diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index cb328bec0..3989271c6 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -1,5 +1,6 @@ * @teutonet/k8s /charts/base-cluster/ @cwrau @marvinWolff @tasches @teutonet-bot +/charts/common/ @cwrau @marvinWolff @tasches @teutonet-bot /charts/stellio-context-broker/ @cwrau @ocaner-biz @teutonet-bot /charts/t8s-cluster/ @cwrau @marvinWolff @tasches @teutonet-bot /charts/teuto-portal-k8s-worker/ @cwrau @marvinWolff @tasches @teutonet-bot diff --git a/.github/artifacthub-repo.yaml b/.github/artifacthub-repo.yaml new file mode 100644 index 000000000..2707bf872 --- /dev/null +++ b/.github/artifacthub-repo.yaml @@ -0,0 +1,12 @@ +# Artifact Hub repository metadata file +# +# Some settings like the verified publisher flag or the ignored packages won't +# be applied until the next time the repository is processed. Please keep in +# mind that the repository won't be processed if it has not changed since the +# last time it was processed. Depending on the repository kind, this is checked +# in a different way. For Helm http based repositories, we consider it has +# changed if the `index.yaml` file changes. For git based repositories, it does +# when the hash of the last commit in the branch you set up changes. This does +# NOT apply to ownership claim operations, which are processed immediately. +# +repositoryID: bc3ec3a0-5f14-46f9-941f-c5f4f0264b2a diff --git a/.github/release-please/config.json b/.github/release-please/config.json index 1d594028b..fa5c1cb44 100644 --- a/.github/release-please/config.json +++ b/.github/release-please/config.json @@ -32,6 +32,9 @@ }, "charts/teuto-portal-k8s-worker": { "package-name": "teuto-portal-k8s-worker" + }, + "charts/common": { + "package-name": "common" } } } diff --git a/.github/release-please/manifest.json b/.github/release-please/manifest.json index c436ce41f..13a989df1 100644 --- a/.github/release-please/manifest.json +++ b/.github/release-please/manifest.json @@ -1 +1 @@ -{"charts/base-cluster":"4.12.0","charts/teuto-portal-k8s-worker":"1.0.1","charts/t8s-cluster":"4.1.0","charts/stellio-context-broker":"0.1.0","charts/chirpstack":"0.1.0"} +{"charts/base-cluster":"6.0.0","charts/teuto-portal-k8s-worker":"1.0.2","charts/t8s-cluster":"6.0.0","charts/stellio-context-broker":"0.1.0","charts/chirpstack":"0.1.0"} diff --git a/.github/scripts/create-values-diff.sh b/.github/scripts/create-values-diff.sh index 76c22eafd..ca7169eac 100755 --- a/.github/scripts/create-values-diff.sh +++ b/.github/scripts/create-values-diff.sh @@ -1,6 +1,7 @@ #!/usr/bin/env bash [[ "$RUNNER_DEBUG" == 1 ]] && set -x +[[ $- == *x* ]] && export RUNNER_DEBUG=1 set -eu set -o pipefail @@ -21,6 +22,11 @@ else dryRun=false fi +if yq -e '.type == "library"' "$chart/Chart.yaml" >/dev/null; then + echo "Skipping library chart '$chart'" >/dev/stderr + exit 0 +fi + GITHUB_API_URL="${GITHUB_API_URL:-https://api.github.com}" if command -v gh &>/dev/null; then @@ -38,48 +44,14 @@ GITHUB_WORKSPACE="${GITHUB_WORKSPACE:-$(git rev-parse --show-toplevel)}" GITHUB_DEFAULT_BRANCH="${GITHUB_DEFAULT_BRANCH:-main}" GITHUB_SERVER_URL="${GITHUB_SERVER_URL:-https://github.com}" GITHUB_REPO_URL="${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}" -SCRIPTS="$GITHUB_WORKSPACE/.github/scripts/" -TMP_DIR="$(mktemp -d)" -trap 'rm -rf "$TMP_DIR"' EXIT -cd "$GITHUB_WORKSPACE" +[[ ! -v TMP_DIR ]] && trap 'rm -rf "$TMP_DIR"' EXIT +TMP_DIR="${TMP_DIR:-$(mktemp -d)}" -function splitYamlIntoDir() { - local yaml="${1?}" - local dir="${2?}" - local IFS=$'\n' - local selector - - for selector in $(yq -c -s '.[] | select(.kind and .metadata.name) | {kind: .kind, namespace: .metadata.namespace, name: .metadata.name}' <"$yaml"); do - local resourceName - local kind - local namespace - local name - kind="$(jq --argjson selector "$selector" -n -r '$selector.kind')" - namespace="$(jq --argjson selector "$selector" -n -r '$selector.namespace')" - name="$(jq --argjson selector "$selector" -n -r '$selector.name')" - - resourceName="$dir/$namespace/$kind/$name.yaml" - if [[ -f "$resourceName" ]]; then - echo "'$resourceName' shouldn't already exist" >/dev/stderr - return 1 - fi - mkdir -p "$(dirname "$resourceName")" - # shellcheck disable=SC2016 - yq -y -s --argjson selector "$selector" '.[] | select((.kind == $selector.kind) and (.metadata.namespace == $selector.namespace) and (.metadata.name == $selector.name)) | del(.metadata.labels.chart) | del(.metadata.labels["helm.sh/chart"])' <"$yaml" >"$resourceName" - if [[ "$kind" == "HelmRelease" ]]; then - ( - "$SCRIPTS/templateHelmRelease" -1 <<<"$(sed -s '$a---' <(yq -s -y '.[] | select(.apiVersion | contains("source.toolkit.fluxcd.io"))' <"$yaml") "$resourceName")" >"${resourceName}_templated" - splitYamlIntoDir "${resourceName}_templated" "$(dirname "$resourceName")/$(basename -s .yaml "$resourceName")" - rm "${resourceName}_templated" - ) & - fi - done - wait -} +cd "$GITHUB_WORKSPACE" function generateComment() { - local chart="charts/${1?}" + local chart="${1?}" local -A diffs local newResourcesDir local originalResourcesDir @@ -93,13 +65,13 @@ function generateComment() { mkdir "$originalResourcesDir" "$newResourcesDir" ( - "$SCRIPTS/templateGitHelmChart" -1 "$GITHUB_REPO_URL" "$chart" "${GITHUB_DEFAULT_BRANCH}" "$values" | yq -y -S >"$originalResourcesDir.yaml" - splitYamlIntoDir "$originalResourcesDir.yaml" "$originalResourcesDir" + "$(dirname "$0")/templateGitHelmChart" -1 "$GITHUB_REPO_URL" "$chart" "${GITHUB_DEFAULT_BRANCH}" "$values" | yq -y -S >"$originalResourcesDir.yaml" + "$(dirname "$0")/splitYamlIntoDir" "$originalResourcesDir.yaml" "$originalResourcesDir" ) & ( - "$SCRIPTS/templateLocalHelmChart" -1 "$chart" "$values" | yq -y -S >"$newResourcesDir.yaml" - splitYamlIntoDir "$newResourcesDir.yaml" "$newResourcesDir" + "$(dirname "$0")/templateLocalHelmChart" -1 "$chart" "$values" | yq -y -S >"$newResourcesDir.yaml" + "$(dirname "$0")/splitYamlIntoDir" "$newResourcesDir.yaml" "$newResourcesDir" ) & wait diff --git a/.github/scripts/enforce-trusted-registries.sh b/.github/scripts/enforce-trusted-registries.sh index 4c41d1fe8..349f6c70d 100755 --- a/.github/scripts/enforce-trusted-registries.sh +++ b/.github/scripts/enforce-trusted-registries.sh @@ -1,6 +1,7 @@ #!/usr/bin/env bash [[ "$RUNNER_DEBUG" == 1 ]] && set -x +[[ $- == *x* ]] && export RUNNER_DEBUG=1 set -eu set -o pipefail @@ -11,20 +12,28 @@ function getUntrustedImages() { trustedImagesRegex="$(yq -r -f .github/scripts/trusted_images_regex.jq <.github/trusted_registries.yaml)" - yq -r '.annotations["artifacthub.io/images"]' <"$chart/Chart.yaml" | + yq -r '.annotations["artifacthub.io/images"]' "$chart/Chart.yaml" | yq -r '.[] | .image' | - grep -v -E "$trustedImagesRegex" + grep -v -E "$trustedImagesRegex" | + sort -u } function enforceTrustedImages() { local chart="${1?}" local untrustedImages=() + if yq -e '.type == "library"' "$chart/Chart.yaml" >/dev/null; then + echo "Skipping library chart '$chart'" >/dev/stderr + return 0 + fi mapfile -t untrustedImages < <(getUntrustedImages "$chart") - if ((${#untrustedImages[@]} > 0)); then + if [[ "${#untrustedImages[@]}" -gt 0 ]]; then echo "found ${#untrustedImages[@]} untrusted images in '$chart', please fix;" >/dev/stderr for untrustedImage in "${untrustedImages[@]}"; do - echo " $untrustedImage" >/dev/stderr + echo " > $untrustedImage, found in the following resources:" >/dev/stderr + # shellcheck disable=SC2016 + yq --arg image "$untrustedImage" -r '.annotations["artifacthub.io/images"] | split("\n")[] | select(contains($image))' "$chart/Chart.yaml" | + awk '{print " - " $NF}' >/dev/stderr done return 1 fi diff --git a/.github/scripts/extract-artifacthub-images.sh b/.github/scripts/extract-artifacthub-images.sh index 7f0d8bc07..59eab7f75 100755 --- a/.github/scripts/extract-artifacthub-images.sh +++ b/.github/scripts/extract-artifacthub-images.sh @@ -1,20 +1,13 @@ #!/usr/bin/env bash [[ "$RUNNER_DEBUG" == 1 ]] && set -x +[[ $- == *x* ]] && export RUNNER_DEBUG=1 set -eu set -o pipefail -TMP_DIR=$(mktemp -d) -trap 'rm -rf "$TMP_DIR"' EXIT - -function templateRemoteHelmChart() { - "$(dirname "$0")/templateRemoteHelmChart" -} - -function templateLocalHelmChart() { - "$(dirname "$0")/templateLocalHelmChart" "$@" -} +[[ ! -v TMP_DIR ]] && trap 'rm -rf "$TMP_DIR"' EXIT +TMP_DIR="${TMP_DIR:-$(mktemp -d)}" function templateHelmChart() { local chart="$1" @@ -28,20 +21,33 @@ function templateHelmChart() { if [[ "$numberOfHelmReleases" -gt 0 ]]; then for index in $(seq 0 $((numberOfHelmReleases - 1))); do echo --- - yq <<<"$yaml" -erys '([.[] | select(.kind == "HelmRelease")]['"$index"']),(.[] | select(.kind | IN(["GitRepository", "HelmRepository"][])))' | templateRemoteHelmChart + yq <<<"$yaml" -erys '([.[] | select(.kind == "HelmRelease")]['"$index"']),(.[] | select(.kind | IN(["GitRepository", "HelmRepository"][])))' | "$(dirname "$0")/templateRemoteHelmChart" done fi } function getImages() { local chart="$1" - templateLocalHelmChart "$chart" | - grep -E '\s+image: \S+' | - grep -v 'artifacthub-ignore' | - awk '{print $NF}' | - tr -d '"' | - sort -u | - jq -Rn '[[inputs][] | {image: .}]' | yq -y + local tmpDir + tmpDir="$(mktemp -d -p "$TMP_DIR")" + "$(dirname "$0")/templateLocalHelmChart" -1 "$chart" >"$tmpDir/helmRelease.yaml" + "$(dirname "$0")/splitYamlIntoDir" "$tmpDir/helmRelease.yaml" "$tmpDir/helmRelease" + + ( + cd "$tmpDir/helmRelease" + rm -f -- */HelmRelease/*.yaml + grep -Er '\s+image: \S+$' | + grep -v 'artifacthub-ignore' | + awk '{print $3 " # " $1}' | + tr -d '"' | + sed 's#:$##' | + sort -k1 -k2 | + uniq | + column -t | + jq -Rn '[[inputs][] | {image: .}]' | + yq -y | + tr -d "'" + ) } function updateChartYaml() { @@ -53,13 +59,13 @@ function updateChartYaml() { ( echo "artifacthub.io/images: |" getImages "$chart" | awk '{print " " $0}' - ) | tee "$tmpDir/images.yaml" + ) | tee "$tmpDir/images.yaml" >/dev/stderr if yq -e .annotations "$chart/Chart.yaml" >/dev/null; then echo "Existing annotations:" >/dev/stderr - yq -y '.annotations | del(.["artifacthub.io/images"])' "$chart/Chart.yaml" | tee "$tmpDir/annotations.yaml" + yq -y '.annotations | del(.["artifacthub.io/images"])' "$chart/Chart.yaml" | tee "$tmpDir/annotations.yaml" >/dev/stderr echo "Cleaned Chart.yaml:" >/dev/stderr - yq -y '. | del(.annotations)' "$chart/Chart.yaml" | tee >(sponge "$chart/Chart.yaml") + yq -y '. | del(.annotations)' "$chart/Chart.yaml" | tee >(sponge "$chart/Chart.yaml") >/dev/stderr else touch "$tmpDir/annotations.yaml" fi @@ -76,6 +82,10 @@ function updateChartYaml() { } if [[ "$#" == 1 ]] && [[ -d "$1" ]]; then + if yq -e '.type == "library"' "$1/Chart.yaml" >/dev/null; then + echo "Skipping library chart '$1'" >/dev/stderr + exit 0 + fi if ! [[ -f "$1/ci/artifacthub-values.yaml" ]]; then echo "There is no 'artifacthub-values.yaml' in 'charts/$1/ci', exiting" >/dev/stderr exit 1 @@ -86,6 +96,10 @@ else [[ "$chart" == "charts/*" ]] && continue [[ -f "$chart/ci/artifacthub-values.yaml" ]] || continue + if yq -e '.type == "library"' "$chart/Chart.yaml" >/dev/null; then + echo "Skipping library chart '$chart'" >/dev/stderr + exit 0 + fi updateChartYaml "$chart" done fi diff --git a/.github/scripts/prepare-values.sh b/.github/scripts/prepare-values.sh index 0aeaa6db8..aa0c17764 100755 --- a/.github/scripts/prepare-values.sh +++ b/.github/scripts/prepare-values.sh @@ -1,5 +1,8 @@ #!/usr/bin/env bash +[[ "$RUNNER_DEBUG" == 1 ]] && set -x +[[ $- == *x* ]] && export RUNNER_DEBUG=1 + function mergeYaml() { local valuesFile="${1?}" local overrideJson="${2?}" diff --git a/.github/scripts/splitYamlIntoDir b/.github/scripts/splitYamlIntoDir new file mode 100755 index 000000000..e6379f725 --- /dev/null +++ b/.github/scripts/splitYamlIntoDir @@ -0,0 +1,43 @@ +#!/usr/bin/env bash + +[[ "$RUNNER_DEBUG" == 1 ]] && set -x +[[ $- == *x* ]] && export RUNNER_DEBUG=1 + +set -eu +set -o pipefail + +function splitYamlIntoDir() { + local yaml="${1?}" + local dir="${2?}" + local IFS=$'\n' + local selector + + for selector in $(yq -c -s '.[] | select(.kind and .metadata.name) | {kind: .kind, namespace: .metadata.namespace, name: .metadata.name}' <"$yaml"); do + local resourceName + local kind + local namespace + local name + kind="$(jq --argjson selector "$selector" -n -r '$selector.kind')" + namespace="$(jq --argjson selector "$selector" -n -r '$selector.namespace')" + name="$(jq --argjson selector "$selector" -n -r '$selector.name')" + + resourceName="$dir/$namespace/$kind/$name.yaml" + if [[ -f "$resourceName" ]]; then + echo "'$resourceName' shouldn't already exist" >/dev/stderr + return 1 + fi + mkdir -p "$(dirname "$resourceName")" + # shellcheck disable=SC2016 + yq -y -s --argjson selector "$selector" '.[] | select((.kind == $selector.kind) and (.metadata.namespace == $selector.namespace) and (.metadata.name == $selector.name)) | del(.metadata.labels.chart) | del(.metadata.labels["helm.sh/chart"])' <"$yaml" >"$resourceName" + if [[ "$kind" == "HelmRelease" ]]; then + ( + "$(dirname "$0")/templateHelmRelease" -1 <<<"$(sed -s '$a---' <(yq -s -y '.[] | select(.apiVersion | contains("source.toolkit.fluxcd.io"))' <"$yaml") "$resourceName")" >"${resourceName}_templated" + splitYamlIntoDir "${resourceName}_templated" "$(dirname "$resourceName")/$(basename -s .yaml "$resourceName")" + rm "${resourceName}_templated" + ) & + fi + done + wait +} + +splitYamlIntoDir "$@" diff --git a/.github/scripts/sync-codeowners.sh b/.github/scripts/sync-codeowners.sh index 12813e578..ca7ad5e26 100755 --- a/.github/scripts/sync-codeowners.sh +++ b/.github/scripts/sync-codeowners.sh @@ -1,6 +1,7 @@ #!/usr/bin/env bash [[ "$RUNNER_DEBUG" == 1 ]] && set -x +[[ $- == *x* ]] && export RUNNER_DEBUG=1 echo "* @teutonet/k8s" diff --git a/.github/scripts/templateHelmChart.sh b/.github/scripts/templateHelmChart.sh index fdfe4a3a2..835a14af3 100755 --- a/.github/scripts/templateHelmChart.sh +++ b/.github/scripts/templateHelmChart.sh @@ -1,12 +1,13 @@ #!/usr/bin/env bash [[ "$RUNNER_DEBUG" == 1 ]] && set -x +[[ $- == *x* ]] && export RUNNER_DEBUG=1 set -eu set -o pipefail -TMP_DIR="$(mktemp -d)" -trap 'rm -rf "$TMP_DIR"' EXIT +[[ ! -v TMP_DIR ]] && trap 'rm -rf "$TMP_DIR"' EXIT +TMP_DIR="${TMP_DIR:-$(mktemp -d)}" function templateGitHelmRelease() { local gitUrl="$1" @@ -115,11 +116,9 @@ function templateSubHelmCharts() { yaml=$(cat -) numberOfHelmReleases=$(yq <<<"$yaml" -ers '[.[] | select(.kind == "HelmRelease")] | length') echo "$yaml" - if [[ "$numberOfHelmReleases" -gt 0 ]]; then - for index in $(seq 0 $((numberOfHelmReleases - 1))); do - yq <<<"$yaml" -erys '([.[] | select(.kind == "HelmRelease")]['"$index"']),(.[] | select(.kind | IN(["GitRepository", "HelmRepository"][])))' | templateHelmRelease >"$tmpDir/$index.yaml" & - done - fi + for index in $(seq 0 $((numberOfHelmReleases - 1))); do + yq <<<"$yaml" -erys '([.[] | select(.kind == "HelmRelease")]['"$index"']),(.[] | select(.kind | IN(["GitRepository", "HelmRepository"][])))' | templateHelmRelease >"$tmpDir/$index.yaml" & + done wait for index in $(seq 0 $((numberOfHelmReleases - 1))); do echo --- diff --git a/.github/scripts/trusted_images_regex.jq b/.github/scripts/trusted_images_regex.jq index 2e15441ef..0e13708bf 100644 --- a/.github/scripts/trusted_images_regex.jq +++ b/.github/scripts/trusted_images_regex.jq @@ -8,6 +8,6 @@ else "\(.[0:-1] | join("/")):\($type)" end | - "^\(.)$" + "^\(.)(\\s|$)" ] | join("|") diff --git a/.github/scripts/validate-pullrequest.sh b/.github/scripts/validate-pullrequest.sh index 7e1005c78..ddc003435 100755 --- a/.github/scripts/validate-pullrequest.sh +++ b/.github/scripts/validate-pullrequest.sh @@ -1,6 +1,7 @@ #!/usr/bin/env bash [[ "$RUNNER_DEBUG" == 1 ]] && set -x +[[ $- == *x* ]] && export RUNNER_DEBUG=1 set -eu set -o pipefail diff --git a/.github/trusted_registries.yaml b/.github/trusted_registries.yaml index c25050136..d29267d75 100644 --- a/.github/trusted_registries.yaml +++ b/.github/trusted_registries.yaml @@ -36,3 +36,4 @@ registries: provider-os: ALL_IMAGES k8s.gcr.io: sig-storage: ALL_IMAGES + registry-gitlab.teuto.net: ALL_IMAGES diff --git a/.github/workflows/auto-assign-pr.yaml b/.github/workflows/auto-assign-pr.yaml index 673542671..b9d22fb96 100644 --- a/.github/workflows/auto-assign-pr.yaml +++ b/.github/workflows/auto-assign-pr.yaml @@ -9,4 +9,4 @@ jobs: auto-assign: runs-on: ubuntu-latest steps: - - uses: kentaro-m/auto-assign-action@v1.2.5 + - uses: kentaro-m/auto-assign-action@v2.0.0 diff --git a/.github/workflows/get-changed-chart.yaml b/.github/workflows/get-changed-chart.yaml index 30d2d51ab..8a3de3837 100644 --- a/.github/workflows/get-changed-chart.yaml +++ b/.github/workflows/get-changed-chart.yaml @@ -13,7 +13,7 @@ jobs: outputs: chart: ${{ steps.getChangedChart.outputs.chart }} env: - CT_TARGET_BRANCH: ${{ github.event.repository.default_branch }} + CT_TARGET_BRANCH: ${{ github.event.pull_request.base.ref || github.event.repository.default_branch }} steps: - uses: actions/checkout@v4 with: @@ -26,7 +26,7 @@ jobs: run: | set -x set -o pipefail - changed="$(ct list-changed --since "HEAD~" | cut -d / -f 2)" + changed="$(ct list-changed | cut -d / -f 2)" if [[ -z "$changed" ]]; then echo chart= | tee "$GITHUB_OUTPUT" diff --git a/.github/workflows/get-changed-charts.yaml b/.github/workflows/get-changed-charts.yaml index c4b24c85f..da1c922f8 100644 --- a/.github/workflows/get-changed-charts.yaml +++ b/.github/workflows/get-changed-charts.yaml @@ -13,7 +13,7 @@ jobs: outputs: charts: ${{ steps.getCharts.outputs.charts }} env: - CT_TARGET_BRANCH: ${{ github.event.repository.default_branch }} + CT_TARGET_BRANCH: ${{ github.event.pull_request.base.ref || github.event.repository.default_branch }} steps: - uses: actions/checkout@v4 with: @@ -28,5 +28,5 @@ jobs: set -o pipefail ( echo -n charts= - ct list-changed --since "HEAD~" | cut -d / -f 2 | jq -c -Rn '[inputs]' + ct list-changed | cut -d / -f 2 | jq -c -Rn '[inputs]' ) | tee "$GITHUB_OUTPUT" diff --git a/.github/workflows/linter.yaml b/.github/workflows/linter.yaml index 6c6af7af4..d4dfb59c9 100644 --- a/.github/workflows/linter.yaml +++ b/.github/workflows/linter.yaml @@ -19,7 +19,7 @@ jobs: matrix: chart: ${{ fromJson(needs.getChangedCharts.outputs.charts) }} env: - CT_TARGET_BRANCH: ${{ github.event.repository.default_branch }} + CT_TARGET_BRANCH: ${{ github.event.pull_request.base.ref || github.event.repository.default_branch }} CHART: ${{ matrix.chart }} steps: - uses: actions/checkout@v4 @@ -46,7 +46,13 @@ jobs: - uses: helm/chart-testing-action@v2.6.1 - name: Lint chart - run: ct lint --check-version-increment=false + run: | + if ! [[ -f "charts/$CHART/values.yaml" ]]; then + echo "No values.yaml found for $CHART, skipping 'ct lint'" >/dev/stderr + helm lint "charts/$CHART" + else + ct lint --check-version-increment=false + fi env: CT_CHART_REPOS: ${{ steps.helm-repos.outputs.repos }} CT_CHARTS: charts/${{ matrix.chart }} diff --git a/.github/workflows/pr-comment-diff.yaml b/.github/workflows/pr-comment-diff.yaml index 306a50fcb..bf1e94abb 100644 --- a/.github/workflows/pr-comment-diff.yaml +++ b/.github/workflows/pr-comment-diff.yaml @@ -17,7 +17,7 @@ jobs: runs-on: ubuntu-22.04 needs: getChangedChart env: - CT_TARGET_BRANCH: ${{ github.event.repository.default_branch }} + CT_TARGET_BRANCH: ${{ github.event.pull_request.base.ref || github.event.repository.default_branch }} GITHUB_TOKEN: ${{ secrets.ACTIONS_BOT_TOKEN }} steps: - uses: actions/checkout@v4 @@ -25,4 +25,4 @@ jobs: - name: Install sponge run: sudo apt-get -yq install moreutils - run: ./.github/scripts/prepare-values.sh "charts/${{ needs.getChangedChart.outputs.chart }}" - - run: ./.github/scripts/create-values-diff.sh ${{ github.event.number }} ${{ needs.getChangedChart.outputs.chart }} + - run: ./.github/scripts/create-values-diff.sh ${{ github.event.number }} "charts/${{ needs.getChangedChart.outputs.chart }}" diff --git a/.github/workflows/release-chart.yaml b/.github/workflows/release-chart.yaml index ef6330494..15e2b47c7 100644 --- a/.github/workflows/release-chart.yaml +++ b/.github/workflows/release-chart.yaml @@ -34,9 +34,11 @@ jobs: steps: - uses: actions/checkout@v4 - - run: helm package --dependency-update "charts/${CHART}" + - run: helm package --dependency-update "${CHART}" - run: helm registry login ghcr.io --username teutonet-bot --password ${{ secrets.ACTIONS_BOT_TOKEN }} - - run: helm push "${CHART}"-* "oci://ghcr.io/${GITHUB_REPOSITORY}" + - run: helm push -- *.tgz "oci://ghcr.io/${GITHUB_REPOSITORY}" + - run: oras login ghcr.io --username teutonet-bot --password ${{ secrets.ACTIONS_BOT_TOKEN }} + - run: oras push "ghcr.io/${GITHUB_REPOSITORY}/${CHART#charts/}:artifacthub.io" --config /dev/null:application/vnd.cncf.artifacthub.config.v1+yaml .github/artifacthub-repo.yaml:application/vnd.cncf.artifacthub.repository-metadata.layer.v1.yaml abort: runs-on: ubuntu-latest needs: release_please diff --git a/.github/workflows/release-update-metadata.yaml b/.github/workflows/release-update-metadata.yaml index 9f622c528..3d38ca0b2 100644 --- a/.github/workflows/release-update-metadata.yaml +++ b/.github/workflows/release-update-metadata.yaml @@ -16,7 +16,7 @@ jobs: needs: getChangedChart name: update metadata file for release env: - CT_TARGET_BRANCH: ${{ github.event.repository.default_branch }} + CT_TARGET_BRANCH: ${{ github.event.pull_request.base.ref || github.event.repository.default_branch }} CHART: ${{ needs.getChangedChart.outputs.chart }} steps: - uses: actions/checkout@v4 @@ -29,16 +29,14 @@ jobs: run: sudo apt-get -yq install moreutils - run: ./.github/scripts/prepare-values.sh "charts/$CHART" - - name: extract images - run: ./.github/scripts/extract-artifacthub-images.sh "charts/$CHART" + - run: ./.github/scripts/extract-artifacthub-images.sh "charts/$CHART" - - name: enforce trusted registries - run: ./.github/scripts/enforce-trusted-registries.sh "charts/$CHART" + - run: ./.github/scripts/enforce-trusted-registries.sh "charts/$CHART" - name: Commit artifacthub images uses: EndBug/add-and-commit@v9 with: - message: "chore: [bot] Update images in 'Chart.yaml'" + message: "ci: [bot] Update images in 'Chart.yaml'" default_author: github_actions push: false add: charts/${{ needs.getChangedChart.outputs.chart }}/Chart.yaml @@ -47,6 +45,10 @@ jobs: - name: generate values.md run: | set -ex + if ! [[ -f "charts/$CHART/values.schema.json" ]]; then + echo "No values.schema.json found for $CHART" >/dev/stderr + exit 0 + fi generate-schema-doc --config-file .github/json-schema-to-md.yaml "charts/$CHART/values.schema.json" "charts/$CHART/values.md" - name: generate Docs uses: docker://jnorwood/helm-docs:latest @@ -56,7 +58,7 @@ jobs: - name: Commit README uses: EndBug/add-and-commit@v9 with: - message: "chore: [bot] Update 'README.md'" + message: "ci: [bot] Update 'README.md'" default_author: github_actions push: true add: charts/${{ needs.getChangedChart.outputs.chart }}/README.md diff --git a/.github/workflows/update-artifacthub-images.yaml b/.github/workflows/update-artifacthub-images.yaml index 15513b580..85d51d5e4 100644 --- a/.github/workflows/update-artifacthub-images.yaml +++ b/.github/workflows/update-artifacthub-images.yaml @@ -48,14 +48,13 @@ jobs: - run: ./.github/scripts/enforce-trusted-registries.sh "charts/${{ matrix.chart }}" - id: create-pr - uses: peter-evans/create-pull-request@v5 + uses: peter-evans/create-pull-request@v6 with: add-paths: | charts/${{ matrix.chart }}/Chart.yaml - commit-message: "chore(${{ matrix.chart }}/artifacthub-images): Update images in 'Chart.yaml'" - author: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - branch: chore/${{ matrix.chart }}-update-artifacthub-images - title: "chore(${{ matrix.chart }}/artifacthub-images): Update ArtifactHUB images" + commit-message: "ci(${{ matrix.chart }}/artifacthub-images): Update images in 'Chart.yaml'" + branch: ci/${{ matrix.chart }}-update-artifacthub-images + title: "ci(${{ matrix.chart }}/artifacthub-images): Update ArtifactHUB images" body: | Updates the ArtifactHUB images to the really deployed ones. - if: ${{ steps.create-pr.outputs.pull-request-number }} @@ -65,7 +64,7 @@ jobs: PR_NUMBER: ${{ steps.create-pr.outputs.pull-request-number }} merge-method: squash - if: ${{ steps.create-pr.outputs.pull-request-number }} - uses: juliangruber/approve-pull-request-action@v2.0.4 + uses: juliangruber/approve-pull-request-action@v2.0.6 with: github-token: ${{ secrets.ACTIONS_BOT_TOKEN }} number: ${{ steps.create-pr.outputs.pull-request-number }} diff --git a/.github/workflows/update-codeowners.yaml b/.github/workflows/update-codeowners.yaml index 879406b56..fe2c8d99c 100644 --- a/.github/workflows/update-codeowners.yaml +++ b/.github/workflows/update-codeowners.yaml @@ -19,14 +19,13 @@ jobs: - name: Create PR id: create-pr - uses: peter-evans/create-pull-request@v5 + uses: peter-evans/create-pull-request@v6 with: add-paths: | .github/CODEOWNERS - commit-message: "chore: [bot] Update 'CODEOWNERS'" - author: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - branch: chore/update-codeowners - title: "chore: Update CODEOWNERS" + commit-message: "ci: [bot] Update 'CODEOWNERS'" + branch: ci/update-codeowners + title: "ci: Update CODEOWNERS" - name: Set PR to auto-merge if: ${{ steps.create-pr.outputs.pull-request-number }} run: gh pr merge --auto --squash "$PR_NUMBER" diff --git a/.github/workflows/validate-pullrequest.yaml b/.github/workflows/validate-pullrequest.yaml index 118cc8663..d3cf12ebd 100644 --- a/.github/workflows/validate-pullrequest.yaml +++ b/.github/workflows/validate-pullrequest.yaml @@ -30,7 +30,7 @@ jobs: runs-on: ubuntu-latest needs: getChangedChart env: - CT_TARGET_BRANCH: ${{ github.event.repository.default_branch }} + CT_TARGET_BRANCH: ${{ github.event.pull_request.base.ref || github.event.repository.default_branch }} steps: - uses: actions/checkout@v4 with: diff --git a/charts/base-cluster/CHANGELOG.md b/charts/base-cluster/CHANGELOG.md index 73c7566d9..4e1d74f31 100644 --- a/charts/base-cluster/CHANGELOG.md +++ b/charts/base-cluster/CHANGELOG.md @@ -1,5 +1,95 @@ # Changelog +## [6.0.0](https://github.com/teutonet/teutonet-helm-charts/compare/base-cluster-v5.0.1...base-cluster-v6.0.0) (2024-03-25) + + +### ⚠ BREAKING CHANGES + +* **base-cluster/kyverno:** upgrade 🤮 ([#784](https://github.com/teutonet/teutonet-helm-charts/issues/784)) + +### Features + +* add helmrelease schemas 😍 ([#792](https://github.com/teutonet/teutonet-helm-charts/issues/792)) ([89ed7eb](https://github.com/teutonet/teutonet-helm-charts/commit/89ed7eb540c647cb3e15b590d20a6a83331a61b7)) +* **base-cluster:** enable cilium dns proxy ([#825](https://github.com/teutonet/teutonet-helm-charts/issues/825)) ([73c97fa](https://github.com/teutonet/teutonet-helm-charts/commit/73c97faf8376a0c94b00d1651b351a116e521faf)) +* **base-cluster:** upgrade all HRs and enable driftDetection ([#773](https://github.com/teutonet/teutonet-helm-charts/issues/773)) ([fe6e71a](https://github.com/teutonet/teutonet-helm-charts/commit/fe6e71a0600192705e4c68da7bafd0df6448b17c)) + + +### Bug Fixes + +* **base-cluster-schema/schema:** remove required for serviceLevelAgre… ([#791](https://github.com/teutonet/teutonet-helm-charts/issues/791)) ([d9917b5](https://github.com/teutonet/teutonet-helm-charts/commit/d9917b5d52659fa2d10938bd830a1355f681a2e6)) +* **base-cluster/grafana:** oidc secret handling ([#756](https://github.com/teutonet/teutonet-helm-charts/issues/756)) ([73a15d2](https://github.com/teutonet/teutonet-helm-charts/commit/73a15d28b4158f4668305c9b076b535dc70565e0)) +* **base-cluster/kyverno:** configure missing registry for kyverno images ([#811](https://github.com/teutonet/teutonet-helm-charts/issues/811)) ([83c44f5](https://github.com/teutonet/teutonet-helm-charts/commit/83c44f54ece474d2044b87fa0d92246379cd8a80)) +* **base-cluster/metrics-server:** remove mount, as it's fixed via chart ([#818](https://github.com/teutonet/teutonet-helm-charts/issues/818)) ([b8cbe36](https://github.com/teutonet/teutonet-helm-charts/commit/b8cbe365c99bc315d499c6f1bfe44a84bf22133e)) +* **base-cluster/monitoring:** missing UIDs and cross-connections ([#824](https://github.com/teutonet/teutonet-helm-charts/issues/824)) ([39b19d2](https://github.com/teutonet/teutonet-helm-charts/commit/39b19d210e82b385e8e5c2119896e5f28259329d)) +* **base-cluster/oauth-proxy:** use correct secretName for certificate ([#758](https://github.com/teutonet/teutonet-helm-charts/issues/758)) ([eda417c](https://github.com/teutonet/teutonet-helm-charts/commit/eda417c7036d49acd1f6db4c66cb11ed8c3cf45a)) +* helmrelease-schemas ([#794](https://github.com/teutonet/teutonet-helm-charts/issues/794)) ([6544385](https://github.com/teutonet/teutonet-helm-charts/commit/65443857c75d07b245c14e05d1fae76f0c0de479)) + + +### Miscellaneous Chores + +* **base-cluster/artifacthub-images:** Update ArtifactHUB images ([#786](https://github.com/teutonet/teutonet-helm-charts/issues/786)) ([c9e14e4](https://github.com/teutonet/teutonet-helm-charts/commit/c9e14e4d2edee3547a237d16d1a2c0d97c9c384c)) +* **base-cluster/backup:** pin velero, as they don't follow semver ([#781](https://github.com/teutonet/teutonet-helm-charts/issues/781)) ([a87c79e](https://github.com/teutonet/teutonet-helm-charts/commit/a87c79e4d4ab74b589880f387714e306c3c05bc2)) +* **base-cluster/dependencies:** update docker.io/bitnami/kubectl docker tag to v1.29.3 ([#788](https://github.com/teutonet/teutonet-helm-charts/issues/788)) ([622ddd3](https://github.com/teutonet/teutonet-helm-charts/commit/622ddd356e419a658ee924741d1b601e6c11b25e)) +* **base-cluster/dependencies:** update docker.io/curlimages/curl docker tag to v8.6.0 ([#753](https://github.com/teutonet/teutonet-helm-charts/issues/753)) ([ae31961](https://github.com/teutonet/teutonet-helm-charts/commit/ae31961abf6bb619489b8ef6617b1983ecf2dae1)) +* **base-cluster/dependencies:** update docker.io/fluxcd/flux-cli docker tag to v2.2.3 ([#764](https://github.com/teutonet/teutonet-helm-charts/issues/764)) ([cf45276](https://github.com/teutonet/teutonet-helm-charts/commit/cf45276178409998800552d07ec546302e0869e0)) +* **base-cluster/dependencies:** update external-dns docker tag to v7 ([#827](https://github.com/teutonet/teutonet-helm-charts/issues/827)) ([1ea1bf9](https://github.com/teutonet/teutonet-helm-charts/commit/1ea1bf9d2bc90f73a5c49f1ea65dbeac8a5bdf5c)) +* **base-cluster/dependencies:** update grafana-tempo docker tag to v3 ([#828](https://github.com/teutonet/teutonet-helm-charts/issues/828)) ([7c0f9ba](https://github.com/teutonet/teutonet-helm-charts/commit/7c0f9bab316b71991e589155576bcfc3ff33d7e8)) +* **base-cluster/dependencies:** update helm release common to v2.16.1 ([#782](https://github.com/teutonet/teutonet-helm-charts/issues/782)) ([e6568d0](https://github.com/teutonet/teutonet-helm-charts/commit/e6568d00ca52f09e904ff4016fd812a039667fd8)) +* **base-cluster/dependencies:** update helm release common to v2.19.0 ([#814](https://github.com/teutonet/teutonet-helm-charts/issues/814)) ([5419c5c](https://github.com/teutonet/teutonet-helm-charts/commit/5419c5c1a6f5af28df6cedd8857430b3c55cf622)) +* **base-cluster/dependencies:** update helm release descheduler to 0.29.x ([#704](https://github.com/teutonet/teutonet-helm-charts/issues/704)) ([61264cb](https://github.com/teutonet/teutonet-helm-charts/commit/61264cbcdb76ff10fbe422d70dc2bebf4cf00ee7)) +* **base-cluster/dependencies:** update helm release kube-prometheus-stack to v57 ([#820](https://github.com/teutonet/teutonet-helm-charts/issues/820)) ([2e64dbe](https://github.com/teutonet/teutonet-helm-charts/commit/2e64dbeca3d846e175ec1e9f4430202ea62cdafc)) +* **base-cluster/dependencies:** update helm release velero to v5.4.1 ([#798](https://github.com/teutonet/teutonet-helm-charts/issues/798)) ([ab8a741](https://github.com/teutonet/teutonet-helm-charts/commit/ab8a741c7a2349c04d58a3fd26d5345ccab98fe0)) +* **base-cluster/dependencies:** update helm release velero to v6 ([#812](https://github.com/teutonet/teutonet-helm-charts/issues/812)) ([b09985e](https://github.com/teutonet/teutonet-helm-charts/commit/b09985e7288c7f688429517d71da2270c87ec499)) +* **base-cluster/dependencies:** update metrics-server docker tag to v7 ([#821](https://github.com/teutonet/teutonet-helm-charts/issues/821)) ([3ca7dbc](https://github.com/teutonet/teutonet-helm-charts/commit/3ca7dbc6cdc9477d5ac0127ff00c0c3d4369db52)) +* **base-cluster/kyverno:** upgrade 🤮 ([#784](https://github.com/teutonet/teutonet-helm-charts/issues/784)) ([1c62356](https://github.com/teutonet/teutonet-helm-charts/commit/1c623567d495a79dd975a1f7807bcaf70a51d11d)) +* **base-cluster:** streamline imagePullPolicy ([#757](https://github.com/teutonet/teutonet-helm-charts/issues/757)) ([61f1c7f](https://github.com/teutonet/teutonet-helm-charts/commit/61f1c7fcbcf713e6d9660dc6d9497733d9e9b93e)) + +## [5.0.1](https://github.com/teutonet/teutonet-helm-charts/compare/base-cluster-v5.0.0...base-cluster-v5.0.1) (2024-02-12) + + +### Bug Fixes + +* **base-cluster/backup:** add defaultBackupStorageLocation flag for velero 🙄 ([#779](https://github.com/teutonet/teutonet-helm-charts/issues/779)) ([d0e9ff9](https://github.com/teutonet/teutonet-helm-charts/commit/d0e9ff973aec296c550c0e34f009459345e82d32)) + +## [5.0.0](https://github.com/teutonet/teutonet-helm-charts/compare/base-cluster-4.12.0...base-cluster-v5.0.0) (2024-02-10) + + +### ⚠ BREAKING CHANGES + +* **base-cluster/backup:** only enable velero if a backupstoragelocation is set ([#763](https://github.com/teutonet/teutonet-helm-charts/issues/763)) + +### Features + +* **base-cluster/grafana:** add dashboards for namespace monitoring ([#712](https://github.com/teutonet/teutonet-helm-charts/issues/712)) ([1651273](https://github.com/teutonet/teutonet-helm-charts/commit/165127347418973f17f5fa8ce6215c38dd067de5)) +* **base-cluster/limitrange-quotas:** add limitrange and resource quota ([#673](https://github.com/teutonet/teutonet-helm-charts/issues/673)) ([f0ac4c2](https://github.com/teutonet/teutonet-helm-charts/commit/f0ac4c2a0079f0cd7350bc613781a62222a2df1d)) + + +### Bug Fixes + +* **base-cluster/backup:** only enable velero if a backupstoragelocation is set ([#763](https://github.com/teutonet/teutonet-helm-charts/issues/763)) ([4dfec43](https://github.com/teutonet/teutonet-helm-charts/commit/4dfec438883114c3f97b177013a238df54e1a100)), closes [#752](https://github.com/teutonet/teutonet-helm-charts/issues/752) +* **base-cluster/cert-manager:** set higher resource quota for cert-ma… ([#742](https://github.com/teutonet/teutonet-helm-charts/issues/742)) ([53a51bb](https://github.com/teutonet/teutonet-helm-charts/commit/53a51bbee0e589e25b40a616e613c699d8a7a094)) + + +### Miscellaneous Chores + +* **base-cluster/artifacthub-images:** Update ArtifactHUB images ([#720](https://github.com/teutonet/teutonet-helm-charts/issues/720)) ([e77941e](https://github.com/teutonet/teutonet-helm-charts/commit/e77941e49a04dcac1ddc56270027fcb2679249e2)) +* **base-cluster/artifacthub-images:** Update ArtifactHUB images ([#735](https://github.com/teutonet/teutonet-helm-charts/issues/735)) ([45842f3](https://github.com/teutonet/teutonet-helm-charts/commit/45842f34fd78b650a24607e6f72befa4ccbc4025)) +* **base-cluster/artifacthub-images:** Update ArtifactHUB images ([#738](https://github.com/teutonet/teutonet-helm-charts/issues/738)) ([c83ff3e](https://github.com/teutonet/teutonet-helm-charts/commit/c83ff3e0ab16038dbd2e7b8b64e70a5d596d534f)) +* **base-cluster/artifacthub-images:** Update ArtifactHUB images ([#744](https://github.com/teutonet/teutonet-helm-charts/issues/744)) ([b8d4d2f](https://github.com/teutonet/teutonet-helm-charts/commit/b8d4d2fb34708b8eb504178625f57b9888c219fe)) +* **base-cluster/artifacthub-images:** Update ArtifactHUB images ([#746](https://github.com/teutonet/teutonet-helm-charts/issues/746)) ([3da1a81](https://github.com/teutonet/teutonet-helm-charts/commit/3da1a8114255d5ef665f45d6314609d800a33bc7)) +* **base-cluster/artifacthub-images:** Update ArtifactHUB images ([#747](https://github.com/teutonet/teutonet-helm-charts/issues/747)) ([72978e3](https://github.com/teutonet/teutonet-helm-charts/commit/72978e3ef9ae046a8dafeca4cb894e2c31abc998)) +* **base-cluster/artifacthub-images:** Update ArtifactHUB images ([#748](https://github.com/teutonet/teutonet-helm-charts/issues/748)) ([92b09a1](https://github.com/teutonet/teutonet-helm-charts/commit/92b09a1596359ad4d15f486895895ceea91afe48)) +* **base-cluster/artifacthub-images:** Update ArtifactHUB images ([#749](https://github.com/teutonet/teutonet-helm-charts/issues/749)) ([b53bd86](https://github.com/teutonet/teutonet-helm-charts/commit/b53bd863fb74c5a1ba09495ce65b1ea96189796d)) +* **base-cluster/artifacthub-images:** Update ArtifactHUB images ([#750](https://github.com/teutonet/teutonet-helm-charts/issues/750)) ([feb6630](https://github.com/teutonet/teutonet-helm-charts/commit/feb66304bbfdf0b39fbdd30c23591bef45f60c3e)) +* **base-cluster/artifacthub-images:** Update ArtifactHUB images ([#760](https://github.com/teutonet/teutonet-helm-charts/issues/760)) ([4b0dac4](https://github.com/teutonet/teutonet-helm-charts/commit/4b0dac422de200597542a7fb0d072af82f4159ca)) +* **base-cluster/artifacthub-images:** Update ArtifactHUB images ([#761](https://github.com/teutonet/teutonet-helm-charts/issues/761)) ([6515b38](https://github.com/teutonet/teutonet-helm-charts/commit/6515b38decbea55fcd958dc70854096bd022731a)) +* **base-cluster/artifacthub-images:** Update ArtifactHUB images ([#762](https://github.com/teutonet/teutonet-helm-charts/issues/762)) ([dd58442](https://github.com/teutonet/teutonet-helm-charts/commit/dd58442fa214b9b00e4701c3a39d0fb725109e38)) +* **base-cluster/artifacthub-images:** Update ArtifactHUB images ([#765](https://github.com/teutonet/teutonet-helm-charts/issues/765)) ([cf7f587](https://github.com/teutonet/teutonet-helm-charts/commit/cf7f587ea403b0135ebe7ebe09076149c1c4cb0f)) +* **base-cluster/artifacthub-images:** Update ArtifactHUB images ([#775](https://github.com/teutonet/teutonet-helm-charts/issues/775)) ([5837439](https://github.com/teutonet/teutonet-helm-charts/commit/58374390f9ae724b33f216776386a22b3a1737be)) +* **base-cluster/artifacthub-images:** Update ArtifactHUB images ([#776](https://github.com/teutonet/teutonet-helm-charts/issues/776)) ([5c04406](https://github.com/teutonet/teutonet-helm-charts/commit/5c04406da62a04b2637cce9b859c0bfd74fb9255)) +* **base-cluster/dependencies:** update docker.io/bitnami/kubectl docker tag to v1.29.1 ([#726](https://github.com/teutonet/teutonet-helm-charts/issues/726)) ([11fa033](https://github.com/teutonet/teutonet-helm-charts/commit/11fa0335f0a13144fd7297e393cd3934a8cfbf24)) +* **base-cluster/dependencies:** update helm release common to v2.14.1 ([#692](https://github.com/teutonet/teutonet-helm-charts/issues/692)) ([c570d70](https://github.com/teutonet/teutonet-helm-charts/commit/c570d70ad5c7dac8e4a5e816838b285e2d75ab2d)) + ## [4.12.0](https://github.com/teutonet/teutonet-helm-charts/compare/base-cluster-4.11.0...base-cluster-v4.12.0) (2024-01-15) diff --git a/charts/base-cluster/Chart.lock b/charts/base-cluster/Chart.lock index 45fa7a7f5..f8b965512 100644 --- a/charts/base-cluster/Chart.lock +++ b/charts/base-cluster/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: https://charts.bitnami.com/bitnami - version: 2.13.4 -digest: sha256:252183c828518d1cebc5eb0accbfd496f235484384f8fde2c5311c40d8336d16 -generated: "2024-01-04T00:53:12.079421259Z" + version: 2.19.1 +digest: sha256:4f539b1fbde383dd5bc020d77d70655108ed4c188b7329c1639df3f1e65de2e0 +generated: "2024-03-27T14:49:47.564987318Z" diff --git a/charts/base-cluster/Chart.yaml b/charts/base-cluster/Chart.yaml index fe91cc043..79b20ed37 100644 --- a/charts/base-cluster/Chart.yaml +++ b/charts/base-cluster/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: base-cluster type: application -version: 4.12.0 +version: 6.0.0 icon: https://teuto.net/favicon.ico maintainers: - name: cwrau @@ -16,47 +16,64 @@ home: https://teuto.net description: A common base for every kubernetes cluster dependencies: - name: common - version: 2.13.4 + version: 2.19.1 repository: https://charts.bitnami.com/bitnami annotations: artifacthub.io/images: | - - image: docker.io/bats/bats:1.8.2 - - image: docker.io/bats/bats:v1.4.1 - - image: docker.io/bitnami/grafana-tempo-query:2.3.1-debian-11-r3 - - image: docker.io/bitnami/grafana-tempo-vulture:2.3.1-debian-11-r3 - - image: docker.io/bitnami/grafana-tempo:2.3.1-debian-11-r3 - - image: docker.io/bitnami/kubectl:1.28 - - image: docker.io/bitnami/kubectl:1.29.0 - - image: docker.io/bitnami/memcached:1.6.23-debian-11-r0 - - image: docker.io/bitnami/metrics-server:0.6.4-debian-11-r75 - - image: docker.io/busybox:1.35 - - image: docker.io/curlimages/curl:7.85.0 - - image: docker.io/curlimages/curl:8.5.0 - - image: docker.io/fluxcd/flux-cli:v2.2.2 - - image: docker.io/grafana/grafana-image-renderer:latest - - image: docker.io/grafana/grafana:10.2.3 - - image: docker.io/grafana/loki:2.6.1 - - image: docker.io/grafana/promtail:2.9.2 - - image: docker.io/otel/opentelemetry-collector-contrib:0.92.0 - - image: docker.io/velero/velero-plugin-for-aws:v1.7.0 - - image: docker.io/velero/velero:v1.12.3 - - image: docker.io/vladgh/gpg@sha256:8514acc9c94607895e3dea724bd85d885252666212567f6632d2654580539ed3 - - image: ghcr.io/aquasecurity/trivy-operator:0.18.2 - - image: ghcr.io/kyverno/cleanup-controller:v1.9.5 - - image: ghcr.io/kyverno/kyverno:v1.9.5 - - image: ghcr.io/kyverno/kyvernopre:v1.9.5 - - image: quay.io/jetstack/cert-manager-cainjector:v1.13.3 - - image: quay.io/jetstack/cert-manager-controller:v1.13.3 - - image: quay.io/jetstack/cert-manager-ctl:v1.13.3 - - image: quay.io/jetstack/cert-manager-webhook:v1.13.3 - - image: quay.io/kiwigrid/k8s-sidecar:1.25.2 - - image: quay.io/prometheus-operator/prometheus-operator:v0.70.0 - - image: quay.io/prometheus/alertmanager:v0.26.0 - - image: quay.io/prometheus/node-exporter:v1.7.0 - - image: quay.io/prometheus/prometheus:v2.48.1 - - image: registry.k8s.io/descheduler/descheduler:v0.28.1 - - image: registry.k8s.io/ingress-nginx/controller:v1.9.5@sha256:b3aba22b1da80e7acfc52b115cae1d4c687172cbf2b742d5b502419c25ff340e - - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20221220-controller-v1.5.1-58-g787ea74b6 - - image: registry.k8s.io/ingress-nginx/opentelemetry:v20230721-3e2062ee5@sha256:13bee3f5223883d3ca62fee7309ad02d22ec00ff0d7033e3e9aca7a9f60fd472 - - image: registry.k8s.io/kube-state-metrics/kube-state-metrics:v2.10.1 - - image: registry.k8s.io/sig-storage/nfs-provisioner:v4.0.8 + - image: docker.io/bats/bats:1.8.2 # loki/HelmRelease/loki/null/Pod/loki-loki-stack-test.yaml + - image: docker.io/bats/bats:v1.4.1 # monitoring/HelmRelease/kube-prometheus-stack/monitoring/Pod/kube-prometheus-stack-grafana-test.yaml + - image: docker.io/bitnami/grafana-tempo-query:2.4.1-debian-12-r0 # monitoring/HelmRelease/grafana-tempo/monitoring/Deployment/grafana-tempo-query-frontend.yaml + - image: docker.io/bitnami/grafana-tempo-vulture:2.4.1-debian-12-r0 # monitoring/HelmRelease/grafana-tempo/monitoring/Deployment/grafana-tempo-vulture.yaml + - image: docker.io/bitnami/grafana-tempo:2.4.1-debian-12-r0 # monitoring/HelmRelease/grafana-tempo/monitoring/Deployment/grafana-tempo-compactor.yaml + - image: docker.io/bitnami/grafana-tempo:2.4.1-debian-12-r0 # monitoring/HelmRelease/grafana-tempo/monitoring/Deployment/grafana-tempo-distributor.yaml + - image: docker.io/bitnami/grafana-tempo:2.4.1-debian-12-r0 # monitoring/HelmRelease/grafana-tempo/monitoring/Deployment/grafana-tempo-metrics-generator.yaml + - image: docker.io/bitnami/grafana-tempo:2.4.1-debian-12-r0 # monitoring/HelmRelease/grafana-tempo/monitoring/Deployment/grafana-tempo-querier.yaml + - image: docker.io/bitnami/grafana-tempo:2.4.1-debian-12-r0 # monitoring/HelmRelease/grafana-tempo/monitoring/Deployment/grafana-tempo-query-frontend.yaml + - image: docker.io/bitnami/grafana-tempo:2.4.1-debian-12-r0 # monitoring/HelmRelease/grafana-tempo/monitoring/StatefulSet/grafana-tempo-ingester.yaml + - image: docker.io/bitnami/kubectl:1.28.5 # kyverno/HelmRelease/kyverno/kyverno/CronJob/kyverno-cleanup-admission-reports.yaml + - image: docker.io/bitnami/kubectl:1.28.5 # kyverno/HelmRelease/kyverno/kyverno/CronJob/kyverno-cleanup-cluster-admission-reports.yaml + - image: docker.io/bitnami/kubectl:1.28.5 # kyverno/HelmRelease/kyverno/kyverno/Job/kyverno-hook-post-upgrade.yaml + - image: docker.io/bitnami/kubectl:1.28.5 # kyverno/HelmRelease/kyverno/kyverno/Job/kyverno-hook-pre-delete.yaml + - image: docker.io/bitnami/kubectl:1.29.3 # default/Job/flux-generate-gpg-key-secret-main.yaml + - image: docker.io/bitnami/kubectl:1.29.3 # default/Job/prevent-uninstallation.yaml + - image: docker.io/bitnami/memcached:1.6.24-debian-12-r0 # monitoring/HelmRelease/grafana-tempo/monitoring/Deployment/grafana-tempo-memcached.yaml + - image: docker.io/bitnami/metrics-server:0.7.0-debian-12-r8 # monitoring/HelmRelease/metrics-server/monitoring/Deployment/metrics-server.yaml + - image: docker.io/busybox:1.35 # kyverno/HelmRelease/kyverno/kyverno/Pod/kyverno-admission-controller-liveness.yaml + - image: docker.io/busybox:1.35 # kyverno/HelmRelease/kyverno/kyverno/Pod/kyverno-admission-controller-metrics.yaml + - image: docker.io/busybox:1.35 # kyverno/HelmRelease/kyverno/kyverno/Pod/kyverno-admission-controller-readiness.yaml + - image: docker.io/busybox:1.35 # kyverno/HelmRelease/kyverno/kyverno/Pod/kyverno-cleanup-controller-liveness.yaml + - image: docker.io/busybox:1.35 # kyverno/HelmRelease/kyverno/kyverno/Pod/kyverno-cleanup-controller-metrics.yaml + - image: docker.io/busybox:1.35 # kyverno/HelmRelease/kyverno/kyverno/Pod/kyverno-cleanup-controller-readiness.yaml + - image: docker.io/busybox:1.35 # kyverno/HelmRelease/kyverno/kyverno/Pod/kyverno-reports-controller-metrics.yaml + - image: docker.io/curlimages/curl:7.85.0 # monitoring/HelmRelease/kube-prometheus-stack/monitoring/Deployment/kube-prometheus-stack-grafana.yaml + - image: docker.io/curlimages/curl:8.6.0 # default/Job/dead-mans-switch-registration.yaml + - image: docker.io/curlimages/curl:8.6.0 # monitoring/CronJob/dead-mans-switch.yaml + - image: docker.io/fluxcd/flux-cli:v2.2.3 # default/Job/flux-generate-ssh-key-secret-main.yaml + - image: docker.io/grafana/grafana-image-renderer:latest # monitoring/HelmRelease/kube-prometheus-stack/monitoring/Deployment/kube-prometheus-stack-grafana-image-renderer.yaml + - image: docker.io/grafana/grafana:10.4.0 # monitoring/HelmRelease/kube-prometheus-stack/monitoring/Deployment/kube-prometheus-stack-grafana.yaml + - image: docker.io/grafana/loki:2.6.1 # loki/HelmRelease/loki/loki/StatefulSet/loki.yaml + - image: docker.io/grafana/promtail:2.9.3 # loki/HelmRelease/loki/loki/DaemonSet/loki-promtail.yaml + - image: docker.io/otel/opentelemetry-collector-contrib:0.96.0 # monitoring/HelmRelease/open-telemetry-collector/monitoring/DaemonSet/open-telemetry-collector-opentelemetry-collector-agent.yaml + - image: docker.io/vladgh/gpg@sha256:8514acc9c94607895e3dea724bd85d885252666212567f6632d2654580539ed3 # default/Job/flux-generate-gpg-key-secret-main.yaml + - image: ghcr.io/aquasecurity/trivy-operator:0.19.1 # trivy/HelmRelease/trivy/trivy/Deployment/trivy-trivy-operator.yaml + - image: ghcr.io/kyverno/background-controller:v1.11.4 # kyverno/HelmRelease/kyverno/kyverno/Deployment/kyverno-background-controller.yaml + - image: ghcr.io/kyverno/cleanup-controller:v1.11.4 # kyverno/HelmRelease/kyverno/kyverno/Deployment/kyverno-cleanup-controller.yaml + - image: ghcr.io/kyverno/kyverno:v1.11.4 # kyverno/HelmRelease/kyverno/kyverno/Deployment/kyverno-admission-controller.yaml + - image: ghcr.io/kyverno/kyvernopre:v1.11.4 # kyverno/HelmRelease/kyverno/kyverno/Deployment/kyverno-admission-controller.yaml + - image: ghcr.io/kyverno/reports-controller:v1.11.4 # kyverno/HelmRelease/kyverno/kyverno/Deployment/kyverno-reports-controller.yaml + - image: quay.io/jetstack/cert-manager-cainjector:v1.14.4 # cert-manager/HelmRelease/cert-manager/cert-manager/Deployment/cert-manager-cainjector.yaml + - image: quay.io/jetstack/cert-manager-controller:v1.14.4 # cert-manager/HelmRelease/cert-manager/cert-manager/Deployment/cert-manager.yaml + - image: quay.io/jetstack/cert-manager-startupapicheck:v1.14.4 # cert-manager/HelmRelease/cert-manager/cert-manager/Job/cert-manager-startupapicheck.yaml + - image: quay.io/jetstack/cert-manager-webhook:v1.14.4 # cert-manager/HelmRelease/cert-manager/cert-manager/Deployment/cert-manager-webhook.yaml + - image: quay.io/kiwigrid/k8s-sidecar:1.26.1 # monitoring/HelmRelease/kube-prometheus-stack/monitoring/Deployment/kube-prometheus-stack-grafana.yaml + - image: quay.io/prometheus-operator/prometheus-operator:v0.72.0 # monitoring/HelmRelease/kube-prometheus-stack/monitoring/Deployment/kube-prometheus-stack-operator.yaml + - image: quay.io/prometheus/alertmanager:v0.27.0 # monitoring/HelmRelease/kube-prometheus-stack/monitoring/Alertmanager/kube-prometheus-stack-alertmanager.yaml + - image: quay.io/prometheus/node-exporter:v1.7.0 # monitoring/HelmRelease/kube-prometheus-stack/monitoring/DaemonSet/kube-prometheus-stack-prometheus-node-exporter.yaml + - image: quay.io/prometheus/prometheus:v2.51.0 # monitoring/HelmRelease/kube-prometheus-stack/monitoring/Prometheus/kube-prometheus-stack-prometheus.yaml + - image: registry.k8s.io/descheduler/descheduler:v0.29.0 # kube-system/HelmRelease/descheduler/kube-system/CronJob/descheduler.yaml + - image: registry.k8s.io/ingress-nginx/controller:v1.10.0@sha256:42b3f0e5d0846876b1791cd3afeb5f1cbbe4259d6f35651dcc1b5c980925379c # ingress-nginx/HelmRelease/ingress-nginx/ingress-nginx/Deployment/ingress-nginx-controller.yaml + - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20221220-controller-v1.5.1-58-g787ea74b6 # monitoring/HelmRelease/kube-prometheus-stack/monitoring/Job/kube-prometheus-stack-admission-create.yaml + - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20221220-controller-v1.5.1-58-g787ea74b6 # monitoring/HelmRelease/kube-prometheus-stack/monitoring/Job/kube-prometheus-stack-admission-patch.yaml + - image: registry.k8s.io/ingress-nginx/opentelemetry:v20230721-3e2062ee5@sha256:13bee3f5223883d3ca62fee7309ad02d22ec00ff0d7033e3e9aca7a9f60fd472 # ingress-nginx/HelmRelease/ingress-nginx/ingress-nginx/Deployment/ingress-nginx-controller.yaml + - image: registry.k8s.io/kube-state-metrics/kube-state-metrics:v2.10.1 # monitoring/HelmRelease/kube-prometheus-stack/monitoring/Deployment/kube-prometheus-stack-kube-state-metrics.yaml + - image: registry.k8s.io/sig-storage/nfs-provisioner:v4.0.8 # nfs-server-provisioner/HelmRelease/nfs-server-provisioner/null/StatefulSet/nfs-server-provisioner.yaml diff --git a/charts/base-cluster/README.md b/charts/base-cluster/README.md index 7b106f87d..2769bf9d4 100644 --- a/charts/base-cluster/README.md +++ b/charts/base-cluster/README.md @@ -1,7 +1,7 @@ [modeline]: # ( vim: set ft=markdown: ) # base-cluster -![Version: 4.12.0](https://img.shields.io/badge/Version-4.12.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) +![Version: 6.0.0](https://img.shields.io/badge/Version-6.0.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) A common base for every kubernetes cluster @@ -22,7 +22,7 @@ A common base for every kubernetes cluster git init # create empty cluster HelmRelease; -flux create helmrelease --export base-cluster -n flux-system --source HelmRepository/teuto-net.flux-system --chart base-cluster --chart-version 4.x.x > cluster.yaml +flux create helmrelease --export base-cluster -n flux-system --source HelmRepository/teuto-net.flux-system --chart base-cluster --chart-version 5.x.x > cluster.yaml # maybe use the following name for your cluster; kubectl get node -o jsonpath='{.items[0].metadata.annotations.cluster\.x-k8s\.io/cluster-name}' @@ -242,7 +242,7 @@ output of `helm -n flux-system get notes base-cluster` | Repository | Name | Version | |------------|------|---------| -| https://charts.bitnami.com/bitnami | common | 2.13.4 | +| https://charts.bitnami.com/bitnami | common | 2.19.0 | This helm chart requires [flux v2 to be installed](https://fluxcd.io/docs/installation), see [bootstrap](#cluster-bootstrap) @@ -301,6 +301,25 @@ leaving them in the cluster on upgrade. The new [t8s-cluster](../t8s-cluster) is going to provide these, the enduser can ignore this change. +### 4.x.x -> 5.0.0 + +The condition if velero gets deployed changed. Velero will not be deployed if you +have not configured its backupstoragelocation. This change is necessary, because +in the current version of velero this value is mandatory. Please move +your existing backupstoragelocation configuration to the base-cluster chart if you +haven't already. + +### 5.x.x -> 6.0.0 + +The kyverno 2.x.x -> 3.x.x upgrade cannot be done without manual intervention, see +https://artifacthub.io/packages/helm/kyverno/kyverno#option-1---uninstallation-and-reinstallation + +So you have to backup your resources and delete the kyverno HelmReleases before the +upgrade, they will be recreated in version 6. + +This also makes kyverno HA, so be aware that kyverno will need more resources in +you cluster. + # base cluster configuration **Title:** base cluster configuration @@ -310,22 +329,22 @@ ignore this change. | **Type** | `object` | | **Additional properties** | [![Not allowed](https://img.shields.io/badge/Not%20allowed-red)](# "Additional Properties not allowed.") | -| Property | Pattern | Type | Deprecated | Definition | Title/Description | -| ------------------------------ | ------- | ------ | ---------- | ---------- | -------------------- | -| - [global](#global ) | No | object | No | - | - | -| - [kyverno](#kyverno ) | No | object | No | - | - | -| - [monitoring](#monitoring ) | No | object | No | - | - | -| - [descheduler](#descheduler ) | No | object | No | - | - | -| - [dns](#dns ) | No | object | No | - | - | -| - [certManager](#certManager ) | No | object | No | - | - | -| - [externalDNS](#externalDNS ) | No | object | No | - | - | -| - [flux](#flux ) | No | object | No | - | - | -| - [ingress](#ingress ) | No | object | No | - | - | -| - [storage](#storage ) | No | object | No | - | - | -| - [reflector](#reflector ) | No | object | No | - | - | -| - [rbac](#rbac ) | No | object | No | - | - | -| - [backup](#backup ) | No | object | No | - | - | -| - [common](#common ) | No | object | No | - | Values for sub-chart | +| Property | Pattern | Type | Deprecated | Definition | Title/Description | +| ------------------------------ | ------- | ----------- | ---------- | ---------- | -------------------- | +| - [global](#global ) | No | object | No | - | - | +| - [kyverno](#kyverno ) | No | object | No | - | - | +| - [monitoring](#monitoring ) | No | object | No | - | - | +| - [descheduler](#descheduler ) | No | object | No | - | - | +| - [dns](#dns ) | No | object | No | - | - | +| - [certManager](#certManager ) | No | object | No | - | - | +| - [externalDNS](#externalDNS ) | No | object | No | - | - | +| - [flux](#flux ) | No | object | No | - | - | +| - [ingress](#ingress ) | No | object | No | - | - | +| - [storage](#storage ) | No | object | No | - | - | +| - [reflector](#reflector ) | No | object | No | - | - | +| - [rbac](#rbac ) | No | object | No | - | - | +| - [backup](#backup ) | No | Combination | No | - | - | +| - [common](#common ) | No | object | No | - | Values for sub-chart | ## 1. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > global` @@ -336,7 +355,7 @@ ignore this change. | Property | Pattern | Type | Deprecated | Definition | Title/Description | | --------------------------------------------------------- | ------- | ---------------- | ---------- | ----------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| + [serviceLevelAgreement](#global_serviceLevelAgreement ) | No | enum (of string) | No | - | The ServiceLevelAgreement with teutonet, will be applied to all alerts as label \`teutosla\` | +| - [serviceLevelAgreement](#global_serviceLevelAgreement ) | No | enum (of string) | No | - | The ServiceLevelAgreement with teutonet, will be applied to all alerts as label \`teutosla\` | | - [clusterName](#global_clusterName ) | No | string | No | - | The name of the cluster, used as subdomain under \`baseDomain\` and as label \`cluster\` on all alerts | | - [baseDomain](#global_baseDomain ) | No | string | No | - | The base domain to be used for cluster ingress | | - [imageRegistry](#global_imageRegistry ) | No | string | No | - | The global container image proxy, e.g. [Nexus](https://artifacthub.io/packages/helm/sonatype/nexus-repository-manager), this needs to support various registries | @@ -353,7 +372,7 @@ ignore this change. | - [priorityClasses](#global_priorityClasses ) | No | object | No | - | - | | - [authentication](#global_authentication ) | No | object | No | - | - | -### 1.1. ![Required](https://img.shields.io/badge/Required-blue) Property `base cluster configuration > global > serviceLevelAgreement` +### 1.1. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > global > serviceLevelAgreement` | | | | ----------- | ------------------ | @@ -946,6 +965,7 @@ test.teuto.net | ------------------------------------------------------------------------------- | ------- | ------ | ---------- | ----------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------ | | - [additionalLabels](#global_namespaces_additionalProperties_additionalLabels ) | No | object | No | - | - | | - [condition](#global_namespaces_additionalProperties_condition ) | No | string | No | Same as [condition](#global_helmRepositories_additionalProperties_condition ) | A condition with which to decide to include the resource. This will be templated. Must return a truthy value | +| - [resources](#global_namespaces_additionalProperties_resources ) | No | object | No | - | - | ##### 1.14.1.1. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > global > namespaces > additionalProperties > additionalLabels` @@ -973,6 +993,106 @@ test.teuto.net **Description:** A condition with which to decide to include the resource. This will be templated. Must return a truthy value +##### 1.14.1.3. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > global > namespaces > additionalProperties > resources` + +| | | +| ------------------------- | -------------------------------------------------------------------------------------------------------- | +| **Type** | `object` | +| **Additional properties** | [![Not allowed](https://img.shields.io/badge/Not%20allowed-red)](# "Additional Properties not allowed.") | + +| Property | Pattern | Type | Deprecated | Definition | Title/Description | +| ------------------------------------------------------------------------- | ------- | ------ | ---------- | ---------- | --------------------------------------------------------------- | +| - [defaults](#global_namespaces_additionalProperties_resources_defaults ) | No | object | No | - | - | +| - [quotas](#global_namespaces_additionalProperties_resources_quotas ) | No | object | No | - | See https://kubernetes.io/docs/concepts/policy/resource-quotas/ | + +##### 1.14.1.3.1. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > global > namespaces > additionalProperties > resources > defaults` + +| | | +| ------------------------- | -------------------------------------------------------------------------------------------------------- | +| **Type** | `object` | +| **Additional properties** | [![Not allowed](https://img.shields.io/badge/Not%20allowed-red)](# "Additional Properties not allowed.") | + +| Property | Pattern | Type | Deprecated | Definition | Title/Description | +| ---------------------------------------------------------------------------------- | ------- | ------ | ---------- | ---------- | ----------------- | +| - [requests](#global_namespaces_additionalProperties_resources_defaults_requests ) | No | object | No | - | - | +| - [limits](#global_namespaces_additionalProperties_resources_defaults_limits ) | No | object | No | - | - | + +##### 1.14.1.3.1.1. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > global > namespaces > additionalProperties > resources > defaults > requests` + +| | | +| ------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| **Type** | `object` | +| **Additional properties** | [![Should-conform](https://img.shields.io/badge/Should-conform-blue)](#global_namespaces_additionalProperties_resources_defaults_requests_additionalProperties "Each additional property must conform to the following schema") | + +| Property | Pattern | Type | Deprecated | Definition | Title/Description | +| ----------------------------------------------------------------------------------------------- | ------- | ------ | ---------- | ------------------- | ----------------- | +| - [](#global_namespaces_additionalProperties_resources_defaults_requests_additionalProperties ) | No | object | No | In #/$defs/quantity | - | + +##### 1.14.1.3.1.1.1. Property `base cluster configuration > global > namespaces > additionalProperties > resources > defaults > requests > quantity` + +| | | +| ------------------------- | --------------------------------------------------------------------------------------------------------------------------------- | +| **Type** | `object` | +| **Additional properties** | [![Any type: allowed](https://img.shields.io/badge/Any%20type-allowed-green)](# "Additional Properties of any type are allowed.") | +| **Defined in** | #/$defs/quantity | + +| One of(Option) | +| ----------------------------------------------------------------------------------------------------------- | +| [item 0](#global_namespaces_additionalProperties_resources_defaults_requests_additionalProperties_oneOf_i0) | +| [item 1](#global_namespaces_additionalProperties_resources_defaults_requests_additionalProperties_oneOf_i1) | + +##### 1.14.1.3.1.1.1.1. Property `base cluster configuration > global > namespaces > additionalProperties > resources > defaults > requests > additionalProperties > oneOf > item 0` + +| | | +| -------- | -------- | +| **Type** | `string` | + +##### 1.14.1.3.1.1.1.2. Property `base cluster configuration > global > namespaces > additionalProperties > resources > defaults > requests > additionalProperties > oneOf > item 1` + +| | | +| -------- | -------- | +| **Type** | `number` | + +##### 1.14.1.3.1.2. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > global > namespaces > additionalProperties > resources > defaults > limits` + +| | | +| ------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| **Type** | `object` | +| **Additional properties** | [![Should-conform](https://img.shields.io/badge/Should-conform-blue)](#global_namespaces_additionalProperties_resources_defaults_limits_additionalProperties "Each additional property must conform to the following schema") | + +| Property | Pattern | Type | Deprecated | Definition | Title/Description | +| --------------------------------------------------------------------------------------------- | ------- | ------ | ---------- | -------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------- | +| - [](#global_namespaces_additionalProperties_resources_defaults_limits_additionalProperties ) | No | object | No | Same as [io.k8s.apimachinery.pkg.api.resource.Quantity](#global_namespaces_additionalProperties_resources_defaults_requests_additionalProperties ) | - | + +##### 1.14.1.3.1.2.1. Property `base cluster configuration > global > namespaces > additionalProperties > resources > defaults > limits > quantity` + +| | | +| ------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------- | +| **Type** | `object` | +| **Additional properties** | [![Any type: allowed](https://img.shields.io/badge/Any%20type-allowed-green)](# "Additional Properties of any type are allowed.") | +| **Same definition as** | [io.k8s.apimachinery.pkg.api.resource.Quantity](#global_namespaces_additionalProperties_resources_defaults_requests_additionalProperties) | + +##### 1.14.1.3.2. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > global > namespaces > additionalProperties > resources > quotas` + +| | | +| ------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| **Type** | `object` | +| **Additional properties** | [![Should-conform](https://img.shields.io/badge/Should-conform-blue)](#global_namespaces_additionalProperties_resources_quotas_additionalProperties "Each additional property must conform to the following schema") | + +**Description:** See https://kubernetes.io/docs/concepts/policy/resource-quotas/ + +| Property | Pattern | Type | Deprecated | Definition | Title/Description | +| ------------------------------------------------------------------------------------ | ------- | ------ | ---------- | -------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------- | +| - [](#global_namespaces_additionalProperties_resources_quotas_additionalProperties ) | No | object | No | Same as [io.k8s.apimachinery.pkg.api.resource.Quantity](#global_namespaces_additionalProperties_resources_defaults_requests_additionalProperties ) | - | + +##### 1.14.1.3.2.1. Property `base cluster configuration > global > namespaces > additionalProperties > resources > quotas > quantity` + +| | | +| ------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------- | +| **Type** | `object` | +| **Additional properties** | [![Any type: allowed](https://img.shields.io/badge/Any%20type-allowed-green)](# "Additional Properties of any type are allowed.") | +| **Same definition as** | [io.k8s.apimachinery.pkg.api.resource.Quantity](#global_namespaces_additionalProperties_resources_defaults_requests_additionalProperties) | + ### 1.15. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > global > priorityClasses` | | | @@ -1213,34 +1333,17 @@ This field is immutable. It can only be set for containers. **Description:** Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ -| Property | Pattern | Type | Deprecated | Definition | Title/Description | -| ------------------------------------------------------------------------------ | ------- | ------ | ---------- | -------------------------------------------------------------- | ----------------- | -| - [](#global_authentication_oauthProxy_resources_limits_additionalProperties ) | No | object | No | In #/definitions/io.k8s.apimachinery.pkg.api.resource.Quantity | - | +| Property | Pattern | Type | Deprecated | Definition | Title/Description | +| ------------------------------------------------------------------------------ | ------- | ------ | ---------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------- | +| - [](#global_authentication_oauthProxy_resources_limits_additionalProperties ) | No | object | No | Same as [global_namespaces_additionalProperties_resources_defaults_requests_additionalProperties](#global_namespaces_additionalProperties_resources_defaults_requests_additionalProperties ) | - | ##### 1.16.3.2.2.1. Property `base cluster configuration > global > authentication > oauthProxy > resources > limits > io.k8s.apimachinery.pkg.api.resource.Quantity` -| | | -| ------------------------- | --------------------------------------------------------------------------------------------------------------------------------- | -| **Type** | `combining` | -| **Additional properties** | [![Any type: allowed](https://img.shields.io/badge/Any%20type-allowed-green)](# "Additional Properties of any type are allowed.") | -| **Defined in** | #/definitions/io.k8s.apimachinery.pkg.api.resource.Quantity | - -| One of(Option) | -| ------------------------------------------------------------------------------------------ | -| [item 0](#global_authentication_oauthProxy_resources_limits_additionalProperties_oneOf_i0) | -| [item 1](#global_authentication_oauthProxy_resources_limits_additionalProperties_oneOf_i1) | - -##### 1.16.3.2.2.1.1. Property `base cluster configuration > global > authentication > oauthProxy > resources > limits > additionalProperties > oneOf > item 0` - -| | | -| -------- | -------- | -| **Type** | `string` | - -##### 1.16.3.2.2.1.2. Property `base cluster configuration > global > authentication > oauthProxy > resources > limits > additionalProperties > oneOf > item 1` - -| | | -| -------- | -------- | -| **Type** | `number` | +| | | +| ------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| **Type** | `combining` | +| **Additional properties** | [![Any type: allowed](https://img.shields.io/badge/Any%20type-allowed-green)](# "Additional Properties of any type are allowed.") | +| **Same definition as** | [global_namespaces_additionalProperties_resources_defaults_requests_additionalProperties](#global_namespaces_additionalProperties_resources_defaults_requests_additionalProperties) | ##### 1.16.3.2.3. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > global > authentication > oauthProxy > resources > requests` @@ -1251,17 +1354,17 @@ This field is immutable. It can only be set for containers. **Description:** Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ -| Property | Pattern | Type | Deprecated | Definition | Title/Description | -| -------------------------------------------------------------------------------- | ------- | ------ | ---------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------- | -| - [](#global_authentication_oauthProxy_resources_requests_additionalProperties ) | No | object | No | Same as [global_authentication_oauthProxy_resources_limits_additionalProperties](#global_authentication_oauthProxy_resources_limits_additionalProperties ) | - | +| Property | Pattern | Type | Deprecated | Definition | Title/Description | +| -------------------------------------------------------------------------------- | ------- | ------ | ---------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------- | +| - [](#global_authentication_oauthProxy_resources_requests_additionalProperties ) | No | object | No | Same as [global_namespaces_additionalProperties_resources_defaults_requests_additionalProperties](#global_namespaces_additionalProperties_resources_defaults_requests_additionalProperties ) | - | ##### 1.16.3.2.3.1. Property `base cluster configuration > global > authentication > oauthProxy > resources > requests > io.k8s.apimachinery.pkg.api.resource.Quantity` -| | | -| ------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------- | -| **Type** | `combining` | -| **Additional properties** | [![Any type: allowed](https://img.shields.io/badge/Any%20type-allowed-green)](# "Additional Properties of any type are allowed.") | -| **Same definition as** | [global_authentication_oauthProxy_resources_limits_additionalProperties](#global_authentication_oauthProxy_resources_limits_additionalProperties) | +| | | +| ------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| **Type** | `combining` | +| **Additional properties** | [![Any type: allowed](https://img.shields.io/badge/Any%20type-allowed-green)](# "Additional Properties of any type are allowed.") | +| **Same definition as** | [global_namespaces_additionalProperties_resources_defaults_requests_additionalProperties](#global_namespaces_additionalProperties_resources_defaults_requests_additionalProperties) | ## 2. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > kyverno` @@ -1474,10 +1577,10 @@ Must be one of: | **Type** | `object` | | **Additional properties** | [![Not allowed](https://img.shields.io/badge/Not%20allowed-red)](# "Additional Properties not allowed.") | -| Property | Pattern | Type | Deprecated | Definition | Title/Description | -| ------------------------------------------------------------------ | ------- | ------ | ---------- | --------------------------------------------- | ---------------------------------------------------------------------------------------------------------------- | -| - [storageClass](#monitoring_prometheus_persistence_storageClass ) | No | string | No | Same as [storageClass](#global_storageClass ) | The storageClass to use for persistence, e.g. for prometheus, otherwise use the cluster default (teutostack-ssd) | -| - [size](#monitoring_prometheus_persistence_size ) | No | object | No | In #/$defs/quantity | - | +| Property | Pattern | Type | Deprecated | Definition | Title/Description | +| ------------------------------------------------------------------ | ------- | ------ | ---------- | -------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------- | +| - [storageClass](#monitoring_prometheus_persistence_storageClass ) | No | string | No | Same as [storageClass](#global_storageClass ) | The storageClass to use for persistence, e.g. for prometheus, otherwise use the cluster default (teutostack-ssd) | +| - [size](#monitoring_prometheus_persistence_size ) | No | object | No | Same as [io.k8s.apimachinery.pkg.api.resource.Quantity](#global_namespaces_additionalProperties_resources_defaults_requests_additionalProperties ) | - | ##### 3.4.6.1. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > prometheus > persistence > storageClass` @@ -1490,11 +1593,11 @@ Must be one of: ##### 3.4.6.2. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > prometheus > persistence > size` -| | | -| ------------------------- | --------------------------------------------------------------------------------------------------------------------------------- | -| **Type** | `object` | -| **Additional properties** | [![Any type: allowed](https://img.shields.io/badge/Any%20type-allowed-green)](# "Additional Properties of any type are allowed.") | -| **Defined in** | #/$defs/quantity | +| | | +| ------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------- | +| **Type** | `object` | +| **Additional properties** | [![Any type: allowed](https://img.shields.io/badge/Any%20type-allowed-green)](# "Additional Properties of any type are allowed.") | +| **Same definition as** | [io.k8s.apimachinery.pkg.api.resource.Quantity](#global_namespaces_additionalProperties_resources_defaults_requests_additionalProperties) | #### 3.4.7. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > prometheus > operator` @@ -1725,10 +1828,10 @@ Must be one of: | **Type** | `object` | | **Additional properties** | [![Not allowed](https://img.shields.io/badge/Not%20allowed-red)](# "Additional Properties not allowed.") | -| Property | Pattern | Type | Deprecated | Definition | Title/Description | -| ------------------------------------------------------------------------------- | ------- | ------ | ---------- | -------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------- | -| - [storageClass](#monitoring_prometheus_alertmanager_persistence_storageClass ) | No | string | No | Same as [storageClass](#global_storageClass ) | The storageClass to use for persistence, e.g. for prometheus, otherwise use the cluster default (teutostack-ssd) | -| - [size](#monitoring_prometheus_alertmanager_persistence_size ) | No | object | No | Same as [size](#monitoring_prometheus_persistence_size ) | - | +| Property | Pattern | Type | Deprecated | Definition | Title/Description | +| ------------------------------------------------------------------------------- | ------- | ------ | ---------- | -------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------- | +| - [storageClass](#monitoring_prometheus_alertmanager_persistence_storageClass ) | No | string | No | Same as [storageClass](#global_storageClass ) | The storageClass to use for persistence, e.g. for prometheus, otherwise use the cluster default (teutostack-ssd) | +| - [size](#monitoring_prometheus_alertmanager_persistence_size ) | No | object | No | Same as [io.k8s.apimachinery.pkg.api.resource.Quantity](#global_namespaces_additionalProperties_resources_defaults_requests_additionalProperties ) | - | ##### 3.4.11.5.1. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > prometheus > alertmanager > persistence > storageClass` @@ -1741,11 +1844,11 @@ Must be one of: ##### 3.4.11.5.2. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > prometheus > alertmanager > persistence > size` -| | | -| ------------------------- | --------------------------------------------------------------------------------------------------------------------------------- | -| **Type** | `object` | -| **Additional properties** | [![Any type: allowed](https://img.shields.io/badge/Any%20type-allowed-green)](# "Additional Properties of any type are allowed.") | -| **Same definition as** | [size](#monitoring_prometheus_persistence_size) | +| | | +| ------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------- | +| **Type** | `object` | +| **Additional properties** | [![Any type: allowed](https://img.shields.io/badge/Any%20type-allowed-green)](# "Additional Properties of any type are allowed.") | +| **Same definition as** | [io.k8s.apimachinery.pkg.api.resource.Quantity](#global_namespaces_additionalProperties_resources_defaults_requests_additionalProperties) | ### 3.5. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > grafana` @@ -2002,18 +2105,18 @@ Must be one of: | **Type** | `object` | | **Additional properties** | [![Not allowed](https://img.shields.io/badge/Not%20allowed-red)](# "Additional Properties not allowed.") | -| Property | Pattern | Type | Deprecated | Definition | Title/Description | -| ------------------------------------------------------------ | ------- | ------ | ---------- | -------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------- | -| - [size](#monitoring_loki_persistence_size ) | No | object | No | Same as [size](#monitoring_prometheus_persistence_size ) | - | -| - [storageClass](#monitoring_loki_persistence_storageClass ) | No | string | No | Same as [storageClass](#global_storageClass ) | The storageClass to use for persistence, e.g. for prometheus, otherwise use the cluster default (teutostack-ssd) | +| Property | Pattern | Type | Deprecated | Definition | Title/Description | +| ------------------------------------------------------------ | ------- | ------ | ---------- | -------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------- | +| - [size](#monitoring_loki_persistence_size ) | No | object | No | Same as [io.k8s.apimachinery.pkg.api.resource.Quantity](#global_namespaces_additionalProperties_resources_defaults_requests_additionalProperties ) | - | +| - [storageClass](#monitoring_loki_persistence_storageClass ) | No | string | No | Same as [storageClass](#global_storageClass ) | The storageClass to use for persistence, e.g. for prometheus, otherwise use the cluster default (teutostack-ssd) | ##### 3.6.2.1. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > loki > persistence > size` -| | | -| ------------------------- | --------------------------------------------------------------------------------------------------------------------------------- | -| **Type** | `object` | -| **Additional properties** | [![Any type: allowed](https://img.shields.io/badge/Any%20type-allowed-green)](# "Additional Properties of any type are allowed.") | -| **Same definition as** | [size](#monitoring_prometheus_persistence_size) | +| | | +| ------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------- | +| **Type** | `object` | +| **Additional properties** | [![Any type: allowed](https://img.shields.io/badge/Any%20type-allowed-green)](# "Additional Properties of any type are allowed.") | +| **Same definition as** | [io.k8s.apimachinery.pkg.api.resource.Quantity](#global_namespaces_additionalProperties_resources_defaults_requests_additionalProperties) | ##### 3.6.2.2. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > monitoring > loki > persistence > storageClass` @@ -2958,18 +3061,18 @@ Must be one of: | **Type** | `object` | | **Additional properties** | [![Not allowed](https://img.shields.io/badge/Not%20allowed-red)](# "Additional Properties not allowed.") | -| Property | Pattern | Type | Deprecated | Definition | Title/Description | -| ------------------------------------------------------------------ | ------- | ------ | ---------- | -------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------- | -| - [size](#storage_readWriteMany_persistence_size ) | No | object | No | Same as [size](#monitoring_prometheus_persistence_size ) | - | -| - [storageClass](#storage_readWriteMany_persistence_storageClass ) | No | string | No | Same as [storageClass](#global_storageClass ) | The storageClass to use for persistence, e.g. for prometheus, otherwise use the cluster default (teutostack-ssd) | +| Property | Pattern | Type | Deprecated | Definition | Title/Description | +| ------------------------------------------------------------------ | ------- | ------ | ---------- | -------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------- | +| - [size](#storage_readWriteMany_persistence_size ) | No | object | No | Same as [io.k8s.apimachinery.pkg.api.resource.Quantity](#global_namespaces_additionalProperties_resources_defaults_requests_additionalProperties ) | - | +| - [storageClass](#storage_readWriteMany_persistence_storageClass ) | No | string | No | Same as [storageClass](#global_storageClass ) | The storageClass to use for persistence, e.g. for prometheus, otherwise use the cluster default (teutostack-ssd) | ##### 10.1.3.1. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > storage > readWriteMany > persistence > size` -| | | -| ------------------------- | --------------------------------------------------------------------------------------------------------------------------------- | -| **Type** | `object` | -| **Additional properties** | [![Any type: allowed](https://img.shields.io/badge/Any%20type-allowed-green)](# "Additional Properties of any type are allowed.") | -| **Same definition as** | [size](#monitoring_prometheus_persistence_size) | +| | | +| ------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------- | +| **Type** | `object` | +| **Additional properties** | [![Any type: allowed](https://img.shields.io/badge/Any%20type-allowed-green)](# "Additional Properties of any type are allowed.") | +| **Same definition as** | [io.k8s.apimachinery.pkg.api.resource.Quantity](#global_namespaces_additionalProperties_resources_defaults_requests_additionalProperties) | ##### 10.1.3.2. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > storage > readWriteMany > persistence > storageClass` @@ -3126,24 +3229,61 @@ Specific value: `"auto"` | | | | ------------------------- | -------------------------------------------------------------------------------------------------------- | -| **Type** | `object` | +| **Type** | `combining` | | **Additional properties** | [![Not allowed](https://img.shields.io/badge/Not%20allowed-red)](# "Additional Properties not allowed.") | -| Property | Pattern | Type | Deprecated | Definition | Title/Description | -| ----------------------------------------------------------- | ------- | ------- | ---------- | ----------------------------------------------------------------- | ----------------------------------------------------------------- | -| - [enabled](#backup_enabled ) | No | boolean | No | - | - | -| - [resources](#backup_resources ) | No | object | No | Same as [resources](#global_authentication_oauthProxy_resources ) | ResourceRequirements describes the compute resource requirements. | -| - [backupStorageLocations](#backup_backupStorageLocations ) | No | object | No | - | - | -| - [defaultLocation](#backup_defaultLocation ) | No | string | No | - | - | -| - [nodeAgent](#backup_nodeAgent ) | No | object | No | - | - | +| Property | Pattern | Type | Deprecated | Definition | Title/Description | +| ----------------------------------------------------------- | ------- | ------ | ---------- | ----------------------------------------------------------------- | ----------------------------------------------------------------- | +| - [resources](#backup_resources ) | No | object | No | Same as [resources](#global_authentication_oauthProxy_resources ) | ResourceRequirements describes the compute resource requirements. | +| - [backupStorageLocations](#backup_backupStorageLocations ) | No | object | No | - | - | +| - [defaultLocation](#backup_defaultLocation ) | No | string | No | - | - | +| - [nodeAgent](#backup_nodeAgent ) | No | object | No | - | - | -### 13.1. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > backup > enabled` +| One of(Option) | +| -------------------------- | +| [item 0](#backup_oneOf_i0) | +| [item 1](#backup_oneOf_i1) | -| | | -| -------- | --------- | -| **Type** | `boolean` | +### 13.1. Property `base cluster configuration > backup > oneOf > item 0` + +| | | +| ------------------------- | --------------------------------------------------------------------------------------------------------------------------------- | +| **Type** | `object` | +| **Additional properties** | [![Any type: allowed](https://img.shields.io/badge/Any%20type-allowed-green)](# "Additional Properties of any type are allowed.") | + +| Property | Pattern | Type | Deprecated | Definition | Title/Description | +| -------------------------------------------------------------------- | ------- | ------ | ---------- | ---------- | ----------------- | +| - [backupStorageLocations](#backup_oneOf_i0_backupStorageLocations ) | No | object | No | - | - | + +#### 13.1.1. The following properties are required +* defaultLocation + +#### 13.1.2. Property `base cluster configuration > backup > oneOf > item 0 > backupStorageLocations` + +| | | +| ------------------------- | --------------------------------------------------------------------------------------------------------------------------------- | +| **Type** | `object` | +| **Additional properties** | [![Any type: allowed](https://img.shields.io/badge/Any%20type-allowed-green)](# "Additional Properties of any type are allowed.") | + +### 13.2. Property `base cluster configuration > backup > oneOf > item 1` + +| | | +| ------------------------- | --------------------------------------------------------------------------------------------------------------------------------- | +| **Type** | `object` | +| **Additional properties** | [![Any type: allowed](https://img.shields.io/badge/Any%20type-allowed-green)](# "Additional Properties of any type are allowed.") | + +| Property | Pattern | Type | Deprecated | Definition | Title/Description | +| -------------------------------------------------------------------- | ------- | ------ | ---------- | ---------- | ----------------- | +| - [backupStorageLocations](#backup_oneOf_i1_backupStorageLocations ) | No | object | No | - | - | + +#### 13.2.1. Property `base cluster configuration > backup > oneOf > item 1 > backupStorageLocations` + +| | | +| ------------------------- | --------------------------------------------------------------------------------------------------------------------------------- | +| **Type** | `object` | +| **Additional properties** | [![Any type: allowed](https://img.shields.io/badge/Any%20type-allowed-green)](# "Additional Properties of any type are allowed.") | -### 13.2. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > backup > resources` +### 13.3. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > backup > resources` | | | | ------------------------- | --------------------------------------------------------------------------------------------------------------------------------- | @@ -3153,7 +3293,7 @@ Specific value: `"auto"` **Description:** ResourceRequirements describes the compute resource requirements. -### 13.3. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > backup > backupStorageLocations` +### 13.4. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > backup > backupStorageLocations` | | | | ------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | @@ -3164,7 +3304,7 @@ Specific value: `"auto"` | ---------------------------------------------------------- | ------- | ------ | ---------- | ---------- | ----------------- | | - [](#backup_backupStorageLocations_additionalProperties ) | No | object | No | - | - | -#### 13.3.1. Property `base cluster configuration > backup > backupStorageLocations > additionalProperties` +#### 13.4.1. Property `base cluster configuration > backup > backupStorageLocations > additionalProperties` | | | | ------------------------- | -------------------------------------------------------------------------------------------------------- | @@ -3177,7 +3317,7 @@ Specific value: `"auto"` | + [bucket](#backup_backupStorageLocations_additionalProperties_bucket ) | No | string | No | - | - | | - [prefix](#backup_backupStorageLocations_additionalProperties_prefix ) | No | string | No | - | - | -##### 13.3.1.1. ![Required](https://img.shields.io/badge/Required-blue) Property `base cluster configuration > backup > backupStorageLocations > additionalProperties > provider` +##### 13.4.1.1. ![Required](https://img.shields.io/badge/Required-blue) Property `base cluster configuration > backup > backupStorageLocations > additionalProperties > provider` | | | | ------------------------- | -------------------------------------------------------------------------------------------------------- | @@ -3188,7 +3328,7 @@ Specific value: `"auto"` | ------------------------------------------------------------------------------ | ------- | ----------- | ---------- | ---------- | ----------------- | | - [minio](#backup_backupStorageLocations_additionalProperties_provider_minio ) | No | Combination | No | - | - | -##### 13.3.1.1.1. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > backup > backupStorageLocations > additionalProperties > provider > minio` +##### 13.4.1.1.1. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > backup > backupStorageLocations > additionalProperties > provider > minio` | | | | ------------------------- | -------------------------------------------------------------------------------------------------------- | @@ -3210,35 +3350,35 @@ Specific value: `"auto"` | [item 1](#backup_backupStorageLocations_additionalProperties_provider_minio_oneOf_i1) | | [item 2](#backup_backupStorageLocations_additionalProperties_provider_minio_oneOf_i2) | -##### 13.3.1.1.1.1. Property `base cluster configuration > backup > backupStorageLocations > additionalProperties > provider > minio > oneOf > item 0` +##### 13.4.1.1.1.1. Property `base cluster configuration > backup > backupStorageLocations > additionalProperties > provider > minio > oneOf > item 0` | | | | ------------------------- | --------------------------------------------------------------------------------------------------------------------------------- | | **Type** | `object` | | **Additional properties** | [![Any type: allowed](https://img.shields.io/badge/Any%20type-allowed-green)](# "Additional Properties of any type are allowed.") | -##### 13.3.1.1.1.1.1. The following properties are required +##### 13.4.1.1.1.1.1. The following properties are required * accessKeyID * secretAccessKey -##### 13.3.1.1.1.2. Property `base cluster configuration > backup > backupStorageLocations > additionalProperties > provider > minio > oneOf > item 1` +##### 13.4.1.1.1.2. Property `base cluster configuration > backup > backupStorageLocations > additionalProperties > provider > minio > oneOf > item 1` | | | | ------------------------- | --------------------------------------------------------------------------------------------------------------------------------- | | **Type** | `object` | | **Additional properties** | [![Any type: allowed](https://img.shields.io/badge/Any%20type-allowed-green)](# "Additional Properties of any type are allowed.") | -##### 13.3.1.1.1.2.1. The following properties are required +##### 13.4.1.1.1.2.1. The following properties are required * existingSecret -##### 13.3.1.1.1.3. Property `base cluster configuration > backup > backupStorageLocations > additionalProperties > provider > minio > oneOf > item 2` +##### 13.4.1.1.1.3. Property `base cluster configuration > backup > backupStorageLocations > additionalProperties > provider > minio > oneOf > item 2` | | | | ------------------------- | --------------------------------------------------------------------------------------------------------------------------------- | | **Type** | `combining` | | **Additional properties** | [![Any type: allowed](https://img.shields.io/badge/Any%20type-allowed-green)](# "Additional Properties of any type are allowed.") | -##### 13.3.1.1.1.3.1. Must **not** be +##### 13.4.1.1.1.3.1. Must **not** be | | | | ------------------------- | --------------------------------------------------------------------------------------------------------------------------------- | @@ -3251,49 +3391,49 @@ Specific value: `"auto"` | [item 1](#backup_backupStorageLocations_additionalProperties_provider_minio_oneOf_i2_not_anyOf_i1) | | [item 2](#backup_backupStorageLocations_additionalProperties_provider_minio_oneOf_i2_not_anyOf_i2) | -##### 13.3.1.1.1.3.1.1. Property `base cluster configuration > backup > backupStorageLocations > additionalProperties > provider > minio > oneOf > item 2 > not > anyOf > item 0` +##### 13.4.1.1.1.3.1.1. Property `base cluster configuration > backup > backupStorageLocations > additionalProperties > provider > minio > oneOf > item 2 > not > anyOf > item 0` | | | | ------------------------- | --------------------------------------------------------------------------------------------------------------------------------- | | **Type** | `object` | | **Additional properties** | [![Any type: allowed](https://img.shields.io/badge/Any%20type-allowed-green)](# "Additional Properties of any type are allowed.") | -##### 13.3.1.1.1.3.1.1.1. The following properties are required +##### 13.4.1.1.1.3.1.1.1. The following properties are required * accessKeyID -##### 13.3.1.1.1.3.1.2. Property `base cluster configuration > backup > backupStorageLocations > additionalProperties > provider > minio > oneOf > item 2 > not > anyOf > item 1` +##### 13.4.1.1.1.3.1.2. Property `base cluster configuration > backup > backupStorageLocations > additionalProperties > provider > minio > oneOf > item 2 > not > anyOf > item 1` | | | | ------------------------- | --------------------------------------------------------------------------------------------------------------------------------- | | **Type** | `object` | | **Additional properties** | [![Any type: allowed](https://img.shields.io/badge/Any%20type-allowed-green)](# "Additional Properties of any type are allowed.") | -##### 13.3.1.1.1.3.1.2.1. The following properties are required +##### 13.4.1.1.1.3.1.2.1. The following properties are required * secretAccessKey -##### 13.3.1.1.1.3.1.3. Property `base cluster configuration > backup > backupStorageLocations > additionalProperties > provider > minio > oneOf > item 2 > not > anyOf > item 2` +##### 13.4.1.1.1.3.1.3. Property `base cluster configuration > backup > backupStorageLocations > additionalProperties > provider > minio > oneOf > item 2 > not > anyOf > item 2` | | | | ------------------------- | --------------------------------------------------------------------------------------------------------------------------------- | | **Type** | `object` | | **Additional properties** | [![Any type: allowed](https://img.shields.io/badge/Any%20type-allowed-green)](# "Additional Properties of any type are allowed.") | -##### 13.3.1.1.1.3.1.3.1. The following properties are required +##### 13.4.1.1.1.3.1.3.1. The following properties are required * existingSecret -##### 13.3.1.1.1.4. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > backup > backupStorageLocations > additionalProperties > provider > minio > accessKeyID` +##### 13.4.1.1.1.4. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > backup > backupStorageLocations > additionalProperties > provider > minio > accessKeyID` | | | | -------- | -------- | | **Type** | `string` | -##### 13.3.1.1.1.5. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > backup > backupStorageLocations > additionalProperties > provider > minio > secretAccessKey` +##### 13.4.1.1.1.5. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > backup > backupStorageLocations > additionalProperties > provider > minio > secretAccessKey` | | | | -------- | -------- | | **Type** | `string` | -##### 13.3.1.1.1.6. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > backup > backupStorageLocations > additionalProperties > provider > minio > existingSecret` +##### 13.4.1.1.1.6. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > backup > backupStorageLocations > additionalProperties > provider > minio > existingSecret` | | | | ------------------------- | -------------------------------------------------------------------------------------------------------- | @@ -3305,13 +3445,13 @@ Specific value: `"auto"` | + [name](#backup_backupStorageLocations_additionalProperties_provider_minio_existingSecret_name ) | No | string | No | - | - | | - [key](#backup_backupStorageLocations_additionalProperties_provider_minio_existingSecret_key ) | No | string | No | - | The default is <$providerName-$name> (e.g. 'minio-prod') | -##### 13.3.1.1.1.6.1. ![Required](https://img.shields.io/badge/Required-blue) Property `base cluster configuration > backup > backupStorageLocations > additionalProperties > provider > minio > existingSecret > name` +##### 13.4.1.1.1.6.1. ![Required](https://img.shields.io/badge/Required-blue) Property `base cluster configuration > backup > backupStorageLocations > additionalProperties > provider > minio > existingSecret > name` | | | | -------- | -------- | | **Type** | `string` | -##### 13.3.1.1.1.6.2. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > backup > backupStorageLocations > additionalProperties > provider > minio > existingSecret > key` +##### 13.4.1.1.1.6.2. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > backup > backupStorageLocations > additionalProperties > provider > minio > existingSecret > key` | | | | -------- | -------- | @@ -3319,45 +3459,45 @@ Specific value: `"auto"` **Description:** The default is <$providerName-$name> (e.g. 'minio-prod') -##### 13.3.1.1.1.7. ![Required](https://img.shields.io/badge/Required-blue) Property `base cluster configuration > backup > backupStorageLocations > additionalProperties > provider > minio > url` +##### 13.4.1.1.1.7. ![Required](https://img.shields.io/badge/Required-blue) Property `base cluster configuration > backup > backupStorageLocations > additionalProperties > provider > minio > url` | | | | -------- | -------- | | **Type** | `string` | -##### 13.3.1.1.1.8. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > backup > backupStorageLocations > additionalProperties > provider > minio > region` +##### 13.4.1.1.1.8. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > backup > backupStorageLocations > additionalProperties > provider > minio > region` | | | | ----------- | ----------- | | **Type** | `string` | | **Default** | `"Region1"` | -##### 13.3.1.1.1.9. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > backup > backupStorageLocations > additionalProperties > provider > minio > forcePathStyle` +##### 13.4.1.1.1.9. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > backup > backupStorageLocations > additionalProperties > provider > minio > forcePathStyle` | | | | ----------- | --------- | | **Type** | `boolean` | | **Default** | `true` | -##### 13.3.1.2. ![Required](https://img.shields.io/badge/Required-blue) Property `base cluster configuration > backup > backupStorageLocations > additionalProperties > bucket` +##### 13.4.1.2. ![Required](https://img.shields.io/badge/Required-blue) Property `base cluster configuration > backup > backupStorageLocations > additionalProperties > bucket` | | | | -------- | -------- | | **Type** | `string` | -##### 13.3.1.3. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > backup > backupStorageLocations > additionalProperties > prefix` +##### 13.4.1.3. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > backup > backupStorageLocations > additionalProperties > prefix` | | | | -------- | -------- | | **Type** | `string` | -### 13.4. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > backup > defaultLocation` +### 13.5. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > backup > defaultLocation` | | | | -------- | -------- | | **Type** | `string` | -### 13.5. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > backup > nodeAgent` +### 13.6. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > backup > nodeAgent` | | | | ------------------------- | -------------------------------------------------------------------------------------------------------- | @@ -3368,7 +3508,7 @@ Specific value: `"auto"` | ------------------------------------------- | ------- | ------ | ---------- | ----------------------------------------------------------------- | ----------------------------------------------------------------- | | - [resources](#backup_nodeAgent_resources ) | No | object | No | Same as [resources](#global_authentication_oauthProxy_resources ) | ResourceRequirements describes the compute resource requirements. | -#### 13.5.1. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > backup > nodeAgent > resources` +#### 13.6.1. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `base cluster configuration > backup > nodeAgent > resources` | | | | ------------------------- | --------------------------------------------------------------------------------------------------------------------------------- | diff --git a/charts/base-cluster/README.md.gotmpl b/charts/base-cluster/README.md.gotmpl index 893d4dd3f..81097edb8 100644 --- a/charts/base-cluster/README.md.gotmpl +++ b/charts/base-cluster/README.md.gotmpl @@ -17,13 +17,14 @@ git init # create empty cluster HelmRelease; -flux create helmrelease --export base-cluster -n flux-system --source HelmRepository/teuto-net.flux-system --chart base-cluster --chart-version 4.x.x > cluster.yaml +flux create helmrelease --export base-cluster -n flux-system --source HelmRepository/teuto-net.flux-system --chart base-cluster --chart-version 5.x.x > cluster.yaml # maybe use the following name for your cluster; kubectl get node -o jsonpath='{.items[0].metadata.annotations.cluster\.x-k8s\.io/cluster-name}' # configure according to your needs, at least `.global.clusterName` is needed # additionally, you should add your git repo to `.flux.gitRepositories`, see [the documentation](https://github.com/teutonet/teutonet-helm-charts/tree/main/charts/base-cluster#81--property-base-cluster-configuration--flux--gitrepositories) +# make sure to use the correct url format, see [the documentation](https://github.com/teutonet/teutonet-helm-charts/tree/main/charts/base-cluster#81112-property-base-cluster-configuration--flux--gitrepositories--additionalproperties--allof--item-0--oneof--item-1) vi cluster.yaml # create HelmRelease for flux to manage itself @@ -70,7 +71,7 @@ for your Ingresses (and [other needs](https://cert-manager.io/docs/usage)) To create wildcard certificates, you need to enable a [DNS Provider](#component-dns) -Then you can just create a [`Certiticate`](https://cert-manager.io/docs/usage/certificate) +Then you can just create a [`Certificate`](https://cert-manager.io/docs/usage/certificate) resource. ### Component [descheduler](#descheduler) @@ -97,7 +98,7 @@ deletes and syncs DNS records for your Ingresses. If you need a different provider than cloudflare, please open a ticket for one of the [supported ones](https://github.com/kubernetes-sigs/external-dns#status-of-providers) -which is also supprted by [cert-manager](https://cert-manager.io/docs/configuration/acme/dns01/#supported-dns01-providers) +which is also supported by [cert-manager](https://cert-manager.io/docs/configuration/acme/dns01/#supported-dns01-providers) ### Component [ingress](#ingress) @@ -115,10 +116,10 @@ only works for the `IngressClassName: nginx`. #### IP Address If you want to make sure that, in the event of a catastrophic failure, you keep the -same IP adress, you should roll this out, get the assigned IP +same IP address, you should roll this out, get the assigned IP (`kubectl -n ingress-nginx get svc ingress-nginx-controller -o jsonpath='{.status.loadBalancer.ingress}'`) and set `.ingress.IP=` in the values. This makes sure the IP is kept in your -project (may incur cost!), which means you can re-use it later or after recovery. +project (may incur cost!), which means you can reuse it later or after recovery. ### Component [flux](#flux) @@ -290,4 +291,23 @@ leaving them in the cluster on upgrade. The new [t8s-cluster](../t8s-cluster) is going to provide these, the enduser can ignore this change. +### 4.x.x -> 5.0.0 + +The condition if velero gets deployed changed. Velero will not be deployed if you +have not configured its backupstoragelocation. This change is necessary, because +in the current version of velero this value is mandatory. Please move +your existing backupstoragelocation configuration to the base-cluster chart if you +haven't already. + +### 5.x.x -> 6.0.0 + +The kyverno 2.x.x -> 3.x.x upgrade cannot be done without manual intervention, see +https://artifacthub.io/packages/helm/kyverno/kyverno#option-1---uninstallation-and-reinstallation + +So you have to backup your resources and delete the kyverno HelmReleases before the +upgrade, they will be recreated in version 6. + +This also makes kyverno HA, so be aware that kyverno will need more resources in +you cluster. + {{ .Files.Get "values.md" }} diff --git a/charts/base-cluster/ci/limitrange-resourcequota-values.yaml b/charts/base-cluster/ci/limitrange-resourcequota-values.yaml new file mode 100644 index 000000000..96bc77c0c --- /dev/null +++ b/charts/base-cluster/ci/limitrange-resourcequota-values.yaml @@ -0,0 +1,59 @@ +global: + serviceLevelAgreement: None + namespaces: + main0: + resources: + defaults: + requests: + cpu: 50m + memory: 100Mi + limits: + cpu: 500m + memory: 300Mi + quotas: + limits.cpu: "1" + limits.memory: 1Gi + main1: + resources: + defaults: + requests: + cpu: 50m + memory: 100Mi + limits: + cpu: 500m + memory: 300Mi + main2: + resources: + defaults: + requests: + cpu: 50m + memory: 100Mi + quotas: + limits.cpu: "1" + limits.memory: 1Gi + main3: + resources: + defaults: + requests: + cpu: 50m + memory: 100Mi + main4: + resources: + defaults: + limits: + cpu: 500m + memory: 300Mi + quotas: + limits.cpu: "1" + limits.memory: 1Gi + main5: + resources: + defaults: + limits: + cpu: 500m + memory: 300Mi + main6: + resources: + quotas: + limits.cpu: "1" + limits.memory: 1Gi diff --git a/charts/base-cluster/helmrelease.schema.json b/charts/base-cluster/helmrelease.schema.json new file mode 100644 index 000000000..8dbdfe600 --- /dev/null +++ b/charts/base-cluster/helmrelease.schema.json @@ -0,0 +1,20 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema", + "type": "object", + "allOf": [ + { + "$ref": "https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2beta2.json" + }, + { + "properties": { + "spec": { + "properties": { + "values": { + "$ref": "./values.schema.json" + } + } + } + } + } + ] +} diff --git a/charts/base-cluster/templates/_helmRelease.yaml b/charts/base-cluster/templates/_helmRelease.yaml index 615a8a686..86c110096 100644 --- a/charts/base-cluster/templates/_helmRelease.yaml +++ b/charts/base-cluster/templates/_helmRelease.yaml @@ -1,5 +1,5 @@ {{- define "base-cluster.helm.resourceWithDependencies" -}} -apiVersion: helm.toolkit.fluxcd.io/v2beta1 +apiVersion: helm.toolkit.fluxcd.io/v2beta2 kind: HelmRelease metadata: name: {{ .name }} @@ -12,6 +12,8 @@ spec: chart: spec: {{- include "base-cluster.helm.chartSpec" (dict "repo" "cetic" "chart" "static" "context" .context) | nindent 6 }} interval: 1h + driftDetection: + mode: enabled dependsOn: {{- range $namespace, $name := .dependencies }} - name: {{ $name }} diff --git a/charts/base-cluster/templates/backup/credentials.yaml b/charts/base-cluster/templates/backup/credentials.yaml index 69c5b67ba..e6eddf3bd 100644 --- a/charts/base-cluster/templates/backup/credentials.yaml +++ b/charts/base-cluster/templates/backup/credentials.yaml @@ -1,3 +1,4 @@ +{{- if .Values.backup.backupStorageLocations }} {{- $providerMap := dict "minio" "accessKeyID" -}} {{- range $name, $spec := .Values.backup.backupStorageLocations -}} {{- $providerName := include "base-cluster.backup.getProviderName" $spec.provider -}} @@ -15,3 +16,4 @@ stringData: {{ $providerName }}: |-{{- include "base-cluster.backup.credential" $spec.provider | nindent 4 }} {{- end -}} {{- end }} +{{- end }} diff --git a/charts/base-cluster/templates/backup/migrations/velero-4-to-5.yaml b/charts/base-cluster/templates/backup/migrations/velero-4-to-5.yaml index eb9ebdbe6..c840bba02 100644 --- a/charts/base-cluster/templates/backup/migrations/velero-4-to-5.yaml +++ b/charts/base-cluster/templates/backup/migrations/velero-4-to-5.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.backup.enabled (hasPrefix "4." (dig "spec" "chart" "spec" "version" "" (lookup "helm.toolkit.fluxcd.io/v2beta1" "HelmRelease" "backup" "velero"))) }} +{{- if and .Values.backup.backupStorageLocations (hasPrefix "4." (dig "spec" "chart" "spec" "version" "" (lookup "helm.toolkit.fluxcd.io/v2beta2" "HelmRelease" "backup" "velero"))) }} apiVersion: batch/v1 kind: Job metadata: @@ -23,11 +23,7 @@ spec: containers: - name: remove-backup-storage-locations image: {{ include "common.images.image" (dict "imageRoot" .Values.global.kubectl.image "global" .Values.global) }} - {{- if .Values.global.kubectl.image.digest }} - imagePullPolicy: IfNotPresent - {{- else }} - imagePullPolicy: Always - {{- end }} + imagePullPolicy: {{ empty .Values.global.kubectl.image.digest | ternary "Always" "IfNotPresent" }} securityContext: readOnlyRootFilesystem: true privileged: false diff --git a/charts/base-cluster/templates/backup/validation.yaml b/charts/base-cluster/templates/backup/validation.yaml index b5c936ef8..5d95e90ac 100644 --- a/charts/base-cluster/templates/backup/validation.yaml +++ b/charts/base-cluster/templates/backup/validation.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.backup.enabled .Values.backup.defaultLocation -}} +{{- if .Values.backup.defaultLocation -}} {{- if not (index .Values.backup.backupStorageLocations .Values.backup.defaultLocation) -}} {{- fail (printf "The `defaultLocation` '%s' must exist in `backupStorageLocations`" .Values.backup.defaultLocation) -}} {{- end -}} diff --git a/charts/base-cluster/templates/backup/velero.yaml b/charts/base-cluster/templates/backup/velero.yaml index 4843017ec..ed7f09f9b 100644 --- a/charts/base-cluster/templates/backup/velero.yaml +++ b/charts/base-cluster/templates/backup/velero.yaml @@ -1,5 +1,5 @@ -{{- if .Values.backup.enabled }} -apiVersion: helm.toolkit.fluxcd.io/v2beta1 +{{- if .Values.backup.backupStorageLocations }} +apiVersion: helm.toolkit.fluxcd.io/v2beta2 kind: HelmRelease metadata: name: velero @@ -10,6 +10,8 @@ spec: chart: spec: {{- include "base-cluster.helm.chartSpec" (dict "repo" "vmware" "chart" "velero" "context" $) | nindent 6 }} interval: 1h + driftDetection: + mode: enabled {{- if .Values.monitoring.prometheus.enabled }} dependsOn: - name: kube-prometheus-stack @@ -62,7 +64,7 @@ spec: resources: {{- .Values.backup.nodeAgent.resources | toYaml | nindent 8 }} priorityClassName: system-cluster-critical configuration: - {{- if .Values.backup.backupStorageLocations }} + defaultBackupStorageLocation: {{ .Values.backup.defaultLocation | quote }} backupStorageLocation: {{- range $name, $spec := .Values.backup.backupStorageLocations }} {{- $providerName := include "base-cluster.backup.getProviderName" $spec.provider }} - name: {{ $name | quote }} @@ -71,9 +73,7 @@ spec: {{- if $spec.prefix }} prefix: {{ $spec.prefix | quote }} {{- end }} - {{- if $.Values.backup.defaultLocation }} default: {{ eq $name $.Values.backup.defaultLocation }} - {{- end }} {{- $credentialType := include "base-cluster.backup.credentialType" $spec.provider }} {{- if eq $credentialType "direct" }} credential: @@ -93,10 +93,8 @@ spec: s3Url: {{ $providerSpec.url | quote }} {{- end }} {{- end }} - {{- else }} - backupStorageLocation: [] - {{- end }} volumeSnapshotLocation: [] + uploaderType: restic metrics: serviceMonitor: additionalLabels: {{- .Values.monitoring.labels | toYaml | nindent 10 }} diff --git a/charts/base-cluster/templates/cert-manager/cert-manager.yaml b/charts/base-cluster/templates/cert-manager/cert-manager.yaml index b6fcf2b17..4b7d227fa 100644 --- a/charts/base-cluster/templates/cert-manager/cert-manager.yaml +++ b/charts/base-cluster/templates/cert-manager/cert-manager.yaml @@ -1,4 +1,4 @@ -apiVersion: helm.toolkit.fluxcd.io/v2beta1 +apiVersion: helm.toolkit.fluxcd.io/v2beta2 kind: HelmRelease metadata: name: cert-manager @@ -9,6 +9,8 @@ spec: chart: spec: {{- include "base-cluster.helm.chartSpec" (dict "repo" "jetstack" "chart" "cert-manager" "context" $) | nindent 6 }} interval: 1h + driftDetection: + mode: enabled {{- if .Values.monitoring.prometheus.enabled }} dependsOn: - name: kube-prometheus-stack diff --git a/charts/base-cluster/templates/descheduler/descheduler.yaml b/charts/base-cluster/templates/descheduler/descheduler.yaml index 00e7c32d2..4e1d600b2 100644 --- a/charts/base-cluster/templates/descheduler/descheduler.yaml +++ b/charts/base-cluster/templates/descheduler/descheduler.yaml @@ -1,9 +1,9 @@ {{- if .Values.descheduler.enabled -}} {{- $kubeMinorVersion := .Capabilities.KubeVersion.Minor -}} -{{- $versionMatrix := dict 18 "0.20.x" 19 "0.21.x" 20 "0.22.x" 21 "0.23.x" 22 "0.24.x" 23 "0.25.x" 24 "0.26.x" 25 "0.27.x" -}} +{{- $versionMatrix := dict 18 "0.20.x" 19 "0.21.x" 20 "0.22.x" 21 "0.23.x" 22 "0.24.x" 23 "0.25.x" 24 "0.26.x" 25 "0.27.x" 26 "0.28.x" -}} {{- $latestVersion := .Values.global.helmRepositories.descheduler.charts.descheduler -}} {{- $selectedVersion := (hasKey $versionMatrix $kubeMinorVersion) | ternary (index $versionMatrix $kubeMinorVersion) $latestVersion -}} -apiVersion: helm.toolkit.fluxcd.io/v2beta1 +apiVersion: helm.toolkit.fluxcd.io/v2beta2 kind: HelmRelease metadata: name: descheduler @@ -23,14 +23,28 @@ spec: namespace: {{ .Release.Namespace }} version: {{ $selectedVersion }} interval: 1h + driftDetection: + mode: enabled + {{- if .Values.monitoring.prometheus.enabled }} + dependsOn: + - name: kube-prometheus-stack + namespace: monitoring + {{- end }} values: - cronJobApiVersion: {{ include "common.capabilities.cronjob.apiVersion" . }} startingDeadlineSeconds: 120 priorityClassName: system-cluster-critical resources: limits: cpu: 500m memory: 256Mi + kind: Deployment + {{- if .Values.monitoring.prometheus.enabled }} + service: + enabled: true + serviceMonitor: + enabled: true + additionalLabels: {{- toYaml .Values.monitoring.labels | nindent 8 }} + {{- end }} deschedulerPolicy: evictLocalStoragePods: true strategies: {{- .Values.descheduler.strategies | toYaml | nindent 8 }} diff --git a/charts/base-cluster/templates/dns/external-dns.yaml b/charts/base-cluster/templates/dns/external-dns.yaml index c71626957..0c3776516 100644 --- a/charts/base-cluster/templates/dns/external-dns.yaml +++ b/charts/base-cluster/templates/dns/external-dns.yaml @@ -1,6 +1,6 @@ {{- if .Values.dns.provider -}} {{- $apiVersion := (include "common.capabilities.ingress.apiVersion" .) -}} -apiVersion: helm.toolkit.fluxcd.io/v2beta1 +apiVersion: helm.toolkit.fluxcd.io/v2beta2 kind: HelmRelease metadata: name: external-dns @@ -24,6 +24,8 @@ spec: spec: {{- include "base-cluster.helm.chartSpec" (dict "repo" "bitnami" "chart" "external-dns" "context" $) | nindent 6 }} {{- end }} interval: 1h + driftDetection: + mode: enabled {{- if .Values.monitoring.prometheus.enabled }} dependsOn: - name: kube-prometheus-stack diff --git a/charts/base-cluster/templates/flux/_create-authentication-key-secret-job.yaml b/charts/base-cluster/templates/flux/_create-authentication-key-secret-job.yaml index ac9fc8837..9257e37e5 100644 --- a/charts/base-cluster/templates/flux/_create-authentication-key-secret-job.yaml +++ b/charts/base-cluster/templates/flux/_create-authentication-key-secret-job.yaml @@ -26,11 +26,6 @@ spec: containers: - name: generate-ssh-key image: {{ template "base-cluster.flux.image" .context }} - {{- if .context.Values.global.flux.image.digest }} - imagePullPolicy: IfNotPresent - {{- else }} - imagePullPolicy: Always - {{- end }} resources: limits: cpu: 50m @@ -38,6 +33,7 @@ spec: requests: cpu: 10m memory: 10m + imagePullPolicy: {{ empty .context.Values.global.flux.image.digest | ternary "Always" "IfNotPresent" }} securityContext: readOnlyRootFilesystem: true privileged: false @@ -59,11 +55,7 @@ spec: initContainers: - name: generate-gpg-key image: {{ template "base-cluster.gpg.image" .context }} - {{- if .context.Values.global.gpg.image.digest }} - imagePullPolicy: IfNotPresent - {{- else }} - imagePullPolicy: Always - {{- end }} + imagePullPolicy: {{ empty .context.Values.global.gpg.image.digest | ternary "Always" "IfNotPresent" }} env: - name: IDENTITY value: {{ .identity }} @@ -108,11 +100,6 @@ spec: containers: - name: create-k8s-secret image: {{ include "base-cluster.kubectl.image" .context }} - {{- if .context.Values.global.kubectl.image.digest }} - imagePullPolicy: IfNotPresent - {{- else }} - imagePullPolicy: Always - {{- end }} resources: limits: cpu: 50m @@ -120,6 +107,7 @@ spec: requests: cpu: 10m memory: 10m + imagePullPolicy: {{ empty .context.Values.global.kubectl.image.digest | ternary "Always" "IfNotPresent" }} securityContext: readOnlyRootFilesystem: true privileged: false diff --git a/charts/base-cluster/templates/global/ciliumClusterwideNetworkPolicy.yaml b/charts/base-cluster/templates/global/ciliumClusterwideNetworkPolicy.yaml index 9c6768233..a81c1d90e 100644 --- a/charts/base-cluster/templates/global/ciliumClusterwideNetworkPolicy.yaml +++ b/charts/base-cluster/templates/global/ciliumClusterwideNetworkPolicy.yaml @@ -23,6 +23,9 @@ spec: - ports: - port: "53" protocol: UDP + rules: + dns: + - matchPattern: "*" --- apiVersion: cilium.io/v2 kind: CiliumNetworkPolicy diff --git a/charts/base-cluster/templates/global/namespaces.yaml b/charts/base-cluster/templates/global/namespaces.yaml index d1d3b90b6..b4bff157d 100644 --- a/charts/base-cluster/templates/global/namespaces.yaml +++ b/charts/base-cluster/templates/global/namespaces.yaml @@ -8,4 +8,53 @@ metadata: {{- . | toYaml | nindent 4 -}} {{- end }} --- +apiVersion: v1 +kind: LimitRange +metadata: + name: {{ $name }} + namespace: {{ $name }} + labels: {{- include "common.labels.standard" $ | nindent 4 }} +spec: + {{- $limits := dict "type" "Container" "defaultRequest" (dict "cpu" "100m" "memory" "100Mi") -}} + {{ if $namespace.resources }} + {{- if $namespace.resources.defaults -}} + {{/* this section defines default limits */}} + {{- with $namespace.resources.defaults.limits -}} + {{- $defaultLimits := dict -}} + {{- range $resource, $limit := . -}} + {{- $defaultLimits = set $defaultLimits $resource (include "common.tplvalues.render" (dict "value" $limit "context" $)) -}} + {{- end -}} + {{- $limits = set $limits "default" $defaultLimits -}} + {{- end -}} + {{/* this section defines default requests */}} + {{- with $namespace.resources.defaults.requests -}} + {{- $defaultRequests := dict -}} + {{- range $resource, $request := . -}} + {{- $defaultRequests = set $defaultRequests $resource (include "common.tplvalues.render" (dict "value" $request "context" $)) -}} + {{- end -}} + {{- $limits = set $limits "defaultRequest" $defaultRequests -}} + {{- end -}} + {{- end }} + {{- end }} + limits: {{- list $limits | toYaml | nindent 4 }} +{{ if $namespace.resources }} +{{ if $namespace.resources.quotas }} +--- +apiVersion: v1 +kind: ResourceQuota +metadata: + name: {{ $name }} + namespace: {{ $name }} + labels: {{- include "common.labels.standard" $ | nindent 4 }} +spec: + {{- with $namespace.resources.quotas -}} + {{- $quotas := dict -}} + {{- range $resource, $quota := . -}} + {{- $quotas = set $quotas $resource (include "common.tplvalues.render" (dict "value" $quota "context" $)) -}} + {{- end }} + hard: {{- $quotas | toYaml | nindent 4 }} + {{- end }} +{{- end }} +{{- end }} +--- {{ end -}} \ No newline at end of file diff --git a/charts/base-cluster/templates/global/prevent-uninstallation.yaml b/charts/base-cluster/templates/global/prevent-uninstallation.yaml index 463478c25..5878cd707 100644 --- a/charts/base-cluster/templates/global/prevent-uninstallation.yaml +++ b/charts/base-cluster/templates/global/prevent-uninstallation.yaml @@ -20,11 +20,6 @@ spec: containers: - name: fail image: {{ template "base-cluster.kubectl.image" . }} - {{- if .Values.global.kubectl.image.digest }} - imagePullPolicy: IfNotPresent - {{- else }} - imagePullPolicy: Always - {{- end }} resources: limits: cpu: 50m @@ -32,6 +27,7 @@ spec: requests: cpu: 10m memory: 10m + imagePullPolicy: {{ empty .Values.global.kubectl.image.digest | ternary "Always" "IfNotPresent" }} securityContext: readOnlyRootFilesystem: true privileged: false diff --git a/charts/base-cluster/templates/global/reflector.yaml b/charts/base-cluster/templates/global/reflector.yaml index 345330118..fc6fe1d70 100644 --- a/charts/base-cluster/templates/global/reflector.yaml +++ b/charts/base-cluster/templates/global/reflector.yaml @@ -1,5 +1,5 @@ {{- if include "base-cluster.reflector.enabled" (dict "context" .) -}} -apiVersion: helm.toolkit.fluxcd.io/v2beta1 +apiVersion: helm.toolkit.fluxcd.io/v2beta2 kind: HelmRelease metadata: name: reflector @@ -10,6 +10,8 @@ spec: chart: spec: {{- include "base-cluster.helm.chartSpec" (dict "repo" "emberstack" "chart" "reflector" "context" $) | nindent 6 }} interval: 1h + driftDetection: + mode: enabled values: priorityClassName: cluster-components {{- if .Values.global.imageRegistry }} diff --git a/charts/base-cluster/templates/ingress/nginx.yaml b/charts/base-cluster/templates/ingress/nginx.yaml index 15e8c6f8d..b6ef93627 100644 --- a/charts/base-cluster/templates/ingress/nginx.yaml +++ b/charts/base-cluster/templates/ingress/nginx.yaml @@ -1,5 +1,5 @@ {{ if .Values.ingress.enabled }} -apiVersion: helm.toolkit.fluxcd.io/v2beta1 +apiVersion: helm.toolkit.fluxcd.io/v2beta2 kind: HelmRelease metadata: name: ingress-nginx @@ -10,6 +10,8 @@ spec: chart: spec: {{- include "base-cluster.helm.chartSpec" (dict "repo" "nginx" "chart" "ingress-nginx" "context" $) | nindent 6 }} interval: 1h + driftDetection: + mode: enabled {{- if .Values.monitoring.prometheus.enabled }} dependsOn: - name: kube-prometheus-stack diff --git a/charts/base-cluster/templates/kyverno/kyverno.yaml b/charts/base-cluster/templates/kyverno/kyverno.yaml index 9b59f61e4..725518a9d 100644 --- a/charts/base-cluster/templates/kyverno/kyverno.yaml +++ b/charts/base-cluster/templates/kyverno/kyverno.yaml @@ -1,6 +1,5 @@ {{- if .Values.kyverno.enabled }} -# https://github.com/kyverno/kyverno/tree/main/charts/kyverno -apiVersion: helm.toolkit.fluxcd.io/v2beta1 +apiVersion: helm.toolkit.fluxcd.io/v2beta2 kind: HelmRelease metadata: name: kyverno @@ -11,50 +10,65 @@ spec: chart: spec: {{- include "base-cluster.helm.chartSpec" (dict "repo" "kyverno" "chart" "kyverno" "context" $) | nindent 6 }} interval: 1h + driftDetection: + mode: enabled {{- if .Values.monitoring.prometheus.enabled }} dependsOn: - name: kube-prometheus-stack namespace: monitoring {{- end }} values: - testImage: - registry: {{ $.Values.global.imageRegistry | default (include "base-cluster.defaultRegistry" (dict)) }} {{- if .Values.global.imageRegistry }} - image: - repository: {{ printf "%s/kyverno/kyverno" $.Values.global.imageRegistry }} - initImage: - repository: {{ printf "%s/kyverno/kyvernopre" $.Values.global.imageRegistry }} + global: + registry: {{ .Values.global.imageRegistry }} + {{- else }} + test: + image: &defaultImage + registry: docker.io + policyReportsCleanup: + image: *defaultImage + cleanupJobs: + admissionReports: + image: *defaultImage + clusterAdmissionReports: + image: *defaultImage {{- end }} installCRDs: true networkPolicy: enabled: false webhooksCleanup: enable: true - image: {{ include "base-cluster.kubectl.image" . }} + {{- if not .Values.global.imageRegistry }} + image: *defaultImage + {{- end }} serviceMonitor: enabled: {{ .Values.monitoring.prometheus.enabled }} additionalLabels: {{- .Values.monitoring.labels | toYaml | nindent 8 }} priorityClassName: system-cluster-critical # this only works in version 3 - {{- if and .Values.monitoring.tracing.enabled .Values.monitoring.prometheus.enabled }} admissionController: + replicas: 3 + {{- if and .Values.monitoring.tracing.enabled .Values.monitoring.prometheus.enabled }} tracing: &tracingConfig enabled: true address: open-telemetry-collector-opentelemetry-collector.monitoring port: 14250 # jaeger-grpc + {{- end }} backgroundController: + replicas: 2 + {{- if and .Values.monitoring.tracing.enabled .Values.monitoring.prometheus.enabled }} tracing: *tracingConfig + {{- end }} reportsController: + replicas: 2 + {{- if and .Values.monitoring.tracing.enabled .Values.monitoring.prometheus.enabled }} tracing: *tracingConfig - {{- end }} + {{- end }} cleanupController: + replicas: 2 {{- if and .Values.monitoring.tracing.enabled .Values.monitoring.prometheus.enabled }} tracing: *tracingConfig {{- end }} - {{- if .Values.global.imageRegistry }} - image: - repository: {{ printf "%s/kyverno/cleanup-controller" $.Values.global.imageRegistry }} - {{- end }} podDisruptionBudget: enabled: true minAvailable: 1 diff --git a/charts/base-cluster/templates/kyverno/policies/kyverno-base-policies/kyverno-policies.yaml b/charts/base-cluster/templates/kyverno/policies/kyverno-base-policies/kyverno-policies.yaml index 7df8e36cb..3250047f1 100644 --- a/charts/base-cluster/templates/kyverno/policies/kyverno-base-policies/kyverno-policies.yaml +++ b/charts/base-cluster/templates/kyverno/policies/kyverno-base-policies/kyverno-policies.yaml @@ -1,6 +1,6 @@ {{- if .Values.kyverno.enabled }} # https://github.com/kyverno/kyverno/tree/main/charts/kyverno-policies -apiVersion: helm.toolkit.fluxcd.io/v2beta1 +apiVersion: helm.toolkit.fluxcd.io/v2beta2 kind: HelmRelease metadata: name: kyverno-policies @@ -12,6 +12,8 @@ spec: chart: spec: {{- include "base-cluster.helm.chartSpec" (dict "repo" "kyverno" "chart" "kyverno-policies" "context" $) | nindent 6 }} interval: 1h + driftDetection: + mode: enabled dependsOn: - name: kyverno namespace: kyverno diff --git a/charts/base-cluster/templates/kyverno/validation.tpl b/charts/base-cluster/templates/kyverno/validation.tpl new file mode 100644 index 000000000..9b223f302 --- /dev/null +++ b/charts/base-cluster/templates/kyverno/validation.tpl @@ -0,0 +1,8 @@ +{{- $existingKyverno := lookup "helm.toolkit.fluxcd.io/v2beta2" "HelmRelease" "kyverno" "kyverno" -}} +{{- $lastAttemptedRevision := dig "status" "lastAttemptedRevision" "" $existingKyverno }} +{{- $lastAppliedRevision := dig "status" "lastAppliedRevision" "" $existingKyverno }} +{{- if or $lastAppliedRevision $lastAttemptedRevision -}} + {{- if semverCompare "<3.x.x" ($lastAppliedRevision | default $lastAttemptedRevision) -}} + {{- fail "Cannot upgrade kyverno in-place, please backup your resources and delete it beforehand, see https://artifacthub.io/packages/helm/kyverno/kyverno#option-1---uninstallation-and-reinstallation" -}} + {{- end -}} +{{- end -}} diff --git a/charts/base-cluster/templates/monitoring/deadMansSwitch/cronjob.yaml b/charts/base-cluster/templates/monitoring/deadMansSwitch/cronjob.yaml index 252063001..f3b8536fe 100644 --- a/charts/base-cluster/templates/monitoring/deadMansSwitch/cronjob.yaml +++ b/charts/base-cluster/templates/monitoring/deadMansSwitch/cronjob.yaml @@ -31,11 +31,7 @@ spec: containers: - name: watchdog image: {{ template "base-cluster.curl.image" . }} - {{- if .Values.global.kubectl.image.digest }} - imagePullPolicy: IfNotPresent - {{- else }} - imagePullPolicy: Always - {{- end }} + imagePullPolicy: {{ empty .Values.global.kubectl.image.digest | ternary "Always" "IfNotPresent" }} securityContext: allowPrivilegeEscalation: false capabilities: diff --git a/charts/base-cluster/templates/monitoring/deadMansSwitch/registration.yaml b/charts/base-cluster/templates/monitoring/deadMansSwitch/registration.yaml index 43022d671..b20b78cea 100644 --- a/charts/base-cluster/templates/monitoring/deadMansSwitch/registration.yaml +++ b/charts/base-cluster/templates/monitoring/deadMansSwitch/registration.yaml @@ -22,11 +22,6 @@ spec: containers: - name: register image: {{ include "base-cluster.curl.image" . }} - {{- if .Values.global.kubectl.image.digest }} - imagePullPolicy: IfNotPresent - {{- else }} - imagePullPolicy: Always - {{- end }} resources: limits: cpu: 50m @@ -34,6 +29,7 @@ spec: requests: cpu: 10m memory: 10m + imagePullPolicy: {{ empty .Values.global.kubectl.image.digest | ternary "Always" "IfNotPresent" }} securityContext: allowPrivilegeEscalation: false capabilities: diff --git a/charts/base-cluster/templates/monitoring/deadMansSwitch/unregister.yaml b/charts/base-cluster/templates/monitoring/deadMansSwitch/unregister.yaml index 7f6fdc244..68371c683 100644 --- a/charts/base-cluster/templates/monitoring/deadMansSwitch/unregister.yaml +++ b/charts/base-cluster/templates/monitoring/deadMansSwitch/unregister.yaml @@ -22,11 +22,7 @@ spec: containers: - name: unregister image: {{ include "base-cluster.curl.image" . }} - {{- if .Values.global.kubectl.image.digest }} - imagePullPolicy: IfNotPresent - {{- else }} - imagePullPolicy: Always - {{- end }} + imagePullPolicy: {{ empty .Values.global.kubectl.image.digest | ternary "Always" "IfNotPresent" }} securityContext: allowPrivilegeEscalation: false capabilities: diff --git a/charts/base-cluster/templates/monitoring/kube-prometheus-stack/_grafana-config.yaml b/charts/base-cluster/templates/monitoring/kube-prometheus-stack/_grafana-config.yaml index d067acd91..a9f1b981b 100644 --- a/charts/base-cluster/templates/monitoring/kube-prometheus-stack/_grafana-config.yaml +++ b/charts/base-cluster/templates/monitoring/kube-prometheus-stack/_grafana-config.yaml @@ -127,7 +127,7 @@ dashboards: gnetId: 17813 revision: 2 {{- end }} - {{- if .Values.backup.enabled }} + {{- if .Values.backup.backupStorageLocations }} velero: <<: *dashboard gnetId: 11055 @@ -144,6 +144,14 @@ dashboards: {{- end }} {{- include "base-cluster.monitoring.ingress" (dict "name" "grafana" "context" $) | nindent 0 }} {{- if and .Values.ingress.enabled .Values.monitoring.grafana.ingress.enabled .Values.certManager.email (or .Values.global.baseDomain .Values.monitoring.grafana.ingress.customDomain) }} + {{- if .Values.global.authentication }} +envValueFrom: + OIDC_CLIENT_SECRET: + secretKeyRef: + key: client-secret + name: {{ include "common.secrets.name" (dict "defaultNameSuffix" "oauth-proxy" "context" $) }} + optional: false + {{- end }} grafana.ini: auth: signout_redirect_url: {{ printf "https://%s" (include "base-cluster.grafana.host" .) }} @@ -159,7 +167,7 @@ grafana.ini: auth_url: {{ printf "%s%s" $issuerUrl .grafana.authenticationPath }} token_url: {{ printf "%s%s" $issuerUrl .grafana.tokenPath }} client_id: {{ .config.clientId }} - client_secret: {{ .config.clientSecret }} + client_secret: ${OIDC_CLIENT_SECRET} name: OAuth role_attribute_path: {{ .grafana.roleAttributePath | quote }} scopes: openid profile email diff --git a/charts/base-cluster/templates/monitoring/kube-prometheus-stack/oauth-proxy-secret.yaml b/charts/base-cluster/templates/monitoring/kube-prometheus-stack/oauth-proxy-secret.yaml index 247a38254..0c162605b 100644 --- a/charts/base-cluster/templates/monitoring/kube-prometheus-stack/oauth-proxy-secret.yaml +++ b/charts/base-cluster/templates/monitoring/kube-prometheus-stack/oauth-proxy-secret.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.global.authentication.config.clientId .Values.monitoring.prometheus.enabled (or (include "base-cluster.monitoring.authenticated-ingress.enabled" (dict "name" "prometheus" "context" .)) (include "base-cluster.monitoring.authenticated-ingress.enabled" (dict "name" "alertmanager" "context" .))) }} +{{- if and .Values.global.authentication.config.clientId .Values.monitoring.prometheus.enabled (or (include "base-cluster.monitoring.authenticated-ingress.enabled" (dict "name" "prometheus" "context" .)) (include "base-cluster.monitoring.authenticated-ingress.enabled" (dict "name" "alertmanager" "context" .)) (include "base-cluster.monitoring.authenticated-ingress.enabled" (dict "name" "grafana" "context" .))) }} {{- $name := include "common.secrets.name" (dict "defaultNameSuffix" "oauth-proxy" "context" $) -}} apiVersion: v1 kind: Secret diff --git a/charts/base-cluster/templates/monitoring/kube-prometheus-stack/oauth-proxy.yaml b/charts/base-cluster/templates/monitoring/kube-prometheus-stack/oauth-proxy.yaml index bb2042c9e..42a47c6a3 100644 --- a/charts/base-cluster/templates/monitoring/kube-prometheus-stack/oauth-proxy.yaml +++ b/charts/base-cluster/templates/monitoring/kube-prometheus-stack/oauth-proxy.yaml @@ -10,7 +10,8 @@ {{- $host := $backend.host -}} {{- $port := $backend.port -}} {{- $targetServiceName := printf "%s-%s" (include "common.names.dependency.fullname" (dict "chartName" "kube-prometheus-stack" "chartValues" (dict) "context" (dict "Release" (dict "Name" "kube-prometheus-stack")))) $host -}} -apiVersion: helm.toolkit.fluxcd.io/v2beta1 + {{- $ingress := include "base-cluster.monitoring.ingress.config" (dict "name" $host "context" $) | fromYaml -}} +apiVersion: helm.toolkit.fluxcd.io/v2beta2 kind: HelmRelease metadata: name: cluster-{{ $host }}-oauth-proxy @@ -22,6 +23,8 @@ spec: chart: spec: {{- include "base-cluster.helm.chartSpec" (dict "repo" "bitnami" "chart" "oauth2-proxy" "context" $) | nindent 6 }} interval: 1h + driftDetection: + mode: enabled values: redis: enabled: false @@ -32,10 +35,9 @@ spec: ingress: enabled: true hostname: {{ include (printf "base-cluster.%s.host" $host) $ }} - extraTls: |- - - hosts: - - {{ "{{ .Values.ingress.hostname }}" }} - secretName: cluster-wildcard-certificate + tls: true + certManager: true + existingSecretName: {{ include "base-cluster.certificate" (dict "name" $host "customDomain" $ingress.customDomain "context" $) | quote }} replicaCount: 2 pdb: create: true diff --git a/charts/base-cluster/templates/monitoring/kube-prometheus-stack/prometheus-operator.yaml b/charts/base-cluster/templates/monitoring/kube-prometheus-stack/prometheus-operator.yaml index 5477db26e..949255854 100644 --- a/charts/base-cluster/templates/monitoring/kube-prometheus-stack/prometheus-operator.yaml +++ b/charts/base-cluster/templates/monitoring/kube-prometheus-stack/prometheus-operator.yaml @@ -1,5 +1,5 @@ {{- if .Values.monitoring.prometheus.enabled }} -apiVersion: helm.toolkit.fluxcd.io/v2beta1 +apiVersion: helm.toolkit.fluxcd.io/v2beta2 kind: HelmRelease metadata: name: kube-prometheus-stack @@ -11,6 +11,8 @@ spec: chart: spec: {{- include "base-cluster.helm.chartSpec" (dict "repo" "prometheus" "chart" "kube-prometheus-stack" "context" $) | nindent 6 }} interval: 1h + driftDetection: + mode: enabled install: timeout: 20m0s crds: CreateReplace diff --git a/charts/base-cluster/templates/monitoring/loki/loki.yaml b/charts/base-cluster/templates/monitoring/loki/loki.yaml index b3d2cee9e..5e09be99a 100644 --- a/charts/base-cluster/templates/monitoring/loki/loki.yaml +++ b/charts/base-cluster/templates/monitoring/loki/loki.yaml @@ -1,5 +1,5 @@ {{- if and .Values.monitoring.prometheus.enabled .Values.monitoring.loki.enabled -}} -apiVersion: helm.toolkit.fluxcd.io/v2beta1 +apiVersion: helm.toolkit.fluxcd.io/v2beta2 kind: HelmRelease metadata: name: loki @@ -11,6 +11,8 @@ spec: chart: spec: {{- include "base-cluster.helm.chartSpec" (dict "repo" "grafana" "chart" "loki-stack" "context" $) | nindent 6 }} interval: 1h + driftDetection: + mode: enabled install: timeout: 10m0s upgrade: @@ -66,6 +68,8 @@ spec: object_store: filesystem schema: v9 store: boltdb + datasource: + uid: loki {{/* TODO: Implement */}} {{/* - from: 2022-09-15*/}} {{/* store: boltdb-shipper*/}} diff --git a/charts/base-cluster/templates/monitoring/metrics-server/metrics-server.yaml b/charts/base-cluster/templates/monitoring/metrics-server/metrics-server.yaml index 6a0ee5f65..8101c61e3 100644 --- a/charts/base-cluster/templates/monitoring/metrics-server/metrics-server.yaml +++ b/charts/base-cluster/templates/monitoring/metrics-server/metrics-server.yaml @@ -1,5 +1,5 @@ {{- if .Values.monitoring.metricsServer.enabled -}} -apiVersion: helm.toolkit.fluxcd.io/v2beta1 +apiVersion: helm.toolkit.fluxcd.io/v2beta2 kind: HelmRelease metadata: name: metrics-server @@ -11,6 +11,8 @@ spec: chart: spec: {{- include "base-cluster.helm.chartSpec" (dict "repo" "bitnami" "chart" "metrics-server" "context" $) | nindent 6 }} interval: 1h + driftDetection: + mode: enabled values: apiService: create: true @@ -27,29 +29,10 @@ spec: memory: 64Mi replicas: 2 priorityClassName: cluster-components - podSecurityContext: - enabled: true - seccompProfile: - type: RuntimeDefault - containerSecurityContext: - capabilities: - drop: - - ALL - allowPrivilegeEscalation: false - privileged: false - readOnlyRootFilesystem: true podDisruptionBudget: enabled: true minAvailable: 1 extraArgs: - --kubelet-preferred-address-types=InternalIP - --kubelet-insecure-tls=true - - --cert-dir=/tmp - extraVolumeMounts: - - mountPath: /tmp - name: tmpdir - extraVolumes: - - emptyDir: - sizeLimit: 32Mi - name: tmpdir {{- end -}} diff --git a/charts/base-cluster/templates/monitoring/security/trivy.yaml b/charts/base-cluster/templates/monitoring/security/trivy.yaml index a38194a19..336911d35 100644 --- a/charts/base-cluster/templates/monitoring/security/trivy.yaml +++ b/charts/base-cluster/templates/monitoring/security/trivy.yaml @@ -1,5 +1,5 @@ {{- if .Values.monitoring.securityScanning.enabled }} -apiVersion: helm.toolkit.fluxcd.io/v2beta1 +apiVersion: helm.toolkit.fluxcd.io/v2beta2 kind: HelmRelease metadata: name: trivy @@ -11,6 +11,8 @@ spec: chart: spec: {{- include "base-cluster.helm.chartSpec" (dict "repo" "trivy" "chart" "trivy-operator" "context" $) | nindent 6 }} interval: 1h + driftDetection: + mode: enabled {{- if .Values.monitoring.prometheus.enabled }} dependsOn: - name: kube-prometheus-stack diff --git a/charts/base-cluster/templates/monitoring/tracing/grafana-tempo.yaml b/charts/base-cluster/templates/monitoring/tracing/grafana-tempo.yaml index 2adae5490..86f27c750 100644 --- a/charts/base-cluster/templates/monitoring/tracing/grafana-tempo.yaml +++ b/charts/base-cluster/templates/monitoring/tracing/grafana-tempo.yaml @@ -1,5 +1,5 @@ {{- if and .Values.monitoring.tracing.enabled .Values.monitoring.prometheus.enabled -}} -apiVersion: helm.toolkit.fluxcd.io/v2beta1 +apiVersion: helm.toolkit.fluxcd.io/v2beta2 kind: HelmRelease metadata: name: grafana-tempo @@ -11,6 +11,8 @@ spec: chart: spec: {{- include "base-cluster.helm.chartSpec" (dict "repo" "bitnami" "chart" "grafana-tempo" "context" $) | nindent 6 }} interval: 1h + driftDetection: + mode: enabled dependsOn: - name: kube-prometheus-stack namespace: monitoring @@ -19,6 +21,9 @@ spec: global: imageRegistry: {{ $.Values.global.imageRegistry }} {{- end }} + ingester: + resourcesPreset: {{ .Values.monitoring.tracing.ingester.resourcesPreset }} + resources: {{- toYaml .Values.monitoring.tracing.ingester.resources | nindent 8 }} tempo: traces: jaeger: @@ -127,9 +132,19 @@ data: - name: Tempo type: tempo access: proxy + uid: tempo url: "http://grafana-tempo-query-frontend.monitoring:3200" version: 1 isDefault: false jsonData: - {} + tracesToLogsV2: + datasourceUid: loki + tracesToMetrics: + datasourceUid: prometheus + nodeGraph: + enabled: true + serviceMap: + datasourceUid: prometheus + lokiSearch: + datasourceUid: loki {{- end -}} diff --git a/charts/base-cluster/templates/monitoring/tracing/opentelemetry-collector.yaml b/charts/base-cluster/templates/monitoring/tracing/opentelemetry-collector.yaml index e691cbd1f..c3302a746 100644 --- a/charts/base-cluster/templates/monitoring/tracing/opentelemetry-collector.yaml +++ b/charts/base-cluster/templates/monitoring/tracing/opentelemetry-collector.yaml @@ -1,5 +1,5 @@ {{- if and .Values.monitoring.tracing.enabled .Values.monitoring.prometheus.enabled -}} -apiVersion: helm.toolkit.fluxcd.io/v2beta1 +apiVersion: helm.toolkit.fluxcd.io/v2beta2 kind: HelmRelease metadata: name: open-telemetry-collector @@ -11,6 +11,8 @@ spec: chart: spec: {{- include "base-cluster.helm.chartSpec" (dict "repo" "open-telemetry" "chart" "opentelemetry-collector" "context" $) | nindent 6 }} interval: 1h + driftDetection: + mode: enabled dependsOn: - name: kube-prometheus-stack namespace: monitoring @@ -40,7 +42,6 @@ spec: processors: - batch exporters: - - logging - otlp exporters: otlp: diff --git a/charts/base-cluster/templates/nfs-server-provisioner/nfs-server-provisioner.yaml b/charts/base-cluster/templates/nfs-server-provisioner/nfs-server-provisioner.yaml index bd27ce4fb..eb4353c8a 100644 --- a/charts/base-cluster/templates/nfs-server-provisioner/nfs-server-provisioner.yaml +++ b/charts/base-cluster/templates/nfs-server-provisioner/nfs-server-provisioner.yaml @@ -1,5 +1,5 @@ {{- if .Values.storage.readWriteMany.enabled }} -apiVersion: helm.toolkit.fluxcd.io/v2beta1 +apiVersion: helm.toolkit.fluxcd.io/v2beta2 kind: HelmRelease metadata: name: nfs-server-provisioner @@ -11,6 +11,8 @@ spec: chart: spec: {{- include "base-cluster.helm.chartSpec" (dict "repo" "nfs-server-provisioner" "chart" "nfs-server-provisioner" "context" $) | nindent 6 }} interval: 1h + driftDetection: + mode: enabled values: storageClass: name: {{ .Values.storage.readWriteMany.storageClass.name }} diff --git a/charts/base-cluster/values.schema.json b/charts/base-cluster/values.schema.json index 287ed2971..d318b3131 100644 --- a/charts/base-cluster/values.schema.json +++ b/charts/base-cluster/values.schema.json @@ -232,6 +232,38 @@ }, "condition": { "$ref": "#/$defs/condition" + }, + "resources": { + "type": "object", + "properties": { + "defaults": { + "type": "object", + "minProperties": 1, + "properties": { + "requests": { + "type": "object", + "additionalProperties": { + "$ref": "#/$defs/quantity" + } + }, + "limits": { + "type": "object", + "additionalProperties": { + "$ref": "#/$defs/quantity" + } + } + }, + "additionalProperties": false + }, + "quotas": { + "type": "object", + "description": "See https://kubernetes.io/docs/concepts/policy/resource-quotas/", + "additionalProperties": { + "$ref": "#/$defs/quantity" + } + } + }, + "additionalProperties": false } }, "additionalProperties": false @@ -328,10 +360,7 @@ }, "additionalProperties": false } - }, - "required": [ - "serviceLevelAgreement" - ] + } }, "kyverno": { "type": "object", @@ -710,10 +739,22 @@ "properties": { "enabled": { "type": "boolean" + }, + "ingester": { + "type": "object", + "properties": { + "resourcesPreset": { + "$ref": "#/$defs/resourcesPreset" + }, + "resources": { + "$ref": "#/$defs/resourceRequirements" + } + }, + "additionalProperties": false } - }, - "additionalProperties": false - } + } + }, + "additionalProperties": false }, "additionalProperties": false }, @@ -1134,9 +1175,6 @@ "backup": { "type": "object", "properties": { - "enabled": { - "type": "boolean" - }, "resources": { "$ref": "#/$defs/resourceRequirements" }, @@ -1261,6 +1299,25 @@ "additionalProperties": false } }, + "oneOf": [ + { + "properties": { + "backupStorageLocations": { + "minProperties": 1 + } + }, + "required": [ + "defaultLocation" + ] + }, + { + "properties": { + "backupStorageLocations": { + "maxProperties": 0 + } + } + } + ], "additionalProperties": false }, "common": { @@ -1273,6 +1330,18 @@ "resourceRequirements": { "$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/master-standalone-strict/_definitions.json#/definitions/io.k8s.api.core.v1.ResourceRequirements" }, + "resourcesPreset": { + "type": "string", + "enum": [ + "nano", + "micro", + "small", + "medium", + "large", + "xlarge", + "2xlarge" + ] + }, "quantity": { "$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/master-standalone-strict/_definitions.json#/definitions/io.k8s.apimachinery.pkg.api.resource.Quantity" }, diff --git a/charts/base-cluster/values.yaml b/charts/base-cluster/values.yaml index 3430cfdcf..f57f03c58 100644 --- a/charts/base-cluster/values.yaml +++ b/charts/base-cluster/values.yaml @@ -13,6 +13,17 @@ global: cert-manager: additionalLabels: app.kubernetes.io/component: cert-manager + resources: + defaults: + requests: + cpu: 50m + memory: 100Mi + limits: + cpu: 500m + memory: 300Mi + quotas: + limits.cpu: "2" + limits.memory: 2Gi ingress-nginx: condition: "{{ .Values.ingress.enabled }}" additionalLabels: @@ -25,6 +36,11 @@ global: condition: "{{ or .Values.monitoring.prometheus.enabled .Values.monitoring.metricsServer.enabled }}" additionalLabels: app.kubernetes.io/component: monitoring + resources: + defaults: + requests: + cpu: 20m + memory: 100Mi loki: condition: "{{ .Values.monitoring.loki.enabled }}" additionalLabels: @@ -40,7 +56,7 @@ global: app.kubernetes.io/component: storage app.kubernetes.io/part-of: nfs-server-provisioner backup: - condition: "{{ .Values.backup.enabled }}" + condition: "{{ not (empty .Values.backup.backupStorageLocations) }}" additionalLabels: app.kubernetes.io/component: backup certificates: @@ -57,22 +73,22 @@ global: image: registry: docker.io repository: bitnami/kubectl - tag: 1.29.0 + tag: 1.29.3 flux: image: registry: docker.io repository: fluxcd/flux-cli - tag: v2.2.2 + tag: v2.2.3 gpg: image: registry: docker.io repository: vladgh/gpg - digest: sha256:8514acc9c94607895e3dea724bd85d885252666212567f6632d2654580539ed3 + tag: 1.3.5 curl: image: registry: docker.io repository: curlimages/curl - tag: 8.5.0 + tag: 8.7.1 networkPolicy: type: none dnsLabels: @@ -89,7 +105,7 @@ global: prometheus: url: https://prometheus-community.github.io/helm-charts charts: - kube-prometheus-stack: 55.x + kube-prometheus-stack: 58.x condition: "{{ .Values.monitoring.prometheus.enabled }}" interval: 5m grafana: @@ -100,14 +116,14 @@ global: bitnami: url: oci://docker.io/bitnamicharts charts: - oauth2-proxy: 4.x - metrics-server: 6.x.x - external-dns: 6.x.x - grafana-tempo: 2.x.x + oauth2-proxy: 5.x + metrics-server: 7.x + external-dns: 7.x + grafana-tempo: 3.x descheduler: url: https://kubernetes-sigs.github.io/descheduler charts: - descheduler: 0.28.x + descheduler: 0.29.x condition: "{{ .Values.descheduler.enabled }}" jetstack: url: https://charts.jetstack.io @@ -121,9 +137,8 @@ global: kyverno: url: https://kyverno.github.io/kyverno charts: - # TODO: migrate to v3 https://artifacthub.io/packages/helm/kyverno/kyverno#migrating-from-v2-to-v3 - kyverno: 2.x.x - kyverno-policies: 2.x.x + kyverno: 3.x.x + kyverno-policies: 3.x.x condition: "{{ .Values.kyverno.enabled }}" cetic: url: https://cetic.github.io/helm-charts @@ -149,8 +164,8 @@ global: vmware: url: https://vmware-tanzu.github.io/helm-charts charts: - velero: 5.x - condition: "{{ .Values.backup.enabled }}" + velero: 6.0.0 + condition: "{{ not (empty .Values.backup.backupStorageLocations) }}" open-telemetry: url: https://open-telemetry.github.io/opentelemetry-helm-charts charts: @@ -318,6 +333,9 @@ monitoring: enabled: true tracing: enabled: false + ingester: + resourcesPreset: small + resources: {} descheduler: enabled: true @@ -427,7 +445,6 @@ rbac: accounts: {} backup: - enabled: true backupStorageLocations: {} resources: requests: diff --git a/charts/common/Chart.lock b/charts/common/Chart.lock new file mode 100644 index 000000000..b32ec3eef --- /dev/null +++ b/charts/common/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: common + repository: https://charts.bitnami.com/bitnami + version: 2.19.1 +digest: sha256:4f539b1fbde383dd5bc020d77d70655108ed4c188b7329c1639df3f1e65de2e0 +generated: "2024-04-12T10:12:11.348760051Z" diff --git a/charts/common/Chart.yaml b/charts/common/Chart.yaml new file mode 100644 index 000000000..e8cd2a19a --- /dev/null +++ b/charts/common/Chart.yaml @@ -0,0 +1,16 @@ +apiVersion: v2 +name: common +description: A library chart for common resources +type: library +version: 1.0.0 +maintainers: + - name: cwrau + email: cwr@teuto.net + - name: marvinWolff + email: mw@teuto.net + - name: tasches + email: st@teuto.net +dependencies: + - name: common + version: 2.19.1 + repository: https://charts.bitnami.com/bitnami diff --git a/charts/common/README.md.gotmpl b/charts/common/README.md.gotmpl new file mode 100644 index 000000000..460620d03 --- /dev/null +++ b/charts/common/README.md.gotmpl @@ -0,0 +1,11 @@ +[modeline]: # ( vim: set ft=markdown: ) +{{ template "chart.header" . }} +{{ template "chart.deprecationWarning" . }} + +{{ template "chart.badgesSection" . }} + +{{ template "chart.description" . }} + +{{ template "chart.homepageLine" . }} + +{{ template "chart.maintainersSection" . }} diff --git a/charts/common/templates/_helm.tpl b/charts/common/templates/_helm.tpl new file mode 100644 index 000000000..a9032924e --- /dev/null +++ b/charts/common/templates/_helm.tpl @@ -0,0 +1,35 @@ +{{/* +Creates a labels block for a HelmRelease resource. +{{ include "common.helm.labels" (dict) -}} +*/}} +{{- define "common.helm.labels" -}} + {{- include "common.labels.standard" (dict "Release" (dict "Name" "{{ .Release.Name }}" "Service" "{{ .Release.Service }}") "Chart" (dict "Name" "{{ .Chart.Name }}" "Version" "{{ .Chart.Version }}") "Values" (dict)) -}} +{{- end -}} + +{{/* +Returns the chart version for a given chart in a given repository. +{{ include "common.helm.chartVersion" (dict "context" $ "repo" "bitnami" "chart" "redis") -}} +*/}} +{{- define "common.helm.chartVersion" -}} + {{- $_ := set . "Values" .context.Values -}} + {{- dig .repo "charts" .chart nil .Values.global.helmRepositories | required (printf "The repo '%s' is either missing or doesn't contain the chart '%s'" .repo .chart) -}} +{{- end -}} + +{{/* +Returns a HelmRelease.spec.chart.spec for a given chart in a given repository. +{{ include "common.helm.chartSpec" (dict "context" $ "repo" "bitnami" "chart" "redis" "prependReleaseName" true) -}} +*/}} +{{- define "common.helm.chartSpec" -}} + {{- $_ := set . "Release" .context.Release -}} + {{- dict + "chart" .chart + "version" (include "common.helm.chartVersion" (dict "repo" .repo "chart" .chart "context" .context)) + "sourceRef" (dict + "kind" "HelmRepository" + "name" (eq .prependReleaseName true | ternary (printf "%s-%s" .Release.Name .repo) .repo) + "namespace" .Release.Namespace + ) + | toYaml + -}} +{{- end -}} + diff --git a/charts/common/templates/_resources.tpl b/charts/common/templates/_resources.tpl new file mode 100644 index 000000000..a78618670 --- /dev/null +++ b/charts/common/templates/_resources.tpl @@ -0,0 +1,22 @@ +{{/* +Return a resource request/limit object based on a given preset or provided resources. +{{ include "common.resources" (dict "resources" (dict) "resourcesPreset" "small") -}} +*/}} +{{- define "common.resources" -}} + {{- $resources := dict -}} + {{- if .resources -}} + {{- $resources = .resources | merge $resources -}} + {{- end -}} + {{- if and .resourcesPreset (ne .resourcesPreset "none") -}} + {{- $resources = include "common.resources.preset" (dict "type" .resourcesPreset) | fromYaml | merge $resources -}} + {{- end -}} + {{- toYaml $resources -}} +{{- end -}} + +{{/* +Return a (dict resources resourcesPreset) for passing through to capable charts, e.g. bitnami +{{ include "common.resourcesWithPreset" (dict "resources" (dict) "resourcesPreset" "small") -}} +*/}} +{{- define "common.resourcesWithPreset" -}} + {{- pick . "resources" "resourcesPreset" | toYaml -}} +{{- end -}} diff --git a/charts/common/values.schema.json b/charts/common/values.schema.json new file mode 100644 index 000000000..b70262237 --- /dev/null +++ b/charts/common/values.schema.json @@ -0,0 +1,30 @@ +{ + "$schema": "https://json-schema.org/draft-07/schema", + "type": "object", + "title": "common defs", + "additionalProperties": false, + "$defs": { + "resourcesPreset": { + "type": "string", + "enum": [ + "nano", + "micro", + "small", + "medium", + "large", + "xlarge", + "2xlarge" + ] + } + }, + "properties": { + "global": { + "type": "object", + "description": "global values for all charts" + }, + "common": { + "type": "object", + "description": "Values for sub-chart" + } + } +} diff --git a/charts/stellio-context-broker/Chart.yaml b/charts/stellio-context-broker/Chart.yaml index 21ad38acc..c284784b8 100644 --- a/charts/stellio-context-broker/Chart.yaml +++ b/charts/stellio-context-broker/Chart.yaml @@ -15,8 +15,8 @@ dependencies: repository: https://charts.bitnami.com/bitnami annotations: artifacthub.io/images: | - - image: docker.io/confluentinc/cp-kafka:7.3.1 - - image: docker.io/stellio/stellio-api-gateway:2.1.0 - - image: docker.io/stellio/stellio-search-service:2.1.0 - - image: docker.io/stellio/stellio-subscription-service:2.1.0 - - image: docker.io/stellio/stellio-timescale-postgis:14-2.9.1-3.3 + - image: docker.io/confluentinc/cp-kafka:7.3.1 # null/Deployment/stellio-context-broker-kafka.yaml + - image: docker.io/stellio/stellio-api-gateway:2.1.0 # null/Deployment/stellio-context-broker-api-gateway.yaml + - image: docker.io/stellio/stellio-search-service:2.1.0 # null/Deployment/stellio-context-broker-search.yaml + - image: docker.io/stellio/stellio-subscription-service:2.1.0 # null/Deployment/stellio-context-broker-subscription.yaml + - image: docker.io/stellio/stellio-timescale-postgis:14-2.9.1-3.3 # null/Deployment/stellio-context-broker-postgres.yaml diff --git a/charts/t8s-cluster/CHANGELOG.md b/charts/t8s-cluster/CHANGELOG.md index c715b66a1..4447feb07 100644 --- a/charts/t8s-cluster/CHANGELOG.md +++ b/charts/t8s-cluster/CHANGELOG.md @@ -1,5 +1,53 @@ # Changelog +## [6.0.0](https://github.com/teutonet/teutonet-helm-charts/compare/t8s-cluster-v5.0.0...t8s-cluster-v6.0.0) (2024-02-29) + + +### ⚠ BREAKING CHANGES + +* **t8s-cluster/management-cluster:** add environment parameter ([#806](https://github.com/teutonet/teutonet-helm-charts/issues/806)) + +### Features + +* **t8s-cluster/management-cluster:** add environment parameter ([#806](https://github.com/teutonet/teutonet-helm-charts/issues/806)) ([e452f9e](https://github.com/teutonet/teutonet-helm-charts/commit/e452f9ed4317a17418689312fcab8b27e75931a1)) +* **t8s-cluster/management-cluster:** automatically roll cluster if certs are going to expire ([#722](https://github.com/teutonet/teutonet-helm-charts/issues/722)) ([6fd3ab1](https://github.com/teutonet/teutonet-helm-charts/commit/6fd3ab163a00bf0c53ac94cc18bfad41f12ed1a3)) +* **t8s-cluster:** update all HRs and enable driftDetection ([#774](https://github.com/teutonet/teutonet-helm-charts/issues/774)) ([139d6df](https://github.com/teutonet/teutonet-helm-charts/commit/139d6df254d547817bfa71aa681df24a79cc4612)) + + +### Miscellaneous Chores + +* **t8s-cluster/dependencies:** update helm release common to v2.16.1 ([#783](https://github.com/teutonet/teutonet-helm-charts/issues/783)) ([fb06ada](https://github.com/teutonet/teutonet-helm-charts/commit/fb06adade8d153c1fdb5998176dc7a57e33f7375)) + +## [5.0.0](https://github.com/teutonet/teutonet-helm-charts/compare/t8s-cluster-4.1.0...t8s-cluster-v5.0.0) (2024-02-20) + + +### ⚠ BREAKING CHANGES + +* **t8s-cluster/management-cluster:** migrate to new secret naming ([#795](https://github.com/teutonet/teutonet-helm-charts/issues/795)) +* **t8s-cluster:** migrate to new image names ([#787](https://github.com/teutonet/teutonet-helm-charts/issues/787)) + +### Features + +* add helmrelease schemas 😍 ([#792](https://github.com/teutonet/teutonet-helm-charts/issues/792)) ([89ed7eb](https://github.com/teutonet/teutonet-helm-charts/commit/89ed7eb540c647cb3e15b590d20a6a83331a61b7)) +* **t8s-cluster/management-cluster:** migrate to new secret naming ([#795](https://github.com/teutonet/teutonet-helm-charts/issues/795)) ([edda640](https://github.com/teutonet/teutonet-helm-charts/commit/edda640e1ce8b5d60a601013b3bd6581dcfc047d)) +* **t8s-cluster:** migrate to new image names ([#787](https://github.com/teutonet/teutonet-helm-charts/issues/787)) ([5137557](https://github.com/teutonet/teutonet-helm-charts/commit/513755798d5ae231670195f1f5cd3c6bf28f3fe2)) + + +### Bug Fixes + +* helmrelease-schemas ([#794](https://github.com/teutonet/teutonet-helm-charts/issues/794)) ([6544385](https://github.com/teutonet/teutonet-helm-charts/commit/65443857c75d07b245c14e05d1fae76f0c0de479)) + + +### Miscellaneous Chores + +* **t8s-cluster/artifacthub-images:** Update ArtifactHUB images ([#734](https://github.com/teutonet/teutonet-helm-charts/issues/734)) ([c5bbe56](https://github.com/teutonet/teutonet-helm-charts/commit/c5bbe5608dbc1274ae42d0d0bf8b753b333fa11e)) +* **t8s-cluster/artifacthub-images:** Update ArtifactHUB images ([#737](https://github.com/teutonet/teutonet-helm-charts/issues/737)) ([829a379](https://github.com/teutonet/teutonet-helm-charts/commit/829a379f43824e1e49b220a871a7b92e53a50492)) +* **t8s-cluster/artifacthub-images:** Update ArtifactHUB images ([#759](https://github.com/teutonet/teutonet-helm-charts/issues/759)) ([71639d0](https://github.com/teutonet/teutonet-helm-charts/commit/71639d0e57263f91b740220dab555f81fcaa0a86)) +* **t8s-cluster/artifacthub-images:** Update ArtifactHUB images ([#790](https://github.com/teutonet/teutonet-helm-charts/issues/790)) ([1bce1a3](https://github.com/teutonet/teutonet-helm-charts/commit/1bce1a3061ecabf50cea46c62960fb0aaca29b10)) +* **t8s-cluster/dependencies:** update docker.io/bitnami/kubectl docker tag to v1.29.1 ([#727](https://github.com/teutonet/teutonet-helm-charts/issues/727)) ([9727139](https://github.com/teutonet/teutonet-helm-charts/commit/9727139109211237e47f186bb6203e5b1d36b262)) +* **t8s-cluster/dependencies:** update helm release common to v2.14.1 ([#693](https://github.com/teutonet/teutonet-helm-charts/issues/693)) ([b5630db](https://github.com/teutonet/teutonet-helm-charts/commit/b5630dba17e57e3d406c6ab18a39c2536cef980f)) +* **t8s-cluster:** streamline imagePullPolicy ([#768](https://github.com/teutonet/teutonet-helm-charts/issues/768)) ([4c080a5](https://github.com/teutonet/teutonet-helm-charts/commit/4c080a552e23d08f55d3ffd189804028ef171b9c)) + ## [4.1.0](https://github.com/teutonet/teutonet-helm-charts/compare/t8s-cluster-4.0.1...t8s-cluster-v4.1.0) (2024-01-18) diff --git a/charts/t8s-cluster/Chart.lock b/charts/t8s-cluster/Chart.lock index 7cf4ccb37..a61cc3063 100644 --- a/charts/t8s-cluster/Chart.lock +++ b/charts/t8s-cluster/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: https://charts.bitnami.com/bitnami - version: 2.13.4 -digest: sha256:252183c828518d1cebc5eb0accbfd496f235484384f8fde2c5311c40d8336d16 -generated: "2024-01-04T00:53:27.023338683Z" + version: 2.19.1 +digest: sha256:4f539b1fbde383dd5bc020d77d70655108ed4c188b7329c1639df3f1e65de2e0 +generated: "2024-03-27T14:50:36.326942273Z" diff --git a/charts/t8s-cluster/Chart.yaml b/charts/t8s-cluster/Chart.yaml index 5614bc407..7044c076c 100644 --- a/charts/t8s-cluster/Chart.yaml +++ b/charts/t8s-cluster/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: t8s-cluster type: application -version: 4.1.0 +version: 6.0.0 icon: https://teuto.net/favicon.ico maintainers: - name: cwrau @@ -16,22 +16,22 @@ home: https://teuto.net description: t8s-operator cluster with necessary addons dependencies: - name: common - version: 2.13.4 + version: 2.19.1 repository: https://charts.bitnami.com/bitnami annotations: artifacthub.io/images: | - - image: docker.io/bitnami/kubectl:1.29.0 + - image: docker.io/bitnami/kubectl:1.29.1 - image: k8s.gcr.io/sig-storage/csi-attacher:v3.4.0 - image: k8s.gcr.io/sig-storage/csi-node-driver-registrar:v2.5.0 - image: k8s.gcr.io/sig-storage/csi-provisioner:v3.1.0 - image: k8s.gcr.io/sig-storage/csi-resizer:v1.4.0 - image: k8s.gcr.io/sig-storage/csi-snapshotter:v5.0.1 - image: k8s.gcr.io/sig-storage/livenessprobe:v2.6.0 - - image: quay.io/cilium/cilium:v1.14.6@sha256:37a49f1abb333279a9b802ee8a21c61cde9dd9138b5ac55f77bdfca733ba852a - - image: quay.io/cilium/hubble-relay:v1.14.6@sha256:adeb90adae481bb952211483f511afee40825707953ed7ac118902d3bc8dd37f - - image: quay.io/cilium/hubble-ui-backend:v0.12.1@sha256:1f86f3400827a0451e6332262467f894eeb7caf0eb8779bd951e2caa9d027cbe - - image: quay.io/cilium/hubble-ui:v0.12.1@sha256:9e5f81ee747866480ea1ac4630eb6975ff9227f9782b7c93919c081c33f38267 - - image: quay.io/cilium/operator-generic:v1.14.6@sha256:2f0bf8fb8362c7379f3bf95036b90ad5b67378ed05cd8eb0410c1afc13423848 + - image: quay.io/cilium/cilium:v1.15.1@sha256:351d6685dc6f6ffbcd5451043167cfa8842c6decf80d8c8e426a417c73fb56d4 + - image: quay.io/cilium/hubble-relay:v1.15.1@sha256:3254aaf85064bc1567e8ce01ad634b6dd269e91858c83be99e47e685d4bb8012 + - image: quay.io/cilium/hubble-ui-backend:v0.13.0@sha256:1e7657d997c5a48253bb8dc91ecee75b63018d16ff5e5797e5af367336bc8803 + - image: quay.io/cilium/hubble-ui:v0.13.0@sha256:7d663dc16538dd6e29061abd1047013a645e6e69c115e008bee9ea9fef9a6666 + - image: quay.io/cilium/operator-generic:v1.15.1@sha256:819c7281f5a4f25ee1ce2ec4c76b6fbc69a660c68b7825e9580b1813833fa743 - image: registry.k8s.io/etcd:3.5.11-0 - image: registry.k8s.io/provider-os/cinder-csi-plugin:v1.25.6 - image: registry.k8s.io/provider-os/openstack-cloud-controller-manager:v1.25.6 diff --git a/charts/t8s-cluster/README.md b/charts/t8s-cluster/README.md index 0fe8fbf07..4a564a5d0 100644 --- a/charts/t8s-cluster/README.md +++ b/charts/t8s-cluster/README.md @@ -1,7 +1,7 @@ [modeline]: # ( vim: set ft=markdown: ) # t8s-cluster -![Version: 4.1.0](https://img.shields.io/badge/Version-4.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) +![Version: 6.0.0](https://img.shields.io/badge/Version-6.0.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) t8s-operator cluster with necessary addons @@ -23,7 +23,7 @@ t8s-operator cluster with necessary addons | Repository | Name | Version | |------------|------|---------| -| https://charts.bitnami.com/bitnami | common | 2.13.4 | +| https://charts.bitnami.com/bitnami | common | 2.16.1 | ## Initial installation @@ -309,6 +309,7 @@ bitnami/kubectl | - [configGroupUrl](#metadata_configGroupUrl ) | No | string | No | - | - | | - [gopassName](#metadata_gopassName ) | No | string | No | - | - | | - [remarks](#metadata_remarks ) | No | string | No | - | - | +| - [environment](#metadata_environment ) | No | string | No | - | - | ### 2.1. ![Required](https://img.shields.io/badge/Required-blue) Property `t8s cluster configuration > metadata > serviceLevelAgreement` @@ -363,6 +364,12 @@ Must be one of: | -------- | -------- | | **Type** | `string` | +### 2.9. ![Optional](https://img.shields.io/badge/Optional-yellow) Property `t8s cluster configuration > metadata > environment` + +| | | +| -------- | -------- | +| **Type** | `string` | + ## 3. ![Required](https://img.shields.io/badge/Required-blue) Property `t8s cluster configuration > controlPlane` | | | diff --git a/charts/t8s-cluster/ci/artifacthub-values.yaml b/charts/t8s-cluster/ci/artifacthub-values.yaml index e69de29bb..b1924e89c 100644 --- a/charts/t8s-cluster/ci/artifacthub-values.yaml +++ b/charts/t8s-cluster/ci/artifacthub-values.yaml @@ -0,0 +1,2 @@ +metadata: + environment: production diff --git a/charts/t8s-cluster/helmrelease.schema.json b/charts/t8s-cluster/helmrelease.schema.json new file mode 100644 index 000000000..8dbdfe600 --- /dev/null +++ b/charts/t8s-cluster/helmrelease.schema.json @@ -0,0 +1,20 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema", + "type": "object", + "allOf": [ + { + "$ref": "https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2beta2.json" + }, + { + "properties": { + "spec": { + "properties": { + "values": { + "$ref": "./values.schema.json" + } + } + } + } + } + ] +} diff --git a/charts/t8s-cluster/templates/_helpers.tpl b/charts/t8s-cluster/templates/_helpers.tpl index d57b0c45e..66c7f55da 100644 --- a/charts/t8s-cluster/templates/_helpers.tpl +++ b/charts/t8s-cluster/templates/_helpers.tpl @@ -30,5 +30,5 @@ sourceRef: {{- $hasGPUFlavor = true -}} {{- end -}} {{- end -}} - {{- $hasGPUFlavor -}} + {{- $hasGPUFlavor | ternary true "" -}} {{- end -}} diff --git a/charts/t8s-cluster/templates/management-cluster/cluster.yaml b/charts/t8s-cluster/templates/management-cluster/cluster.yaml index 6d2efb85f..02f2a12f7 100644 --- a/charts/t8s-cluster/templates/management-cluster/cluster.yaml +++ b/charts/t8s-cluster/templates/management-cluster/cluster.yaml @@ -24,6 +24,9 @@ spec: teutonetesCloudRef: kind: TeutonetesCloud name: {{ required "You need to set the `cloud`" .Values.cloud }} + {{- with .Values.metadata.environment }} + environment: {{ . | quote }} + {{- end }} {{- with .Values.version }} version: {{ printf "v%d.%d.%d" (.major | int) (.minor | int) (.patch | int) }} {{- end }} @@ -38,3 +41,6 @@ spec: {{- end }} bastion: enabled: false + {{- with .Values.openstackImageNamePrefix }} + openStackImageNamePrefix: {{ . | quote }} + {{- end }} diff --git a/charts/t8s-cluster/templates/management-cluster/clusterClass/_helpers.tpl b/charts/t8s-cluster/templates/management-cluster/clusterClass/_helpers.tpl index 3c0f2093e..d52ff05ff 100644 --- a/charts/t8s-cluster/templates/management-cluster/clusterClass/_helpers.tpl +++ b/charts/t8s-cluster/templates/management-cluster/clusterClass/_helpers.tpl @@ -8,7 +8,7 @@ openstack {{- define "t8s-cluster.clusterClass.getIdentityRefSecretName" -}} {{- $_ := set . "Release" .context.Release -}} - {{- printf "cloud-config-%s" .Release.Name -}} + {{- printf "%s-cloud-config" .Release.Name -}} {{- end -}} {{- define "t8s-cluster.clusterClass.tlsCipherSuites" -}} @@ -28,7 +28,6 @@ openstack {{- define "t8s-cluster.clusterClass.postKubeadmCommands" -}} {{- $commands := list -}} - {{- $commands = append $commands "bash -xc 'if systemctl -q is-failed kubelet; then journalctl -u kubelet; else echo kubelet startup successful; fi | tee -a /dev/console'" }} {{- $commands | toYaml }} {{- end -}} diff --git a/charts/t8s-cluster/templates/management-cluster/clusterClass/clusterClass.yaml b/charts/t8s-cluster/templates/management-cluster/clusterClass/clusterClass.yaml index dec148474..2cf4fd8e3 100644 --- a/charts/t8s-cluster/templates/management-cluster/clusterClass/clusterClass.yaml +++ b/charts/t8s-cluster/templates/management-cluster/clusterClass/clusterClass.yaml @@ -120,7 +120,7 @@ spec: op: add path: /spec/template/spec/image valueFrom: - template: {{ .Values.imageNameTemplate.computePlane }} + template: {{ printf "t8s-engine-%s{{ .builtin.machineDeployment.version }}" .Values.openstackImageNamePrefix }} selector: &imagePatchSelector apiVersion: {{ include "t8s-cluster.clusterClass.infrastructureApiVersion" (dict) }} kind: OpenStackMachineTemplate @@ -130,7 +130,7 @@ spec: - jsonPatches: - <<: *imagePatch valueFrom: - template: {{ .Values.imageNameTemplate.controlPlane }} + template: {{ printf "t8s-engine-%s{{ .builtin.controlPlane.version }}" .Values.openstackImageNamePrefix }} selector: <<: *imagePatchSelector matchResources: diff --git a/charts/t8s-cluster/templates/management-cluster/clusterClass/kubeadmnControlPlaneTemplate/_helpers.tpl b/charts/t8s-cluster/templates/management-cluster/clusterClass/kubeadmControlPlaneTemplate/_helpers.tpl similarity index 100% rename from charts/t8s-cluster/templates/management-cluster/clusterClass/kubeadmnControlPlaneTemplate/_helpers.tpl rename to charts/t8s-cluster/templates/management-cluster/clusterClass/kubeadmControlPlaneTemplate/_helpers.tpl diff --git a/charts/t8s-cluster/templates/management-cluster/clusterClass/kubeadmControlPlaneTemplate/_kubeadmControlPlaneTemplateSpec.yaml b/charts/t8s-cluster/templates/management-cluster/clusterClass/kubeadmControlPlaneTemplate/_kubeadmControlPlaneTemplateSpec.yaml new file mode 100644 index 000000000..f1b792d3d --- /dev/null +++ b/charts/t8s-cluster/templates/management-cluster/clusterClass/kubeadmControlPlaneTemplate/_kubeadmControlPlaneTemplateSpec.yaml @@ -0,0 +1,77 @@ +{{/* +KubeadmControlPlaneTemplate is immutable. We need to create new versions during upgrades. +Here we are generating a hash suffix. +This function needs the whole `$` context to be able to use `.Files.Get` +*/}} +{{- define "t8s-cluster.clusterClass.kubeadmControlPlaneTemplate.spec" -}} +rolloutBefore: + certificatesExpiryDays: 60 +kubeadmConfigSpec: + clusterConfiguration: + apiServer: + extraArgs: + admission-control-config-file: &admissionControlConfigFilePath /etc/kubernetes/admission-control-config.yaml + cloud-provider: external + enable-admission-plugins: AlwaysPullImages,EventRateLimit,NodeRestriction + profiling: 'false' + tls-cipher-suites: {{ include "t8s-cluster.clusterClass.tlsCipherSuites" (dict) }} + event-ttl: 4h + extraVolumes: + - hostPath: *admissionControlConfigFilePath + mountPath: *admissionControlConfigFilePath + name: admission-control-config + readOnly: true + - hostPath: &eventRateLimitConfigFilePath /etc/kubernetes/event-rate-limit-config.yaml + mountPath: *eventRateLimitConfigFilePath + name: event-rate-limit-config + readOnly: true + controllerManager: + extraArgs: + authorization-always-allow-paths: /healthz,/readyz,/livez,/metrics + bind-address: 0.0.0.0 + cloud-provider: external + profiling: 'false' + terminated-pod-gc-threshold: '100' + etcd: + local: + extraArgs: + listen-metrics-urls: http://0.0.0.0:2381 + scheduler: + extraArgs: + authorization-always-allow-paths: /healthz,/readyz,/livez,/metrics + bind-address: 0.0.0.0 + profiling: 'false' + files: {{- include "t8s-cluster.patches.kubelet.patches" (dict "context" $) | nindent 4 }} + - content: |- {{- .Files.Get "files/admission-control-config.yaml" | nindent 8 }} + path: *admissionControlConfigFilePath + - content: |- {{- .Files.Get "files/event-rate-limit-config.yaml" | nindent 8 }} + path: *eventRateLimitConfigFilePath + - content: |- {{- .Files.Get "files/kube-proxy.patch.sh" | nindent 8 }} + path: /etc/kube-proxy-patch.sh + permissions: "0700" + - content: |- {{- .Files.Get "files/kube-proxy.config.yaml" | nindent 8 }} + path: /etc/kube-proxy-config.yaml + {{- if .Values.containerRegistryMirror.mirrorEndpoint }} + {{- include "t8s-cluster.clusterClass.containerdConfig.containerRegistryMirrorConfigs" (dict "context" $) | nindent 4 }} + {{- end }} + - content: |- {{- include "t8s-cluster.clusterClass.containerdConfig.plugins" (dict "context" $ "gpu" false) | nindent 8 }} + path: /etc/containerd/conf.d/plugins.toml + {{- if .Values.global.injectedCertificateAuthorities }} + - content: |- {{- .Values.global.injectedCertificateAuthorities | nindent 8 }} + path: /usr/local/share/ca-certificates/injected-ca-certs.crt + {{- end }} + initConfiguration: + nodeRegistration: + kubeletExtraArgs: {{- include "t8s-cluster.clusterClass.kubeletExtraArgs" (dict) | nindent 8 }} + name: '{{ `{{ local_hostname }}` }}' + patches: + directory: {{ include "t8s-cluster.patches.directory" (dict) }} + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: {{- include "t8s-cluster.clusterClass.kubeletExtraArgs" (dict) | nindent 8 }} + name: '{{ `{{ local_hostname }}` }}' + patches: + directory: {{ include "t8s-cluster.patches.directory" (dict) }} + preKubeadmCommands: {{- include "t8s-cluster.clusterClass.preKubeadmCommands" (dict "context" $) | nindent 4 }} + postKubeadmCommands: {{- include "t8s-cluster.clusterClass.postKubeadmCommands" (dict) | nindent 4 }} +{{- end -}} diff --git a/charts/t8s-cluster/templates/management-cluster/clusterClass/kubeadmnControlPlaneTemplate/kubeadmControlPlaneTemplate.yaml b/charts/t8s-cluster/templates/management-cluster/clusterClass/kubeadmControlPlaneTemplate/kubeadmControlPlaneTemplate.yaml similarity index 68% rename from charts/t8s-cluster/templates/management-cluster/clusterClass/kubeadmnControlPlaneTemplate/kubeadmControlPlaneTemplate.yaml rename to charts/t8s-cluster/templates/management-cluster/clusterClass/kubeadmControlPlaneTemplate/kubeadmControlPlaneTemplate.yaml index 3ef2fd51c..1022d7498 100644 --- a/charts/t8s-cluster/templates/management-cluster/clusterClass/kubeadmnControlPlaneTemplate/kubeadmControlPlaneTemplate.yaml +++ b/charts/t8s-cluster/templates/management-cluster/clusterClass/kubeadmControlPlaneTemplate/kubeadmControlPlaneTemplate.yaml @@ -6,5 +6,4 @@ metadata: labels: {{- include "common.labels.standard" $ | nindent 4 }} spec: template: - spec: - kubeadmConfigSpec: {{/* the full context is needed for .Files.Get */}}{{- include "t8s-cluster.clusterClass.kubeadmControlPlaneTemplate.spec" . | nindent 8 }} + spec: {{/* the full context is needed for .Files.Get */}}{{- include "t8s-cluster.clusterClass.kubeadmControlPlaneTemplate.spec" . | nindent 6 }} diff --git a/charts/t8s-cluster/templates/management-cluster/clusterClass/kubeadmnControlPlaneTemplate/_kubeadmControlPlaneTemplateSpec.yaml b/charts/t8s-cluster/templates/management-cluster/clusterClass/kubeadmnControlPlaneTemplate/_kubeadmControlPlaneTemplateSpec.yaml deleted file mode 100644 index 332ad9e1c..000000000 --- a/charts/t8s-cluster/templates/management-cluster/clusterClass/kubeadmnControlPlaneTemplate/_kubeadmControlPlaneTemplateSpec.yaml +++ /dev/null @@ -1,74 +0,0 @@ -{{/* -KubeadmControlPlaneTemplate is immutable. We need to create new versions during upgrades. -Here we are generating a hash suffix. -This function needs the whole `$` context to be able to use `.Files.Get` -*/}} -{{- define "t8s-cluster.clusterClass.kubeadmControlPlaneTemplate.spec" -}} -clusterConfiguration: - apiServer: - extraArgs: - admission-control-config-file: &admissionControlConfigFilePath /etc/kubernetes/admission-control-config.yaml - cloud-provider: external - enable-admission-plugins: AlwaysPullImages,EventRateLimit,NodeRestriction - profiling: 'false' - tls-cipher-suites: {{ include "t8s-cluster.clusterClass.tlsCipherSuites" (dict) }} - event-ttl: 4h - extraVolumes: - - hostPath: *admissionControlConfigFilePath - mountPath: *admissionControlConfigFilePath - name: admission-control-config - readOnly: true - - hostPath: &eventRateLimitConfigFilePath /etc/kubernetes/event-rate-limit-config.yaml - mountPath: *eventRateLimitConfigFilePath - name: event-rate-limit-config - readOnly: true - controllerManager: - extraArgs: - authorization-always-allow-paths: /healthz,/readyz,/livez,/metrics - bind-address: 0.0.0.0 - cloud-provider: external - profiling: 'false' - terminated-pod-gc-threshold: '100' - etcd: - local: - extraArgs: - listen-metrics-urls: http://0.0.0.0:2381 - scheduler: - extraArgs: - authorization-always-allow-paths: /healthz,/readyz,/livez,/metrics - bind-address: 0.0.0.0 - profiling: 'false' -files: {{- include "t8s-cluster.patches.kubelet.patches" (dict "context" $) | nindent 2 }} - - content: |- {{- .Files.Get "files/admission-control-config.yaml" | nindent 6 }} - path: *admissionControlConfigFilePath - - content: |- {{- .Files.Get "files/event-rate-limit-config.yaml" | nindent 6 }} - path: *eventRateLimitConfigFilePath - - content: |- {{- .Files.Get "files/kube-proxy.patch.sh" | nindent 6 }} - path: /etc/kube-proxy-patch.sh - permissions: "0700" - - content: |- {{- .Files.Get "files/kube-proxy.config.yaml" | nindent 6 }} - path: /etc/kube-proxy-config.yaml - {{- if .Values.containerRegistryMirror.mirrorEndpoint }} - {{- include "t8s-cluster.clusterClass.containerdConfig.containerRegistryMirrorConfigs" (dict "context" $) | nindent 2 }} - {{- end }} - - content: |- {{- include "t8s-cluster.clusterClass.containerdConfig.plugins" (dict "context" $ "gpu" false) | nindent 6 }} - path: /etc/containerd/conf.d/plugins.toml - {{- if .Values.global.injectedCertificateAuthorities }} - - content: |- {{- .Values.global.injectedCertificateAuthorities | nindent 6 }} - path: /usr/local/share/ca-certificates/injected-ca-certs.crt - {{- end }} -initConfiguration: - nodeRegistration: - kubeletExtraArgs: {{- include "t8s-cluster.clusterClass.kubeletExtraArgs" (dict) | nindent 6 }} - name: '{{ `{{ local_hostname }}` }}' - patches: - directory: {{ include "t8s-cluster.patches.directory" (dict) }} -joinConfiguration: - nodeRegistration: - kubeletExtraArgs: {{- include "t8s-cluster.clusterClass.kubeletExtraArgs" (dict) | nindent 6 }} - name: '{{ `{{ local_hostname }}` }}' - patches: - directory: {{ include "t8s-cluster.patches.directory" (dict) }} -preKubeadmCommands: {{- include "t8s-cluster.clusterClass.preKubeadmCommands" (dict "context" $) | nindent 2 }} -postKubeadmCommands: {{- include "t8s-cluster.clusterClass.postKubeadmCommands" (dict) | nindent 2 }} -{{- end -}} diff --git a/charts/t8s-cluster/templates/management-cluster/clusterClass/openStackClusterTemplate/_openStackClusterTemplateSpec.yaml b/charts/t8s-cluster/templates/management-cluster/clusterClass/openStackClusterTemplate/_openStackClusterTemplateSpec.yaml index d37498339..5c2ef5090 100644 --- a/charts/t8s-cluster/templates/management-cluster/clusterClass/openStackClusterTemplate/_openStackClusterTemplateSpec.yaml +++ b/charts/t8s-cluster/templates/management-cluster/clusterClass/openStackClusterTemplate/_openStackClusterTemplateSpec.yaml @@ -18,7 +18,7 @@ bastion: identityRef: kind: Secret name: {{ include "t8s-cluster.clusterClass.getIdentityRefSecretName" (dict "context" .context) }} - image: Ubuntu 20.04 # artifacthub-ignore + image: Ubuntu 20.04 sshKeyName: {{ .Values.bastion.sshKeyName }} cloudName: {{ include "t8s-cluster.clusterClass.cloudName" (dict) }} disablePortSecurity: false diff --git a/charts/t8s-cluster/templates/management-cluster/repositories/cni-calico.yaml b/charts/t8s-cluster/templates/management-cluster/repositories/cni-calico.yaml index 14231d137..a8c6411e2 100644 --- a/charts/t8s-cluster/templates/management-cluster/repositories/cni-calico.yaml +++ b/charts/t8s-cluster/templates/management-cluster/repositories/cni-calico.yaml @@ -10,9 +10,9 @@ spec: url: https://github.com/projectcalico/calico ref: {{- with .Values.version }} - branch: {{ printf "release-v3.%d" (.minor | int) }} + semver: {{ printf "v3.%d.x" (.minor | int) }} {{- end }} ignore: | /manifests/** !/manifests/calico.yaml -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/t8s-cluster/templates/management-cluster/uninstall.yaml b/charts/t8s-cluster/templates/management-cluster/uninstall.yaml index 1a193ec23..75586016d 100644 --- a/charts/t8s-cluster/templates/management-cluster/uninstall.yaml +++ b/charts/t8s-cluster/templates/management-cluster/uninstall.yaml @@ -22,11 +22,7 @@ spec: containers: - name: uninstall-cleanup image: {{ include "common.images.image" (dict "imageRoot" .Values.global.kubectl.image "global" .Values.global) }} - {{- if .Values.global.kubectl.image.digest }} - imagePullPolicy: IfNotPresent - {{- else }} - imagePullPolicy: Always - {{- end }} + imagePullPolicy: {{ empty .Values.global.kubectl.image.digest | ternary "Always" "IfNotPresent" }} securityContext: readOnlyRootFilesystem: true privileged: false diff --git a/charts/t8s-cluster/templates/workload-cluster/_helmRelease.yaml b/charts/t8s-cluster/templates/workload-cluster/_helmRelease.yaml index 93ff4961c..cde70d2f1 100644 --- a/charts/t8s-cluster/templates/workload-cluster/_helmRelease.yaml +++ b/charts/t8s-cluster/templates/workload-cluster/_helmRelease.yaml @@ -1,5 +1,5 @@ {{- define "t8s-cluster.helm.resourceIntoCluster" -}} -apiVersion: helm.toolkit.fluxcd.io/v2beta1 +apiVersion: helm.toolkit.fluxcd.io/v2beta2 kind: HelmRelease metadata: name: {{ printf "%s-%s" .context.Release.Name .name }} @@ -18,6 +18,8 @@ spec: name: {{ printf "%s-cetic" .context.Release.Name }} namespace: {{ .context.Release.Namespace }} interval: 1h + driftDetection: + mode: enabled kubeConfig: secretRef: name: {{ .context.Release.Name }}-kubeconfig diff --git a/charts/t8s-cluster/templates/workload-cluster/cinder-csi-plugin.yaml b/charts/t8s-cluster/templates/workload-cluster/cinder-csi-plugin.yaml index 5e6658beb..96485c4f1 100644 --- a/charts/t8s-cluster/templates/workload-cluster/cinder-csi-plugin.yaml +++ b/charts/t8s-cluster/templates/workload-cluster/cinder-csi-plugin.yaml @@ -1,4 +1,4 @@ -apiVersion: helm.toolkit.fluxcd.io/v2beta1 +apiVersion: helm.toolkit.fluxcd.io/v2beta2 kind: HelmRelease metadata: name: {{ printf "%s-csi" .Release.Name }} @@ -14,6 +14,8 @@ spec: namespace: {{ .Release.Namespace }} version: {{ printf "2.%d.x" (.Values.version.minor | int) }} interval: 1h + driftDetection: + mode: enabled {{- if eq .Values.cni "cilium" }} dependsOn: - name: {{ printf "%s-cni" .Release.Name }} diff --git a/charts/t8s-cluster/templates/workload-cluster/cloud-controller-manager.yaml b/charts/t8s-cluster/templates/workload-cluster/cloud-controller-manager.yaml index 3c9d19456..a55a10bab 100644 --- a/charts/t8s-cluster/templates/workload-cluster/cloud-controller-manager.yaml +++ b/charts/t8s-cluster/templates/workload-cluster/cloud-controller-manager.yaml @@ -1,4 +1,4 @@ -apiVersion: helm.toolkit.fluxcd.io/v2beta1 +apiVersion: helm.toolkit.fluxcd.io/v2beta2 kind: HelmRelease metadata: name: {{ printf "%s-ccm" .Release.Name }} @@ -14,6 +14,8 @@ spec: namespace: {{ .Release.Namespace }} version: {{ printf "2.%d.x" (.Values.version.minor | int) }} interval: 1h + driftDetection: + mode: enabled {{- if eq .Values.cni "cilium" }} dependsOn: - name: {{ printf "%s-cni" .Release.Name }} diff --git a/charts/t8s-cluster/templates/workload-cluster/cni-cilium.yaml b/charts/t8s-cluster/templates/workload-cluster/cni-cilium.yaml index 2cbce43dc..1ba91f086 100644 --- a/charts/t8s-cluster/templates/workload-cluster/cni-cilium.yaml +++ b/charts/t8s-cluster/templates/workload-cluster/cni-cilium.yaml @@ -1,5 +1,5 @@ {{- if eq .Values.cni "cilium" }} -apiVersion: helm.toolkit.fluxcd.io/v2beta1 +apiVersion: helm.toolkit.fluxcd.io/v2beta2 kind: HelmRelease metadata: name: {{ printf "%s-cni" .Release.Name }} @@ -9,6 +9,8 @@ spec: chart: spec: {{- include "t8s-cluster.helm.chartSpec" (dict "repo" "cilium" "chart" "cilium" "context" $) | nindent 6 }} interval: 1h + driftDetection: + mode: enabled kubeConfig: secretRef: name: {{ .Release.Name }}-kubeconfig diff --git a/charts/t8s-cluster/templates/workload-cluster/gpu-operator.yaml b/charts/t8s-cluster/templates/workload-cluster/gpu-operator.yaml index 001941be3..08076a7b7 100644 --- a/charts/t8s-cluster/templates/workload-cluster/gpu-operator.yaml +++ b/charts/t8s-cluster/templates/workload-cluster/gpu-operator.yaml @@ -1,5 +1,5 @@ {{- if eq (include "t8s-cluster.hasGPUNodes" (dict "context" $)) "true" }} -apiVersion: helm.toolkit.fluxcd.io/v2beta1 +apiVersion: helm.toolkit.fluxcd.io/v2beta2 kind: HelmRelease metadata: name: {{ printf "%s-gpu-operator" .Release.Name }} @@ -9,6 +9,8 @@ spec: chart: spec: {{- include "t8s-cluster.helm.chartSpec" (dict "repo" "nvidia" "chart" "gpu-operator" "context" $) | nindent 6 }} interval: 1h + driftDetection: + mode: enabled kubeConfig: secretRef: name: {{ .Release.Name }}-kubeconfig diff --git a/charts/t8s-cluster/templates/workload-cluster/pre-install/_uninstall-job.yaml b/charts/t8s-cluster/templates/workload-cluster/pre-install/_uninstall-job.yaml index adb5bd787..a35cae554 100644 --- a/charts/t8s-cluster/templates/workload-cluster/pre-install/_uninstall-job.yaml +++ b/charts/t8s-cluster/templates/workload-cluster/pre-install/_uninstall-job.yaml @@ -30,11 +30,7 @@ spec: containers: - name: uninstall image: {{ include "common.images.image" (dict "imageRoot" .Values.global.kubectl.image "global" .Values.global) }} - {{- if .Values.global.kubectl.image.digest }} - imagePullPolicy: IfNotPresent - {{- else }} - imagePullPolicy: Always - {{- end }} + imagePullPolicy: {{ empty .Values.global.kubectl.image.digest | ternary "Always" "IfNotPresent" }} securityContext: readOnlyRootFilesystem: true privileged: false diff --git a/charts/t8s-cluster/templates/workload-cluster/pre-install/uninstall-storageclasses.yaml b/charts/t8s-cluster/templates/workload-cluster/pre-install/uninstall-storageclasses.yaml index 80807f0a2..dda737a60 100644 --- a/charts/t8s-cluster/templates/workload-cluster/pre-install/uninstall-storageclasses.yaml +++ b/charts/t8s-cluster/templates/workload-cluster/pre-install/uninstall-storageclasses.yaml @@ -25,11 +25,7 @@ spec: containers: - name: uninstall image: {{ include "common.images.image" (dict "imageRoot" .Values.global.kubectl.image "global" .Values.global) }} - {{- if .Values.global.kubectl.image.digest }} - imagePullPolicy: IfNotPresent - {{- else }} - imagePullPolicy: Always - {{- end }} + imagePullPolicy: {{ empty .Values.global.kubectl.image.digest | ternary "Always" "IfNotPresent" }} securityContext: readOnlyRootFilesystem: true privileged: false diff --git a/charts/t8s-cluster/values.schema.json b/charts/t8s-cluster/values.schema.json index b392d94bb..8551fabe7 100644 --- a/charts/t8s-cluster/values.schema.json +++ b/charts/t8s-cluster/values.schema.json @@ -106,6 +106,9 @@ }, "remarks": { "type": "string" + }, + "environment": { + "type": "string" } }, "required": [ @@ -146,10 +149,14 @@ "type": "object", "properties": { "major": { - "type": "integer" + "type": "integer", + "const": 1 }, "minor": { - "type": "integer" + "type": "integer", + "description": "The minor version of the k8s cluster. Must be below 29, as CAPO does not support 1.29 yet.", + "minimum": 25, + "maximum": 28 }, "patch": { "type": "integer" @@ -237,21 +244,8 @@ "calico" ] }, - "imageNameTemplate": { - "type": "object", - "properties": { - "computePlane": { - "type": "string" - }, - "controlPlane": { - "type": "string" - } - }, - "required": [ - "computePlane", - "controlPlane" - ], - "additionalProperties": false + "openstackImageNamePrefix": { + "type": "string" }, "common": { "type": "object", @@ -262,6 +256,7 @@ "metadata", "version", "controlPlane", + "openstackImageNamePrefix", "nodePools" ], "additionalProperties": false, diff --git a/charts/t8s-cluster/values.yaml b/charts/t8s-cluster/values.yaml index 847c6ab10..f4388fddd 100644 --- a/charts/t8s-cluster/values.yaml +++ b/charts/t8s-cluster/values.yaml @@ -10,7 +10,7 @@ global: url: https://helm.ngc.nvidia.com/nvidia charts: gpu-operator: 23.x.x - condition: '{{ eq (include "t8s-cluster.hasGPUNodes" (dict "context" $)) "true" }}' + condition: '{{ include "t8s-cluster.hasGPUNodes" (dict "context" $) }}' cloud-provider-openstack: url: https://kubernetes.github.io/cloud-provider-openstack cetic: @@ -19,12 +19,12 @@ global: image: registry: registry.k8s.io repository: etcd - tag: 3.5.11-0 + tag: 3.5.12-0 kubectl: image: registry: docker.io repository: bitnami/kubectl - tag: 1.29.0 + tag: 1.29.3 semver: image: registry: docker.io @@ -69,6 +69,4 @@ sshKeyName: null cni: cilium -imageNameTemplate: - computePlane: t8s-engine-2004-kube-{{ .builtin.machineDeployment.version }} - controlPlane: t8s-engine-2004-kube-{{ .builtin.controlPlane.version }} +openstackImageNamePrefix: "" diff --git a/charts/teuto-portal-k8s-worker/CHANGELOG.md b/charts/teuto-portal-k8s-worker/CHANGELOG.md index f89949e7f..65f546e87 100644 --- a/charts/teuto-portal-k8s-worker/CHANGELOG.md +++ b/charts/teuto-portal-k8s-worker/CHANGELOG.md @@ -1,5 +1,14 @@ # Changelog +## [1.0.2](https://github.com/teutonet/teutonet-helm-charts/compare/teuto-portal-k8s-worker-1.0.1...teuto-portal-k8s-worker-v1.0.2) (2024-02-07) + + +### Miscellaneous Chores + +* **teuto-portal-k8s-worker/dependencies:** update helm release common to v2.13.4 ([#684](https://github.com/teutonet/teutonet-helm-charts/issues/684)) ([9b6ec99](https://github.com/teutonet/teutonet-helm-charts/commit/9b6ec996bf9ef76026841d0e25530cf81cb2472e)) +* **teuto-portal-k8s-worker/dependencies:** update helm release common to v2.14.1 ([#694](https://github.com/teutonet/teutonet-helm-charts/issues/694)) ([9b0553a](https://github.com/teutonet/teutonet-helm-charts/commit/9b0553a2b4a4969eef35907559adcbb635b96df8)) +* **teuto-portal-k8s-worker/dependencies:** update registry-gitlab.teuto.net/4teuto/dev/teuto-portal/teuto-portal-k8s-worker/teuto-portal-k8s-worker docker tag to v1.1.0 - autoclosed ([#733](https://github.com/teutonet/teutonet-helm-charts/issues/733)) ([a63819f](https://github.com/teutonet/teutonet-helm-charts/commit/a63819f04ff26ff4ca40796c292fb9cd2b836ae2)) + ## [1.0.1](https://github.com/teutonet/teutonet-helm-charts/compare/teuto-portal-k8s-worker-1.0.0...teuto-portal-k8s-worker-v1.0.1) (2023-12-12) diff --git a/charts/teuto-portal-k8s-worker/Chart.lock b/charts/teuto-portal-k8s-worker/Chart.lock index cd3882fc5..2067a51b7 100644 --- a/charts/teuto-portal-k8s-worker/Chart.lock +++ b/charts/teuto-portal-k8s-worker/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: https://charts.bitnami.com/bitnami - version: 2.13.4 -digest: sha256:252183c828518d1cebc5eb0accbfd496f235484384f8fde2c5311c40d8336d16 -generated: "2024-01-04T00:53:44.110171692Z" + version: 2.19.1 +digest: sha256:4f539b1fbde383dd5bc020d77d70655108ed4c188b7329c1639df3f1e65de2e0 +generated: "2024-03-27T15:42:53.974530507Z" diff --git a/charts/teuto-portal-k8s-worker/Chart.yaml b/charts/teuto-portal-k8s-worker/Chart.yaml index 9bac56385..f739ac604 100644 --- a/charts/teuto-portal-k8s-worker/Chart.yaml +++ b/charts/teuto-portal-k8s-worker/Chart.yaml @@ -2,9 +2,8 @@ apiVersion: v2 name: teuto-portal-k8s-worker description: A Helm chart for deploying the portal worker application to k8s type: application -version: 1.0.1 -appVersion: "1.0.0" - +version: 1.0.2 +appVersion: 2.0.0 maintainers: - name: cwrau email: cwr@teuto.net @@ -12,8 +11,10 @@ maintainers: email: mw@teuto.net - name: tasches email: st@teuto.net - dependencies: - name: common - version: 2.13.4 + version: 2.19.1 repository: https://charts.bitnami.com/bitnami +annotations: + artifacthub.io/images: | + - image: registry-gitlab.teuto.net/4teuto/dev/teuto-portal/teuto-portal-k8s-worker/teuto-portal-k8s-worker:2.0.0 # default/Deployment/teuto-portal-k8s-worker.yaml diff --git a/charts/teuto-portal-k8s-worker/README.md b/charts/teuto-portal-k8s-worker/README.md new file mode 100644 index 000000000..9e23bb656 --- /dev/null +++ b/charts/teuto-portal-k8s-worker/README.md @@ -0,0 +1,50 @@ +# teuto-portal-k8s-worker + +![Version: 1.0.2](https://img.shields.io/badge/Version-1.0.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.0.0](https://img.shields.io/badge/AppVersion-1.0.0-informational?style=flat-square) + +A Helm chart for deploying the portal worker application to k8s + +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| cwrau | | | +| marvinWolff | | | +| tasches | | | + +## Requirements + +| Repository | Name | Version | +|------------|------|---------| +| https://charts.bitnami.com/bitnami | common | 2.14.1 | + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| global.imagePullSecrets | list | `[]` | | +| global.podSecurityContext.allowPrivilegeEscalation | bool | `false` | | +| global.podSecurityContext.capabilities.drop[0] | string | `"ALL"` | | +| global.podSecurityContext.privileged | bool | `false` | | +| global.podSecurityContext.readOnlyRootFilesystem | bool | `true` | | +| global.podSecurityContext.runAsGroup | int | `1000` | | +| global.podSecurityContext.runAsNonRoot | bool | `true` | | +| global.podSecurityContext.runAsUser | int | `1000` | | +| global.securityContext.fsGroup | int | `1000` | | +| global.securityContext.fsGroupChangePolicy | string | `"OnRootMismatch"` | | +| global.securityContext.runAsGroup | int | `1000` | | +| global.securityContext.runAsNonRoot | bool | `true` | | +| global.securityContext.runAsUser | int | `1000` | | +| worker.database.credentials.secret.name | string | `""` | | +| worker.database.host | string | `"localhost"` | | +| worker.database.port | int | `5432` | | +| worker.image.registry | string | `"registry-gitlab.teuto.net"` | | +| worker.image.repository | string | `"4teuto/dev/teuto-portal/teuto-portal-k8s-worker/teuto-portal-k8s-worker"` | | +| worker.image.tag | string | `"1.1.0"` | | +| worker.kubeconfig.secret.name | string | `""` | | +| worker.resources.limits.cpu | string | `"500m"` | | +| worker.resources.limits.memory | string | `"1Gi"` | | +| worker.resources.requests.memory | string | `"256Mi"` | | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.12.0](https://github.com/norwoodj/helm-docs/releases/v1.12.0) diff --git a/charts/teuto-portal-k8s-worker/ci/artifacthub-values.yaml b/charts/teuto-portal-k8s-worker/ci/artifacthub-values.yaml new file mode 100644 index 000000000..7bfca0bb5 --- /dev/null +++ b/charts/teuto-portal-k8s-worker/ci/artifacthub-values.yaml @@ -0,0 +1,9 @@ +worker: + database: + host: test + credentials: + secret: + name: test + kubeconfig: + secret: + name: test diff --git a/charts/teuto-portal-k8s-worker/ci/worker-values.yaml b/charts/teuto-portal-k8s-worker/ci/worker-values.yaml index 881b4ac43..35c8f0e6e 100644 --- a/charts/teuto-portal-k8s-worker/ci/worker-values.yaml +++ b/charts/teuto-portal-k8s-worker/ci/worker-values.yaml @@ -10,6 +10,7 @@ worker: - teuto-net syncInterval: 10s loggingFormat: json + environment: production kubeconfig: secret: name: k8s-access-token diff --git a/charts/teuto-portal-k8s-worker/helmrelease.schema.json b/charts/teuto-portal-k8s-worker/helmrelease.schema.json new file mode 100644 index 000000000..8dbdfe600 --- /dev/null +++ b/charts/teuto-portal-k8s-worker/helmrelease.schema.json @@ -0,0 +1,20 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema", + "type": "object", + "allOf": [ + { + "$ref": "https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2beta2.json" + }, + { + "properties": { + "spec": { + "properties": { + "values": { + "$ref": "./values.schema.json" + } + } + } + } + } + ] +} diff --git a/charts/teuto-portal-k8s-worker/templates/deployment.yaml b/charts/teuto-portal-k8s-worker/templates/deployment.yaml index 437036003..f8e348b6a 100644 --- a/charts/teuto-portal-k8s-worker/templates/deployment.yaml +++ b/charts/teuto-portal-k8s-worker/templates/deployment.yaml @@ -19,11 +19,7 @@ spec: - name: {{ .Chart.Name }} securityContext: {{- toYaml .Values.global.podSecurityContext | nindent 12 }} image: {{ template "portalworker.image". }} - {{- if .Values.worker.image.digest }} - imagePullPolicy: IfNotPresent - {{- else }} - imagePullPolicy: Always - {{- end }} + imagePullPolicy: {{ empty .Values.worker.image.digest | ternary "Always" "IfNotPresent" }} env: - name: JDBC_URL value: {{ include "portalworker.jdbc" . | quote }} @@ -70,4 +66,4 @@ spec: emptyDir: {} - name: clusterconfig secret: - secretName: {{ required "k8s access token for the management cluster must be provided" .Values.worker.kubeconfig.secret.name }} \ No newline at end of file + secretName: {{ required "k8s access token for the management cluster must be provided" .Values.worker.kubeconfig.secret.name }} diff --git a/charts/teuto-portal-k8s-worker/values.schema.json b/charts/teuto-portal-k8s-worker/values.schema.json index 616ed1fc6..9712a6f6a 100644 --- a/charts/teuto-portal-k8s-worker/values.schema.json +++ b/charts/teuto-portal-k8s-worker/values.schema.json @@ -6,15 +6,15 @@ "global": { "imagePullSecrets": { "type": "array", - "items": { - "type": "object", - "properties": { - "name": { - "type": "string" - } - }, - "additionalProperties": false - } + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + } + }, + "additionalProperties": false + } }, "podSecurityContext": { "type": "object", @@ -196,6 +196,9 @@ }, "loggingFormat": { "type": "string" + }, + "environment": { + "type": "string" } }, "additionalProperties": false diff --git a/charts/teuto-portal-k8s-worker/values.yaml b/charts/teuto-portal-k8s-worker/values.yaml index 460d04c73..a977bfd10 100644 --- a/charts/teuto-portal-k8s-worker/values.yaml +++ b/charts/teuto-portal-k8s-worker/values.yaml @@ -22,7 +22,7 @@ worker: image: registry: registry-gitlab.teuto.net repository: 4teuto/dev/teuto-portal/teuto-portal-k8s-worker/teuto-portal-k8s-worker - tag: 1.0.0 + tag: 2.0.0 database: credentials: secret: