbs: ["get"]
|
||||
|
|
|
@ -33,6 +33,9 @@ rules:
|
|||
- apiGroups: [ "storage.k8s.io" ]
|
||||
resources: [ "volumeattachments" ]
|
||||
verbs: [ "get", "list", "watch" ]
|
||||
- apiGroups: [ "storage.k8s.io" ]
|
||||
resources: [ "volumeattributesclasses" ]
|
||||
verbs: [ "get" ]
|
||||
{{- with .Values.sidecars.provisioner.additionalClusterRoleRules }}
|
||||
{{- . | toYaml | nindent 2 }}
|
||||
{{- end }}
|
||||
|
|
|
@ -29,6 +29,9 @@ rules:
|
|||
- apiGroups: [ "" ]
|
||||
resources: [ "pods" ]
|
||||
verbs: [ "get", "list", "watch" ]
|
||||
- apiGroups: [ "storage.k8s.io" ]
|
||||
resources: [ "volumeattributesclasses" ]
|
||||
verbs: [ "get", "list", "watch" ]
|
||||
{{- with .Values.sidecars.resizer.additionalClusterRoleRules }}
|
||||
{{- . | toYaml | nindent 2 }}
|
||||
{{- end }}
|
||||
|
|
|
@ -6,8 +6,15 @@ metadata:
|
|||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
{{- include "aws-ebs-csi-driver.labels" . | nindent 4 }}
|
||||
{{- with .Values.controller.deploymentAnnotations }}
|
||||
annotations:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
replicas: {{ .Values.controller.replicaCount }}
|
||||
{{- if or (kindIs "float64" .Values.controller.revisionHistoryLimit) (kindIs "int64" .Values.controller.revisionHistoryLimit) }}
|
||||
revisionHistoryLimit: {{ .Values.controller.revisionHistoryLimit }}
|
||||
{{- end }}
|
||||
{{- with .Values.controller.updateStrategy }}
|
||||
strategy:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
|
@ -486,7 +493,11 @@ spec:
|
|||
{{- end }}
|
||||
volumes:
|
||||
- name: socket-dir
|
||||
{{- if .Values.controller.socketDirVolume }}
|
||||
{{- toYaml .Values.controller.socketDirVolume | nindent 10 }}
|
||||
{{- else }}
|
||||
emptyDir: {}
|
||||
{{- end }}
|
||||
{{- with .Values.controller.volumes }}
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
|
|
|
@ -3,6 +3,8 @@ apiVersion: rbac.authorization.k8s.io/v1
|
|||
metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
name: ebs-csi-leases-role
|
||||
labels:
|
||||
{{- include "aws-ebs-csi-driver.labels" . | nindent 4 }}
|
||||
rules:
|
||||
- apiGroups: ["coordination.k8s.io"]
|
||||
resources: ["leases"]
|
||||
|
|
|
@ -0,0 +1,235 @@
|
|||
{{- if .Values.helmTester.enabled -}}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: ebs-csi-driver-test
|
||||
annotations:
|
||||
"helm.sh/hook": test
|
||||
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded,hook-failed
|
||||
---
|
||||
kind: ClusterRole
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
name: ebs-csi-driver-test
|
||||
annotations:
|
||||
"helm.sh/hook": test
|
||||
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded,hook-failed
|
||||
rules:
|
||||
- apiGroups: [ "" ]
|
||||
resources:
|
||||
- events
|
||||
- nodes
|
||||
- pods
|
||||
- replicationcontrollers
|
||||
- serviceaccounts
|
||||
- configmaps
|
||||
- persistentvolumes
|
||||
- persistentvolumeclaims
|
||||
verbs: [ "list" ]
|
||||
- apiGroups: [ "" ]
|
||||
resources:
|
||||
- services
|
||||
- nodes
|
||||
- nodes/proxy
|
||||
- persistentvolumes
|
||||
- persistentvolumeclaims
|
||||
- pods
|
||||
- pods/log
|
||||
verbs: [ "get" ]
|
||||
- apiGroups: [ "" ]
|
||||
resources:
|
||||
- namespaces
|
||||
- persistentvolumes
|
||||
- persistentvolumeclaims
|
||||
- pods
|
||||
- pods/exec
|
||||
verbs: [ "create" ]
|
||||
- apiGroups: [ "" ]
|
||||
resources:
|
||||
- namespaces
|
||||
- persistentvolumes
|
||||
- persistentvolumeclaims
|
||||
- pods
|
||||
verbs: [ "delete" ]
|
||||
- apiGroups: [ "" ]
|
||||
resources:
|
||||
- persistentvolumeclaims
|
||||
verbs: [ "update" ]
|
||||
- apiGroups: [ "" ]
|
||||
resources:
|
||||
- pods/ephemeralcontainers
|
||||
verbs: [ "patch" ]
|
||||
- apiGroups: [ "" ]
|
||||
resources:
|
||||
- serviceaccounts
|
||||
- configmaps
|
||||
verbs: [ "watch" ]
|
||||
- apiGroups: [ "apps" ]
|
||||
resources:
|
||||
- replicasets
|
||||
- daemonsets
|
||||
verbs: [ "list" ]
|
||||
- apiGroups: [ "storage.k8s.io" ]
|
||||
resources:
|
||||
- storageclasses
|
||||
verbs: [ "create" ]
|
||||
- apiGroups: [ "storage.k8s.io" ]
|
||||
resources:
|
||||
- storageclasses
|
||||
- csinodes
|
||||
verbs: [ "get" ]
|
||||
- apiGroups: [ "storage.k8s.io" ]
|
||||
resources:
|
||||
- storageclasses
|
||||
verbs: [ "delete" ]
|
||||
- apiGroups: [ "snapshot.storage.k8s.io" ]
|
||||
resources:
|
||||
- volumesnapshots
|
||||
- volumesnapshotclasses
|
||||
- volumesnapshotcontents
|
||||
verbs: [ "create" ]
|
||||
- apiGroups: [ "snapshot.storage.k8s.io" ]
|
||||
resources:
|
||||
- volumesnapshots
|
||||
- volumesnapshotclasses
|
||||
- volumesnapshotcontents
|
||||
verbs: [ "get" ]
|
||||
- apiGroups: [ "snapshot.storage.k8s.io" ]
|
||||
resources:
|
||||
- volumesnapshotcontents
|
||||
verbs: [ "update" ]
|
||||
- apiGroups: [ "snapshot.storage.k8s.io" ]
|
||||
resources:
|
||||
- volumesnapshots
|
||||
- volumesnapshotclasses
|
||||
- volumesnapshotcontents
|
||||
verbs: [ "delete" ]
|
||||
- apiGroups: [ "authorization.k8s.io" ]
|
||||
resources:
|
||||
- clusterroles
|
||||
verbs: [ "list" ]
|
||||
- apiGroups: [ "authorization.k8s.io" ]
|
||||
resources:
|
||||
- subjectaccessreviews
|
||||
verbs: [ "create" ]
|
||||
- apiGroups: [ "rbac.authorization.k8s.io" ]
|
||||
resources:
|
||||
- clusterroles
|
||||
verbs: [ "list" ]
|
||||
- apiGroups: [ "rbac.authorization.k8s.io" ]
|
||||
resources:
|
||||
- clusterrolebindings
|
||||
verbs: [ "create" ]
|
||||
- apiGroups: [ "apiextensions.k8s.io" ]
|
||||
resources:
|
||||
- customresourcedefinitions
|
||||
verbs: [ "get" ]
|
||||
---
|
||||
kind: ClusterRoleBinding
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
name: ebs-csi-driver-test
|
||||
annotations:
|
||||
"helm.sh/hook": test
|
||||
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded,hook-failed
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: ebs-csi-driver-test
|
||||
namespace: kube-system
|
||||
roleRef:
|
||||
kind: ClusterRole
|
||||
name: ebs-csi-driver-test
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
data:
|
||||
manifests.yaml: |
|
||||
ShortName: ebs
|
||||
StorageClass:
|
||||
FromFile: storageclass.yaml
|
||||
SnapshotClass:
|
||||
FromName: true
|
||||
DriverInfo:
|
||||
Name: ebs.csi.aws.com
|
||||
SupportedSizeRange:
|
||||
Min: 1Gi
|
||||
Max: 16Ti
|
||||
SupportedFsType:
|
||||
xfs: {}
|
||||
ext4: {}
|
||||
SupportedMountOption:
|
||||
dirsync: {}
|
||||
TopologyKeys: ["topology.ebs.csi.aws.com/zone"]
|
||||
Capabilities:
|
||||
persistence: true
|
||||
fsGroup: true
|
||||
block: true
|
||||
exec: true
|
||||
snapshotDataSource: true
|
||||
pvcDataSource: false
|
||||
multipods: true
|
||||
controllerExpansion: true
|
||||
nodeExpansion: true
|
||||
volumeLimits: true
|
||||
topology: true
|
||||
storageclass.yaml: |
|
||||
kind: StorageClass
|
||||
apiVersion: storage.k8s.io/v1
|
||||
metadata:
|
||||
name: ebs.csi.aws.com
|
||||
provisioner: ebs.csi.aws.com
|
||||
volumeBindingMode: WaitForFirstConsumer
|
||||
metadata:
|
||||
name: ebs-csi-driver-test
|
||||
annotations:
|
||||
"helm.sh/hook": test
|
||||
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded,hook-failed
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: ebs-csi-driver-test
|
||||
annotations:
|
||||
"helm.sh/hook": test
|
||||
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded,hook-failed
|
||||
"ignore-check.kube-linter.io/run-as-non-root": "kubetest2 image runs as root"
|
||||
"ignore-check.kube-linter.io/no-read-only-root-fs": "test pod requires privileged access"
|
||||
spec:
|
||||
containers:
|
||||
- name: kubetest2
|
||||
image: {{ .Values.helmTester.image }}
|
||||
resources:
|
||||
requests:
|
||||
cpu: 2000m
|
||||
memory: 4Gi
|
||||
limits:
|
||||
memory: 4Gi
|
||||
command: [ "/bin/sh", "-c" ]
|
||||
args:
|
||||
- |
|
||||
cp /etc/config/storageclass.yaml /workspace/storageclass.yaml
|
||||
kubectl config set-cluster cluster --server=https://kubernetes.default --certificate-authority=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt
|
||||
kubectl config set-context kubetest2 --cluster=cluster
|
||||
kubectl config set-credentials sa --token=$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)
|
||||
kubectl config set-context kubetest2 --user=sa && kubectl config use-context kubetest2
|
||||
export FOCUS_REGEX='\bebs.csi.aws.com\b.+(validate content|resize volume|offline PVC|AllowedTopologies|store data$SNAPSHOTS)'
|
||||
if kubectl get crd volumesnapshots.snapshot.storage.k8s.io; then
|
||||
FORCUS_REGEX="${FOCUS_REGEX}|snapshot fields"
|
||||
fi
|
||||
kubetest2 noop --run-id='e2e-kubernetes' --test=ginkgo -- --test-package-version="$(curl -L https://dl.k8s.io/release/stable-1.29.txt)" --skip-regex='[Disruptive]|[Serial]' --focus-regex="$FOCUS_REGEX" --parallel=25 --test-args='-storage.testdriver=/etc/config/manifests.yaml'
|
||||
volumeMounts:
|
||||
- name: config-vol
|
||||
mountPath: /etc/config
|
||||
# kubekins-e2e v1 image is linux amd64 only.
|
||||
nodeSelector:
|
||||
kubernetes.io/os: linux
|
||||
kubernetes.io/arch: amd64
|
||||
serviceAccountName: ebs-csi-driver-test
|
||||
volumes:
|
||||
- name: config-vol
|
||||
configMap:
|
||||
name: ebs-csi-driver-test
|
||||
restartPolicy: Never
|
||||
{{- end }}
|
|
@ -19,7 +19,7 @@ sidecars:
|
|||
image:
|
||||
pullPolicy: IfNotPresent
|
||||
repository: public.ecr.aws/eks-distro/kubernetes-csi/external-provisioner
|
||||
tag: "v3.6.2-eks-1-28-9"
|
||||
tag: "v4.0.0-eks-1-29-7"
|
||||
logLevel: 2
|
||||
# Additional parameters provided by external-provisioner.
|
||||
additionalArgs: []
|
||||
|
@ -44,7 +44,7 @@ sidecars:
|
|||
image:
|
||||
pullPolicy: IfNotPresent
|
||||
repository: public.ecr.aws/eks-distro/kubernetes-csi/external-attacher
|
||||
tag: "v4.4.2-eks-1-28-9"
|
||||
tag: "v4.5.0-eks-1-29-7"
|
||||
# Tune leader lease election for csi-attacher.
|
||||
# Leader election is on by default.
|
||||
leaderElection:
|
||||
|
@ -71,7 +71,7 @@ sidecars:
|
|||
image:
|
||||
pullPolicy: IfNotPresent
|
||||
repository: public.ecr.aws/eks-distro/kubernetes-csi/external-snapshotter/csi-snapshotter
|
||||
tag: "v6.3.2-eks-1-28-9"
|
||||
tag: "v7.0.1-eks-1-29-7"
|
||||
logLevel: 2
|
||||
# Additional parameters provided by csi-snapshotter.
|
||||
additionalArgs: []
|
||||
|
@ -85,7 +85,7 @@ sidecars:
|
|||
image:
|
||||
pullPolicy: IfNotPresent
|
||||
repository: public.ecr.aws/eks-distro/kubernetes-csi/livenessprobe
|
||||
tag: "v2.11.0-eks-1-28-9"
|
||||
tag: "v2.12.0-eks-1-29-7"
|
||||
# Additional parameters provided by livenessprobe.
|
||||
additionalArgs: []
|
||||
resources: {}
|
||||
|
@ -97,7 +97,7 @@ sidecars:
|
|||
image:
|
||||
pullPolicy: IfNotPresent
|
||||
repository: public.ecr.aws/eks-distro/kubernetes-csi/external-resizer
|
||||
tag: "v1.9.2-eks-1-28-9"
|
||||
tag: "v1.10.0-eks-1-29-7"
|
||||
# Tune leader lease election for csi-resizer.
|
||||
# Leader election is on by default.
|
||||
leaderElection:
|
||||
|
@ -122,7 +122,7 @@ sidecars:
|
|||
image:
|
||||
pullPolicy: IfNotPresent
|
||||
repository: public.ecr.aws/eks-distro/kubernetes-csi/node-driver-registrar
|
||||
tag: "v2.9.1-eks-1-28-9"
|
||||
tag: "v2.10.0-eks-1-29-7"
|
||||
logLevel: 2
|
||||
# Additional parameters provided by node-driver-registrar.
|
||||
additionalArgs: []
|
||||
|
@ -144,7 +144,7 @@ sidecars:
|
|||
image:
|
||||
pullPolicy: IfNotPresent
|
||||
repository: public.ecr.aws/ebs-csi-driver/volume-modifier-for-k8s
|
||||
tag: "v0.1.3"
|
||||
tag: "v0.2.1"
|
||||
leaderElection:
|
||||
enabled: true
|
||||
# Optional values to tune lease behavior.
|
||||
|
@ -237,6 +237,7 @@ controller:
|
|||
logLevel: 2
|
||||
userAgentExtra: "helm"
|
||||
nodeSelector: {}
|
||||
deploymentAnnotations: {}
|
||||
podAnnotations: {}
|
||||
podLabels: {}
|
||||
priorityClassName: system-cluster-critical
|
||||
|
@ -246,6 +247,9 @@ controller:
|
|||
# region: us-east-1
|
||||
region:
|
||||
replicaCount: 2
|
||||
revisionHistoryLimit: 10
|
||||
socketDirVolume:
|
||||
emptyDir: {}
|
||||
updateStrategy:
|
||||
type: RollingUpdate
|
||||
rollingUpdate:
|
||||
|
@ -328,6 +332,7 @@ node:
|
|||
loggingFormat: text
|
||||
logLevel: 2
|
||||
priorityClassName:
|
||||
additionalArgs: []
|
||||
affinity:
|
||||
nodeAffinity:
|
||||
requiredDuringSchedulingIgnoredDuringExecution:
|
||||
|
@ -346,6 +351,7 @@ node:
|
|||
- a1.2xlarge
|
||||
- a1.4xlarge
|
||||
nodeSelector: {}
|
||||
daemonSetAnnotations: {}
|
||||
podAnnotations: {}
|
||||
podLabels: {}
|
||||
tolerateAllTaints: true
|
||||
|
@ -359,6 +365,9 @@ node:
|
|||
memory: 40Mi
|
||||
limits:
|
||||
memory: 256Mi
|
||||
revisionHistoryLimit: 10
|
||||
probeDirVolume:
|
||||
emptyDir: {}
|
||||
serviceAccount:
|
||||
create: true
|
||||
name: ebs-csi-node-sa
|
||||
|
@ -369,7 +378,12 @@ node:
|
|||
# Enable the linux daemonset creation
|
||||
enableLinux: true
|
||||
enableWindows: false
|
||||
# The number of attachment slots to reserve for system use (and not to be used for CSI volumes)
|
||||
# When this parameter is not specified (or set to -1), the EBS CSI Driver will attempt to determine the number of reserved slots via heuristic
|
||||
# Cannot be specified at the same time as `node.volumeAttachLimit`
|
||||
reservedVolumeAttachments:
|
||||
# The "maximum number of attachable volumes" per node
|
||||
# Cannot be specified at the same time as `node.reservedVolumeAttachments`
|
||||
volumeAttachLimit:
|
||||
updateStrategy:
|
||||
type: RollingUpdate
|
||||
|
@ -449,3 +463,8 @@ volumeSnapshotClasses: []
|
|||
# Intended for use with older clusters that cannot easily replace the CSIDriver object
|
||||
# This parameter should always be false for new installations
|
||||
useOldCSIDriver: false
|
||||
|
||||
helmTester:
|
||||
enabled: true
|
||||
# Supply a custom image to the ebs-csi-driver-test pod in helm-tester.yaml
|
||||
image: "gcr.io/k8s-staging-test-infra/kubekins-e2e:v20240311-b09cdeb92c-master"
|
||||
|
|
|
@ -1,4 +1,14 @@
|
|||
# Helm chart
|
||||
# v2.5.6
|
||||
* Bump app/driver version to `v1.7.6`
|
||||
# v2.5.5
|
||||
* Bump app/driver version to `v1.7.5`
|
||||
# v2.5.4
|
||||
* Bump app/driver version to `v1.7.4`
|
||||
# v2.5.3
|
||||
* Bump app/driver version to `v1.7.3`
|
||||
# v2.5.2
|
||||
* Bump app/driver version to `v1.7.2`
|
||||
# v2.5.1
|
||||
* Bump app/driver version to `v1.7.1`
|
||||
# v2.5.0
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
apiVersion: v2
|
||||
appVersion: 1.7.1
|
||||
appVersion: 1.7.6
|
||||
description: A Helm chart for AWS EFS CSI Driver
|
||||
home: https://github.com/kubernetes-sigs/aws-efs-csi-driver
|
||||
keywords:
|
||||
|
@ -15,4 +15,4 @@ maintainers:
|
|||
name: aws-efs-csi-driver
|
||||
sources:
|
||||
- https://github.com/kubernetes-sigs/aws-efs-csi-driver
|
||||
version: 2.5.1
|
||||
version: 2.5.6
|
||||
|
|
|
@ -6,6 +6,9 @@ metadata:
|
|||
name: efs-csi-controller
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ include "aws-efs-csi-driver.name" . }}
|
||||
{{- with .Values.controller.additionalLabels }}
|
||||
{{ toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
replicas: {{ .Values.replicaCount }}
|
||||
selector:
|
||||
|
@ -23,10 +26,16 @@ spec:
|
|||
app: efs-csi-controller
|
||||
app.kubernetes.io/name: {{ include "aws-efs-csi-driver.name" . }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
{{- with .Values.controller.podLabels }}
|
||||
{{ toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.controller.podAnnotations }}
|
||||
annotations: {{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- if hasKey .Values.controller "hostNetwork" }}
|
||||
hostNetwork: {{ .Values.controller.hostNetwork }}
|
||||
{{- end }}
|
||||
{{- if .Values.imagePullSecrets }}
|
||||
imagePullSecrets:
|
||||
{{- range .Values.imagePullSecrets }}
|
||||
|
@ -39,7 +48,7 @@ spec:
|
|||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
serviceAccountName: {{ .Values.controller.serviceAccount.name }}
|
||||
priorityClassName: system-cluster-critical
|
||||
priorityClassName: {{ .Values.controller.priorityClassName | default "system-cluster-critical" }}
|
||||
{{- with .Values.controller.tolerations }}
|
||||
tolerations: {{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
|
@ -47,10 +56,18 @@ spec:
|
|||
securityContext:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.controller.dnsPolicy }}
|
||||
dnsPolicy: {{ .Values.controller.dnsPolicy }}
|
||||
{{- end }}
|
||||
{{- with .Values.controller.dnsConfig }}
|
||||
dnsConfig: {{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
containers:
|
||||
- name: efs-plugin
|
||||
{{- with .Values.controller.containerSecurityContext }}
|
||||
securityContext:
|
||||
privileged: true
|
||||
{{- toYaml . | nindent 12 }}
|
||||
{{- end }}
|
||||
image: {{ printf "%s:%s" .Values.image.repository (default (printf "v%s" .Chart.AppVersion) (toString .Values.image.tag)) }}
|
||||
imagePullPolicy: {{ .Values.image.pullPolicy }}
|
||||
args:
|
||||
|
@ -110,6 +127,12 @@ spec:
|
|||
- --extra-create-metadata
|
||||
{{- end }}
|
||||
- --leader-election
|
||||
{{- if hasKey .Values.controller "leaderElectionRenewDeadline" }}
|
||||
- --leader-election-renew-deadline={{ .Values.controller.leaderElectionRenewDeadline }}
|
||||
{{- end }}
|
||||
{{- if hasKey .Values.controller "leaderElectionLeaseDuration" }}
|
||||
- --leader-election-lease-duration={{ .Values.controller.leaderElectionLeaseDuration }}
|
||||
{{- end }}
|
||||
env:
|
||||
- name: ADDRESS
|
||||
value: /var/lib/csi/sockets/pluginproxy/csi.sock
|
||||
|
|
|
@ -40,12 +40,19 @@ rules:
|
|||
- apiGroups: ["coordination.k8s.io"]
|
||||
resources: ["leases"]
|
||||
verbs: ["get", "watch", "list", "delete", "update", "create"]
|
||||
# - apiGroups: [ "" ]
|
||||
# resources: [ "secrets" ]
|
||||
# verbs: [ "get", "watch", "list" ]
|
||||
|
||||
---
|
||||
|
||||
kind: ClusterRole
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
name: efs-csi-external-provisioner-role-describe-secrets
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ include "aws-efs-csi-driver.name" . }}
|
||||
rules:
|
||||
- apiGroups: [ "" ]
|
||||
resources: [ "secrets" ]
|
||||
resourceNames: ["x-account"]
|
||||
verbs: [ "get", "watch", "list" ]
|
||||
---
|
||||
kind: ClusterRoleBinding
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
|
@ -60,3 +67,20 @@ roleRef:
|
|||
kind: ClusterRole
|
||||
name: efs-csi-external-provisioner-role
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
---
|
||||
# We use a RoleBinding to restrict Secret access to the namespace that the
|
||||
# RoleBinding is created in (typically kube-system)
|
||||
kind: RoleBinding
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
name: efs-csi-provisioner-binding-describe-secrets
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ include "aws-efs-csi-driver.name" . }}
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ .Values.controller.serviceAccount.name }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
roleRef:
|
||||
kind: ClusterRole
|
||||
name: efs-csi-external-provisioner-role-describe-secrets
|
||||
apiGroup: rbac.authorization.k8s.io
|
|
@ -20,7 +20,7 @@ metadata:
|
|||
rules:
|
||||
- apiGroups: [""]
|
||||
resources: ["nodes"]
|
||||
verbs: ["get", "list", "watch"]
|
||||
verbs: ["get", "list", "watch", "patch"]
|
||||
---
|
||||
kind: ClusterRoleBinding
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
|
|
|
@ -11,14 +11,14 @@ useFIPS: false
|
|||
|
||||
image:
|
||||
repository: amazon/aws-efs-csi-driver
|
||||
tag: "v1.7.1"
|
||||
tag: "v1.7.6"
|
||||
pullPolicy: IfNotPresent
|
||||
|
||||
sidecars:
|
||||
livenessProbe:
|
||||
image:
|
||||
repository: public.ecr.aws/eks-distro/kubernetes-csi/livenessprobe
|
||||
tag: v2.10.0-eks-1-27-3
|
||||
tag: v2.11.0-eks-1-29-2
|
||||
pullPolicy: IfNotPresent
|
||||
resources: {}
|
||||
securityContext:
|
||||
|
@ -27,7 +27,7 @@ sidecars:
|
|||
nodeDriverRegistrar:
|
||||
image:
|
||||
repository: public.ecr.aws/eks-distro/kubernetes-csi/node-driver-registrar
|
||||
tag: v2.8.0-eks-1-27-3
|
||||
tag: v2.9.3-eks-1-29-2
|
||||
pullPolicy: IfNotPresent
|
||||
resources: {}
|
||||
securityContext:
|
||||
|
@ -36,7 +36,7 @@ sidecars:
|
|||
csiProvisioner:
|
||||
image:
|
||||
repository: public.ecr.aws/eks-distro/kubernetes-csi/external-provisioner
|
||||
tag: v3.5.0-eks-1-27-3
|
||||
tag: v3.6.3-eks-1-29-2
|
||||
pullPolicy: IfNotPresent
|
||||
resources: {}
|
||||
securityContext:
|
||||
|
@ -63,6 +63,12 @@ controller:
|
|||
# path on efs when deleteing an access point
|
||||
deleteAccessPointRootDir: false
|
||||
podAnnotations: {}
|
||||
podLabel: {}
|
||||
hostNetwork: false
|
||||
priorityClassName: system-cluster-critical
|
||||
dnsPolicy: ClusterFirst
|
||||
dnsConfig: {}
|
||||
additionalLabels: {}
|
||||
resources:
|
||||
{}
|
||||
# We usually recommend not to specify default resources and to leave this as a conscious
|
||||
|
@ -80,6 +86,8 @@ controller:
|
|||
tolerations:
|
||||
- key: CriticalAddonsOnly
|
||||
operator: Exists
|
||||
- key: efs.csi.aws.com/agent-not-ready
|
||||
operator: Exists
|
||||
affinity: {}
|
||||
# Specifies whether a service account should be created
|
||||
serviceAccount:
|
||||
|
@ -96,6 +104,12 @@ controller:
|
|||
runAsUser: 0
|
||||
runAsGroup: 0
|
||||
fsGroup: 0
|
||||
# securityContext on the controller container
|
||||
# Setting privileged=false will cause the "delete-access-point-root-dir" controller option to fail
|
||||
containerSecurityContext:
|
||||
privileged: true
|
||||
leaderElectionRenewDeadline: 10s
|
||||
leaderElectionLeaseDuration: 15s
|
||||
|
||||
|
||||
## Node daemonset variables
|
||||
|
|
|
@ -1,5 +1,9 @@
|
|||
apiVersion: v2
|
||||
appVersion: 1.3.0
|
||||
appVersion: 1.5.0
|
||||
dependencies:
|
||||
- name: crds
|
||||
repository: ""
|
||||
version: 1.5.0
|
||||
description: CSI Driver for dynamic provisioning of LVM Persistent Local Volumes.
|
||||
home: https://openebs.io/
|
||||
icon: https://raw.githubusercontent.com/cncf/artwork/master/projects/openebs/icon/color/openebs-icon-color.png
|
||||
|
@ -20,4 +24,4 @@ maintainers:
|
|||
name: lvm-localpv
|
||||
sources:
|
||||
- https://github.com/openebs/lvm-localpv
|
||||
version: 1.3.0
|
||||
version: 1.5.0
|
||||
|
|
|
@ -47,10 +47,10 @@ $ helm install [RELEASE_NAME] openebs-lvmlocalpv/lvm-localpv --namespace [NAMESP
|
|||
|
||||
|
||||
**Note:** If moving from the operator to helm
|
||||
- Make sure the namespace provided in the helm install command is same as `LVM_NAMESPACE` (by default it is `openebs`) env in the controller statefulset.
|
||||
- Before installing, clean up the stale statefulset and daemonset from `kube-system` namespace using the below commands
|
||||
- Make sure the namespace provided in the helm install command is same as `LVM_NAMESPACE` (by default it is `openebs`) env in the controller deployment.
