From e28a49710fe375c5b14139d4c8d54d4b8cc8bd03 Mon Sep 17 00:00:00 2001
From: Simon Weald <7832341+glitchcrab@users.noreply.github.com>
Date: Fri, 7 Jun 2024 09:54:58 +0100
Subject: [PATCH] refactor: move connectivity under global key (#294) (#310)
* move connectivity under global key
* move baseDomain under global connectivity
* update CI values
* move connectivity requirement to correct location
* correct missed variable location
* update changelog
* update docs
---
CHANGELOG.md | 23 +
helm/cluster-cloud-director/README.md | 96 +--
helm/cluster-cloud-director/ci/ci-values.yaml | 11 +-
.../ci/test-wc-values.yaml | 11 +-
.../files/etc/containerd/config.toml | 4 +-
.../files/etc/teleport.yaml | 2 +-
.../templates/_cluster_dns.tpl | 4 +-
.../templates/_helpers.tpl | 18 +-
.../templates/_ignition.tpl | 4 +-
.../cluster-cloud-director/templates/_ntp.tpl | 10 +-
.../cluster-cloud-director/templates/_ssh.tpl | 8 +-
.../templates/cilium-helmrelease.yaml | 2 +-
...d-provider-cloud-director-helmrelease.yaml | 2 +-
.../templates/cluster.yaml | 4 +-
.../templates/coredns-helmrelease.yaml | 4 +-
.../templates/kubeadmcontrolplane.yaml | 12 +-
.../templates/vcdcluster.yaml | 2 +-
.../cluster-cloud-director/values.schema.json | 603 +++++++++---------
helm/cluster-cloud-director/values.yaml | 41 +-
19 files changed, 443 insertions(+), 418 deletions(-)
diff --git a/CHANGELOG.md b/CHANGELOG.md
index b927e8e8..6dfec5c4 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -11,6 +11,29 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
- Remove the interface to set `etcd` and `coredns` images to let kubeadm take care of it.
+### **Breaking change**.
+
+
+How to migrate values
+
+Using `yq`, migrate to the new values layout with the following command:
+
+```bash
+#!/bin/bash
+yq eval --inplace 'with(select(.connectivity != null); .global.connectivity = .connectivity) |
+ with(select(.baseDomain != null); .global.connectivity.baseDomain = .baseDomain) |
+
+ del(.connectivity) |
+ del(.baseDomain)' values.yaml
+```
+
+
+
+### Changed
+
+- Move Helm values property `.Values.connectivity` to `.Values.global.connectivity`.
+- Move Helm values property `.Values.baseDomain` to `.Values.global.connectivity.baseDomain`.
+
## [0.52.1] - 2024-05-16
### Fixed
diff --git a/helm/cluster-cloud-director/README.md b/helm/cluster-cloud-director/README.md
index b51bab8e..2dba545a 100644
--- a/helm/cluster-cloud-director/README.md
+++ b/helm/cluster-cloud-director/README.md
@@ -35,57 +35,58 @@ Properties within the `.internal` top-level object
| `internal.useAsManagementCluster` | **Display as management cluster**|**Type:** `boolean`
**Default:** `false`|
### Connectivity
-Properties within the `.connectivity` top-level object
+Properties within the `.global.connectivity` object
Configurations related to cluster connectivity such as container registries.
| **Property** | **Description** | **More Details** |
| :----------- | :-------------- | :--------------- |
-| `connectivity.containerRegistries` | **Container registries** - Endpoints and credentials configuration for container registries.|**Type:** `object`
**Default:** `{}`|
-| `connectivity.containerRegistries.*` |**None**|**Type:** `array`
|
-| `connectivity.containerRegistries.*[*]` |**None**|**Type:** `object`
|
-| `connectivity.containerRegistries.*[*].credentials` | **Credentials** - Credentials for the endpoint.|**Type:** `object`
|
-| `connectivity.containerRegistries.*[*].credentials.auth` | **Auth** - Base64-encoded string from the concatenation of the username, a colon, and the password.|**Type:** `string`
|
-| `connectivity.containerRegistries.*[*].credentials.identitytoken` | **Identity token** - Used to authenticate the user and obtain an access token for the registry.|**Type:** `string`
|
-| `connectivity.containerRegistries.*[*].credentials.password` | **Password** - Used to authenticate for the registry with username/password.|**Type:** `string`
|
-| `connectivity.containerRegistries.*[*].credentials.username` | **Username** - Used to authenticate for the registry with username/password.|**Type:** `string`
|
-| `connectivity.containerRegistries.*[*].endpoint` | **Endpoint** - Endpoint for the container registry.|**Type:** `string`
|
-| `connectivity.network` | **Network**|**Type:** `object`
|
-| `connectivity.network.controlPlaneEndpoint` | **Control plane endpoint** - Kubernetes API endpoint.|**Type:** `object`
|
-| `connectivity.network.controlPlaneEndpoint.host` | **Host**|**Type:** `string`
|
-| `connectivity.network.controlPlaneEndpoint.port` | **Port number**|**Type:** `integer`
**Default:** `6443`|
-| `connectivity.network.extraOvdcNetworks` | **Extra OVDC networks** - OVDC networks to attach VMs to, additionally.|**Type:** `array`
|
-| `connectivity.network.extraOvdcNetworks[*]` |**None**|**Type:** `string`
|
-| `connectivity.network.hostEntries` | **Host entries**|**Type:** `array`
|
-| `connectivity.network.hostEntries[*]` |**None**|**Type:** `object`
|
-| `connectivity.network.hostEntries[*].fqdn` | **FQDN**|**Type:** `string`
|
-| `connectivity.network.hostEntries[*].ip` | **IP address**|**Type:** `string`
|
-| `connectivity.network.loadBalancers` | **Load Balancers**|**Type:** `object`
|
-| `connectivity.network.loadBalancers.vipSubnet` | **Virtual IP subnet** - Virtual IP CIDR for the external network.|**Type:** `string`
|
-| `connectivity.network.pods` | **Pods**|**Type:** `object`
|
-| `connectivity.network.pods.cidrBlocks` |**None**|**Type:** `array`
|
-| `connectivity.network.pods.cidrBlocks[*]` |IPv4 address range, in CIDR notation.|**Type:** `string`
**Example:** `"10.244.0.0/16"`
|
-| `connectivity.network.services` | **Services**|**Type:** `object`
|
-| `connectivity.network.services.cidrBlocks` |**None**|**Type:** `array`
|
-| `connectivity.network.services.cidrBlocks[*]` |IPv4 address range, in CIDR notation.|**Type:** `string`
**Example:** `"10.244.0.0/16"`
|
-| `connectivity.network.staticRoutes` | **Static routes**|**Type:** `array`
|
