diff --git a/.github/release-please/manifest.json b/.github/release-please/manifest.json index 0ddebad05c..279622b1d8 100644 --- a/.github/release-please/manifest.json +++ b/.github/release-please/manifest.json @@ -1 +1 @@ -{"charts/base-cluster":"6.5.1","charts/teuto-portal-k8s-worker":"3.1.1","charts/t8s-cluster":"8.1.0","charts/stellio-context-broker":"0.1.0","charts/chirpstack":"0.1.0","charts/common":"1.2.0","charts/ckan":"1.1.4"} +{"charts/base-cluster":"6.6.3","charts/teuto-portal-k8s-worker":"3.1.1","charts/t8s-cluster":"8.3.2","charts/stellio-context-broker":"0.1.0","charts/chirpstack":"0.1.0","charts/common":"1.2.1","charts/ckan":"1.1.7"} diff --git a/.github/scripts/create-values-diff.sh b/.github/scripts/create-values-diff.sh index 7f95ac8c50..1190d8f3b1 100755 --- a/.github/scripts/create-values-diff.sh +++ b/.github/scripts/create-values-diff.sh @@ -14,7 +14,7 @@ if [[ -v 3 ]]; then dryRun=true ;; *) - echo "Option '$3' not supported" >/dev/stderr + echo "Option '$3' not supported" >&2 exit 1 ;; esac @@ -23,7 +23,7 @@ else fi if yq -e '.type == "library"' "$chart/Chart.yaml" >/dev/null; then - echo "Skipping library chart '$chart'" >/dev/stderr + echo "Skipping library chart '$chart'" >&2 exit 0 fi @@ -89,6 +89,7 @@ function generateComment() { sleep 2 done + echo "" echo :robot: I have diffed this *beep* *boop* echo --- # shellcheck disable=SC2016 @@ -112,13 +113,7 @@ function createComment() { local issue="$1" local body="$2" - jq -cn --rawfile body <(echo "$body") '{body: $body}' | - curl --silent --fail-with-body \ - -X POST \ - -H 'Accept: application/vnd.github+json' \ - -H "Authorization: token ${GITHUB_TOKEN}" \ - "${GITHUB_API_REPO_URL}/issues/${issue}/comments" \ - -d @- + gh pr comment "${issue}" -b "$body" } function updateComment() { @@ -126,6 +121,7 @@ function updateComment() { local commentId="$2" local body="$3" + # needs to use the "manual" way, as `gh` doesn't support updating a specifc comment; https://github.com/cli/cli/issues/3613 jq -cn --rawfile body <(echo "$body") '{body: $body}' | curl --silent --fail-with-body \ -X PATCH \ @@ -138,14 +134,8 @@ function updateComment() { body=$(generateComment "$chart") if [[ "$dryRun" == false ]]; then - existingCommentId="$( - curl --silent --fail-with-body \ - -H 'Accept: application/vnd.github+json' \ - -H "Authorization: token ${GITHUB_TOKEN}" \ - "${GITHUB_API_REPO_URL}/issues/${issue}/comments" | - jq -r 'map(select(.body | contains(":robot: I have diffed this *beep* *boop*")))[0].id' - )" - if [[ "$existingCommentId" != null ]]; then + # cannot use `gh pr/issue view --json comments` as the returned id is incorrect + if existingCommentId="$(gh api "repos/${GITHUB_REPOSITORY}/issues/${issue}/comments" | jq -er 'map(select(.body | contains("")))[0].id')"; then updateComment "$issue" "$existingCommentId" "$body" else createComment "$issue" "$body" diff --git a/.github/scripts/enforce-trusted-registries.sh b/.github/scripts/enforce-trusted-registries.sh index c98deacc6e..9f31604d20 100755 --- a/.github/scripts/enforce-trusted-registries.sh +++ b/.github/scripts/enforce-trusted-registries.sh @@ -10,7 +10,7 @@ function getUntrustedImages() { local chart="${1?}" local trustedImagesRegex - trustedImagesRegex="$(yq -r -f .github/scripts/trusted_images_regex.jq <.github/trusted_registries.yaml)" + trustedImagesRegex="$(yq -r -f .github/scripts/trusted_images_regex.jq .github/trusted_registries.yaml)" yq -r '.annotations["artifacthub.io/images"]' "$chart/Chart.yaml" | yq -r '.[] | .image' | @@ -22,18 +22,18 @@ function enforceTrustedImages() { local chart="${1?}" local untrustedImages=() if yq -e '.type == "library"' "$chart/Chart.yaml" >/dev/null; then - echo "Skipping library chart '$chart'" >/dev/stderr + echo "Skipping library chart '$chart'" >&2 return 0 fi mapfile -t untrustedImages < <(getUntrustedImages "$chart") if [[ "${#untrustedImages[@]}" -gt 0 ]]; then - echo "found ${#untrustedImages[@]} untrusted images in '$chart', please fix;" >/dev/stderr + echo "found ${#untrustedImages[@]} untrusted images in '$chart', please fix;" >&2 for untrustedImage in "${untrustedImages[@]}"; do - echo " > $untrustedImage, found in the following resources:" >/dev/stderr + echo " > $untrustedImage, found in the following resources:" >&2 # shellcheck disable=SC2016 yq --arg image "$untrustedImage" -r '.annotations["artifacthub.io/images"] | split("\n")[] | select(contains($image))' "$chart/Chart.yaml" | - awk '{print " - " $NF}' >/dev/stderr + awk '{print " - " $NF}' >&2 done return 1 fi diff --git a/.github/scripts/extract-artifacthub-images.sh b/.github/scripts/extract-artifacthub-images.sh index 18437fcffa..66d943c7fb 100755 --- a/.github/scripts/extract-artifacthub-images.sh +++ b/.github/scripts/extract-artifacthub-images.sh @@ -25,7 +25,7 @@ function getImages() { rm -f -- */HelmRelease/*.yaml grep -Er '\s+image: \S+$' | grep -v 'artifacthub-ignore' | - awk '{print $3 " # " $1}' | + awk '{print ($2 == "-" ? $4 : $3) " # " $1}' | tr -d '"' | sed 's#:$##' | sort -k1 -k2 | @@ -45,7 +45,7 @@ function updateChartYaml() { ( echo "artifacthub.io/images: |" getImages "$chart" "$existingDir" | awk '{print " " $0}' - ) | tee "$tmpDir/images.yaml" >/dev/stderr + ) | tee "$tmpDir/images.yaml" >&2 if yq -e .annotations "$chart/Chart.yaml" >/dev/null; then yq -y '.annotations | del(.["artifacthub.io/images"])' "$chart/Chart.yaml" >"$tmpDir/annotations.yaml" @@ -66,19 +66,19 @@ function updateChartYaml() { if [[ "$#" -ge 1 ]]; then if ! [[ -d "$1" ]]; then - echo "Invalid chart directory '$1', exiting" >/dev/stderr + echo "Invalid chart directory '$1', exiting" >&2 exit 1 fi if yq -e '.type == "library"' "$1/Chart.yaml" >/dev/null; then - echo "Skipping library chart '$1'" >/dev/stderr + echo "Skipping library chart '$1'" >&2 exit 0 fi if ! [[ -f "$1/ci/artifacthub-values.yaml" ]]; then - echo "There is no 'artifacthub-values.yaml' in 'charts/$1/ci', exiting" >/dev/stderr + echo "There is no 'artifacthub-values.yaml' in 'charts/$1/ci', exiting" >&2 exit 1 fi if [[ -v 2 ]] && ! [[ -d "$2/artifacthub-values" ]]; then - echo "Missing artifacthub-values directory '$2', exiting" >/dev/stderr + echo "Missing artifacthub-values directory '$2', exiting" >&2 exit 1 fi updateChartYaml "$1" "${2:-}" @@ -88,7 +88,7 @@ else [[ -f "$chart/ci/artifacthub-values.yaml" ]] || continue if yq -e '.type == "library"' "$chart/Chart.yaml" >/dev/null; then - echo "Skipping library chart '$chart'" >/dev/stderr + echo "Skipping library chart '$chart'" >&2 exit 0 fi updateChartYaml "$chart" diff --git a/.github/scripts/prepare-values.sh b/.github/scripts/prepare-values.sh index 75fbc189d1..56f2c0f262 100755 --- a/.github/scripts/prepare-values.sh +++ b/.github/scripts/prepare-values.sh @@ -22,7 +22,7 @@ function prepare-values() { values="$chart/values.yaml" mergeYaml "$values" "$commonValues" | sponge "$values" if [[ "$RUNNER_DEBUG" == 1 ]]; then - cat "$values" >/dev/stderr + cat "$values" >&2 fi fi for valuesScript in "$chart/ci/"*-gen-values.sh; do @@ -30,7 +30,7 @@ function prepare-values() { values="${valuesScript/.sh/.yaml}" "$valuesScript" | yq -y | sponge "$values" if [[ "$RUNNER_DEBUG" == 1 ]]; then - cat "$values" >/dev/stderr + cat "$values" >&2 fi done } diff --git a/.github/scripts/splitYamlIntoDir b/.github/scripts/splitYamlIntoDir index 1ff4ca532c..90cb6acdef 100755 --- a/.github/scripts/splitYamlIntoDir +++ b/.github/scripts/splitYamlIntoDir @@ -23,7 +23,7 @@ function splitYamlIntoDir() { resourceName="$dir/$namespace/$kind/$name.yaml" if [[ -f "$resourceName" ]]; then - echo "'$resourceName' shouldn't already exist" >/dev/stderr + echo "'$resourceName' shouldn't already exist" >&2 return 1 fi mkdir -p "$(dirname "$resourceName")" diff --git a/.github/scripts/templateHelmChart.sh b/.github/scripts/templateHelmChart.sh index c3c94effcd..f1e9219c78 100755 --- a/.github/scripts/templateHelmChart.sh +++ b/.github/scripts/templateHelmChart.sh @@ -50,7 +50,7 @@ function templateHelmRelease() { namespace=$(yq <<<"$helmReleaseYaml" -er '.spec.targetNamespace // .metadata.namespace') releaseName=$(yq <<<"$helmReleaseYaml" -er '.spec.releaseName // .metadata.name') values=$(yq <<<"$helmReleaseYaml" -y -r .spec.values) - echo "Templating '$namespace/$releaseName'" >/dev/stderr + echo "Templating '$namespace/$releaseName'" >&2 sourceNamespace=$(yq <<<"$helmReleaseYaml" -er ".spec.chart.spec.sourceRef.namespace // \"$namespace\"") sourceName=$(yq <<<"$helmReleaseYaml" -er .spec.chart.spec.sourceRef.name) @@ -58,7 +58,7 @@ function templateHelmRelease() { sourceYaml=$(yq <<<"$yaml" -rys '[.[] | select(.kind == "'"$sourceKind"'")][]') sourceResource=$(yq <<<"$sourceYaml" -rys "[.[] | select( (.metadata.namespace == \"$sourceNamespace\") and (.metadata.name == \"$sourceName\") )][0]") if [[ "$sourceResource" =~ .*"null".* ]]; then - echo "Failed to get source '$sourceNamespace/$sourceKind/$sourceName'" >/dev/stderr + echo "Failed to get source '$sourceNamespace/$sourceKind/$sourceName'" >&2 return 0 fi chartName="$(yq <<<"$helmReleaseYaml" -er .spec.chart.spec.chart)" @@ -83,7 +83,7 @@ function templateHelmRelease() { args+=("$helmRepositoryUrl/$chartName") ;; *) - echo "'$helmRepositoryUrl' is not supported" >/dev/stderr + echo "'$helmRepositoryUrl' is not supported" >&2 return 1 ;; esac @@ -91,7 +91,7 @@ function templateHelmRelease() { helm <<<"$values" template --namespace "$namespace" "${args[@]}" --version "$chartVersion" --values - ;; *) - echo "'$sourceKind' is not implemented" >/dev/stderr + echo "'$sourceKind' is not implemented" >&2 ;; esac } @@ -103,7 +103,7 @@ function templateLocalHelmChart() { chart="$(basename "$chartPath")" local tmpDir tmpDir=$(mktemp -d -p "$TMP_DIR") - echo "Templating '$chart' with '$values'" >/dev/stderr + echo "Templating '$chart' with '$values'" >&2 cp -r "$chartPath" "$tmpDir/$chart" helm dependency update "$tmpDir/$chart" >/dev/null helm template "$chart" "$tmpDir/$chart" --values "$values" @@ -133,7 +133,7 @@ function templateRemoteHelmChart() { local chart="${2?}" local values="${3:-charts/$chart/ci/artifacthub-values.yaml}" - echo "Templating '$repo/$chart' with '$values'" >/dev/stderr + echo "Templating '$repo/$chart' with '$values'" >&2 helm template --repo "$repo" "$chart" "$chart" --values "$values" } @@ -144,7 +144,7 @@ function templateGitHelmChart() { local branch="${3?}" local values="${4:-charts/$path/ci/artifacthub-values.yaml}" - echo "Templating '$repo/$path' with '$values'" >/dev/stderr + echo "Templating '$repo/$path' with '$values'" >&2 templateGitHelmRelease "$repo" "$branch" "$path" "" "$(basename "$path")" "$values" } @@ -171,7 +171,7 @@ case "$script" in templateHelmRelease "$@" ;; *) - echo "Wrong script: '$0'" >/dev/stderr + echo "Wrong script: '$0'" >&2 exit 1 ;; esac | (if [[ "$recursive" == true ]]; then templateSubHelmCharts; else cat -; fi) diff --git a/.github/scripts/templateHelmChartRecursivelyToFolder.sh b/.github/scripts/templateHelmChartRecursivelyToFolder.sh index 5843b5eb84..9b36a67e43 100755 --- a/.github/scripts/templateHelmChartRecursivelyToFolder.sh +++ b/.github/scripts/templateHelmChartRecursivelyToFolder.sh @@ -10,7 +10,7 @@ chart=${1?You need to provide the chart name} targetDir=${2?You need to provide the target directory} if yq -e '.type == "library"' "$chart/Chart.yaml" >/dev/null; then - echo "Skipping library chart '$chart'" >/dev/stderr + echo "Skipping library chart '$chart'" >&2 [[ -v GITHUB_OUTPUT ]] && [[ -f "$GITHUB_OUTPUT" ]] && echo "skipped=true" | tee -a "$GITHUB_OUTPUT" exit 0 else diff --git a/.github/scripts/trusted_images_regex.jq b/.github/scripts/trusted_images_regex.jq index 0e13708bf3..23299105f4 100644 --- a/.github/scripts/trusted_images_regex.jq +++ b/.github/scripts/trusted_images_regex.jq @@ -1,5 +1,5 @@ [ - .registries | paths(scalars) as $p | $p + [getpath($p)] | + paths(scalars) as $p | $p + [getpath($p)] | .[-1] as $type | if $type == "ALL_IMAGES" then "\(.[0:-1] | join("/"))/.*" diff --git a/.github/trusted_registries.yaml b/.github/trusted_registries.yaml index 0a2c12aeb8..c5aa6b2354 100644 --- a/.github/trusted_registries.yaml +++ b/.github/trusted_registries.yaml @@ -1,44 +1,47 @@ -registries: - docker.io: - aelbakry: - kdave-server: ALL_TAGS - bats: - bats: ALL_TAGS - bitnami: ALL_IMAGES - busybox: ALL_TAGS - confluentinc: - cp-kafka: ALL_TAGS - curlimages: - curl: ALL_TAGS - fluxcd: ALL_IMAGES - grafana: ALL_IMAGES - hjacobs: - kube-janitor: ALL_TAGS - stellio: ALL_IMAGES - velero: ALL_IMAGES - vladgh: - gpg: ALL_TAGS - otel: - opentelemetry-collector-contrib: ALL_TAGS - ghcr.io: - aquasecurity: ALL_IMAGES - kyverno: ALL_IMAGES - teutonet: ALL_IMAGES - quay.io: - cilium: ALL_IMAGES - jetstack: ALL_IMAGES - kiwigrid: - k8s-sidecar: ALL_TAGS - prometheus: ALL_IMAGES - prometheus-operator: ALL_IMAGES - registry.k8s.io: - descheduler: ALL_IMAGES - ingress-nginx: ALL_IMAGES - kube-state-metrics: ALL_IMAGES - sig-storage: - nfs-provisioner: ALL_TAGS - etcd: ALL_TAGS - provider-os: ALL_IMAGES - k8s.gcr.io: - sig-storage: ALL_IMAGES - registry-gitlab.teuto.net: ALL_IMAGES +docker.io: + aelbakry: + kdave-server: ALL_TAGS + bats: + bats: ALL_TAGS + bitnami: ALL_IMAGES + busybox: ALL_TAGS + confluentinc: + cp-kafka: ALL_TAGS + curlimages: + curl: ALL_TAGS + emberstack: + kubernetes-reflector: ALL_TAGS + fluxcd: ALL_IMAGES + grafana: ALL_IMAGES + hjacobs: + kube-janitor: ALL_TAGS + stellio: ALL_IMAGES + velero: ALL_IMAGES + vladgh: + gpg: ALL_TAGS + otel: + opentelemetry-collector-contrib: ALL_TAGS + ckan: + ckan-base-datapusher: ALL_TAGS +ghcr.io: + aquasecurity: ALL_IMAGES + kyverno: ALL_IMAGES + teutonet: ALL_IMAGES +quay.io: + cilium: ALL_IMAGES + jetstack: ALL_IMAGES + kiwigrid: + k8s-sidecar: ALL_TAGS + prometheus: ALL_IMAGES + prometheus-operator: ALL_IMAGES +registry.k8s.io: + descheduler: ALL_IMAGES + ingress-nginx: ALL_IMAGES + kube-state-metrics: ALL_IMAGES + sig-storage: + nfs-provisioner: ALL_TAGS + etcd: ALL_TAGS + provider-os: ALL_IMAGES +k8s.gcr.io: + sig-storage: ALL_IMAGES +registry-gitlab.teuto.net: ALL_IMAGES diff --git a/.github/workflows/create-release-prs.yaml b/.github/workflows/create-release-prs.yaml index 6fa7d98d78..525956072f 100644 --- a/.github/workflows/create-release-prs.yaml +++ b/.github/workflows/create-release-prs.yaml @@ -23,11 +23,10 @@ jobs: if: ${{ steps.release-please.outputs.prs_created == 'true' }} - name: Set PRs to auto-merge if: ${{ steps.release-please.outputs.prs_created == 'true' }} + env: + GH_TOKEN: ${{ secrets.ACTIONS_BOT_TOKEN }} run: | - for pr_number in ${PR_NUMBERS};do + PRs=( ${{ join(fromJSON(steps.release-please.outputs.prs).*.number, ' ') }} ) + for pr_number in "${PRs[@]}";do gh pr merge --auto --squash "$pr_number" done - env: - GH_TOKEN: ${{ secrets.ACTIONS_BOT_TOKEN }} - PR_NUMBERS: ${{ join(fromJSON(steps.release-please.outputs.prs).*.number, ' ') }} - merge-method: squash diff --git a/.github/workflows/get-changed-chart.yaml b/.github/workflows/get-changed-chart.yaml index cafeb3ffe0..fcc6d1434f 100644 --- a/.github/workflows/get-changed-chart.yaml +++ b/.github/workflows/get-changed-chart.yaml @@ -41,4 +41,9 @@ jobs: exit 1 fi + if ((num_changed < 1)); then + echo "This PR has seemingly no changes to any charts?" + exit 1 + fi + echo chart="$changed" | tee -a "$GITHUB_OUTPUT" diff --git a/.github/workflows/linter.yaml b/.github/workflows/linter.yaml index 847832a019..d9bb9b8fd6 100644 --- a/.github/workflows/linter.yaml +++ b/.github/workflows/linter.yaml @@ -48,7 +48,7 @@ jobs: - name: Lint chart run: | if ! [[ -f "charts/$CHART/values.yaml" ]]; then - echo "No values.yaml found for $CHART, skipping 'ct lint'" >/dev/stderr + echo "No values.yaml found for $CHART, skipping 'ct lint'" >&2 helm lint "charts/$CHART" else ct lint --check-version-increment=false diff --git a/.github/workflows/release-chart.yaml b/.github/workflows/release-chart.yaml index 323efd47af..2c9724e031 100644 --- a/.github/workflows/release-chart.yaml +++ b/.github/workflows/release-chart.yaml @@ -35,9 +35,9 @@ jobs: - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 - run: helm package --dependency-update "${CHART}" - - run: helm registry login ghcr.io --username teutonet-bot --password ${{ secrets.ACTIONS_BOT_TOKEN }} + - run: helm registry login ghcr.io --username ${{ github.repository_owner }} --password ${{ secrets.GITHUB_TOKEN }} - run: helm push -- *.tgz "oci://ghcr.io/${GITHUB_REPOSITORY}" - - run: oras login ghcr.io --username teutonet-bot --password ${{ secrets.ACTIONS_BOT_TOKEN }} + - run: oras login ghcr.io --username ${{ github.repository_owner }} --password ${{ secrets.GITHUB_TOKEN }} - run: oras push "ghcr.io/${GITHUB_REPOSITORY}/${CHART#charts/}:artifacthub.io" --config /dev/null:application/vnd.cncf.artifacthub.config.v1+yaml .github/artifacthub-repo.yaml:application/vnd.cncf.artifacthub.repository-metadata.layer.v1.yaml abort: runs-on: ubuntu-latest diff --git a/.github/workflows/release-update-metadata.yaml b/.github/workflows/release-update-metadata.yaml index eeef464b2f..08946c847b 100644 --- a/.github/workflows/release-update-metadata.yaml +++ b/.github/workflows/release-update-metadata.yaml @@ -28,37 +28,48 @@ jobs: - name: Install sponge run: sudo apt-get -yq install moreutils + - name: set sources in Chart.yaml + run: | + set -ex + version="$(jq -er --arg chart "${CHART}" '.["charts/\($chart)"]' .github/release-please/manifest.json)" + #shellcheck disable=SC2016 + yq -e -y -S -i --arg tagSource "https://github.com/${GITHUB_REPOSITORY}/tree/${CHART}-v${version}/charts/${CHART}" --arg branchSource "https://github.com/${GITHUB_REPOSITORY}/tree/${{ github.event.repository.default_branch }}/charts/${CHART}" '.sources=[$tagSource, $branchSource]' "charts/${CHART}/Chart.yaml" + - name: Commit Chart.yaml + uses: EndBug/add-and-commit@v9 + with: + message: "ci: [bot] Update sources in 'Chart.yaml'" + default_author: github_actions + push: true + add: charts/${{ env.CHART }}/Chart.yaml + - run: ./.github/scripts/prepare-values.sh "charts/$CHART" - run: ./.github/scripts/extract-artifacthub-images.sh "charts/$CHART" - - run: ./.github/scripts/enforce-trusted-registries.sh "charts/$CHART" - - name: Commit artifacthub images uses: EndBug/add-and-commit@a94899bca583c204427a224a7af87c02f9b325d5 # v9 with: message: "ci: [bot] Update images in 'Chart.yaml'" default_author: github_actions push: false - add: charts/${{ needs.getChangedChart.outputs.chart }}/Chart.yaml + add: charts/${{ env.CHART }}/Chart.yaml - run: pip install json-schema-for-humans - name: generate values.md run: | set -ex if ! [[ -f "charts/$CHART/values.schema.json" ]]; then - echo "No values.schema.json found for $CHART" >/dev/stderr + echo "No values.schema.json found for $CHART" >&2 exit 0 fi generate-schema-doc --config-file .github/json-schema-to-md.yaml "charts/$CHART/values.schema.json" "charts/$CHART/values.md" - name: generate Docs uses: docker://jnorwood/helm-docs:latest@sha256:2b0681670e69ebd28163abdc276a419ef4a8c0ba9258699847a5ed001fd7de0e with: - args: -g charts/${{ needs.getChangedChart.outputs.chart }} - + args: -g charts/${{ env.CHART }} - name: Commit README uses: EndBug/add-and-commit@a94899bca583c204427a224a7af87c02f9b325d5 # v9 with: message: "ci: [bot] Update 'README.md'" default_author: github_actions push: true - add: charts/${{ needs.getChangedChart.outputs.chart }}/README.md + add: charts/${{ env.CHART }}/README.md diff --git a/.github/workflows/wait-for-checks.yaml b/.github/workflows/wait-for-checks.yaml new file mode 100644 index 0000000000..1e608e1c03 --- /dev/null +++ b/.github/workflows/wait-for-checks.yaml @@ -0,0 +1,15 @@ +name: Wait for checks + +on: + pull_request: {} + +jobs: + wait-for-checks: + runs-on: ubuntu-latest + permissions: + checks: read + steps: + - uses: poseidon/wait-for-status-checks@v0.5.0 + with: + token: ${{ secrets.GITHUB_TOKEN }} + ignore: postDiffComment diff --git a/README.md b/README.md index e068c551d8..8a5e958f06 100644 --- a/README.md +++ b/README.md @@ -26,15 +26,7 @@ This chart deploys a TeutonetesCluster and all it's necessary infrastructure com [Helm](https://helm.sh) must be installed to use the charts. Please refer to Helm's [documentation](https://helm.sh/docs/) to get started. -Once Helm is set up properly, add the repo as follows: - -```console -helm repo add teutonet https://teutonet.github.io/teutonet-helm-charts -``` - -You can then run `helm search repo teutonet` to see the charts. - -Or you can use the new OCI registry; `oci://ghcr.io/teutonet/teutonet-helm-charts` +You can use the OCI registry; `oci://ghcr.io/teutonet/teutonet-helm-charts` ## License diff --git a/charts/base-cluster/CHANGELOG.md b/charts/base-cluster/CHANGELOG.md index 8c2db914a1..66177c71f4 100644 --- a/charts/base-cluster/CHANGELOG.md +++ b/charts/base-cluster/CHANGELOG.md @@ -1,5 +1,58 @@ # Changelog +## [6.6.3](https://github.com/teutonet/teutonet-helm-charts/compare/base-cluster-v6.6.2...base-cluster-v6.6.3) (2024-08-21) + + +### Bug Fixes + +* **base-cluster/cert-manager:** ciliumNetworkPolicy for cert-manager otherwise it can't correctly talk to letsencrypt, ... 🤣 ([#1115](https://github.com/teutonet/teutonet-helm-charts/issues/1115)) ([a6919ca](https://github.com/teutonet/teutonet-helm-charts/commit/a6919caebb25ca105b7bcf33d21f6b727b431f52)) +* **base-cluster/reflector:** pin image to registry and add image to trusted_registries ([#1090](https://github.com/teutonet/teutonet-helm-charts/issues/1090)) ([754c8b8](https://github.com/teutonet/teutonet-helm-charts/commit/754c8b87fa12917dd11f5cc3f5b8d792414c2b0e)) + + +### Miscellaneous Chores + +* **base-cluster/oauth-proxy:** adjust labels for proxies chore(base-cluster/oauth-proxy): adjust CiliumNetworkPolicy to correctly filter requests from ingress ([#1116](https://github.com/teutonet/teutonet-helm-charts/issues/1116)) ([4f58b28](https://github.com/teutonet/teutonet-helm-charts/commit/4f58b28e6bf60d82a58a3bc424c8e33e4ed44906)) + +## [6.6.2](https://github.com/teutonet/teutonet-helm-charts/compare/base-cluster-v6.6.1...base-cluster-v6.6.2) (2024-08-01) + + +### Bug Fixes + +* **base-cluster/backup:** fix formatting ([#1063](https://github.com/teutonet/teutonet-helm-charts/issues/1063)) ([8da56f2](https://github.com/teutonet/teutonet-helm-charts/commit/8da56f2a20471540e1e33c63847de53626931db5)) +* **base-cluster/kdave:** image 2.x.x is unsupported by the helm chart ([#1062](https://github.com/teutonet/teutonet-helm-charts/issues/1062)) ([e7bc047](https://github.com/teutonet/teutonet-helm-charts/commit/e7bc047d06bb1e3cadaf58a4948f76079f61d136)) +* **base-cluster/kube-prometheus-stack:** set deployment strategy to r… ([#1067](https://github.com/teutonet/teutonet-helm-charts/issues/1067)) ([19854b7](https://github.com/teutonet/teutonet-helm-charts/commit/19854b7824c5e2b399d839ef9721ab3bf936e2f4)) +* **base-cluster:** definitely enable everything for artifacthub ([#1064](https://github.com/teutonet/teutonet-helm-charts/issues/1064)) ([0157971](https://github.com/teutonet/teutonet-helm-charts/commit/01579717c84f97108b82f8fea7beb805a7982a7f)) + + +### Miscellaneous Chores + +* **base-cluster/dependencies:** update helm release velero to v7 ([#1023](https://github.com/teutonet/teutonet-helm-charts/issues/1023)) ([8b1f815](https://github.com/teutonet/teutonet-helm-charts/commit/8b1f8153baddca391ae133e2b75af847b7734741)) + +## [6.6.1](https://github.com/teutonet/teutonet-helm-charts/compare/base-cluster-v6.6.0...base-cluster-v6.6.1) (2024-07-31) + + +### Bug Fixes + +* **base-cluster/velero:** remove dupplicated additionalLabels ([#1058](https://github.com/teutonet/teutonet-helm-charts/issues/1058)) ([82a2aa7](https://github.com/teutonet/teutonet-helm-charts/commit/82a2aa750371e7d1a74176167a6fce2526ec6e37)) + +## [6.6.0](https://github.com/teutonet/teutonet-helm-charts/compare/base-cluster-v6.5.1...base-cluster-v6.6.0) (2024-07-31) + + +### Features + +* **base-cluster:** add kdave for deprecated CRD metrics ([#947](https://github.com/teutonet/teutonet-helm-charts/issues/947)) ([4609be4](https://github.com/teutonet/teutonet-helm-charts/commit/4609be4a4f7a315a7e419757a2b62c447759ab28)) +* **base-cluster:** enable velero servicemonitor if prometheus is enabled ([#724](https://github.com/teutonet/teutonet-helm-charts/issues/724)) ([4482223](https://github.com/teutonet/teutonet-helm-charts/commit/44822234455e3a0cc59b6df580405643fbb4adaa)), closes [#487](https://github.com/teutonet/teutonet-helm-charts/issues/487) + + +### Bug Fixes + +* **base-cluster/kube-janitor:** enable artifacthub-values and correctly prefix docker.io registry ([#1048](https://github.com/teutonet/teutonet-helm-charts/issues/1048)) ([17b9baf](https://github.com/teutonet/teutonet-helm-charts/commit/17b9baf00a49003abbc1ef4d2e91ba609e491418)) + + +### Miscellaneous Chores + +* **base-cluster:** use template instead of duplicated value ([#1050](https://github.com/teutonet/teutonet-helm-charts/issues/1050)) ([4ef2389](https://github.com/teutonet/teutonet-helm-charts/commit/4ef23899a073c3ed9f9d0867f626a60c028c3fcf)) + ## [6.5.1](https://github.com/teutonet/teutonet-helm-charts/compare/base-cluster-v6.5.0...base-cluster-v6.5.1) (2024-07-16) diff --git a/charts/base-cluster/Chart.yaml b/charts/base-cluster/Chart.yaml index e767206b87..f98d0e465c 100644 --- a/charts/base-cluster/Chart.yaml +++ b/charts/base-cluster/Chart.yaml @@ -1,83 +1,161 @@ +annotations: + artifacthub.io/images: '- image: docker.io/aelbakry/kdave-server:1.0.4 # monitoring/HelmRelease/kdave/null/Deployment/kdave.yaml + + - image: docker.io/bats/bats:1.8.2 # loki/HelmRelease/loki/null/Pod/loki-loki-stack-test.yaml + + - image: docker.io/bats/bats:v1.4.1 # monitoring/HelmRelease/kube-prometheus-stack/monitoring/Pod/kube-prometheus-stack-grafana-test.yaml + + - image: docker.io/bitnami/external-dns:0.14.2-debian-12-r1 # ingress/HelmRelease/external-dns/ingress/Deployment/external-dns.yaml + + - image: docker.io/bitnami/grafana-tempo-vulture:2.5.0-debian-12-r8 # monitoring/HelmRelease/grafana-tempo/monitoring/Deployment/grafana-tempo-vulture.yaml + + - image: docker.io/bitnami/grafana-tempo:2.5.0-debian-12-r9 # monitoring/HelmRelease/grafana-tempo/monitoring/Deployment/grafana-tempo-compactor.yaml + + - image: docker.io/bitnami/grafana-tempo:2.5.0-debian-12-r9 # monitoring/HelmRelease/grafana-tempo/monitoring/Deployment/grafana-tempo-distributor.yaml + + - image: docker.io/bitnami/grafana-tempo:2.5.0-debian-12-r9 # monitoring/HelmRelease/grafana-tempo/monitoring/Deployment/grafana-tempo-metrics-generator.yaml + + - image: docker.io/bitnami/grafana-tempo:2.5.0-debian-12-r9 # monitoring/HelmRelease/grafana-tempo/monitoring/Deployment/grafana-tempo-querier.yaml + + - image: docker.io/bitnami/grafana-tempo:2.5.0-debian-12-r9 # monitoring/HelmRelease/grafana-tempo/monitoring/Deployment/grafana-tempo-query-frontend.yaml + + - image: docker.io/bitnami/grafana-tempo:2.5.0-debian-12-r9 # monitoring/HelmRelease/grafana-tempo/monitoring/StatefulSet/grafana-tempo-ingester.yaml + + - image: docker.io/bitnami/kubectl:1.28.5 # kyverno/HelmRelease/kyverno/kyverno/CronJob/kyverno-cleanup-admission-reports.yaml + + - image: docker.io/bitnami/kubectl:1.28.5 # kyverno/HelmRelease/kyverno/kyverno/CronJob/kyverno-cleanup-cluster-admission-reports.yaml + + - image: docker.io/bitnami/kubectl:1.28.5 # kyverno/HelmRelease/kyverno/kyverno/CronJob/kyverno-cleanup-cluster-ephemeral-reports.yaml + + - image: docker.io/bitnami/kubectl:1.28.5 # kyverno/HelmRelease/kyverno/kyverno/CronJob/kyverno-cleanup-ephemeral-reports.yaml + + - image: docker.io/bitnami/kubectl:1.28.5 # kyverno/HelmRelease/kyverno/kyverno/CronJob/kyverno-cleanup-update-requests.yaml + + - image: docker.io/bitnami/kubectl:1.28.5 # kyverno/HelmRelease/kyverno/kyverno/Job/kyverno-clean-reports.yaml + + - image: docker.io/bitnami/kubectl:1.28.5 # kyverno/HelmRelease/kyverno/kyverno/Job/kyverno-remove-configmap.yaml + + - image: docker.io/bitnami/kubectl:1.28.5 # kyverno/HelmRelease/kyverno/kyverno/Job/kyverno-scale-to-zero.yaml + + - image: docker.io/bitnami/kubectl:1.29.6@sha256:4b4b33a40764b0dc1243b6f4fc6f62dd877cd632d49131fff8df3744602a3ec0 # default/Job/flux-generate-gpg-key-secret-main.yaml + + - image: docker.io/bitnami/kubectl:1.29.6@sha256:4b4b33a40764b0dc1243b6f4fc6f62dd877cd632d49131fff8df3744602a3ec0 # default/Job/prevent-uninstallation.yaml + + - image: docker.io/bitnami/kubectl:1.30 # backup/HelmRelease/velero/backup/Job/velero-cleanup-crds.yaml + + - image: docker.io/bitnami/memcached:1.6.29-debian-12-r4 # monitoring/HelmRelease/grafana-tempo/monitoring/Deployment/grafana-tempo-memcached.yaml + + - image: docker.io/bitnami/metrics-server:0.7.1-debian-12-r14 # monitoring/HelmRelease/metrics-server/monitoring/Deployment/metrics-server.yaml + + - image: docker.io/busybox:1.35 # kyverno/HelmRelease/kyverno/kyverno/Pod/kyverno-admission-controller-liveness.yaml + + - image: docker.io/busybox:1.35 # kyverno/HelmRelease/kyverno/kyverno/Pod/kyverno-admission-controller-metrics.yaml + + - image: docker.io/busybox:1.35 # kyverno/HelmRelease/kyverno/kyverno/Pod/kyverno-admission-controller-readiness.yaml + + - image: docker.io/busybox:1.35 # kyverno/HelmRelease/kyverno/kyverno/Pod/kyverno-cleanup-controller-liveness.yaml + + - image: docker.io/busybox:1.35 # kyverno/HelmRelease/kyverno/kyverno/Pod/kyverno-cleanup-controller-metrics.yaml + + - image: docker.io/busybox:1.35 # kyverno/HelmRelease/kyverno/kyverno/Pod/kyverno-cleanup-controller-readiness.yaml + + - image: docker.io/busybox:1.35 # kyverno/HelmRelease/kyverno/kyverno/Pod/kyverno-reports-controller-metrics.yaml + + - image: docker.io/curlimages/curl:7.85.0 # monitoring/HelmRelease/kube-prometheus-stack/monitoring/Deployment/kube-prometheus-stack-grafana.yaml + + - image: docker.io/curlimages/curl:8.8.0@sha256:73e4d532ea62d7505c5865b517d3704966ffe916609bedc22af6833dc9969bcd # default/Job/dead-mans-switch-registration.yaml + + - image: docker.io/curlimages/curl:8.8.0@sha256:73e4d532ea62d7505c5865b517d3704966ffe916609bedc22af6833dc9969bcd # monitoring/CronJob/dead-mans-switch.yaml + + - image: docker.io/emberstack/kubernetes-reflector:7.1.288 # kube-system/HelmRelease/reflector/kube-system/Deployment/reflector.yaml + + - image: docker.io/fluxcd/flux-cli:v2.3.0@sha256:b0b43636bede7fee04afa99b9ad0732eca0f1778f7ebaa99fc89d48d35ccae18 # default/Job/flux-generate-ssh-key-secret-main.yaml + + - image: docker.io/grafana/grafana-image-renderer:latest # monitoring/HelmRelease/kube-prometheus-stack/monitoring/Deployment/kube-prometheus-stack-grafana-image-renderer.yaml + + - image: docker.io/grafana/grafana:11.1.3 # monitoring/HelmRelease/kube-prometheus-stack/monitoring/Deployment/kube-prometheus-stack-grafana.yaml + + - image: docker.io/grafana/loki:2.6.1 # loki/HelmRelease/loki/loki/StatefulSet/loki.yaml + + - image: docker.io/grafana/promtail:2.9.3 # loki/HelmRelease/loki/loki/DaemonSet/loki-promtail.yaml + + - image: docker.io/hjacobs/kube-janitor:23.7.0 # kube-system/HelmRelease/kube-janitor/kube-system/Deployment/kube-janitor.yaml + + - image: docker.io/otel/opentelemetry-collector-contrib:0.107.0 # monitoring/HelmRelease/open-telemetry-collector/monitoring/DaemonSet/open-telemetry-collector-opentelemetry-collector-agent.yaml + + - image: docker.io/velero/velero-plugin-for-aws:v1.7.0 # backup/HelmRelease/velero/backup/Deployment/velero.yaml + + - image: docker.io/velero/velero:v1.14.0 # backup/HelmRelease/velero/backup/DaemonSet/node-agent.yaml + + - image: docker.io/velero/velero:v1.14.0 # backup/HelmRelease/velero/backup/Deployment/velero.yaml + + - image: docker.io/vladgh/gpg:1.3.5 # default/Job/flux-generate-gpg-key-secret-main.yaml + + - image: ghcr.io/aquasecurity/trivy-operator:0.22.0 # trivy/HelmRelease/trivy/trivy/Deployment/trivy-trivy-operator.yaml + + - image: ghcr.io/kyverno/background-controller:v1.12.5 # kyverno/HelmRelease/kyverno/kyverno/Deployment/kyverno-background-controller.yaml + + - image: ghcr.io/kyverno/cleanup-controller:v1.12.5 # kyverno/HelmRelease/kyverno/kyverno/Deployment/kyverno-cleanup-controller.yaml + + - image: ghcr.io/kyverno/kyverno-cli:v1.12.5 # kyverno/HelmRelease/kyverno/kyverno/Job/kyverno-migrate-resources.yaml + + - image: ghcr.io/kyverno/kyverno:v1.12.5 # kyverno/HelmRelease/kyverno/kyverno/Deployment/kyverno-admission-controller.yaml + + - image: ghcr.io/kyverno/kyvernopre:v1.12.5 # kyverno/HelmRelease/kyverno/kyverno/Deployment/kyverno-admission-controller.yaml + + - image: ghcr.io/kyverno/reports-controller:v1.12.5 # kyverno/HelmRelease/kyverno/kyverno/Deployment/kyverno-reports-controller.yaml + + - image: quay.io/jetstack/cert-manager-cainjector:v1.15.3 # cert-manager/HelmRelease/cert-manager/cert-manager/Deployment/cert-manager-cainjector.yaml + + - image: quay.io/jetstack/cert-manager-controller:v1.15.3 # cert-manager/HelmRelease/cert-manager/cert-manager/Deployment/cert-manager.yaml + + - image: quay.io/jetstack/cert-manager-startupapicheck:v1.15.3 # cert-manager/HelmRelease/cert-manager/cert-manager/Job/cert-manager-startupapicheck.yaml + + - image: quay.io/jetstack/cert-manager-webhook:v1.15.3 # cert-manager/HelmRelease/cert-manager/cert-manager/Deployment/cert-manager-webhook.yaml + + - image: quay.io/kiwigrid/k8s-sidecar:1.27.4 # monitoring/HelmRelease/kube-prometheus-stack/monitoring/Deployment/kube-prometheus-stack-grafana.yaml + + - image: quay.io/prometheus-operator/prometheus-operator:v0.75.2 # monitoring/HelmRelease/kube-prometheus-stack/monitoring/Deployment/kube-prometheus-stack-operator.yaml + + - image: quay.io/prometheus/alertmanager:v0.27.0 # monitoring/HelmRelease/kube-prometheus-stack/monitoring/Alertmanager/kube-prometheus-stack-alertmanager.yaml + + - image: quay.io/prometheus/node-exporter:v1.8.2 # monitoring/HelmRelease/kube-prometheus-stack/monitoring/DaemonSet/kube-prometheus-stack-prometheus-node-exporter.yaml + + - image: quay.io/prometheus/prometheus:v2.54.0 # monitoring/HelmRelease/kube-prometheus-stack/monitoring/Prometheus/kube-prometheus-stack-prometheus.yaml + + - image: registry.k8s.io/descheduler/descheduler:v0.30.1 # kube-system/HelmRelease/descheduler/kube-system/Deployment/descheduler.yaml + + - image: registry.k8s.io/ingress-nginx/controller:v1.11.2@sha256:d5f8217feeac4887cb1ed21f27c2674e58be06bd8f5184cacea2a69abaf78dce # ingress-nginx/HelmRelease/ingress-nginx/ingress-nginx/Deployment/ingress-nginx-controller.yaml + + - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20221220-controller-v1.5.1-58-g787ea74b6 # monitoring/HelmRelease/kube-prometheus-stack/monitoring/Job/kube-prometheus-stack-admission-create.yaml + + - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20221220-controller-v1.5.1-58-g787ea74b6 # monitoring/HelmRelease/kube-prometheus-stack/monitoring/Job/kube-prometheus-stack-admission-patch.yaml + + - image: registry.k8s.io/ingress-nginx/opentelemetry-1.25.3:v20240813-b933310d@sha256:f7604ac0547ed64d79b98d92133234e66c2c8aade3c1f4809fed5eec1fb7f922 # ingress-nginx/HelmRelease/ingress-nginx/ingress-nginx/Deployment/ingress-nginx-controller.yaml + + - image: registry.k8s.io/kube-state-metrics/kube-state-metrics:v2.13.0 # monitoring/HelmRelease/kube-prometheus-stack/monitoring/Deployment/kube-prometheus-stack-kube-state-metrics.yaml + + - image: registry.k8s.io/sig-storage/nfs-provisioner:v4.0.8 # nfs-server-provisioner/HelmRelease/nfs-server-provisioner/null/StatefulSet/nfs-server-provisioner.yaml + + ' apiVersion: v2 -name: base-cluster -type: application -version: 6.5.1 -icon: https://teuto.net/favicon.ico -maintainers: - - name: cwrau - email: cwr@teuto.net - - name: marvinWolff - email: mw@teuto.net - - name: tasches - email: st@teuto.net -sources: - - https://github.com/teutonet/teutonet-helm-charts -home: https://teuto.net -description: A common base for every kubernetes cluster dependencies: - name: common - version: 1.2.0 repository: oci://ghcr.io/teutonet/teutonet-helm-charts -annotations: - artifacthub.io/images: | - - image: docker.io/bats/bats:1.8.2 # loki/HelmRelease/loki/null/Pod/loki-loki-stack-test.yaml - - image: docker.io/bats/bats:v1.4.1 # monitoring/HelmRelease/kube-prometheus-stack/monitoring/Pod/kube-prometheus-stack-grafana-test.yaml - - image: docker.io/bitnami/grafana-tempo-vulture:2.5.0-debian-12-r3 # monitoring/HelmRelease/grafana-tempo/monitoring/Deployment/grafana-tempo-vulture.yaml - - image: docker.io/bitnami/grafana-tempo:2.5.0-debian-12-r5 # monitoring/HelmRelease/grafana-tempo/monitoring/Deployment/grafana-tempo-compactor.yaml - - image: docker.io/bitnami/grafana-tempo:2.5.0-debian-12-r5 # monitoring/HelmRelease/grafana-tempo/monitoring/Deployment/grafana-tempo-distributor.yaml - - image: docker.io/bitnami/grafana-tempo:2.5.0-debian-12-r5 # monitoring/HelmRelease/grafana-tempo/monitoring/Deployment/grafana-tempo-metrics-generator.yaml - - image: docker.io/bitnami/grafana-tempo:2.5.0-debian-12-r5 # monitoring/HelmRelease/grafana-tempo/monitoring/Deployment/grafana-tempo-querier.yaml - - image: docker.io/bitnami/grafana-tempo:2.5.0-debian-12-r5 # monitoring/HelmRelease/grafana-tempo/monitoring/Deployment/grafana-tempo-query-frontend.yaml - - image: docker.io/bitnami/grafana-tempo:2.5.0-debian-12-r5 # monitoring/HelmRelease/grafana-tempo/monitoring/StatefulSet/grafana-tempo-ingester.yaml - - image: docker.io/bitnami/kubectl:1.28.5 # kyverno/HelmRelease/kyverno/kyverno/CronJob/kyverno-cleanup-admission-reports.yaml - - image: docker.io/bitnami/kubectl:1.28.5 # kyverno/HelmRelease/kyverno/kyverno/CronJob/kyverno-cleanup-cluster-admission-reports.yaml - - image: docker.io/bitnami/kubectl:1.28.5 # kyverno/HelmRelease/kyverno/kyverno/CronJob/kyverno-cleanup-cluster-ephemeral-reports.yaml - - image: docker.io/bitnami/kubectl:1.28.5 # kyverno/HelmRelease/kyverno/kyverno/CronJob/kyverno-cleanup-ephemeral-reports.yaml - - image: docker.io/bitnami/kubectl:1.28.5 # kyverno/HelmRelease/kyverno/kyverno/CronJob/kyverno-cleanup-update-requests.yaml - - image: docker.io/bitnami/kubectl:1.28.5 # kyverno/HelmRelease/kyverno/kyverno/Job/kyverno-clean-reports.yaml - - image: docker.io/bitnami/kubectl:1.28.5 # kyverno/HelmRelease/kyverno/kyverno/Job/kyverno-remove-configmap.yaml - - image: docker.io/bitnami/kubectl:1.28.5 # kyverno/HelmRelease/kyverno/kyverno/Job/kyverno-scale-to-zero.yaml - - image: docker.io/bitnami/kubectl:1.29.6@sha256:4b4b33a40764b0dc1243b6f4fc6f62dd877cd632d49131fff8df3744602a3ec0 # default/Job/flux-generate-gpg-key-secret-main.yaml - - image: docker.io/bitnami/kubectl:1.29.6@sha256:4b4b33a40764b0dc1243b6f4fc6f62dd877cd632d49131fff8df3744602a3ec0 # default/Job/prevent-uninstallation.yaml - - image: docker.io/bitnami/memcached:1.6.29-debian-12-r0 # monitoring/HelmRelease/grafana-tempo/monitoring/Deployment/grafana-tempo-memcached.yaml - - image: docker.io/bitnami/metrics-server:0.7.1-debian-12-r11 # monitoring/HelmRelease/metrics-server/monitoring/Deployment/metrics-server.yaml - - image: docker.io/busybox:1.35 # kyverno/HelmRelease/kyverno/kyverno/Pod/kyverno-admission-controller-liveness.yaml - - image: docker.io/busybox:1.35 # kyverno/HelmRelease/kyverno/kyverno/Pod/kyverno-admission-controller-metrics.yaml - - image: docker.io/busybox:1.35 # kyverno/HelmRelease/kyverno/kyverno/Pod/kyverno-admission-controller-readiness.yaml - - image: docker.io/busybox:1.35 # kyverno/HelmRelease/kyverno/kyverno/Pod/kyverno-cleanup-controller-liveness.yaml - - image: docker.io/busybox:1.35 # kyverno/HelmRelease/kyverno/kyverno/Pod/kyverno-cleanup-controller-metrics.yaml - - image: docker.io/busybox:1.35 # kyverno/HelmRelease/kyverno/kyverno/Pod/kyverno-cleanup-controller-readiness.yaml - - image: docker.io/busybox:1.35 # kyverno/HelmRelease/kyverno/kyverno/Pod/kyverno-reports-controller-metrics.yaml - - image: docker.io/curlimages/curl:7.85.0 # monitoring/HelmRelease/kube-prometheus-stack/monitoring/Deployment/kube-prometheus-stack-grafana.yaml - - image: docker.io/curlimages/curl:8.8.0@sha256:73e4d532ea62d7505c5865b517d3704966ffe916609bedc22af6833dc9969bcd # default/Job/dead-mans-switch-registration.yaml - - image: docker.io/curlimages/curl:8.8.0@sha256:73e4d532ea62d7505c5865b517d3704966ffe916609bedc22af6833dc9969bcd # monitoring/CronJob/dead-mans-switch.yaml - - image: docker.io/fluxcd/flux-cli:v2.3.0@sha256:b0b43636bede7fee04afa99b9ad0732eca0f1778f7ebaa99fc89d48d35ccae18 # default/Job/flux-generate-ssh-key-secret-main.yaml - - image: docker.io/grafana/grafana-image-renderer:latest # monitoring/HelmRelease/kube-prometheus-stack/monitoring/Deployment/kube-prometheus-stack-grafana-image-renderer.yaml - - image: docker.io/grafana/grafana:11.1.0 # monitoring/HelmRelease/kube-prometheus-stack/monitoring/Deployment/kube-prometheus-stack-grafana.yaml - - image: docker.io/grafana/loki:2.6.1 # loki/HelmRelease/loki/loki/StatefulSet/loki.yaml - - image: docker.io/grafana/promtail:2.9.3 # loki/HelmRelease/loki/loki/DaemonSet/loki-promtail.yaml - - image: docker.io/otel/opentelemetry-collector-contrib:0.104.0 # monitoring/HelmRelease/open-telemetry-collector/monitoring/DaemonSet/open-telemetry-collector-opentelemetry-collector-agent.yaml - - image: docker.io/vladgh/gpg:1.3.5 # default/Job/flux-generate-gpg-key-secret-main.yaml - - image: ghcr.io/aquasecurity/trivy-operator:0.22.0 # trivy/HelmRelease/trivy/trivy/Deployment/trivy-trivy-operator.yaml - - image: ghcr.io/kyverno/background-controller:v1.12.5 # kyverno/HelmRelease/kyverno/kyverno/Deployment/kyverno-background-controller.yaml - - image: ghcr.io/kyverno/cleanup-controller:v1.12.5 # kyverno/HelmRelease/kyverno/kyverno/Deployment/kyverno-cleanup-controller.yaml - - image: ghcr.io/kyverno/kyverno-cli:v1.12.5 # kyverno/HelmRelease/kyverno/kyverno/Job/kyverno-migrate-resources.yaml - - image: ghcr.io/kyverno/kyverno:v1.12.5 # kyverno/HelmRelease/kyverno/kyverno/Deployment/kyverno-admission-controller.yaml - - image: ghcr.io/kyverno/kyvernopre:v1.12.5 # kyverno/HelmRelease/kyverno/kyverno/Deployment/kyverno-admission-controller.yaml - - image: ghcr.io/kyverno/reports-controller:v1.12.5 # kyverno/HelmRelease/kyverno/kyverno/Deployment/kyverno-reports-controller.yaml - - image: quay.io/jetstack/cert-manager-cainjector:v1.15.1 # cert-manager/HelmRelease/cert-manager/cert-manager/Deployment/cert-manager-cainjector.yaml - - image: quay.io/jetstack/cert-manager-controller:v1.15.1 # cert-manager/HelmRelease/cert-manager/cert-manager/Deployment/cert-manager.yaml - - image: quay.io/jetstack/cert-manager-startupapicheck:v1.15.1 # cert-manager/HelmRelease/cert-manager/cert-manager/Job/cert-manager-startupapicheck.yaml - - image: quay.io/jetstack/cert-manager-webhook:v1.15.1 # cert-manager/HelmRelease/cert-manager/cert-manager/Deployment/cert-manager-webhook.yaml - - image: quay.io/kiwigrid/k8s-sidecar:1.26.1 # monitoring/HelmRelease/kube-prometheus-stack/monitoring/Deployment/kube-prometheus-stack-grafana.yaml - - image: quay.io/prometheus-operator/prometheus-operator:v0.75.1 # monitoring/HelmRelease/kube-prometheus-stack/monitoring/Deployment/kube-prometheus-stack-operator.yaml - - image: quay.io/prometheus/alertmanager:v0.27.0 # monitoring/HelmRelease/kube-prometheus-stack/monitoring/Alertmanager/kube-prometheus-stack-alertmanager.yaml - - image: quay.io/prometheus/node-exporter:v1.8.1 # monitoring/HelmRelease/kube-prometheus-stack/monitoring/DaemonSet/kube-prometheus-stack-prometheus-node-exporter.yaml - - image: quay.io/prometheus/prometheus:v2.53.1 # monitoring/HelmRelease/kube-prometheus-stack/monitoring/Prometheus/kube-prometheus-stack-prometheus.yaml - - image: registry.k8s.io/descheduler/descheduler:v0.30.1 # kube-system/HelmRelease/descheduler/kube-system/Deployment/descheduler.yaml - - image: registry.k8s.io/ingress-nginx/controller:v1.11.0@sha256:a886e56d532d1388c77c8340261149d974370edca1093af4c97a96fb1467cb39 # ingress-nginx/HelmRelease/ingress-nginx/ingress-nginx/Deployment/ingress-nginx-controller.yaml - - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20221220-controller-v1.5.1-58-g787ea74b6 # monitoring/HelmRelease/kube-prometheus-stack/monitoring/Job/kube-prometheus-stack-admission-create.yaml - - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20221220-controller-v1.5.1-58-g787ea74b6 # monitoring/HelmRelease/kube-prometheus-stack/monitoring/Job/kube-prometheus-stack-admission-patch.yaml - - image: registry.k8s.io/ingress-nginx/opentelemetry:v20230721-3e2062ee5@sha256:13bee3f5223883d3ca62fee7309ad02d22ec00ff0d7033e3e9aca7a9f60fd472 # ingress-nginx/HelmRelease/ingress-nginx/ingress-nginx/Deployment/ingress-nginx-controller.yaml - - image: registry.k8s.io/kube-state-metrics/kube-state-metrics:v2.12.0 # monitoring/HelmRelease/kube-prometheus-stack/monitoring/Deployment/kube-prometheus-stack-kube-state-metrics.yaml - - image: registry.k8s.io/sig-storage/nfs-provisioner:v4.0.8 # nfs-server-provisioner/HelmRelease/nfs-server-provisioner/null/StatefulSet/nfs-server-provisioner.yaml + version: 1.2.0 +description: A common base for every kubernetes cluster +home: https://teuto.net +icon: https://teuto.net/favicon.ico +maintainers: + - email: cwr@teuto.net + name: cwrau + - email: mw@teuto.net + name: marvinWolff + - email: st@teuto.net + name: tasches +name: base-cluster +sources: + - https://github.com/teutonet/teutonet-helm-charts/tree/base-cluster-v6.6.3/charts/base-cluster + - https://github.com/teutonet/teutonet-helm-charts/tree/main/charts/base-cluster +type: application +version: 6.6.3 diff --git a/charts/base-cluster/README.md b/charts/base-cluster/README.md index cfbe5ac45d..842f22240a 100644 --- a/charts/base-cluster/README.md +++ b/charts/base-cluster/README.md @@ -1,7 +1,7 @@ [modeline]: # ( vim: set ft=markdown: ) # base-cluster -![Version: 6.5.1](https://img.shields.io/badge/Version-6.5.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) +![Version: 6.6.3](https://img.shields.io/badge/Version-6.6.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) A common base for every kubernetes cluster @@ -237,7 +237,8 @@ output of `helm -n flux-system get notes base-cluster` ## Source Code -* +* +* ## Requirements @@ -1652,9 +1653,10 @@ This field is immutable. It can only be set for containers. **Description:** ResourceClaim references one entry in PodSpec.ResourceClaims. -| Property | Pattern | Type | Deprecated | Definition | Title/Description | -| ------------------------------------------------------------------------ | ------- | ------ | ---------- | ---------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------- | -| + [name](#global_authentication_oauthProxy_resources_claims_items_name ) | No | string | No | - | Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. | +| Property | Pattern | Type | Deprecated | Definition | Title/Description | +| ------------------------------------------------------------------------------ | ------- | ------ | ---------- | ---------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| + [name](#global_authentication_oauthProxy_resources_claims_items_name ) | No | string | No | - | Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. | +| - [request](#global_authentication_oauthProxy_resources_claims_items_request ) | No | string | No | - | Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request. | ###### 1.16.3.3.1.1.1. Property `base cluster configuration > global > authentication > oauthProxy > resources > claims > claims items > name` @@ -1664,6 +1666,14 @@ This field is immutable. It can only be set for containers. **Description:** Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. +###### 1.16.3.3.1.1.2. Property `base cluster configuration > global > authentication > oauthProxy > resources > claims > claims items > request` + +| | | +| -------- | -------- | +| **Type** | `string` | + +**Description:** Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request. + ###### 1.16.3.3.2. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > global > authentication > oauthProxy > resources > limits` | | | @@ -1775,6 +1785,7 @@ Must be one of: | - [monitorAllNamespaces](#monitoring_monitorAllNamespaces ) | No | boolean | No | - | - | | - [labels](#monitoring_labels ) | No | object | No | - | The labels to set on ServiceMonitors, ... and which the prometheus uses to search for | | - [deadMansSwitch](#monitoring_deadMansSwitch ) | No | object | No | - | This needs \`.global.clusterName\` to be set up as an integration in healthchecks.io. Also, \`.global.baseDomain\` has to be set. | +| - [kdave](#monitoring_kdave ) | No | object | No | - | - | | - [prometheus](#monitoring_prometheus ) | No | object | No | - | - | | - [grafana](#monitoring_grafana ) | No | object | No | - | - | | - [loki](#monitoring_loki ) | No | object | No | - | - | @@ -1844,7 +1855,24 @@ Must be one of: | -------- | -------- | | **Type** | `string` | -### 3.4. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > prometheus` +### 3.4. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > kdave` + +| | | +| ------------------------- | -------------------------------------------------------------------------------------------------------- | +| **Type** | `object` | +| **Additional properties** | [![Not allowed](https://img.shields.io/badge/Not%20allowed-red)](# "Additional Properties not allowed.") | + +| Property | Pattern | Type | Deprecated | Definition | Title/Description | +| --------------------------------------- | ------- | ------- | ---------- | ---------- | ----------------- | +| - [enabled](#monitoring_kdave_enabled ) | No | boolean | No | - | - | + +#### 3.4.1. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > kdave > enabled` + +| | | +| -------- | --------- | +| **Type** | `boolean` | + +### 3.5. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > prometheus` | | | | ------------------------- | -------------------------------------------------------------------------------------------------------- | @@ -1866,13 +1894,13 @@ Must be one of: | - [ingress](#monitoring_prometheus_ingress ) | No | object | No | In #/$defs/toolIngress | - | | - [alertmanager](#monitoring_prometheus_alertmanager ) | No | object | No | - | - | -#### 3.4.1. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > prometheus > enabled` +#### 3.5.1. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > prometheus > enabled` | | | | -------- | --------- | | **Type** | `boolean` | -#### 3.4.2. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > prometheus > replicas` +#### 3.5.2. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > prometheus > replicas` | | | | -------- | --------- | @@ -1882,14 +1910,14 @@ Must be one of: | ------------ | ------ | | **Minimum** | ≥ 1 | -#### 3.4.3. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > prometheus > resourcesPreset` +#### 3.5.3. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > prometheus > resourcesPreset` | | | | ---------------------- | -------------------------------------------------------------------- | | **Type** | `enum (of string)` | | **Same definition as** | [resourcesPreset](#global_authentication_oauthProxy_resourcesPreset) | -#### 3.4.4. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > prometheus > resources` +#### 3.5.4. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > prometheus > resources` | | | | ------------------------- | --------------------------------------------------------------------------------------------------------------------------------- | @@ -1899,7 +1927,7 @@ Must be one of: **Description:** ResourceRequirements describes the compute resource requirements. -#### 3.4.5. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > prometheus > retentionDuration` +#### 3.5.5. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > prometheus > retentionDuration` | | | | -------- | -------- | @@ -1909,7 +1937,7 @@ Must be one of: | --------------------------------- | ------------------------------------------------------------------------------------------------------------------- | | **Must match regular expression** | ```[0-9]+(ms\|s\|m\|h\|d\|w\|y)``` [Test](https://regex101.com/?regex=%5B0-9%5D%2B%28ms%7Cs%7Cm%7Ch%7Cd%7Cw%7Cy%29) | -#### 3.4.6. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > prometheus > retentionSize` +#### 3.5.6. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > prometheus > retentionSize` | | | | -------- | -------- | @@ -1919,7 +1947,7 @@ Must be one of: | --------------------------------- | ----------------------------------------------------------------------------------------------------------------------------- | | **Must match regular expression** | ```[0-9]+(B\|KB\|MB\|GB\|TB\|PB\|EB)``` [Test](https://regex101.com/?regex=%5B0-9%5D%2B%28B%7CKB%7CMB%7CGB%7CTB%7CPB%7CEB%29) | -#### 3.4.7. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > prometheus > persistence` +#### 3.5.7. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > prometheus > persistence` | | | | ------------------------- | -------------------------------------------------------------------------------------------------------- | @@ -1931,7 +1959,7 @@ Must be one of: | - [storageClass](#monitoring_prometheus_persistence_storageClass ) | No | string | No | Same as [storageClass](#global_storageClass ) | The storageClass to use for persistence, e.g. for prometheus, otherwise use the cluster default (teutostack-ssd) | | - [size](#monitoring_prometheus_persistence_size ) | No | object | No | Same as [io.k8s.apimachinery.pkg.api.resource.Quantity](#global_namespaces_additionalProperties_resources_defaults_requests_additionalProperties ) | - | -##### 3.4.7.1. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > prometheus > persistence > storageClass` +##### 3.5.7.1. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > prometheus > persistence > storageClass` | | | | ---------------------- | ------------------------------------ | @@ -1940,7 +1968,7 @@ Must be one of: **Description:** The storageClass to use for persistence, e.g. for prometheus, otherwise use the cluster default (teutostack-ssd) -##### 3.4.7.2. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > prometheus > persistence > size` +##### 3.5.7.2. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > prometheus > persistence > size` | | | | ------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------- | @@ -1948,7 +1976,7 @@ Must be one of: | **Additional properties** | [![Any type: allowed](https://img.shields.io/badge/Any%20type-allowed-green)](# "Additional Properties of any type are allowed.") | | **Same definition as** | [io.k8s.apimachinery.pkg.api.resource.Quantity](#global_namespaces_additionalProperties_resources_defaults_requests_additionalProperties) | -#### 3.4.8. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > prometheus > operator` +#### 3.5.8. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > prometheus > operator` | | | | ------------------------- | -------------------------------------------------------------------------------------------------------- | @@ -1960,14 +1988,14 @@ Must be one of: | - [resourcesPreset](#monitoring_prometheus_operator_resourcesPreset ) | No | enum (of string) | No | Same as [resourcesPreset](#global_authentication_oauthProxy_resourcesPreset ) | - | | - [resources](#monitoring_prometheus_operator_resources ) | No | object | No | Same as [resources](#global_authentication_oauthProxy_resources ) | ResourceRequirements describes the compute resource requirements. | -##### 3.4.8.1. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > prometheus > operator > resourcesPreset` +##### 3.5.8.1. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > prometheus > operator > resourcesPreset` | | | | ---------------------- | -------------------------------------------------------------------- | | **Type** | `enum (of string)` | | **Same definition as** | [resourcesPreset](#global_authentication_oauthProxy_resourcesPreset) | -##### 3.4.8.2. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > prometheus > operator > resources` +##### 3.5.8.2. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > prometheus > operator > resources` | | | | ------------------------- | --------------------------------------------------------------------------------------------------------------------------------- | @@ -1977,7 +2005,7 @@ Must be one of: **Description:** ResourceRequirements describes the compute resource requirements. -#### 3.4.9. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > prometheus > kubeStateMetrics` +#### 3.5.9. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > prometheus > kubeStateMetrics` | | | | ------------------------- | -------------------------------------------------------------------------------------------------------- | @@ -1990,14 +2018,14 @@ Must be one of: | - [resources](#monitoring_prometheus_kubeStateMetrics_resources ) | No | object | No | Same as [resources](#global_authentication_oauthProxy_resources ) | ResourceRequirements describes the compute resource requirements. | | - [metricLabelsAllowList](#monitoring_prometheus_kubeStateMetrics_metricLabelsAllowList ) | No | object | No | - | A map of resource/[label] that will be set as labels on the state metrics | -##### 3.4.9.1. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > prometheus > kubeStateMetrics > resourcesPreset` +##### 3.5.9.1. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > prometheus > kubeStateMetrics > resourcesPreset` | | | | ---------------------- | -------------------------------------------------------------------- | | **Type** | `enum (of string)` | | **Same definition as** | [resourcesPreset](#global_authentication_oauthProxy_resourcesPreset) | -##### 3.4.9.2. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > prometheus > kubeStateMetrics > resources` +##### 3.5.9.2. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > prometheus > kubeStateMetrics > resources` | | | | ------------------------- | --------------------------------------------------------------------------------------------------------------------------------- | @@ -2007,7 +2035,7 @@ Must be one of: **Description:** ResourceRequirements describes the compute resource requirements. -##### 3.4.9.3. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > prometheus > kubeStateMetrics > metricLabelsAllowList` +##### 3.5.9.3. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > prometheus > kubeStateMetrics > metricLabelsAllowList` | | | | ------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | @@ -2020,7 +2048,7 @@ Must be one of: | ----------------------------------------------------------------------------------------- | ------- | --------------- | ---------- | ---------- | ----------------- | | - [](#monitoring_prometheus_kubeStateMetrics_metricLabelsAllowList_additionalProperties ) | No | array of string | No | - | - | -###### 3.4.9.3.1. Property `base cluster configuration > monitoring > prometheus > kubeStateMetrics > metricLabelsAllowList > additionalProperties` +###### 3.5.9.3.1. Property `base cluster configuration > monitoring > prometheus > kubeStateMetrics > metricLabelsAllowList > additionalProperties` | | | | -------- | ----------------- | @@ -2038,13 +2066,13 @@ Must be one of: | ---------------------------------------------------------------------------------------------------------------------- | ----------- | | [additionalProperties items](#monitoring_prometheus_kubeStateMetrics_metricLabelsAllowList_additionalProperties_items) | - | -###### 3.4.9.3.1.1. base cluster configuration > monitoring > prometheus > kubeStateMetrics > metricLabelsAllowList > additionalProperties > additionalProperties items +###### 3.5.9.3.1.1. base cluster configuration > monitoring > prometheus > kubeStateMetrics > metricLabelsAllowList > additionalProperties > additionalProperties items | | | | -------- | -------- | | **Type** | `string` | -#### 3.4.10. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > prometheus > nodeExporter` +#### 3.5.10. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > prometheus > nodeExporter` | | | | ------------------------- | -------------------------------------------------------------------------------------------------------- | @@ -2056,14 +2084,14 @@ Must be one of: | - [resourcesPreset](#monitoring_prometheus_nodeExporter_resourcesPreset ) | No | enum (of string) | No | Same as [resourcesPreset](#global_authentication_oauthProxy_resourcesPreset ) | - | | - [resources](#monitoring_prometheus_nodeExporter_resources ) | No | object | No | Same as [resources](#global_authentication_oauthProxy_resources ) | ResourceRequirements describes the compute resource requirements. | -##### 3.4.10.1. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > prometheus > nodeExporter > resourcesPreset` +##### 3.5.10.1. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > prometheus > nodeExporter > resourcesPreset` | | | | ---------------------- | -------------------------------------------------------------------- | | **Type** | `enum (of string)` | | **Same definition as** | [resourcesPreset](#global_authentication_oauthProxy_resourcesPreset) | -##### 3.4.10.2. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > prometheus > nodeExporter > resources` +##### 3.5.10.2. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > prometheus > nodeExporter > resources` | | | | ------------------------- | --------------------------------------------------------------------------------------------------------------------------------- | @@ -2073,7 +2101,7 @@ Must be one of: **Description:** ResourceRequirements describes the compute resource requirements. -#### 3.4.11. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > prometheus > ingress` +#### 3.5.11. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > prometheus > ingress` | | | | ------------------------- | -------------------------------------------------------------------------------------------------------- | @@ -2087,13 +2115,13 @@ Must be one of: | - [host](#monitoring_prometheus_ingress_host ) | No | string | No | - | The subdomain to use under \`.global.clusterName\`.\`.global.baseDomain\` | | - [customDomain](#monitoring_prometheus_ingress_customDomain ) | No | string | No | - | The full custom domain to use | -##### 3.4.11.1. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > prometheus > ingress > enabled` +##### 3.5.11.1. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > prometheus > ingress > enabled` | | | | -------- | --------- | | **Type** | `boolean` | -##### 3.4.11.2. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > prometheus > ingress > host` +##### 3.5.11.2. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > prometheus > ingress > host` | | | | -------- | -------- | @@ -2101,7 +2129,7 @@ Must be one of: **Description:** The subdomain to use under `.global.clusterName`.`.global.baseDomain` -##### 3.4.11.3. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > prometheus > ingress > customDomain` +##### 3.5.11.3. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > prometheus > ingress > customDomain` | | | | -------- | -------- | @@ -2109,7 +2137,7 @@ Must be one of: **Description:** The full custom domain to use -#### 3.4.12. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > prometheus > alertmanager` +#### 3.5.12. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > prometheus > alertmanager` | | | | ------------------------- | -------------------------------------------------------------------------------------------------------- | @@ -2124,7 +2152,7 @@ Must be one of: | - [retentionDuration](#monitoring_prometheus_alertmanager_retentionDuration ) | No | string | No | - | - | | - [persistence](#monitoring_prometheus_alertmanager_persistence ) | No | object | No | - | - | -##### 3.4.12.1. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > prometheus > alertmanager > receivers` +##### 3.5.12.1. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > prometheus > alertmanager > receivers` | | | | ------------------------- | -------------------------------------------------------------------------------------------------------- | @@ -2135,7 +2163,7 @@ Must be one of: | ----------------------------------------------------------------------- | ------- | ------ | ---------- | ---------- | ----------------- | | - [pagerduty](#monitoring_prometheus_alertmanager_receivers_pagerduty ) | No | object | No | - | - | -###### 3.4.12.1.1. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > prometheus > alertmanager > receivers > pagerduty` +###### 3.5.12.1.1. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > prometheus > alertmanager > receivers > pagerduty` | | | | ------------------------- | -------------------------------------------------------------------------------------------------------- | @@ -2148,25 +2176,25 @@ Must be one of: | - [url](#monitoring_prometheus_alertmanager_receivers_pagerduty_url ) | No | string | No | - | - | | - [integrationKey](#monitoring_prometheus_alertmanager_receivers_pagerduty_integrationKey ) | No | string | No | - | - | -###### 3.4.12.1.1.1. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > prometheus > alertmanager > receivers > pagerduty > enabled` +###### 3.5.12.1.1.1. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > prometheus > alertmanager > receivers > pagerduty > enabled` | | | | -------- | --------- | | **Type** | `boolean` | -###### 3.4.12.1.1.2. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > prometheus > alertmanager > receivers > pagerduty > url` +###### 3.5.12.1.1.2. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > prometheus > alertmanager > receivers > pagerduty > url` | | | | -------- | -------- | | **Type** | `string` | -###### 3.4.12.1.1.3. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > prometheus > alertmanager > receivers > pagerduty > integrationKey` +###### 3.5.12.1.1.3. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > prometheus > alertmanager > receivers > pagerduty > integrationKey` | | | | -------- | -------- | | **Type** | `string` | -##### 3.4.12.2. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > prometheus > alertmanager > ingress` +##### 3.5.12.2. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > prometheus > alertmanager > ingress` | | | | ------------------------- | -------------------------------------------------------------------------------------------------------- | @@ -2174,7 +2202,7 @@ Must be one of: | **Additional properties** | [![Not allowed](https://img.shields.io/badge/Not%20allowed-red)](# "Additional Properties not allowed.") | | **Same definition as** | [ingress](#monitoring_prometheus_ingress) | -##### 3.4.12.3. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > prometheus > alertmanager > replicas` +##### 3.5.12.3. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > prometheus > alertmanager > replicas` | | | | -------- | --------- | @@ -2184,7 +2212,7 @@ Must be one of: | ------------ | ------ | | **Minimum** | ≥ 1 | -##### 3.4.12.4. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > prometheus > alertmanager > retentionDuration` +##### 3.5.12.4. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > prometheus > alertmanager > retentionDuration` | | | | -------- | -------- | @@ -2194,7 +2222,7 @@ Must be one of: | --------------------------------- | ------------------------------------------------------------------------------------------------------------------- | | **Must match regular expression** | ```[0-9]+(ms\|s\|m\|h\|d\|w\|y)``` [Test](https://regex101.com/?regex=%5B0-9%5D%2B%28ms%7Cs%7Cm%7Ch%7Cd%7Cw%7Cy%29) | -##### 3.4.12.5. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > prometheus > alertmanager > persistence` +##### 3.5.12.5. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > prometheus > alertmanager > persistence` | | | | ------------------------- | -------------------------------------------------------------------------------------------------------- | @@ -2206,7 +2234,7 @@ Must be one of: | - [storageClass](#monitoring_prometheus_alertmanager_persistence_storageClass ) | No | string | No | Same as [storageClass](#global_storageClass ) | The storageClass to use for persistence, e.g. for prometheus, otherwise use the cluster default (teutostack-ssd) | | - [size](#monitoring_prometheus_alertmanager_persistence_size ) | No | object | No | Same as [io.k8s.apimachinery.pkg.api.resource.Quantity](#global_namespaces_additionalProperties_resources_defaults_requests_additionalProperties ) | - | -###### 3.4.12.5.1. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > prometheus > alertmanager > persistence > storageClass` +###### 3.5.12.5.1. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > prometheus > alertmanager > persistence > storageClass` | | | | ---------------------- | ------------------------------------ | @@ -2215,7 +2243,7 @@ Must be one of: **Description:** The storageClass to use for persistence, e.g. for prometheus, otherwise use the cluster default (teutostack-ssd) -###### 3.4.12.5.2. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > prometheus > alertmanager > persistence > size` +###### 3.5.12.5.2. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > prometheus > alertmanager > persistence > size` | | | | ------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------- | @@ -2223,7 +2251,7 @@ Must be one of: | **Additional properties** | [![Any type: allowed](https://img.shields.io/badge/Any%20type-allowed-green)](# "Additional Properties of any type are allowed.") | | **Same definition as** | [io.k8s.apimachinery.pkg.api.resource.Quantity](#global_namespaces_additionalProperties_resources_defaults_requests_additionalProperties) | -### 3.5. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > grafana` +### 3.6. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > grafana` | | | | ------------------------- | -------------------------------------------------------------------------------------------------------- | @@ -2243,13 +2271,13 @@ Must be one of: | - [persistence](#monitoring_grafana_persistence ) | No | object | No | - | - | | - [sidecar](#monitoring_grafana_sidecar ) | No | object | No | - | - | -#### 3.5.1. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > grafana > adminPassword` +#### 3.6.1. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > grafana > adminPassword` | | | | -------- | -------- | | **Type** | `string` | -#### 3.5.2. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > grafana > ingress` +#### 3.6.2. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > grafana > ingress` | | | | ------------------------- | -------------------------------------------------------------------------------------------------------- | @@ -2257,7 +2285,7 @@ Must be one of: | **Additional properties** | [![Not allowed](https://img.shields.io/badge/Not%20allowed-red)](# "Additional Properties not allowed.") | | **Same definition as** | [ingress](#monitoring_prometheus_ingress) | -#### 3.5.3. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > grafana > additionalDashboards` +#### 3.6.3. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > grafana > additionalDashboards` | | | | ------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | @@ -2268,7 +2296,7 @@ Must be one of: | -------------------------------------------------------------------- | ------- | ------ | ---------- | ---------- | ----------------- | | - [](#monitoring_grafana_additionalDashboards_additionalProperties ) | No | object | No | - | - | -##### 3.5.3.1. Property `base cluster configuration > monitoring > grafana > additionalDashboards > additionalProperties` +##### 3.6.3.1. Property `base cluster configuration > monitoring > grafana > additionalDashboards > additionalProperties` | | | | ------------------------- | -------------------------------------------------------------------------------------------------------- | @@ -2281,32 +2309,32 @@ Must be one of: | - [revision](#monitoring_grafana_additionalDashboards_additionalProperties_revision ) | No | integer | No | - | - | | - [datasource](#monitoring_grafana_additionalDashboards_additionalProperties_datasource ) | No | string | No | - | - | -###### 3.5.3.1.1. ![Required](https://img.shields.io/badge/Required-blue) Property `base cluster configuration > monitoring > grafana > additionalDashboards > additionalProperties > gnetId` +###### 3.6.3.1.1. ![Required](https://img.shields.io/badge/Required-blue) Property `base cluster configuration > monitoring > grafana > additionalDashboards > additionalProperties > gnetId` | | | | -------- | --------- | | **Type** | `integer` | -###### 3.5.3.1.2. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > grafana > additionalDashboards > additionalProperties > revision` +###### 3.6.3.1.2. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > grafana > additionalDashboards > additionalProperties > revision` | | | | -------- | --------- | | **Type** | `integer` | -###### 3.5.3.1.3. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > grafana > additionalDashboards > additionalProperties > datasource` +###### 3.6.3.1.3. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > grafana > additionalDashboards > additionalProperties > datasource` | | | | -------- | -------- | | **Type** | `string` | -#### 3.5.4. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > grafana > config` +#### 3.6.4. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > grafana > config` | | | | ------------------------- | --------------------------------------------------------------------------------------------------------------------------------- | | **Type** | `object` | | **Additional properties** | [![Any type: allowed](https://img.shields.io/badge/Any%20type-allowed-green)](# "Additional Properties of any type are allowed.") | -#### 3.5.5. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > grafana > notifiers` +#### 3.6.5. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > grafana > notifiers` | | | | -------- | ----------------- | @@ -2326,7 +2354,7 @@ Must be one of: | ------------------------------------------------------ | ----------- | | [notifiers items](#monitoring_grafana_notifiers_items) | - | -##### 3.5.5.1. base cluster configuration > monitoring > grafana > notifiers > notifiers items +##### 3.6.5.1. base cluster configuration > monitoring > grafana > notifiers > notifiers items | | | | ------------------------- | -------------------------------------------------------------------------------------------------------- | @@ -2344,25 +2372,25 @@ Must be one of: | - [frequency](#monitoring_grafana_notifiers_items_frequency ) | No | string | No | - | - | | - [settings](#monitoring_grafana_notifiers_items_settings ) | No | object | No | - | - | -###### 3.5.5.1.1. Property `base cluster configuration > monitoring > grafana > notifiers > notifiers items > name` +###### 3.6.5.1.1. Property `base cluster configuration > monitoring > grafana > notifiers > notifiers items > name` | | | | -------- | -------- | | **Type** | `string` | -###### 3.5.5.1.2. Property `base cluster configuration > monitoring > grafana > notifiers > notifiers items > type` +###### 3.6.5.1.2. Property `base cluster configuration > monitoring > grafana > notifiers > notifiers items > type` | | | | -------- | -------- | | **Type** | `string` | -###### 3.5.5.1.3. Property `base cluster configuration > monitoring > grafana > notifiers > notifiers items > uid` +###### 3.6.5.1.3. Property `base cluster configuration > monitoring > grafana > notifiers > notifiers items > uid` | | | | -------- | -------- | | **Type** | `string` | -###### 3.5.5.1.4. Property `base cluster configuration > monitoring > grafana > notifiers > notifiers items > org_id` +###### 3.6.5.1.4. Property `base cluster configuration > monitoring > grafana > notifiers > notifiers items > org_id` | | | | -------- | --------- | @@ -2372,32 +2400,32 @@ Must be one of: | ------------ | ------ | | **Minimum** | ≥ 1 | -###### 3.5.5.1.5. Property `base cluster configuration > monitoring > grafana > notifiers > notifiers items > is_default` +###### 3.6.5.1.5. Property `base cluster configuration > monitoring > grafana > notifiers > notifiers items > is_default` | | | | -------- | --------- | | **Type** | `boolean` | -###### 3.5.5.1.6. Property `base cluster configuration > monitoring > grafana > notifiers > notifiers items > send_reminder` +###### 3.6.5.1.6. Property `base cluster configuration > monitoring > grafana > notifiers > notifiers items > send_reminder` | | | | -------- | --------- | | **Type** | `boolean` | -###### 3.5.5.1.7. Property `base cluster configuration > monitoring > grafana > notifiers > notifiers items > frequency` +###### 3.6.5.1.7. Property `base cluster configuration > monitoring > grafana > notifiers > notifiers items > frequency` | | | | -------- | -------- | | **Type** | `string` | -###### 3.5.5.1.8. Property `base cluster configuration > monitoring > grafana > notifiers > notifiers items > settings` +###### 3.6.5.1.8. Property `base cluster configuration > monitoring > grafana > notifiers > notifiers items > settings` | | | | ------------------------- | --------------------------------------------------------------------------------------------------------------------------------- | | **Type** | `object` | | **Additional properties** | [![Any type: allowed](https://img.shields.io/badge/Any%20type-allowed-green)](# "Additional Properties of any type are allowed.") | -#### 3.5.6. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > grafana > additionalPlugins` +#### 3.6.6. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > grafana > additionalPlugins` | | | | -------- | ----------------- | @@ -2415,20 +2443,20 @@ Must be one of: | ---------------------------------------------------------------------- | ----------- | | [additionalPlugins items](#monitoring_grafana_additionalPlugins_items) | - | -##### 3.5.6.1. base cluster configuration > monitoring > grafana > additionalPlugins > additionalPlugins items +##### 3.6.6.1. base cluster configuration > monitoring > grafana > additionalPlugins > additionalPlugins items | | | | -------- | -------- | | **Type** | `string` | -#### 3.5.7. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > grafana > resourcesPreset` +#### 3.6.7. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > grafana > resourcesPreset` | | | | ---------------------- | -------------------------------------------------------------------- | | **Type** | `enum (of string)` | | **Same definition as** | [resourcesPreset](#global_authentication_oauthProxy_resourcesPreset) | -#### 3.5.8. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > grafana > resources` +#### 3.6.8. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > grafana > resources` | | | | ------------------------- | --------------------------------------------------------------------------------------------------------------------------------- | @@ -2438,7 +2466,7 @@ Must be one of: **Description:** ResourceRequirements describes the compute resource requirements. -#### 3.5.9. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > grafana > persistence` +#### 3.6.9. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > grafana > persistence` | | | | ------------------------- | -------------------------------------------------------------------------------------------------------- | @@ -2451,13 +2479,13 @@ Must be one of: | - [size](#monitoring_grafana_persistence_size ) | No | object | No | Same as [io.k8s.apimachinery.pkg.api.resource.Quantity](#global_namespaces_additionalProperties_resources_defaults_requests_additionalProperties ) | - | | - [storageClassName](#monitoring_grafana_persistence_storageClassName ) | No | string | No | - | - | -##### 3.5.9.1. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > grafana > persistence > enabled` +##### 3.6.9.1. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > grafana > persistence > enabled` | | | | -------- | --------- | | **Type** | `boolean` | -##### 3.5.9.2. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > grafana > persistence > size` +##### 3.6.9.2. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > grafana > persistence > size` | | | | ------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------- | @@ -2465,13 +2493,13 @@ Must be one of: | **Additional properties** | [![Any type: allowed](https://img.shields.io/badge/Any%20type-allowed-green)](# "Additional Properties of any type are allowed.") | | **Same definition as** | [io.k8s.apimachinery.pkg.api.resource.Quantity](#global_namespaces_additionalProperties_resources_defaults_requests_additionalProperties) | -##### 3.5.9.3. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > grafana > persistence > storageClassName` +##### 3.6.9.3. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > grafana > persistence > storageClassName` | | | | -------- | -------- | | **Type** | `string` | -#### 3.5.10. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > grafana > sidecar` +#### 3.6.10. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > grafana > sidecar` | | | | ------------------------- | -------------------------------------------------------------------------------------------------------- | @@ -2483,14 +2511,14 @@ Must be one of: | - [resourcesPreset](#monitoring_grafana_sidecar_resourcesPreset ) | No | enum (of string) | No | Same as [resourcesPreset](#global_authentication_oauthProxy_resourcesPreset ) | - | | - [resources](#monitoring_grafana_sidecar_resources ) | No | object | No | Same as [resources](#global_authentication_oauthProxy_resources ) | ResourceRequirements describes the compute resource requirements. | -##### 3.5.10.1. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > grafana > sidecar > resourcesPreset` +##### 3.6.10.1. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > grafana > sidecar > resourcesPreset` | | | | ---------------------- | -------------------------------------------------------------------- | | **Type** | `enum (of string)` | | **Same definition as** | [resourcesPreset](#global_authentication_oauthProxy_resourcesPreset) | -##### 3.5.10.2. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > grafana > sidecar > resources` +##### 3.6.10.2. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > grafana > sidecar > resources` | | | | ------------------------- | --------------------------------------------------------------------------------------------------------------------------------- | @@ -2500,7 +2528,7 @@ Must be one of: **Description:** ResourceRequirements describes the compute resource requirements. -### 3.6. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > loki` +### 3.7. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > loki` | | | | ------------------------- | -------------------------------------------------------------------------------------------------------- | @@ -2516,13 +2544,13 @@ Must be one of: | - [resources](#monitoring_loki_resources ) | No | object | No | Same as [resources](#global_authentication_oauthProxy_resources ) | ResourceRequirements describes the compute resource requirements. | | - [promtail](#monitoring_loki_promtail ) | No | object | No | - | - | -#### 3.6.1. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > loki > enabled` +#### 3.7.1. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > loki > enabled` | | | | -------- | --------- | | **Type** | `boolean` | -#### 3.6.2. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > loki > persistence` +#### 3.7.2. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > loki > persistence` | | | | ------------------------- | -------------------------------------------------------------------------------------------------------- | @@ -2534,7 +2562,7 @@ Must be one of: | - [size](#monitoring_loki_persistence_size ) | No | object | No | Same as [io.k8s.apimachinery.pkg.api.resource.Quantity](#global_namespaces_additionalProperties_resources_defaults_requests_additionalProperties ) | - | | - [storageClass](#monitoring_loki_persistence_storageClass ) | No | string | No | Same as [storageClass](#global_storageClass ) | The storageClass to use for persistence, e.g. for prometheus, otherwise use the cluster default (teutostack-ssd) | -##### 3.6.2.1. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > loki > persistence > size` +##### 3.7.2.1. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > loki > persistence > size` | | | | ------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------- | @@ -2542,7 +2570,7 @@ Must be one of: | **Additional properties** | [![Any type: allowed](https://img.shields.io/badge/Any%20type-allowed-green)](# "Additional Properties of any type are allowed.") | | **Same definition as** | [io.k8s.apimachinery.pkg.api.resource.Quantity](#global_namespaces_additionalProperties_resources_defaults_requests_additionalProperties) | -##### 3.6.2.2. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > loki > persistence > storageClass` +##### 3.7.2.2. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > loki > persistence > storageClass` | | | | ---------------------- | ------------------------------------ | @@ -2551,7 +2579,7 @@ Must be one of: **Description:** The storageClass to use for persistence, e.g. for prometheus, otherwise use the cluster default (teutostack-ssd) -#### 3.6.3. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > loki > replicas` +#### 3.7.3. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > loki > replicas` | | | | -------- | --------- | @@ -2561,14 +2589,14 @@ Must be one of: | ------------ | ------ | | **Minimum** | ≥ 1 | -#### 3.6.4. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > loki > resourcesPreset` +#### 3.7.4. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > loki > resourcesPreset` | | | | ---------------------- | -------------------------------------------------------------------- | | **Type** | `enum (of string)` | | **Same definition as** | [resourcesPreset](#global_authentication_oauthProxy_resourcesPreset) | -#### 3.6.5. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > loki > resources` +#### 3.7.5. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > loki > resources` | | | | ------------------------- | --------------------------------------------------------------------------------------------------------------------------------- | @@ -2578,7 +2606,7 @@ Must be one of: **Description:** ResourceRequirements describes the compute resource requirements. -#### 3.6.6. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > loki > promtail` +#### 3.7.6. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > loki > promtail` | | | | ------------------------- | -------------------------------------------------------------------------------------------------------- | @@ -2590,14 +2618,14 @@ Must be one of: | - [resourcesPreset](#monitoring_loki_promtail_resourcesPreset ) | No | enum (of string) | No | Same as [resourcesPreset](#global_authentication_oauthProxy_resourcesPreset ) | - | | - [resources](#monitoring_loki_promtail_resources ) | No | object | No | Same as [resources](#global_authentication_oauthProxy_resources ) | ResourceRequirements describes the compute resource requirements. | -##### 3.6.6.1. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > loki > promtail > resourcesPreset` +##### 3.7.6.1. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > loki > promtail > resourcesPreset` | | | | ---------------------- | -------------------------------------------------------------------- | | **Type** | `enum (of string)` | | **Same definition as** | [resourcesPreset](#global_authentication_oauthProxy_resourcesPreset) | -##### 3.6.6.2. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > loki > promtail > resources` +##### 3.7.6.2. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > loki > promtail > resources` | | | | ------------------------- | --------------------------------------------------------------------------------------------------------------------------------- | @@ -2607,7 +2635,7 @@ Must be one of: **Description:** ResourceRequirements describes the compute resource requirements. -### 3.7. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > metricsServer` +### 3.8. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > metricsServer` | | | | ------------------------- | -------------------------------------------------------------------------------------------------------- | @@ -2618,13 +2646,13 @@ Must be one of: | ----------------------------------------------- | ------- | ------- | ---------- | ---------- | ----------------- | | - [enabled](#monitoring_metricsServer_enabled ) | No | boolean | No | - | - | -#### 3.7.1. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > metricsServer > enabled` +#### 3.8.1. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > metricsServer > enabled` | | | | -------- | --------- | | **Type** | `boolean` | -### 3.8. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > storageCostAnalysis` +### 3.9. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > storageCostAnalysis` | | | | ------------------------- | -------------------------------------------------------------------------------------------------------- | @@ -2639,7 +2667,7 @@ Must be one of: | - [currency](#monitoring_storageCostAnalysis_currency ) | No | string | No | - | - | | - [storageClassMapping](#monitoring_storageCostAnalysis_storageClassMapping ) | No | object | No | - | A map of storageClasses to their cost per GiB/$period | -#### 3.8.1. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > storageCostAnalysis > period` +#### 3.9.1. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > storageCostAnalysis > period` | | | | ----------- | -------- | @@ -2658,7 +2686,7 @@ Day Month ``` -#### 3.8.2. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > storageCostAnalysis > currency` +#### 3.9.2. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > storageCostAnalysis > currency` | | | | ----------- | --------------- | @@ -2675,7 +2703,7 @@ currencyUSD currencyEUR ``` -#### 3.8.3. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > storageCostAnalysis > storageClassMapping` +#### 3.9.3. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > storageCostAnalysis > storageClassMapping` | | | | ------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | @@ -2688,13 +2716,13 @@ currencyEUR | ------------------------------------------------------------------------------- | ------- | ------ | ---------- | ---------- | ----------------- | | - [](#monitoring_storageCostAnalysis_storageClassMapping_additionalProperties ) | No | number | No | - | - | -##### 3.8.3.1. Property `base cluster configuration > monitoring > storageCostAnalysis > storageClassMapping > additionalProperties` +##### 3.9.3.1. Property `base cluster configuration > monitoring > storageCostAnalysis > storageClassMapping > additionalProperties` | | | | -------- | -------- | | **Type** | `number` | -### 3.9. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > securityScanning` +### 3.10. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > securityScanning` | | | | ------------------------- | -------------------------------------------------------------------------------------------------------- | @@ -2706,13 +2734,13 @@ currencyEUR | - [enabled](#monitoring_securityScanning_enabled ) | No | boolean | No | - | - | | - [nodeCollector](#monitoring_securityScanning_nodeCollector ) | No | object | No | - | - | -#### 3.9.1. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > securityScanning > enabled` +#### 3.10.1. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > securityScanning > enabled` | | | | -------- | --------- | | **Type** | `boolean` | -#### 3.9.2. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > securityScanning > nodeCollector` +#### 3.10.2. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > securityScanning > nodeCollector` | | | | ------------------------- | --------------------------------------------------------------------------------------------------------------------------------- | @@ -2723,7 +2751,7 @@ currencyEUR | ------------------------------------------------------------------------ | ------- | ----- | ---------- | ---------- | ----------------- | | - [tolerations](#monitoring_securityScanning_nodeCollector_tolerations ) | No | array | No | - | - | -##### 3.9.2.1. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > securityScanning > nodeCollector > tolerations` +##### 3.10.2.1. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > securityScanning > nodeCollector > tolerations` | | | | -------- | ------- | @@ -2741,7 +2769,7 @@ currencyEUR | --------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------- | | [tolerations](#monitoring_securityScanning_nodeCollector_tolerations_items) | The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator . | -###### 3.9.2.1.1. base cluster configuration > monitoring > securityScanning > nodeCollector > tolerations > tolerations +###### 3.10.2.1.1. base cluster configuration > monitoring > securityScanning > nodeCollector > tolerations > tolerations | | | | ------------------------- | --------------------------------------------------------------------------------------------------------------------------------- | @@ -2759,7 +2787,7 @@ currencyEUR | - [tolerationSeconds](#monitoring_securityScanning_nodeCollector_tolerations_items_tolerationSeconds ) | No | integer | No | - | TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. | | - [value](#monitoring_securityScanning_nodeCollector_tolerations_items_value ) | No | string | No | - | Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. | -###### 3.9.2.1.1.1. Property `base cluster configuration > monitoring > securityScanning > nodeCollector > tolerations > tolerations items > effect` +###### 3.10.2.1.1.1. Property `base cluster configuration > monitoring > securityScanning > nodeCollector > tolerations > tolerations items > effect` | | | | -------- | -------- | @@ -2767,7 +2795,7 @@ currencyEUR **Description:** Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. -###### 3.9.2.1.1.2. Property `base cluster configuration > monitoring > securityScanning > nodeCollector > tolerations > tolerations items > key` +###### 3.10.2.1.1.2. Property `base cluster configuration > monitoring > securityScanning > nodeCollector > tolerations > tolerations items > key` | | | | -------- | -------- | @@ -2775,7 +2803,7 @@ currencyEUR **Description:** Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. -###### 3.9.2.1.1.3. Property `base cluster configuration > monitoring > securityScanning > nodeCollector > tolerations > tolerations items > operator` +###### 3.10.2.1.1.3. Property `base cluster configuration > monitoring > securityScanning > nodeCollector > tolerations > tolerations items > operator` | | | | -------- | -------- | @@ -2783,7 +2811,7 @@ currencyEUR **Description:** Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. -###### 3.9.2.1.1.4. Property `base cluster configuration > monitoring > securityScanning > nodeCollector > tolerations > tolerations items > tolerationSeconds` +###### 3.10.2.1.1.4. Property `base cluster configuration > monitoring > securityScanning > nodeCollector > tolerations > tolerations items > tolerationSeconds` | | | | ---------- | --------- | @@ -2792,7 +2820,7 @@ currencyEUR **Description:** TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. -###### 3.9.2.1.1.5. Property `base cluster configuration > monitoring > securityScanning > nodeCollector > tolerations > tolerations items > value` +###### 3.10.2.1.1.5. Property `base cluster configuration > monitoring > securityScanning > nodeCollector > tolerations > tolerations items > value` | | | | -------- | -------- | @@ -2800,7 +2828,7 @@ currencyEUR **Description:** Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. -### 3.10. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > tracing` +### 3.11. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > tracing` | | | | ------------------------- | --------------------------------------------------------------------------------------------------------------------------------- | @@ -2812,13 +2840,13 @@ currencyEUR | - [enabled](#monitoring_tracing_enabled ) | No | boolean | No | - | - | | - [ingester](#monitoring_tracing_ingester ) | No | object | No | - | - | -#### 3.10.1. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > tracing > enabled` +#### 3.11.1. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > tracing > enabled` | | | | -------- | --------- | | **Type** | `boolean` | -#### 3.10.2. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > tracing > ingester` +#### 3.11.2. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > tracing > ingester` | | | | ------------------------- | -------------------------------------------------------------------------------------------------------- | @@ -2830,14 +2858,14 @@ currencyEUR | - [resourcesPreset](#monitoring_tracing_ingester_resourcesPreset ) | No | enum (of string) | No | Same as [resourcesPreset](#global_authentication_oauthProxy_resourcesPreset ) | - | | - [resources](#monitoring_tracing_ingester_resources ) | No | object | No | Same as [resources](#global_authentication_oauthProxy_resources ) | ResourceRequirements describes the compute resource requirements. | -##### 3.10.2.1. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > tracing > ingester > resourcesPreset` +##### 3.11.2.1. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > tracing > ingester > resourcesPreset` | | | | ---------------------- | -------------------------------------------------------------------- | | **Type** | `enum (of string)` | | **Same definition as** | [resourcesPreset](#global_authentication_oauthProxy_resourcesPreset) | -##### 3.10.2.2. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > tracing > ingester > resources` +##### 3.11.2.2. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > tracing > ingester > resources` | | | | ------------------------- | --------------------------------------------------------------------------------------------------------------------------------- | @@ -2847,7 +2875,7 @@ currencyEUR **Description:** ResourceRequirements describes the compute resource requirements. -### 3.11. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > additionalProperties` +### 3.12. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > additionalProperties` | | | | ------------------------- | --------------------------------------------------------------------------------------------------------------------------------- | diff --git a/charts/base-cluster/ci/artifacthub-values.yaml b/charts/base-cluster/ci/artifacthub-values.yaml index da5d0edcbd..6e49c52cae 100644 --- a/charts/base-cluster/ci/artifacthub-values.yaml +++ b/charts/base-cluster/ci/artifacthub-values.yaml @@ -6,6 +6,17 @@ flux: provider: sops kyverno: enabled: true +backup: + defaultLocation: location + backupStorageLocations: + location: + provider: + minio: + url: https://minio.com + existingSecret: + name: secret + prefix: /prefix + bucket: bucket storage: readWriteMany: enabled: true @@ -21,11 +32,30 @@ monitoring: enabled: true pingKey: PING_KEY apiKey: API_KEY + kdave: + enabled: true prometheus: + enabled: true alertmanager: receivers: pagerduty: enabled: true integrationKey: INTEGRATION_KEY + loki: + enabled: true + metricsServer: + enabled: true + securityScanning: + enabled: true kube-janitor: enabled: true +descheduler: + enabled: true +ingress: + enabled: true +reflector: + enabled: true +dns: + provider: + cloudflare: + apiToken: API_TOKEN diff --git a/charts/base-cluster/templates/backup/velero.yaml b/charts/base-cluster/templates/backup/velero.yaml index 4ac6083d62..48fcc38864 100644 --- a/charts/base-cluster/templates/backup/velero.yaml +++ b/charts/base-cluster/templates/backup/velero.yaml @@ -91,4 +91,16 @@ spec: metrics: serviceMonitor: additionalLabels: {{- toYaml .Values.monitoring.labels | nindent 10 }} + enabled: true + prometheusRule: + enabled: true + additionalLabels: {{- toYaml .Values.monitoring.labels | nindent 10 }} + spec: + - alert: VeleroBackupFailures + annotations: + message: Velero backup {{ `{{ $labels.schedule }}` }} failed. + expr: velero_backup_last_status{schedule!=""} != 1 + for: 15m + labels: + severity: warning {{- end }} diff --git a/charts/base-cluster/templates/cert-manager/cert-manager.yaml b/charts/base-cluster/templates/cert-manager/cert-manager.yaml index 0809b2315b..21119f9ab3 100644 --- a/charts/base-cluster/templates/cert-manager/cert-manager.yaml +++ b/charts/base-cluster/templates/cert-manager/cert-manager.yaml @@ -33,10 +33,10 @@ spec: defaultIssuerKind: ClusterIssuer {{- end }} {{ if .Values.certManager.dnsChallengeNameservers }} - {{- $nameservers := list -}} - {{- range $ip, $port := .Values.certManager.dnsChallengeNameservers }} - {{- $nameservers = append $nameservers (printf "%s:%v" $ip $port) -}} - {{- end -}} + {{- $nameservers := list -}} + {{- range $ip, $port := .Values.certManager.dnsChallengeNameservers -}} + {{- $nameservers = append $nameservers (printf "%s:%v" $ip $port) -}} + {{- end -}} extraArgs: - --dns01-recursive-nameservers={{- $nameservers | sortAlpha | join "," }} {{- end }} diff --git a/charts/base-cluster/templates/cert-manager/ciliumNetworkPolicy.yaml b/charts/base-cluster/templates/cert-manager/ciliumNetworkPolicy.yaml index 56bf28ab25..6880fc623b 100644 --- a/charts/base-cluster/templates/cert-manager/ciliumNetworkPolicy.yaml +++ b/charts/base-cluster/templates/cert-manager/ciliumNetworkPolicy.yaml @@ -19,9 +19,15 @@ spec: - port: "9402" protocol: TCP egress: + - toEntities: + - world # allow access to letsencrypt and the DNS apis + toPorts: + - ports: + - port: "443" + protocol: TCP - toEntities: - kube-apiserver - - toPorts: + - toPorts: # needs to talk to all possible DNS servers - ports: - port: "53" protocol: UDP @@ -50,7 +56,7 @@ spec: - port: "10250" protocol: TCP - fromEntities: - - host + - health toPorts: - ports: - port: "6080" @@ -72,7 +78,7 @@ spec: app.kubernetes.io/name: cainjector app.kubernetes.io/instance: cert-manager ingress: - - { } + - {} egress: - toEntities: - kube-apiserver diff --git a/charts/base-cluster/templates/global/ciliumClusterwideNetworkPolicy.yaml b/charts/base-cluster/templates/global/ciliumClusterwideNetworkPolicy.yaml index a81c1d90e1..6e8822b405 100644 --- a/charts/base-cluster/templates/global/ciliumClusterwideNetworkPolicy.yaml +++ b/charts/base-cluster/templates/global/ciliumClusterwideNetworkPolicy.yaml @@ -6,11 +6,10 @@ metadata: labels: {{- include "common.labels.standard" $ | nindent 4 }} spec: endpointSelector: - matchLabels: { } + matchLabels: {} egress: - toEntities: - cluster - - host - toEntities: - world toPorts: @@ -38,13 +37,9 @@ spec: matchLabels: {{- include "common.tplvalues.render" (dict "value" .Values.global.networkPolicy.dnsLabels "context" $) | nindent 6 }} egress: - toEntities: - - kube-apiserver - toPorts: - - ports: - - port: "6443" - protocol: TCP + - kube-apiserver - toEntities: - - all + - all toPorts: - ports: - port: "53" diff --git a/charts/base-cluster/templates/global/reflector.yaml b/charts/base-cluster/templates/global/reflector.yaml index 418f0d6b77..69dab83129 100644 --- a/charts/base-cluster/templates/global/reflector.yaml +++ b/charts/base-cluster/templates/global/reflector.yaml @@ -14,10 +14,8 @@ spec: mode: enabled values: priorityClassName: cluster-components - {{- if .Values.global.imageRegistry }} image: - repository: {{ printf "%s/emberstack/kubernetes-reflector" $.Values.global.imageRegistry }} - {{- end }} + repository: {{ printf "%s/emberstack/kubernetes-reflector" ($.Values.global.imageRegistry | default (include "base-cluster.defaultRegistry" (dict))) }} securityContext: privileged: false allowPrivilegeEscalation: false diff --git a/charts/base-cluster/templates/monitoring/kdave/kdave.yaml b/charts/base-cluster/templates/monitoring/kdave/kdave.yaml index 326c5ef869..738121d5ba 100644 --- a/charts/base-cluster/templates/monitoring/kdave/kdave.yaml +++ b/charts/base-cluster/templates/monitoring/kdave/kdave.yaml @@ -24,7 +24,7 @@ spec: helmBinary: helm3 image: repository: {{ printf "%s/aelbakry/kdave-server" ($.Values.global.imageRegistry | default (include "base-cluster.defaultRegistry" (dict))) }} - tag: 2.1.5 + tag: 1.0.4 rbac: pspEnabled: false apiVersionsInspector: diff --git a/charts/base-cluster/templates/monitoring/kube-prometheus-stack/_grafana-config.yaml b/charts/base-cluster/templates/monitoring/kube-prometheus-stack/_grafana-config.yaml index 0785546cbd..8fa2a69dcb 100644 --- a/charts/base-cluster/templates/monitoring/kube-prometheus-stack/_grafana-config.yaml +++ b/charts/base-cluster/templates/monitoring/kube-prometheus-stack/_grafana-config.yaml @@ -46,6 +46,10 @@ resources: {{- include "common.resources" .Values.monitoring.grafana | nindent 2 persistence: {{- include "common.storage.class" (dict "persistence" .Values.monitoring.grafana.persistence "global" $.Values.global) | nindent 2 }} enabled: true size: {{ .Values.monitoring.grafana.persistence.size }} + accessModes: + - ReadWriteOnce +deploymentStrategy: + type: Recreate {{- end }} serviceMonitor: interval: "30s" diff --git a/charts/base-cluster/templates/monitoring/kube-prometheus-stack/oauth-proxy.yaml b/charts/base-cluster/templates/monitoring/kube-prometheus-stack/oauth-proxy.yaml index a88dbbaeb5..6c5e13c8c0 100644 --- a/charts/base-cluster/templates/monitoring/kube-prometheus-stack/oauth-proxy.yaml +++ b/charts/base-cluster/templates/monitoring/kube-prometheus-stack/oauth-proxy.yaml @@ -14,11 +14,11 @@ apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: - name: cluster-{{ $host }}-oauth-proxy + name: {{ printf "cluster-%s-oauth-proxy" $host }} namespace: monitoring labels: {{- include "common.labels.standard" $ | nindent 4 }} app.kubernetes.io/component: oauth-proxy - app.kubernetes.io/part-of: prometheus + app.kubernetes.io/part-of: {{ $host }} spec: chart: spec: {{- include "base-cluster.helm.chartSpec" (dict "repo" "bitnami" "chart" "oauth2-proxy" "context" $) | nindent 6 }} @@ -73,17 +73,17 @@ spec: apiVersion: cilium.io/v2 kind: CiliumNetworkPolicy metadata: - name: cluster-{{ $host }}-oauth-proxy + name: {{ printf "cluster-%s-oauth-proxy" $host }} namespace: monitoring labels: {{- include "common.labels.standard" $ | nindent 4 }} app.kubernetes.io/component: oauth - app.kubernetes.io/part-of: prometheus + app.kubernetes.io/part-of: {{ $host }} spec: endpointSelector: matchLabels: - app.kubernetes.io/instance: monitoring-cluster-{{ $host }}-oauth-proxy + app.kubernetes.io/instance: {{ printf "monitoring-cluster-%s-oauth-proxy" $host }} ingress: - - fromRequires: + - fromEndpoints: - matchLabels: {{- include "common.tplvalues.render" (dict "value" $.Values.global.networkPolicy.ingressLabels "context" $) | nindent 12 }} toPorts: - ports: diff --git a/charts/base-cluster/values.yaml b/charts/base-cluster/values.yaml index 963824df12..f8ea605cba 100644 --- a/charts/base-cluster/values.yaml +++ b/charts/base-cluster/values.yaml @@ -169,7 +169,7 @@ global: vmware: url: https://vmware-tanzu.github.io/helm-charts charts: - velero: 6.7.0 + velero: 7.1.4 condition: "{{ not (empty .Values.backup.backupStorageLocations) }}" open-telemetry: url: https://open-telemetry.github.io/opentelemetry-helm-charts diff --git a/charts/ckan/CHANGELOG.md b/charts/ckan/CHANGELOG.md index 44e6e73003..29c226eb62 100644 --- a/charts/ckan/CHANGELOG.md +++ b/charts/ckan/CHANGELOG.md @@ -1,5 +1,33 @@ # Changelog +## [1.1.7](https://github.com/teutonet/teutonet-helm-charts/compare/ckan-v1.1.6...ckan-v1.1.7) (2024-08-15) + + +### Bug Fixes + +* **ckan:** fix solr cloud setup ([#1104](https://github.com/teutonet/teutonet-helm-charts/issues/1104)) ([c7cbb31](https://github.com/teutonet/teutonet-helm-charts/commit/c7cbb315268d7c0f289db786f73208c198652847)) + + +### Miscellaneous Chores + +* **ckan/dependencies:** pin ghcr.io/teutonet/oci-images/solr-ckan docker tag to fa9824f ([#1105](https://github.com/teutonet/teutonet-helm-charts/issues/1105)) ([59790a9](https://github.com/teutonet/teutonet-helm-charts/commit/59790a91e7916083e0711673900f187732ba7b56)) +* **ckan/dependencies:** update common docker tag to v1.2.1 ([#1106](https://github.com/teutonet/teutonet-helm-charts/issues/1106)) ([553e211](https://github.com/teutonet/teutonet-helm-charts/commit/553e211ecbf9d2bc8e7c59073868c8f37ead5124)) + +## [1.1.6](https://github.com/teutonet/teutonet-helm-charts/compare/ckan-v1.1.5...ckan-v1.1.6) (2024-08-14) + + +### Bug Fixes + +* **ckan:** init container for volume permissions ([#1098](https://github.com/teutonet/teutonet-helm-charts/issues/1098)) ([c4c45ed](https://github.com/teutonet/teutonet-helm-charts/commit/c4c45ed7aa11d1997f9ccd54cf7f619a6def83c2)) + +## [1.1.5](https://github.com/teutonet/teutonet-helm-charts/compare/ckan-v1.1.4...ckan-v1.1.5) (2024-08-14) + + +### Bug Fixes + +* **ckan:** add defaults for datapusher formats defaults ([#1094](https://github.com/teutonet/teutonet-helm-charts/issues/1094)) ([f036735](https://github.com/teutonet/teutonet-helm-charts/commit/f0367357ef1890f32fb6555cb61fce427f46623b)) +* **ckan:** volume mount position one level up ([#1095](https://github.com/teutonet/teutonet-helm-charts/issues/1095)) ([a183662](https://github.com/teutonet/teutonet-helm-charts/commit/a18366281613bfa3ed72075c1e5df83f7d9e2e56)) + ## [1.1.4](https://github.com/teutonet/teutonet-helm-charts/compare/ckan-v1.1.3...ckan-v1.1.4) (2024-07-06) diff --git a/charts/ckan/Chart.lock b/charts/ckan/Chart.lock index 80bc1a76ba..efc489c437 100644 --- a/charts/ckan/Chart.lock +++ b/charts/ckan/Chart.lock @@ -1,15 +1,15 @@ dependencies: - name: common repository: oci://ghcr.io/teutonet/teutonet-helm-charts - version: 1.2.0 + version: 1.2.1 - name: postgresql repository: oci://registry-1.docker.io/bitnamicharts - version: 15.5.13 + version: 15.5.21 - name: redis repository: oci://registry-1.docker.io/bitnamicharts - version: 19.6.1 + version: 19.6.4 - name: solr repository: oci://registry-1.docker.io/bitnamicharts - version: 9.3.6 -digest: sha256:68eaed2a950f42890f5a4c9a7552cfc17cdd98e0132751737f88447fe1942e17 -generated: "2024-07-04T08:07:34.884871745Z" + version: 9.4.0 +digest: sha256:d01205944d8877ae56278f5933dd261903290bdf41dbf57145dfec937f348762 +generated: "2024-08-15T09:45:03.020555017Z" diff --git a/charts/ckan/Chart.yaml b/charts/ckan/Chart.yaml index bc70011a74..903f6b2416 100644 --- a/charts/ckan/Chart.yaml +++ b/charts/ckan/Chart.yaml @@ -1,22 +1,9 @@ apiVersion: v2 -name: ckan -type: application -version: 1.1.4 appVersion: 2.11.0 -maintainers: - - name: syeklu - email: sk@teuto.net - - name: cwrau - email: cwr@teuto.net - - name: marvinWolff - email: mw@teuto.net - - name: tasches - email: st@teuto.net -description: A Helm chart for Kubernetes dependencies: - name: common - version: 1.2.0 repository: oci://ghcr.io/teutonet/teutonet-helm-charts + version: 1.2.1 - condition: postgresql.enabled name: postgresql repository: oci://registry-1.docker.io/bitnamicharts @@ -29,3 +16,30 @@ dependencies: name: solr repository: oci://registry-1.docker.io/bitnamicharts version: 9.x.x +description: A Helm chart for Kubernetes +maintainers: + - email: sk@teuto.net + name: syeklu + - email: cwr@teuto.net + name: cwrau + - email: mw@teuto.net + name: marvinWolff + - email: st@teuto.net + name: tasches +name: ckan +sources: + - https://github.com/teutonet/teutonet-helm-charts/tree/ckan-v1.1.7/charts/ckan + - https://github.com/teutonet/teutonet-helm-charts/tree/main/charts/ckan +type: application +version: 1.1.7 +annotations: + artifacthub.io/images: | + - image: docker.io/bitnami/postgresql:16.4.0-debian-12-r2 # default/StatefulSet/ckan-postgresql-primary.yaml + - image: docker.io/bitnami/postgresql:16.4.0-debian-12-r2 # default/StatefulSet/ckan-postgresql-read.yaml + - image: docker.io/bitnami/redis:7.2.5-debian-12-r4 # default/StatefulSet/ckan-redis-master.yaml + - image: docker.io/bitnami/redis:7.2.5-debian-12-r4 # default/StatefulSet/ckan-redis-replicas.yaml + - image: docker.io/bitnami/zookeeper:3.9.2-debian-12-r10 # default/StatefulSet/ckan-zookeeper.yaml + - image: docker.io/busybox:1.36 # default/Deployment/ckan-ckan.yaml + - image: docker.io/ckan/ckan-base-datapusher:0.0.21@sha256:90e71b5a5fd6f1de99dd2dd1cac68990a813b21a0fff10e0eaef912f4a64f872 # default/Deployment/ckan-datapusher.yaml + - image: ghcr.io/teutonet/oci-images/ckan:1.0.2@sha256:793f8157c7bfaed2b2ddf98bc20e372852281720b76d975e0b6548501238ea12 # default/Deployment/ckan-ckan.yaml + - image: ghcr.io/teutonet/oci-images/solr-ckan:1.0.7@sha256:fa9824fe1f4bb50383df192bcd9b521b8ce04a6094e520b3318fbd66aea8fec4 # default/StatefulSet/ckan-solr.yaml diff --git a/charts/ckan/README.md b/charts/ckan/README.md new file mode 100644 index 0000000000..c1b400b090 --- /dev/null +++ b/charts/ckan/README.md @@ -0,0 +1,727 @@ +[modeline]: # ( vim: set ft=markdown: ) +# ckan + +![Version: 1.1.7](https://img.shields.io/badge/Version-1.1.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.11.0](https://img.shields.io/badge/AppVersion-2.11.0-informational?style=flat-square) + +A Helm chart for Kubernetes + +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| syeklu | | | +| cwrau | | | +| marvinWolff | | | +| tasches | | | + +# ckan configuration + +**Title:** ckan configuration + +| | | +| ------------------------- | --------------------------------------------------------------------------------------------------------------------------------- | +| **Type** | `object` | +| **Additional properties** | [![Any type: allowed](https://img.shields.io/badge/Any%20type-allowed-green)](# "Additional Properties of any type are allowed.") | + +| Property | Pattern | Type | Deprecated | Definition | Title/Description | +| ------------------------------ | ------- | ------ | ---------- | ---------- | ----------------- | +| - [global](#global ) | No | object | No | - | - | +| - [ckan](#ckan ) | No | object | No | - | - | +| - [datapuscher](#datapuscher ) | No | object | No | - | - | +| - [postgresql](#postgresql ) | No | object | No | - | - | +| - [redis](#redis ) | No | object | No | - | - | +| - [solr](#solr ) | No | object | No | - | - | + +## 1. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `ckan configuration > global` + +| | | +| ------------------------- | -------------------------------------------------------------------------------------------------------- | +| **Type** | `object` | +| **Additional properties** | [![Not allowed](https://img.shields.io/badge/Not%20allowed-red)](# "Additional Properties not allowed.") | + +| Property | Pattern | Type | Deprecated | Definition | Title/Description | +| ----------------------------------------------- | ------- | --------------- | ---------- | ----------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| - [imageRegistry](#global_imageRegistry ) | No | string | No | - | The global container image proxy, e.g. [Nexus](https://artifacthub.io/packages/helm/sonatype/nexus-repository-manager), this needs to support various registries | +| - [imagePullSecrets](#global_imagePullSecrets ) | No | array of object | No | - | - | +| - [storageClass](#global_storageClass ) | No | string | No | In #/$defs/storageClass | The storageClass to use for persistence, otherwise use the cluster default (e.g. teutostack-ssd) | + +### 1.1. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `ckan configuration > global > imageRegistry` + +| | | +| -------- | -------- | +| **Type** | `string` | + +**Description:** The global container image proxy, e.g. [Nexus](https://artifacthub.io/packages/helm/sonatype/nexus-repository-manager), this needs to support various registries + +**Example:** + +```yaml +nexus.teuto.net +``` + +### 1.2. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `ckan configuration > global > imagePullSecrets` + +| | | +| -------- | ----------------- | +| **Type** | `array of object` | + +| | Array restrictions | +| -------------------- | ------------------ | +| **Min items** | N/A | +| **Max items** | N/A | +| **Items unicity** | False | +| **Additional items** | False | +| **Tuple validation** | See below | + +| Each item of this array must be | Description | +| -------------------------------------------------------- | ----------- | +| [imagePullSecrets items](#global_imagePullSecrets_items) | - | + +#### 1.2.1. ckan configuration > global > imagePullSecrets > imagePullSecrets items + +| | | +| ------------------------- | -------------------------------------------------------------------------------------------------------- | +| **Type** | `object` | +| **Additional properties** | [![Not allowed](https://img.shields.io/badge/Not%20allowed-red)](# "Additional Properties not allowed.") | + +| Property | Pattern | Type | Deprecated | Definition | Title/Description | +| ---------------------------------------------- | ------- | ------ | ---------- | ---------- | ----------------- | +| - [name](#global_imagePullSecrets_items_name ) | No | string | No | - | - | + +##### 1.2.1.1. Property `ckan configuration > global > imagePullSecrets > imagePullSecrets items > name` + +| | | +| -------- | -------- | +| **Type** | `string` | + +### 1.3. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `ckan configuration > global > storageClass` + +| | | +| -------------- | -------------------- | +| **Type** | `string` | +| **Defined in** | #/$defs/storageClass | + +**Description:** The storageClass to use for persistence, otherwise use the cluster default (e.g. teutostack-ssd) + +## 2. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `ckan configuration > ckan` + +| | | +| ------------------------- | -------------------------------------------------------------------------------------------------------- | +| **Type** | `object` | +| **Additional properties** | [![Not allowed](https://img.shields.io/badge/Not%20allowed-red)](# "Additional Properties not allowed.") | + +| Property | Pattern | Type | Deprecated | Definition | Title/Description | +| ------------------------------------------------- | ------- | ------ | ---------- | ---------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| - [siteId](#ckan_siteId ) | No | string | No | - | The search index is linked to the value of the ckan.site_id, so if you have more than one CKAN instance using the same solr_url, they will each have a separate search index as long as their ckan.site_id values are different. | +| - [siteTitle](#ckan_siteTitle ) | No | string | No | - | This sets the name of the site, as displayed in the CKAN web interface. | +| - [plugins](#ckan_plugins ) | No | array | No | - | The enabled plugins in the Ckan instance. | +| - [datapusher](#ckan_datapusher ) | No | object | No | - | - | +| - [image](#ckan_image ) | No | object | No | In #/$defs/image | - | +| - [ingress](#ckan_ingress ) | No | object | No | - | - | +| - [persistence](#ckan_persistence ) | No | object | No | - | - | +| - [sysadmin](#ckan_sysadmin ) | No | object | No | - | - | +| - [smtp](#ckan_smtp ) | No | object | No | - | - | +| - [podSecurityContext](#ckan_podSecurityContext ) | No | object | No | - | - | +| - [securityContext](#ckan_securityContext ) | No | object | No | - | - | +| - [resources](#ckan_resources ) | No | object | No | - | - | +| - [readiness\|liveness](#ckan_pattern1 ) | Yes | object | No | - | - | + +### 2.1. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `ckan configuration > ckan > siteId` + +| | | +| -------- | -------- | +| **Type** | `string` | + +**Description:** The search index is linked to the value of the ckan.site_id, so if you have more than one CKAN instance using the same solr_url, they will each have a separate search index as long as their ckan.site_id values are different. + +### 2.2. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `ckan configuration > ckan > siteTitle` + +| | | +| -------- | -------- | +| **Type** | `string` | + +**Description:** This sets the name of the site, as displayed in the CKAN web interface. + +### 2.3. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `ckan configuration > ckan > plugins` + +| | | +| -------- | ------- | +| **Type** | `array` | + +**Description:** The enabled plugins in the Ckan instance. + +| | Array restrictions | +| -------------------- | ------------------ | +| **Min items** | N/A | +| **Max items** | N/A | +| **Items unicity** | False | +| **Additional items** | False | +| **Tuple validation** | See below | + +| Each item of this array must be | Description | +| ------------------------------------ | ----------- | +| [plugins items](#ckan_plugins_items) | - | + +#### 2.3.1. ckan configuration > ckan > plugins > plugins items + +| | | +| ------------------------- | --------------------------------------------------------------------------------------------------------------------------------- | +| **Type** | `object` | +| **Additional properties** | [![Any type: allowed](https://img.shields.io/badge/Any%20type-allowed-green)](# "Additional Properties of any type are allowed.") | + +### 2.4. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `ckan configuration > ckan > datapusher` + +| | | +| ------------------------- | -------------------------------------------------------------------------------------------------------- | +| **Type** | `object` | +| **Additional properties** | [![Not allowed](https://img.shields.io/badge/Not%20allowed-red)](# "Additional Properties not allowed.") | + +| Property | Pattern | Type | Deprecated | Definition | Title/Description | +| -------------------------------------- | ------- | ----- | ---------- | ---------- | --------------------------------------- | +| - [formats](#ckan_datapusher_formats ) | No | array | No | - | The enabled formats for the datapusher. | + +#### 2.4.1. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `ckan configuration > ckan > datapusher > formats` + +| | | +| -------- | ------- | +| **Type** | `array` | + +**Description:** The enabled formats for the datapusher. + +| | Array restrictions | +| -------------------- | ------------------ | +| **Min items** | N/A | +| **Max items** | N/A | +| **Items unicity** | False | +| **Additional items** | False | +| **Tuple validation** | See below | + +| Each item of this array must be | Description | +| ----------------------------------------------- | ----------- | +| [formats items](#ckan_datapusher_formats_items) | - | + +##### 2.4.1.1. ckan configuration > ckan > datapusher > formats > formats items + +| | | +| ------------------------- | --------------------------------------------------------------------------------------------------------------------------------- | +| **Type** | `object` | +| **Additional properties** | [![Any type: allowed](https://img.shields.io/badge/Any%20type-allowed-green)](# "Additional Properties of any type are allowed.") | + +### 2.5. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `ckan configuration > ckan > image` + +| | | +| ------------------------- | -------------------------------------------------------------------------------------------------------- | +| **Type** | `object` | +| **Additional properties** | [![Not allowed](https://img.shields.io/badge/Not%20allowed-red)](# "Additional Properties not allowed.") | +| **Defined in** | #/$defs/image | + +| Property | Pattern | Type | Deprecated | Definition | Title/Description | +| ----------------------------------------- | ------- | --------------- | ---------- | ---------------------- | ------------------------------ | +| - [registry](#ckan_image_registry ) | No | string | No | - | The host of the registry | +| - [pullPolicy](#ckan_image_pullPolicy ) | No | string | No | - | - | +| - [repository](#ckan_image_repository ) | No | string | No | - | The image path in the registry | +| - [tag](#ckan_image_tag ) | No | string | No | - | - | +| - [digest](#ckan_image_digest ) | No | string | No | - | - | +| - [pullSecrets](#ckan_image_pullSecrets ) | No | array of string | No | In #/$defs/pullSecrets | - | + +#### 2.5.1. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `ckan configuration > ckan > image > registry` + +| | | +| -------- | -------- | +| **Type** | `string` | + +**Description:** The host of the registry + +**Example:** + +```yaml +docker.io +``` + +#### 2.5.2. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `ckan configuration > ckan > image > pullPolicy` + +| | | +| -------- | -------- | +| **Type** | `string` | + +**Example:** + +```yaml +Always +``` + +#### 2.5.3. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `ckan configuration > ckan > image > repository` + +| | | +| -------- | -------- | +| **Type** | `string` | + +**Description:** The image path in the registry + +**Example:** + +```yaml +bitnami/kubectl +``` + +#### 2.5.4. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `ckan configuration > ckan > image > tag` + +| | | +| -------- | -------- | +| **Type** | `string` | + +#### 2.5.5. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `ckan configuration > ckan > image > digest` + +| | | +| -------- | -------- | +| **Type** | `string` | + +#### 2.5.6. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `ckan configuration > ckan > image > pullSecrets` + +| | | +| -------------- | ------------------- | +| **Type** | `array of string` | +| **Defined in** | #/$defs/pullSecrets | + +| | Array restrictions | +| -------------------- | ------------------ | +| **Min items** | N/A | +| **Max items** | N/A | +| **Items unicity** | False | +| **Additional items** | False | +| **Tuple validation** | See below | + +| Each item of this array must be | Description | +| -------------------------------------------------- | ----------- | +| [pullSecrets items](#ckan_image_pullSecrets_items) | - | + +##### 2.5.6.1. ckan configuration > ckan > image > pullSecrets > pullSecrets items + +| | | +| -------- | -------- | +| **Type** | `string` | + +### 2.6. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `ckan configuration > ckan > ingress` + +| | | +| ------------------------- | -------------------------------------------------------------------------------------------------------- | +| **Type** | `object` | +| **Additional properties** | [![Not allowed](https://img.shields.io/badge/Not%20allowed-red)](# "Additional Properties not allowed.") | + +| Property | Pattern | Type | Deprecated | Definition | Title/Description | +| ----------------------------------------------------- | ------- | ------- | ---------- | ---------- | ----------------- | +| - [ingressClassName](#ckan_ingress_ingressClassName ) | No | string | No | - | - | +| - [annotations](#ckan_ingress_annotations ) | No | object | No | - | - | +| - [hostname](#ckan_ingress_hostname ) | No | string | No | - | - | +| - [selfSigned](#ckan_ingress_selfSigned ) | No | boolean | No | - | - | +| - [tls](#ckan_ingress_tls ) | No | object | No | - | - | +| - [existingSecret](#ckan_ingress_existingSecret ) | No | string | No | - | - | + +#### 2.6.1. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `ckan configuration > ckan > ingress > ingressClassName` + +| | | +| -------- | -------- | +| **Type** | `string` | + +#### 2.6.2. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `ckan configuration > ckan > ingress > annotations` + +| | | +| ------------------------- | --------------------------------------------------------------------------------------------------------------------------------- | +| **Type** | `object` | +| **Additional properties** | [![Any type: allowed](https://img.shields.io/badge/Any%20type-allowed-green)](# "Additional Properties of any type are allowed.") | + +#### 2.6.3. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `ckan configuration > ckan > ingress > hostname` + +| | | +| -------- | -------- | +| **Type** | `string` | + +#### 2.6.4. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `ckan configuration > ckan > ingress > selfSigned` + +| | | +| -------- | --------- | +| **Type** | `boolean` | + +#### 2.6.5. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `ckan configuration > ckan > ingress > tls` + +| | | +| ------------------------- | --------------------------------------------------------------------------------------------------------------------------------- | +| **Type** | `object` | +| **Additional properties** | [![Any type: allowed](https://img.shields.io/badge/Any%20type-allowed-green)](# "Additional Properties of any type are allowed.") | + +| Property | Pattern | Type | Deprecated | Definition | Title/Description | +| ----------------------------------------------------- | ------- | ------ | ---------- | ---------- | ----------------- | +| - [existingSecret](#ckan_ingress_tls_existingSecret ) | No | string | No | - | - | + +##### 2.6.5.1. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `ckan configuration > ckan > ingress > tls > existingSecret` + +| | | +| -------- | -------- | +| **Type** | `string` | + +#### 2.6.6. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `ckan configuration > ckan > ingress > existingSecret` + +| | | +| -------- | -------- | +| **Type** | `string` | + +### 2.7. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `ckan configuration > ckan > persistence` + +| | | +| ------------------------- | -------------------------------------------------------------------------------------------------------- | +| **Type** | `object` | +| **Additional properties** | [![Not allowed](https://img.shields.io/badge/Not%20allowed-red)](# "Additional Properties not allowed.") | + +| Property | Pattern | Type | Deprecated | Definition | Title/Description | +| ------------------------------------------------- | ------- | ---------------- | ---------- | --------------------------------------------- | ------------------------------------------------------------------------------------------------ | +| - [accessMode](#ckan_persistence_accessMode ) | No | enum (of string) | No | - | - | +| - [storageClass](#ckan_persistence_storageClass ) | No | string | No | Same as [storageClass](#global_storageClass ) | The storageClass to use for persistence, otherwise use the cluster default (e.g. teutostack-ssd) | +| - [size](#ckan_persistence_size ) | No | object | No | In #/$defs/quantity | - | + +#### 2.7.1. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `ckan configuration > ckan > persistence > accessMode` + +| | | +| -------- | ------------------ | +| **Type** | `enum (of string)` | + +Must be one of: +* "ReadWriteOnce" +* "ReadOnlyMany" +* "ReadWriteMany" +* "ReadWriteOncePod" + +#### 2.7.2. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `ckan configuration > ckan > persistence > storageClass` + +| | | +| ---------------------- | ------------------------------------ | +| **Type** | `string` | +| **Same definition as** | [storageClass](#global_storageClass) | + +**Description:** The storageClass to use for persistence, otherwise use the cluster default (e.g. teutostack-ssd) + +#### 2.7.3. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `ckan configuration > ckan > persistence > size` + +| | | +| ------------------------- | --------------------------------------------------------------------------------------------------------------------------------- | +| **Type** | `object` | +| **Additional properties** | [![Any type: allowed](https://img.shields.io/badge/Any%20type-allowed-green)](# "Additional Properties of any type are allowed.") | +| **Defined in** | #/$defs/quantity | + +| One of(Option) | +| ----------------------------------------- | +| [item 0](#ckan_persistence_size_oneOf_i0) | +| [item 1](#ckan_persistence_size_oneOf_i1) | + +##### 2.7.3.1. Property `ckan configuration > ckan > persistence > size > oneOf > item 0` + +| | | +| -------- | -------- | +| **Type** | `string` | + +##### 2.7.3.2. Property `ckan configuration > ckan > persistence > size > oneOf > item 1` + +| | | +| -------- | -------- | +| **Type** | `number` | + +### 2.8. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `ckan configuration > ckan > sysadmin` + +| | | +| ------------------------- | -------------------------------------------------------------------------------------------------------- | +| **Type** | `object` | +| **Additional properties** | [![Not allowed](https://img.shields.io/badge/Not%20allowed-red)](# "Additional Properties not allowed.") | + +| Property | Pattern | Type | Deprecated | Definition | Title/Description | +| -------------------------------------- | ------- | ------ | ---------- | ---------------- | ----------------- | +| - [name](#ckan_sysadmin_name ) | No | string | No | - | - | +| - [password](#ckan_sysadmin_password ) | No | string | No | - | - | +| - [email](#ckan_sysadmin_email ) | No | object | No | In #/$defs/email | - | + +#### 2.8.1. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `ckan configuration > ckan > sysadmin > name` + +| | | +| -------- | -------- | +| **Type** | `string` | + +#### 2.8.2. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `ckan configuration > ckan > sysadmin > password` + +| | | +| -------- | -------- | +| **Type** | `string` | + +#### 2.8.3. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `ckan configuration > ckan > sysadmin > email` + +| | | +| ------------------------- | --------------------------------------------------------------------------------------------------------------------------------- | +| **Type** | `object` | +| **Additional properties** | [![Any type: allowed](https://img.shields.io/badge/Any%20type-allowed-green)](# "Additional Properties of any type are allowed.") | +| **Defined in** | #/$defs/email | + +| Restrictions | | +| --------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| **Must match regular expression** | ```(?:[a-z0-9!#$%&'*+/=?^_`{\|}~-]+(?:\.[a-z0-9!#$%&'*+/=?^_`{\|}~-]+)*\|"(?:[\x01-\x08\x0b\x0c\x0e-\x1f\x21\x23-\x5b\x5d-\x7f]\|\\[\x01-\x09\x0b\x0c\x0e-\x7f])*")@(?:(?:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\.)+[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\|\[(?:(2(5[0-5]\|[0-4][0-9])\|1[0-9][0-9]\|[1-9]?[0-9])\.){3}(?:(2(5[0-5]\|[0-4][0-9])\|1[0-9][0-9]\|[1-9]?[0-9])\|[a-z0-9-]*[a-z0-9]:(?:[\x01-\x08\x0b\x0c\x0e-\x1f\x21-\x5a\x53-\x7f]\|\\[\x01-\x09\x0b\x0c\x0e-\x7f])+)\])``` [Test](https://regex101.com/?regex=%28%3F%3A%5Ba-z0-9%21%23%24%25%26%27%2A%2B%2F%3D%3F%5E_%60%7B%7C%7D~-%5D%2B%28%3F%3A%5C.%5Ba-z0-9%21%23%24%25%26%27%2A%2B%2F%3D%3F%5E_%60%7B%7C%7D~-%5D%2B%29%2A%7C%22%28%3F%3A%5B%5Cx01-%5Cx08%5Cx0b%5Cx0c%5Cx0e-%5Cx1f%5Cx21%5Cx23-%5Cx5b%5Cx5d-%5Cx7f%5D%7C%5C%5C%5B%5Cx01-%5Cx09%5Cx0b%5Cx0c%5Cx0e-%5Cx7f%5D%29%2A%22%29%40%28%3F%3A%28%3F%3A%5Ba-z0-9%5D%28%3F%3A%5Ba-z0-9-%5D%2A%5Ba-z0-9%5D%29%3F%5C.%29%2B%5Ba-z0-9%5D%28%3F%3A%5Ba-z0-9-%5D%2A%5Ba-z0-9%5D%29%3F%7C%5C%5B%28%3F%3A%282%285%5B0-5%5D%7C%5B0-4%5D%5B0-9%5D%29%7C1%5B0-9%5D%5B0-9%5D%7C%5B1-9%5D%3F%5B0-9%5D%29%5C.%29%7B3%7D%28%3F%3A%282%285%5B0-5%5D%7C%5B0-4%5D%5B0-9%5D%29%7C1%5B0-9%5D%5B0-9%5D%7C%5B1-9%5D%3F%5B0-9%5D%29%7C%5Ba-z0-9-%5D%2A%5Ba-z0-9%5D%3A%28%3F%3A%5B%5Cx01-%5Cx08%5Cx0b%5Cx0c%5Cx0e-%5Cx1f%5Cx21-%5Cx5a%5Cx53-%5Cx7f%5D%7C%5C%5C%5B%5Cx01-%5Cx09%5Cx0b%5Cx0c%5Cx0e-%5Cx7f%5D%29%2B%29%5C%5D%29) | + +### 2.9. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `ckan configuration > ckan > smtp` + +| | | +| ------------------------- | -------------------------------------------------------------------------------------------------------- | +| **Type** | `object` | +| **Additional properties** | [![Not allowed](https://img.shields.io/badge/Not%20allowed-red)](# "Additional Properties not allowed.") | + +| Property | Pattern | Type | Deprecated | Definition | Title/Description | +| ---------------------------------- | ------- | ------- | ---------- | -------------------------------------- | ----------------- | +| - [server](#ckan_smtp_server ) | No | string | No | - | - | +| - [user](#ckan_smtp_user ) | No | string | No | - | - | +| - [password](#ckan_smtp_password ) | No | string | No | - | - | +| - [mailFrom](#ckan_smtp_mailFrom ) | No | object | No | Same as [email](#ckan_sysadmin_email ) | - | +| - [starttls](#ckan_smtp_starttls ) | No | boolean | No | - | - | + +#### 2.9.1. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `ckan configuration > ckan > smtp > server` + +| | | +| -------- | -------- | +| **Type** | `string` | + +#### 2.9.2. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `ckan configuration > ckan > smtp > user` + +| | | +| -------- | -------- | +| **Type** | `string` | + +#### 2.9.3. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `ckan configuration > ckan > smtp > password` + +| | | +| -------- | -------- | +| **Type** | `string` | + +#### 2.9.4. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `ckan configuration > ckan > smtp > mailFrom` + +| | | +| ------------------------- | --------------------------------------------------------------------------------------------------------------------------------- | +| **Type** | `object` | +| **Additional properties** | [![Any type: allowed](https://img.shields.io/badge/Any%20type-allowed-green)](# "Additional Properties of any type are allowed.") | +| **Same definition as** | [email](#ckan_sysadmin_email) | + +#### 2.9.5. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `ckan configuration > ckan > smtp > starttls` + +| | | +| -------- | --------- | +| **Type** | `boolean` | + +### 2.10. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `ckan configuration > ckan > podSecurityContext` + +| | | +| ------------------------- | --------------------------------------------------------------------------------------------------------------------------------- | +| **Type** | `object` | +| **Additional properties** | [![Any type: allowed](https://img.shields.io/badge/Any%20type-allowed-green)](# "Additional Properties of any type are allowed.") | + +### 2.11. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `ckan configuration > ckan > securityContext` + +| | | +| ------------------------- | --------------------------------------------------------------------------------------------------------------------------------- | +| **Type** | `object` | +| **Additional properties** | [![Any type: allowed](https://img.shields.io/badge/Any%20type-allowed-green)](# "Additional Properties of any type are allowed.") | + +### 2.12. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `ckan configuration > ckan > resources` + +| | | +| ------------------------- | --------------------------------------------------------------------------------------------------------------------------------- | +| **Type** | `object` | +| **Additional properties** | [![Any type: allowed](https://img.shields.io/badge/Any%20type-allowed-green)](# "Additional Properties of any type are allowed.") | + +### 2.13. ![Optional](https://img.shields.io/badge/Optional-yellow) Pattern Property `ckan configuration > ckan > readiness\|liveness` +> All properties whose name matches the regular expression +```readiness|liveness``` ([Test](https://regex101.com/?regex=readiness%7Cliveness)) +must respect the following conditions + +| | | +| ------------------------- | -------------------------------------------------------------------------------------------------------- | +| **Type** | `object` | +| **Additional properties** | [![Not allowed](https://img.shields.io/badge/Not%20allowed-red)](# "Additional Properties not allowed.") | + +| Property | Pattern | Type | Deprecated | Definition | Title/Description | +| ------------------------------------------------------------ | ------- | ------- | ---------- | ---------- | ----------------- | +| - [initialDelaySeconds](#ckan_pattern1_initialDelaySeconds ) | No | integer | No | - | - | +| - [periodSeconds](#ckan_pattern1_periodSeconds ) | No | integer | No | - | - | +| - [failureThreshold](#ckan_pattern1_failureThreshold ) | No | integer | No | - | - | +| - [timeoutSeconds](#ckan_pattern1_timeoutSeconds ) | No | integer | No | - | - | + +#### 2.13.1. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `ckan configuration > ckan > readiness\|liveness > initialDelaySeconds` + +| | | +| -------- | --------- | +| **Type** | `integer` | + +#### 2.13.2. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `ckan configuration > ckan > readiness\|liveness > periodSeconds` + +| | | +| -------- | --------- | +| **Type** | `integer` | + +#### 2.13.3. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `ckan configuration > ckan > readiness\|liveness > failureThreshold` + +| | | +| -------- | --------- | +| **Type** | `integer` | + +#### 2.13.4. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `ckan configuration > ckan > readiness\|liveness > timeoutSeconds` + +| | | +| -------- | --------- | +| **Type** | `integer` | + +## 3. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `ckan configuration > datapuscher` + +| | | +| ------------------------- | -------------------------------------------------------------------------------------------------------- | +| **Type** | `object` | +| **Additional properties** | [![Not allowed](https://img.shields.io/badge/Not%20allowed-red)](# "Additional Properties not allowed.") | + +| Property | Pattern | Type | Deprecated | Definition | Title/Description | +| -------------------------------------------------------- | ------- | ------ | ---------- | ----------------------------- | ----------------- | +| - [image](#datapuscher_image ) | No | object | No | Same as [image](#ckan_image ) | - | +| - [podSecurityContext](#datapuscher_podSecurityContext ) | No | object | No | - | - | +| - [securityContext](#datapuscher_securityContext ) | No | object | No | - | - | +| - [resources](#datapuscher_resources ) | No | object | No | - | - | + +### 3.1. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `ckan configuration > datapuscher > image` + +| | | +| ------------------------- | -------------------------------------------------------------------------------------------------------- | +| **Type** | `object` | +| **Additional properties** | [![Not allowed](https://img.shields.io/badge/Not%20allowed-red)](# "Additional Properties not allowed.") | +| **Same definition as** | [image](#ckan_image) | + +### 3.2. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `ckan configuration > datapuscher > podSecurityContext` + +| | | +| ------------------------- | --------------------------------------------------------------------------------------------------------------------------------- | +| **Type** | `object` | +| **Additional properties** | [![Any type: allowed](https://img.shields.io/badge/Any%20type-allowed-green)](# "Additional Properties of any type are allowed.") | + +### 3.3. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `ckan configuration > datapuscher > securityContext` + +| | | +| ------------------------- | --------------------------------------------------------------------------------------------------------------------------------- | +| **Type** | `object` | +| **Additional properties** | [![Any type: allowed](https://img.shields.io/badge/Any%20type-allowed-green)](# "Additional Properties of any type are allowed.") | + +### 3.4. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `ckan configuration > datapuscher > resources` + +| | | +| ------------------------- | --------------------------------------------------------------------------------------------------------------------------------- | +| **Type** | `object` | +| **Additional properties** | [![Any type: allowed](https://img.shields.io/badge/Any%20type-allowed-green)](# "Additional Properties of any type are allowed.") | + +## 4. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `ckan configuration > postgresql` + +| | | +| ------------------------- | --------------------------------------------------------------------------------------------------------------------------------- | +| **Type** | `object` | +| **Additional properties** | [![Any type: allowed](https://img.shields.io/badge/Any%20type-allowed-green)](# "Additional Properties of any type are allowed.") | + +| Property | Pattern | Type | Deprecated | Definition | Title/Description | +| --------------------------------- | ------- | ------- | ---------- | ---------- | ----------------- | +| - [enabled](#postgresql_enabled ) | No | boolean | No | - | - | +| - [ckanDbs](#postgresql_ckanDbs ) | No | object | No | - | - | + +### 4.1. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `ckan configuration > postgresql > enabled` + +| | | +| -------- | --------- | +| **Type** | `boolean` | + +### 4.2. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `ckan configuration > postgresql > ckanDbs` + +| | | +| ------------------------- | --------------------------------------------------------------------------------------------------------------------------------- | +| **Type** | `object` | +| **Additional properties** | [![Any type: allowed](https://img.shields.io/badge/Any%20type-allowed-green)](# "Additional Properties of any type are allowed.") | + +| Property | Pattern | Type | Deprecated | Definition | Title/Description | +| ----------------------------------------------------------------- | ------- | ------ | ---------- | ---------- | ----------------- | +| - [postgresPassword](#postgresql_ckanDbs_postgresPassword ) | No | string | No | - | - | +| - [replicationPassword](#postgresql_ckanDbs_replicationPassword ) | No | string | No | - | - | +| - [datastore\|datapusher\|ckan](#postgresql_ckanDbs_pattern1 ) | Yes | object | No | - | - | + +#### 4.2.1. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `ckan configuration > postgresql > ckanDbs > postgresPassword` + +| | | +| -------- | -------- | +| **Type** | `string` | + +#### 4.2.2. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `ckan configuration > postgresql > ckanDbs > replicationPassword` + +| | | +| -------- | -------- | +| **Type** | `string` | + +#### 4.2.3. ![Optional](https://img.shields.io/badge/Optional-yellow) Pattern Property `ckan configuration > postgresql > ckanDbs > datastore\|datapusher\|ckan` +> All properties whose name matches the regular expression +```datastore|datapusher|ckan``` ([Test](https://regex101.com/?regex=datastore%7Cdatapusher%7Cckan)) +must respect the following conditions + +| | | +| ------------------------- | -------------------------------------------------------------------------------------------------------- | +| **Type** | `object` | +| **Additional properties** | [![Not allowed](https://img.shields.io/badge/Not%20allowed-red)](# "Additional Properties not allowed.") | + +| Property | Pattern | Type | Deprecated | Definition | Title/Description | +| ---------------------------------------------------- | ------- | ------ | ---------- | ---------- | ----------------- | +| - [username](#postgresql_ckanDbs_pattern1_username ) | No | string | No | - | - | +| - [password](#postgresql_ckanDbs_pattern1_password ) | No | string | No | - | - | +| - [db](#postgresql_ckanDbs_pattern1_db ) | No | string | No | - | - | + +##### 4.2.3.1. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `ckan configuration > postgresql > ckanDbs > datastore\|datapusher\|ckan > username` + +| | | +| -------- | -------- | +| **Type** | `string` | + +##### 4.2.3.2. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `ckan configuration > postgresql > ckanDbs > datastore\|datapusher\|ckan > password` + +| | | +| -------- | -------- | +| **Type** | `string` | + +##### 4.2.3.3. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `ckan configuration > postgresql > ckanDbs > datastore\|datapusher\|ckan > db` + +| | | +| -------- | -------- | +| **Type** | `string` | + +## 5. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `ckan configuration > redis` + +| | | +| ------------------------- | --------------------------------------------------------------------------------------------------------------------------------- | +| **Type** | `object` | +| **Additional properties** | [![Any type: allowed](https://img.shields.io/badge/Any%20type-allowed-green)](# "Additional Properties of any type are allowed.") | + +| Property | Pattern | Type | Deprecated | Definition | Title/Description | +| ---------------------------- | ------- | ------- | ---------- | ---------- | ----------------- | +| - [enabled](#redis_enabled ) | No | boolean | No | - | - | + +### 5.1. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `ckan configuration > redis > enabled` + +| | | +| -------- | --------- | +| **Type** | `boolean` | + +## 6. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `ckan configuration > solr` + +| | | +| ------------------------- | --------------------------------------------------------------------------------------------------------------------------------- | +| **Type** | `object` | +| **Additional properties** | [![Any type: allowed](https://img.shields.io/badge/Any%20type-allowed-green)](# "Additional Properties of any type are allowed.") | + +| Property | Pattern | Type | Deprecated | Definition | Title/Description | +| --------------------------- | ------- | ------- | ---------- | ---------- | ----------------- | +| - [enabled](#solr_enabled ) | No | boolean | No | - | - | + +### 6.1. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `ckan configuration > solr > enabled` + +| | | +| -------- | --------- | +| **Type** | `boolean` | + +---------------------------------------------------------------------------------------------------------------------------- diff --git a/charts/ckan/templates/_helpers.tpl b/charts/ckan/templates/_helpers.tpl index cd4c284c52..7058343543 100644 --- a/charts/ckan/templates/_helpers.tpl +++ b/charts/ckan/templates/_helpers.tpl @@ -24,4 +24,8 @@ {{- define "ckan.redis.fullname" -}} {{- include "common.names.dependency.fullname" (dict "chartName" "redis" "chartValues" .Values.redis "context" $) -}} -{{- end -}} \ No newline at end of file +{{- end -}} + +{{- define "ckan.defaultRegistry" -}} +docker.io +{{- end -}} diff --git a/charts/ckan/templates/ckan/deployment.yaml b/charts/ckan/templates/ckan/deployment.yaml index 2abcd9513c..7af097e38d 100644 --- a/charts/ckan/templates/ckan/deployment.yaml +++ b/charts/ckan/templates/ckan/deployment.yaml @@ -29,6 +29,16 @@ spec: claimName: {{ $claimName }} securityContext: {{- toYaml .Values.ckan.podSecurityContext | default dict | nindent 8 }} + {{ if .Values.ckan.persistence -}} + initContainers: + - name: set-volume-ownsership + image: {{ printf "%s/busybox" ($.Values.global.imageRegistry | default (include "ckan.defaultRegistry" (dict))) }}:1.36 + command: ["sh", "-c", "chown -R 92:92 /var/lib/ckan"] # 92 is the uid and gid of ckan user/group + volumeMounts: + - name: ckan + mountPath: /var/lib/ckan + readOnly: false + {{ end }} containers: - name: {{ printf "%s-%s" .Chart.Name $name }} env: @@ -135,6 +145,8 @@ spec: value: "redis://{{ printf "%s-%s" (include "ckan.redis.fullname" . ) "headless" }}:{{ include "ckan.redis.service.port" $}}/0" - name: CKAN_DATAPUSHER_URL value: "http://{{ printf "%s-%s" (include "common.names.fullname" $) "datapusher" }}:{{ include "ckan.datapusher.service.port" $ }}" + - name: CKAN_DATAPUSHER_FORMATS + value: {{ .Values.ckan.datapusher.formats | join " " | quote }} - name: CKAN__DATAPUSHER__CALLBACK_URL_BASE value: "http://{{ printf "%s-%s" (include "common.names.fullname" $) "ckan" }}:{{ include "ckan.ckan.service.port" $ }}/" - name: CKAN__PLUGINS @@ -161,7 +173,7 @@ spec: imagePullPolicy: {{ .Values.ckan.image.pullPolicy }} volumeMounts: - name: "ckan" - mountPath: /var/lib/ckan/default + mountPath: /var/lib/ckan readOnly: false ports: - name: http diff --git a/charts/ckan/templates/datapusher/deployment.yaml b/charts/ckan/templates/datapusher/deployment.yaml index c057c4a859..e140cf1406 100644 --- a/charts/ckan/templates/datapusher/deployment.yaml +++ b/charts/ckan/templates/datapusher/deployment.yaml @@ -32,7 +32,7 @@ spec: # value: "postgresql://{{ .Values.postgresql.auth.username }}:{{ .Values.postgresql.auth.password }}@main-postgresql/{{ .Values.postgresql.auth.database}}" securityContext: {{- toYaml .Values.datapusher.securityContext | default dict | nindent 12 }} - image: {{ include "common.images.image" (dict "imageRoot" .Values.datapusher.image "global" .Values.global) }} + image: {{ printf "%s/%s" ($.Values.global.imageRegistry | default (include "ckan.defaultRegistry" (dict))) (include "common.images.image" (dict "imageRoot" .Values.datapusher.image "global" .Values.global)) }} imagePullPolicy: {{ .Values.datapusher.image.pullPolicy }} ports: - name: datapusher diff --git a/charts/ckan/values.schema.json b/charts/ckan/values.schema.json index 6f590cae91..6a36365a3b 100644 --- a/charts/ckan/values.schema.json +++ b/charts/ckan/values.schema.json @@ -72,6 +72,21 @@ }, "description": "The enabled plugins in the Ckan instance." }, + "datapusher": { + "type": "object", + "additionalProperties": false, + "properties": { + "formats": { + "type": "array", + "items": { + "items": { + "type": "string" + } + }, + "description": "The enabled formats for the datapusher." + } + } + }, "image": { "$ref": "#/$defs/image" }, diff --git a/charts/ckan/values.yaml b/charts/ckan/values.yaml index 8565778102..98179c47f6 100644 --- a/charts/ckan/values.yaml +++ b/charts/ckan/values.yaml @@ -33,6 +33,17 @@ ckan: - recline_view - datastore - datapusher + datapusher: + formats: + - csv + - xls + - xlsx + - tsv + - application/csv + - application/vnd.ms-excel + - application/vnd.openxmlformats-officedocument.spreadsheetml.sheet + - ods + - application/vnd.oasis.opendocument.spreadsheet image: registry: "ghcr.io" pullPolicy: IfNotPresent @@ -177,11 +188,9 @@ solr: pullPolicy: IfNotPresent pullSecrets: [] repository: teutonet/oci-images/solr-ckan - tag: 1.0.4@sha256:39387d06a72b24ee493f8d06cd5a1c800a9230ed78652481433760b649aefa04 + tag: 1.0.7@sha256:fa9824fe1f4bb50383df192bcd9b521b8ce04a6094e520b3318fbd66aea8fec4 digest: "" extraEnvVars: - - name: SOLR_CORE_CONF_DIR - value: /opt/bitnami/solr/server/solr/configsets/ckan/conf - name: SOLR_ADMIN_USERNAME valueFrom: secretKeyRef: @@ -189,15 +198,14 @@ solr: key: solrUsername coreNames: - ckan + collection: ckan auth: enabled: true adminPassword: "" adminUsername: "" existingSecret: '{{ printf "%s-config" (include "common.names.fullname" .) }}' existingSecretPasswordKey: solrPassword - cloudEnabled: false - cloudBootstrap: false - collectionReplicas: 1 + collectionReplicas: 2 replicaCount: 2 zookeeper: - replicaCount: 2 + replicaCount: 3 diff --git a/charts/common/CHANGELOG.md b/charts/common/CHANGELOG.md index e55bbeb636..be1587917e 100644 --- a/charts/common/CHANGELOG.md +++ b/charts/common/CHANGELOG.md @@ -1,5 +1,14 @@ # Changelog +## [1.2.1](https://github.com/teutonet/teutonet-helm-charts/compare/common-v1.2.0...common-v1.2.1) (2024-08-07) + + +### Miscellaneous Chores + +* **common/dependencies:** update helm release common to v2.19.3 ([#973](https://github.com/teutonet/teutonet-helm-charts/issues/973)) ([0187a4a](https://github.com/teutonet/teutonet-helm-charts/commit/0187a4aff3330b08f43ff6271d674e091f90df27)) +* **common/dependencies:** update helm release common to v2.21.0 ([#1017](https://github.com/teutonet/teutonet-helm-charts/issues/1017)) ([edfeb09](https://github.com/teutonet/teutonet-helm-charts/commit/edfeb09ebe30659b97329d46fb554c883a220ac0)) +* **common:** improve developer experience by providing tab-completion ([#1004](https://github.com/teutonet/teutonet-helm-charts/issues/1004)) ([4785b0f](https://github.com/teutonet/teutonet-helm-charts/commit/4785b0f4c1a48a7f15ec8d4f5b62282811e14429)) + ## [1.2.0](https://github.com/teutonet/teutonet-helm-charts/compare/common-v1.1.0...common-v1.2.0) (2024-07-01) diff --git a/charts/common/Chart.lock b/charts/common/Chart.lock index 0f703f5a53..56e49c4f93 100644 --- a/charts/common/Chart.lock +++ b/charts/common/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: https://charts.bitnami.com/bitnami - version: 2.19.3 -digest: sha256:36a2d7a18cf72d42de13bc15c355cd1385192e7fc63cfb10e406dbbfee4542e6 -generated: "2024-07-01T09:43:11.115187101Z" + version: 2.21.0 +digest: sha256:42bcef987304d71448f72472d8af4340a2713aa28a78e37da89bf51f23047d66 +generated: "2024-08-07T01:00:42.538214459Z" diff --git a/charts/common/Chart.yaml b/charts/common/Chart.yaml index 748dcdf2d8..8ac02c8bc9 100644 --- a/charts/common/Chart.yaml +++ b/charts/common/Chart.yaml @@ -1,16 +1,19 @@ apiVersion: v2 -name: common -description: A library chart for common resources -type: library -version: 1.2.0 -maintainers: - - name: cwrau - email: cwr@teuto.net - - name: marvinWolff - email: mw@teuto.net - - name: tasches - email: st@teuto.net dependencies: - name: common - version: 2.19.3 repository: https://charts.bitnami.com/bitnami + version: 2.21.0 +description: A library chart for common resources +maintainers: + - email: cwr@teuto.net + name: cwrau + - email: mw@teuto.net + name: marvinWolff + - email: st@teuto.net + name: tasches +name: common +sources: + - https://github.com/teutonet/teutonet-helm-charts/tree/common-v1.2.1/charts/common + - https://github.com/teutonet/teutonet-helm-charts/tree/main/charts/common +type: library +version: 1.2.1 diff --git a/charts/common/README.md b/charts/common/README.md index 30efc46e05..82db982a5a 100644 --- a/charts/common/README.md +++ b/charts/common/README.md @@ -1,7 +1,7 @@ [modeline]: # ( vim: set ft=markdown: ) # common -![Version: 1.2.0](https://img.shields.io/badge/Version-1.2.0-informational?style=flat-square) ![Type: library](https://img.shields.io/badge/Type-library-informational?style=flat-square) +![Version: 1.2.1](https://img.shields.io/badge/Version-1.2.1-informational?style=flat-square) ![Type: library](https://img.shields.io/badge/Type-library-informational?style=flat-square) A library chart for common resources diff --git a/charts/t8s-cluster/CHANGELOG.md b/charts/t8s-cluster/CHANGELOG.md index 4c89f5f16e..aec5c54248 100644 --- a/charts/t8s-cluster/CHANGELOG.md +++ b/charts/t8s-cluster/CHANGELOG.md @@ -1,5 +1,49 @@ # Changelog +## [8.3.2](https://github.com/teutonet/teutonet-helm-charts/compare/t8s-cluster-v8.3.1...t8s-cluster-v8.3.2) (2024-08-09) + + +### Bug Fixes + +* **t8s-cluster/management-cluster:** replace `remove` with `add` `remove` doesn't work when the `path` doesn't exist 🤦 ([#1088](https://github.com/teutonet/teutonet-helm-charts/issues/1088)) ([850e3fd](https://github.com/teutonet/teutonet-helm-charts/commit/850e3fdcb17a1c0e6b8f1765825140f69b11f90d)) + + +### Miscellaneous Chores + +* **t8s-cluster/dependencies:** update common docker tag to v1.2.1 ([#1081](https://github.com/teutonet/teutonet-helm-charts/issues/1081)) ([88de484](https://github.com/teutonet/teutonet-helm-charts/commit/88de4843d045d0bd38fb75580fce8f5ead24ec36)) + +## [8.3.1](https://github.com/teutonet/teutonet-helm-charts/compare/t8s-cluster-v8.3.0...t8s-cluster-v8.3.1) (2024-08-09) + + +### Bug Fixes + +* **t8s-cluster/management-cluster:** clean old config before applying new one if the old one stay, they might be incompatible now 🙄 ([#1087](https://github.com/teutonet/teutonet-helm-charts/issues/1087)) ([9ebc0ec](https://github.com/teutonet/teutonet-helm-charts/commit/9ebc0ecca3d6a6ee83766a293f7953d96b06a5a9)) + +## [8.3.0](https://github.com/teutonet/teutonet-helm-charts/compare/t8s-cluster-v8.2.0...t8s-cluster-v8.3.0) (2024-08-08) + + +### Features + +* **t8s-cluster:** add support for HCP ([#962](https://github.com/teutonet/teutonet-helm-charts/issues/962)) ([4307b0b](https://github.com/teutonet/teutonet-helm-charts/commit/4307b0b5e4deb99698db563b1dca47b427fd8803)) + +## [8.2.0](https://github.com/teutonet/teutonet-helm-charts/compare/t8s-cluster-v8.1.0...t8s-cluster-v8.2.0) (2024-08-02) + + +### Features + +* **t8s-cluster/workload-cluster:** latch onto legacy cni when used ([#1039](https://github.com/teutonet/teutonet-helm-charts/issues/1039)) ([3513061](https://github.com/teutonet/teutonet-helm-charts/commit/35130617c43764f2d4072ee79648f54c119c5e28)) +* **t8s-cluster/workload-cluster:** skip component uninstall ([#1042](https://github.com/teutonet/teutonet-helm-charts/issues/1042)) ([139ac22](https://github.com/teutonet/teutonet-helm-charts/commit/139ac22f38ce2e701e646bf560c4a5cf82eaa74b)) + + +### Bug Fixes + +* **t8s-cluster:** use correct condition to include cilium helmrepository ([#1054](https://github.com/teutonet/teutonet-helm-charts/issues/1054)) ([0d1f7f8](https://github.com/teutonet/teutonet-helm-charts/commit/0d1f7f86c0461551f35785d7a16cb163aa8704a4)) + + +### Miscellaneous Chores + +* **t8s-cluster:** cleanup random stuff ([#1040](https://github.com/teutonet/teutonet-helm-charts/issues/1040)) ([d75da99](https://github.com/teutonet/teutonet-helm-charts/commit/d75da996cd287f49b64ccc4137f81acdd3aaa434)) + ## [8.1.0](https://github.com/teutonet/teutonet-helm-charts/compare/t8s-cluster-v8.0.0...t8s-cluster-v8.1.0) (2024-07-12) diff --git a/charts/t8s-cluster/Chart.lock b/charts/t8s-cluster/Chart.lock index 032941c1da..9aaeac47bd 100644 --- a/charts/t8s-cluster/Chart.lock +++ b/charts/t8s-cluster/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: oci://ghcr.io/teutonet/teutonet-helm-charts - version: 1.2.0 -digest: sha256:62ef92fb03b60b1bf481b96b8b856f3b3156c10cc50a50e3604c8b679ef71497 -generated: "2024-07-03T12:44:21.250177744Z" + version: 1.2.1 +digest: sha256:9be2400cd3e698513c28d0cd2044da55a9e3f99eb3278a1eb5827b44178d8cc2 +generated: "2024-08-09T14:47:12.683688032Z" diff --git a/charts/t8s-cluster/Chart.yaml b/charts/t8s-cluster/Chart.yaml index ee0cb639b8..993eb8dedb 100644 --- a/charts/t8s-cluster/Chart.yaml +++ b/charts/t8s-cluster/Chart.yaml @@ -1,33 +1,40 @@ apiVersion: v2 -name: t8s-cluster -type: application -version: 8.1.0 -icon: https://teuto.net/favicon.ico -maintainers: - - name: cwrau - email: cwr@teuto.net - - name: marvinWolff - email: mw@teuto.net - - name: tasches - email: st@teuto.net -sources: - - https://github.com/teutonet/teutonet-helm-charts -home: https://teuto.net -description: t8s-operator cluster with necessary addons dependencies: - name: common - version: 1.2.0 repository: oci://ghcr.io/teutonet/teutonet-helm-charts + version: 1.2.1 +description: t8s-operator cluster with necessary addons +home: https://teuto.net +icon: https://teuto.net/favicon.ico +maintainers: + - email: cwr@teuto.net + name: cwrau + - email: mw@teuto.net + name: marvinWolff + - email: st@teuto.net + name: tasches +name: t8s-cluster +sources: + - https://github.com/teutonet/teutonet-helm-charts/tree/t8s-cluster-v8.3.2/charts/t8s-cluster + - https://github.com/teutonet/teutonet-helm-charts/tree/main/charts/t8s-cluster +type: application +version: 8.3.2 annotations: artifacthub.io/images: | - - image: k8s.gcr.io/sig-storage/csi-attacher:v3.4.0 # default/HelmRelease/t8s-cluster-csi/kube-system/Deployment/openstack-cinder-csi-controllerplugin.yaml - - image: k8s.gcr.io/sig-storage/csi-node-driver-registrar:v2.5.0 # default/HelmRelease/t8s-cluster-csi/kube-system/DaemonSet/openstack-cinder-csi-nodeplugin.yaml - - image: k8s.gcr.io/sig-storage/csi-provisioner:v3.1.0 # default/HelmRelease/t8s-cluster-csi/kube-system/Deployment/openstack-cinder-csi-controllerplugin.yaml - - image: k8s.gcr.io/sig-storage/csi-resizer:v1.4.0 # default/HelmRelease/t8s-cluster-csi/kube-system/Deployment/openstack-cinder-csi-controllerplugin.yaml - - image: k8s.gcr.io/sig-storage/csi-snapshotter:v5.0.1 # default/HelmRelease/t8s-cluster-csi/kube-system/Deployment/openstack-cinder-csi-controllerplugin.yaml - - image: k8s.gcr.io/sig-storage/livenessprobe:v2.6.0 # default/HelmRelease/t8s-cluster-csi/kube-system/DaemonSet/openstack-cinder-csi-nodeplugin.yaml - - image: k8s.gcr.io/sig-storage/livenessprobe:v2.6.0 # default/HelmRelease/t8s-cluster-csi/kube-system/Deployment/openstack-cinder-csi-controllerplugin.yaml - - image: registry.k8s.io/etcd:3.5.14-0@sha256:661a9ab3d439dcf93593726a9ecbefa44e246709aa813a95d64c3848716710ce # default/HelmRelease/t8s-cluster-etcd-defrag/kube-system/CronJob/kube-etcd-defrag.yaml - - image: registry.k8s.io/provider-os/cinder-csi-plugin:v1.25.6 # default/HelmRelease/t8s-cluster-csi/kube-system/DaemonSet/openstack-cinder-csi-nodeplugin.yaml - - image: registry.k8s.io/provider-os/cinder-csi-plugin:v1.25.6 # default/HelmRelease/t8s-cluster-csi/kube-system/Deployment/openstack-cinder-csi-controllerplugin.yaml - - image: registry.k8s.io/provider-os/openstack-cloud-controller-manager:v1.25.6 # default/HelmRelease/t8s-cluster-ccm/kube-system/DaemonSet/openstack-cloud-controller-manager.yaml + - image: k8s.gcr.io/sig-storage/csi-attacher:v3.4.0 # default/HelmRelease/t8s-cluster-csi/kube-system/Deployment/openstack-cinder-csi-controllerplugin.yaml + - image: k8s.gcr.io/sig-storage/csi-node-driver-registrar:v2.5.0 # default/HelmRelease/t8s-cluster-csi/kube-system/DaemonSet/openstack-cinder-csi-nodeplugin.yaml + - image: k8s.gcr.io/sig-storage/csi-provisioner:v3.1.0 # default/HelmRelease/t8s-cluster-csi/kube-system/Deployment/openstack-cinder-csi-controllerplugin.yaml + - image: k8s.gcr.io/sig-storage/csi-resizer:v1.4.0 # default/HelmRelease/t8s-cluster-csi/kube-system/Deployment/openstack-cinder-csi-controllerplugin.yaml + - image: k8s.gcr.io/sig-storage/csi-snapshotter:v5.0.1 # default/HelmRelease/t8s-cluster-csi/kube-system/Deployment/openstack-cinder-csi-controllerplugin.yaml + - image: k8s.gcr.io/sig-storage/livenessprobe:v2.6.0 # default/HelmRelease/t8s-cluster-csi/kube-system/DaemonSet/openstack-cinder-csi-nodeplugin.yaml + - image: k8s.gcr.io/sig-storage/livenessprobe:v2.6.0 # default/HelmRelease/t8s-cluster-csi/kube-system/Deployment/openstack-cinder-csi-controllerplugin.yaml + - image: quay.io/cilium/cilium-envoy:v1.29.7-39a2a56bbd5b3a591f69dbca51d3e30ef97e0e51@sha256:bd5ff8c66716080028f414ec1cb4f7dc66f40d2fb5a009fff187f4a9b90b566b # default/HelmRelease/t8s-cluster-cni/kube-system/DaemonSet/cilium-envoy.yaml + - image: quay.io/cilium/cilium:v1.16.1@sha256:0b4a3ab41a4760d86b7fc945b8783747ba27f29dac30dd434d94f2c9e3679f39 # default/HelmRelease/t8s-cluster-cni/kube-system/DaemonSet/cilium.yaml + - image: quay.io/cilium/hubble-relay:v1.16.1@sha256:2e1b4c739a676ae187d4c2bfc45c3e865bda2567cc0320a90cb666657fcfcc35 # default/HelmRelease/t8s-cluster-cni/kube-system/Deployment/hubble-relay.yaml + - image: quay.io/cilium/hubble-ui-backend:v0.13.1@sha256:0e0eed917653441fded4e7cdb096b7be6a3bddded5a2dd10812a27b1fc6ed95b # default/HelmRelease/t8s-cluster-cni/kube-system/Deployment/hubble-ui.yaml + - image: quay.io/cilium/hubble-ui:v0.13.1@sha256:e2e9313eb7caf64b0061d9da0efbdad59c6c461f6ca1752768942bfeda0796c6 # default/HelmRelease/t8s-cluster-cni/kube-system/Deployment/hubble-ui.yaml + - image: quay.io/cilium/operator-generic:v1.16.1@sha256:3bc7e7a43bc4a4d8989cb7936c5d96675dd2d02c306adf925ce0a7c35aa27dc4 # default/HelmRelease/t8s-cluster-cni/kube-system/Deployment/cilium-operator.yaml + - image: registry.k8s.io/etcd:3.5.14-0@sha256:661a9ab3d439dcf93593726a9ecbefa44e246709aa813a95d64c3848716710ce # default/HelmRelease/t8s-cluster-etcd-defrag/kube-system/CronJob/kube-etcd-defrag.yaml + - image: registry.k8s.io/provider-os/cinder-csi-plugin:v1.25.6 # default/HelmRelease/t8s-cluster-csi/kube-system/DaemonSet/openstack-cinder-csi-nodeplugin.yaml + - image: registry.k8s.io/provider-os/cinder-csi-plugin:v1.25.6 # default/HelmRelease/t8s-cluster-csi/kube-system/Deployment/openstack-cinder-csi-controllerplugin.yaml + - image: registry.k8s.io/provider-os/openstack-cloud-controller-manager:v1.25.6 # default/HelmRelease/t8s-cluster-ccm/kube-system/DaemonSet/openstack-cloud-controller-manager.yaml diff --git a/charts/t8s-cluster/README.md b/charts/t8s-cluster/README.md index 75a51e8042..651d581a2e 100644 --- a/charts/t8s-cluster/README.md +++ b/charts/t8s-cluster/README.md @@ -1,7 +1,7 @@ [modeline]: # ( vim: set ft=markdown: ) # t8s-cluster -![Version: 8.1.0](https://img.shields.io/badge/Version-8.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) +![Version: 8.3.2](https://img.shields.io/badge/Version-8.3.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) t8s-operator cluster with necessary addons @@ -17,13 +17,14 @@ t8s-operator cluster with necessary addons ## Source Code -* +* +* ## Requirements | Repository | Name | Version | |------------|------|---------| -| oci://ghcr.io/teutonet/teutonet-helm-charts | common | 1.2.0 | +| oci://ghcr.io/teutonet/teutonet-helm-charts | common | 1.2.1 | ## Initial installation @@ -57,21 +58,21 @@ Removed the unused `.metadata.gopassName` field. | **Type** | `object` | | **Additional properties** | [![Not allowed](https://img.shields.io/badge/Not%20allowed-red)](# "Additional Properties not allowed.") | -| Property | Pattern | Type | Deprecated | Definition | Title/Description | -| -------------------------------------------------------------------------------- | ------- | ---------------- | ---------- | --------------------------------------------------------------------------- | -------------------- | -| - [global](#global ) | No | object | No | - | - | -| + [metadata](#metadata ) | No | object | No | - | - | -| + [controlPlane](#controlPlane ) | No | object | No | - | - | -| - [cloud](#cloud ) | No | string | No | - | - | -| + [version](#version ) | No | object | No | - | - | -| + [nodePools](#nodePools ) | No | object | No | - | - | -| - [additionalComputePlaneSecurityGroups](#additionalComputePlaneSecurityGroups ) | No | array of string | No | Same as [additionalSecurityGroups](#controlPlane_additionalSecurityGroups ) | - | -| - [bastion](#bastion ) | No | object | No | - | - | -| - [containerRegistryMirror](#containerRegistryMirror ) | No | object | No | - | - | -| - [sshKeyName](#sshKeyName ) | No | string or null | No | - | - | -| - [cni](#cni ) | No | enum (of string) | No | - | - | -| + [openstackImageNamePrefix](#openstackImageNamePrefix ) | No | string | No | - | - | -| - [common](#common ) | No | object | No | - | Values for sub-chart | +| Property | Pattern | Type | Deprecated | Definition | Title/Description | +| -------------------------------------------------------------------------------- | ------- | ---------------- | ---------- | --------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------- | +| - [global](#global ) | No | object | No | - | - | +| + [metadata](#metadata ) | No | object | No | - | - | +| + [controlPlane](#controlPlane ) | No | object | No | - | - | +| - [cloud](#cloud ) | No | string | No | - | - | +| + [version](#version ) | No | object | No | - | - | +| + [nodePools](#nodePools ) | No | object | No | - | - | +| - [additionalComputePlaneSecurityGroups](#additionalComputePlaneSecurityGroups ) | No | array of string | No | Same as [additionalSecurityGroups](#controlPlane_additionalSecurityGroups ) | - | +| - [bastion](#bastion ) | No | object | No | - | - | +| - [containerRegistryMirror](#containerRegistryMirror ) | No | object | No | - | - | +| - [sshKeyName](#sshKeyName ) | No | string or null | No | - | - | +| - [cni](#cni ) | No | enum (of string) | No | - | The CNI plugin to use. \`auto\` means to keep the current one or use cilium for a new cluster. | +| + [openstackImageNamePrefix](#openstackImageNamePrefix ) | No | string | No | - | - | +| - [common](#common ) | No | object | No | - | Values for sub-chart | ## 1. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `t8s cluster configuration > global` @@ -84,8 +85,7 @@ Removed the unused `.metadata.gopassName` field. | --------------------------------------------------------------------------- | ------- | ------ | ---------- | ---------- | -------------------------------------------------------- | | - [helmRepositories](#global_helmRepositories ) | No | object | No | - | A map of helmRepositories to create, the key is the name | | - [kubectl](#global_kubectl ) | No | object | No | - | Image with \`kubectl\` binary | -| - [etcd](#global_etcd ) | No | object | No | - | Image with \`kubectl\` binary | -| - [semver](#global_semver ) | No | object | No | - | Image with \`semver\` binary | +| - [etcd](#global_etcd ) | No | object | No | - | Image with \`etcdctl\` binary | | - [injectedCertificateAuthorities](#global_injectedCertificateAuthorities ) | No | string | No | - | - | | - [kubeletExtraConfig](#global_kubeletExtraConfig ) | No | object | No | - | Additional kubelet configuration | @@ -238,7 +238,7 @@ bitnami/kubectl | **Type** | `object` | | **Additional properties** | [![Not allowed](https://img.shields.io/badge/Not%20allowed-red)](# "Additional Properties not allowed.") | -**Description:** Image with `kubectl` binary +**Description:** Image with `etcdctl` binary | Property | Pattern | Type | Deprecated | Definition | Title/Description | | ------------------------------ | ------- | ------ | ---------- | --------------------------------------- | ----------------- | @@ -252,34 +252,13 @@ bitnami/kubectl | **Additional properties** | [![Not allowed](https://img.shields.io/badge/Not%20allowed-red)](# "Additional Properties not allowed.") | | **Same definition as** | [image](#global_kubectl_image) | -### 1.4. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `t8s cluster configuration > global > semver` - -| | | -| ------------------------- | -------------------------------------------------------------------------------------------------------- | -| **Type** | `object` | -| **Additional properties** | [![Not allowed](https://img.shields.io/badge/Not%20allowed-red)](# "Additional Properties not allowed.") | - -**Description:** Image with `semver` binary - -| Property | Pattern | Type | Deprecated | Definition | Title/Description | -| -------------------------------- | ------- | ------ | ---------- | --------------------------------------- | ----------------- | -| - [image](#global_semver_image ) | No | object | No | Same as [image](#global_kubectl_image ) | - | - -#### 1.4.1. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `t8s cluster configuration > global > semver > image` - -| | | -| ------------------------- | -------------------------------------------------------------------------------------------------------- | -| **Type** | `object` | -| **Additional properties** | [![Not allowed](https://img.shields.io/badge/Not%20allowed-red)](# "Additional Properties not allowed.") | -| **Same definition as** | [image](#global_kubectl_image) | - -### 1.5. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `t8s cluster configuration > global > injectedCertificateAuthorities` +### 1.4. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `t8s cluster configuration > global > injectedCertificateAuthorities` | | | | -------- | -------- | | **Type** | `string` | -### 1.6. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `t8s cluster configuration > global > kubeletExtraConfig` +### 1.5. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `t8s cluster configuration > global > kubeletExtraConfig` | | | | ------------------------- | -------------------------------------------------------------------------------------------------------- | @@ -292,7 +271,7 @@ bitnami/kubectl | ---------------------------------------------------------------------------- | ------- | ------- | ---------- | ---------- | ------------------------------------------------------------------------------------ | | - [maxParallelImagePulls](#global_kubeletExtraConfig_maxParallelImagePulls ) | No | integer | No | - | Only valid for k8s version 1.27 and later. The number of images to pull in parallel. | -#### 1.6.1. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `t8s cluster configuration > global > kubeletExtraConfig > maxParallelImagePulls` +#### 1.5.1. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `t8s cluster configuration > global > kubeletExtraConfig > maxParallelImagePulls` | | | | -------- | --------- | @@ -371,26 +350,35 @@ Must be one of: | **Type** | `object` | | **Additional properties** | [![Not allowed](https://img.shields.io/badge/Not%20allowed-red)](# "Additional Properties not allowed.") | -| Property | Pattern | Type | Deprecated | Definition | Title/Description | -| --------------------------------------------------------------------- | ------- | --------------- | ---------- | ------------------------- | ----------------- | -| + [flavor](#controlPlane_flavor ) | No | string | No | - | - | -| - [singleNode](#controlPlane_singleNode ) | No | boolean | No | - | - | -| - [additionalSecurityGroups](#controlPlane_additionalSecurityGroups ) | No | array of string | No | In #/$defs/securityGroups | - | -| - [allowedCIDRs](#controlPlane_allowedCIDRs ) | No | array of string | No | - | - | +| Property | Pattern | Type | Deprecated | Definition | Title/Description | +| --------------------------------------------------------------------- | ------- | --------------- | ---------- | ------------------------- | ------------------------------------------------------------- | +| - [hosted](#controlPlane_hosted ) | No | boolean | No | - | Whether the control plane is hosted on the management cluster | +| + [flavor](#controlPlane_flavor ) | No | string | No | - | - | +| - [singleNode](#controlPlane_singleNode ) | No | boolean | No | - | - | +| - [additionalSecurityGroups](#controlPlane_additionalSecurityGroups ) | No | array of string | No | In #/$defs/securityGroups | - | +| - [allowedCIDRs](#controlPlane_allowedCIDRs ) | No | array of string | No | - | - | -### 3.1. ![Required](https://img.shields.io/badge/Required-blue) Property `t8s cluster configuration > controlPlane > flavor` +### 3.1. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `t8s cluster configuration > controlPlane > hosted` + +| | | +| -------- | --------- | +| **Type** | `boolean` | + +**Description:** Whether the control plane is hosted on the management cluster + +### 3.2. ![Required](https://img.shields.io/badge/Required-blue) Property `t8s cluster configuration > controlPlane > flavor` | | | | -------- | -------- | | **Type** | `string` | -### 3.2. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `t8s cluster configuration > controlPlane > singleNode` +### 3.3. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `t8s cluster configuration > controlPlane > singleNode` | | | | -------- | --------- | | **Type** | `boolean` | -### 3.3. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `t8s cluster configuration > controlPlane > additionalSecurityGroups` +### 3.4. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `t8s cluster configuration > controlPlane > additionalSecurityGroups` | | | | -------------- | ---------------------- | @@ -409,13 +397,13 @@ Must be one of: | ------------------------------------------------------------------------------ | ----------- | | [additionalSecurityGroups items](#controlPlane_additionalSecurityGroups_items) | - | -#### 3.3.1. t8s cluster configuration > controlPlane > additionalSecurityGroups > additionalSecurityGroups items +#### 3.4.1. t8s cluster configuration > controlPlane > additionalSecurityGroups > additionalSecurityGroups items | | | | -------- | -------- | | **Type** | `string` | -### 3.4. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `t8s cluster configuration > controlPlane > allowedCIDRs` +### 3.5. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `t8s cluster configuration > controlPlane > allowedCIDRs` | | | | -------- | ----------------- | @@ -433,7 +421,7 @@ Must be one of: | ------------------------------------------------------ | ----------- | | [allowedCIDRs items](#controlPlane_allowedCIDRs_items) | - | -#### 3.4.1. t8s cluster configuration > controlPlane > allowedCIDRs > allowedCIDRs items +#### 3.5.1. t8s cluster configuration > controlPlane > allowedCIDRs > allowedCIDRs items | | | | -------- | -------- | @@ -626,8 +614,11 @@ Specific value: `1` | -------- | ------------------ | | **Type** | `enum (of string)` | +**Description:** The CNI plugin to use. `auto` means to keep the current one or use cilium for a new cluster. + Must be one of: * "cilium" +* "auto" * "calico" ## 12. ![Required](https://img.shields.io/badge/Required-blue) Property `t8s cluster configuration > openstackImageNamePrefix` diff --git a/charts/t8s-cluster/ci/hcp-values.yaml b/charts/t8s-cluster/ci/hcp-values.yaml new file mode 100644 index 0000000000..fa58e7542a --- /dev/null +++ b/charts/t8s-cluster/ci/hcp-values.yaml @@ -0,0 +1,2 @@ +controlPlane: + hosted: true diff --git a/charts/t8s-cluster/templates/_etcd-defrag.yaml b/charts/t8s-cluster/templates/_etcd-defrag.yaml new file mode 100644 index 0000000000..529315d1fd --- /dev/null +++ b/charts/t8s-cluster/templates/_etcd-defrag.yaml @@ -0,0 +1,89 @@ +{{- define "t8s-cluster.etcd-defrag" -}} + {{- $_ := mustMerge . (pick .context "Values" "Release" "Chart") -}} +apiVersion: batch/v1 +kind: CronJob +metadata: + name: kube-etcd-defrag + namespace: {{ .hosted | ternary .Release.Namespace "kube-system" }} + labels: {{- include "common.labels.standard" . | nindent 4 }} +spec: + concurrencyPolicy: Forbid + failedJobsHistoryLimit: 10 + successfulJobsHistoryLimit: 1 + schedule: '42 * * * *' + jobTemplate: + spec: + backoffLimit: 6 + template: + spec: + automountServiceAccountToken: false + containers: + - command: + - etcdctl + - defrag + - --cluster + - --cacert=/etc/kubernetes/pki/etcd/ca.crt + - --cert=/etc/kubernetes/pki/etcd/peer.crt + - --key=/etc/kubernetes/pki/etcd/peer.key + env: + - name: ETCDCTL_API + value: "3" + - name: ETCDCTL_ENDPOINTS + value: {{ .hosted | ternary (printf "kmc-%s-etcd:2379" .Release.Name) "localhost:2379" }} + image: {{ include "common.images.image" (dict "imageRoot" .Values.global.etcd.image "global" .Values.global) }} + imagePullPolicy: IfNotPresent + name: etcd-defrag + securityContext: + runAsGroup: 1000 + runAsUser: {{ .hosted | ternary 1000 0 }} + runAsNonRoot: {{ .hosted }} + privileged: false + allowPrivilegeEscalation: false + seccompProfile: + type: RuntimeDefault + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + volumeMounts: + - mountPath: /etc/kubernetes/pki/etcd + name: etcd-certs + readOnly: true + dnsPolicy: ClusterFirst + restartPolicy: OnFailure + {{- if not .hosted }} + hostNetwork: true + nodeSelector: + node-role.kubernetes.io/control-plane: "" + tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + operator: Exists + - effect: NoSchedule + key: node-role.kubernetes.io/master + operator: Exists + {{- end }} + volumes: + - name: etcd-certs + {{- if .hosted }} + projected: + defaultMode: 420 + sources: + - secret: + items: + - key: tls.crt + path: ca.crt + name: {{ printf "%s-etcd" .Release.Name }} + - secret: + items: + - key: tls.crt + path: peer.crt + - key: tls.key + path: peer.key + name: {{ printf "%s-etcd-peer" .Release.Name }} + {{- else }} + hostPath: + path: /etc/kubernetes/pki/etcd + type: Directory + {{- end }} +{{- end -}} diff --git a/charts/t8s-cluster/templates/management-cluster/clusterClass/_helpers.tpl b/charts/t8s-cluster/templates/management-cluster/clusterClass/_helpers.tpl index 6443c7c8b4..b321ee0d4f 100644 --- a/charts/t8s-cluster/templates/management-cluster/clusterClass/_helpers.tpl +++ b/charts/t8s-cluster/templates/management-cluster/clusterClass/_helpers.tpl @@ -13,13 +13,12 @@ openstack {{- define "t8s-cluster.clusterClass.tlsCipherSuites" -}} {{- $cipherSuites := list "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256" "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305" "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384" "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305" "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384" "TLS_RSA_WITH_AES_256_GCM_SHA384" "TLS_RSA_WITH_AES_128_GCM_SHA256" -}} - {{- join "," $cipherSuites -}} + {{- $cipherSuites | toYaml -}} {{- end -}} {{- define "t8s-cluster.clusterClass.preKubeadmCommands" -}} {{- $_ := mustMerge . (pick .context "Values") -}} {{- $commands := list -}} - {{- $commands = append $commands "bash /etc/kube-proxy-patch.sh" }} {{- if .Values.global.injectedCertificateAuthorities -}} {{- $commands = append $commands "update-ca-certificates" -}} {{- end -}} @@ -35,3 +34,137 @@ openstack {{- $args := dict "cloud-provider" "external" -}} {{- toYaml $args -}} {{- end -}} + +{{- define "t8s-cluster.clusterClass.containerdConfig.plugins" -}} + {{- $_ := mustMerge . (pick .context "Values") -}} +[plugins] + [plugins."io.containerd.grpc.v1.cri"] + {{- if .Values.containerRegistryMirror.mirrorEndpoint }} + [plugins."io.containerd.grpc.v1.cri".registry] + config_path = "/etc/containerd/registries.conf.d" + {{- end }} + [plugins."io.containerd.grpc.v1.cri".containerd] + default_runtime_name = "runc" + [plugins."io.containerd.grpc.v1.cri".containerd.runtimes] + # TODO: this is only needed because of https://github.com/containerd/containerd/issues/5837 + [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc] + runtime_type = "io.containerd.runc.v2" + # TODO: this is only needed because of https://github.com/containerd/containerd/issues/5837 + [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options] + SystemdCgroup = true + {{- if .gpu }} + [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.nvidia] + privileged_without_host_devices = false + runtime_engine = "" + runtime_root = "" + runtime_type = "io.containerd.runc.v2" + [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.nvidia.options] + BinaryName = "/usr/local/nvidia/toolkit/nvidia-container-runtime" + {{- end -}} +{{- end -}} + +{{- define "t8s-cluster.clusterClass.containerdConfig.containerRegistryMirrorConfigs.content" -}} +server = {{ printf "https://%s" .registry | quote }} +{{ printf `[host."%s"]` .endpoint }} + capabilities = ["pull", "resolve"] +{{- end -}} + +{{- define "t8s-cluster.featureGates" -}} +{{/* {{- (dict "SeccompDefault" (list "kubelet")) | toYaml -}}*/}} + {{- (dict) | toYaml -}} +{{- end -}} + +{{- define "t8s-cluster.featureGates.forComponent" -}} + {{- $featureGates := dict -}} + {{- $component := .component -}} + {{- range $featureGate, $components := include "t8s-cluster.featureGates" (dict) | fromYaml -}} + {{- if $components | has $component -}} + {{- $featureGates = set $featureGates $featureGate true -}} + {{- end -}} + {{- end -}} + {{- $featureGates | toYaml -}} +{{- end -}} + +{{- define "t8s-cluster.clusterClass.containerdConfig.containerRegistryMirrorConfigs" -}} + {{- $_ := mustMerge . (pick .context "Values") -}} + {{- $defaultMirroredRegistries := list + "gcr.io" + "ghcr.io" + "k8s.gcr.io" + "nvcr.io" + "quay.io" + "registry.gitlab.com" + "registry.k8s.io" + "registry.opensource.zalan.do" + "registry.teuto.io" + -}} + {{- $mirroredRegistries := concat $defaultMirroredRegistries (.Values.containerRegistryMirror.additionallyMirroredRegistries | default list) | sortAlpha | uniq -}} + {{- $files := list -}} + {{- range $registry := $mirroredRegistries }} + {{- $files = append $files (dict "content" (include "t8s-cluster.clusterClass.containerdConfig.containerRegistryMirrorConfigs.content" (dict "registry" $registry "endpoint" $.Values.containerRegistryMirror.mirrorEndpoint)) "path" (printf `/etc/containerd/registries.conf.d/%s/hosts.toml` $registry)) -}} + {{- end }} + {{- $files = append $files (dict "content" (include "t8s-cluster.clusterClass.containerdConfig.containerRegistryMirrorConfigs.content" (dict "registry" "registry-1.docker.io" "endpoint" $.Values.containerRegistryMirror.mirrorEndpoint)) "path" "/etc/containerd/registries.conf.d/docker.io/hosts.toml") -}} + {{- $files | toYaml -}} +{{- end -}} + +{{- define "t8s-cluster.clusterClass.configTemplate.files" -}} + {{- $_ := mustMerge . (pick .context "Values") -}} + {{- $files := list -}} + {{- if not .excludePatches -}} + {{- $files = concat $files (include "t8s-cluster.patches.kubelet.patches" (dict "context" .context) | fromYamlArray) -}} + {{- end -}} + {{- if .Values.containerRegistryMirror.mirrorEndpoint -}} + {{- $files = concat $files (include "t8s-cluster.clusterClass.containerdConfig.containerRegistryMirrorConfigs" (dict "context" .context) | fromYamlArray) -}} + {{- end -}} + {{- $files = append $files (dict "content" (include "t8s-cluster.clusterClass.containerdConfig.plugins" (dict "context" .context "gpu" .gpu)) "path" "/etc/containerd/conf.d/plugins.toml" ) -}} + {{- if .Values.global.injectedCertificateAuthorities }} + {{- $files = append $files (dict "content" .Values.global.injectedCertificateAuthorities "path" "/usr/local/share/ca-certificates/injected-ca-certs.crt" ) -}} + {{- end }} + {{- $files | toYaml -}} +{{- end -}} + +{{- define "t8s-cluster.clusterClass.args.base" -}} + {{- dict "profiling" "false" | toYaml -}} +{{- end -}} + +{{- define "t8s-cluster.clusterClass.args.shared" -}} + {{- $args := include "t8s-cluster.clusterClass.args.base" (dict) | fromYaml -}} + {{- $args = mustMerge (dict + "authorization-always-allow-paths" (list "/healthz" "/readyz" "/livez" "/metrics" | join ",") + "bind-address" "0.0.0.0" + ) $args -}} + {{- $args | toYaml -}} +{{- end -}} + +{{- define "t8s-cluster.clusterClass.args.scheduler" -}} + {{- include "t8s-cluster.clusterClass.args.shared" (dict) -}} +{{- end }} + +{{- define "t8s-cluster.clusterClass.args.sharedController" -}} + {{- $args := dict "cloud-provider" "external" -}} + {{- toYaml $args -}} +{{- end }} + +{{- define "t8s-cluster.clusterClass.args.controllerManager" -}} + {{- $args := include "t8s-cluster.clusterClass.args.shared" (dict) | fromYaml -}} + {{- $args = mustMerge (include "t8s-cluster.clusterClass.args.sharedController" (dict "context" .context) | fromYaml) $args -}} + {{- $args = set $args "terminated-pod-gc-threshold" "100" -}} + {{- $args | toYaml -}} +{{- end }} + +{{- define "t8s-cluster.clusterClass.apiServer.admissionPlugins" -}} + {{- $admissionPlugins := list "AlwaysPullImages" "NodeRestriction" -}} + {{- if not .excludePatches -}} + {{- $admissionPlugins = concat $admissionPlugins (list "EventRateLimit") -}} + {{- end -}} + {{- $admissionPlugins | toYaml -}} +{{- end -}} + +{{- define "t8s-cluster.clusterClass.args.apiServer" -}} + {{- $args := include "t8s-cluster.clusterClass.args.base" (dict "context" .context) | fromYaml -}} + {{- $args = mustMerge (include "t8s-cluster.clusterClass.args.sharedController" (dict "context" .context) | fromYaml) $args -}} + {{- $args = set $args "enable-admission-plugins" (include "t8s-cluster.clusterClass.apiServer.admissionPlugins" (dict "excludePatches" .excludePatches) | fromYamlArray | join ",") -}} + {{- $args = set $args "event-ttl" "4h" -}} + {{- $args = set $args "tls-cipher-suites" (include "t8s-cluster.clusterClass.tlsCipherSuites" (dict) | fromYamlArray | join ",") -}} + {{- $args | toYaml -}} +{{- end }} diff --git a/charts/t8s-cluster/templates/management-cluster/clusterClass/bootstrapConfigTemplate/_bootstrapConfigTemplate.yaml b/charts/t8s-cluster/templates/management-cluster/clusterClass/bootstrapConfigTemplate/_bootstrapConfigTemplate.yaml new file mode 100644 index 0000000000..b113f0c504 --- /dev/null +++ b/charts/t8s-cluster/templates/management-cluster/clusterClass/bootstrapConfigTemplate/_bootstrapConfigTemplate.yaml @@ -0,0 +1,12 @@ +{{- define "t8s-cluster.clusterClass.bootstrapConfigTemplate" -}} + {{- $_ := mustMerge . (pick .context "Values" "Release" "Chart") -}} +apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +kind: {{ .Values.controlPlane.hosted | ternary "K0sWorkerConfigTemplate" "KubeadmConfigTemplate" }} +metadata: + name: {{ printf "%s-%s-compute-plane" .Release.Name (.gpu | ternary "gpu" "standard") }} + namespace: {{ .Release.Namespace }} + labels: {{- include "common.labels.standard" . | nindent 4 }} +spec: + template: + spec: {{- include (printf "t8s-cluster.clusterClass.bootstrapConfigTemplate.%s.spec" (.Values.controlPlane.hosted | ternary "k0smotron" "kubeadm")) (dict "gpu" .gpu "context" .context) | nindent 6 }} +{{- end -}} diff --git a/charts/t8s-cluster/templates/management-cluster/clusterClass/bootstrapConfigTemplate/_k0smotronConfigTemplateSpec.yaml b/charts/t8s-cluster/templates/management-cluster/clusterClass/bootstrapConfigTemplate/_k0smotronConfigTemplateSpec.yaml new file mode 100644 index 0000000000..f987219cf1 --- /dev/null +++ b/charts/t8s-cluster/templates/management-cluster/clusterClass/bootstrapConfigTemplate/_k0smotronConfigTemplateSpec.yaml @@ -0,0 +1,23 @@ +{{- define "t8s-cluster.clusterClass.bootstrapConfigTemplate.k0smotron.spec" -}} + {{- $_ := mustMerge . (pick .context "Values") -}} + {{- $kubeletExtraArgs := list -}} + {{- range $key, $value := include "t8s-cluster.clusterClass.kubeletExtraArgs" (dict "context" .context) | fromYaml -}} + {{- $kubeletExtraArgs = append $kubeletExtraArgs (printf "--%s=%s" $key $value) -}} + {{- end -}} +args: + - --cri-socket=remote:/run/containerd/containerd.sock + {{- if le (.Values.version.minor | int) 28 }} + - --enable-cloud-provider + {{- end }} + - {{ printf `--kubelet-extra-args="%s"` ($kubeletExtraArgs | join " ") }} +files: {{- include "t8s-cluster.clusterClass.configTemplate.files" (dict "context" .context "gpu" .gpu "excludePatches" true) | nindent 2 }} + {{/* this service isn't needed by k0s */}} + {{- $preStartCommands := list + "systemctl disable --now kubelet.service" + }} + {{- $preStartCommands = concat $preStartCommands + (include "t8s-cluster.clusterClass.preKubeadmCommands" (dict "context" .context) | fromYamlArray) + (include "t8s-cluster.clusterClass.postKubeadmCommands" (dict) | fromYamlArray) + }} +preStartCommands: {{- $preStartCommands | default (list) | toYaml | nindent 2 }} +{{- end -}} diff --git a/charts/t8s-cluster/templates/management-cluster/clusterClass/bootstrapConfigTemplate/_kubeadmConfigTemplateSpec.yaml b/charts/t8s-cluster/templates/management-cluster/clusterClass/bootstrapConfigTemplate/_kubeadmConfigTemplateSpec.yaml new file mode 100644 index 0000000000..1c5eef2998 --- /dev/null +++ b/charts/t8s-cluster/templates/management-cluster/clusterClass/bootstrapConfigTemplate/_kubeadmConfigTemplateSpec.yaml @@ -0,0 +1,11 @@ +{{- define "t8s-cluster.clusterClass.bootstrapConfigTemplate.kubeadm.spec" -}} + {{- $_ := mustMerge . (pick .context "Values") -}} +joinConfiguration: + nodeRegistration: + kubeletExtraArgs: {{- include "t8s-cluster.clusterClass.kubeletExtraArgs" (dict "context" .context) | nindent 6 }} + patches: + directory: /etc/kubernetes/patches +files: {{- include "t8s-cluster.clusterClass.configTemplate.files" (dict "context" .context "gpu" .gpu) | nindent 2 }} +preKubeadmCommands: {{- include "t8s-cluster.clusterClass.preKubeadmCommands" (dict "context" .context) | nindent 2 }} +postKubeadmCommands: {{- include "t8s-cluster.clusterClass.postKubeadmCommands" (dict) | nindent 2 }} +{{- end -}} diff --git a/charts/t8s-cluster/templates/management-cluster/clusterClass/bootstrapConfigTemplate/gpuNodePoolBootstrapConfigTemplate.yaml b/charts/t8s-cluster/templates/management-cluster/clusterClass/bootstrapConfigTemplate/gpuNodePoolBootstrapConfigTemplate.yaml new file mode 100644 index 0000000000..4ec89c993b --- /dev/null +++ b/charts/t8s-cluster/templates/management-cluster/clusterClass/bootstrapConfigTemplate/gpuNodePoolBootstrapConfigTemplate.yaml @@ -0,0 +1 @@ +{{- include "t8s-cluster.clusterClass.bootstrapConfigTemplate" (dict "gpu" true "context" $) -}} diff --git a/charts/t8s-cluster/templates/management-cluster/clusterClass/bootstrapConfigTemplate/standardNodePoolBootstrapConfigTemplate.yaml b/charts/t8s-cluster/templates/management-cluster/clusterClass/bootstrapConfigTemplate/standardNodePoolBootstrapConfigTemplate.yaml new file mode 100644 index 0000000000..ad515cbbcb --- /dev/null +++ b/charts/t8s-cluster/templates/management-cluster/clusterClass/bootstrapConfigTemplate/standardNodePoolBootstrapConfigTemplate.yaml @@ -0,0 +1 @@ +{{- include "t8s-cluster.clusterClass.bootstrapConfigTemplate" (dict "gpu" false "context" $) -}} diff --git a/charts/t8s-cluster/templates/management-cluster/clusterClass/clusterClass.yaml b/charts/t8s-cluster/templates/management-cluster/clusterClass/clusterClass.yaml index 2cf4fd8e37..0736b5d3e5 100644 --- a/charts/t8s-cluster/templates/management-cluster/clusterClass/clusterClass.yaml +++ b/charts/t8s-cluster/templates/management-cluster/clusterClass/clusterClass.yaml @@ -10,6 +10,7 @@ metadata: labels: {{- include "common.labels.standard" $ | nindent 4 }} spec: controlPlane: + {{- if not .Values.controlPlane.hosted }} machineHealthCheck: maxUnhealthy: 1 nodeStartupTimeout: 10m @@ -26,10 +27,16 @@ spec: apiVersion: {{ include "t8s-cluster.clusterClass.infrastructureApiVersion" (dict) }} kind: OpenStackMachineTemplate name: {{ printf "%s-control-plane-%s" $.Release.Name (include "t8s-cluster.clusterClass.openStackMachineTemplate.specHashOfControlPlane" (dict "context" $)) }} + {{- end }} ref: apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + {{- if .Values.controlPlane.hosted }} + kind: K0smotronControlPlaneTemplate + name: {{/* the full context is needed for .Files.Get */}}{{ printf "%s-%s" $.Release.Name (include "t8s-cluster.clusterClass.k0smotronControlPlaneTemplate.specHash" .) }} + {{- else }} kind: KubeadmControlPlaneTemplate name: {{/* the full context is needed for .Files.Get */}}{{ printf "%s-%s" $.Release.Name (include "t8s-cluster.clusterClass.kubeadmControlPlaneTemplate.specHash" .) }} + {{- end }} infrastructure: ref: apiVersion: {{ include "t8s-cluster.clusterClass.infrastructureApiVersion" (dict) }} @@ -72,6 +79,7 @@ spec: type: string default: compute-plane-placeholder patches: + {{- if not .Values.controlPlane.hosted }} - name: controlPlaneServerGroupID description: Sets the ServerGroupID for Control Plane machines. definitions: @@ -85,6 +93,7 @@ spec: kind: OpenStackMachineTemplate matchResources: controlPlane: true + {{- end }} - name: machineDeploymentServerGroupID description: Sets the ServerGroupID for MachineDeployment machines. definitions: @@ -127,6 +136,7 @@ spec: matchResources: machineDeploymentClass: names: {{- $machineDeploymentClasses | keys | sortAlpha | toYaml | nindent 18 }} + {{- if not .Values.controlPlane.hosted }} - jsonPatches: - <<: *imagePatch valueFrom: @@ -135,6 +145,8 @@ spec: <<: *imagePatchSelector matchResources: controlPlane: true + {{- end }} + {{- if not .Values.controlPlane.hosted }} - name: controlPlaneAvailabilityZones enabledIf: {{ `{{ if .controlPlaneAvailabilityZones }}true{{ end }}` | quote }} definitions: @@ -148,6 +160,7 @@ spec: path: /spec/template/spec/controlPlaneAvailabilityZones valueFrom: variable: controlPlaneAvailabilityZones + {{- end }} - name: dnsNameservers definitions: - selector: @@ -190,7 +203,7 @@ spec: bootstrap: ref: apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 - kind: KubeadmConfigTemplate + kind: {{ $.Values.controlPlane.hosted | ternary "K0sWorkerConfigTemplate" "KubeadmConfigTemplate" }} name: {{ printf "%s-%s-compute-plane" $.Release.Name ($isGpuDeploymentClass | ternary "gpu" "standard") }} infrastructure: ref: diff --git a/charts/t8s-cluster/templates/management-cluster/clusterClass/k0smotronControlPlaneTemplate/_helpers.tpl b/charts/t8s-cluster/templates/management-cluster/clusterClass/k0smotronControlPlaneTemplate/_helpers.tpl new file mode 100644 index 0000000000..afc43df92d --- /dev/null +++ b/charts/t8s-cluster/templates/management-cluster/clusterClass/k0smotronControlPlaneTemplate/_helpers.tpl @@ -0,0 +1,7 @@ +{{- define "t8s-cluster.clusterClass.k0smotronControlPlaneTemplate.specHash" -}} + {{/* the full context is needed for .Files.Get */}} + {{- $inputs := (dict + "spec" (include "t8s-cluster.clusterClass.k0smotronControlPlaneTemplate.spec" $) + ) -}} + {{- mustToJson $inputs | toString | quote | sha1sum | trunc 8 -}} +{{- end -}} diff --git a/charts/t8s-cluster/templates/management-cluster/clusterClass/k0smotronControlPlaneTemplate/_k0smotronControlPlaneTemplateSpec.yaml b/charts/t8s-cluster/templates/management-cluster/clusterClass/k0smotronControlPlaneTemplate/_k0smotronControlPlaneTemplateSpec.yaml new file mode 100644 index 0000000000..2c77521b55 --- /dev/null +++ b/charts/t8s-cluster/templates/management-cluster/clusterClass/k0smotronControlPlaneTemplate/_k0smotronControlPlaneTemplateSpec.yaml @@ -0,0 +1,53 @@ +{{/* +KubeadmControlPlaneTemplate is immutable. We need to create new versions during upgrades. +Here we are generating a hash suffix. +This function needs the whole `$` context to be able to use `.Files.Get` +*/}} +{{- define "t8s-cluster.clusterClass.k0smotronControlPlaneTemplate.spec" -}} +replicas: {{ $.Values.controlPlane.singleNode | ternary 1 3 }} +service: + type: LoadBalancer + apiPort: 6443 + konnectivityPort: 8132 +controllerPlaneFlags: + - --disable-components=metrics-server +k0sConfig: + apiVersion: k0s.k0sproject.io/v1beta1 + kind: ClusterConfig + spec: + network: + provider: custom + api: + extraArgs: {{- include "t8s-cluster.clusterClass.args.apiServer" (dict "context" . "excludePatches" true) | nindent 8 }} + # TODO: figure out how to make this work + # admission-control-config-file: &admissionControlConfigFilePath /etc/kubernetes/admission-control-config.yaml + # extraVolumes: + # - hostPath: *admissionControlConfigFilePath + # mountPath: *admissionControlConfigFilePath + # name: admission-control-config + # readOnly: true + # - hostPath: &eventRateLimitConfigFilePath {\{ $eventRateLimitConfigFilePath }} + # mountPath: *eventRateLimitConfigFilePath + # name: event-rate-limit-config + # readOnly: true + controllerManager: + extraArgs: {{- include "t8s-cluster.clusterClass.args.controllerManager" (dict "context" .) | nindent 8 }} + scheduler: + extraArgs: {{- include "t8s-cluster.clusterClass.args.scheduler" (dict) | nindent 8 }} + telemetry: + enabled: false + workerProfiles: + - name: default + {{- $values := dict "cgroupDriver" "systemd" }} + {{ $values = mustMerge $values (include "t8s-cluster.kubelet.options" (dict) | fromYaml) }} + {{ $values = mustMerge $values (include "t8s-cluster.patches.kubelet.imagePulls" (dict "context" .) | fromYaml) }} + values: {{- $values | toYaml | nindent 10 }} + featureGates: {{- range $featureGate, $components := include "t8s-cluster.featureGates" (dict) | fromYaml }} + - name: {{ $featureGate }} + enabled: true + components: {{- $components | toYaml | nindent 10 }} + {{- end }} +etcd: + persistence: + size: 5Gi +{{- end -}} diff --git a/charts/t8s-cluster/templates/management-cluster/clusterClass/k0smotronControlPlaneTemplate/k0smotronControlPlaneTemplate.yaml b/charts/t8s-cluster/templates/management-cluster/clusterClass/k0smotronControlPlaneTemplate/k0smotronControlPlaneTemplate.yaml new file mode 100644 index 0000000000..d88339b816 --- /dev/null +++ b/charts/t8s-cluster/templates/management-cluster/clusterClass/k0smotronControlPlaneTemplate/k0smotronControlPlaneTemplate.yaml @@ -0,0 +1,11 @@ +{{- if .Values.controlPlane.hosted -}} +apiVersion: controlplane.cluster.x-k8s.io/v1beta1 +kind: K0smotronControlPlaneTemplate +metadata: + name: {{/* the full context is needed for .Files.Get */}}{{ printf "%s-%s" $.Release.Name (include "t8s-cluster.clusterClass.k0smotronControlPlaneTemplate.specHash" .) }} + namespace: {{ $.Release.Namespace }} + labels: {{- include "common.labels.standard" $ | nindent 4 }} +spec: + template: + spec: {{/* the full context is needed for .Files.Get */}}{{- include "t8s-cluster.clusterClass.k0smotronControlPlaneTemplate.spec" . | nindent 6 }} +{{- end -}} diff --git a/charts/t8s-cluster/templates/management-cluster/clusterClass/kubeadmConfigTemplate/_helpers.tpl b/charts/t8s-cluster/templates/management-cluster/clusterClass/kubeadmConfigTemplate/_helpers.tpl deleted file mode 100644 index e265e488bd..0000000000 --- a/charts/t8s-cluster/templates/management-cluster/clusterClass/kubeadmConfigTemplate/_helpers.tpl +++ /dev/null @@ -1,55 +0,0 @@ -{{- define "t8s-cluster.clusterClass.containerdConfig.plugins" -}} - {{- $_ := mustMerge . (pick .context "Values") -}} -[plugins] - [plugins."io.containerd.grpc.v1.cri"] - {{- if .Values.containerRegistryMirror.mirrorEndpoint }} - [plugins."io.containerd.grpc.v1.cri".registry] - config_path = "/etc/containerd/registries.conf.d" - {{- end }} - [plugins."io.containerd.grpc.v1.cri".containerd] - default_runtime_name = "runc" - [plugins."io.containerd.grpc.v1.cri".containerd.runtimes] - # TODO: this is only needed because of https://github.com/containerd/containerd/issues/5837 - [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc] - runtime_type = "io.containerd.runc.v2" - # TODO: this is only needed because of https://github.com/containerd/containerd/issues/5837 - [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options] - SystemdCgroup = true - {{- if .gpu }} - [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.nvidia] - privileged_without_host_devices = false - runtime_engine = "" - runtime_root = "" - runtime_type = "io.containerd.runc.v2" - [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.nvidia.options] - BinaryName = "/usr/local/nvidia/toolkit/nvidia-container-runtime" - {{- end -}} -{{- end -}} - -{{- define "t8s-cluster.clusterClass.containerdConfig.containerRegistryMirrorConfigs" -}} - {{- $_ := mustMerge . (pick .context "Values") -}} - {{- $defaultMirroredRegistries := list - "gcr.io" - "ghcr.io" - "k8s.gcr.io" - "nvcr.io" - "quay.io" - "registry.gitlab.com" - "registry.k8s.io" - "registry.opensource.zalan.do" - "registry.teuto.io" - -}} - {{- $mirroredRegistries := concat $defaultMirroredRegistries (.Values.containerRegistryMirror.additionallyMirroredRegistries | default list) | sortAlpha | uniq -}} - {{- range $registry := $mirroredRegistries }} -- content: |- - server = {{ printf "https://%s" $registry | quote }} - {{ printf `[host."%s"]` $.Values.containerRegistryMirror.mirrorEndpoint }} - capabilities = ["pull", "resolve"] - path: {{ printf `/etc/containerd/registries.conf.d/%s/hosts.toml` $registry }} - {{- end }} -- content: |- - server = "registry-1.docker.io" - {{ printf `[host."%s"]` $.Values.containerRegistryMirror.mirrorEndpoint }} - capabilities = ["pull", "resolve"] - path: /etc/containerd/registries.conf.d/docker.io/hosts.toml -{{- end -}} diff --git a/charts/t8s-cluster/templates/management-cluster/clusterClass/kubeadmConfigTemplate/_kubeadmConfigTemplateSpec.yaml b/charts/t8s-cluster/templates/management-cluster/clusterClass/kubeadmConfigTemplate/_kubeadmConfigTemplateSpec.yaml deleted file mode 100644 index aecff2248a..0000000000 --- a/charts/t8s-cluster/templates/management-cluster/clusterClass/kubeadmConfigTemplate/_kubeadmConfigTemplateSpec.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- define "t8s-cluster.clusterClass.kubeadmConfigTemplate.spec" -}} - {{- $_ := mustMerge . (pick .context "Values") -}} -joinConfiguration: - nodeRegistration: - kubeletExtraArgs: {{- include "t8s-cluster.clusterClass.kubeletExtraArgs" (dict) | nindent 6 }} - name: '{{ `{{ local_hostname }}` }}' - patches: - directory: /etc/kubernetes/patches -files: {{- include "t8s-cluster.patches.kubelet.patches" (dict "context" .context) | nindent 2 }} - {{- if .Values.containerRegistryMirror.mirrorEndpoint }} - {{- include "t8s-cluster.clusterClass.containerdConfig.containerRegistryMirrorConfigs" (dict "context" .context) | nindent 2 }} - {{- end }} - - content: |- {{- include "t8s-cluster.clusterClass.containerdConfig.plugins" (dict "context" .context "gpu" .gpu) | nindent 6 }} - path: /etc/containerd/conf.d/plugins.toml - {{- if .Values.global.injectedCertificateAuthorities }} - - content: |- {{- .Values.global.injectedCertificateAuthorities | nindent 6 }} - path: /usr/local/share/ca-certificates/injected-ca-certs.crt - {{- end }} - {{ if .Values.global.injectedCertificateAuthorities }} -preKubeadmCommands: - - update-ca-certificates - {{- end }} -postKubeadmCommands: {{- include "t8s-cluster.clusterClass.postKubeadmCommands" (dict) | nindent 2 }} -{{- end -}} diff --git a/charts/t8s-cluster/templates/management-cluster/clusterClass/kubeadmConfigTemplate/_nodePoolKubeadmConfigTemplate.yaml b/charts/t8s-cluster/templates/management-cluster/clusterClass/kubeadmConfigTemplate/_nodePoolKubeadmConfigTemplate.yaml deleted file mode 100644 index 03238cae47..0000000000 --- a/charts/t8s-cluster/templates/management-cluster/clusterClass/kubeadmConfigTemplate/_nodePoolKubeadmConfigTemplate.yaml +++ /dev/null @@ -1,12 +0,0 @@ -{{- define "t8s-cluster.clusterClass.kubeadmConfigTemplate" -}} - {{- $_ := mustMerge . (pick .context "Values" "Release" "Chart") -}} -apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 -kind: KubeadmConfigTemplate -metadata: - name: {{ printf "%s-%s-compute-plane" .Release.Name (.gpu | ternary "gpu" "standard") }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} -spec: - template: - spec: {{- include "t8s-cluster.clusterClass.kubeadmConfigTemplate.spec" (dict "gpu" .gpu "context" .context) | nindent 6 }} -{{- end -}} diff --git a/charts/t8s-cluster/templates/management-cluster/clusterClass/kubeadmConfigTemplate/gpuNodePoolKubeadmConfigTemplate.yaml b/charts/t8s-cluster/templates/management-cluster/clusterClass/kubeadmConfigTemplate/gpuNodePoolKubeadmConfigTemplate.yaml deleted file mode 100644 index 101a690a1b..0000000000 --- a/charts/t8s-cluster/templates/management-cluster/clusterClass/kubeadmConfigTemplate/gpuNodePoolKubeadmConfigTemplate.yaml +++ /dev/null @@ -1 +0,0 @@ -{{- include "t8s-cluster.clusterClass.kubeadmConfigTemplate" (dict "gpu" true "context" $) -}} diff --git a/charts/t8s-cluster/templates/management-cluster/clusterClass/kubeadmConfigTemplate/standardNodePoolKubeadmConfigTemplate.yaml b/charts/t8s-cluster/templates/management-cluster/clusterClass/kubeadmConfigTemplate/standardNodePoolKubeadmConfigTemplate.yaml deleted file mode 100644 index 2c91ab61f7..0000000000 --- a/charts/t8s-cluster/templates/management-cluster/clusterClass/kubeadmConfigTemplate/standardNodePoolKubeadmConfigTemplate.yaml +++ /dev/null @@ -1 +0,0 @@ -{{- include "t8s-cluster.clusterClass.kubeadmConfigTemplate" (dict "gpu" false "context" $) -}} diff --git a/charts/t8s-cluster/templates/management-cluster/clusterClass/kubeadmControlPlaneTemplate/_helpers.tpl b/charts/t8s-cluster/templates/management-cluster/clusterClass/kubeadmControlPlaneTemplate/_helpers.tpl index 2723427816..a4cd9de58b 100644 --- a/charts/t8s-cluster/templates/management-cluster/clusterClass/kubeadmControlPlaneTemplate/_helpers.tpl +++ b/charts/t8s-cluster/templates/management-cluster/clusterClass/kubeadmControlPlaneTemplate/_helpers.tpl @@ -5,3 +5,33 @@ ) -}} {{- mustToJson $inputs | toString | quote | sha1sum | trunc 8 -}} {{- end -}} + +{{- define "t8s-cluster.clusterClass.kubeadmControlPlaneTemplate.preKubeadmCommands" -}} + {{- $_ := mustMerge . (pick .context "Values") -}} + {{- $commands := list -}} + {{- $commands = append $commands "bash /etc/kube-proxy-patch.sh" -}} + {{- if .Values.global.injectedCertificateAuthorities -}} + {{- $commands = append $commands "update-ca-certificates" -}} + {{- end -}} + {{- toYaml $commands }} +{{- end -}} + +{{- define "t8s-cluster.clusterClass.kubeadmControlPlaneTemplate.files" -}} + {{- $files := list -}} + {{- $files = concat $files (include "t8s-cluster.clusterClass.configTemplate.files" (dict "context" . "gpu" false) | fromYamlArray) -}} + {{- $configs := dict + "admission-control-config.yaml" (required "Missing" .admissionControlConfigFilePath) + "event-rate-limit-config.yaml" (required "Missing" .eventRateLimitConfigFilePath) + "kube-proxy.config.yaml" "/etc/kube-proxy-config.yaml" + -}} + {{- range $file, $path := $configs -}} + {{- $files = append $files (dict "content" ($.Files.Get (printf "files/%s" $file)) "path" $path) -}} + {{- end -}} + {{- $files = append $files (dict "content" (.Files.Get "files/kube-proxy.patch.sh") "path" "/etc/kube-proxy-patch.sh" "permissions" "0700") -}} + {{- range $file := $files -}} + {{- $_ := set $file "content" (get $file "content" | trim) -}} + {{- end -}} + {{- $apiserverPatch := dict "spec" (dict "containers" (list (dict "name" "kube-apiserver" "resources" (dict "requests" (dict "memory" "2Gi") "limits" (dict "memory" "4Gi"))))) -}} + {{- $files = append $files (include "t8s-cluster.patches.patchFile" (dict "values" $apiserverPatch "target" "kube-apiserver" "component" "memory") | fromYaml) -}} + {{- $files | toYaml -}} +{{- end -}} diff --git a/charts/t8s-cluster/templates/management-cluster/clusterClass/kubeadmControlPlaneTemplate/_kubeadmControlPlaneTemplateSpec.yaml b/charts/t8s-cluster/templates/management-cluster/clusterClass/kubeadmControlPlaneTemplate/_kubeadmControlPlaneTemplateSpec.yaml index 28f897e22e..133d59f3e4 100644 --- a/charts/t8s-cluster/templates/management-cluster/clusterClass/kubeadmControlPlaneTemplate/_kubeadmControlPlaneTemplateSpec.yaml +++ b/charts/t8s-cluster/templates/management-cluster/clusterClass/kubeadmControlPlaneTemplate/_kubeadmControlPlaneTemplateSpec.yaml @@ -4,76 +4,39 @@ Here we are generating a hash suffix. This function needs the whole `$` context to be able to use `.Files.Get` */}} {{- define "t8s-cluster.clusterClass.kubeadmControlPlaneTemplate.spec" -}} + {{- $admissionControlConfigFilePath := "/etc/kubernetes/admission-control-config.yaml" -}} + {{- $eventRateLimitConfigFilePath := "/etc/kubernetes/event-rate-limit-config.yaml" -}} rolloutBefore: certificatesExpiryDays: 60 kubeadmConfigSpec: clusterConfiguration: apiServer: - extraArgs: - admission-control-config-file: &admissionControlConfigFilePath /etc/kubernetes/admission-control-config.yaml - cloud-provider: external - enable-admission-plugins: AlwaysPullImages,EventRateLimit,NodeRestriction - profiling: 'false' - tls-cipher-suites: {{ include "t8s-cluster.clusterClass.tlsCipherSuites" (dict) }} - event-ttl: 4h + extraArgs: {{- include "t8s-cluster.clusterClass.args.apiServer" (dict "context" .) | nindent 8 }} + admission-control-config-file: &admissionControlConfigFilePath {{ $admissionControlConfigFilePath }} extraVolumes: - hostPath: *admissionControlConfigFilePath mountPath: *admissionControlConfigFilePath name: admission-control-config readOnly: true - - hostPath: &eventRateLimitConfigFilePath /etc/kubernetes/event-rate-limit-config.yaml + - hostPath: &eventRateLimitConfigFilePath {{ $eventRateLimitConfigFilePath }} mountPath: *eventRateLimitConfigFilePath name: event-rate-limit-config readOnly: true controllerManager: - extraArgs: - authorization-always-allow-paths: /healthz,/readyz,/livez,/metrics - bind-address: 0.0.0.0 - cloud-provider: external - profiling: 'false' - terminated-pod-gc-threshold: '100' + extraArgs: {{- include "t8s-cluster.clusterClass.args.controllerManager" (dict "context" .) | nindent 8 }} etcd: local: extraArgs: listen-metrics-urls: http://0.0.0.0:2381 scheduler: - extraArgs: - authorization-always-allow-paths: /healthz,/readyz,/livez,/metrics - bind-address: 0.0.0.0 - profiling: 'false' - files: {{- include "t8s-cluster.patches.kubelet.patches" (dict "context" $) | nindent 4 }} - - content: |- {{- .Files.Get "files/admission-control-config.yaml" | nindent 8 }} - path: *admissionControlConfigFilePath - - content: |- {{- .Files.Get "files/event-rate-limit-config.yaml" | nindent 8 }} - path: *eventRateLimitConfigFilePath - - content: |- {{- .Files.Get "files/kube-proxy.patch.sh" | nindent 8 }} - path: /etc/kube-proxy-patch.sh - permissions: "0700" - - content: |- {{- .Files.Get "files/kube-proxy.config.yaml" | nindent 8 }} - path: /etc/kube-proxy-config.yaml - {{- if .Values.containerRegistryMirror.mirrorEndpoint }} - {{- include "t8s-cluster.clusterClass.containerdConfig.containerRegistryMirrorConfigs" (dict "context" $) | nindent 4 }} - {{- end }} - - content: |- {{- include "t8s-cluster.clusterClass.containerdConfig.plugins" (dict "context" $ "gpu" false) | nindent 8 }} - path: /etc/containerd/conf.d/plugins.toml - {{- if .Values.global.injectedCertificateAuthorities }} - - content: |- {{- .Values.global.injectedCertificateAuthorities | nindent 8 }} - path: /usr/local/share/ca-certificates/injected-ca-certs.crt - {{- end }} - {{- $apiserverPatch := dict "spec" (dict "containers" (list (dict "name" "kube-apiserver" "resources" (dict "requests" (dict "memory" "2Gi") "limits" (dict "memory" "4Gi"))))) }} - {{- list (include "t8s-cluster.patches.patchFile" (dict "values" $apiserverPatch "target" "kube-apiserver" "component" "memory") | fromYaml) | toYaml | nindent 4 }} - initConfiguration: + extraArgs: {{- include "t8s-cluster.clusterClass.args.scheduler" (dict) | nindent 8 }} + files: {{- include "t8s-cluster.clusterClass.kubeadmControlPlaneTemplate.files" (merge . (dict "admissionControlConfigFilePath" $admissionControlConfigFilePath "eventRateLimitConfigFilePath" $eventRateLimitConfigFilePath)) | nindent 4 }} + initConfiguration: &configuration nodeRegistration: - kubeletExtraArgs: {{- include "t8s-cluster.clusterClass.kubeletExtraArgs" (dict) | nindent 8 }} - name: '{{ `{{ local_hostname }}` }}' + kubeletExtraArgs: {{- include "t8s-cluster.clusterClass.kubeletExtraArgs" (dict "context" .) | nindent 8 }} patches: directory: {{ include "t8s-cluster.patches.directory" (dict) }} - joinConfiguration: - nodeRegistration: - kubeletExtraArgs: {{- include "t8s-cluster.clusterClass.kubeletExtraArgs" (dict) | nindent 8 }} - name: '{{ `{{ local_hostname }}` }}' - patches: - directory: {{ include "t8s-cluster.patches.directory" (dict) }} - preKubeadmCommands: {{- include "t8s-cluster.clusterClass.preKubeadmCommands" (dict "context" $) | nindent 4 }} + joinConfiguration: *configuration + preKubeadmCommands: {{- include "t8s-cluster.clusterClass.kubeadmControlPlaneTemplate.preKubeadmCommands" (dict "context" .) | nindent 4 }} postKubeadmCommands: {{- include "t8s-cluster.clusterClass.postKubeadmCommands" (dict) | nindent 4 }} {{- end -}} diff --git a/charts/t8s-cluster/templates/management-cluster/clusterClass/kubeadmControlPlaneTemplate/kubeadmControlPlaneTemplate.yaml b/charts/t8s-cluster/templates/management-cluster/clusterClass/kubeadmControlPlaneTemplate/kubeadmControlPlaneTemplate.yaml index 1022d74989..997a2b92b7 100644 --- a/charts/t8s-cluster/templates/management-cluster/clusterClass/kubeadmControlPlaneTemplate/kubeadmControlPlaneTemplate.yaml +++ b/charts/t8s-cluster/templates/management-cluster/clusterClass/kubeadmControlPlaneTemplate/kubeadmControlPlaneTemplate.yaml @@ -1,3 +1,4 @@ +{{- if not .Values.controlPlane.hosted -}} apiVersion: controlplane.cluster.x-k8s.io/v1beta1 kind: KubeadmControlPlaneTemplate metadata: @@ -7,3 +8,4 @@ metadata: spec: template: spec: {{/* the full context is needed for .Files.Get */}}{{- include "t8s-cluster.clusterClass.kubeadmControlPlaneTemplate.spec" . | nindent 6 }} +{{- end -}} diff --git a/charts/t8s-cluster/templates/management-cluster/clusterClass/openStackClusterTemplate/_openStackClusterTemplateSpec.yaml b/charts/t8s-cluster/templates/management-cluster/clusterClass/openStackClusterTemplate/_openStackClusterTemplateSpec.yaml index 871bb180bc..ad3bb94843 100644 --- a/charts/t8s-cluster/templates/management-cluster/clusterClass/openStackClusterTemplate/_openStackClusterTemplateSpec.yaml +++ b/charts/t8s-cluster/templates/management-cluster/clusterClass/openStackClusterTemplate/_openStackClusterTemplateSpec.yaml @@ -5,10 +5,11 @@ Here we are generating a hash suffix. {{- define "t8s-cluster.clusterClass.openStackClusterTemplate.spec" -}} {{- $_ := mustMerge . (pick .context "Values") -}} apiServerLoadBalancer: - enabled: true + enabled: {{ not .Values.controlPlane.hosted }} {{- with .Values.controlPlane.allowedCIDRs }} allowedCidrs: {{- toYaml . | nindent 4 }} {{- end }} +disableAPIServerFloatingIP: {{ .Values.controlPlane.hosted }} bastion: availabilityZone: {{ .Values.bastion.availabilityZone }} enabled: {{ .Values.bastion.enabled }} diff --git a/charts/t8s-cluster/templates/management-cluster/clusterClass/openStackMachineTemplates/openStackMachineTemplates.yaml b/charts/t8s-cluster/templates/management-cluster/clusterClass/openStackMachineTemplates/openStackMachineTemplates.yaml index 098a8b7b47..dc8c0b0873 100644 --- a/charts/t8s-cluster/templates/management-cluster/clusterClass/openStackMachineTemplates/openStackMachineTemplates.yaml +++ b/charts/t8s-cluster/templates/management-cluster/clusterClass/openStackMachineTemplates/openStackMachineTemplates.yaml @@ -1,9 +1,10 @@ {{- range $name := list "compute-plane" "control-plane" }} -{{- if false }} + {{- if or (ne $name "control-plane") (not $.Values.controlPlane.hosted) }} + {{- if false }} apiVersion: infrastructure.cluster.x-k8s.io/v1alpha7 -{{- else }} + {{- else }} apiVersion: {{ include "t8s-cluster.clusterClass.infrastructureApiVersion" (dict) }} -{{- end }} + {{- end }} kind: OpenStackMachineTemplate metadata: name: {{ printf "%s-%s-%s" $.Release.Name $name (include "t8s-cluster.clusterClass.openStackMachineTemplate.specHash" (dict "name" $name "context" $)) }} @@ -13,4 +14,5 @@ spec: template: spec: {{- include "t8s-cluster.clusterClass.openStackMachineTemplate.spec" (dict "name" $name "context" $) | nindent 6 }} --- -{{- end }} + {{- end }} +{{- end -}} diff --git a/charts/t8s-cluster/templates/management-cluster/clusterClass/patches/_kubelet.tpl b/charts/t8s-cluster/templates/management-cluster/clusterClass/patches/_kubelet.tpl index e6f609c44a..f2849f0cde 100644 --- a/charts/t8s-cluster/templates/management-cluster/clusterClass/patches/_kubelet.tpl +++ b/charts/t8s-cluster/templates/management-cluster/clusterClass/patches/_kubelet.tpl @@ -1,23 +1,48 @@ {{- define "t8s-cluster.patches.kubelet.imagePulls" -}} {{- $_ := mustMerge . (pick .context "Values") -}} - {{- include "t8s-cluster.patches.patchFile" (dict "values" (dict "serializeImagePulls" false "maxParallelImagePulls" .Values.global.kubeletExtraConfig.maxParallelImagePulls) "target" "kubeletconfiguration" "component" "imagePulls") -}} + {{- $values := dict -}} + {{- if and (or (gt (.Values.version.major | int) 1) (ge (.Values.version.minor | int) 27)) (gt (int .Values.global.kubeletExtraConfig.maxParallelImagePulls) 1) -}} + {{- $values = mustMerge $values (dict "serializeImagePulls" false "maxParallelImagePulls" .Values.global.kubeletExtraConfig.maxParallelImagePulls) -}} + {{- end -}} + {{- $values | toYaml -}} +{{- end -}} + +{{- define "t8s-cluster.kubelet.featureGates"}} + {{- include "t8s-cluster.featureGates.forComponent" (dict "component" "kubelet") -}} +{{- end -}} + +{{- define "t8s-cluster.kubelet.options" -}} + {{- $options := dict -}} + {{- $options = set $options "eventRecordQPS" 0 -}} + {{- $options = set $options "protectKernelDefaults" true -}} + {{- $options = set $options "tlsCipherSuites" (include "t8s-cluster.clusterClass.tlsCipherSuites" (dict) | fromYamlArray) -}} + {{- $options = set $options "seccompDefault" true -}} + {{- $options | toYaml -}} {{- end -}} {{- define "t8s-cluster.patches.kubelet.default" -}} {{- $values := dict -}} - {{- $values = set $values "eventRecordQPS" 0 -}} - {{- $values = set $values "protectKernelDefaults" true -}} - {{- $values = set $values "featureGates" (dict) -}} - {{- $values = set $values "SeccompDefault" true -}} - {{- $values = set $values "tlsCipherSuites" (include "t8s-cluster.clusterClass.tlsCipherSuites" (dict) | splitList ",") -}} - {{- include "t8s-cluster.patches.patchFile" (dict "values" $values "target" "kubeletconfiguration" "component" "default") -}} + {{- range $option, $value := include "t8s-cluster.kubelet.options" (dict) | fromYaml -}} + {{- $values = set $values $option $value -}} + {{- end -}} + {{- $values = set $values "featureGates" (include "t8s-cluster.kubelet.featureGates" (dict) | fromYaml) -}} + {{- $patches := list -}} + {{/* clear the old stuff beforehand, otherwise they just stay there 😐 */}} + {{- $cleanupJsonPatch := list -}} + {{- $settingsToClean := dict "/featureGates" (dict) -}} + {{- range $settingToClean, $cleanValue := $settingsToClean -}} + {{- $cleanupJsonPatch = append $cleanupJsonPatch (dict "op" "add" "path" $settingToClean "value" $cleanValue) -}} + {{- end -}} + {{- $patches = append $patches (include "t8s-cluster.patches.patchFile" (dict "values" $cleanupJsonPatch "target" "kubeletconfiguration" "suffix" 0 "patchType" "json") | fromYaml) -}} + {{- $patches = append $patches (include "t8s-cluster.patches.patchFile" (dict "values" $values "target" "kubeletconfiguration" "component" "default") | fromYaml) -}} + {{- $patches | toYaml -}} {{- end -}} {{- define "t8s-cluster.patches.kubelet.patches" -}} {{- $_ := mustMerge . (pick .context "Values") -}} - {{- $patches := list (include "t8s-cluster.patches.kubelet.default" (dict) | fromYaml) -}} - {{- if and (eq (int .Values.version.major) 1) (ge (int .Values.version.minor) 27) (gt (int .Values.global.kubeletExtraConfig.maxParallelImagePulls) 1) -}} - {{- $patches = append $patches (include "t8s-cluster.patches.kubelet.imagePulls" (dict "context" .context) | fromYaml) -}} + {{- $patches := include "t8s-cluster.patches.kubelet.default" (dict) | fromYamlArray -}} + {{- with include "t8s-cluster.patches.kubelet.imagePulls" (dict "context" .context) | fromYaml -}} + {{- $patches = append $patches (include "t8s-cluster.patches.patchFile" (dict "values" . "target" "kubeletconfiguration" "component" "imagePulls") | fromYaml) -}} {{- end -}} {{- toYaml $patches -}} {{- end -}} diff --git a/charts/t8s-cluster/templates/management-cluster/clusterClass/patches/_patches.tpl b/charts/t8s-cluster/templates/management-cluster/clusterClass/patches/_patches.tpl index 734786b239..5f96a95ec8 100644 --- a/charts/t8s-cluster/templates/management-cluster/clusterClass/patches/_patches.tpl +++ b/charts/t8s-cluster/templates/management-cluster/clusterClass/patches/_patches.tpl @@ -1,6 +1,30 @@ {{- define "t8s-cluster.patches.patchFile" -}} -content: |- {{- toYaml .values | nindent 2 }} -path: {{ printf "%s/%s-%s.yaml" (include "t8s-cluster.patches.directory" (dict)) .target .component }} + {{- $patchType := "" -}} + {{- with .patchType -}} + {{- $patchType = printf "+%v" . -}} + {{- end -}} + {{- $component := "" -}} + {{- with .component -}} + {{- $component = printf "-%v" . -}} + {{- end -}} + {{- $suffix := .suffix -}} + {{- if typeIs "" $suffix -}} + {{- $suffix = 10 -}} + {{- end -}} + {{- $extension := "yaml" -}} + {{- if eq .patchType "json" -}} + {{- $extension = "json" -}} + {{- end -}} + {{- with .extension -}} + {{- $extension = . -}} + {{- end -}} + {{- $content := "" -}} + {{- if eq $extension "json" -}} + {{- $content = toJson .values -}} + {{- else -}} + {{- $content = toYaml .values -}} + {{- end -}} + {{- dict "content" $content "path" (printf "%v/%v-%v%v%v.%v" (include "t8s-cluster.patches.directory" (dict)) .target $suffix $component $patchType $extension) | toYaml -}} {{- end -}} {{- define "t8s-cluster.patches.directory" -}} diff --git a/charts/t8s-cluster/templates/management-cluster/etcd-defrag.yaml b/charts/t8s-cluster/templates/management-cluster/etcd-defrag.yaml new file mode 100644 index 0000000000..ae78f50777 --- /dev/null +++ b/charts/t8s-cluster/templates/management-cluster/etcd-defrag.yaml @@ -0,0 +1,3 @@ +{{- if .Values.controlPlane.hosted -}} + {{- include "t8s-cluster.etcd-defrag" (dict "context" $ "hosted" true) | nindent 0 -}} +{{- end -}} diff --git a/charts/t8s-cluster/templates/management-cluster/repositories/helmRepositories.yaml b/charts/t8s-cluster/templates/management-cluster/repositories/helmRepositories.yaml index f504aa1bc8..b1ffd99d2f 100644 --- a/charts/t8s-cluster/templates/management-cluster/repositories/helmRepositories.yaml +++ b/charts/t8s-cluster/templates/management-cluster/repositories/helmRepositories.yaml @@ -4,7 +4,7 @@ {{- $create = eq (include "common.tplvalues.render" (dict "value" $config.condition "context" (deepCopy $))) "true" -}} {{- end -}} {{- if $create -}} -apiVersion: source.toolkit.fluxcd.io/v1beta2 +apiVersion: source.toolkit.fluxcd.io/v1 kind: HelmRepository metadata: name: {{ printf "%s-%s" $.Release.Name $name | quote }} diff --git a/charts/t8s-cluster/templates/workload-cluster/_helmRelease.yaml b/charts/t8s-cluster/templates/workload-cluster/_helmRelease.yaml index 07092fd226..0ddcddc319 100644 --- a/charts/t8s-cluster/templates/workload-cluster/_helmRelease.yaml +++ b/charts/t8s-cluster/templates/workload-cluster/_helmRelease.yaml @@ -1,6 +1,6 @@ {{- define "t8s-cluster.helm.resourceIntoCluster" -}} {{- $_ := mustMerge . (pick .context "Values" "Release" "Chart") -}} -apiVersion: helm.toolkit.fluxcd.io/v2beta2 +apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: {{ printf "%s-%s" .Release.Name .name }} diff --git a/charts/t8s-cluster/templates/workload-cluster/cinder-csi-plugin/ciliumNetworkPolicy.yaml b/charts/t8s-cluster/templates/workload-cluster/cinder-csi-plugin/ciliumNetworkPolicy.yaml new file mode 100644 index 0000000000..d4d2dd0eda --- /dev/null +++ b/charts/t8s-cluster/templates/workload-cluster/cinder-csi-plugin/ciliumNetworkPolicy.yaml @@ -0,0 +1,39 @@ +{{- if eq (include "t8s-cluster.cni" .) "cilium" -}} + {{- include "t8s-cluster.helm.resourceIntoCluster" (dict "name" "openstack-cinder-csi" "resource" (include "t8s-cluster.networkPolicy.cinder-csi" (dict)) "context" $ "additionalLabels" (dict "app.kubernetes.io/component" "cinder-csi")) | nindent 0 }} +{{- end }} + +{{- define "t8s-cluster.networkPolicy.cinder-csi" -}} +apiVersion: cilium.io/v2 +kind: CiliumNetworkPolicy +metadata: + name: openstack-cinder-csi + namespace: kube-system + labels: {{- include "common.helm.labels" (dict) | nindent 4 }} +spec: + endpointSelector: + matchLabels: + app: openstack-cinder-csi + ingress: + - fromEntities: + - health + toPorts: + - ports: + - port: "9808" + protocol: TCP + egress: + - toEndpoints: + - matchLabels: + io.kubernetes.pod.namespace: kube-system + k8s-app: kube-dns + toPorts: + - ports: + - port: "53" + protocol: UDP + rules: + dns: + - matchPattern: "*" + - toEntities: + - world # this is the placeholder for the openstack api, as we don't want to pin specific DNS names + - toEntities: + - kube-apiserver +{{- end -}} diff --git a/charts/t8s-cluster/templates/workload-cluster/cinder-csi-plugin.yaml b/charts/t8s-cluster/templates/workload-cluster/cinder-csi-plugin/cinder-csi-plugin.yaml similarity index 83% rename from charts/t8s-cluster/templates/workload-cluster/cinder-csi-plugin.yaml rename to charts/t8s-cluster/templates/workload-cluster/cinder-csi-plugin/cinder-csi-plugin.yaml index 5b7705f33e..2b1f9e0292 100644 --- a/charts/t8s-cluster/templates/workload-cluster/cinder-csi-plugin.yaml +++ b/charts/t8s-cluster/templates/workload-cluster/cinder-csi-plugin/cinder-csi-plugin.yaml @@ -4,6 +4,7 @@ metadata: name: {{ printf "%s-csi" .Release.Name }} namespace: {{ .Release.Namespace}} labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: cinder-csi spec: chart: spec: @@ -43,6 +44,11 @@ spec: name: cloud-config csi: plugin: + # TODO: keep this until https://github.com/k0sproject/k0s/issues/1842 is addressed + {{- if .Values.controlPlane.hosted }} + nodePlugin: + kubeletDir: /var/lib/k0s/kubelet + {{- end }} controllerPlugin: tolerations: - effect: NoSchedule diff --git a/charts/t8s-cluster/templates/workload-cluster/cloud-controller-manager.yaml b/charts/t8s-cluster/templates/workload-cluster/cloud-controller-manager.yaml index 9ef699624f..11d6d4629b 100644 --- a/charts/t8s-cluster/templates/workload-cluster/cloud-controller-manager.yaml +++ b/charts/t8s-cluster/templates/workload-cluster/cloud-controller-manager.yaml @@ -21,9 +21,6 @@ spec: - name: {{ printf "%s-cni" .Release.Name }} namespace: {{ .Release.Namespace }} {{- end }} - kubeConfig: - secretRef: - name: {{ .Release.Name }}-kubeconfig install: remediation: retries: -1 @@ -34,6 +31,9 @@ spec: storageNamespace: kube-system targetNamespace: kube-system releaseName: ccm + kubeConfig: + secretRef: + name: {{ .Release.Name }}-kubeconfig valuesFrom: - &valuesFrom kind: Secret @@ -43,6 +43,17 @@ spec: valuesKey: cloud.conf - <<: *valuesFrom targetPath: cloudConfig.metadata.hash + {{- if .Values.controlPlane.hosted }} + postRenderers: + - kustomize: + patches: + - target: + kind: DaemonSet + patch: | + - op: replace + path: /kind + value: Deployment + {{- end }} values: cluster: name: {{ .Values.metadata.friendlyName | default .Release.Name }} @@ -51,8 +62,14 @@ spec: - key: node.cloudprovider.kubernetes.io/uninitialized value: "true" effect: NoSchedule + {{- if not .Values.controlPlane.hosted }} - key: node-role.kubernetes.io/control-plane effect: NoSchedule nodeSelector: node-role.kubernetes.io/control-plane: "" + {{- end }} + {{- else }} + {{- if .Values.controlPlane.hosted }} + nodeSelector: null + {{- end }} {{- end }} diff --git a/charts/t8s-cluster/templates/workload-cluster/etcd-defrag.yaml b/charts/t8s-cluster/templates/workload-cluster/etcd-defrag.yaml index ce8ce0f35b..dc852e5753 100644 --- a/charts/t8s-cluster/templates/workload-cluster/etcd-defrag.yaml +++ b/charts/t8s-cluster/templates/workload-cluster/etcd-defrag.yaml @@ -1,58 +1,3 @@ -{{- include "t8s-cluster.helm.resourceIntoCluster" (dict "name" "etcd-defrag" "resource" (include "t8s-cluster.etcd-defrag" (dict "context" $)) "context" $ "additionalLabels" (dict "app.kubernetes.io/component" "etcd")) | nindent 0 }} - -{{- define "t8s-cluster.etcd-defrag" -}} - {{- $_ := mustMerge . (pick .context "Values" "Release" "Chart") -}} -apiVersion: batch/v1 -kind: CronJob -metadata: - name: kube-etcd-defrag - namespace: kube-system - labels: {{- include "common.labels.standard" . | nindent 4 }} -spec: - concurrencyPolicy: Forbid - failedJobsHistoryLimit: 10 - successfulJobsHistoryLimit: 1 - schedule: '42 * * * *' - jobTemplate: - spec: - backoffLimit: 6 - template: - spec: - containers: - - command: - - etcdctl - - defrag - - --cluster - - --cacert=/etc/kubernetes/pki/etcd/ca.crt - - --cert=/etc/kubernetes/pki/etcd/peer.crt - - --key=/etc/kubernetes/pki/etcd/peer.key - env: - - name: ETCDCTL_API - value: "3" - - name: ETCDCTL_ENDPOINTS - value: 'localhost:2379' - image: {{ include "common.images.image" (dict "imageRoot" .Values.global.etcd.image "global" .Values.global) }} - imagePullPolicy: IfNotPresent - name: etcd-defrag - volumeMounts: - - mountPath: /etc/kubernetes/pki/etcd - name: etcd-certs - readOnly: true - dnsPolicy: ClusterFirst - hostNetwork: true - nodeSelector: - node-role.kubernetes.io/control-plane: "" - restartPolicy: OnFailure - tolerations: - - effect: NoSchedule - key: node-role.kubernetes.io/control-plane - operator: Exists - - effect: NoSchedule - key: node-role.kubernetes.io/master - operator: Exists - volumes: - - hostPath: - path: /etc/kubernetes/pki/etcd - type: Directory - name: etcd-certs +{{- if not .Values.controlPlane.hosted -}} + {{- include "t8s-cluster.helm.resourceIntoCluster" (dict "name" "etcd-defrag" "resource" (include "t8s-cluster.etcd-defrag" (dict "context" $ "hosted" false)) "context" $ "additionalLabels" (dict "app.kubernetes.io/component" "etcd")) | nindent 0 -}} {{- end -}} diff --git a/charts/t8s-cluster/values.schema.json b/charts/t8s-cluster/values.schema.json index e173b82973..e8ea234094 100644 --- a/charts/t8s-cluster/values.schema.json +++ b/charts/t8s-cluster/values.schema.json @@ -103,6 +103,10 @@ "controlPlane": { "type": "object", "properties": { + "hosted": { + "type": "boolean", + "description": "Whether the control plane is hosted on the management cluster" + }, "flavor": { "type": "string" }, diff --git a/charts/t8s-cluster/values.yaml b/charts/t8s-cluster/values.yaml index f8386ddc95..3e5e4db338 100644 --- a/charts/t8s-cluster/values.yaml +++ b/charts/t8s-cluster/values.yaml @@ -5,7 +5,7 @@ global: url: https://helm.cilium.io charts: cilium: 1.x.x - condition: '{{ eq .Values.cni "cilium" }}' + condition: '{{ eq (include "t8s-cluster.cni" .) "cilium" }}' nvidia: url: https://helm.ngc.nvidia.com/nvidia charts: @@ -38,6 +38,7 @@ metadata: friendlyName: "" controlPlane: + hosted: false flavor: standard.2.1905 singleNode: false allowedCIDRs: [] diff --git a/charts/teuto-portal-k8s-worker/Chart.lock b/charts/teuto-portal-k8s-worker/Chart.lock index d8321fee39..e83125abdc 100644 --- a/charts/teuto-portal-k8s-worker/Chart.lock +++ b/charts/teuto-portal-k8s-worker/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: oci://ghcr.io/teutonet/teutonet-helm-charts - version: 1.1.0 -digest: sha256:4002865b4b61253358688cda528a4146c2b24b3adefb18569189f6caee155427 -generated: "2024-04-18T16:49:16.63244841+02:00" + version: 1.2.1 +digest: sha256:9be2400cd3e698513c28d0cd2044da55a9e3f99eb3278a1eb5827b44178d8cc2 +generated: "2024-08-07T11:46:43.48101683Z" diff --git a/charts/teuto-portal-k8s-worker/Chart.yaml b/charts/teuto-portal-k8s-worker/Chart.yaml index 09e8f63cfe..596f172fb9 100644 --- a/charts/teuto-portal-k8s-worker/Chart.yaml +++ b/charts/teuto-portal-k8s-worker/Chart.yaml @@ -13,8 +13,8 @@ maintainers: email: st@teuto.net dependencies: - name: common - version: 1.1.0 + version: 1.2.1 repository: oci://ghcr.io/teutonet/teutonet-helm-charts annotations: artifacthub.io/images: | - - image: registry-gitlab.teuto.net/4teuto/dev/teuto-portal/teuto-portal-k8s-worker/teuto-portal-k8s-worker:3.2.1 # default/Deployment/teuto-portal-k8s-worker.yaml + - image: registry-gitlab.teuto.net/4teuto/dev/teuto-portal/teuto-portal-k8s-worker/teuto-portal-k8s-worker:3.3.0 # default/Deployment/teuto-portal-k8s-worker.yaml diff --git a/charts/teuto-portal-k8s-worker/templates/deployment.yaml b/charts/teuto-portal-k8s-worker/templates/deployment.yaml index 81c9aa3b29..bd266108b1 100644 --- a/charts/teuto-portal-k8s-worker/templates/deployment.yaml +++ b/charts/teuto-portal-k8s-worker/templates/deployment.yaml @@ -11,8 +11,7 @@ spec: template: metadata: labels: {{- include "common.labels.standard" $ | nindent 8 }} - spec: - {{- include "common.images.renderPullSecrets" ( dict "images" (list .Values.worker.image) "context" $) | indent 6 }} + spec: {{- include "common.images.renderPullSecrets" ( dict "images" (list .Values.worker.image) "context" $) | nindent 6 }} securityContext: {{- toYaml .Values.global.securityContext | nindent 8 }} automountServiceAccountToken: false containers: diff --git a/charts/teuto-portal-k8s-worker/values.yaml b/charts/teuto-portal-k8s-worker/values.yaml index a8c09e20a6..61952f195b 100644 --- a/charts/teuto-portal-k8s-worker/values.yaml +++ b/charts/teuto-portal-k8s-worker/values.yaml @@ -22,7 +22,7 @@ worker: image: registry: registry-gitlab.teuto.net repository: 4teuto/dev/teuto-portal/teuto-portal-k8s-worker/teuto-portal-k8s-worker - tag: 3.2.1 + tag: 3.3.0 database: credentials: secret: