Compare commits
24 Commits
c45f1d8a67
...
a52bca6bae
Author | SHA1 | Date |
---|---|---|
Renovate Bot | a52bca6bae | |
Stefan Reimer | 6b7746d3df | |
Stefan Reimer | 52de70a4a8 | |
Stefan Reimer | 5116e52bc9 | |
Stefan Reimer | 26d59f63da | |
Stefan Reimer | 8c2ef9cf2c | |
Stefan Reimer | 9fed97db49 | |
Stefan Reimer | 588e50f56e | |
Stefan Reimer | 908055bd36 | |
Renovate Bot | a05e6286cc | |
Renovate Bot | 7b153ac7cc | |
Renovate Bot | 3e1d8e9c3e | |
Stefan Reimer | 78639b623a | |
Stefan Reimer | 4e9c147b7e | |
Stefan Reimer | 64d76c283a | |
Renovate Bot | 71f909e49e | |
Stefan Reimer | ed4a47dcec | |
Stefan Reimer | 3ab37e7a7b | |
Stefan Reimer | 798c3cba57 | |
Renovate Bot | 3b536f7c44 | |
Renovate Bot | 69e132c857 | |
Renovate Bot | fcd2192cb4 | |
Renovate Bot | b98dc98e81 | |
Renovate Bot | cfda9b6a92 |
|
@ -3,7 +3,7 @@ ARG ALPINE_VERSION=3.19
|
|||
FROM docker.io/alpine:${ALPINE_VERSION}
|
||||
|
||||
ARG ALPINE_VERSION
|
||||
ARG KUBE_VERSION=1.28
|
||||
ARG KUBE_VERSION=1.28.8
|
||||
|
||||
RUN cd /etc/apk/keys && \
|
||||
wget "https://cdn.zero-downtime.net/alpine/stefan@zero-downtime.net-61bb6bfb.rsa.pub" && \
|
||||
|
|
24
README.md
24
README.md
|
@ -18,7 +18,7 @@ KubeZero is a Kubernetes distribution providing an integrated container platform
|
|||
|
||||
|
||||
# Version / Support Matrix
|
||||
KubeZero releases track the same *minor* version of Kubernetes.
|
||||
KubeZero releases track the same *minor* version of Kubernetes.
|
||||
Any 1.26.X-Y release of Kubezero supports any Kubernetes cluster 1.26.X.
|
||||
|
||||
KubeZero is distributed as a collection of versioned Helm charts, allowing custom upgrade schedules and module versions as needed.
|
||||
|
@ -28,15 +28,15 @@ KubeZero is distributed as a collection of versioned Helm charts, allowing custo
|
|||
gantt
|
||||
title KubeZero Support Timeline
|
||||
dateFormat YYYY-MM-DD
|
||||
section 1.25
|
||||
beta :125b, 2023-03-01, 2023-03-31
|
||||
release :after 125b, 2023-08-01
|
||||
section 1.26
|
||||
beta :126b, 2023-06-01, 2023-06-30
|
||||
release :after 126b, 2023-11-01
|
||||
section 1.27
|
||||
beta :127b, 2023-09-01, 2023-09-30
|
||||
release :after 127b, 2024-02-01
|
||||
release :after 127b, 2024-04-30
|
||||
section 1.28
|
||||
beta :128b, 2024-03-01, 2024-04-30
|
||||
release :after 128b, 2024-08-31
|
||||
section 1.29
|
||||
beta :129b, 2024-07-01, 2024-08-30
|
||||
release :after 129b, 2024-11-30
|
||||
```
|
||||
|
||||
[Upstream release policy](https://kubernetes.io/releases/)
|
||||
|
@ -57,7 +57,7 @@ gantt
|
|||
|
||||
## Featured workloads
|
||||
- rootless CI/CD build platform to build containers as part of a CI pipeline, using podman / fuse device plugin support
|
||||
- containerized AI models via integrated out of the box support for Nvidia GPU workers as well as AWS Neuron
|
||||
- containerized AI models via integrated out of the box support for Nvidia GPU workers as well as AWS Neuron
|
||||
|
||||
## Control plane
|
||||
- all Kubernetes components compiled against Alpine OS using `buildmode=pie`
|
||||
|
@ -85,12 +85,12 @@ gantt
|
|||
- CSI Snapshot controller and Gemini snapshot groups and retention
|
||||
|
||||
## Ingress
|
||||
- AWS Network Loadbalancer and Istio Ingress controllers
|
||||
- AWS Network Loadbalancer and Istio Ingress controllers
|
||||
- no additional costs per exposed service
|
||||
- real client source IP available to workloads via HTTP header and access logs
|
||||
- ACME SSL Certificate handling via cert-manager incl. renewal etc.
|
||||
- support for TCP services
|
||||
- optional rate limiting support
|
||||
- optional rate limiting support
|
||||
- optional full service mesh
|
||||
|
||||
## Metrics
|
||||
|
@ -104,4 +104,4 @@ gantt
|
|||
- flexible ElasticSearch setup, leveraging the ECK operator, for easy maintenance & minimal admin knowledge required, incl. automated backups to S3
|
||||
- Kibana allowing easy search and dashboards for all logs, incl. pre configured index templates and index management
|
||||
- [fluentd-concerter](https://git.zero-downtime.net/ZeroDownTime/container-park/src/branch/master/fluentd-concenter) service providing queuing during highload as well as additional parsing options
|
||||
- lightweight fluent-bit agents on each node requiring minimal resources forwarding logs secure via TLS to fluentd-concenter
|
||||
- lightweight fluent-bit agents on each node requiring minimal resources forwarding logs secure via TLS to fluentd-concenter
|
||||
|
|
|
@ -8,27 +8,11 @@ import yaml
|
|||
def migrate(values):
|
||||
"""Actual changes here"""
|
||||
|
||||
# Cleanup
|
||||
values.pop("Domain", None)
|
||||
values.pop("clusterName", None)
|
||||
if "addons" in values:
|
||||
if not values["addons"]:
|
||||
values.pop("addons")
|
||||
|
||||
# fix argoCD CM
|
||||
# argoCD moves to argo module
|
||||
try:
|
||||
if not values["argocd"]["configs"]["cm"]["url"].startswith("http"):
|
||||
values["argocd"]["configs"]["cm"]["url"] = "https://" + values["argocd"]["configs"]["cm"]["url"]
|
||||
except KeyError:
|
||||
pass
|
||||
|
||||
# migrate eck operator to new operator module
|
||||
try:
|
||||
if values["logging"]["eck-operator"]["enabled"]:
|
||||
if "operators" not in values:
|
||||
values["operators"] = { "enabled": True }
|
||||
values["operators"]["eck-operator"] = { "enabled": True }
|
||||
values["logging"].pop("eck-operator", None)
|
||||
if values["argocd"]["enabled"]:
|
||||
values["argo"] = { "enabled": True, "argo-cd": values["argocd"] }
|
||||
values.pop("argocd")
|
||||
except KeyError:
|
||||
pass
|
||||
|
||||
|
|
|
@ -31,7 +31,14 @@ waitSystemPodsRunning
|
|||
|
||||
echo "Applying remaining KubeZero modules..."
|
||||
|
||||
control_plane_upgrade "apply_cert-manager, apply_istio, apply_istio-ingress, apply_istio-private-ingress, apply_logging, apply_metrics, apply_telemetry, apply_argocd"
|
||||
### v1.28
|
||||
# - remove old argocd app, all resources will be taken over by argo.argo-cd
|
||||
kubectl patch app argocd -n argocd \
|
||||
--type json \
|
||||
--patch='[ { "op": "remove", "path": "/metadata/finalizers" } ]' && \
|
||||
kubectl delete app argocd -n argocd || true
|
||||
|
||||
control_plane_upgrade "apply_cert-manager, apply_istio, apply_istio-ingress, apply_istio-private-ingress, apply_logging, apply_metrics, apply_telemetry, apply_argo"
|
||||
|
||||
# Trigger backup of upgraded cluster state
|
||||
kubectl create job --from=cronjob/kubezero-backup kubezero-backup-$VERSION -n kube-system
|
||||
|
|
|
@ -1,11 +1,12 @@
|
|||
apiVersion: v2
|
||||
description: KubeZero Argo - Events, Workflow, CD
|
||||
name: kubezero-argo
|
||||
version: 0.1.0
|
||||
version: 0.2.0
|
||||
home: https://kubezero.com
|
||||
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
||||
keywords:
|
||||
- kubezero
|
||||
- argocd
|
||||
- argo-events
|
||||
- argo-workflow
|
||||
maintainers:
|
||||
|
@ -17,7 +18,19 @@ dependencies:
|
|||
version: ">= 0.1.6"
|
||||
repository: https://cdn.zero-downtime.net/charts/
|
||||
- name: argo-events
|
||||
version: 2.4.3
|
||||
version: 2.4.4
|
||||
repository: https://argoproj.github.io/argo-helm
|
||||
condition: argo-events.enabled
|
||||
- name: argo-cd
|
||||
version: 6.7.3
|
||||
repository: https://argoproj.github.io/argo-helm
|
||||
condition: argo-cd.enabled
|
||||
- name: argocd-apps
|
||||
version: 2.0.0
|
||||
repository: https://argoproj.github.io/argo-helm
|
||||
condition: argo-cd.enabled
|
||||
- name: argocd-image-updater
|
||||
version: 0.9.6
|
||||
repository: https://argoproj.github.io/argo-helm
|
||||
condition: argocd-image-updater.enabled
|
||||
kubeVersion: ">= 1.26.0"
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# kubezero-argo
|
||||
|
||||
![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square)
|
||||
![Version: 0.2.0](https://img.shields.io/badge/Version-0.2.0-informational?style=flat-square)
|
||||
|
||||
KubeZero Argo - Events, Workflow, CD
|
||||
|
||||
|
@ -18,13 +18,48 @@ Kubernetes: `>= 1.26.0`
|
|||
|
||||
| Repository | Name | Version |
|
||||
|------------|------|---------|
|
||||
| https://argoproj.github.io/argo-helm | argo-events | 2.4.3 |
|
||||
| https://argoproj.github.io/argo-helm | argo-cd | 6.7.3 |
|
||||
| https://argoproj.github.io/argo-helm | argo-events | 2.4.4 |
|
||||
| https://argoproj.github.io/argo-helm | argocd-apps | 2.0.0 |
|
||||
| https://argoproj.github.io/argo-helm | argocd-image-updater | 0.9.6 |
|
||||
| https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.6 |
|
||||
|
||||
## Values
|
||||
|
||||
| Key | Type | Default | Description |
|
||||
|-----|------|---------|-------------|
|
||||
| argo-cd.applicationSet.enabled | bool | `false` | |
|
||||
| argo-cd.configs.cm."resource.customizations" | string | `"cert-manager.io/Certificate:\n # Lua script for customizing the health status assessment\n health.lua: |\n hs = {}\n if obj.status ~= nil then\n if obj.status.conditions ~= nil then\n for i, condition in ipairs(obj.status.conditions) do\n if condition.type == \"Ready\" and condition.status == \"False\" then\n hs.status = \"Degraded\"\n hs.message = condition.message\n return hs\n end\n if condition.type == \"Ready\" and condition.status == \"True\" then\n hs.status = \"Healthy\"\n hs.message = condition.message\n return hs\n end\n end\n end\n end\n hs.status = \"Progressing\"\n hs.message = \"Waiting for certificate\"\n return hs\n"` | |
|
||||
| argo-cd.configs.cm."timeout.reconciliation" | int | `300` | |
|
||||
| argo-cd.configs.cm."ui.bannercontent" | string | `"KubeZero v1.27 - Release notes"` | |
|
||||
| argo-cd.configs.cm."ui.bannerpermanent" | string | `"true"` | |
|
||||
| argo-cd.configs.cm."ui.bannerposition" | string | `"bottom"` | |
|
||||
| argo-cd.configs.cm."ui.bannerurl" | string | `"https://kubezero.com/releases/v1.27"` | |
|
||||
| argo-cd.configs.cm.url | string | `"https://argocd.example.com"` | |
|
||||
| argo-cd.configs.knownHosts.data.ssh_known_hosts | string | `"bitbucket.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPIQmuzMBuKdWeF4+a2sjSSpBK0iqitSQ+5BM9KhpexuGt20JpTVM7u5BDZngncgrqDMbWdxMWWOGtZ9UgbqgZE=\nbitbucket.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIazEu89wgQZ4bqs3d63QSMzYVa0MuJ2e2gKTKqu+UUO\nbitbucket.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDQeJzhupRu0u0cdegZIa8e86EG2qOCsIsD1Xw0xSeiPDlCr7kq97NLmMbpKTX6Esc30NuoqEEHCuc7yWtwp8dI76EEEB1VqY9QJq6vk+aySyboD5QF61I/1WeTwu+deCbgKMGbUijeXhtfbxSxm6JwGrXrhBdofTsbKRUsrN1WoNgUa8uqN1Vx6WAJw1JHPhglEGGHea6QICwJOAr/6mrui/oB7pkaWKHj3z7d1IC4KWLtY47elvjbaTlkN04Kc/5LFEirorGYVbt15kAUlqGM65pk6ZBxtaO3+30LVlORZkxOh+LKL/BvbZ/iRNhItLqNyieoQj/uh/7Iv4uyH/cV/0b4WDSd3DptigWq84lJubb9t/DnZlrJazxyDCulTmKdOR7vs9gMTo+uoIrPSb8ScTtvw65+odKAlBj59dhnVp9zd7QUojOpXlL62Aw56U4oO+FALuevvMjiWeavKhJqlR7i5n9srYcrNV7ttmDw7kf/97P5zauIhxcjX+xHv4M=\ngithub.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg=\ngithub.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl\ngithub.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==\ngitlab.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFSMqzJeV9rUzU4kWitGjeR4PWSa29SPqJ1fVkhtj3Hw9xjLVXVYrU9QlYWrOLXBpQ6KWjbjTDTdDkoohFzgbEY=\ngitlab.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAfuCHKVTjquxvt6CM6tdG4SLp1Btn/nOeHHE5UOzRdf\ngitlab.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bNKTBSpIYDEGk9KxsGh3mySTRgMtXL583qmBpzeQ+jqCMRgBqB98u3z++J1sKlXHWfM9dyhSevkMwSbhoR8XIq/U0tCNyokEi/ueaBMCvbcTHhO7FcwzY92WK4Yt0aGROY5qX2UKSeOvuP4D6TPqKF1onrSzH9bx9XUf2lEdWT/ia1NEKjunUqu1xOB/StKDHMoX4/OKyIzuS0q/T1zOATthvasJFoPrAjkohTyaDUz2LN5JoH839hViyEG82yB+MjcFV5MU3N1l1QL3cVUCh93xSaua1N85qivl+siMkPGbO5xR/En4iEY6K2XPASUEMaieWVNTRCtJ4S8H+9\ngit.zero-downtime.net ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC8YdJ4YcOK7A0K7qOWsRjCS+wHTStXRcwBe7gjG43HPSNijiCKoGf/c+tfNsRhyouawg7Law6M6ahmS/jKWBpznRIM+OdOFVSuhnK/nr6h6wG3/ZfdLicyAPvx1/STGY/Fc6/zXA88i/9PV+g84gSVmhf3fGY92wokiASiu9DU4T9dT1gIkdyOX6fbMi1/mMKLSrHnAQcjyasYDvw9ISCJ95EoSwbj7O4c+7jo9fxYvdCfZZZAEZGozTRLAAO0AnjVcRah7bZV/jfHJuhOipV/TB7UVAhlVv1dfGV7hoTp9UKtKZFJF4cjIrSGxqQA/mdhSdLgkepK7yc4Jp2xGnaarhY29DfqsQqop+ugFpTbj7Xy5Rco07mXc6XssbAZhI1xtCOX20N4PufBuYippCK5AE6AiAyVtJmvfGQk4HP+TjOyhFo7PZm3wc9Hym7IBBVC0Sl30K8ddufkAgHwNGvvu1ZmD9ZWaMOXJDHBCZGMMr16QREZwVtZTwMEQalc7/yqmuqMhmcJIfs/GA2Lt91y+pq9C8XyeUL0VFPch0vkcLSRe3ghMZpRFJ/ht307xPcLzgTJqN6oQtNNDzSQglSEjwhge2K4GyWcIh+oGsWxWz5dHyk1iJmw90Y976BZIl/mYVgbTtZAJ81oGe/0k5rAe+LDL+Yq6tG28QFOg0QmiQ==\n"` | |
|
||||
| argo-cd.configs.params."controller.operation.processors" | string | `"5"` | |
|
||||
| argo-cd.configs.params."controller.status.processors" | string | `"10"` | |
|
||||
| argo-cd.configs.params."server.enable.gzip" | bool | `true` | |
|
||||
| argo-cd.configs.params."server.insecure" | bool | `true` | |
|
||||
| argo-cd.configs.secret.createSecret | bool | `false` | |
|
||||
| argo-cd.configs.styles | string | `".sidebar__logo img { content: url(https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png); }\n.sidebar__logo__text-logo { height: 0em; }\n.sidebar { background: linear-gradient(to bottom, #6A4D79, #493558, #2D1B30, #0D0711); }\n"` | |
|
||||
| argo-cd.controller.metrics.enabled | bool | `false` | |
|
||||
| argo-cd.controller.metrics.serviceMonitor.enabled | bool | `true` | |
|
||||
| argo-cd.controller.resources.limits.memory | string | `"2048Mi"` | |
|
||||
| argo-cd.controller.resources.requests.cpu | string | `"100m"` | |
|
||||
| argo-cd.controller.resources.requests.memory | string | `"512Mi"` | |
|
||||
| argo-cd.dex.enabled | bool | `false` | |
|
||||
| argo-cd.enabled | bool | `false` | |
|
||||
| argo-cd.global.logging.format | string | `"json"` | |
|
||||
| argo-cd.istio.enabled | bool | `false` | |
|
||||
| argo-cd.istio.gateway | string | `"istio-ingress/ingressgateway"` | |
|
||||
| argo-cd.istio.ipBlocks | list | `[]` | |
|
||||
| argo-cd.notifications.enabled | bool | `false` | |
|
||||
| argo-cd.repoServer.metrics.enabled | bool | `false` | |
|
||||
| argo-cd.repoServer.metrics.serviceMonitor.enabled | bool | `true` | |
|
||||
| argo-cd.server.metrics.enabled | bool | `false` | |
|
||||
| argo-cd.server.metrics.serviceMonitor.enabled | bool | `true` | |
|
||||
| argo-cd.server.service.servicePortHttpsName | string | `"grpc"` | |
|
||||
| argo-events.configs.jetstream.settings.maxFileStore | int | `-1` | Maximum size of the file storage (e.g. 20G) |
|
||||
| argo-events.configs.jetstream.settings.maxMemoryStore | int | `-1` | Maximum size of the memory storage (e.g. 1G) |
|
||||
| argo-events.configs.jetstream.streamConfig.duplicates | string | `"300s"` | Not documented at the moment |
|
||||
|
@ -38,6 +73,20 @@ Kubernetes: `>= 1.26.0`
|
|||
| argo-events.configs.jetstream.versions[0].startCommand | string | `"/nats-server"` | |
|
||||
| argo-events.configs.jetstream.versions[0].version | string | `"2.10.11"` | |
|
||||
| argo-events.enabled | bool | `false` | |
|
||||
| argocd-apps.applications | object | `{}` | |
|
||||
| argocd-apps.enabled | bool | `false` | |
|
||||
| argocd-apps.projects | object | `{}` | |
|
||||
| argocd-image-updater.authScripts.enabled | bool | `true` | |
|
||||
| argocd-image-updater.authScripts.scripts."ecr-login.sh" | string | `"#!/bin/sh\naws ecr --region $AWS_REGION get-authorization-token --output text --query 'authorizationData[].authorizationToken' | base64 -d\n"` | |
|
||||
| argocd-image-updater.authScripts.scripts."ecr-public-login.sh" | string | `"#!/bin/sh\naws ecr-public --region us-east-1 get-authorization-token --output text --query 'authorizationData.authorizationToken' | base64 -d\n"` | |
|
||||
| argocd-image-updater.config.argocd.plaintext | bool | `true` | |
|
||||
| argocd-image-updater.enabled | bool | `false` | |
|
||||
| argocd-image-updater.fullnameOverride | string | `"argocd-image-updater"` | |
|
||||
| argocd-image-updater.metrics.enabled | bool | `false` | |
|
||||
| argocd-image-updater.metrics.serviceMonitor.enabled | bool | `true` | |
|
||||
| argocd-image-updater.sshConfig.config | string | `"Host *\n PubkeyAcceptedAlgorithms +ssh-rsa\n HostkeyAlgorithms +ssh-rsa\n"` | |
|
||||
|
||||
## Resources
|
||||
- https://argoproj.github.io/argo-cd/operator-manual/metrics/
|
||||
- https://raw.githubusercontent.com/argoproj/argo-cd/master/examples/dashboard.json
|
||||
|
||||
|
|
|
@ -16,4 +16,6 @@
|
|||
{{ template "chart.valuesSection" . }}
|
||||
|
||||
## Resources
|
||||
- https://argoproj.github.io/argo-cd/operator-manual/metrics/
|
||||
- https://raw.githubusercontent.com/argoproj/argo-cd/master/examples/dashboard.json
|
||||
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
{{- if .Values.istio.enabled }}
|
||||
{{- if .Values.istio.ipBlocks }}
|
||||
{{- if index .Values "argo-cd" "istio" "enabled" }}
|
||||
{{- if index .Values "argo-cd" "istio" "ipBlocks" }}
|
||||
apiVersion: security.istio.io/v1beta1
|
||||
kind: AuthorizationPolicy
|
||||
metadata:
|
||||
|
@ -16,7 +16,7 @@ spec:
|
|||
- from:
|
||||
- source:
|
||||
notIpBlocks:
|
||||
{{- toYaml .Values.istio.ipBlocks | nindent 8 }}
|
||||
{{- toYaml (index .Values "argo-cd" "istio" "ipBlocks") | nindent 8 }}
|
||||
to:
|
||||
- operation:
|
||||