|
||||
- Before installing, clean up the stale deployment and daemonset from `kube-system` namespace using the below commands
|
||||
```sh
|
||||
kubectl delete sts openebs-lvm-controller -n kube-system
|
||||
kubectl delete deployment openebs-lvm-controller -n kube-system
|
||||
kubectl delete ds openebs-lvm-node -n kube-system
|
||||
```
|
||||
|
||||
|
@ -96,7 +96,8 @@ helm install openebs-lvmlocalpv openebs-lvmlocalpv/lvm-localpv --namespace opene
|
|||
|
||||
| Parameter | Description | Default |
|
||||
|-----------------------------------------------------|----------------------------------------------------------------------------------|-----------------------------------------|
|
||||
| `imagePullSecrets` | Provides image pull secrect | `""` |
|
||||
| `crds.csi.volumeSnapshots.enabled` | Enable/Disable installation of VolumeSnapshot-related CRDs | `true` |
|
||||
| `imagePullSecrets` | Provides image pull secret | `""` |
|
||||
| `lvmPlugin.image.registry` | Registry for openebs-lvm-plugin image | `""` |
|
||||
| `lvmPlugin.image.repository` | Image repository for openebs-lvm-plugin | `openebs/lvm-driver` |
|
||||
| `lvmPlugin.image.pullPolicy` | Image pull policy for openebs-lvm-plugin | `IfNotPresent` |
|
||||
|
@ -133,15 +134,16 @@ helm install openebs-lvmlocalpv openebs-lvmlocalpv/lvm-localpv --namespace opene
|
|||
| `lvmController.provisioner.image.repository` | Image repository for csi-provisioner | `sig-storage/csi-provisioner` |
|
||||
| `lvmController.provisioner.image.pullPolicy` | Image pull policy for csi-provisioner | `IfNotPresent` |
|
||||
| `lvmController.provisioner.image.tag` | Image tag for csi-provisioner | `v3.5.0` |
|
||||
| `lvmController.updateStrategy.type` | Update strategy for lvm localpv controller statefulset | `RollingUpdate` |
|
||||
| `lvmController.annotations` | Annotations for lvm localpv controller statefulset metadata | `""` |
|
||||
| `lvmController.podAnnotations` | Annotations for lvm localpv controller statefulset's pods metadata | `""` |
|
||||
| `lvmController.resources` | Resource and request and limit for lvm localpv controller statefulset containers | `""` |
|
||||
| `lvmController.labels` | Labels for lvm localpv controller statefulset metadata | `""` |
|
||||
| `lvmController.podLabels` | Appends labels to the lvm localpv controller statefulset pods | `""` |
|
||||
| `lvmController.nodeSelector` | Nodeselector for lvm localpv controller statefulset pods | `""` |
|
||||
| `lvmController.tolerations` | lvm localpv controller statefulset's pod toleration values | `""` |
|
||||
| `lvmController.securityContext` | Seurity context for lvm localpv controller statefulset container | `""` |
|
||||
| `lvmController.updateStrategy.type` | Update strategy for lvm localpv controller deployment | `RollingUpdate` |
|
||||
| `lvmController.annotations` | Annotations for lvm localpv controller deployment metadata | `""` |
|
||||
| `lvmController.podAnnotations` | Annotations for lvm localpv controller deployment's pods metadata | `""` |
|
||||
| `lvmController.resources` | Resource and request and limit for lvm localpv controller deployment containers | `""` |
|
||||
| `lvmController.labels` | Labels for lvm localpv controller deployment metadata | `""` |
|
||||
| `lvmController.podLabels` | Appends labels to the lvm localpv controller deployment pods | `""` |
|
||||
| `lvmController.nodeSelector` | Nodeselector for lvm localpv controller deployment pods | `""` |
|
||||
| `lvmController.tolerations` | lvm localpv controller deployment's pod toleration values | `""` |
|
||||
| `lvmController.topologySpreadConstraints` | lvm localpv controller deployment's pod topologySpreadConstraints values | `""` |
|
||||
| `lvmController.securityContext` | Security context for lvm localpv controller deployment container | `""` |
|
||||
| `rbac.pspEnabled` | Enable PodSecurityPolicy | `false` |
|
||||
| `serviceAccount.lvmNode.create` | Create a service account for lvmnode or not | `true` |
|
||||
| `serviceAccount.lvmNode.name` | Name for the lvmnode service account | `openebs-lvm-node-sa` |
|
||||
|
|
|
@ -0,0 +1,23 @@
|
|||
# Patterns to ignore when building packages.
|
||||
# This supports shell glob matching, relative path matching, and
|
||||
# negation (prefixed with !). Only one pattern per line.
|
||||
.DS_Store
|
||||
# Common VCS dirs
|
||||
.git/
|
||||
.gitignore
|
||||
.bzr/
|
||||
.bzrignore
|
||||
.hg/
|
||||
.hgignore
|
||||
.svn/
|
||||
# Common backup files
|
||||
*.swp
|
||||
*.bak
|
||||
*.tmp
|
||||
*.orig
|
||||
*~
|
||||
# Various IDEs
|
||||
.project
|
||||
.idea/
|
||||
*.tmproj
|
||||
.vscode/
|
|
@ -0,0 +1,4 @@
|
|||
apiVersion: v2
|
||||
description: A Helm chart that collects CustomResourceDefinitions (CRDs) from lvm-localpv.
|
||||
name: crds
|
||||
version: 1.5.0
|
|
@ -0,0 +1,17 @@
|
|||
{{/*
|
||||
This returns a "1" if the CRD is absent in the cluster
|
||||
Usage:
|
||||
{{- if (include "crdIsAbsent" (list <crd-name>)) -}}
|
||||
# CRD Yaml
|
||||
{{- end -}}
|
||||
*/}}
|
||||
{{- define "crdIsAbsent" -}}
|
||||
{{- $crdName := index . 0 -}}
|
||||
{{- $crd := lookup "apiextensions.k8s.io/v1" "CustomResourceDefinition" "" $crdName -}}
|
||||
{{- $output := "1" -}}
|
||||
{{- if $crd -}}
|
||||
{{- $output = "" -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- $output -}}
|
||||
{{- end -}}
|
|
@ -0,0 +1,152 @@
|
|||
{{- if .Values.csi.volumeSnapshots.enabled -}}
|
||||
{{- $crdName := "volumesnapshotclasses.snapshot.storage.k8s.io" -}}
|
||||
{{- if (include "crdIsAbsent" (list $crdName)) -}}
|
||||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
api-approved.kubernetes.io: https://github.com/kubernetes-csi/external-snapshotter/pull/814
|
||||
controller-gen.kubebuilder.io/version: v0.11.3
|
||||
creationTimestamp: null
|
||||
name: volumesnapshotclasses.snapshot.storage.k8s.io
|
||||
spec:
|
||||
group: snapshot.storage.k8s.io
|
||||
names:
|
||||
kind: VolumeSnapshotClass
|
||||
listKind: VolumeSnapshotClassList
|
||||
plural: volumesnapshotclasses
|
||||
shortNames:
|
||||
- vsclass
|
||||
- vsclasses
|
||||
singular: volumesnapshotclass
|
||||
scope: Cluster
|
||||
versions:
|
||||
- additionalPrinterColumns:
|
||||
- jsonPath: .driver
|
||||
name: Driver
|
||||
type: string
|
||||
- description: Determines whether a VolumeSnapshotContent created through the
|
||||
VolumeSnapshotClass should be deleted when its bound VolumeSnapshot is deleted.
|
||||
jsonPath: .deletionPolicy
|
||||
name: DeletionPolicy
|
||||
type: string
|
||||
- jsonPath: .metadata.creationTimestamp
|
||||
name: Age
|
||||
type: date
|
||||
name: v1
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
description: VolumeSnapshotClass specifies parameters that a underlying storage
|
||||
system uses when creating a volume snapshot. A specific VolumeSnapshotClass
|
||||
is used by specifying its name in a VolumeSnapshot object. VolumeSnapshotClasses
|
||||
are non-namespaced
|
||||
properties:
|
||||
apiVersion:
|
||||
description: 'APIVersion defines the versioned schema of this representation
|
||||
of an object. Servers should convert recognized schemas to the latest
|
||||
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||
type: string
|
||||
deletionPolicy:
|
||||
description: deletionPolicy determines whether a VolumeSnapshotContent
|
||||
created through the VolumeSnapshotClass should be deleted when its bound
|
||||
VolumeSnapshot is deleted. Supported values are "Retain" and "Delete".
|
||||
"Retain" means that the VolumeSnapshotContent and its physical snapshot
|
||||
on underlying storage system are kept. "Delete" means that the VolumeSnapshotContent
|
||||
and its physical snapshot on underlying storage system are deleted.
|
||||
Required.
|
||||
enum:
|
||||
- Delete
|
||||
- Retain
|
||||
type: string
|
||||
driver:
|
||||
description: driver is the name of the storage driver that handles this
|
||||
VolumeSnapshotClass. Required.
|
||||
type: string
|
||||
kind:
|
||||
description: 'Kind is a string value representing the REST resource this
|
||||
object represents. Servers may infer this from the endpoint the client
|
||||
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||
type: string
|
||||
parameters:
|
||||
additionalProperties:
|
||||
type: string
|
||||
description: parameters is a key-value map with storage driver specific
|
||||
parameters for creating snapshots. These values are opaque to Kubernetes.
|
||||
type: object
|
||||
required:
|
||||
- deletionPolicy
|
||||
- driver
|
||||
type: object
|
||||
served: true
|
||||
storage: true
|
||||
subresources: {}
|
||||
- additionalPrinterColumns:
|
||||
- jsonPath: .driver
|
||||
name: Driver
|
||||
type: string
|
||||
- description: Determines whether a VolumeSnapshotContent created through the
|
||||
VolumeSnapshotClass should be deleted when its bound VolumeSnapshot is deleted.
|
||||
jsonPath: .deletionPolicy
|
||||
name: DeletionPolicy
|
||||
type: string
|
||||
- jsonPath: .metadata.creationTimestamp
|
||||
name: Age
|
||||
type: date
|
||||
deprecated: true
|
||||
deprecationWarning: snapshot.storage.k8s.io/v1beta1 VolumeSnapshotClass is deprecated;
|
||||
use snapshot.storage.k8s.io/v1 VolumeSnapshotClass
|
||||
name: v1beta1
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
description: VolumeSnapshotClass specifies parameters that a underlying storage
|
||||
system uses when creating a volume snapshot. A specific VolumeSnapshotClass
|
||||
is used by specifying its name in a VolumeSnapshot object. VolumeSnapshotClasses
|
||||
are non-namespaced
|
||||
properties:
|
||||
apiVersion:
|
||||
description: 'APIVersion defines the versioned schema of this representation
|
||||
of an object. Servers should convert recognized schemas to the latest
|
||||
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||
type: string
|
||||
deletionPolicy:
|
||||
description: deletionPolicy determines whether a VolumeSnapshotContent
|
||||
created through the VolumeSnapshotClass should be deleted when its bound
|
||||
VolumeSnapshot is deleted. Supported values are "Retain" and "Delete".
|
||||
"Retain" means that the VolumeSnapshotContent and its physical snapshot
|
||||
on underlying storage system are kept. "Delete" means that the VolumeSnapshotContent
|
||||
and its physical snapshot on underlying storage system are deleted.
|
||||
Required.
|
||||
enum:
|
||||
- Delete
|
||||
- Retain
|
||||
type: string
|
||||
driver:
|
||||
description: driver is the name of the storage driver that handles this
|
||||
VolumeSnapshotClass. Required.
|
||||
type: string
|
||||
kind:
|
||||
description: 'Kind is a string value representing the REST resource this
|
||||
object represents. Servers may infer this from the endpoint the client
|
||||
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||
type: string
|
||||
parameters:
|
||||
additionalProperties:
|
||||
type: string
|
||||
description: parameters is a key-value map with storage driver specific
|
||||
parameters for creating snapshots. These values are opaque to Kubernetes.
|
||||
type: object
|
||||
required:
|
||||
- deletionPolicy
|
||||
- driver
|
||||
type: object
|
||||
served: false
|
||||
storage: false
|
||||
subresources: {}
|
||||
status:
|
||||
acceptedNames:
|
||||
kind: ""
|
||||
plural: ""
|
||||
conditions: []
|
||||
storedVersions: []
|
||||
{{- end -}}
|
||||
{{- end -}}
|
|
@ -0,0 +1,490 @@
|
|||
{{- if .Values.csi.volumeSnapshots.enabled -}}
|
||||
{{- $crdName := "volumesnapshotcontents.snapshot.storage.k8s.io" -}}
|
||||
{{- if (include "crdIsAbsent" (list $crdName)) -}}
|
||||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
api-approved.kubernetes.io: https://github.com/kubernetes-csi/external-snapshotter/pull/814
|
||||
controller-gen.kubebuilder.io/version: v0.11.3
|
||||
creationTimestamp: null
|
||||
name: volumesnapshotcontents.snapshot.storage.k8s.io
|
||||
spec:
|
||||
group: snapshot.storage.k8s.io
|
||||
names:
|
||||
kind: VolumeSnapshotContent
|
||||
listKind: VolumeSnapshotContentList
|
||||
plural: volumesnapshotcontents
|
||||
shortNames:
|
||||
- vsc
|
||||
- vscs
|
||||
singular: volumesnapshotcontent
|
||||
scope: Cluster
|
||||
versions:
|
||||
- additionalPrinterColumns:
|
||||
- description: Indicates if the snapshot is ready to be used to restore a volume.
|
||||
jsonPath: .status.readyToUse
|
||||
name: ReadyToUse
|
||||
type: boolean
|
||||
- description: Represents the complete size of the snapshot in bytes
|
||||
jsonPath: .status.restoreSize
|
||||
name: RestoreSize
|
||||
type: integer
|
||||
- description: Determines whether this VolumeSnapshotContent and its physical
|
||||
snapshot on the underlying storage system should be deleted when its bound
|
||||
VolumeSnapshot is deleted.
|
||||
jsonPath: .spec.deletionPolicy
|
||||
name: DeletionPolicy
|
||||
type: string
|
||||
- description: Name of the CSI driver used to create the physical snapshot on
|
||||
the underlying storage system.
|
||||
jsonPath: .spec.driver
|
||||
name: Driver
|
||||
type: string
|
||||
- description: Name of the VolumeSnapshotClass to which this snapshot belongs.
|
||||
jsonPath: .spec.volumeSnapshotClassName
|
||||
name: VolumeSnapshotClass
|
||||
type: string
|
||||
- description: Name of the VolumeSnapshot object to which this VolumeSnapshotContent
|
||||
object is bound.
|
||||
jsonPath: .spec.volumeSnapshotRef.name
|
||||
name: VolumeSnapshot
|
||||
type: string
|
||||
- description: Namespace of the VolumeSnapshot object to which this VolumeSnapshotContent
|
||||
object is bound.
|
||||
jsonPath: .spec.volumeSnapshotRef.namespace
|
||||
name: VolumeSnapshotNamespace
|
||||
type: string
|
||||
- jsonPath: .metadata.creationTimestamp
|
||||
name: Age
|
||||
type: date
|
||||
name: v1
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
description: VolumeSnapshotContent represents the actual "on-disk" snapshot
|
||||
object in the underlying storage system
|
||||
properties:
|
||||
apiVersion:
|
||||
description: 'APIVersion defines the versioned schema of this representation
|
||||
of an object. Servers should convert recognized schemas to the latest
|
||||
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||
type: string
|
||||
kind:
|
||||
description: 'Kind is a string value representing the REST resource this
|
||||
object represents. Servers may infer this from the endpoint the client
|
||||
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||
type: string
|
||||
spec:
|
||||
description: spec defines properties of a VolumeSnapshotContent created
|
||||
by the underlying storage system. Required.
|
||||
properties:
|
||||
deletionPolicy:
|
||||
description: deletionPolicy determines whether this VolumeSnapshotContent
|
||||
and its physical snapshot on the underlying storage system should
|
||||
be deleted when its bound VolumeSnapshot is deleted. Supported values
|
||||
are "Retain" and "Delete". "Retain" means that the VolumeSnapshotContent
|
||||
and its physical snapshot on underlying storage system are kept.
|
||||
"Delete" means that the VolumeSnapshotContent and its physical snapshot
|
||||
on underlying storage system are deleted. For dynamically provisioned
|
||||
snapshots, this field will automatically be filled in by the CSI
|
||||
snapshotter sidecar with the "DeletionPolicy" field defined in the
|
||||
corresponding VolumeSnapshotClass. For pre-existing snapshots, users
|
||||
MUST specify this field when creating the VolumeSnapshotContent
|
||||
object. Required.
|
||||
enum:
|
||||
- Delete
|
||||
- Retain
|
||||
type: string
|
||||
driver:
|
||||
description: driver is the name of the CSI driver used to create the
|
||||
physical snapshot on the underlying storage system. This MUST be
|
||||
the same as the name returned by the CSI GetPluginName() call for
|
||||
that driver. Required.
|
||||
type: string
|
||||
source:
|
||||
description: source specifies whether the snapshot is (or should be)
|
||||
dynamically provisioned or already exists, and just requires a Kubernetes
|
||||
object representation. This field is immutable after creation. Required.
|
||||
oneOf:
|
||||
- required:
|
||||
- snapshotHandle
|
||||
- required:
|
||||
- volumeHandle
|
||||
properties:
|
||||
snapshotHandle:
|
||||
description: snapshotHandle specifies the CSI "snapshot_id" of
|
||||
a pre-existing snapshot on the underlying storage system for
|
||||
which a Kubernetes object representation was (or should be)
|
||||
created. This field is immutable.
|
||||
type: string
|
||||
volumeHandle:
|
||||
description: volumeHandle specifies the CSI "volume_id" of the
|
||||
volume from which a snapshot should be dynamically taken from.
|
||||
This field is immutable.
|
||||
type: string
|
||||
type: object
|
||||
sourceVolumeMode:
|
||||
description: SourceVolumeMode is the mode of the volume whose snapshot
|
||||
is taken. Can be either “Filesystem” or “Block”. If not specified,
|
||||
it indicates the source volume's mode is unknown. This field is
|
||||
immutable. This field is an alpha field.
|
||||
type: string
|
||||
volumeSnapshotClassName:
|
||||
description: name of the VolumeSnapshotClass from which this snapshot
|
||||
was (or will be) created. Note that after provisioning, the VolumeSnapshotClass
|
||||
may be deleted or recreated with different set of values, and as
|
||||
such, should not be referenced post-snapshot creation.
|
||||
type: string
|
||||
volumeSnapshotRef:
|
||||
description: volumeSnapshotRef specifies the VolumeSnapshot object
|
||||
to which this VolumeSnapshotContent object is bound. VolumeSnapshot.Spec.VolumeSnapshotContentName
|
||||
field must reference to this VolumeSnapshotContent's name for the
|
||||
bidirectional binding to be valid. For a pre-existing VolumeSnapshotContent
|
||||
object, name and namespace of the VolumeSnapshot object MUST be
|
||||
provided for binding to happen. This field is immutable after creation.
|
||||
Required.
|
||||
properties:
|
||||
apiVersion:
|
||||
description: API version of the referent.
|
||||
type: string
|
||||
fieldPath:
|
||||
description: 'If referring to a piece of an object instead of
|
||||
an entire object, this string should contain a valid JSON/Go
|
||||
field access statement, such as desiredState.manifest.containers[2].
|
||||
For example, if the object reference is to a container within
|
||||
a pod, this would take on a value like: "spec.containers{name}"
|
||||
(where "name" refers to the name of the container that triggered
|
||||
the event) or if no container name is specified "spec.containers[2]"
|
||||
(container with index 2 in this pod). This syntax is chosen
|
||||
only to have some well-defined way of referencing a part of
|
||||
an object. TODO: this design is not final and this field is
|
||||
subject to change in the future.'
|
||||
type: string
|
||||
kind:
|
||||
description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||
type: string
|
||||
name:
|
||||
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
|
||||
type: string
|
||||
namespace:
|
||||
description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
|
||||
type: string
|
||||
resourceVersion:
|
||||
description: 'Specific resourceVersion to which this reference
|
||||
is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
|
||||
type: string
|
||||
uid:
|
||||
description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
|
||||
type: string
|
||||
type: object
|
||||
x-kubernetes-map-type: atomic
|
||||
required:
|
||||
- deletionPolicy
|
||||
- driver
|
||||
- source
|
||||
- volumeSnapshotRef
|
||||
type: object
|
||||
status:
|
||||
description: status represents the current information of a snapshot.
|
||||
properties:
|
||||
creationTime:
|
||||
description: creationTime is the timestamp when the point-in-time
|
||||
snapshot is taken by the underlying storage system. In dynamic snapshot
|
||||
creation case, this field will be filled in by the CSI snapshotter
|
||||
sidecar with the "creation_time" value returned from CSI "CreateSnapshot"
|
||||
gRPC call. For a pre-existing snapshot, this field will be filled
|
||||
with the "creation_time" value returned from the CSI "ListSnapshots"
|
||||
gRPC call if the driver supports it. If not specified, it indicates
|
||||
the creation time is unknown. The format of this field is a Unix
|
||||
nanoseconds time encoded as an int64. On Unix, the command `date
|
||||
+%s%N` returns the current time in nanoseconds since 1970-01-01
|
||||
00:00:00 UTC.
|
||||
format: int64
|
||||
type: integer
|
||||
error:
|
||||
description: error is the last observed error during snapshot creation,
|
||||
if any. Upon success after retry, this error field will be cleared.
|
||||
properties:
|
||||
message:
|
||||
description: 'message is a string detailing the encountered error
|
||||
during snapshot creation if specified. NOTE: message may be
|
||||
logged, and it should not contain sensitive information.'
|
||||
type: string
|
||||
time:
|
||||
description: time is the timestamp when the error was encountered.
|
||||
format: date-time
|
||||
type: string
|
||||
type: object
|
||||
readyToUse:
|
||||
description: readyToUse indicates if a snapshot is ready to be used
|
||||
to restore a volume. In dynamic snapshot creation case, this field
|
||||
will be filled in by the CSI snapshotter sidecar with the "ready_to_use"
|
||||
value returned from CSI "CreateSnapshot" gRPC call. For a pre-existing
|
||||
snapshot, this field will be filled with the "ready_to_use" value
|
||||
returned from the CSI "ListSnapshots" gRPC call if the driver supports
|
||||
it, otherwise, this field will be set to "True". If not specified,
|
||||
it means the readiness of a snapshot is unknown.
|
||||
type: boolean
|
||||
restoreSize:
|
||||
description: restoreSize represents the complete size of the snapshot
|
||||
in bytes. In dynamic snapshot creation case, this field will be
|
||||
filled in by the CSI snapshotter sidecar with the "size_bytes" value
|
||||
returned from CSI "CreateSnapshot" gRPC call. For a pre-existing
|
||||
snapshot, this field will be filled with the "size_bytes" value
|
||||
returned from the CSI "ListSnapshots" gRPC call if the driver supports
|
||||
it. When restoring a volume from this snapshot, the size of the
|
||||
volume MUST NOT be smaller than the restoreSize if it is specified,
|
||||
otherwise the restoration will fail. If not specified, it indicates
|
||||
that the size is unknown.
|
||||
format: int64
|
||||
minimum: 0
|
||||
type: integer
|
||||
snapshotHandle:
|
||||
description: snapshotHandle is the CSI "snapshot_id" of a snapshot
|
||||
on the underlying storage system. If not specified, it indicates
|
||||
that dynamic snapshot creation has either failed or it is still
|
||||
in progress.
|
||||
type: string
|
||||
volumeGroupSnapshotContentName:
|
||||
description: VolumeGroupSnapshotContentName is the name of the VolumeGroupSnapshotContent
|
||||
of which this VolumeSnapshotContent is a part of.
|
||||
type: string
|
||||
type: object
|
||||
required:
|
||||
- spec
|
||||
type: object
|
||||
served: true
|
||||
storage: true
|
||||
subresources:
|
||||
status: {}
|
||||
- additionalPrinterColumns:
|
||||
- description: Indicates if the snapshot is ready to be used to restore a volume.
|
||||
jsonPath: .status.readyToUse
|
||||
name: ReadyToUse
|
||||
type: boolean
|
||||
- description: Represents the complete size of the snapshot in bytes
|
||||
jsonPath: .status.restoreSize
|
||||
name: RestoreSize
|
||||
type: integer
|
||||
- description: Determines whether this VolumeSnapshotContent and its physical
|
||||
snapshot on the underlying storage system should be deleted when its bound
|
||||
VolumeSnapshot is deleted.
|
||||
jsonPath: .spec.deletionPolicy
|
||||
name: DeletionPolicy
|
||||
type: string
|
||||
- description: Name of the CSI driver used to create the physical snapshot on
|
||||
the underlying storage system.
|
||||
jsonPath: .spec.driver
|
||||
name: Driver
|
||||
type: string
|
||||
- description: Name of the VolumeSnapshotClass to which this snapshot belongs.
|
||||
jsonPath: .spec.volumeSnapshotClassName
|
||||
name: VolumeSnapshotClass
|
||||
type: string
|
||||
- description: Name of the VolumeSnapshot object to which this VolumeSnapshotContent
|
||||
object is bound.
|
||||
jsonPath: .spec.volumeSnapshotRef.name
|
||||
name: VolumeSnapshot
|
||||
type: string
|
||||
- description: Namespace of the VolumeSnapshot object to which this VolumeSnapshotContent
|
||||
object is bound.
|
||||
jsonPath: .spec.volumeSnapshotRef.namespace
|
||||
name: VolumeSnapshotNamespace
|
||||
type: string
|
||||
- jsonPath: .metadata.creationTimestamp
|
||||
name: Age
|
||||
type: date
|
||||
deprecated: true
|
||||
deprecationWarning: snapshot.storage.k8s.io/v1beta1 VolumeSnapshotContent is deprecated;
|
||||
use snapshot.storage.k8s.io/v1 VolumeSnapshotContent
|
||||
name: v1beta1
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
description: VolumeSnapshotContent represents the actual "on-disk" snapshot
|
||||
object in the underlying storage system
|
||||
properties:
|
||||
apiVersion:
|
||||
description: 'APIVersion defines the versioned schema of this representation
|
||||
of an object. Servers should convert recognized schemas to the latest
|
||||
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||
type: string
|
||||
kind:
|
||||
description: 'Kind is a string value representing the REST resource this
|
||||
object represents. Servers may infer this from the endpoint the client
|
||||
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||
type: string
|
||||
spec:
|
||||
description: spec defines properties of a VolumeSnapshotContent created
|
||||
by the underlying storage system. Required.
|
||||
properties:
|
||||
deletionPolicy:
|
||||
description: deletionPolicy determines whether this VolumeSnapshotContent
|
||||
and its physical snapshot on the underlying storage system should
|
||||
be deleted when its bound VolumeSnapshot is deleted. Supported values
|
||||
are "Retain" and "Delete". "Retain" means that the VolumeSnapshotContent
|
||||
and its physical snapshot on underlying storage system are kept.
|
||||
"Delete" means that the VolumeSnapshotContent and its physical snapshot
|
||||
on underlying storage system are deleted. For dynamically provisioned
|
||||
snapshots, this field will automatically be filled in by the CSI
|
||||
snapshotter sidecar with the "DeletionPolicy" field defined in the
|
||||
corresponding VolumeSnapshotClass. For pre-existing snapshots, users
|
||||
MUST specify this field when creating the VolumeSnapshotContent
|
||||
object. Required.
|
||||
enum:
|
||||
- Delete
|
||||
- Retain
|
||||
type: string
|
||||
driver:
|
||||
description: driver is the name of the CSI driver used to create the
|
||||
physical snapshot on the underlying storage system. This MUST be
|
||||
the same as the name returned by the CSI GetPluginName() call for
|
||||
that driver. Required.
|
||||
type: string
|
||||
source:
|
||||
description: source specifies whether the snapshot is (or should be)
|
||||
dynamically provisioned or already exists, and just requires a Kubernetes
|
||||
object representation. This field is immutable after creation. Required.
|
||||
properties:
|
||||
snapshotHandle:
|
||||
description: snapshotHandle specifies the CSI "snapshot_id" of
|
||||
a pre-existing snapshot on the underlying storage system for
|
||||
which a Kubernetes object representation was (or should be)
|
||||
created. This field is immutable.
|
||||
type: string
|
||||
volumeHandle:
|
||||
description: volumeHandle specifies the CSI "volume_id" of the
|
||||
volume from which a snapshot should be dynamically taken from.
|
||||
This field is immutable.
|
||||
type: string
|
||||
type: object
|
||||
volumeSnapshotClassName:
|
||||
description: name of the VolumeSnapshotClass from which this snapshot
|
||||
was (or will be) created. Note that after provisioning, the VolumeSnapshotClass
|
||||
may be deleted or recreated with different set of values, and as
|
||||
such, should not be referenced post-snapshot creation.
|
||||
type: string
|
||||
volumeSnapshotRef:
|
||||
description: volumeSnapshotRef specifies the VolumeSnapshot object
|
||||
to which this VolumeSnapshotContent object is bound. VolumeSnapshot.Spec.VolumeSnapshotContentName
|
||||
field must reference to this VolumeSnapshotContent's name for the
|
||||
bidirectional binding to be valid. For a pre-existing VolumeSnapshotContent
|
||||
object, name and namespace of the VolumeSnapshot object MUST be
|
||||
provided for binding to happen. This field is immutable after creation.
|
||||
Required.
|
||||
properties:
|
||||
apiVersion:
|
||||
description: API version of the referent.
|
||||
type: string
|
||||
fieldPath:
|
||||
description: 'If referring to a piece of an object instead of
|
||||
an entire object, this string should contain a valid JSON/Go
|
||||
field access statement, such as desiredState.manifest.containers[2].
|
||||
For example, if the object reference is to a container within
|
||||
a pod, this would take on a value like: "spec.containers{name}"
|
||||
(where "name" refers to the name of the container that triggered
|
||||
the event) or if no container name is specified "spec.containers[2]"
|
||||
(container with index 2 in this pod). This syntax is chosen
|
||||
only to have some well-defined way of referencing a part of
|
||||
an object. TODO: this design is not final and this field is
|
||||
subject to change in the future.'
|
||||
type: string
|
||||
kind:
|
||||
description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||
type: string
|
||||
name:
|
||||
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
|
||||
type: string
|
||||
namespace:
|
||||
description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
|
||||
type: string
|
||||
resourceVersion:
|
||||
description: 'Specific resourceVersion to which this reference
|
||||
is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
|
||||
type: string
|
||||
uid:
|
||||
description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
|
||||
type: string
|
||||
type: object
|
||||
required:
|
||||
- deletionPolicy
|
||||
- driver
|
||||
- source
|
||||
- volumeSnapshotRef
|
||||
type: object
|
||||
status:
|
||||
description: status represents the current information of a snapshot.
|
||||
properties:
|
||||
creationTime:
|
||||
description: creationTime is the timestamp when the point-in-time
|
||||
snapshot is taken by the underlying storage system. In dynamic snapshot
|
||||
creation case, this field will be filled in by the CSI snapshotter
|
||||
sidecar with the "creation_time" value returned from CSI "CreateSnapshot"
|
||||
gRPC call. For a pre-existing snapshot, this field will be filled
|
||||
with the "creation_time" value returned from the CSI "ListSnapshots"
|
||||
gRPC call if the driver supports it. If not specified, it indicates
|
||||
the creation time is unknown. The format of this field is a Unix
|
||||
nanoseconds time encoded as an int64. On Unix, the command `date
|
||||
+%s%N` returns the current time in nanoseconds since 1970-01-01
|
||||
00:00:00 UTC.
|
||||
format: int64
|
||||
type: integer
|
||||
error:
|
||||
description: error is the last observed error during snapshot creation,
|
||||
if any. Upon success after retry, this error field will be cleared.
|
||||
properties:
|
||||
message:
|
||||
description: 'message is a string detailing the encountered error
|
||||
during snapshot creation if specified. NOTE: message may be
|
||||
logged, and it should not contain sensitive information.'
|
||||
type: string
|
||||
time:
|
||||
description: time is the timestamp when the error was encountered.
|
||||
format: date-time
|
||||
type: string
|
||||
type: object
|
||||
readyToUse:
|
||||
description: readyToUse indicates if a snapshot is ready to be used
|
||||
to restore a volume. In dynamic snapshot creation case, this field
|
||||
will be filled in by the CSI snapshotter sidecar with the "ready_to_use"
|
||||
value returned from CSI "CreateSnapshot" gRPC call. For a pre-existing
|
||||
snapshot, this field will be filled with the "ready_to_use" value
|
||||
returned from the CSI "ListSnapshots" gRPC call if the driver supports
|
||||
it, otherwise, this field will be set to "True". If not specified,
|
||||
it means the readiness of a snapshot is unknown.
|
||||
type: boolean
|
||||
restoreSize:
|
||||
description: restoreSize represents the complete size of the snapshot
|
||||
in bytes. In dynamic snapshot creation case, this field will be
|
||||
filled in by the CSI snapshotter sidecar with the "size_bytes" value
|
||||
returned from CSI "CreateSnapshot" gRPC call. For a pre-existing
|
||||
snapshot, this field will be filled with the "size_bytes" value
|
||||
returned from the CSI "ListSnapshots" gRPC call if the driver supports
|
||||
it. When restoring a volume from this snapshot, the size of the
|
||||
volume MUST NOT be smaller than the restoreSize if it is specified,
|
||||
otherwise the restoration will fail. If not specified, it indicates
|
||||
that the size is unknown.
|
||||
format: int64
|
||||
minimum: 0
|
||||
type: integer
|
||||
snapshotHandle:
|
||||
description: snapshotHandle is the CSI "snapshot_id" of a snapshot
|
||||
on the underlying storage system. If not specified, it indicates
|
||||
that dynamic snapshot creation has either failed or it is still
|
||||
in progress.
|
||||
type: string
|
||||
type: object
|
||||
required:
|
||||
- spec
|
||||
type: object
|
||||
served: false
|
||||
storage: false
|
||||
subresources:
|
||||
status: {}
|
||||
status:
|
||||
acceptedNames:
|
||||
kind: ""
|
||||
plural: ""
|
||||
conditions: []
|
||||
storedVersions: []
|
||||
{{- end -}}
|
||||
{{- end -}}
|
|
@ -0,0 +1,392 @@
|
|||
{{- if .Values.csi.volumeSnapshots.enabled -}}
|
||||
{{- $crdName := "volumesnapshots.snapshot.storage.k8s.io" -}}
|
||||
{{- if (include "crdIsAbsent" (list $crdName)) -}}
|
||||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
api-approved.kubernetes.io: https://github.com/kubernetes-csi/external-snapshotter/pull/814
|
||||
controller-gen.kubebuilder.io/version: v0.11.3
|
||||
creationTimestamp: null
|
||||
name: volumesnapshots.snapshot.storage.k8s.io
|
||||
spec:
|
||||
group: snapshot.storage.k8s.io
|
||||
names:
|
||||
kind: VolumeSnapshot
|
||||
listKind: VolumeSnapshotList
|
||||
plural: volumesnapshots
|
||||
shortNames:
|
||||
- vs
|
||||
singular: volumesnapshot
|
||||
scope: Namespaced
|
||||
versions:
|
||||
- additionalPrinterColumns:
|
||||
- description: Indicates if the snapshot is ready to be used to restore a volume.
|
||||
jsonPath: .status.readyToUse
|
||||
name: ReadyToUse
|
||||
type: boolean
|
||||
- description: If a new snapshot needs to be created, this contains the name of
|
||||
the source PVC from which this snapshot was (or will be) created.
|
||||
jsonPath: .spec.source.persistentVolumeClaimName
|
||||
name: SourcePVC
|
||||
type: string
|
||||
- description: If a snapshot already exists, this contains the name of the existing
|
||||
VolumeSnapshotContent object representing the existing snapshot.
|
||||
jsonPath: .spec.source.volumeSnapshotContentName
|
||||
name: SourceSnapshotContent
|
||||
type: string
|
||||
- description: Represents the minimum size of volume required to rehydrate from
|
||||
this snapshot.
|
||||
jsonPath: .status.restoreSize
|
||||
name: RestoreSize
|
||||
type: string
|
||||
- description: The name of the VolumeSnapshotClass requested by the VolumeSnapshot.
|
||||
jsonPath: .spec.volumeSnapshotClassName
|
||||
name: SnapshotClass
|
||||
type: string
|
||||
- description: Name of the VolumeSnapshotContent object to which the VolumeSnapshot
|
||||
object intends to bind to. Please note that verification of binding actually
|
||||
requires checking both VolumeSnapshot and VolumeSnapshotContent to ensure
|
||||
both are pointing at each other. Binding MUST be verified prior to usage of
|
||||
this object.
|
||||
jsonPath: .status.boundVolumeSnapshotContentName
|
||||
name: SnapshotContent
|
||||
type: string
|
||||
- description: Timestamp when the point-in-time snapshot was taken by the underlying
|
||||
storage system.
|
||||
jsonPath: .status.creationTime
|
||||
name: CreationTime
|
||||
type: date
|
||||
- jsonPath: .metadata.creationTimestamp
|
||||
name: Age
|
||||
type: date
|
||||
name: v1
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
description: VolumeSnapshot is a user's request for either creating a point-in-time
|
||||
snapshot of a persistent volume, or binding to a pre-existing snapshot.
|
||||
properties:
|
||||
apiVersion:
|
||||
description: 'APIVersion defines the versioned schema of this representation
|
||||
of an object. Servers should convert recognized schemas to the latest
|
||||
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||
type: string
|
||||
kind:
|
||||
description: 'Kind is a string value representing the REST resource this
|
||||
object represents. Servers may infer this from the endpoint the client
|
||||
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||
type: string
|
||||
spec:
|
||||
description: 'spec defines the desired characteristics of a snapshot requested
|
||||
by a user. More info: https://kubernetes.io/docs/concepts/storage/volume-snapshots#volumesnapshots
|
||||
Required.'
|
||||
properties:
|
||||
source:
|
||||
description: source specifies where a snapshot will be created from.
|
||||
This field is immutable after creation. Required.
|
||||
oneOf:
|
||||
- required:
|
||||
- persistentVolumeClaimName
|
||||
- required:
|
||||
- volumeSnapshotContentName
|
||||
properties:
|
||||
persistentVolumeClaimName:
|
||||
description: persistentVolumeClaimName specifies the name of the
|
||||
PersistentVolumeClaim object representing the volume from which
|
||||
a snapshot should be created. This PVC is assumed to be in the
|
||||
same namespace as the VolumeSnapshot object. This field should
|
||||
be set if the snapshot does not exists, and needs to be created.
|
||||
This field is immutable.
|
||||
type: string
|
||||
volumeSnapshotContentName:
|
||||
description: volumeSnapshotContentName specifies the name of a
|
||||
pre-existing VolumeSnapshotContent object representing an existing
|
||||
volume snapshot. This field should be set if the snapshot already
|
||||
exists and only needs a representation in Kubernetes. This field
|
||||
is immutable.
|
||||
type: string
|
||||
type: object
|
||||
volumeSnapshotClassName:
|
||||
description: 'VolumeSnapshotClassName is the name of the VolumeSnapshotClass
|
||||
requested by the VolumeSnapshot. VolumeSnapshotClassName may be
|
||||
left nil to indicate that the default SnapshotClass should be used.
|
||||
A given cluster may have multiple default Volume SnapshotClasses:
|
||||
one default per CSI Driver. If a VolumeSnapshot does not specify
|
||||
a SnapshotClass, VolumeSnapshotSource will be checked to figure
|
||||
out what the associated CSI Driver is, and the default VolumeSnapshotClass
|
||||
associated with that CSI Driver will be used. If more than one VolumeSnapshotClass
|
||||
exist for a given CSI Driver and more than one have been marked
|
||||
as default, CreateSnapshot will fail and generate an event. Empty
|
||||
string is not allowed for this field.'
|
||||
type: string
|
||||
required:
|
||||
- source
|
||||
type: object
|
||||
status:
|
||||
description: status represents the current information of a snapshot.
|
||||
Consumers must verify binding between VolumeSnapshot and VolumeSnapshotContent
|
||||
objects is successful (by validating that both VolumeSnapshot and VolumeSnapshotContent
|
||||
point at each other) before using this object.
|
||||
properties:
|
||||
boundVolumeSnapshotContentName:
|
||||
description: 'boundVolumeSnapshotContentName is the name of the VolumeSnapshotContent
|
||||
object to which this VolumeSnapshot object intends to bind to. If
|
||||
not specified, it indicates that the VolumeSnapshot object has not
|
||||
been successfully bound to a VolumeSnapshotContent object yet. NOTE:
|
||||
To avoid possible security issues, consumers must verify binding
|
||||
between VolumeSnapshot and VolumeSnapshotContent objects is successful
|
||||
(by validating that both VolumeSnapshot and VolumeSnapshotContent
|
||||
point at each other) before using this object.'
|
||||
type: string
|
||||
creationTime:
|
||||
description: creationTime is the timestamp when the point-in-time
|
||||
snapshot is taken by the underlying storage system. In dynamic snapshot
|
||||
creation case, this field will be filled in by the snapshot controller
|
||||
with the "creation_time" value returned from CSI "CreateSnapshot"
|
||||
gRPC call. For a pre-existing snapshot, this field will be filled
|
||||
with the "creation_time" value returned from the CSI "ListSnapshots"
|
||||
gRPC call if the driver supports it. If not specified, it may indicate
|
||||
that the creation time of the snapshot is unknown.
|
||||
format: date-time
|
||||
type: string
|
||||
error:
|
||||
description: error is the last observed error during snapshot creation,
|
||||
if any. This field could be helpful to upper level controllers(i.e.,
|
||||
application controller) to decide whether they should continue on
|
||||
waiting for the snapshot to be created based on the type of error
|
||||
reported. The snapshot controller will keep retrying when an error
|
||||
occurs during the snapshot creation. Upon success, this error field
|
||||
will be cleared.
|
||||
properties:
|
||||
message:
|
||||
description: 'message is a string detailing the encountered error
|
||||
during snapshot creation if specified. NOTE: message may be
|
||||
logged, and it should not contain sensitive information.'
|
||||
type: string
|
||||
time:
|
||||
description: time is the timestamp when the error was encountered.
|
||||
format: date-time
|
||||
type: string
|
||||
type: object
|
||||
readyToUse:
|
||||
description: readyToUse indicates if the snapshot is ready to be used
|
||||
to restore a volume. In dynamic snapshot creation case, this field
|
||||
will be filled in by the snapshot controller with the "ready_to_use"
|
||||
value returned from CSI "CreateSnapshot" gRPC call. For a pre-existing
|
||||
snapshot, this field will be filled with the "ready_to_use" value
|
||||
returned from the CSI "ListSnapshots" gRPC call if the driver supports
|
||||
it, otherwise, this field will be set to "True". If not specified,
|
||||
it means the readiness of a snapshot is unknown.
|
||||
type: boolean
|
||||
restoreSize:
|
||||
description: restoreSize represents the minimum size of volume required
|
||||
to create a volume from this snapshot. In dynamic snapshot creation
|
||||
case, this field will be filled in by the snapshot controller with
|
||||
the "size_bytes" value returned from CSI "CreateSnapshot" gRPC call.
|
||||
For a pre-existing snapshot, this field will be filled with the
|
||||
"size_bytes" value returned from the CSI "ListSnapshots" gRPC call
|
||||
if the driver supports it. When restoring a volume from this snapshot,
|
||||
the size of the volume MUST NOT be smaller than the restoreSize
|
||||
if it is specified, otherwise the restoration will fail. If not
|
||||
specified, it indicates that the size is unknown.
|
||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||
type: string
|
||||
x-kubernetes-int-or-string: true
|
||||
volumeGroupSnapshotName:
|
||||
description: VolumeGroupSnapshotName is the name of the VolumeGroupSnapshot
|
||||
of which this VolumeSnapshot is a part of.
|
||||
type: string
|
||||
type: object
|
||||
required:
|
||||
- spec
|
||||
type: object
|
||||
served: true
|
||||
storage: true
|
||||
subresources:
|
||||
status: {}
|
||||
- additionalPrinterColumns:
|
||||
- description: Indicates if the snapshot is ready to be used to restore a volume.
|
||||
jsonPath: .status.readyToUse
|
||||
name: ReadyToUse
|
||||
type: boolean
|
||||
- description: If a new snapshot needs to be created, this contains the name of
|
||||
the source PVC from which this snapshot was (or will be) created.
|
||||
jsonPath: .spec.source.persistentVolumeClaimName
|
||||
name: SourcePVC
|
||||
type: string
|
||||
- description: If a snapshot already exists, this contains the name of the existing
|
||||
VolumeSnapshotContent object representing the existing snapshot.
|
||||
jsonPath: .spec.source.volumeSnapshotContentName
|
||||
name: SourceSnapshotContent
|
||||
type: string
|
||||
- description: Represents the minimum size of volume required to rehydrate from
|
||||
this snapshot.
|
||||
jsonPath: .status.restoreSize
|
||||
name: RestoreSize
|
||||
type: string
|
||||
- description: The name of the VolumeSnapshotClass requested by the VolumeSnapshot.
|
||||
jsonPath: .spec.volumeSnapshotClassName
|
||||
name: SnapshotClass
|
||||
type: string
|
||||
- description: Name of the VolumeSnapshotContent object to which the VolumeSnapshot
|
||||
object intends to bind to. Please note that verification of binding actually
|
||||
requires checking both VolumeSnapshot and VolumeSnapshotContent to ensure
|
||||
both are pointing at each other. Binding MUST be verified prior to usage of
|
||||
this object.
|
||||
jsonPath: .status.boundVolumeSnapshotContentName
|
||||
name: SnapshotContent
|
||||
type: string
|
||||
- description: Timestamp when the point-in-time snapshot was taken by the underlying
|
||||
storage system.
|
||||
jsonPath: .status.creationTime
|
||||
name: CreationTime
|
||||
type: date
|
||||
- jsonPath: .metadata.creationTimestamp
|
||||
name: Age
|
||||
type: date
|
||||
deprecated: true
|
||||
deprecationWarning: snapshot.storage.k8s.io/v1beta1 VolumeSnapshot is deprecated;
|
||||
use snapshot.storage.k8s.io/v1 VolumeSnapshot
|
||||
name: v1beta1
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
description: VolumeSnapshot is a user's request for either creating a point-in-time
|
||||
snapshot of a persistent volume, or binding to a pre-existing snapshot.
|
||||
properties:
|
||||
apiVersion:
|
||||
description: 'APIVersion defines the versioned schema of this representation
|
||||
of an object. Servers should convert recognized schemas to the latest
|
||||
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||
type: string
|
||||
kind:
|
||||
description: 'Kind is a string value representing the REST resource this
|
||||
object represents. Servers may infer this from the endpoint the client
|
||||
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||
type: string
|
||||
spec:
|
||||
description: 'spec defines the desired characteristics of a snapshot requested
|
||||
by a user. More info: https://kubernetes.io/docs/concepts/storage/volume-snapshots#volumesnapshots
|
||||
Required.'
|
||||
properties:
|
||||
source:
|
||||
description: source specifies where a snapshot will be created from.
|
||||
This field is immutable after creation. Required.
|
||||
properties:
|
||||
persistentVolumeClaimName:
|
||||
description: persistentVolumeClaimName specifies the name of the
|
||||
PersistentVolumeClaim object representing the volume from which
|
||||
a snapshot should be created. This PVC is assumed to be in the
|
||||
same namespace as the VolumeSnapshot object. This field should
|
||||
be set if the snapshot does not exists, and needs to be created.
|
||||
This field is immutable.
|
||||
type: string
|
||||
volumeSnapshotContentName:
|
||||
description: volumeSnapshotContentName specifies the name of a
|
||||
pre-existing VolumeSnapshotContent object representing an existing
|
||||
volume snapshot. This field should be set if the snapshot already
|
||||
exists and only needs a representation in Kubernetes. This field
|
||||
is immutable.
|
||||
type: string
|
||||
type: object
|
||||
volumeSnapshotClassName:
|
||||
description: 'VolumeSnapshotClassName is the name of the VolumeSnapshotClass
|
||||
requested by the VolumeSnapshot. VolumeSnapshotClassName may be
|
||||
left nil to indicate that the default SnapshotClass should be used.
|
||||
A given cluster may have multiple default Volume SnapshotClasses:
|
||||
one default per CSI Driver. If a VolumeSnapshot does not specify
|
||||
a SnapshotClass, VolumeSnapshotSource will be checked to figure
|
||||
out what the associated CSI Driver is, and the default VolumeSnapshotClass
|
||||
associated with that CSI Driver will be used. If more than one VolumeSnapshotClass
|
||||
exist for a given CSI Driver and more than one have been marked
|
||||
as default, CreateSnapshot will fail and generate an event. Empty
|
||||
string is not allowed for this field.'
|
||||
type: string
|
||||
required:
|
||||
- source
|
||||
type: object
|
||||
status:
|
||||
description: status represents the current information of a snapshot.
|
||||
Consumers must verify binding between VolumeSnapshot and VolumeSnapshotContent
|
||||
objects is successful (by validating that both VolumeSnapshot and VolumeSnapshotContent
|
||||
point at each other) before using this object.
|
||||
properties:
|
||||
boundVolumeSnapshotContentName:
|
||||
description: 'boundVolumeSnapshotContentName is the name of the VolumeSnapshotContent
|
||||
object to which this VolumeSnapshot object intends to bind to. If
|
||||
not specified, it indicates that the VolumeSnapshot object has not
|
||||
been successfully bound to a VolumeSnapshotContent object yet. NOTE:
|
||||
To avoid possible security issues, consumers must verify binding
|
||||
between VolumeSnapshot and VolumeSnapshotContent objects is successful
|
||||
(by validating that both VolumeSnapshot and VolumeSnapshotContent
|
||||
point at each other) before using this object.'
|
||||
type: string
|
||||
creationTime:
|
||||
description: creationTime is the timestamp when the point-in-time
|
||||
snapshot is taken by the underlying storage system. In dynamic snapshot
|
||||
creation case, this field will be filled in by the snapshot controller
|
||||
with the "creation_time" value returned from CSI "CreateSnapshot"
|
||||
gRPC call. For a pre-existing snapshot, this field will be filled
|
||||
with the "creation_time" value returned from the CSI "ListSnapshots"
|
||||
gRPC call if the driver supports it. If not specified, it may indicate
|
||||
that the creation time of the snapshot is unknown.
|
||||
format: date-time
|
||||
type: string
|
||||
error:
|
||||
description: error is the last observed error during snapshot creation,
|
||||
if any. This field could be helpful to upper level controllers(i.e.,
|
||||
application controller) to decide whether they should continue on
|
||||
waiting for the snapshot to be created based on the type of error
|
||||
reported. The snapshot controller will keep retrying when an error
|
||||
occurs during the snapshot creation. Upon success, this error field
|
||||
will be cleared.
|
||||
properties:
|
||||
message:
|
||||
description: 'message is a string detailing the encountered error
|
||||
during snapshot creation if specified. NOTE: message may be
|
||||
logged, and it should not contain sensitive information.'
|
||||
type: string
|
||||
time:
|
||||
description: time is the timestamp when the error was encountered.
|
||||
format: date-time
|
||||
type: string
|
||||
type: object
|
||||
readyToUse:
|
||||
description: readyToUse indicates if the snapshot is ready to be used
|
||||
to restore a volume. In dynamic snapshot creation case, this field
|
||||
will be filled in by the snapshot controller with the "ready_to_use"
|
||||
value returned from CSI "CreateSnapshot" gRPC call. For a pre-existing
|
||||
snapshot, this field will be filled with the "ready_to_use" value
|
||||
returned from the CSI "ListSnapshots" gRPC call if the driver supports
|
||||
it, otherwise, this field will be set to "True". If not specified,
|
||||
it means the readiness of a snapshot is unknown.
|
||||
type: boolean
|
||||
restoreSize:
|
||||
description: restoreSize represents the minimum size of volume required
|
||||
to create a volume from this snapshot. In dynamic snapshot creation
|
||||
case, this field will be filled in by the snapshot controller with
|
||||
the "size_bytes" value returned from CSI "CreateSnapshot" gRPC call.
|
||||
For a pre-existing snapshot, this field will be filled with the
|
||||
"size_bytes" value returned from the CSI "ListSnapshots" gRPC call
|
||||
if the driver supports it. When restoring a volume from this snapshot,
|
||||
the size of the volume MUST NOT be smaller than the restoreSize
|
||||
if it is specified, otherwise the restoration will fail. If not
|
||||
specified, it indicates that the size is unknown.
|
||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||
type: string
|
||||
x-kubernetes-int-or-string: true
|
||||
type: object
|
||||
required:
|
||||
- spec
|
||||
type: object
|
||||
served: false
|
||||
storage: false
|
||||
subresources:
|
||||
status: {}
|
||||
status:
|
||||
acceptedNames:
|
||||
kind: ""
|
||||
plural: ""
|
||||
conditions: []
|
||||
storedVersions: []
|
||||
{{- end -}}
|
||||
{{- end -}}
|
|
@ -1,5 +1,6 @@
|
|||
|
||||
|
||||
{{- if .Values.lvmLocalPv.enabled -}}
|
||||
{{- $crdName := "lvmnodes.local.openebs.io" -}}
|
||||
{{- if (include "crdIsAbsent" (list $crdName)) -}}
|
||||
##############################################
|
||||
########### ############
|
||||
########### LVMNode CRD ############
|
||||
|
@ -175,3 +176,5 @@ status:
|
|||
plural: ""
|
||||
conditions: []
|
||||
storedVersions: []
|
||||
{{- end -}}
|
||||
{{- end -}}
|
|
@ -1,5 +1,6 @@
|
|||
|
||||
|
||||
{{- if .Values.lvmLocalPv.enabled -}}
|
||||
{{- $crdName := "lvmsnapshots.local.openebs.io" -}}
|
||||
{{- if (include "crdIsAbsent" (list $crdName)) -}}
|
||||
##############################################
|
||||
########### ############
|
||||
########### LVMSnapshot CRD ############
|
||||
|
@ -83,3 +84,5 @@ status:
|
|||
plural: ""
|
||||
conditions: []
|
||||
storedVersions: []
|
||||
{{- end -}}
|
||||
{{- end -}}
|
|
@ -1,5 +1,6 @@
|
|||
|
||||
|
||||
{{- if .Values.lvmLocalPv.enabled -}}
|
||||
{{- $crdName := "lvmvolumes.local.openebs.io" -}}
|
||||
{{- if (include "crdIsAbsent" (list $crdName)) -}}
|
||||
##############################################
|
||||
########### ############
|
||||
########### LVMVolume CRD ############
|
||||
|
@ -151,3 +152,5 @@ status:
|
|||
plural: ""
|
||||
conditions: []
|
||||
storedVersions: []
|
||||
{{- end -}}
|
||||
{{- end -}}
|
|
@ -0,0 +1,8 @@
|
|||
lvmLocalPv:
|
||||
# Install lvm-localpv CRDs
|
||||
enabled: true
|
||||
|
||||
csi:
|
||||
volumeSnapshots:
|
||||
# Install Volume Snapshot CRDs
|
||||
enabled: true
|
|
@ -1,5 +1,5 @@
|
|||
apiVersion: apps/v1
|
||||
kind: StatefulSet
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: {{ template "lvmlocalpv.fullname" . }}-controller
|
||||
{{- with .Values.lvmController.annotations }}
|
||||
|
@ -11,7 +11,6 @@ spec:
|
|||
selector:
|
||||
matchLabels:
|
||||
{{- include "lvmlocalpv.lvmController.matchLabels" . | nindent 6 }}
|
||||
serviceName: "{{ .Values.lvmController.serviceName }}"
|
||||
replicas: {{ .Values.lvmController.replicas }}
|
||||
template:
|
||||
metadata:
|
||||
|
@ -147,3 +146,7 @@ spec:
|
|||
tolerations:
|
||||
{{ toYaml .Values.lvmController.tolerations | indent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.lvmController.topologySpreadConstraints }}
|
||||
topologySpreadConstraints:
|
||||
{{ toYaml .Values.lvmController.topologySpreadConstraints | indent 8 }}
|
||||
{{- end }}
|
||||
|
|
|
@ -30,7 +30,7 @@ spec:
|
|||
priorityClassName: {{ template "lvmlocalpv.lvmNode.priorityClassName" . }}
|
||||
{{- end }}
|
||||
serviceAccountName: {{ .Values.serviceAccount.lvmNode.name }}
|
||||
hostNetwork: true
|
||||
hostNetwork: {{ .Values.lvmNode.hostNetwork }}
|
||||
containers:
|
||||
- name: {{ .Values.lvmNode.driverRegistrar.name }}
|
||||
image: "{{ .Values.lvmNode.driverRegistrar.image.registry }}{{ .Values.lvmNode.driverRegistrar.image.repository }}:{{ .Values.lvmNode.driverRegistrar.image.tag }}"
|
||||
|
|
|
@ -10,7 +10,7 @@ spec:
|
|||
allowPrivilegeEscalation: true
|
||||
allowedCapabilities: ['*']
|
||||
volumes: ['*']
|
||||
hostNetwork: true
|
||||
hostNetwork: {{ .Values.lvmNode.hostNetwork}}
|
||||
hostIPC: true
|
||||
hostPID: true
|
||||
runAsUser:
|
||||
|
|
|
@ -14,9 +14,6 @@ metadata:
|
|||
labels:
|
||||
{{- include "lvmlocalpv.lvmController.labels" . | nindent 4 }}
|
||||
rules:
|
||||
- apiGroups: [""]
|
||||
resources: ["secrets"]
|
||||
verbs: ["get", "list"]
|
||||
- apiGroups: [""]
|
||||
resources: ["namespaces"]
|
||||
verbs: ["get", "list", "watch"]
|
||||
|
@ -123,7 +120,8 @@ roleRef:
|
|||
apiGroup: rbac.authorization.k8s.io
|
||||
---
|
||||
{{- end }}
|
||||
{{- if .Values.serviceAccount.lvmNode.create -}}
|
||||
|
||||
{{- if .Values.serviceAccount.lvmNode.create }}
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
# This is a YAML-formatted file.
|
||||
# Declare variables to be passed into your templates.
|
||||
release:
|
||||
version: "1.3.0"
|
||||
version: "1.5.0"
|
||||
|
||||
imagePullSecrets:
|
||||
# - name: "image-pull-secret"
|
||||
|
@ -61,14 +61,15 @@ lvmNode:
|
|||
# Configure the maximum number of queries allowed after
|
||||
# accounting for rolled over qps from previous seconds.
|
||||
burst: 0
|
||||
# Disable or enable the use of hostNetwork for the lvm node daemonset.
|
||||
hostNetwork: false
|
||||
|
||||
|
||||
# lvmController contains the configurables for
|
||||
# the lvm controller statefulset
|
||||
# the lvm controller deployment
|
||||
lvmController:
|
||||
componentName: openebs-lvm-controller
|
||||
replicas: 1
|
||||
serviceName: openebs-lvm
|
||||
logLevel: 5
|
||||
resizer:
|
||||
name: "csi-resizer"
|
||||
|
@ -126,6 +127,7 @@ lvmController:
|
|||
name: openebs-lvm-controller
|
||||
nodeSelector: {}
|
||||
tolerations: []
|
||||
topologySpreadConstraints: []
|
||||
securityContext: {}
|
||||
priorityClass:
|
||||
create: true
|
||||
|
@ -139,7 +141,7 @@ lvmController:
|
|||
burst: 0
|
||||
|
||||
# lvmPlugin is the common csi container used by the
|
||||
# controller statefulset and node daemonset
|
||||
# controller deployment and node daemonset
|
||||
lvmPlugin:
|
||||
name: "openebs-lvm-plugin"
|
||||
image:
|
||||
|
@ -149,7 +151,7 @@ lvmPlugin:
|
|||
repository: openebs/lvm-driver
|
||||
pullPolicy: IfNotPresent
|
||||
# Overrides the image tag whose default is the chart appVersion.
|
||||
tag: 1.3.0
|
||||
tag: 1.5.0
|
||||
ioLimits:
|
||||
enabled: false
|
||||
containerRuntime: containerd
|
||||
|
@ -164,12 +166,6 @@ lvmPlugin:
|
|||
|
||||
role: openebs-lvm
|
||||
|
||||
crd:
|
||||
enableInstall: true
|
||||
# Specify installation of the kubernetes-csi volume snapshot CRDs if your Kubernetes distribution
|
||||
# or another storage operator already manages them.
|
||||
volumeSnapshot: true
|
||||
|
||||
serviceAccount:
|
||||
lvmController:
|
||||
# Specifies whether a service account should be created
|
||||
|
@ -186,3 +182,12 @@ serviceAccount:
|
|||
|
||||
analytics:
|
||||
enabled: true
|
||||
|
||||
crds:
|
||||
lvmLocalPv:
|
||||
# Install lvm-localpv CRDs
|
||||
enabled: true
|
||||
csi:
|
||||
volumeSnapshots:
|
||||
# Install Volume Snapshot CRDs
|
||||
enabled: true
|
||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -18,7 +18,7 @@
|
|||
"subdir": "contrib/mixin"
|
||||
}
|
||||
},
|
||||
"version": "7851295966ae3dd5308c37079b5df58440d1fb36",
|
||||
"version": "9359aef3e3dd39b7bbf57cab4b6899a238af3144",
|
||||
"sum": "xuUBd2vqF7asyVDe5CE08uPT/RxAdy8O75EjFJoMXXU="
|
||||
},
|
||||
{
|
||||
|
@ -51,6 +51,16 @@
|
|||
"version": "a1d61cce1da59c71409b99b5c7568511fec661ea",
|
||||
"sum": "gCtR9s/4D5fxU9aKXg0Bru+/njZhA0YjLjPiASc61FM="
|
||||
},
|
||||
{
|
||||
"source": {
|
||||
"git": {
|
||||
"remote": "https://github.com/grafana/grafonnet.git",
|
||||
"subdir": "gen/grafonnet-latest"
|
||||
}
|
||||
},
|
||||
"version": "6ac1593ca787638da223380ff4a3fd0f96e953e1",
|
||||
"sum": "GxEO83uxgsDclLp/fmlUJZDbSGpeUZY6Ap3G2cgdL1g="
|
||||
},
|
||||
{
|
||||
"source": {
|
||||
"git": {
|
||||
|
@ -58,8 +68,18 @@
|
|||
"subdir": "gen/grafonnet-v10.0.0"
|
||||
}
|
||||
},
|
||||
"version": "a1b14991306adebdb0107ea9aa74870bf86c346e",
|
||||
"sum": "gj/20VIGucG2vDGjG7YdHLC4yUUfrpuaneUYaRmymOM="
|
||||
"version": "6ac1593ca787638da223380ff4a3fd0f96e953e1",
|
||||
"sum": "W7sLuAvMSJPkC7Oo31t45Nz/cUdJV7jzNSJTd3F1daM="
|
||||
},
|
||||
{
|
||||
"source": {
|
||||
"git": {
|
||||
"remote": "https://github.com/grafana/grafonnet.git",
|
||||
"subdir": "gen/grafonnet-v10.4.0"
|
||||
}
|
||||
},
|
||||
"version": "6ac1593ca787638da223380ff4a3fd0f96e953e1",
|
||||
"sum": "ZSmDT7i/qU9P8ggmuPuJT+jonq1ZEsBRCXycW/H5L/A="
|
||||
},
|
||||
{
|
||||
"source": {
|
||||
|
@ -68,8 +88,8 @@
|
|||
"subdir": "grafana-builder"
|
||||
}
|
||||
},
|
||||
"version": "931f6b1139bb3694b06f2261279ba3dc01aca5b8",
|
||||
"sum": "VmOxvg9FuY9UYr3lN6ZJe2HhuIErJoWimPybQr3S3yQ="
|
||||
"version": "7561fd330312538d22b00e0c7caecb4ba66321ea",
|
||||
"sum": "+z5VY+bPBNqXcmNAV8xbJcbsRA+pro1R3IM7aIY8OlU="
|
||||
},
|
||||
{
|
||||
"source": {
|
||||
|
@ -78,8 +98,8 @@
|
|||
"subdir": "doc-util"
|
||||
}
|
||||
},
|
||||
"version": "503e5c8fe96d6b55775037713ac10b184709ad93",
|
||||
"sum": "BY4u0kLF3Qf/4IB4HnX9S5kEQIpHb4MUrppp6WLDtlU="
|
||||
"version": "6ac6c69685b8c29c54515448eaca583da2d88150",
|
||||
"sum": "BrAL/k23jq+xy9oA7TWIhUx07dsA/QLm3g7ktCwe//U="
|
||||
},
|
||||
{
|
||||
"source": {
|
||||
|
@ -88,8 +108,8 @@
|
|||
"subdir": ""
|
||||
}
|
||||
},
|
||||
"version": "c1a315a7dbead0335a5e0486acc5583395b22a24",
|
||||
"sum": "UVdL+uuFI8BSQgLfMJEJk2WDKsQXNT3dRHcr2Ti9rLI="
|
||||
"version": "fc2e57a8839902ed4ba6cab5a99d642500f7102b",
|
||||
"sum": "43waffw1QzvpY4rKcWoo3L7Vpee+DCYexwLDd5cPG0M="
|
||||
},
|
||||
{
|
||||
"source": {
|
||||
|
@ -98,8 +118,8 @@
|
|||
"subdir": ""
|
||||
}
|
||||
},
|
||||
"version": "2dbe4f9625a811b8b89f0495e74509c74779da82",
|
||||
"sum": "Fe7bN9E6qeKNUdENjQvYttgf4S1DDqXRVB80wdmQgHQ="
|
||||
"version": "a1c276d7a46c4b06fa5d8b4a64441939d398efe5",
|
||||
"sum": "b/mEai1MvVnZ22YvZlXEO4jWDZledrtJg8eOS1ZUj0M="
|
||||
},
|
||||
{
|
||||
"source": {
|
||||
|
@ -108,8 +128,8 @@
|
|||
"subdir": "jsonnet/kube-state-metrics"
|
||||
}
|
||||
},
|
||||
"version": "c707af4c2d84193a3480729b3525b0fc3d686e73",
|
||||
"sum": "+dOzAK+fwsFf97uZpjcjTcEJEC1H8hh/j8f5uIQK/5g="
|
||||
"version": "9ba1c3702142918e09e8eb5ca530e15198624259",
|
||||
"sum": "msMZyUvcebzRILLzNlTIiSOwa1XgQKtP7jbZTkiqwM0="
|
||||
},
|
||||
{
|
||||
"source": {
|
||||
|
@ -118,7 +138,7 @@
|
|||
"subdir": "jsonnet/kube-state-metrics-mixin"
|
||||
}
|
||||
},
|
||||
"version": "c707af4c2d84193a3480729b3525b0fc3d686e73",
|
||||
"version": "9ba1c3702142918e09e8eb5ca530e15198624259",
|
||||
"sum": "qclI7LwucTjBef3PkGBkKxF0mfZPbHnn4rlNWKGtR4c="
|
||||
},
|
||||
{
|
||||
|
@ -138,8 +158,8 @@
|
|||
"subdir": "jsonnet/kube-prometheus"
|
||||
}
|
||||
},
|
||||
"version": "035b09f42441d4630b3a3de4e4a490d19b1ba5e4",
|
||||
"sum": "bp+cUUcoQjREBPigCP2S1xIvrh7HDQeYqCcrHCuDnUQ="
|
||||
"version": "76f2e1ef95be0df752037baa040781c5219e1fb3",
|
||||
"sum": "IgpAgyyBZ7VT2vr9kSYQP/lkZUNQnbqpGh2sYCtUKs0="
|
||||
},
|
||||
{
|
||||
"source": {
|
||||
|
@ -148,8 +168,8 @@
|
|||
"subdir": "jsonnet/mixin"
|
||||
}
|
||||
},
|
||||
"version": "0d918323945ce87f0094c05c153075c0a6edc8de",
|
||||
"sum": "n3flMIzlADeyygb0uipZ4KPp2uNSjdtkrwgHjTC7Ca4=",
|
||||
"version": "8f8464b41775e13c71c2700799352a3dcd82f528",
|
||||
"sum": "gi+knjdxs2T715iIQIntrimbHRgHnpM8IFBJDD1gYfs=",
|
||||
"name": "prometheus-operator-mixin"
|
||||
},
|
||||
{
|
||||
|
@ -159,8 +179,8 @@
|
|||
"subdir": "jsonnet/prometheus-operator"
|
||||
}
|
||||
},
|
||||
"version": "0d918323945ce87f0094c05c153075c0a6edc8de",
|
||||
"sum": "1X9mGAj+nRaBAgNRG19mYtDc+ZLVIeAiK5M3h0Tpu7A="
|
||||
"version": "8f8464b41775e13c71c2700799352a3dcd82f528",
|
||||
"sum": "/xycwh6lbet/dMzqZHJjSv6AfBEAQPAgk+1usi3d3W4="
|
||||
},
|
||||
{
|
||||
"source": {
|
||||
|
@ -169,7 +189,7 @@
|
|||
"subdir": "doc/alertmanager-mixin"
|
||||
}
|
||||
},
|
||||
"version": "83486834deb4f886b4828cad3dbbe42d141d951d",
|
||||
"version": "14cbe6301c732658d6fe877ec55ad5b738abcf06",
|
||||
"sum": "IpF46ZXsm+0wJJAPtAre8+yxTNZA57mBqGpBP/r7/kw=",
|
||||
"name": "alertmanager"
|
||||
},
|
||||
|
@ -180,8 +200,8 @@
|
|||
"subdir": "docs/node-mixin"
|
||||
}
|
||||
},
|
||||
"version": "9666d002487039ac66b20287998945461eefe746",
|
||||
"sum": "QZwFBpulndqo799gkR5rP2/WdcQKQkNnaBwhaOI8Jeg="
|
||||
"version": "6425f079d162ebd22d4c6c4e4d7e4a36ebbe2239",
|
||||
"sum": "vWhHvFqV7+fxrQddTeGVKi1e4EzB3VWtNyD8TjSmevY="
|
||||
},
|
||||
{
|
||||
"source": {
|
||||
|
@ -190,8 +210,8 @@
|
|||
"subdir": "documentation/prometheus-mixin"
|
||||
}
|
||||
},
|
||||
"version": "2ae84f980f981a004143c8239f4f20a35547ef04",
|
||||
"sum": "rNvddVTMNfaguOGzEGoeKjUsfhlXJBUImC+SIFNNCiM=",
|
||||
"version": "bfaa0a319ceca0814b076072a61cc1640e6a4f36",
|
||||
"sum": "u/Fpz2MPkezy71/q+c7mF0vc3hE9fWt2W/YbvF0LP/8=",
|
||||
"name": "prometheus"
|
||||
},
|
||||
{
|
||||
|
@ -212,7 +232,7 @@
|
|||
"subdir": "mixin"
|
||||
}
|
||||
},
|
||||
"version": "e7aecb401f54bec52540900d455a9c226c5791ff",
|
||||
"version": "4a2a4555d24665a52c3ed43e007301dd492af9b3",
|
||||
"sum": "HhSSbGGCNHCMy1ee5jElYDm0yS9Vesa7QB2/SHKdjsY=",
|
||||
"name": "thanos-mixin"
|
||||
}
|
||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -22,7 +22,7 @@ spec:
|
|||
# the snapshot controller won't be marked as ready if the v1 CRDs are unavailable
|
||||
# in #504 the snapshot-controller will exit after around 7.5 seconds if it
|
||||
# can't find the v1 CRDs so this value should be greater than that
|
||||
minReadySeconds: 15
|
||||
minReadySeconds: 35
|
||||
strategy:
|
||||
rollingUpdate:
|
||||
maxSurge: 0
|
||||
|
|
|
@ -6,6 +6,7 @@
|
|||
# namespace for components implementing base system functionality. For installing with
|
||||
# Vanilla Kubernetes, kube-system makes sense for the namespace.
|
||||
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
|
@ -16,7 +17,6 @@ metadata:
|
|||
kind: ClusterRole
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
# rename if there are conflicts
|
||||
name: snapshot-controller-runner
|
||||
rules:
|
||||
- apiGroups: [""]
|
||||
|
@ -39,15 +39,31 @@ rules:
|
|||
verbs: ["patch"]
|
||||
- apiGroups: ["snapshot.storage.k8s.io"]
|
||||
resources: ["volumesnapshots"]
|
||||
verbs: ["get", "list", "watch", "update", "patch"]
|
||||
verbs: ["get", "list", "watch", "update", "patch", "delete"]
|
||||
- apiGroups: ["snapshot.storage.k8s.io"]
|
||||
resources: ["volumesnapshots/status"]
|
||||
verbs: ["update", "patch"]
|
||||
|
||||
- apiGroups: ["groupsnapshot.storage.k8s.io"]
|
||||
resources: ["volumegroupsnapshotclasses"]
|
||||
verbs: ["get", "list", "watch"]
|
||||
- apiGroups: ["groupsnapshot.storage.k8s.io"]
|
||||
resources: ["volumegroupsnapshotcontents"]
|
||||
verbs: ["create", "get", "list", "watch", "update", "delete", "patch"]
|
||||
- apiGroups: ["groupsnapshot.storage.k8s.io"]
|
||||
resources: ["volumegroupsnapshotcontents/status"]
|
||||
verbs: ["patch"]
|
||||
- apiGroups: ["groupsnapshot.storage.k8s.io"]
|
||||
resources: ["volumegroupsnapshots"]
|
||||
verbs: ["get", "list", "watch", "update", "patch"]
|
||||
- apiGroups: ["groupsnapshot.storage.k8s.io"]
|
||||
resources: ["volumegroupsnapshots/status"]
|
||||
verbs: ["update", "patch"]
|
||||
|
||||
# Enable this RBAC rule only when using distributed snapshotting, i.e. when the enable-distributed-snapshotting flag is set to true
|
||||
# - apiGroups: [""]
|
||||
# resources: ["nodes"]
|
||||
# verbs: ["get", "list", "watch"]
|
||||
|
||||
---
|
||||
kind: ClusterRoleBinding
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
|
@ -59,7 +75,6 @@ subjects:
|
|||
namespace: kube-system
|
||||
roleRef:
|
||||
kind: ClusterRole
|
||||
# change the name also here if the ClusterRole gets renamed
|
||||
name: snapshot-controller-runner
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
|
||||
|
@ -67,8 +82,8 @@ roleRef:
|
|||
kind: Role
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
namespace: kube-system
|
||||
name: snapshot-controller-leaderelection
|
||||
namespace: kube-system
|
||||
rules:
|
||||
- apiGroups: ["coordination.k8s.io"]
|
||||
resources: ["leases"]
|
||||
|
@ -83,7 +98,6 @@ metadata:
|
|||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: snapshot-controller
|
||||
namespace: kube-system
|
||||
roleRef:
|
||||
kind: Role
|
||||
name: snapshot-controller-leaderelection
|
||||
|
|
|
@ -1,11 +1,11 @@
|
|||
{{- if .Values.crd.volumeSnapshot }}
|
||||
{{- if .Values.snapshotController.enabled }}
|
||||
---
|
||||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.11.3
|
||||
api-approved.kubernetes.io: "https://github.com/kubernetes-csi/external-snapshotter/pull/814"
|
||||
controller-gen.kubebuilder.io/version: v0.12.0
|
||||
creationTimestamp: null
|
||||
name: volumesnapshotclasses.snapshot.storage.k8s.io
|
||||
spec:
|
||||
|
@ -66,6 +66,8 @@ spec:
|
|||
object represents. Servers may infer this from the endpoint the client
|
||||
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||
type: string
|
||||
metadata:
|
||||
type: object
|
||||
parameters:
|
||||
additionalProperties:
|
||||
type: string
|
||||
|
|
|
@ -1,11 +1,11 @@
|
|||
{{- if .Values.crd.volumeSnapshot }}
|
||||
{{- if .Values.snapshotController.enabled }}
|
||||
---
|
||||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.11.3
|
||||
api-approved.kubernetes.io: "https://github.com/kubernetes-csi/external-snapshotter/pull/814"
|
||||
api-approved.kubernetes.io: "https://github.com/kubernetes-csi/external-snapshotter/pull/955"
|
||||
controller-gen.kubebuilder.io/version: v0.12.0
|
||||
creationTimestamp: null
|
||||
name: volumesnapshotcontents.snapshot.storage.k8s.io
|
||||
spec:
|
||||
|
@ -72,6 +72,8 @@ spec:
|
|||
object represents. Servers may infer this from the endpoint the client
|
||||
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||
type: string
|
||||
metadata:
|
||||
type: object
|
||||
spec:
|
||||
description: spec defines properties of a VolumeSnapshotContent created
|
||||
by the underlying storage system. Required.
|
||||
|
@ -241,9 +243,9 @@ spec:
|
|||
that dynamic snapshot creation has either failed or it is still
|
||||
in progress.
|
||||
type: string
|
||||
volumeGroupSnapshotContentName:
|
||||
description: VolumeGroupSnapshotContentName is the name of the VolumeGroupSnapshotContent
|
||||
of which this VolumeSnapshotContent is a part of.
|
||||
volumeGroupSnapshotHandle:
|
||||
description: VolumeGroupSnapshotHandle is the CSI "group_snapshot_id"
|
||||
of a group snapshot on the underlying storage system.
|
||||
type: string
|
||||
type: object
|
||||
required:
|
||||
|
|
|
@ -1,11 +1,11 @@
|
|||
{{- if .Values.crd.volumeSnapshot }}
|
||||
{{- if .Values.snapshotController.enabled }}
|
||||
---
|
||||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.11.3
|
||||
api-approved.kubernetes.io: "https://github.com/kubernetes-csi/external-snapshotter/pull/814"
|
||||
controller-gen.kubebuilder.io/version: v0.12.0
|
||||
creationTimestamp: null
|
||||
name: volumesnapshots.snapshot.storage.k8s.io
|
||||
spec:
|
||||
|
@ -75,6 +75,8 @@ spec:
|
|||
object represents. Servers may infer this from the endpoint the client
|
||||
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||
type: string
|
||||
metadata:
|
||||
type: object
|
||||
spec:
|
||||
description: 'spec defines the desired characteristics of a snapshot requested
|
||||
by a user. More info: https://kubernetes.io/docs/concepts/storage/volume-snapshots#volumesnapshots
|
||||
|
|
|
@ -6,20 +6,38 @@ set -ex
|
|||
#login_ecr_public
|
||||
update_helm
|
||||
|
||||
patch_chart gemini
|
||||
|
||||
patch_chart aws-ebs-csi-driver
|
||||
rm -rf charts/aws-ebs-csi-driver/templates/tests
|
||||
|
||||
patch_chart aws-efs-csi-driver
|
||||
|
||||
patch_chart lvm-localpv
|
||||
# move snapshotclasses/content from lvm-localpv to toplevel
|
||||
mv charts/lvm-localpv/templates/*crd.yaml templates/snapshot-controller
|
||||
|
||||
patch_chart gemini
|
||||
|
||||
# snapshotter
|
||||
_f="templates/snapshot-controller/rbac.yaml"
|
||||
echo "{{- if .Values.snapshotController.enabled }}" > $_f
|
||||
curl -L -s https://raw.githubusercontent.com/kubernetes-csi/external-snapshotter/master/deploy/kubernetes/snapshot-controller/rbac-snapshot-controller.yaml >> $_f
|
||||
echo "{{- end }}" >> $_f
|
||||
|
||||
# our controller.yaml is based on:
|
||||
# https://raw.githubusercontent.com/kubernetes-csi/external-snapshotter/master/deploy/kubernetes/snapshot-controller/setup-snapshot-controller.yaml
|
||||
|
||||
for crd in volumesnapshotclasses volumesnapshotcontents volumesnapshots; do
|
||||
_f="templates/snapshot-controller/${crd}-crd.yaml"
|
||||
echo "{{- if .Values.snapshotController.enabled }}" > $_f
|
||||
curl -L -s https://raw.githubusercontent.com/kubernetes-csi/external-snapshotter/master/client/config/crd/snapshot.storage.k8s.io_${crd}.yaml >> $_f
|
||||
echo "{{- end }}" >> $_f
|
||||
done
|
||||
|
||||
|
||||
# k8up - CRDs
|
||||
VERSION=$(yq eval '.dependencies[] | select(.name=="k8up") | .version' Chart.yaml)
|
||||
curl -L -s -o crds/k8up.yaml https://github.com/k8up-io/k8up/releases/download/k8up-${VERSION}/k8up-crd.yaml
|
||||
|
||||
_f="templates/k8up/crds.yaml"
|
||||
echo "{{- if .Values.k8up.enabled }}" > $_f
|
||||
curl -L -s https://github.com/k8up-io/k8up/releases/download/k8up-${VERSION}/k8up-crd.yaml >> $_f
|
||||
echo "{{- end }}" >> $_f
|
||||
|
||||
# Metrics
|
||||
cd jsonnet
|
||||
|
|
|
@ -1,12 +1,9 @@
|
|||
crd:
|
||||
volumeSnapshot: true
|
||||
|
||||
snapshotController:
|
||||
enabled: false
|
||||
|
||||
image:
|
||||
name: registry.k8s.io/sig-storage/snapshot-controller
|
||||
tag: v6.3.0
|
||||
tag: v7.0.1
|
||||
|
||||
replicas: 1
|
||||
logLevel: 2
|
||||
|
@ -28,6 +25,11 @@ snapshotController:
|
|||
lvm-localpv:
|
||||
enabled: false
|
||||
|
||||
crds:
|
||||
csi:
|
||||
volumeSnapshots:
|
||||
enabled: false
|
||||
|
||||
lvmNode:
|
||||
logLevel: 2
|
||||
nodeSelector:
|
||||
|
@ -190,6 +192,8 @@ aws-ebs-csi-driver:
|
|||
type: gp3
|
||||
encrypted: "true"
|
||||
|
||||
helmTester:
|
||||
enabled: false
|
||||
|
||||
aws-efs-csi-driver:
|
||||
enabled: false
|
||||
|
|
|
@ -2,7 +2,7 @@ apiVersion: v2
|
|||
name: kubezero
|
||||
description: KubeZero - Root App of Apps chart
|
||||
type: application
|
||||
version: 1.27.8
|
||||
version: 1.28.8
|
||||
home: https://kubezero.com
|
||||
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
||||
keywords:
|
||||
|
|
|
@ -1,7 +1,8 @@
|
|||
{{- define "argocd-values" }}
|
||||
{{- define "argo-values" }}
|
||||
|
||||
argo-cd:
|
||||
{{- with index .Values "argocd" "configs" }}
|
||||
enabled: {{ default "false" (index .Values "argo" "argo-cd" "enabled") }}
|
||||
{{- with index .Values "argo" "argo-cd" "configs" }}
|
||||
configs:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
|
@ -16,9 +17,17 @@ argo-cd:
|
|||
metrics:
|
||||
enabled: {{ .Values.metrics.enabled }}
|
||||
|
||||
{{- if and ( index .Values "argo" "argo-cd" "istio" "enabled" ) .Values.istio.enabled }}
|
||||
istio:
|
||||
{{- with index .Values "argo" "argo-cd" "istio" }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
argocd-apps:
|
||||
enabled: {{ default "false" (index .Values "argo" "argo-cd" "enabled") }}
|
||||
projects:
|
||||
- name: kubezero
|
||||
kubezero:
|
||||
namespace: argocd
|
||||
description: KubeZero - ZeroDownTime Kubernetes Platform
|
||||
sourceRepos:
|
||||
|
@ -33,7 +42,7 @@ argocd-apps:
|
|||
- group: '*'
|
||||
kind: '*'
|
||||
applications:
|
||||
- name: kubezero-git-sync
|
||||
kubezero-git-sync:
|
||||
namespace: argocd
|
||||
project: kubezero
|
||||
source:
|
||||
|
@ -54,9 +63,9 @@ argocd-apps:
|
|||
{{- end }}
|
||||
|
||||
argocd-image-updater:
|
||||
enabled: {{ default "false" (index .Values "argocd" "argocd-image-updater" "enabled") }}
|
||||
enabled: {{ default "false" (index .Values "argo" "argocd-image-updater" "enabled") }}
|
||||
|
||||
{{- with omit (index .Values "argocd" "argocd-image-updater") "enabled" }}
|
||||
{{- with omit (index .Values "argo" "argocd-image-updater") "enabled" }}
|
||||
{{- toYaml . | nindent 2 }}
|
||||
{{- end }}
|
||||
|
||||
|
@ -89,16 +98,9 @@ argocd-image-updater:
|
|||
metrics:
|
||||
enabled: {{ .Values.metrics.enabled }}
|
||||
|
||||
{{- if and ( index .Values "argocd" "istio" "enabled" ) .Values.istio.enabled }}
|
||||
istio:
|
||||
{{- with index .Values "argocd" "istio" }}
|
||||
{{- toYaml . | nindent 2 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{- end }}
|
||||
|
||||
{{- define "argocd-argo" }}
|
||||
{{- define "argo-argo" }}
|
||||
{{- end }}
|
||||
|
||||
{{ include "kubezero-app.app" . }}
|
|
@ -11,7 +11,7 @@ global:
|
|||
|
||||
addons:
|
||||
enabled: true
|
||||
targetRevision: 0.8.4
|
||||
targetRevision: 0.8.5
|
||||
external-dns:
|
||||
enabled: false
|
||||
forseti:
|
||||
|
@ -30,18 +30,18 @@ addons:
|
|||
network:
|
||||
enabled: true
|
||||
retain: true
|
||||
targetRevision: 0.4.6
|
||||
targetRevision: 0.5.1
|
||||
cilium:
|
||||
cluster: {}
|
||||
|
||||
cert-manager:
|
||||
enabled: false
|
||||
namespace: cert-manager
|
||||
targetRevision: 0.9.6
|
||||
targetRevision: 0.9.7
|
||||
|
||||
storage:
|
||||
enabled: false
|
||||
targetRevision: 0.8.4
|
||||
targetRevision: 0.8.6
|
||||
lvm-localpv:
|
||||
enabled: false
|
||||
aws-ebs-csi-driver:
|
||||
|
@ -110,11 +110,13 @@ logging:
|
|||
namespace: logging
|
||||
targetRevision: 0.8.10
|
||||
|
||||
argocd:
|
||||
argo:
|
||||
enabled: false
|
||||
namespace: argocd
|
||||
targetRevision: 0.13.3
|
||||
argocd-image-updater:
|
||||
targetRevision: 0.2.0
|
||||
argo-cd:
|
||||
enabled: false
|
||||
istio:
|
||||
enabled: false
|
||||
argocd-image-updater:
|
||||
enabled: false
|
||||
|
|
|
@ -0,0 +1,24 @@
|
|||
# KubeZero 1.28
|
||||
|
||||
## What's new - Major themes
|
||||
- all KubeZero and support AMIs based on Alpine 3.19.1
|
||||
- further reduced boot time, eg. less than 30s for a bastion on EC2
|
||||
- sub-second timestamps for all system logs
|
||||
- enabled TransparentHugePages incl. save settings for Golang
|
||||
|
||||
|
||||
## Fixes
|
||||
- `kubectl top nodes` works now using node-exporter metrics rather than cadvisor
|
||||
|
||||
## Version upgrades
|
||||
- cilium 1.14.4
|
||||
- istio 1.19.4
|
||||
- fluent-bit 2.2.0
|
||||
- ArgoCD 2.9
|
||||
- Prometheus / Grafana
|
||||
|
||||
### FeatureGates
|
||||
- CustomCPUCFSQuotaPeriod
|
||||
|
||||
## Known issues
|
||||
None.
|
Loading…
Reference in New Issue