-| `connectivity.network.staticRoutes[*]` |**None**|**Type:** `object`
|
-| `connectivity.network.staticRoutes[*].destination` | **Destination** - IPv4 address range in CIDR notation.|**Type:** `string`
**Example:** `"10.128.0.0/16"`
|
-| `connectivity.network.staticRoutes[*].via` | **Via**|**Type:** `string`
|
-| `connectivity.ntp` | **Time synchronization (NTP)** - Servers/pools to synchronize this cluster's clocks with.|**Type:** `object`
|
-| `connectivity.ntp.pools` | **Pools**|**Type:** `array`
|
-| `connectivity.ntp.pools[*]` | **Pool**|**Type:** `string`
**Example:** `"ntp.ubuntu.com"`
|
-| `connectivity.ntp.servers` | **Servers**|**Type:** `array`
|
-| `connectivity.ntp.servers[*]` | **Server**|**Type:** `string`
|
-| `connectivity.proxy` | **Proxy** - Whether/how outgoing traffic is routed through proxy servers.|**Type:** `object`
|
-| `connectivity.proxy.enabled` | **Enable**|**Type:** `boolean`
|
-| `connectivity.proxy.secretName` | **Secret name** - Name of a secret resource used by containerd to obtain the HTTP_PROXY, HTTPS_PROXY, and NO_PROXY environment variables. If empty the value will be defaulted to -cluster-values.|**Type:** `string`
**Value pattern:** `^[a-z0-9-]{0,63}$`
|
-| `connectivity.shell` | **Shell access**|**Type:** `object`
|
-| `connectivity.shell.osUsers` | **OS Users** - Configuration for OS users in cluster nodes.|**Type:** `array`
**Default:** `[{"name":"giantswarm","sudo":"ALL=(ALL) NOPASSWD:ALL"}]`|
-| `connectivity.shell.osUsers[*]` | **User**|**Type:** `object`
|
-| `connectivity.shell.osUsers[*].name` | **Name** - Username of the user.|**Type:** `string`
**Value pattern:** `^[a-z][-a-z0-9]+$`
|
-| `connectivity.shell.osUsers[*].sudo` | **Sudoers configuration** - Permissions string to add to /etc/sudoers for this user.|**Type:** `string`
|
-| `connectivity.shell.sshTrustedUserCAKeys` | **Trusted SSH cert issuers** - CA certificates of issuers that are trusted to sign SSH user certificates.|**Type:** `array`
**Default:** `["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM4cvZ01fLmO9cJbWUj7sfF+NhECgy+Cl0bazSrZX7sU vault-ca@vault.operations.giantswarm.io"]`|
-| `connectivity.shell.sshTrustedUserCAKeys[*]` |**None**|**Type:** `string`
|
+| `global.connectivity.baseDomain` | **Base DNS domain**|**Type:** `string`
|
+| `global.connectivity.containerRegistries` | **Container registries** - Endpoints and credentials configuration for container registries.|**Type:** `object`
**Default:** `{}`|
+| `global.connectivity.containerRegistries.*` |**None**|**Type:** `array`
|
+| `global.connectivity.containerRegistries.*[*]` |**None**|**Type:** `object`
|
+| `global.connectivity.containerRegistries.*[*].credentials` | **Credentials** - Credentials for the endpoint.|**Type:** `object`
|
+| `global.connectivity.containerRegistries.*[*].credentials.auth` | **Auth** - Base64-encoded string from the concatenation of the username, a colon, and the password.|**Type:** `string`
|
+| `global.connectivity.containerRegistries.*[*].credentials.identitytoken` | **Identity token** - Used to authenticate the user and obtain an access token for the registry.|**Type:** `string`
|
+| `global.connectivity.containerRegistries.*[*].credentials.password` | **Password** - Used to authenticate for the registry with username/password.|**Type:** `string`
|
+| `global.connectivity.containerRegistries.*[*].credentials.username` | **Username** - Used to authenticate for the registry with username/password.|**Type:** `string`
|
+| `global.connectivity.containerRegistries.*[*].endpoint` | **Endpoint** - Endpoint for the container registry.|**Type:** `string`
|
+| `global.connectivity.network` | **Network**|**Type:** `object`
|
+| `global.connectivity.network.controlPlaneEndpoint` | **Control plane endpoint** - Kubernetes API endpoint.|**Type:** `object`
|
+| `global.connectivity.network.controlPlaneEndpoint.host` | **Host**|**Type:** `string`
|
+| `global.connectivity.network.controlPlaneEndpoint.port` | **Port number**|**Type:** `integer`
**Default:** `6443`|
+| `global.connectivity.network.extraOvdcNetworks` | **Extra OVDC networks** - OVDC networks to attach VMs to, additionally.|**Type:** `array`
|
+| `global.connectivity.network.extraOvdcNetworks[*]` |**None**|**Type:** `string`
|
+| `global.connectivity.network.hostEntries` | **Host entries**|**Type:** `array`
|
+| `global.connectivity.network.hostEntries[*]` |**None**|**Type:** `object`
|
+| `global.connectivity.network.hostEntries[*].fqdn` | **FQDN**|**Type:** `string`
|
+| `global.connectivity.network.hostEntries[*].ip` | **IP address**|**Type:** `string`
|
+| `global.connectivity.network.loadBalancers` | **Load Balancers**|**Type:** `object`
|
+| `global.connectivity.network.loadBalancers.vipSubnet` | **Virtual IP subnet** - Virtual IP CIDR for the external network.|**Type:** `string`
|
+| `global.connectivity.network.pods` | **Pods**|**Type:** `object`
|
+| `global.connectivity.network.pods.cidrBlocks` |**None**|**Type:** `array`
|
+| `global.connectivity.network.pods.cidrBlocks[*]` |IPv4 address range, in CIDR notation.|**Type:** `string`
**Example:** `"10.244.0.0/16"`
|
+| `global.connectivity.network.services` | **Services**|**Type:** `object`
|
+| `global.connectivity.network.services.cidrBlocks` |**None**|**Type:** `array`
|
+| `global.connectivity.network.services.cidrBlocks[*]` |IPv4 address range, in CIDR notation.|**Type:** `string`
**Example:** `"10.244.0.0/16"`
|
+| `global.connectivity.network.staticRoutes` | **Static routes**|**Type:** `array`
|
+| `global.connectivity.network.staticRoutes[*]` |**None**|**Type:** `object`
|
+| `global.connectivity.network.staticRoutes[*].destination` | **Destination** - IPv4 address range in CIDR notation.|**Type:** `string`
**Example:** `"10.128.0.0/16"`
|
+| `global.connectivity.network.staticRoutes[*].via` | **Via**|**Type:** `string`
|
+| `global.connectivity.ntp` | **Time synchronization (NTP)** - Servers/pools to synchronize this cluster's clocks with.|**Type:** `object`
|
+| `global.connectivity.ntp.pools` | **Pools**|**Type:** `array`
|