hosts: [{{ index .Values "argo-cd" "configs" "cm" "url" | quote }}]
|
|
@ -1,4 +1,4 @@
|
|||
{{- if .Values.istio.enabled }}
|
||||
{{- if index .Values "argo-cd" "istio" "enabled" }}
|
||||
apiVersion: networking.istio.io/v1alpha3
|
||||
kind: VirtualService
|
||||
metadata:
|
||||
|
@ -8,7 +8,7 @@ metadata:
|
|||
{{- include "kubezero-lib.labels" . | nindent 4 }}
|
||||
spec:
|
||||
gateways:
|
||||
- {{ .Values.istio.gateway }}
|
||||
- {{ index .Values "argo-cd" "istio" "gateway" }}
|
||||
hosts:
|
||||
- {{ get (urlParse (index .Values "argo-cd" "configs" "cm" "url")) "host" }}
|
||||
http:
|
||||
|
@ -19,13 +19,13 @@ spec:
|
|||
prefix: argocd-client
|
||||
route:
|
||||
- destination:
|
||||
host: argocd-server
|
||||
host: argo-argocd-server
|
||||
port:
|
||||
number: 443
|
||||
- name: http
|
||||
route:
|
||||
- destination:
|
||||
host: argocd-server
|
||||
host: argo-argocd-server
|
||||
port:
|
||||
number: 80
|
||||
{{- end }}
|
|
@ -5,6 +5,6 @@
|
|||
update_helm
|
||||
|
||||
# Create ZDT dashboard configmap
|
||||
#../kubezero-metrics/sync_grafana_dashboards.py dashboards.yaml templates/grafana-dashboards.yaml
|
||||
../kubezero-metrics/sync_grafana_dashboards.py dashboards.yaml templates/argo-cd/grafana-dashboards.yaml
|
||||
|
||||
update_docs
|
||||
|
|
|
@ -30,3 +30,157 @@ argo-events:
|
|||
configReloaderImage: natsio/nats-server-config-reloader:0.14.1
|
||||
startCommand: /nats-server
|
||||
|
||||
|
||||
argocd-apps:
|
||||
enabled: false
|
||||
projects: {}
|
||||
applications: {}
|
||||
|
||||
argo-cd:
|
||||
enabled: false
|
||||
#configs:
|
||||
# secret:
|
||||
# `htpasswd -nbBC 10 "" $ARGO_PWD | tr -d ':\n' | sed 's/$2y/$2a/'`
|
||||
# argocdServerAdminPassword: "$2a$10$ivKzaXVxMqdeDSfS3nqi1Od3iDbnL7oXrixzDfZFRHlXHnAG6LydG"
|
||||
# argocdServerAdminPasswordMtime: "2020-04-24T15:33:09BST"
|
||||
|
||||
global:
|
||||
logging:
|
||||
format: json
|
||||
# image:
|
||||
# tag: v2.1.6
|
||||
|
||||
configs:
|
||||
styles: |
|
||||
.sidebar__logo img { content: url(https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png); }
|
||||
.sidebar__logo__text-logo { height: 0em; }
|
||||
.sidebar { background: linear-gradient(to bottom, #6A4D79, #493558, #2D1B30, #0D0711); }
|
||||
|
||||
cm:
|
||||
ui.bannercontent: "KubeZero v1.27 - Release notes"
|
||||
ui.bannerurl: "https://kubezero.com/releases/v1.27"
|
||||
ui.bannerpermanent: "true"
|
||||
ui.bannerposition: "bottom"
|
||||
|
||||
# argo-cd.server.config.url -- ArgoCD URL being exposed via Istio
|
||||
url: https://argocd.example.com
|
||||
|
||||
timeout.reconciliation: 300s
|
||||
|
||||
resource.customizations: |
|
||||
cert-manager.io/Certificate:
|
||||
# Lua script for customizing the health status assessment
|
||||
health.lua: |
|
||||
hs = {}
|
||||
if obj.status ~= nil then
|
||||
if obj.status.conditions ~= nil then
|
||||
for i, condition in ipairs(obj.status.conditions) do
|
||||
if condition.type == "Ready" and condition.status == "False" then
|
||||
hs.status = "Degraded"
|
||||
hs.message = condition.message
|
||||
return hs
|
||||
end
|
||||
if condition.type == "Ready" and condition.status == "True" then
|
||||
hs.status = "Healthy"
|
||||
hs.message = condition.message
|
||||
return hs
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
hs.status = "Progressing"
|
||||
hs.message = "Waiting for certificate"
|
||||
return hs
|
||||
|
||||
secret:
|
||||
createSecret: false
|
||||
|
||||
ssh:
|
||||
extraHosts: "git.zero-downtime.net ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC8YdJ4YcOK7A0K7qOWsRjCS+wHTStXRcwBe7gjG43HPSNijiCKoGf/c+tfNsRhyouawg7Law6M6ahmS/jKWBpznRIM+OdOFVSuhnK/nr6h6wG3/ZfdLicyAPvx1/STGY/Fc6/zXA88i/9PV+g84gSVmhf3fGY92wokiASiu9DU4T9dT1gIkdyOX6fbMi1/mMKLSrHnAQcjyasYDvw9ISCJ95EoSwbj7O4c+7jo9fxYvdCfZZZAEZGozTRLAAO0AnjVcRah7bZV/jfHJuhOipV/TB7UVAhlVv1dfGV7hoTp9UKtKZFJF4cjIrSGxqQA/mdhSdLgkepK7yc4Jp2xGnaarhY29DfqsQqop+ugFpTbj7Xy5Rco07mXc6XssbAZhI1xtCOX20N4PufBuYippCK5AE6AiAyVtJmvfGQk4HP+TjOyhFo7PZm3wc9Hym7IBBVC0Sl30K8ddufkAgHwNGvvu1ZmD9ZWaMOXJDHBCZGMMr16QREZwVtZTwMEQalc7/yqmuqMhmcJIfs/GA2Lt91y+pq9C8XyeUL0VFPch0vkcLSRe3ghMZpRFJ/ht307xPcLzgTJqN6oQtNNDzSQglSEjwhge2K4GyWcIh+oGsWxWz5dHyk1iJmw90Y976BZIl/mYVgbTtZAJ81oGe/0k5rAe+LDL+Yq6tG28QFOg0QmiQ=="
|
||||
|
||||
params:
|
||||
controller.status.processors: "10"
|
||||
controller.operation.processors: "5"
|
||||
|
||||
server.insecure: true
|
||||
server.enable.gzip: true
|
||||
|
||||
controller:
|
||||
metrics:
|
||||
enabled: false
|
||||
serviceMonitor:
|
||||
enabled: true
|
||||
|
||||
resources:
|
||||
limits:
|
||||
# cpu: 500m
|
||||
memory: 2048Mi
|
||||
requests:
|
||||
cpu: 100m
|
||||
memory: 512Mi
|
||||
|
||||
repoServer:
|
||||
metrics:
|
||||
enabled: false
|
||||
serviceMonitor:
|
||||
enabled: true
|
||||
|
||||
server:
|
||||
# Rename former https port to grpc, works with istio + insecure
|
||||
service:
|
||||
servicePortHttpsName: grpc
|
||||
metrics:
|
||||
enabled: false
|
||||
serviceMonitor:
|
||||
enabled: true
|
||||
|
||||
# redis:
|
||||
# We might want to try to keep redis close to the controller
|
||||
# affinity:
|
||||
|
||||
dex:
|
||||
enabled: false
|
||||
|
||||
applicationSet:
|
||||
enabled: false
|
||||
|
||||
notifications:
|
||||
enabled: false
|
||||
|
||||
# Support for Istio Ingress for ArgoCD
|
||||
istio:
|
||||
# istio.enabled -- Deploy Istio VirtualService to expose ArgoCD
|
||||
enabled: false
|
||||
# istio.gateway -- Name of the Istio gateway to add the VirtualService to
|
||||
gateway: istio-ingress/ingressgateway
|
||||
ipBlocks: []
|
||||
|
||||
argocd-image-updater:
|
||||
enabled: false
|
||||
|
||||
# Unify all ArgoCD pieces under the same argocd namespace
|
||||
fullnameOverride: argocd-image-updater
|
||||
|
||||
config:
|
||||
argocd:
|
||||
plaintext: true
|
||||
|
||||
metrics:
|
||||
enabled: false
|
||||
serviceMonitor:
|
||||
enabled: true
|
||||
|
||||
authScripts:
|
||||
enabled: true
|
||||
scripts:
|
||||
ecr-login.sh: |
|
||||
#!/bin/sh
|
||||
aws ecr --region $AWS_REGION get-authorization-token --output text --query 'authorizationData[].authorizationToken' | base64 -d
|
||||
ecr-public-login.sh: |
|
||||
#!/bin/sh
|
||||
aws ecr-public --region us-east-1 get-authorization-token --output text --query 'authorizationData.authorizationToken' | base64 -d
|
||||
sshConfig:
|
||||
config: |
|
||||
Host *
|
||||
PubkeyAcceptedAlgorithms +ssh-rsa
|
||||
HostkeyAlgorithms +ssh-rsa
|
||||
|
|
|
@ -1,29 +0,0 @@
|
|||
apiVersion: v2
|
||||
description: KubeZero ArgoCD - config, branding, image-updater (optional)
|
||||
name: kubezero-argocd
|
||||
version: 0.13.3
|
||||
home: https://kubezero.com
|
||||
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
||||
keywords:
|
||||
- kubezero
|
||||
- argocd
|
||||
- argocd-image-updater
|
||||
maintainers:
|
||||
- name: Stefan Reimer
|
||||
email: stefan@zero-downtime.net
|
||||
# Url: https://github.com/argoproj/argo-helm/tree/main/charts
|
||||
dependencies:
|
||||
- name: kubezero-lib
|
||||
version: ">= 0.1.6"
|
||||
repository: https://cdn.zero-downtime.net/charts/
|
||||
- name: argo-cd
|
||||
version: 5.51.4
|
||||
repository: https://argoproj.github.io/argo-helm
|
||||
- name: argocd-apps
|
||||
version: 1.4.1
|
||||
repository: https://argoproj.github.io/argo-helm
|
||||
- name: argocd-image-updater
|
||||
version: 0.9.1
|
||||
repository: https://argoproj.github.io/argo-helm
|
||||
condition: argocd-image-updater.enabled
|
||||
kubeVersion: ">= 1.26.0"
|
|
@ -1,74 +0,0 @@
|
|||
# kubezero-argocd
|
||||
|
||||
![Version: 0.13.3](https://img.shields.io/badge/Version-0.13.3-informational?style=flat-square)
|
||||
|
||||
KubeZero ArgoCD - config, branding, image-updater (optional)
|
||||
|
||||
**Homepage:** <https://kubezero.com>
|
||||
|
||||
## Maintainers
|
||||
|
||||
| Name | Email | Url |
|
||||
| ---- | ------ | --- |
|
||||
| Stefan Reimer | <stefan@zero-downtime.net> | |
|
||||
|
||||
## Requirements
|
||||
|
||||
Kubernetes: `>= 1.26.0`
|
||||
|
||||
| Repository | Name | Version |
|
||||
|------------|------|---------|
|
||||
| https://argoproj.github.io/argo-helm | argo-cd | 5.51.4 |
|
||||
| https://argoproj.github.io/argo-helm | argocd-apps | 1.4.1 |
|
||||
| https://argoproj.github.io/argo-helm | argocd-image-updater | 0.9.1 |
|
||||
| https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.6 |
|
||||
|
||||
## Values
|
||||
|
||||
| Key | Type | Default | Description |
|
||||
|-----|------|---------|-------------|
|
||||
| argo-cd.applicationSet.enabled | bool | `false` | |
|
||||
| argo-cd.configs.cm."resource.customizations" | string | `"cert-manager.io/Certificate:\n # Lua script for customizing the health status assessment\n health.lua: |\n hs = {}\n if obj.status ~= nil then\n if obj.status.conditions ~= nil then\n for i, condition in ipairs(obj.status.conditions) do\n if condition.type == \"Ready\" and condition.status == \"False\" then\n hs.status = \"Degraded\"\n hs.message = condition.message\n return hs\n end\n if condition.type == \"Ready\" and condition.status == \"True\" then\n hs.status = \"Healthy\"\n hs.message = condition.message\n return hs\n end\n end\n end\n end\n hs.status = \"Progressing\"\n hs.message = \"Waiting for certificate\"\n return hs\n"` | |
|
||||
| argo-cd.configs.cm."timeout.reconciliation" | int | `300` | |
|
||||
| argo-cd.configs.cm."ui.bannercontent" | string | `"KubeZero v1.27 - Release notes"` | |
|
||||
| argo-cd.configs.cm."ui.bannerpermanent" | string | `"true"` | |
|
||||
| argo-cd.configs.cm."ui.bannerposition" | string | `"bottom"` | |
|
||||
| argo-cd.configs.cm."ui.bannerurl" | string | `"https://kubezero.com/releases/v1.27"` | |
|
||||
| argo-cd.configs.cm.url | string | `"https://argocd.example.com"` | |
|
||||
| argo-cd.configs.knownHosts.data.ssh_known_hosts | string | `"bitbucket.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPIQmuzMBuKdWeF4+a2sjSSpBK0iqitSQ+5BM9KhpexuGt20JpTVM7u5BDZngncgrqDMbWdxMWWOGtZ9UgbqgZE=\nbitbucket.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIazEu89wgQZ4bqs3d63QSMzYVa0MuJ2e2gKTKqu+UUO\nbitbucket.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDQeJzhupRu0u0cdegZIa8e86EG2qOCsIsD1Xw0xSeiPDlCr7kq97NLmMbpKTX6Esc30NuoqEEHCuc7yWtwp8dI76EEEB1VqY9QJq6vk+aySyboD5QF61I/1WeTwu+deCbgKMGbUijeXhtfbxSxm6JwGrXrhBdofTsbKRUsrN1WoNgUa8uqN1Vx6WAJw1JHPhglEGGHea6QICwJOAr/6mrui/oB7pkaWKHj3z7d1IC4KWLtY47elvjbaTlkN04Kc/5LFEirorGYVbt15kAUlqGM65pk6ZBxtaO3+30LVlORZkxOh+LKL/BvbZ/iRNhItLqNyieoQj/uh/7Iv4uyH/cV/0b4WDSd3DptigWq84lJubb9t/DnZlrJazxyDCulTmKdOR7vs9gMTo+uoIrPSb8ScTtvw65+odKAlBj59dhnVp9zd7QUojOpXlL62Aw56U4oO+FALuevvMjiWeavKhJqlR7i5n9srYcrNV7ttmDw7kf/97P5zauIhxcjX+xHv4M=\ngithub.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg=\ngithub.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl\ngithub.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==\ngitlab.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFSMqzJeV9rUzU4kWitGjeR4PWSa29SPqJ1fVkhtj3Hw9xjLVXVYrU9QlYWrOLXBpQ6KWjbjTDTdDkoohFzgbEY=\ngitlab.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAfuCHKVTjquxvt6CM6tdG4SLp1Btn/nOeHHE5UOzRdf\ngitlab.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bNKTBSpIYDEGk9KxsGh3mySTRgMtXL583qmBpzeQ+jqCMRgBqB98u3z++J1sKlXHWfM9dyhSevkMwSbhoR8XIq/U0tCNyokEi/ueaBMCvbcTHhO7FcwzY92WK4Yt0aGROY5qX2UKSeOvuP4D6TPqKF1onrSzH9bx9XUf2lEdWT/ia1NEKjunUqu1xOB/StKDHMoX4/OKyIzuS0q/T1zOATthvasJFoPrAjkohTyaDUz2LN5JoH839hViyEG82yB+MjcFV5MU3N1l1QL3cVUCh93xSaua1N85qivl+siMkPGbO5xR/En4iEY6K2XPASUEMaieWVNTRCtJ4S8H+9\ngit.zero-downtime.net ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC8YdJ4YcOK7A0K7qOWsRjCS+wHTStXRcwBe7gjG43HPSNijiCKoGf/c+tfNsRhyouawg7Law6M6ahmS/jKWBpznRIM+OdOFVSuhnK/nr6h6wG3/ZfdLicyAPvx1/STGY/Fc6/zXA88i/9PV+g84gSVmhf3fGY92wokiASiu9DU4T9dT1gIkdyOX6fbMi1/mMKLSrHnAQcjyasYDvw9ISCJ95EoSwbj7O4c+7jo9fxYvdCfZZZAEZGozTRLAAO0AnjVcRah7bZV/jfHJuhOipV/TB7UVAhlVv1dfGV7hoTp9UKtKZFJF4cjIrSGxqQA/mdhSdLgkepK7yc4Jp2xGnaarhY29DfqsQqop+ugFpTbj7Xy5Rco07mXc6XssbAZhI1xtCOX20N4PufBuYippCK5AE6AiAyVtJmvfGQk4HP+TjOyhFo7PZm3wc9Hym7IBBVC0Sl30K8ddufkAgHwNGvvu1ZmD9ZWaMOXJDHBCZGMMr16QREZwVtZTwMEQalc7/yqmuqMhmcJIfs/GA2Lt91y+pq9C8XyeUL0VFPch0vkcLSRe3ghMZpRFJ/ht307xPcLzgTJqN6oQtNNDzSQglSEjwhge2K4GyWcIh+oGsWxWz5dHyk1iJmw90Y976BZIl/mYVgbTtZAJ81oGe/0k5rAe+LDL+Yq6tG28QFOg0QmiQ==\n"` | |
|
||||
| argo-cd.configs.params."controller.operation.processors" | string | `"5"` | |
|
||||
| argo-cd.configs.params."controller.status.processors" | string | `"10"` | |
|
||||
| argo-cd.configs.params."server.enable.gzip" | bool | `true` | |
|
||||
| argo-cd.configs.params."server.insecure" | bool | `true` | |
|
||||
| argo-cd.configs.secret.createSecret | bool | `false` | |
|
||||
| argo-cd.configs.styles | string | `".sidebar__logo img { content: url(https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png); }\n.sidebar__logo__text-logo { height: 0em; }\n.sidebar { background: linear-gradient(to bottom, #6A4D79, #493558, #2D1B30, #0D0711); }\n"` | |
|
||||
| argo-cd.controller.metrics.enabled | bool | `false` | |
|
||||
| argo-cd.controller.metrics.serviceMonitor.enabled | bool | `true` | |
|
||||
| argo-cd.controller.resources.requests.cpu | string | `"100m"` | |
|
||||
| argo-cd.controller.resources.requests.memory | string | `"256Mi"` | |
|
||||
| argo-cd.dex.enabled | bool | `false` | |
|
||||
| argo-cd.global.logging.format | string | `"json"` | |
|
||||
| argo-cd.notifications.enabled | bool | `false` | |
|
||||
| argo-cd.repoServer.metrics.enabled | bool | `false` | |
|
||||
| argo-cd.repoServer.metrics.serviceMonitor.enabled | bool | `true` | |
|
||||
| argo-cd.server.metrics.enabled | bool | `false` | |
|
||||
| argo-cd.server.metrics.serviceMonitor.enabled | bool | `true` | |
|
||||
| argo-cd.server.service.servicePortHttpsName | string | `"grpc"` | |
|
||||
| argocd-apps.applications | list | `[]` | |
|
||||
| argocd-apps.projects | list | `[]` | |
|
||||
| argocd-image-updater.authScripts.enabled | bool | `true` | |
|
||||
| argocd-image-updater.authScripts.scripts."ecr-login.sh" | string | `"#!/bin/sh\naws ecr --region $AWS_REGION get-authorization-token --output text --query 'authorizationData[].authorizationToken' | base64 -d\n"` | |
|
||||
| argocd-image-updater.authScripts.scripts."ecr-public-login.sh" | string | `"#!/bin/sh\naws ecr-public --region us-east-1 get-authorization-token --output text --query 'authorizationData.authorizationToken' | base64 -d\n"` | |
|
||||
| argocd-image-updater.config.argocd.plaintext | bool | `true` | |
|
||||
| argocd-image-updater.enabled | bool | `false` | |
|
||||
| argocd-image-updater.fullnameOverride | string | `"argocd-image-updater"` | |
|
||||
| argocd-image-updater.metrics.enabled | bool | `false` | |
|
||||
| argocd-image-updater.metrics.serviceMonitor.enabled | bool | `true` | |
|
||||
| argocd-image-updater.sshConfig.config | string | `"Host *\n PubkeyAcceptedAlgorithms +ssh-rsa\n HostkeyAlgorithms +ssh-rsa\n"` | |
|
||||
| istio.enabled | bool | `false` | Deploy Istio VirtualService to expose ArgoCD |
|
||||
| istio.gateway | string | `"istio-ingress/ingressgateway"` | Name of the Istio gateway to add the VirtualService to |
|
||||
| istio.ipBlocks | list | `[]` | |
|
||||
|
||||
## Resources
|
||||
- https://argoproj.github.io/argo-cd/operator-manual/metrics/
|
||||
- https://raw.githubusercontent.com/argoproj/argo-cd/master/examples/dashboard.json
|
|
@ -1,20 +0,0 @@
|
|||
{{ template "chart.header" . }}
|
||||
{{ template "chart.deprecationWarning" . }}
|
||||
|
||||
{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }}
|
||||
|
||||
{{ template "chart.description" . }}
|
||||
|
||||
{{ template "chart.homepageLine" . }}
|
||||
|
||||
{{ template "chart.maintainersSection" . }}
|
||||
|
||||
{{ template "chart.sourcesSection" . }}
|
||||
|
||||
{{ template "chart.requirementsSection" . }}
|
||||
|
||||
{{ template "chart.valuesSection" . }}
|
||||
|
||||
## Resources
|
||||
- https://argoproj.github.io/argo-cd/operator-manual/metrics/
|
||||
- https://raw.githubusercontent.com/argoproj/argo-cd/master/examples/dashboard.json
|
|
@ -1,10 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
. ../../scripts/lib-update.sh
|
||||
|
||||
update_helm
|
||||
|
||||
# Create ZDT dashboard configmap
|
||||
../kubezero-metrics/sync_grafana_dashboards.py dashboards.yaml templates/grafana-dashboards.yaml
|
||||
|
||||
update_docs
|
|
@ -1,162 +0,0 @@
|
|||
# Support for Istio Ingress for ArgoCD
|
||||
istio:
|
||||
# istio.enabled -- Deploy Istio VirtualService to expose ArgoCD
|
||||
enabled: false
|
||||
# istio.gateway -- Name of the Istio gateway to add the VirtualService to
|
||||
gateway: istio-ingress/ingressgateway
|
||||
ipBlocks: []
|
||||
|
||||
argocd-apps:
|
||||
projects: []
|
||||
applications: []
|
||||
|
||||
argo-cd:
|
||||
#configs:
|
||||
# secret:
|
||||
# `htpasswd -nbBC 10 "" $ARGO_PWD | tr -d ':\n' | sed 's/$2y/$2a/'`
|
||||
# argocdServerAdminPassword: "$2a$10$ivKzaXVxMqdeDSfS3nqi1Od3iDbnL7oXrixzDfZFRHlXHnAG6LydG"
|
||||
# argocdServerAdminPasswordMtime: "2020-04-24T15:33:09BST"
|
||||
|
||||
global:
|
||||
logging:
|
||||
format: json
|
||||
# image:
|
||||
# tag: v2.1.6
|
||||
|
||||
configs:
|
||||
styles: |
|
||||
.sidebar__logo img { content: url(https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png); }
|
||||
.sidebar__logo__text-logo { height: 0em; }
|
||||
.sidebar { background: linear-gradient(to bottom, #6A4D79, #493558, #2D1B30, #0D0711); }
|
||||
|
||||
cm:
|
||||
ui.bannercontent: "KubeZero v1.27 - Release notes"
|
||||
ui.bannerurl: "https://kubezero.com/releases/v1.27"
|
||||
ui.bannerpermanent: "true"
|
||||
ui.bannerposition: "bottom"
|
||||
|
||||
# argo-cd.server.config.url -- ArgoCD URL being exposed via Istio
|
||||
url: https://argocd.example.com
|
||||
|
||||
timeout.reconciliation: 300
|
||||
|
||||
resource.customizations: |
|
||||
cert-manager.io/Certificate:
|
||||
# Lua script for customizing the health status assessment
|
||||
health.lua: |
|
||||
hs = {}
|
||||
if obj.status ~= nil then
|
||||
if obj.status.conditions ~= nil then
|
||||
for i, condition in ipairs(obj.status.conditions) do
|
||||
if condition.type == "Ready" and condition.status == "False" then
|
||||
hs.status = "Degraded"
|
||||
hs.message = condition.message
|
||||
return hs
|
||||
end
|
||||
if condition.type == "Ready" and condition.status == "True" then
|
||||
hs.status = "Healthy"
|
||||
hs.message = condition.message
|
||||
return hs
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
hs.status = "Progressing"
|
||||
hs.message = "Waiting for certificate"
|
||||
return hs
|
||||
|
||||
secret:
|
||||
createSecret: false
|
||||
|
||||
knownHosts:
|
||||
data:
|
||||
ssh_known_hosts: |
|
||||
bitbucket.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPIQmuzMBuKdWeF4+a2sjSSpBK0iqitSQ+5BM9KhpexuGt20JpTVM7u5BDZngncgrqDMbWdxMWWOGtZ9UgbqgZE=
|
||||
bitbucket.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIazEu89wgQZ4bqs3d63QSMzYVa0MuJ2e2gKTKqu+UUO
|
||||
bitbucket.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDQeJzhupRu0u0cdegZIa8e86EG2qOCsIsD1Xw0xSeiPDlCr7kq97NLmMbpKTX6Esc30NuoqEEHCuc7yWtwp8dI76EEEB1VqY9QJq6vk+aySyboD5QF61I/1WeTwu+deCbgKMGbUijeXhtfbxSxm6JwGrXrhBdofTsbKRUsrN1WoNgUa8uqN1Vx6WAJw1JHPhglEGGHea6QICwJOAr/6mrui/oB7pkaWKHj3z7d1IC4KWLtY47elvjbaTlkN04Kc/5LFEirorGYVbt15kAUlqGM65pk6ZBxtaO3+30LVlORZkxOh+LKL/BvbZ/iRNhItLqNyieoQj/uh/7Iv4uyH/cV/0b4WDSd3DptigWq84lJubb9t/DnZlrJazxyDCulTmKdOR7vs9gMTo+uoIrPSb8ScTtvw65+odKAlBj59dhnVp9zd7QUojOpXlL62Aw56U4oO+FALuevvMjiWeavKhJqlR7i5n9srYcrNV7ttmDw7kf/97P5zauIhxcjX+xHv4M=
|
||||
github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg=
|
||||
github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl
|
||||
github.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==
|
||||
gitlab.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFSMqzJeV9rUzU4kWitGjeR4PWSa29SPqJ1fVkhtj3Hw9xjLVXVYrU9QlYWrOLXBpQ6KWjbjTDTdDkoohFzgbEY=
|
||||
gitlab.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAfuCHKVTjquxvt6CM6tdG4SLp1Btn/nOeHHE5UOzRdf
|
||||
gitlab.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bNKTBSpIYDEGk9KxsGh3mySTRgMtXL583qmBpzeQ+jqCMRgBqB98u3z++J1sKlXHWfM9dyhSevkMwSbhoR8XIq/U0tCNyokEi/ueaBMCvbcTHhO7FcwzY92WK4Yt0aGROY5qX2UKSeOvuP4D6TPqKF1onrSzH9bx9XUf2lEdWT/ia1NEKjunUqu1xOB/StKDHMoX4/OKyIzuS0q/T1zOATthvasJFoPrAjkohTyaDUz2LN5JoH839hViyEG82yB+MjcFV5MU3N1l1QL3cVUCh93xSaua1N85qivl+siMkPGbO5xR/En4iEY6K2XPASUEMaieWVNTRCtJ4S8H+9
|
||||
git.zero-downtime.net ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC8YdJ4YcOK7A0K7qOWsRjCS+wHTStXRcwBe7gjG43HPSNijiCKoGf/c+tfNsRhyouawg7Law6M6ahmS/jKWBpznRIM+OdOFVSuhnK/nr6h6wG3/ZfdLicyAPvx1/STGY/Fc6/zXA88i/9PV+g84gSVmhf3fGY92wokiASiu9DU4T9dT1gIkdyOX6fbMi1/mMKLSrHnAQcjyasYDvw9ISCJ95EoSwbj7O4c+7jo9fxYvdCfZZZAEZGozTRLAAO0AnjVcRah7bZV/jfHJuhOipV/TB7UVAhlVv1dfGV7hoTp9UKtKZFJF4cjIrSGxqQA/mdhSdLgkepK7yc4Jp2xGnaarhY29DfqsQqop+ugFpTbj7Xy5Rco07mXc6XssbAZhI1xtCOX20N4PufBuYippCK5AE6AiAyVtJmvfGQk4HP+TjOyhFo7PZm3wc9Hym7IBBVC0Sl30K8ddufkAgHwNGvvu1ZmD9ZWaMOXJDHBCZGMMr16QREZwVtZTwMEQalc7/yqmuqMhmcJIfs/GA2Lt91y+pq9C8XyeUL0VFPch0vkcLSRe3ghMZpRFJ/ht307xPcLzgTJqN6oQtNNDzSQglSEjwhge2K4GyWcIh+oGsWxWz5dHyk1iJmw90Y976BZIl/mYVgbTtZAJ81oGe/0k5rAe+LDL+Yq6tG28QFOg0QmiQ==
|
||||
|
||||
params:
|
||||
controller.status.processors: "10"
|
||||
controller.operation.processors: "5"
|
||||
|
||||
server.insecure: true
|
||||
server.enable.gzip: true
|
||||
|
||||
controller:
|
||||
metrics:
|
||||
enabled: false
|
||||
serviceMonitor:
|
||||
enabled: true
|
||||
|
||||
resources:
|
||||
limits:
|
||||
# cpu: 500m
|
||||
memory: 2048Mi
|
||||
requests:
|
||||
cpu: 100m
|
||||
memory: 512Mi
|
||||
|
||||
repoServer:
|
||||
metrics:
|
||||
enabled: false
|
||||
serviceMonitor:
|
||||
enabled: true
|
||||
|
||||
server:
|
||||
# Rename former https port to grpc, works with istio + insecure
|
||||
service:
|
||||
servicePortHttpsName: grpc
|
||||
metrics:
|
||||
enabled: false
|
||||
serviceMonitor:
|
||||
enabled: true
|
||||
|
||||
# redis:
|
||||
# We might want to try to keep redis close to the controller
|
||||
# affinity:
|
||||
|
||||
dex:
|
||||
enabled: false
|
||||
|
||||
applicationSet:
|
||||
enabled: false
|
||||
|
||||
notifications:
|
||||
enabled: false
|
||||
|
||||
argocd-image-updater:
|
||||
enabled: false
|
||||
|
||||
# Unify all ArgoCD pieces under the same argocd namespace
|
||||
fullnameOverride: argocd-image-updater
|
||||
|
||||
config:
|
||||
argocd:
|
||||
plaintext: true
|
||||
|
||||
metrics:
|
||||
enabled: false
|
||||
serviceMonitor:
|
||||
enabled: true
|
||||
|
||||
authScripts:
|
||||
enabled: true
|
||||
scripts:
|
||||
ecr-login.sh: |
|
||||
#!/bin/sh
|
||||
aws ecr --region $AWS_REGION get-authorization-token --output text --query 'authorizationData[].authorizationToken' | base64 -d
|
||||
ecr-public-login.sh: |
|
||||
#!/bin/sh
|
||||
aws ecr-public --region us-east-1 get-authorization-token --output text --query 'authorizationData.authorizationToken' | base64 -d
|
||||
sshConfig:
|
||||
config: |
|
||||
Host *
|
||||
PubkeyAcceptedAlgorithms +ssh-rsa
|
||||
HostkeyAlgorithms +ssh-rsa
|
|
@ -2,7 +2,7 @@ apiVersion: v2
|
|||
name: kubezero-cert-manager
|
||||
description: KubeZero Umbrella Chart for cert-manager
|
||||
type: application
|
||||
version: 0.9.6
|
||||
version: 0.9.7
|
||||
home: https://kubezero.com
|
||||
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
||||
keywords:
|
||||
|
@ -16,6 +16,6 @@ dependencies:
|
|||
version: ">= 0.1.6"
|
||||
repository: https://cdn.zero-downtime.net/charts/
|
||||
- name: cert-manager
|
||||
version: v1.13.2
|
||||
version: v1.14.4
|
||||
repository: https://charts.jetstack.io
|
||||
kubeVersion: ">= 1.26.0"
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# kubezero-cert-manager
|
||||
|
||||
![Version: 0.9.6](https://img.shields.io/badge/Version-0.9.6-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
|
||||
![Version: 0.9.7](https://img.shields.io/badge/Version-0.9.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
|
||||
|
||||
KubeZero Umbrella Chart for cert-manager
|
||||
|
||||
|
@ -19,7 +19,7 @@ Kubernetes: `>= 1.26.0`
|
|||
| Repository | Name | Version |
|
||||
|------------|------|---------|
|
||||
| https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.6 |
|
||||
| https://charts.jetstack.io | cert-manager | v1.13.2 |
|
||||
| https://charts.jetstack.io | cert-manager | v1.14.4 |
|
||||
|
||||
## AWS - OIDC IAM roles
|
||||
|
||||
|
@ -37,6 +37,7 @@ If your resolvers need additional sercrets like CloudFlare API tokens etc. make
|
|||
| cert-manager.cainjector.nodeSelector."node-role.kubernetes.io/control-plane" | string | `""` | |
|
||||
| cert-manager.cainjector.tolerations[0].effect | string | `"NoSchedule"` | |
|
||||
| cert-manager.cainjector.tolerations[0].key | string | `"node-role.kubernetes.io/control-plane"` | |
|
||||
| cert-manager.enableCertificateOwnerRef | bool | `true` | |
|
||||
| cert-manager.enabled | bool | `true` | |
|
||||
| cert-manager.extraArgs[0] | string | `"--logging-format=json"` | |
|
||||
| cert-manager.extraArgs[1] | string | `"--leader-elect=false"` | |
|
||||
|
|
|
@ -18,7 +18,7 @@
|
|||
"subdir": "contrib/mixin"
|
||||
}
|
||||
},
|
||||
"version": "f0708d350e4fc95e95338fb54af7b571e5bce7a8",
|
||||
"version": "5a53a708d8ab9ef936ac5b8062ffc66c77a2c18f",
|
||||
"sum": "xuUBd2vqF7asyVDe5CE08uPT/RxAdy8O75EjFJoMXXU="
|
||||
},
|
||||
{
|
||||
|
@ -51,6 +51,16 @@
|
|||
"version": "a1d61cce1da59c71409b99b5c7568511fec661ea",
|
||||
"sum": "gCtR9s/4D5fxU9aKXg0Bru+/njZhA0YjLjPiASc61FM="
|
||||
},
|
||||
{
|
||||
"source": {
|
||||
"git": {
|
||||
"remote": "https://github.com/grafana/grafonnet.git",
|
||||
"subdir": "gen/grafonnet-latest"
|
||||
}
|
||||
},
|
||||
"version": "6ac1593ca787638da223380ff4a3fd0f96e953e1",
|
||||
"sum": "GxEO83uxgsDclLp/fmlUJZDbSGpeUZY6Ap3G2cgdL1g="
|
||||
},
|
||||
{
|
||||
"source": {
|
||||
"git": {
|
||||
|
@ -58,8 +68,18 @@
|
|||
"subdir": "gen/grafonnet-v10.0.0"
|
||||
}
|
||||
},
|
||||
"version": "bb2afaffbcefeae1035cd691ab06a486e0022002",
|
||||
"sum": "gj/20VIGucG2vDGjG7YdHLC4yUUfrpuaneUYaRmymOM="
|
||||
"version": "6ac1593ca787638da223380ff4a3fd0f96e953e1",
|
||||
"sum": "W7sLuAvMSJPkC7Oo31t45Nz/cUdJV7jzNSJTd3F1daM="
|
||||
},
|
||||
{
|
||||
"source": {
|
||||
"git": {
|
||||
"remote": "https://github.com/grafana/grafonnet.git",
|
||||
"subdir": "gen/grafonnet-v10.4.0"
|
||||
}
|
||||
},
|
||||
"version": "6ac1593ca787638da223380ff4a3fd0f96e953e1",
|
||||
"sum": "ZSmDT7i/qU9P8ggmuPuJT+jonq1ZEsBRCXycW/H5L/A="
|
||||
},
|
||||
{
|
||||
"source": {
|
||||
|
@ -68,8 +88,8 @@
|
|||
"subdir": "grafana-builder"
|
||||
}
|
||||
},
|
||||
"version": "eb731883044fc58f255d79c2a8d78a5854084e05",
|
||||
"sum": "VmOxvg9FuY9UYr3lN6ZJe2HhuIErJoWimPybQr3S3yQ="
|
||||
"version": "7561fd330312538d22b00e0c7caecb4ba66321ea",
|
||||
"sum": "+z5VY+bPBNqXcmNAV8xbJcbsRA+pro1R3IM7aIY8OlU="
|
||||
},
|
||||
{
|
||||
"source": {
|
||||
|
@ -88,8 +108,8 @@
|
|||
"subdir": "doc-util"
|
||||
}
|
||||
},
|
||||
"version": "503e5c8fe96d6b55775037713ac10b184709ad93",
|
||||
"sum": "BY4u0kLF3Qf/4IB4HnX9S5kEQIpHb4MUrppp6WLDtlU="
|
||||
"version": "6ac6c69685b8c29c54515448eaca583da2d88150",
|
||||
"sum": "BrAL/k23jq+xy9oA7TWIhUx07dsA/QLm3g7ktCwe//U="
|
||||
},
|
||||
{
|
||||
"source": {
|
||||
|
@ -98,8 +118,8 @@
|
|||
"subdir": ""
|
||||
}
|
||||
},
|
||||
"version": "c1a315a7dbead0335a5e0486acc5583395b22a24",
|
||||
"sum": "UVdL+uuFI8BSQgLfMJEJk2WDKsQXNT3dRHcr2Ti9rLI="
|
||||
"version": "fc2e57a8839902ed4ba6cab5a99d642500f7102b",
|
||||
"sum": "43waffw1QzvpY4rKcWoo3L7Vpee+DCYexwLDd5cPG0M="
|
||||
},
|
||||
{
|
||||
"source": {
|
||||
|
@ -108,8 +128,8 @@
|
|||
"subdir": ""
|
||||
}
|
||||
},
|
||||
"version": "2dbe4f9625a811b8b89f0495e74509c74779da82",
|
||||
"sum": "Fe7bN9E6qeKNUdENjQvYttgf4S1DDqXRVB80wdmQgHQ="
|
||||
"version": "a1c276d7a46c4b06fa5d8b4a64441939d398efe5",
|
||||
"sum": "b/mEai1MvVnZ22YvZlXEO4jWDZledrtJg8eOS1ZUj0M="
|
||||
},
|
||||
{
|
||||
"source": {
|
||||
|
@ -118,8 +138,8 @@
|
|||
"subdir": "jsonnet/kube-state-metrics"
|
||||
}
|
||||
},
|
||||
"version": "98b38ba9bbfdff27b359c58adecab30cc1311a78",
|
||||
"sum": "+dOzAK+fwsFf97uZpjcjTcEJEC1H8hh/j8f5uIQK/5g="
|
||||
"version": "9ba1c3702142918e09e8eb5ca530e15198624259",
|
||||
"sum": "msMZyUvcebzRILLzNlTIiSOwa1XgQKtP7jbZTkiqwM0="
|
||||
},
|
||||
{
|
||||
"source": {
|
||||
|
@ -128,7 +148,7 @@
|
|||
"subdir": "jsonnet/kube-state-metrics-mixin"
|
||||
}
|
||||
},
|
||||
"version": "98b38ba9bbfdff27b359c58adecab30cc1311a78",
|
||||
"version": "9ba1c3702142918e09e8eb5ca530e15198624259",
|
||||
"sum": "qclI7LwucTjBef3PkGBkKxF0mfZPbHnn4rlNWKGtR4c="
|
||||
},
|
||||
{
|
||||
|
@ -138,8 +158,8 @@
|
|||
"subdir": "jsonnet/kube-prometheus"
|
||||
}
|
||||
},
|
||||
"version": "80ab54b66a88cd40fc935d17abbd7b50b12cc3f7",
|
||||
"sum": "w35hpzjA5b+xr9dXnpudKRsdTheO9YO1SESoG4oyyL8="
|
||||
"version": "76f2e1ef95be0df752037baa040781c5219e1fb3",
|
||||
"sum": "IgpAgyyBZ7VT2vr9kSYQP/lkZUNQnbqpGh2sYCtUKs0="
|
||||
},
|
||||
{
|
||||
"source": {
|
||||
|
@ -148,8 +168,8 @@
|
|||
"subdir": "jsonnet/mixin"
|
||||
}
|
||||
},
|
||||
"version": "88e86c5caf84dc85338c904e13b0656bf1b56a67",
|
||||
"sum": "n3flMIzlADeyygb0uipZ4KPp2uNSjdtkrwgHjTC7Ca4=",
|
||||
"version": "71d9433ba612f4b826ffa38520b23a7985b50db3",
|
||||
"sum": "gi+knjdxs2T715iIQIntrimbHRgHnpM8IFBJDD1gYfs=",
|
||||
"name": "prometheus-operator-mixin"
|
||||
},
|
||||
{
|
||||
|
@ -159,8 +179,8 @@
|
|||
"subdir": "jsonnet/prometheus-operator"
|
||||
}
|
||||
},
|
||||
"version": "88e86c5caf84dc85338c904e13b0656bf1b56a67",
|
||||
"sum": "3tRcbCxuH5piaixkvwe4UdVVWlxkxKz8eBgbgYqvbRk="
|
||||
"version": "71d9433ba612f4b826ffa38520b23a7985b50db3",
|
||||
"sum": "S4LFa0h1AzANixqGMowtwVswVP+y6f+fXloxpO7hMes="
|
||||
},
|
||||
{
|
||||
"source": {
|
||||
|
@ -169,7 +189,7 @@
|
|||
"subdir": "doc/alertmanager-mixin"
|
||||
}
|
||||
},
|
||||
"version": "4494abfce419d1bbd3cb1a2c0b6584da88ac9b64",
|
||||
"version": "14cbe6301c732658d6fe877ec55ad5b738abcf06",
|
||||
"sum": "IpF46ZXsm+0wJJAPtAre8+yxTNZA57mBqGpBP/r7/kw=",
|
||||
"name": "alertmanager"
|
||||
},
|
||||
|
@ -180,8 +200,8 @@
|
|||
"subdir": "docs/node-mixin"
|
||||
}
|
||||
},
|
||||
"version": "12f1744e799e04373c7a29b42bf8b8a332c82790",
|
||||
"sum": "QZwFBpulndqo799gkR5rP2/WdcQKQkNnaBwhaOI8Jeg="
|
||||
"version": "3accd4cf8286e69d70516abdced6bf186274322a",
|
||||
"sum": "vWhHvFqV7+fxrQddTeGVKi1e4EzB3VWtNyD8TjSmevY="
|
||||
},
|
||||
{
|
||||
"source": {
|
||||
|
@ -190,8 +210,8 @@
|
|||
"subdir": "documentation/prometheus-mixin"
|
||||
}
|
||||
},
|
||||
"version": "5dbbadf59823aea6e9daa5e6c7877f1572b93941",
|
||||
"sum": "rNvddVTMNfaguOGzEGoeKjUsfhlXJBUImC+SIFNNCiM=",
|
||||
"version": "773170f372e0a57949854b74231ee3e09185f728",
|
||||
"sum": "u/Fpz2MPkezy71/q+c7mF0vc3hE9fWt2W/YbvF0LP/8=",
|
||||
"name": "prometheus"
|
||||
},
|
||||
{
|
||||
|
@ -212,7 +232,7 @@
|
|||
"subdir": "mixin"
|
||||
}
|
||||
},
|
||||
"version": "463dd481cc740194cc9504cd6aeb48f342afe020",
|
||||
"version": "93c79b61825ec00889188e35a58635eee247bc36",
|
||||
"sum": "HhSSbGGCNHCMy1ee5jElYDm0yS9Vesa7QB2/SHKdjsY=",
|
||||
"name": "thanos-mixin"
|
||||
}
|
||||
|
|
|
@ -2,7 +2,7 @@ apiVersion: v2
|
|||
name: kubezero-ci
|
||||
description: KubeZero umbrella chart for all things CI
|
||||
type: application
|
||||
version: 0.8.7
|
||||
version: 0.8.8
|
||||
home: https://kubezero.com
|
||||
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
||||
keywords:
|
||||
|
@ -22,7 +22,7 @@ dependencies:
|
|||
repository: https://dl.gitea.io/charts/
|
||||
condition: gitea.enabled
|
||||
- name: jenkins
|
||||
version: 5.1.0
|
||||
version: 5.1.3
|
||||
repository: https://charts.jenkins.io
|
||||
condition: jenkins.enabled
|
||||
- name: trivy
|
||||
|
@ -30,7 +30,7 @@ dependencies:
|
|||
repository: https://aquasecurity.github.io/helm-charts/
|
||||
condition: trivy.enabled
|
||||
- name: renovate
|
||||
version: 37.236.0
|
||||
version: 37.267.1
|
||||
repository: https://docs.renovatebot.com/helm-charts
|
||||
condition: renovate.enabled
|
||||
kubeVersion: ">= 1.25.0"
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# kubezero-ci
|
||||
|
||||
![Version: 0.8.7](https://img.shields.io/badge/Version-0.8.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
|
||||
![Version: 0.8.8](https://img.shields.io/badge/Version-0.8.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
|
||||
|
||||
KubeZero umbrella chart for all things CI
|
||||
|
||||
|
@ -20,9 +20,9 @@ Kubernetes: `>= 1.25.0`
|
|||
|------------|------|---------|
|
||||
| https://aquasecurity.github.io/helm-charts/ | trivy | 0.7.0 |
|
||||
| https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.6 |
|
||||
| https://charts.jenkins.io | jenkins | 5.1.0 |
|
||||
| https://charts.jenkins.io | jenkins | 5.1.3 |
|
||||
| https://dl.gitea.io/charts/ | gitea | 10.1.3 |
|
||||
| https://docs.renovatebot.com/helm-charts | renovate | 37.236.0 |
|
||||
| https://docs.renovatebot.com/helm-charts | renovate | 37.267.1 |
|
||||
|
||||
# Jenkins
|
||||
- default build retention 10 builds, 32days
|
||||
|
@ -66,6 +66,7 @@ Kubernetes: `>= 1.25.0`
|
|||
| gitea.gitea.metrics.enabled | bool | `false` | |
|
||||
| gitea.gitea.metrics.serviceMonitor.enabled | bool | `true` | |
|
||||
| gitea.image.rootless | bool | `true` | |
|
||||
| gitea.image.tag | string | `"1.21.9"` | |
|
||||
| gitea.istio.enabled | bool | `false` | |
|
||||
| gitea.istio.gateway | string | `"istio-ingress/private-ingressgateway"` | |
|
||||
| gitea.istio.url | string | `"git.example.com"` | |
|
||||
|
@ -90,7 +91,7 @@ Kubernetes: `>= 1.25.0`
|
|||
| jenkins.agent.customJenkinsLabels[0] | string | `"podman-aws-trivy"` | |
|
||||
| jenkins.agent.idleMinutes | int | `30` | |
|
||||
| jenkins.agent.image.repository | string | `"public.ecr.aws/zero-downtime/jenkins-podman"` | |
|
||||
| jenkins.agent.image.tag | string | `"v0.4.6"` | |
|
||||
| jenkins.agent.image.tag | string | `"v0.5.0"` | |
|
||||
| jenkins.agent.podName | string | `"podman-aws"` | |
|
||||
| jenkins.agent.podRetention | string | `"Default"` | |
|
||||
| jenkins.agent.resources.limits.cpu | string | `""` | |
|
||||
|
|
|
@ -2,7 +2,7 @@ gitea:
|
|||
enabled: false
|
||||
|
||||
image:
|
||||
#tag: 1.21.4
|
||||
tag: 1.21.9
|
||||
rootless: true
|
||||
|
||||
repliaCount: 1
|
||||
|
@ -42,7 +42,7 @@ gitea:
|
|||
extraVolumeMounts:
|
||||
- name: gitea-themes
|
||||
readOnly: true
|
||||
mountPath: "/data/gitea/public/assets/css"
|
||||
mountPath: "/data/gitea/public/assets/css"
|
||||
|
||||
checkDeprecation: false
|
||||
test:
|
||||
|
@ -72,6 +72,8 @@ gitea:
|
|||
ui:
|
||||
THEMES: "gitea,github-dark"
|
||||
DEFAULT_THEME: "github-dark"
|
||||
log:
|
||||
LEVEL: warn
|
||||
|
||||
redis-cluster:
|
||||
enabled: false
|
||||
|
|
|
@ -2,7 +2,7 @@ apiVersion: v2
|
|||
name: kubezero-istio-gateway
|
||||
description: KubeZero Umbrella Chart for Istio gateways
|
||||
type: application
|
||||
version: 0.19.4
|
||||
version: 0.19.5
|
||||
home: https://kubezero.com
|
||||
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
||||
keywords:
|
||||
|
@ -17,6 +17,6 @@ dependencies:
|
|||
version: ">= 0.1.6"
|
||||
repository: https://cdn.zero-downtime.net/charts/
|
||||
- name: gateway
|
||||
version: 1.19.4
|
||||
version: 1.21.0
|
||||
repository: https://istio-release.storage.googleapis.com/charts
|
||||
kubeVersion: ">= 1.26.0"
|
||||
|
|
|
@ -2,7 +2,7 @@ apiVersion: v2
|
|||
name: kubezero-istio
|
||||
description: KubeZero Umbrella Chart for Istio
|
||||
type: application
|
||||
version: 0.19.4
|
||||
version: 0.19.5
|
||||
home: https://kubezero.com
|
||||
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
||||
keywords:
|
||||
|
@ -16,13 +16,13 @@ dependencies:
|
|||
version: ">= 0.1.6"
|
||||
repository: https://cdn.zero-downtime.net/charts/
|
||||
- name: base
|
||||
version: 1.19.4
|
||||
version: 1.21.0
|
||||
repository: https://istio-release.storage.googleapis.com/charts
|
||||
- name: istiod
|
||||
version: 1.19.4
|
||||
version: 1.21.0
|
||||
repository: https://istio-release.storage.googleapis.com/charts
|
||||
- name: kiali-server
|
||||
version: "1.76.0"
|
||||
version: "1.82.0"
|
||||
repository: https://kiali.org/helm-charts
|
||||
condition: kiali-server.enabled
|
||||
kubeVersion: ">= 1.26.0"
|
||||
|
|
|
@ -22,7 +22,7 @@ dependencies:
|
|||
#repository: https://nats-io.github.io/k8s/helm/charts/
|
||||
condition: nats.enabled
|
||||
- name: rabbitmq
|
||||
version: 13.0.0
|
||||
version: 13.0.2
|
||||
repository: https://charts.bitnami.com/bitnami
|
||||
condition: rabbitmq.enabled
|
||||
- name: rabbitmq-cluster-operator
|
||||
|
|
|
@ -2,7 +2,7 @@ apiVersion: v2
|
|||
name: kubezero-network
|
||||
description: KubeZero umbrella chart for all things network
|
||||
type: application
|
||||
version: 0.5.0
|
||||
version: 0.5.1
|
||||
home: https://kubezero.com
|
||||
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
||||
keywords:
|
||||
|
@ -19,11 +19,11 @@ dependencies:
|
|||
version: ">= 0.1.6"
|
||||
repository: https://cdn.zero-downtime.net/charts/
|
||||
- name: cilium
|
||||
version: 1.15.2
|
||||
version: 1.15.3
|
||||
repository: https://helm.cilium.io/
|
||||
condition: cilium.enabled
|
||||
- name: metallb
|
||||
version: 0.14.3
|
||||
version: 0.14.4
|
||||
repository: https://metallb.github.io/metallb
|
||||
condition: metallb.enabled
|
||||
kubeVersion: ">= 1.26.0"
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# kubezero-network
|
||||
|
||||
![Version: 0.5.0](https://img.shields.io/badge/Version-0.5.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
|
||||
![Version: 0.5.1](https://img.shields.io/badge/Version-0.5.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
|
||||
|
||||
KubeZero umbrella chart for all things network
|
||||
|
||||
|
@ -19,8 +19,8 @@ Kubernetes: `>= 1.26.0`
|
|||
| Repository | Name | Version |
|
||||
|------------|------|---------|
|
||||
| https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.6 |
|
||||
| https://helm.cilium.io/ | cilium | 1.15.2 |
|
||||
| https://metallb.github.io/metallb | metallb | 0.14.3 |
|
||||
| https://helm.cilium.io/ | cilium | 1.15.3 |
|
||||
| https://metallb.github.io/metallb | metallb | 0.14.4 |
|
||||
|
||||
## Values
|
||||
|
||||
|
|
|
@ -2,7 +2,7 @@ apiVersion: v2
|
|||
name: kubezero-storage
|
||||
description: KubeZero umbrella chart for all things storage incl. AWS EBS/EFS, openEBS-lvm, gemini
|
||||
type: application
|
||||
version: 0.8.5
|
||||
version: 0.8.6
|
||||
home: https://kubezero.com
|
||||
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
||||
keywords:
|
||||
|
@ -24,7 +24,7 @@ dependencies:
|
|||
condition: lvm-localpv.enabled
|
||||
repository: https://openebs.github.io/lvm-localpv
|
||||
- name: aws-ebs-csi-driver
|
||||
version: 2.29.0
|
||||
version: 2.29.1
|
||||
condition: aws-ebs-csi-driver.enabled
|
||||
repository: https://kubernetes-sigs.github.io/aws-ebs-csi-driver
|
||||
- name: aws-efs-csi-driver
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
{{- if .Values.k8up.enabled }}
|
||||
---
|
||||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
|
@ -14420,3 +14421,4 @@ spec:
|
|||
storage: true
|
||||
subresources:
|
||||
status: {}
|
||||
{{- end }}
|
|
@ -1,103 +0,0 @@
|
|||
# RBAC file for the snapshot controller.
|
||||
#
|
||||
# The snapshot controller implements the control loop for CSI snapshot functionality.
|
||||
# It should be installed as part of the base Kubernetes distribution in an appropriate
|
||||
# namespace for components implementing base system functionality. For installing with
|
||||
# Vanilla Kubernetes, kube-system makes sense for the namespace.
|
||||
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: snapshot-controller
|
||||
namespace: kube-system
|
||||
|
||||
---
|
||||
kind: ClusterRole
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
name: snapshot-controller-runner
|
||||
rules:
|
||||
- apiGroups: [""]
|
||||
resources: ["persistentvolumes"]
|
||||
verbs: ["get", "list", "watch"]
|
||||
- apiGroups: [""]
|
||||
resources: ["persistentvolumeclaims"]
|
||||
verbs: ["get", "list", "watch", "update"]
|
||||
- apiGroups: [""]
|
||||
resources: ["events"]
|
||||
verbs: ["list", "watch", "create", "update", "patch"]
|
||||
- apiGroups: ["snapshot.storage.k8s.io"]
|
||||
resources: ["volumesnapshotclasses"]
|
||||
verbs: ["get", "list", "watch"]
|
||||
- apiGroups: ["snapshot.storage.k8s.io"]
|
||||
resources: ["volumesnapshotcontents"]
|
||||
verbs: ["create", "get", "list", "watch", "update", "delete", "patch"]
|
||||
- apiGroups: ["snapshot.storage.k8s.io"]
|
||||
resources: ["volumesnapshotcontents/status"]
|
||||
verbs: ["patch"]
|
||||
- apiGroups: ["snapshot.storage.k8s.io"]
|
||||
resources: ["volumesnapshots"]
|
||||
verbs: ["get", "list", "watch", "update", "patch", "delete"]
|
||||
- apiGroups: ["snapshot.storage.k8s.io"]
|
||||
resources: ["volumesnapshots/status"]
|
||||
verbs: ["update", "patch"]
|
||||
|
||||
- apiGroups: ["groupsnapshot.storage.k8s.io"]
|
||||
resources: ["volumegroupsnapshotclasses"]
|
||||
verbs: ["get", "list", "watch"]
|
||||
- apiGroups: ["groupsnapshot.storage.k8s.io"]
|
||||
resources: ["volumegroupsnapshotcontents"]
|
||||
verbs: ["create", "get", "list", "watch", "update", "delete", "patch"]
|
||||
- apiGroups: ["groupsnapshot.storage.k8s.io"]
|
||||
resources: ["volumegroupsnapshotcontents/status"]
|
||||
verbs: ["patch"]
|
||||
- apiGroups: ["groupsnapshot.storage.k8s.io"]
|
||||
resources: ["volumegroupsnapshots"]
|
||||
verbs: ["get", "list", "watch", "update", "patch"]
|
||||
- apiGroups: ["groupsnapshot.storage.k8s.io"]
|
||||
resources: ["volumegroupsnapshots/status"]
|
||||
verbs: ["update", "patch"]
|
||||
|
||||
# Enable this RBAC rule only when using distributed snapshotting, i.e. when the enable-distributed-snapshotting flag is set to true
|
||||
# - apiGroups: [""]
|
||||
# resources: ["nodes"]
|
||||
# verbs: ["get", "list", "watch"]
|
||||
---
|
||||
kind: ClusterRoleBinding
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
name: snapshot-controller-role
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: snapshot-controller
|
||||
namespace: kube-system
|
||||
roleRef:
|
||||
kind: ClusterRole
|
||||
name: snapshot-controller-runner
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
|
||||
---
|
||||
kind: Role
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
name: snapshot-controller-leaderelection
|
||||
namespace: kube-system
|
||||
rules:
|
||||
- apiGroups: ["coordination.k8s.io"]
|
||||
resources: ["leases"]
|
||||
verbs: ["get", "watch", "list", "delete", "update", "create"]
|
||||
|
||||
---
|
||||
kind: RoleBinding
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
name: snapshot-controller-leaderelection
|
||||
namespace: kube-system
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: snapshot-controller
|
||||
roleRef:
|
||||
kind: Role
|
||||
name: snapshot-controller-leaderelection
|
||||
apiGroup: rbac.authorization.k8s.io
|
|
@ -6,6 +6,7 @@
|
|||
# namespace for components implementing base system functionality. For installing with
|
||||
# Vanilla Kubernetes, kube-system makes sense for the namespace.
|
||||
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
|
@ -16,7 +17,6 @@ metadata:
|
|||
kind: ClusterRole
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
# rename if there are conflicts
|
||||
name: snapshot-controller-runner
|
||||
rules:
|
||||
- apiGroups: [""]
|
||||
|
@ -39,15 +39,31 @@ rules:
|
|||
verbs: ["patch"]
|
||||
- apiGroups: ["snapshot.storage.k8s.io"]
|
||||
resources: ["volumesnapshots"]
|
||||
verbs: ["get", "list", "watch", "update", "patch"]
|
||||
verbs: ["get", "list", "watch", "update", "patch", "delete"]
|
||||
- apiGroups: ["snapshot.storage.k8s.io"]
|
||||
resources: ["volumesnapshots/status"]
|
||||
verbs: ["update", "patch"]
|
||||
|
||||
- apiGroups: ["groupsnapshot.storage.k8s.io"]
|
||||
resources: ["volumegroupsnapshotclasses"]
|
||||
verbs: ["get", "list", "watch"]
|
||||
- apiGroups: ["groupsnapshot.storage.k8s.io"]
|
||||
resources: ["volumegroupsnapshotcontents"]
|
||||
verbs: ["create", "get", "list", "watch", "update", "delete", "patch"]
|
||||
- apiGroups: ["groupsnapshot.storage.k8s.io"]
|
||||
resources: ["volumegroupsnapshotcontents/status"]
|
||||
verbs: ["patch"]
|
||||
- apiGroups: ["groupsnapshot.storage.k8s.io"]
|
||||
resources: ["volumegroupsnapshots"]
|
||||
verbs: ["get", "list", "watch", "update", "patch"]
|
||||
- apiGroups: ["groupsnapshot.storage.k8s.io"]
|
||||
resources: ["volumegroupsnapshots/status"]
|
||||
verbs: ["update", "patch"]
|
||||
|
||||
# Enable this RBAC rule only when using distributed snapshotting, i.e. when the enable-distributed-snapshotting flag is set to true
|
||||
# - apiGroups: [""]
|
||||
# resources: ["nodes"]
|
||||
# verbs: ["get", "list", "watch"]
|
||||
|
||||
---
|
||||
kind: ClusterRoleBinding
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
|
@ -59,7 +75,6 @@ subjects:
|
|||
namespace: kube-system
|
||||
roleRef:
|
||||
kind: ClusterRole
|
||||
# change the name also here if the ClusterRole gets renamed
|
||||
name: snapshot-controller-runner
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
|
||||
|
@ -67,8 +82,8 @@ roleRef:
|
|||
kind: Role
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
namespace: kube-system
|
||||
name: snapshot-controller-leaderelection
|
||||
namespace: kube-system
|
||||
rules:
|
||||
- apiGroups: ["coordination.k8s.io"]
|
||||
resources: ["leases"]
|
||||
|
@ -83,7 +98,6 @@ metadata:
|
|||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: snapshot-controller
|
||||
namespace: kube-system
|
||||
roleRef:
|
||||
kind: Role
|
||||
name: snapshot-controller-leaderelection
|
||||
|
|
|
@ -15,7 +15,12 @@ patch_chart lvm-localpv
|
|||
patch_chart gemini
|
||||
|
||||
# snapshotter
|
||||
# https://raw.githubusercontent.com/kubernetes-csi/external-snapshotter/master/deploy/kubernetes/snapshot-controller/rbac-snapshot-controller.yaml
|
||||
_f="templates/snapshot-controller/rbac.yaml"
|
||||
echo "{{- if .Values.snapshotController.enabled }}" > $_f
|
||||
curl -L -s https://raw.githubusercontent.com/kubernetes-csi/external-snapshotter/master/deploy/kubernetes/snapshot-controller/rbac-snapshot-controller.yaml >> $_f
|
||||
echo "{{- end }}" >> $_f
|
||||
|
||||
# our controller.yaml is based on:
|
||||
# https://raw.githubusercontent.com/kubernetes-csi/external-snapshotter/master/deploy/kubernetes/snapshot-controller/setup-snapshot-controller.yaml
|
||||
|
||||
for crd in volumesnapshotclasses volumesnapshotcontents volumesnapshots; do
|
||||
|
@ -28,7 +33,11 @@ done
|
|||
|
||||
# k8up - CRDs
|
||||
VERSION=$(yq eval '.dependencies[] | select(.name=="k8up") | .version' Chart.yaml)
|
||||
curl -L -s -o crds/k8up.yaml https://github.com/k8up-io/k8up/releases/download/k8up-${VERSION}/k8up-crd.yaml
|
||||
|
||||
_f="templates/k8up/crds.yaml"
|
||||
echo "{{- if .Values.k8up.enabled }}" > $_f
|
||||
curl -L -s https://github.com/k8up-io/k8up/releases/download/k8up-${VERSION}/k8up-crd.yaml >> $_f
|
||||
echo "{{- end }}" >> $_f
|
||||
|
||||
# Metrics
|
||||
cd jsonnet
|
||||
|
|
|
@ -1,7 +1,8 @@
|
|||
{{- define "argocd-values" }}
|
||||
{{- define "argo-values" }}
|
||||
|
||||
argo-cd:
|
||||
{{- with index .Values "argocd" "configs" }}
|
||||
enabled: {{ default "false" (index .Values "argo" "argo-cd" "enabled") }}
|
||||
{{- with index .Values "argo" "argo-cd" "configs" }}
|
||||
configs:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
|
@ -16,9 +17,17 @@ argo-cd:
|
|||
metrics:
|
||||
enabled: {{ .Values.metrics.enabled }}
|
||||
|
||||
{{- if and ( index .Values "argo" "argo-cd" "istio" "enabled" ) .Values.istio.enabled }}
|
||||
istio:
|
||||
{{- with index .Values "argo" "argo-cd" "istio" }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
argocd-apps:
|
||||
enabled: {{ default "false" (index .Values "argo" "argo-cd" "enabled") }}
|
||||
projects:
|
||||
- name: kubezero
|
||||
kubezero:
|
||||
namespace: argocd
|
||||
description: KubeZero - ZeroDownTime Kubernetes Platform
|
||||
sourceRepos:
|
||||
|
@ -33,7 +42,7 @@ argocd-apps:
|
|||
- group: '*'
|
||||
kind: '*'
|
||||
applications:
|
||||
- name: kubezero-git-sync
|
||||
kubezero-git-sync:
|
||||
namespace: argocd
|
||||
project: kubezero
|
||||
source:
|
||||
|
@ -54,9 +63,9 @@ argocd-apps:
|
|||
{{- end }}
|
||||
|
||||
argocd-image-updater:
|
||||
enabled: {{ default "false" (index .Values "argocd" "argocd-image-updater" "enabled") }}
|
||||
enabled: {{ default "false" (index .Values "argo" "argocd-image-updater" "enabled") }}
|
||||
|
||||
{{- with omit (index .Values "argocd" "argocd-image-updater") "enabled" }}
|
||||
{{- with omit (index .Values "argo" "argocd-image-updater") "enabled" }}
|
||||
{{- toYaml . | nindent 2 }}
|
||||
{{- end }}
|
||||
|
||||
|
@ -89,16 +98,9 @@ argocd-image-updater:
|
|||
metrics:
|
||||
enabled: {{ .Values.metrics.enabled }}
|
||||
|
||||
{{- if and ( index .Values "argocd" "istio" "enabled" ) .Values.istio.enabled }}
|
||||
istio:
|
||||
{{- with index .Values "argocd" "istio" }}
|
||||
{{- toYaml . | nindent 2 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{- end }}
|
||||
|
||||
{{- define "argocd-argo" }}
|
||||
{{- define "argo-argo" }}
|
||||
{{- end }}
|
||||
|
||||
{{ include "kubezero-app.app" . }}
|
|
@ -37,6 +37,12 @@ metallb:
|
|||
|
||||
|
||||
{{- define "network-argo" }}
|
||||
# Metallb
|
||||
ignoreDifferences:
|
||||
- group: apiextensions.k8s.io
|
||||
kind: CustomResourceDefinition
|
||||
jsonPointers:
|
||||
- /spec/conversion/webhook/clientConfig/caBundle
|
||||
{{- end }}
|
||||
|
||||
{{ include "kubezero-app.app" . }}
|
||||
|
|
|
@ -30,18 +30,18 @@ addons:
|
|||
network:
|
||||
enabled: true
|
||||
retain: true
|
||||
targetRevision: 0.5.0
|
||||
targetRevision: 0.5.1
|
||||
cilium:
|
||||
cluster: {}
|
||||
|
||||
cert-manager:
|
||||
enabled: false
|
||||
namespace: cert-manager
|
||||
targetRevision: 0.9.6
|
||||
targetRevision: 0.9.7
|
||||
|
||||
storage:
|
||||
enabled: false
|
||||
targetRevision: 0.8.5
|
||||
targetRevision: 0.8.6
|
||||
lvm-localpv:
|
||||
enabled: false
|
||||
aws-ebs-csi-driver:
|
||||
|
@ -110,11 +110,13 @@ logging:
|
|||
namespace: logging
|
||||
targetRevision: 0.8.10
|
||||
|
||||
argocd:
|
||||
argo:
|
||||
enabled: false
|
||||
namespace: argocd
|
||||
targetRevision: 0.13.3
|
||||
targetRevision: 0.2.0
|
||||
argo-cd:
|
||||
enabled: false
|
||||
istio:
|
||||
enabled: false
|
||||
argocd-image-updater:
|
||||
enabled: false
|
||||
istio:
|
||||
enabled: false
|
||||
|
|
|
@ -4,6 +4,7 @@
|
|||
- all KubeZero and support AMIs based on Alpine 3.19.1
|
||||
- further reduced boot time, eg. less than 30s for a bastion on EC2
|
||||
- sub-second timestamps for all system logs
|
||||
- enabled TransparentHugePages incl. save settings for Golang
|
||||
|
||||
|
||||
## Fixes
|
||||
|
|
Loading…
Reference in New Issue