Compare commits
7 Commits
821806977a
...
ddd965e841
Author | SHA1 | Date |
---|---|---|
Renovate Bot | ddd965e841 | |
Stefan Reimer | 5be0f7087e | |
Stefan Reimer | b9e52bc2d9 | |
Stefan Reimer | 2cdb30b178 | |
Renovate Bot | 828c467d37 | |
Renovate Bot | dbd1ade98c | |
Stefan Reimer | 730020b329 |
|
@ -13,13 +13,6 @@ SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
|
||||||
echo "Checking that all pods in kube-system are running ..."
|
echo "Checking that all pods in kube-system are running ..."
|
||||||
waitSystemPodsRunning
|
waitSystemPodsRunning
|
||||||
|
|
||||||
### v1.28
|
|
||||||
# - remove old argocd app, all resources will be taken over by argo.argo-cd
|
|
||||||
argo_used && kubectl patch app argocd -n argocd \
|
|
||||||
--type json \
|
|
||||||
--patch='[ { "op": "remove", "path": "/metadata/finalizers" } ]' && \
|
|
||||||
kubectl delete app argocd -n argocd || true
|
|
||||||
|
|
||||||
argo_used && disable_argo
|
argo_used && disable_argo
|
||||||
|
|
||||||
#all_nodes_upgrade ""
|
#all_nodes_upgrade ""
|
||||||
|
@ -30,6 +23,19 @@ control_plane_upgrade kubeadm_upgrade
|
||||||
# shellcheck disable=SC2015
|
# shellcheck disable=SC2015
|
||||||
#argo_used && kubectl edit app kubezero -n argocd || kubectl edit cm kubezero-values -n kube-system
|
#argo_used && kubectl edit app kubezero -n argocd || kubectl edit cm kubezero-values -n kube-system
|
||||||
|
|
||||||
|
### v1.28
|
||||||
|
# - remove old argocd app, all resources will be taken over by argo.argo-cd
|
||||||
|
argo_used && rc=$? || rc=$?
|
||||||
|
if [ $rc -eq 0 ]; then
|
||||||
|
kubectl patch app argocd -n argocd \
|
||||||
|
--type json \
|
||||||
|
--patch='[ { "op": "remove", "path": "/metadata/finalizers" } ]' && \
|
||||||
|
kubectl delete app argocd -n argocd || true
|
||||||
|
|
||||||
|
# remove legacy argocd app resources, but NOT kubezero-git-sync nor the appproject
|
||||||
|
kubectl api-resources --verbs=list --namespaced -o name | grep -ve 'app.*argoproj' | xargs -n 1 kubectl delete --ignore-not-found -l argocd.argoproj.io/instance=argocd -n argocd
|
||||||
|
fi
|
||||||
|
|
||||||
# upgrade modules
|
# upgrade modules
|
||||||
control_plane_upgrade "apply_network, apply_addons, apply_storage, apply_operators"
|
control_plane_upgrade "apply_network, apply_addons, apply_storage, apply_operators"
|
||||||
|
|
||||||
|
|
|
@ -6,7 +6,7 @@ cgroupDriver: cgroupfs
|
||||||
logging:
|
logging:
|
||||||
format: json
|
format: json
|
||||||
hairpinMode: hairpin-veth
|
hairpinMode: hairpin-veth
|
||||||
ContainerRuntimeEndpoint: "unix:///var/run/crio/crio.sock"
|
containerRuntimeEndpoint: "unix:///var/run/crio/crio.sock"
|
||||||
{{- if .Values.systemd }}
|
{{- if .Values.systemd }}
|
||||||
resolvConf: /run/systemd/resolve/resolv.conf
|
resolvConf: /run/systemd/resolve/resolv.conf
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
|
|
@ -24,7 +24,7 @@ spec:
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
- name: host
|
- name: host
|
||||||
mountPath: /host
|
mountPath: /host
|
||||||
readOnly: true
|
#readOnly: true
|
||||||
- name: workdir
|
- name: workdir
|
||||||
mountPath: /tmp
|
mountPath: /tmp
|
||||||
env:
|
env:
|
||||||
|
|
|
@ -2,7 +2,7 @@ apiVersion: v2
|
||||||
name: kubezero-ci
|
name: kubezero-ci
|
||||||
description: KubeZero umbrella chart for all things CI
|
description: KubeZero umbrella chart for all things CI
|
||||||
type: application
|
type: application
|
||||||
version: 0.8.8
|
version: 0.8.9
|
||||||
home: https://kubezero.com
|
home: https://kubezero.com
|
||||||
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
||||||
keywords:
|
keywords:
|
||||||
|
@ -22,7 +22,7 @@ dependencies:
|
||||||
repository: https://dl.gitea.io/charts/
|
repository: https://dl.gitea.io/charts/
|
||||||
condition: gitea.enabled
|
condition: gitea.enabled
|
||||||
- name: jenkins
|
- name: jenkins
|
||||||
version: 5.1.3
|
version: 5.1.5
|
||||||
repository: https://charts.jenkins.io
|
repository: https://charts.jenkins.io
|
||||||
condition: jenkins.enabled
|
condition: jenkins.enabled
|
||||||
- name: trivy
|
- name: trivy
|
||||||
|
@ -30,7 +30,7 @@ dependencies:
|
||||||
repository: https://aquasecurity.github.io/helm-charts/
|
repository: https://aquasecurity.github.io/helm-charts/
|
||||||
condition: trivy.enabled
|
condition: trivy.enabled
|
||||||
- name: renovate
|
- name: renovate
|
||||||
version: 37.267.1
|
version: 37.295.0
|
||||||
repository: https://docs.renovatebot.com/helm-charts
|
repository: https://docs.renovatebot.com/helm-charts
|
||||||
condition: renovate.enabled
|
condition: renovate.enabled
|
||||||
kubeVersion: ">= 1.25.0"
|
kubeVersion: ">= 1.25.0"
|
||||||
|
|
|
@ -22,7 +22,7 @@ dependencies:
|
||||||
#repository: https://nats-io.github.io/k8s/helm/charts/
|
#repository: https://nats-io.github.io/k8s/helm/charts/
|
||||||
condition: nats.enabled
|
condition: nats.enabled
|
||||||
- name: rabbitmq
|
- name: rabbitmq
|
||||||
version: 14.0.0
|
version: 14.0.1
|
||||||
repository: https://charts.bitnami.com/bitnami
|
repository: https://charts.bitnami.com/bitnami
|
||||||
condition: rabbitmq.enabled
|
condition: rabbitmq.enabled
|
||||||
- name: rabbitmq-cluster-operator
|
- name: rabbitmq-cluster-operator
|
||||||
|
|
|
@ -2,7 +2,7 @@ apiVersion: v2
|
||||||
name: kubezero-telemetry
|
name: kubezero-telemetry
|
||||||
description: KubeZero Umbrella Chart for OpenTelemetry, Jaeger etc.
|
description: KubeZero Umbrella Chart for OpenTelemetry, Jaeger etc.
|
||||||
type: application
|
type: application
|
||||||
version: 0.2.1
|
version: 0.2.2
|
||||||
home: https://kubezero.com
|
home: https://kubezero.com
|
||||||
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
||||||
keywords:
|
keywords:
|
||||||
|
@ -18,11 +18,11 @@ dependencies:
|
||||||
version: ">= 0.1.6"
|
version: ">= 0.1.6"
|
||||||
repository: https://cdn.zero-downtime.net/charts/
|
repository: https://cdn.zero-downtime.net/charts/
|
||||||
- name: opentelemetry-collector
|
- name: opentelemetry-collector
|
||||||
version: 0.86.2
|
version: 0.87.0
|
||||||
repository: https://open-telemetry.github.io/opentelemetry-helm-charts
|
repository: https://open-telemetry.github.io/opentelemetry-helm-charts
|
||||||
condition: opentelemetry-collector.enabled
|
condition: opentelemetry-collector.enabled
|
||||||
- name: jaeger
|
- name: jaeger
|
||||||
version: 2.0.1
|
version: 2.1.0
|
||||||
repository: https://jaegertracing.github.io/helm-charts
|
repository: https://jaegertracing.github.io/helm-charts
|
||||||
condition: jaeger.enabled
|
condition: jaeger.enabled
|
||||||
kubeVersion: ">= 1.26.0"
|
kubeVersion: ">= 1.26.0"
|
||||||
|
|
|
@ -0,0 +1,61 @@
|
||||||
|
# kubezero-telemetry
|
||||||
|
|
||||||
|
![Version: 0.2.2](https://img.shields.io/badge/Version-0.2.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
|
||||||
|
|
||||||
|
KubeZero Umbrella Chart for OpenTelemetry, Jaeger etc.
|
||||||
|
|
||||||
|
**Homepage:** <https://kubezero.com>
|
||||||
|
|
||||||
|
## Maintainers
|
||||||
|
|
||||||
|
| Name | Email | Url |
|
||||||
|
| ---- | ------ | --- |
|
||||||
|
| Stefan Reimer | <stefan@zero-downtime.net> | |
|
||||||
|
|
||||||
|
## Requirements
|
||||||
|
|
||||||
|
Kubernetes: `>= 1.26.0`
|
||||||
|
|
||||||
|
| Repository | Name | Version |
|
||||||
|
|------------|------|---------|
|
||||||
|
| https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.6 |
|
||||||
|
| https://jaegertracing.github.io/helm-charts | jaeger | 2.1.0 |
|
||||||
|
| https://open-telemetry.github.io/opentelemetry-helm-charts | opentelemetry-collector | 0.87.0 |
|
||||||
|
|
||||||
|
## Values
|
||||||
|
|
||||||
|
| Key | Type | Default | Description |
|
||||||
|
|-----|------|---------|-------------|
|
||||||
|
| jaeger.agent.enabled | bool | `false` | |
|
||||||
|
| jaeger.collector.service.otlp.grpc.name | string | `"otlp-grpc"` | |
|
||||||
|
| jaeger.collector.service.otlp.grpc.port | int | `4317` | |
|
||||||
|
| jaeger.collector.service.otlp.http.name | string | `"otlp-http"` | |
|
||||||
|
| jaeger.collector.service.otlp.http.port | int | `4318` | |
|
||||||
|
| jaeger.collector.serviceMonitor.enabled | bool | `false` | |
|
||||||
|
| jaeger.enabled | bool | `false` | |
|
||||||
|
| jaeger.istio.enabled | bool | `false` | |
|
||||||
|
| jaeger.istio.gateway | string | `"istio-ingress/private-ingressgateway"` | |
|
||||||
|
| jaeger.istio.url | string | `"jaeger.example.com"` | |
|
||||||
|
| jaeger.provisionDataStore.cassandra | bool | `false` | |
|
||||||
|
| jaeger.provisionDataStore.elasticsearch | bool | `false` | |
|
||||||
|
| jaeger.query.agentSidecar.enabled | bool | `false` | |
|
||||||
|
| jaeger.query.serviceMonitor.enabled | bool | `false` | |
|
||||||
|
| jaeger.storage.elasticsearch.cmdlineParams."es.tls.enabled" | string | `""` | |
|
||||||
|
| jaeger.storage.elasticsearch.cmdlineParams."es.tls.skip-host-verify" | string | `""` | |
|
||||||
|
| jaeger.storage.elasticsearch.host | string | `"telemetry"` | |
|
||||||
|
| jaeger.storage.elasticsearch.password | string | `"admin"` | |
|
||||||
|
| jaeger.storage.elasticsearch.scheme | string | `"https"` | |
|
||||||
|
| jaeger.storage.elasticsearch.user | string | `"admin"` | |
|
||||||
|
| jaeger.storage.type | string | `"elasticsearch"` | |
|
||||||
|
| opensearch.dashboard.enabled | bool | `false` | |
|
||||||
|
| opensearch.dashboard.istio.enabled | bool | `false` | |
|
||||||
|
| opensearch.dashboard.istio.gateway | string | `"istio-ingress/private-ingressgateway"` | |
|
||||||
|
| opensearch.dashboard.istio.url | string | `"telemetry-dashboard.example.com"` | |
|
||||||
|
| opensearch.nodeSets | list | `[]` | |
|
||||||
|
| opensearch.prometheus | bool | `false` | |
|
||||||
|
| opensearch.version | string | `"2.13.0"` | |
|
||||||
|
| opentelemetry-collector.enabled | bool | `false` | |
|
||||||
|
| opentelemetry-collector.mode | string | `"deployment"` | |
|
||||||
|
|
||||||
|
----------------------------------------------
|
||||||
|
Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0)
|
|
@ -17,6 +17,14 @@ spec:
|
||||||
enable: {{ .Values.opensearch.prometheus }}
|
enable: {{ .Values.opensearch.prometheus }}
|
||||||
tlsConfig:
|
tlsConfig:
|
||||||
insecureSkipVerify: true
|
insecureSkipVerify: true
|
||||||
|
podSecurityContext:
|
||||||
|
runAsUser: 1000
|
||||||
|
runAsGroup: 1000
|
||||||
|
runAsNonRoot: true
|
||||||
|
fsGroup: 1000
|
||||||
|
securityContext:
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
|
privileged: false
|
||||||
{{- if .Values.opensearch.dashboard.enabled }}
|
{{- if .Values.opensearch.dashboard.enabled }}
|
||||||
# https://github.com/opensearch-project/OpenSearch-Dashboards/blob/main/config/opensearch_dashboards.yml
|
# https://github.com/opensearch-project/OpenSearch-Dashboards/blob/main/config/opensearch_dashboards.yml
|
||||||
dashboards:
|
dashboards:
|
||||||
|
@ -56,15 +64,18 @@ spec:
|
||||||
opster.io/opensearch-cluster: {{ template "kubezero-lib.fullname" $ }}
|
opster.io/opensearch-cluster: {{ template "kubezero-lib.fullname" $ }}
|
||||||
additionalConfig:
|
additionalConfig:
|
||||||
index.codec: zstd_no_dict
|
index.codec: zstd_no_dict
|
||||||
indices.time_series_index.default_index_merge_policy: log_byte_size
|
indices.time_series_index.default_index_merge_policy: log_byte_size
|
||||||
{{- with .zone }}
|
{{- with .zone }}
|
||||||
cluster.routing.allocation.awareness.attributes: k8s_node_name,zone
|
cluster.routing.allocation.awareness.attributes: k8s_node_name,zone
|
||||||
node.attr.zone: {{ . }}
|
node.attr.zone: {{ . }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
{{- with $.Values.opensearch.settings }}
|
||||||
|
{{- toYaml . | nindent 8 }}
|
||||||
|
{{- end }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
security:
|
security:
|
||||||
config:
|
config:
|
||||||
adminSecret:
|
adminSecret:
|
||||||
name: {{ template "kubezero-lib.fullname" . }}-admin-tls
|
name: {{ template "kubezero-lib.fullname" . }}-admin-tls
|
||||||
tls:
|
tls:
|
||||||
transport:
|
transport:
|
||||||
|
|
|
@ -7,3 +7,5 @@ set -ex
|
||||||
|
|
||||||
#login_ecr_public
|
#login_ecr_public
|
||||||
update_helm
|
update_helm
|
||||||
|
|
||||||
|
update_docs
|
||||||
|
|
|
@ -52,6 +52,10 @@ opensearch:
|
||||||
version: 2.11.1
|
version: 2.11.1
|
||||||
prometheus: false
|
prometheus: false
|
||||||
|
|
||||||
|
# custom cluster settings
|
||||||
|
#settings:
|
||||||
|
# index.number_of_shards: 1
|
||||||
|
|
||||||
nodeSets:
|
nodeSets:
|
||||||
- name: default
|
- name: default
|
||||||
replicas: 2
|
replicas: 2
|
||||||
|
|
|
@ -49,9 +49,13 @@ jaeger:
|
||||||
url: jaeger.example.com
|
url: jaeger.example.com
|
||||||
|
|
||||||
opensearch:
|
opensearch:
|
||||||
version: 2.12.0
|
version: 2.13.0
|
||||||
prometheus: false
|
prometheus: false
|
||||||
|
|
||||||
|
# custom cluster settings
|
||||||
|
#settings:
|
||||||
|
# index.number_of_shards: 1
|
||||||
|
|
||||||
nodeSets: []
|
nodeSets: []
|
||||||
#- name: default-nodes
|
#- name: default-nodes
|
||||||
# replicas: 2
|
# replicas: 2
|
||||||
|
|
|
@ -30,6 +30,11 @@ opensearch:
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
|
||||||
|
{{- with .Values.telemetry.opensearch.settings }}
|
||||||
|
settings:
|
||||||
|
{{- toYaml . | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
prometheus: {{ .Values.metrics.enabled }}
|
prometheus: {{ .Values.metrics.enabled }}
|
||||||
|
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
|
|
@ -85,7 +85,7 @@ falco:
|
||||||
telemetry:
|
telemetry:
|
||||||
enabled: false
|
enabled: false
|
||||||
namespace: telemetry
|
namespace: telemetry
|
||||||
targetRevision: 0.2.1
|
targetRevision: 0.2.2
|
||||||
|
|
||||||
operators:
|
operators:
|
||||||
enabled: false
|
enabled: false
|
||||||
|
|
|
@ -4,7 +4,7 @@
|
||||||
- all KubeZero and support AMIs based on Alpine 3.19.1
|
- all KubeZero and support AMIs based on Alpine 3.19.1
|
||||||
- further reduced boot time, eg. less than 30s for a bastion on EC2
|
- further reduced boot time, eg. less than 30s for a bastion on EC2
|
||||||
- sub-second timestamps for all system logs
|
- sub-second timestamps for all system logs
|
||||||
- enabled TransparentHugePages incl. save settings for Golang
|
- enabled TransparentHugePages on host kernel
|
||||||
|
|
||||||
## Version upgrades
|
## Version upgrades
|
||||||
- cilium 1.15.3
|
- cilium 1.15.3
|
||||||
|
|
Loading…
Reference in New Issue