+| `global.connectivity.ntp.pools[*]` | **Pool**|**Type:** `string`
**Example:** `"ntp.ubuntu.com"`
|
+| `global.connectivity.ntp.servers` | **Servers**|**Type:** `array`
|
+| `global.connectivity.ntp.servers[*]` | **Server**|**Type:** `string`
|
+| `global.connectivity.proxy` | **Proxy** - Whether/how outgoing traffic is routed through proxy servers.|**Type:** `object`
|
+| `global.connectivity.proxy.enabled` | **Enable**|**Type:** `boolean`
|
+| `global.connectivity.proxy.secretName` | **Secret name** - Name of a secret resource used by containerd to obtain the HTTP_PROXY, HTTPS_PROXY, and NO_PROXY environment variables. If empty the value will be defaulted to -cluster-values.|**Type:** `string`
**Value pattern:** `^[a-z0-9-]{0,63}$`
|
+| `global.connectivity.shell` | **Shell access**|**Type:** `object`
|
+| `global.connectivity.shell.osUsers` | **OS Users** - Configuration for OS users in cluster nodes.|**Type:** `array`
**Default:** `[{"name":"giantswarm","sudo":"ALL=(ALL) NOPASSWD:ALL"}]`|
+| `global.connectivity.shell.osUsers[*]` | **User**|**Type:** `object`
|
+| `global.connectivity.shell.osUsers[*].name` | **Name** - Username of the user.|**Type:** `string`
**Value pattern:** `^[a-z][-a-z0-9]+$`
|
+| `global.connectivity.shell.osUsers[*].sudo` | **Sudoers configuration** - Permissions string to add to /etc/sudoers for this user.|**Type:** `string`
|
+| `global.connectivity.shell.sshTrustedUserCAKeys` | **Trusted SSH cert issuers** - CA certificates of issuers that are trusted to sign SSH user certificates.|**Type:** `array`
**Default:** `["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM4cvZ01fLmO9cJbWUj7sfF+NhECgy+Cl0bazSrZX7sU vault-ca@vault.operations.giantswarm.io"]`|
+| `global.connectivity.shell.sshTrustedUserCAKeys[*]` |**None**|**Type:** `string`
|
### Control plane
Properties within the `.controlPlane` top-level object
@@ -218,7 +219,6 @@ Properties within the `.providerSpecific` top-level object
| **Property** | **Description** | **More Details** |
| :----------- | :-------------- | :--------------- |
-| `baseDomain` | **Base DNS domain**|**Type:** `string`
**Default:** `"k8s.test"`|
| `cluster-shared` | **Library chart**|**Type:** `object`
|
| `managementCluster` | **Management cluster name** - The Cluster API management cluster that manages this cluster.|**Type:** `string`
|
| `provider` | **Cluster API provider name**|**Type:** `string`
|
diff --git a/helm/cluster-cloud-director/ci/ci-values.yaml b/helm/cluster-cloud-director/ci/ci-values.yaml
index c0bf3dfa..0bca4693 100644
--- a/helm/cluster-cloud-director/ci/ci-values.yaml
+++ b/helm/cluster-cloud-director/ci/ci-values.yaml
@@ -1,4 +1,3 @@
-baseDomain: "test.gigantic.io"
controlPlane:
catalog: giantswarm
replicas: 1
@@ -11,10 +10,6 @@ controlPlane:
groupsClaim: "groups"
usernamePrefix: ""
groupsPrefix: ""
-connectivity:
- network:
- loadBalancers:
- vipSubnet: 10.205.9.254/24
nodePools:
worker:
class: default
@@ -35,3 +30,9 @@ internal:
kubernetesVersion: v1.25.13+vmware.1
teleport:
enabled: true
+global:
+ connectivity:
+ network:
+ loadBalancers:
+ vipSubnet: 10.205.9.254/24
+ baseDomain: "test.gigantic.io"
diff --git a/helm/cluster-cloud-director/ci/test-wc-values.yaml b/helm/cluster-cloud-director/ci/test-wc-values.yaml
index 170f84a0..7d6cd91c 100644
--- a/helm/cluster-cloud-director/ci/test-wc-values.yaml
+++ b/helm/cluster-cloud-director/ci/test-wc-values.yaml
@@ -1,4 +1,3 @@
-baseDomain: "test.gigantic.io"
controlPlane:
catalog: giantswarm
replicas: 1
@@ -13,10 +12,6 @@ controlPlane:
groupsClaim: "groups"
usernamePrefix: ""
groupsPrefix: ""
-connectivity:
- network:
- loadBalancers:
- vipSubnet: 10.205.9.254/24
nodePools:
worker:
class: default
@@ -41,3 +36,9 @@ metadata:
servicePriority: highest
internal:
kubernetesVersion: v1.25.13+vmware.1
+global:
+ connectivity:
+ network:
+ loadBalancers:
+ vipSubnet: 10.205.9.254/24
+ baseDomain: "test.gigantic.io"
diff --git a/helm/cluster-cloud-director/files/etc/containerd/config.toml b/helm/cluster-cloud-director/files/etc/containerd/config.toml
index 730a7fd9..90a8e10d 100644
--- a/helm/cluster-cloud-director/files/etc/containerd/config.toml
+++ b/helm/cluster-cloud-director/files/etc/containerd/config.toml
@@ -25,7 +25,7 @@ sandbox_image = "{{ .Values.internal.sandboxContainerImage.registry }}/{{ .Value
[plugins."io.containerd.grpc.v1.cri".registry]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors]
- {{- range $host, $config := .Values.connectivity.containerRegistries }}
+ {{- range $host, $config := .Values.global.connectivity.containerRegistries }}
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."{{$host}}"]
endpoint = [
{{- range $value := $config -}}
@@ -34,7 +34,7 @@ sandbox_image = "{{ .Values.internal.sandboxContainerImage.registry }}/{{ .Value
]
{{- end }}
[plugins."io.containerd.grpc.v1.cri".registry.configs]
- {{ range $host, $config := .Values.connectivity.containerRegistries -}}
+ {{ range $host, $config := .Values.global.connectivity.containerRegistries -}}
{{ range $value := $config -}}
{{ with $value.credentials -}}
[plugins."io.containerd.grpc.v1.cri".registry.configs."{{$value.endpoint}}".auth]
diff --git a/helm/cluster-cloud-director/files/etc/teleport.yaml b/helm/cluster-cloud-director/files/etc/teleport.yaml
index 1370eebc..bb9ad5f3 100644
--- a/helm/cluster-cloud-director/files/etc/teleport.yaml
+++ b/helm/cluster-cloud-director/files/etc/teleport.yaml
@@ -30,7 +30,7 @@ ssh_service:
ins: {{ .Values.managementCluster }}
mc: {{ .Values.managementCluster }}
cluster: {{ include "resource.default.name" $ }}
- baseDomain: {{ .Values.baseDomain }}
+ baseDomain: {{ .Values.global.connectivity.baseDomain }}
proxy_service:
enabled: "no"
https_keypairs: []
diff --git a/helm/cluster-cloud-director/templates/_cluster_dns.tpl b/helm/cluster-cloud-director/templates/_cluster_dns.tpl
index 298910f6..d862fa6e 100644
--- a/helm/cluster-cloud-director/templates/_cluster_dns.tpl
+++ b/helm/cluster-cloud-director/templates/_cluster_dns.tpl
@@ -10,11 +10,11 @@
replaced with .10.
*/}}
{{- define "clusterDNS" -}}
- {{- $serviceCidrBlock := index .Values.connectivity.network.services.cidrBlocks 0 -}}
+ {{- $serviceCidrBlock := index .Values.global.connectivity.network.services.cidrBlocks 0 -}}
{{- $mask := int (mustRegexReplaceAll `^.*/(\d+)$` $serviceCidrBlock "${1}") -}}
{{- if gt $mask 24 -}}
- {{- fail (printf ".Values.connectivity.network.services.cidrBlocks[0]=%q mask must be <= 24" $serviceCidrBlock) -}}
+ {{- fail (printf ".Values.global.connectivity.network.services.cidrBlocks[0]=%q mask must be <= 24" $serviceCidrBlock) -}}
{{- end -}}
{{- mustRegexReplaceAll `^(\d+\.\d+\.\d+).*$` $serviceCidrBlock "${1}.10" -}}
diff --git a/helm/cluster-cloud-director/templates/_helpers.tpl b/helm/cluster-cloud-director/templates/_helpers.tpl
index da6ba7aa..8a71ed1f 100644
--- a/helm/cluster-cloud-director/templates/_helpers.tpl
+++ b/helm/cluster-cloud-director/templates/_helpers.tpl
@@ -76,7 +76,7 @@ use the cluster-apps-operator created secret -cluster-values as def
*/}}
{{- define "containerdProxySecret" -}}
{{- $defaultContainerdProxySecret := printf "%s-systemd-proxy" (include "resource.default.name" . ) -}}
-{{ .Values.connectivity.proxy.secretName | default $defaultContainerdProxySecret }}
+{{ .Values.global.connectivity.proxy.secretName | default $defaultContainerdProxySecret }}
{{- end -}}
{{- define "containerdProxyConfig" -}}
@@ -110,7 +110,7 @@ use the cluster-apps-operator created secret -cluster-values as def
[Service]
Type=oneshot
RemainAfterExit=yes
- {{- range $.Values.connectivity.network.staticRoutes}}
+ {{- range $.Values.global.connectivity.network.staticRoutes}}
ExecStart=/bin/bash -c "ip route add {{ .destination }} via {{ .via }}"
{{- end -}}
{{- end }}
@@ -174,16 +174,16 @@ files:
{{- end }}
{{- include "sshFiles" . | nindent 2}}
{{- include "containerdConfig" . | nindent 2 }}
-{{- if $.Values.connectivity.proxy.enabled }}
+{{- if $.Values.global.connectivity.proxy.enabled }}
{{- include "containerdProxyConfig" . | nindent 2}}
{{- end }}
-{{- if and $.Values.internal.teleport.enabled $.Values.connectivity.proxy.enabled }}
+{{- if and $.Values.internal.teleport.enabled $.Values.global.connectivity.proxy.enabled }}
{{- include "teleportProxyConfig" . | nindent 2}}
{{- end }}
{{- if $.Values.internal.teleport.enabled }}
{{- include "teleportFiles" . | nindent 2}}
{{- end }}
-{{- if $.Values.connectivity.network.staticRoutes }}
+{{- if $.Values.global.connectivity.network.staticRoutes }}
{{- if eq $.Values.providerSpecific.vmBootstrapFormat "cloud-config" }}
{{- include "staticRoutes" . | nindent 2}}
{{- end }}
@@ -191,12 +191,12 @@ files:
preKubeadmCommands:
- /bin/test ! -d /var/lib/kubelet && (/bin/mkdir -p /var/lib/kubelet && /bin/chmod 0750 /var/lib/kubelet)
-{{- if $.Values.connectivity.proxy.enabled }}
+{{- if $.Values.global.connectivity.proxy.enabled }}
- systemctl daemon-reload
- systemctl restart containerd
{{- end }}
{{- include "hostEntries" .}}
-{{- if $.Values.connectivity.network.staticRoutes }}
+{{- if $.Values.global.connectivity.network.staticRoutes }}
{{- if eq $.Values.providerSpecific.vmBootstrapFormat "cloud-config" }}
- systemctl daemon-reload
- systemctl enable --now static-routes.service
@@ -236,9 +236,9 @@ placementPolicy: {{ .currentClass.placementPolicy }}
storageProfile: {{ .currentClass.storageProfile }}
diskSize: {{ mul .currentClass.diskSizeGB 1024 1024 1024 }}
vmNamingTemplate: {{ $.providerSpecific.vmNamingTemplate }}
-{{- if $.connectivity.network.extraOvdcNetworks }}
+{{- if $.global.connectivity.network.extraOvdcNetworks }}
extraOvdcNetworks:
- {{- range $.connectivity.network.extraOvdcNetworks }}
+ {{- range $.global.connectivity.network.extraOvdcNetworks }}
- {{ . }}
{{- end }}
{{- end -}}
diff --git a/helm/cluster-cloud-director/templates/_ignition.tpl b/helm/cluster-cloud-director/templates/_ignition.tpl
index 86ba427a..ceb3f2a0 100644
--- a/helm/cluster-cloud-director/templates/_ignition.tpl
+++ b/helm/cluster-cloud-director/templates/_ignition.tpl
@@ -59,9 +59,9 @@ ignition:
Type=oneshot
RemainAfterExit=yes
ExecStart=/usr/bin/bash -cv 'echo "$("$(find /usr/bin /usr/share/oem -name vmtoolsd -type f -executable 2>/dev/null | head -n 1)" --cmd "info-get guestinfo.ignition.network")" > /opt/set-networkd-units'
- {{- if $.Values.connectivity.network.staticRoutes }}
+ {{- if $.Values.global.connectivity.network.staticRoutes }}
ExecStart=/usr/bin/bash -cv 'echo "sleep 3" >> /opt/set-networkd-units'
- {{- range $.Values.connectivity.network.staticRoutes}}
+ {{- range $.Values.global.connectivity.network.staticRoutes}}
ExecStart=/usr/bin/bash -cv 'echo "sudo ip route add {{ .destination }} via {{ .via }}" >> /opt/set-networkd-units'
{{- end }}
{{- end }}
diff --git a/helm/cluster-cloud-director/templates/_ntp.tpl b/helm/cluster-cloud-director/templates/_ntp.tpl
index e91d02d9..1f4726c2 100644
--- a/helm/cluster-cloud-director/templates/_ntp.tpl
+++ b/helm/cluster-cloud-director/templates/_ntp.tpl
@@ -2,15 +2,15 @@
# This file should be self-sufficient. Don't call any functions from _helpers.tpl
{{- define "ntpFiles" -}}
-{{- if or $.Values.connectivity.ntp.pools $.Values.connectivity.ntp.servers -}}
+{{- if or $.Values.global.connectivity.ntp.pools $.Values.global.connectivity.ntp.servers -}}
- path: /etc/chrony/chrony.conf
permissions: "0644"
content: |
- {{- range $.Values.connectivity.ntp.pools }}
+ {{- range $.Values.global.connectivity.ntp.pools }}
pool {{.}} iburst
{{- end }}
- {{- range $.Values.connectivity.ntp.servers }}
+ {{- range $.Values.global.connectivity.ntp.servers }}
server {{.}} iburst
{{- end }}
@@ -29,14 +29,14 @@
{{- end }}
{{- define "ntpPostKubeadmCommands" -}}
-{{- if or $.Values.connectivity.ntp.pools $.Values.connectivity.ntp.servers }}
+{{- if or $.Values.global.connectivity.ntp.pools $.Values.global.connectivity.ntp.servers }}
- systemctl daemon-reload
- systemctl restart chrony
{{- end -}}
{{- end -}}
{{- define "ntpIgnition" -}}
-{{- with $.Values.connectivity.ntp }}
+{{- with $.Values.global.connectivity.ntp }}
{{- if or .pools .servers -}}
- path: /etc/systemd/timesyncd.conf
mode: 0644
diff --git a/helm/cluster-cloud-director/templates/_ssh.tpl b/helm/cluster-cloud-director/templates/_ssh.tpl
index 5ef25a4d..cfa7cb64 100644
--- a/helm/cluster-cloud-director/templates/_ssh.tpl
+++ b/helm/cluster-cloud-director/templates/_ssh.tpl
@@ -3,11 +3,11 @@
{{- define "sshFiles" -}}
-{{- if $.Values.connectivity.shell.sshTrustedUserCAKeys -}}
+{{- if $.Values.global.connectivity.shell.sshTrustedUserCAKeys -}}
- path: /etc/ssh/trusted-user-ca-keys.pem
permissions: "0600"
content: |
- {{- range $.Values.connectivity.shell.sshTrustedUserCAKeys }}
+ {{- range $.Values.global.connectivity.shell.sshTrustedUserCAKeys }}
{{.}}
{{- end }}
- path: /etc/ssh/sshd_config
@@ -22,8 +22,8 @@
{{- end -}}
{{- define "sshUsers" -}}
-{{- if $.Values.connectivity.shell.osUsers -}}
+{{- if $.Values.global.connectivity.shell.osUsers -}}
users:
- {{- $.Values.connectivity.shell.osUsers | toYaml | nindent 2 }}
+ {{- $.Values.global.connectivity.shell.osUsers | toYaml | nindent 2 }}
{{- end }}
{{- end -}}
diff --git a/helm/cluster-cloud-director/templates/cilium-helmrelease.yaml b/helm/cluster-cloud-director/templates/cilium-helmrelease.yaml
index 7ece6281..27854969 100644
--- a/helm/cluster-cloud-director/templates/cilium-helmrelease.yaml
+++ b/helm/cluster-cloud-director/templates/cilium-helmrelease.yaml
@@ -32,7 +32,7 @@ spec:
values:
ipam:
mode: kubernetes
- k8sServiceHost: api.{{ include "resource.default.name" $ }}.{{ .Values.baseDomain }}
+ k8sServiceHost: api.{{ include "resource.default.name" $ }}.{{ .Values.global.connectivity.baseDomain }}
k8sServicePort: "6443"
kubeProxyReplacement: strict
hubble:
diff --git a/helm/cluster-cloud-director/templates/cloud-provider-cloud-director-helmrelease.yaml b/helm/cluster-cloud-director/templates/cloud-provider-cloud-director-helmrelease.yaml
index 6c74e4ff..368c4471 100644
--- a/helm/cluster-cloud-director/templates/cloud-provider-cloud-director-helmrelease.yaml
+++ b/helm/cluster-cloud-director/templates/cloud-provider-cloud-director-helmrelease.yaml
@@ -58,7 +58,7 @@ spec:
ovdcNetwork: {{ .Values.providerSpecific.ovdcNetwork | quote }}
site: {{ .Values.providerSpecific.site | quote }}
vAppName: {{ include "resource.default.name" $ | quote }}
- vipSubnet: {{ .Values.connectivity.network.loadBalancers.vipSubnet }}
+ vipSubnet: {{ .Values.global.connectivity.network.loadBalancers.vipSubnet }}
enableVirtualServiceSharedIP: {{ .Values.providerSpecific.cloudProviderInterface.enableVirtualServiceSharedIP }}
oneArm:
enabled: {{ .Values.providerSpecific.cloudProviderInterface.oneArm.enabled }}
diff --git a/helm/cluster-cloud-director/templates/cluster.yaml b/helm/cluster-cloud-director/templates/cluster.yaml
index e0554ea7..0aeaa586 100644
--- a/helm/cluster-cloud-director/templates/cluster.yaml
+++ b/helm/cluster-cloud-director/templates/cluster.yaml
@@ -22,12 +22,12 @@ spec:
clusterNetwork:
pods:
cidrBlocks:
- {{- range .Values.connectivity.network.pods.cidrBlocks }}
+ {{- range .Values.global.connectivity.network.pods.cidrBlocks }}
- {{ . }}
{{- end }}
services:
cidrBlocks:
- {{- range .Values.connectivity.network.services.cidrBlocks }}
+ {{- range .Values.global.connectivity.network.services.cidrBlocks }}
- {{ . }}
{{- end }}
controlPlaneRef:
diff --git a/helm/cluster-cloud-director/templates/coredns-helmrelease.yaml b/helm/cluster-cloud-director/templates/coredns-helmrelease.yaml
index d4610ed2..8ce8ee22 100644
--- a/helm/cluster-cloud-director/templates/coredns-helmrelease.yaml
+++ b/helm/cluster-cloud-director/templates/coredns-helmrelease.yaml
@@ -35,10 +35,10 @@ spec:
values:
cluster:
calico:
- CIDR: {{ index .Values.connectivity.network.pods.cidrBlocks 0 | quote }}
+ CIDR: {{ index .Values.global.connectivity.network.pods.cidrBlocks 0 | quote }}
kubernetes:
API:
- clusterIPRange: {{ index .Values.connectivity.network.services.cidrBlocks 0 | quote }}
+ clusterIPRange: {{ index .Values.global.connectivity.network.services.cidrBlocks 0 | quote }}
DNS:
IP: {{ include "clusterDNS" $ | quote }}
global:
diff --git a/helm/cluster-cloud-director/templates/kubeadmcontrolplane.yaml b/helm/cluster-cloud-director/templates/kubeadmcontrolplane.yaml
index 04dcdfed..2fea7712 100644
--- a/helm/cluster-cloud-director/templates/kubeadmcontrolplane.yaml
+++ b/helm/cluster-cloud-director/templates/kubeadmcontrolplane.yaml
@@ -13,7 +13,7 @@ spec:
certSANs:
- localhost
- 127.0.0.1
- - "api.{{ include "resource.default.name" $ }}.{{ .Values.baseDomain }}"
+ - "api.{{ include "resource.default.name" $ }}.{{ .Values.global.connectivity.baseDomain }}"
{{- if .Values.controlPlane.certSANs }}
{{- range .Values.controlPlane.certSANs}}
- {{ . }}
@@ -125,13 +125,13 @@ spec:
{{- if eq $.Values.providerSpecific.vmBootstrapFormat "cloud-config" }}
{{- include "ntpFiles" . | nindent 6 }}
{{- end }}
- {{- if $.Values.connectivity.proxy.enabled }}
+ {{- if $.Values.global.connectivity.proxy.enabled }}
{{- include "containerdProxyConfig" . | nindent 6 }}
{{- end }}
{{- if $.Values.internal.teleport.enabled }}
{{- include "teleportFiles" . | nindent 6 }}
{{- end }}
- {{- if and $.Values.internal.teleport.enabled $.Values.connectivity.proxy.enabled }}
+ {{- if and $.Values.internal.teleport.enabled $.Values.global.connectivity.proxy.enabled }}
{{- include "teleportProxyConfig" . | nindent 6 }}
{{- end }}
{{- include "containerdConfig" . | nindent 6 }}
@@ -147,7 +147,7 @@ spec:
secret:
name: {{ include "resource.default.name" $ }}-encryption-provider-config
key: encryption
- {{- if $.Values.connectivity.network.staticRoutes }}
+ {{- if $.Values.global.connectivity.network.staticRoutes }}
{{- if eq $.Values.providerSpecific.vmBootstrapFormat "cloud-config" }}
{{- include "staticRoutes" . | nindent 6}}
{{- end }}
@@ -155,11 +155,11 @@ spec:
preKubeadmCommands:
- bash /etc/kubernetes/patches/kube-apiserver-patch.sh {{ .Values.controlPlane.resourceRatio }}
- /bin/test ! -d /var/lib/kubelet && (/bin/mkdir -p /var/lib/kubelet && /bin/chmod 0750 /var/lib/kubelet)
- {{- if $.Values.connectivity.proxy.enabled }}
+ {{- if $.Values.global.connectivity.proxy.enabled }}
- systemctl daemon-reload
- systemctl restart containerd
{{- end }}
- {{- if $.Values.connectivity.network.staticRoutes }}
+ {{- if $.Values.global.connectivity.network.staticRoutes }}
{{- if eq $.Values.providerSpecific.vmBootstrapFormat "cloud-config" }}
- systemctl daemon-reload
- systemctl enable --now static-routes.service
diff --git a/helm/cluster-cloud-director/templates/vcdcluster.yaml b/helm/cluster-cloud-director/templates/vcdcluster.yaml
index 2e749d29..e05c6fc4 100644
--- a/helm/cluster-cloud-director/templates/vcdcluster.yaml
+++ b/helm/cluster-cloud-director/templates/vcdcluster.yaml
@@ -14,7 +14,7 @@ spec:
ovdcNetwork: {{ .ovdcNetwork }}
{{- end }}
- {{- with .Values.connectivity.network }}
+ {{- with .Values.global.connectivity.network }}
# Picks an IP automatically if unset
{{- if and .controlPlaneEndpoint.host .controlPlaneEndpoint.port }}
controlPlaneEndpoint:
diff --git a/helm/cluster-cloud-director/values.schema.json b/helm/cluster-cloud-director/values.schema.json
index 57df811d..fa5eacaf 100644
--- a/helm/cluster-cloud-director/values.schema.json
+++ b/helm/cluster-cloud-director/values.schema.json
@@ -121,316 +121,15 @@
},
"type": "object",
"required": [
- "baseDomain",
"controlPlane",
- "connectivity",
"nodePools"
],
"additionalProperties": true,
"properties": {
- "baseDomain": {
- "type": "string",
- "title": "Base DNS domain",
- "default": "k8s.test"
- },
"cluster-shared": {
"type": "object",
"title": "Library chart"
},
- "connectivity": {
- "type": "object",
- "title": "Connectivity",
- "description": "Configurations related to cluster connectivity such as container registries.",
- "required": [
- "network"
- ],
- "additionalProperties": false,
- "properties": {
- "containerRegistries": {
- "type": "object",
- "title": "Container registries",
- "description": "Endpoints and credentials configuration for container registries.",
- "additionalProperties": {
- "type": "array",
- "items": {
- "type": "object",
- "required": [
- "endpoint"
- ],
- "additionalProperties": false,
- "properties": {
- "credentials": {
- "type": "object",
- "title": "Credentials",
- "description": "Credentials for the endpoint.",
- "additionalProperties": false,
- "properties": {
- "auth": {
- "type": "string",
- "title": "Auth",
- "description": "Base64-encoded string from the concatenation of the username, a colon, and the password."
- },
- "identitytoken": {
- "type": "string",
- "title": "Identity token",
- "description": "Used to authenticate the user and obtain an access token for the registry."
- },
- "password": {
- "type": "string",
- "title": "Password",
- "description": "Used to authenticate for the registry with username/password."
- },
- "username": {
- "type": "string",
- "title": "Username",
- "description": "Used to authenticate for the registry with username/password."
- }
- }
- },
- "endpoint": {
- "type": "string",
- "title": "Endpoint",
- "description": "Endpoint for the container registry."
- }
- }
- }
- },
- "default": {}
- },
- "network": {
- "type": "object",
- "title": "Network",
- "required": [
- "loadBalancers",
- "pods",
- "services"
- ],
- "additionalProperties": false,
- "properties": {
- "controlPlaneEndpoint": {
- "type": "object",
- "title": "Control plane endpoint",
- "description": "Kubernetes API endpoint.",
- "additionalProperties": false,
- "properties": {
- "host": {
- "type": "string",
- "title": "Host"
- },
- "port": {
- "type": "integer",
- "title": "Port number",
- "default": 6443
- }
- }
- },
- "extraOvdcNetworks": {
- "type": "array",
- "title": "Extra OVDC networks",
- "description": "OVDC networks to attach VMs to, additionally.",
- "items": {
- "type": "string"
- }
- },
- "hostEntries": {
- "type": "array",
- "title": "Host entries",
- "items": {
- "type": "object",
- "required": [
- "ip",
- "fqdn"
- ],
- "additionalProperties": false,
- "properties": {
- "fqdn": {
- "type": "string",
- "title": "FQDN"
- },
- "ip": {
- "type": "string",
- "title": "IP address",
- "format": "ipv4"
- }
- }
- }
- },
- "loadBalancers": {
- "type": "object",
- "title": "Load Balancers",
- "required": [
- "vipSubnet"
- ],
- "additionalProperties": false,
- "properties": {
- "vipSubnet": {
- "type": "string",
- "title": "Virtual IP subnet",
- "description": "Virtual IP CIDR for the external network."
- }
- }
- },
- "pods": {
- "type": "object",
- "title": "Pods",
- "required": [
- "cidrBlocks"
- ],
- "additionalProperties": false,
- "properties": {
- "cidrBlocks": {
- "$ref": "#/$defs/cidrBlocks",
- "title": "Pod subnets",
- "default": [
- "10.244.0.0/16"
- ]
- }
- }
- },
- "services": {
- "type": "object",
- "title": "Services",
- "required": [
- "cidrBlocks"
- ],
- "additionalProperties": false,
- "properties": {
- "cidrBlocks": {
- "$ref": "#/$defs/cidrBlocks",
- "title": "Service subnets",
- "default": [
- "172.31.0.0/16"
- ]
- }
- }
- },
- "staticRoutes": {
- "type": "array",
- "title": "Static routes",
- "items": {
- "type": "object",
- "required": [
- "destination",
- "via"
- ],
- "additionalProperties": false,
- "properties": {
- "destination": {
- "type": "string",
- "title": "Destination",
- "description": "IPv4 address range in CIDR notation.",
- "examples": [
- "10.128.0.0/16"
- ]
- },
- "via": {
- "type": "string",
- "title": "Via",
- "format": "ipv4"
- }
- }
- }
- }
- }
- },
- "ntp": {
- "type": "object",
- "title": "Time synchronization (NTP)",
- "description": "Servers/pools to synchronize this cluster's clocks with.",
- "additionalProperties": false,
- "properties": {
- "pools": {
- "type": "array",
- "title": "Pools",
- "items": {
- "type": "string",
- "title": "Pool",
- "examples": [
- "ntp.ubuntu.com"
- ]
- }
- },
- "servers": {
- "type": "array",
- "title": "Servers",
- "items": {
- "type": "string",
- "title": "Server"
- }
- }
- }
- },
- "proxy": {
- "type": "object",
- "title": "Proxy",
- "description": "Whether/how outgoing traffic is routed through proxy servers.",
- "additionalProperties": false,
- "properties": {
- "enabled": {
- "type": "boolean",
- "title": "Enable"
- },
- "secretName": {
- "type": "string",
- "title": "Secret name",
- "description": "Name of a secret resource used by containerd to obtain the HTTP_PROXY, HTTPS_PROXY, and NO_PROXY environment variables. If empty the value will be defaulted to -cluster-values.",
- "pattern": "^[a-z0-9-]{0,63}$"
- }
- }
- },
- "shell": {
- "type": "object",
- "title": "Shell access",
- "additionalProperties": false,
- "properties": {
- "osUsers": {
- "type": "array",
- "title": "OS Users",
- "description": "Configuration for OS users in cluster nodes.",
- "items": {
- "type": "object",
- "title": "User",
- "required": [
- "name"
- ],
- "additionalProperties": false,
- "properties": {
- "name": {
- "type": "string",
- "title": "Name",
- "description": "Username of the user.",
- "minLength": 2,
- "pattern": "^[a-z][-a-z0-9]+$"
- },
- "sudo": {
- "type": "string",
- "title": "Sudoers configuration",
- "description": "Permissions string to add to /etc/sudoers for this user."
- }
- }
- },
- "default": [
- {
- "name": "giantswarm",
- "sudo": "ALL=(ALL) NOPASSWD:ALL"
- }
- ]
- },
- "sshTrustedUserCAKeys": {
- "type": "array",
- "title": "Trusted SSH cert issuers",
- "description": "CA certificates of issuers that are trusted to sign SSH user certificates.",
- "items": {
- "type": "string"
- },
- "default": [
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM4cvZ01fLmO9cJbWUj7sfF+NhECgy+Cl0bazSrZX7sU vault-ca@vault.operations.giantswarm.io"
- ]
- }
- }
- }
- }
- },
"controlPlane": {
"type": "object",
"title": "Control plane",
@@ -557,7 +256,309 @@
"global": {
"type": "object",
"title": "Global parameters",
+ "required": [
+ "connectivity"
+ ],
"properties": {
+ "connectivity": {
+ "type": "object",
+ "title": "Connectivity",
+ "description": "Configurations related to cluster connectivity such as container registries.",
+ "required": [
+ "baseDomain",
+ "network"
+ ],
+ "additionalProperties": false,
+ "properties": {
+ "baseDomain": {
+ "type": "string",
+ "title": "Base DNS domain"
+ },
+ "containerRegistries": {
+ "type": "object",
+ "title": "Container registries",
+ "description": "Endpoints and credentials configuration for container registries.",
+ "additionalProperties": {
+ "type": "array",
+ "items": {
+ "type": "object",
+ "required": [
+ "endpoint"
+ ],
+ "additionalProperties": false,
+ "properties": {
+ "credentials": {
+ "type": "object",
+ "title": "Credentials",
+ "description": "Credentials for the endpoint.",
+ "additionalProperties": false,
+ "properties": {
+ "auth": {
+ "type": "string",
+ "title": "Auth",
+ "description": "Base64-encoded string from the concatenation of the username, a colon, and the password."
+ },
+ "identitytoken": {
+ "type": "string",
+ "title": "Identity token",
+ "description": "Used to authenticate the user and obtain an access token for the registry."
+ },
+ "password": {
+ "type": "string",
+ "title": "Password",
+ "description": "Used to authenticate for the registry with username/password."
+ },
+ "username": {
+ "type": "string",
+ "title": "Username",
+ "description": "Used to authenticate for the registry with username/password."
+ }
+ }
+ },
+ "endpoint": {
+ "type": "string",
+ "title": "Endpoint",
+ "description": "Endpoint for the container registry."
+ }
+ }
+ }
+ },
+ "default": {}
+ },
+ "network": {
+ "type": "object",
+ "title": "Network",
+ "required": [
+ "loadBalancers",
+ "pods",
+ "services"
+ ],
+ "additionalProperties": false,
+ "properties": {
+ "controlPlaneEndpoint": {
+ "type": "object",
+ "title": "Control plane endpoint",
+ "description": "Kubernetes API endpoint.",
+ "additionalProperties": false,
+ "properties": {
+ "host": {
+ "type": "string",
+ "title": "Host"
+ },
+ "port": {
+ "type": "integer",
+ "title": "Port number",
+ "default": 6443
+ }
+ }
+ },
+ "extraOvdcNetworks": {
+ "type": "array",
+ "title": "Extra OVDC networks",
+ "description": "OVDC networks to attach VMs to, additionally.",
+ "items": {
+ "type": "string"
+ }
+ },
+ "hostEntries": {
+ "type": "array",
+ "title": "Host entries",
+ "items": {
+ "type": "object",
+ "required": [
+ "ip",
+ "fqdn"
+ ],
+ "additionalProperties": false,
+ "properties": {
+ "fqdn": {
+ "type": "string",
+ "title": "FQDN"
+ },
+ "ip": {
+ "type": "string",
+ "title": "IP address",
+ "format": "ipv4"
+ }
+ }
+ }
+ },
+ "loadBalancers": {
+ "type": "object",
+ "title": "Load Balancers",
+ "required": [
+ "vipSubnet"
+ ],
+ "additionalProperties": false,
+ "properties": {
+ "vipSubnet": {
+ "type": "string",
+ "title": "Virtual IP subnet",
+ "description": "Virtual IP CIDR for the external network."
+ }
+ }
+ },
+ "pods": {
+ "type": "object",
+ "title": "Pods",
+ "required": [
+ "cidrBlocks"
+ ],
+ "additionalProperties": false,
+ "properties": {
+ "cidrBlocks": {
+ "$ref": "#/$defs/cidrBlocks",
+ "title": "Pod subnets",
+ "default": [
+ "10.244.0.0/16"
+ ]
+ }
+ }
+ },
+ "services": {
+ "type": "object",
+ "title": "Services",
+ "required": [
+ "cidrBlocks"
+ ],
+ "additionalProperties": false,
+ "properties": {
+ "cidrBlocks": {
+ "$ref": "#/$defs/cidrBlocks",
+ "title": "Service subnets",
+ "default": [
+ "172.31.0.0/16"
+ ]
+ }
+ }
+ },
+ "staticRoutes": {
+ "type": "array",
+ "title": "Static routes",
+ "items": {
+ "type": "object",
+ "required": [
+ "destination",
+ "via"
+ ],
+ "additionalProperties": false,
+ "properties": {
+ "destination": {
+ "type": "string",
+ "title": "Destination",
+ "description": "IPv4 address range in CIDR notation.",
+ "examples": [
+ "10.128.0.0/16"
+ ]
+ },
+ "via": {
+ "type": "string",
+ "title": "Via",
+ "format": "ipv4"
+ }
+ }
+ }
+ }
+ }
+ },
+ "ntp": {
+ "type": "object",
+ "title": "Time synchronization (NTP)",
+ "description": "Servers/pools to synchronize this cluster's clocks with.",
+ "additionalProperties": false,
+ "properties": {
+ "pools": {
+ "type": "array",
+ "title": "Pools",
+ "items": {
+ "type": "string",
+ "title": "Pool",
+ "examples": [
+ "ntp.ubuntu.com"
+ ]
+ }
+ },
+ "servers": {
+ "type": "array",
+ "title": "Servers",
+ "items": {
+ "type": "string",
+ "title": "Server"
+ }
+ }
+ }
+ },
+ "proxy": {
+ "type": "object",
+ "title": "Proxy",
+ "description": "Whether/how outgoing traffic is routed through proxy servers.",
+ "additionalProperties": false,
+ "properties": {
+ "enabled": {
+ "type": "boolean",
+ "title": "Enable"
+ },
+ "secretName": {
+ "type": "string",
+ "title": "Secret name",
+ "description": "Name of a secret resource used by containerd to obtain the HTTP_PROXY, HTTPS_PROXY, and NO_PROXY environment variables. If empty the value will be defaulted to -cluster-values.",
+ "pattern": "^[a-z0-9-]{0,63}$"
+ }
+ }
+ },
+ "shell": {
+ "type": "object",
+ "title": "Shell access",
+ "additionalProperties": false,
+ "properties": {
+ "osUsers": {
+ "type": "array",
+ "title": "OS Users",
+ "description": "Configuration for OS users in cluster nodes.",
+ "items": {
+ "type": "object",
+ "title": "User",
+ "required": [
+ "name"
+ ],
+ "additionalProperties": false,
+ "properties": {
+ "name": {
+ "type": "string",
+ "title": "Name",
+ "description": "Username of the user.",
+ "minLength": 2,
+ "pattern": "^[a-z][-a-z0-9]+$"
+ },
+ "sudo": {
+ "type": "string",
+ "title": "Sudoers configuration",
+ "description": "Permissions string to add to /etc/sudoers for this user."
+ }
+ }
+ },
+ "default": [
+ {
+ "name": "giantswarm",
+ "sudo": "ALL=(ALL) NOPASSWD:ALL"
+ }
+ ]
+ },
+ "sshTrustedUserCAKeys": {
+ "type": "array",
+ "title": "Trusted SSH cert issuers",
+ "description": "CA certificates of issuers that are trusted to sign SSH user certificates.",
+ "items": {
+ "type": "string"
+ },
+ "default": [
+ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM4cvZ01fLmO9cJbWUj7sfF+NhECgy+Cl0bazSrZX7sU vault-ca@vault.operations.giantswarm.io"
+ ]
+ }
+ }
+ }
+ }
+ },
"podSecurityStandards": {
"type": "object",
"title": "Pod Security Standards",
diff --git a/helm/cluster-cloud-director/values.yaml b/helm/cluster-cloud-director/values.yaml
index e691ed37..77fdd80d 100644
--- a/helm/cluster-cloud-director/values.yaml
+++ b/helm/cluster-cloud-director/values.yaml
@@ -1,26 +1,5 @@
# Auto-generated by helm-values-gen, do not edit!
-baseDomain: k8s.test
-connectivity:
- containerRegistries: {}
- network:
- controlPlaneEndpoint:
- port: 6443
- loadBalancers: {}
- pods:
- cidrBlocks:
- - 10.244.0.0/16
- services:
- cidrBlocks:
- - 172.31.0.0/16
- ntp: {}
- proxy: {}
- shell:
- osUsers:
- - name: giantswarm
- sudo: ALL=(ALL) NOPASSWD:ALL
- sshTrustedUserCAKeys:
- - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM4cvZ01fLmO9cJbWUj7sfF+NhECgy+Cl0bazSrZX7sU vault-ca@vault.operations.giantswarm.io
controlPlane:
catalog: giantswarm
image:
@@ -30,6 +9,26 @@ controlPlane:
resourceRatio: 8
template: flatcar-stable-3815.2.1-kube-v1.25.16
global:
+ connectivity:
+ containerRegistries: {}
+ network:
+ controlPlaneEndpoint:
+ port: 6443
+ loadBalancers: {}
+ pods:
+ cidrBlocks:
+ - 10.244.0.0/16
+ services:
+ cidrBlocks:
+ - 172.31.0.0/16
+ ntp: {}
+ proxy: {}
+ shell:
+ osUsers:
+ - name: giantswarm
+ sudo: ALL=(ALL) NOPASSWD:ALL
+ sshTrustedUserCAKeys:
+ - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM4cvZ01fLmO9cJbWUj7sfF+NhECgy+Cl0bazSrZX7sU vault-ca@vault.operations.giantswarm.io
podSecurityStandards:
enforced: true
internal: