diff --git a/packages/apps/kubernetes/Chart.yaml b/packages/apps/kubernetes/Chart.yaml index 3d872597..39e8cc22 100644 --- a/packages/apps/kubernetes/Chart.yaml +++ b/packages/apps/kubernetes/Chart.yaml @@ -16,7 +16,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.2.0 +version: 0.4.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/packages/apps/kubernetes/templates/cluster.yaml b/packages/apps/kubernetes/templates/cluster.yaml index 19aebd00..baa0bc6b 100644 --- a/packages/apps/kubernetes/templates/cluster.yaml +++ b/packages/apps/kubernetes/templates/cluster.yaml @@ -39,7 +39,9 @@ metadata: spec: dataStoreName: "{{ $etcd }}" addons: - coreDNS: {} + coreDNS: + dnsServiceIPs: + - 10.95.0.10 konnectivity: {} kubelet: cgroupfs: systemd @@ -55,7 +57,7 @@ spec: className: "{{ $ingress }}" deployment: replicas: 2 - version: 1.29.0 + version: 1.29.4 --- apiVersion: infrastructure.cluster.x-k8s.io/v1alpha1 kind: KubevirtCluster @@ -176,5 +178,5 @@ spec: kind: KubevirtMachineTemplate name: {{ $.Release.Name }}-{{ $groupName }} namespace: default - version: v1.29.0 + version: v1.29.4 {{- end }} diff --git a/packages/apps/kubernetes/templates/helmreleases/cilium.yaml b/packages/apps/kubernetes/templates/helmreleases/cilium.yaml index 96c759fd..14577407 100644 --- a/packages/apps/kubernetes/templates/helmreleases/cilium.yaml +++ b/packages/apps/kubernetes/templates/helmreleases/cilium.yaml @@ -26,7 +26,9 @@ spec: values: cilium: tunnel: disabled - autoDirectNodeRoutes: true + autoDirectNodeRoutes: false + bpf: + masquerade: true cgroup: autoMount: enabled: true @@ -38,9 +40,9 @@ spec: chainingMode: ~ customConf: false configMap: "" - routingMode: native + routingMode: tunnel enableIPv4Masquerade: true - ipv4NativeRoutingCIDR: "10.244.0.0/16" + ipv4NativeRoutingCIDR: "" dependsOn: - name: {{ .Release.Name }} namespace: {{ .Release.Namespace }} diff --git a/packages/apps/postgres/Chart.yaml b/packages/apps/postgres/Chart.yaml index c9e8d9f5..89dee73f 100644 --- a/packages/apps/postgres/Chart.yaml +++ b/packages/apps/postgres/Chart.yaml @@ -16,7 +16,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.2.0 +version: 0.2.1 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/packages/apps/postgres/templates/init-script.yaml b/packages/apps/postgres/templates/init-script.yaml index e402fce3..f5f6431c 100644 --- a/packages/apps/postgres/templates/init-script.yaml +++ b/packages/apps/postgres/templates/init-script.yaml @@ -100,13 +100,13 @@ stringData: echo "== assign roles to users" psql -v ON_ERROR_STOP=1 --echo-all <<\EOT {{- range $database, $d := .Values.databases }} - {{- range $user, $u := $.Values.roles }} - {{- if has $user $d.users.admin }} + {{- range $user, $u := $.Values.users }} + {{- if has $user $d.roles.admin }} GRANT {{ $database }}_admin TO {{ $user }}; {{- else }} REVOKE {{ $database }}_admin FROM {{ $user }}; {{- end }} - {{- if has $user $d.users.readonly }} + {{- if has $user $d.roles.readonly }} GRANT {{ $database }}_readonly TO {{ $user }}; {{- else }} REVOKE {{ $database }}_readonly FROM {{ $user }}; diff --git a/packages/apps/versions_map b/packages/apps/versions_map index c7288590..bd195c9a 100644 --- a/packages/apps/versions_map +++ b/packages/apps/versions_map @@ -5,12 +5,15 @@ http-cache 0.2.0 HEAD kafka 0.1.0 760f86d2 kafka 0.2.0 HEAD kubernetes 0.1.0 f642698 -kubernetes 0.2.0 HEAD +kubernetes 0.2.0 7cd7de73 +kubernetes 0.3.0 7caccec1 +kubernetes 0.4.0 HEAD mysql 0.1.0 f642698 mysql 0.2.0 8b975ff0 mysql 0.3.0 HEAD postgres 0.1.0 f642698 -postgres 0.2.0 HEAD +postgres 0.2.0 7cd7de73 +postgres 0.2.1 HEAD rabbitmq 0.1.0 f642698 rabbitmq 0.2.0 HEAD redis 0.1.1 f642698 diff --git a/packages/core/fluxcd/Makefile b/packages/core/fluxcd/Makefile index 7f1ddacf..9a44bd14 100644 --- a/packages/core/fluxcd/Makefile +++ b/packages/core/fluxcd/Makefile @@ -11,3 +11,10 @@ apply: diff: helm template -n $(NAMESPACE) $(NAME) . --no-hooks --dry-run=server $(API_VERSIONS_FLAGS) | kubectl diff -n $(NAMESPACE) -f- + +update: + rm -rf charts + helm repo add fluxcd-community https://fluxcd-community.github.io/helm-charts + helm repo update fluxcd-community + helm pull fluxcd-community/flux2 --untar --untardir charts + sed -i 's/\.{{ \.Values\.clusterDomain | default "cluster\.local" }}\.//g' `grep -rl '.{{ .Values.clusterDomain | default "cluster.local" }}.' charts` diff --git a/packages/core/fluxcd/charts/flux2/templates/helm-controller.yaml b/packages/core/fluxcd/charts/flux2/templates/helm-controller.yaml index 0811c156..8177c17c 100644 --- a/packages/core/fluxcd/charts/flux2/templates/helm-controller.yaml +++ b/packages/core/fluxcd/charts/flux2/templates/helm-controller.yaml @@ -44,7 +44,7 @@ spec: - --default-service-account={{ .Values.multitenancy.defaultServiceAccount | default "default" }} {{- end}} {{- if .Values.notificationController.create }} - - --events-addr=http://notification-controller.$(RUNTIME_NAMESPACE).svc.{{ .Values.clusterDomain | default "cluster.local" }}. + - --events-addr=http://notification-controller.$(RUNTIME_NAMESPACE).svc {{- end}} - --watch-all-namespaces={{ .Values.watchAllNamespaces }} - --log-level={{ .Values.logLevel | default "info" }} diff --git a/packages/core/fluxcd/charts/flux2/templates/image-automation-controller.yaml b/packages/core/fluxcd/charts/flux2/templates/image-automation-controller.yaml index 47da44d5..40e4da8d 100644 --- a/packages/core/fluxcd/charts/flux2/templates/image-automation-controller.yaml +++ b/packages/core/fluxcd/charts/flux2/templates/image-automation-controller.yaml @@ -43,7 +43,7 @@ spec: - --no-cross-namespace-refs=true {{- end}} {{- if .Values.notificationController.create }} - - --events-addr=http://notification-controller.$(RUNTIME_NAMESPACE).svc.{{ .Values.clusterDomain | default "cluster.local" }}. + - --events-addr=http://notification-controller.$(RUNTIME_NAMESPACE).svc {{- end}} - --watch-all-namespaces={{ .Values.watchAllNamespaces }} - --log-level={{ .Values.logLevel | default "info" }} diff --git a/packages/core/fluxcd/charts/flux2/templates/image-reflector-controller.yaml b/packages/core/fluxcd/charts/flux2/templates/image-reflector-controller.yaml index 58abd295..6be9c3e1 100644 --- a/packages/core/fluxcd/charts/flux2/templates/image-reflector-controller.yaml +++ b/packages/core/fluxcd/charts/flux2/templates/image-reflector-controller.yaml @@ -43,7 +43,7 @@ spec: - --no-cross-namespace-refs=true {{- end}} {{- if .Values.notificationController.create }} - - --events-addr=http://notification-controller.$(RUNTIME_NAMESPACE).svc.{{ .Values.clusterDomain | default "cluster.local" }}. + - --events-addr=http://notification-controller.$(RUNTIME_NAMESPACE).svc {{- end}} - --watch-all-namespaces={{ .Values.watchAllNamespaces }} - --log-level={{ .Values.logLevel | default "info" }} diff --git a/packages/core/fluxcd/charts/flux2/templates/kustomize-controller.yaml b/packages/core/fluxcd/charts/flux2/templates/kustomize-controller.yaml index fff3ed0d..6473dbe0 100644 --- a/packages/core/fluxcd/charts/flux2/templates/kustomize-controller.yaml +++ b/packages/core/fluxcd/charts/flux2/templates/kustomize-controller.yaml @@ -44,7 +44,7 @@ spec: - --default-service-account={{ .Values.multitenancy.defaultServiceAccount | default "default" }} {{- end}} {{- if .Values.notificationController.create }} - - --events-addr=http://notification-controller.$(RUNTIME_NAMESPACE).svc.{{ .Values.clusterDomain | default "cluster.local" }}. + - --events-addr=http://notification-controller.$(RUNTIME_NAMESPACE).svc {{- end}} - --watch-all-namespaces={{ .Values.watchAllNamespaces }} - --log-level={{ .Values.logLevel | default "info" }} diff --git a/packages/core/fluxcd/charts/flux2/templates/source-controller.yaml b/packages/core/fluxcd/charts/flux2/templates/source-controller.yaml index 46c7cfe8..517b54bd 100644 --- a/packages/core/fluxcd/charts/flux2/templates/source-controller.yaml +++ b/packages/core/fluxcd/charts/flux2/templates/source-controller.yaml @@ -38,14 +38,14 @@ spec: containers: - args: {{- if .Values.notificationController.create }} - - --events-addr=http://notification-controller.$(RUNTIME_NAMESPACE).svc.{{ .Values.clusterDomain | default "cluster.local" }}. + - --events-addr=http://notification-controller.$(RUNTIME_NAMESPACE).svc {{- end}} - --watch-all-namespaces={{ .Values.watchAllNamespaces }} - --log-level={{ .Values.logLevel | default "info" }} - --log-encoding=json - --enable-leader-election - --storage-path=/data - - --storage-adv-addr=source-controller.$(RUNTIME_NAMESPACE).svc.{{ .Values.clusterDomain | default "cluster.local" }}. + - --storage-adv-addr=source-controller.$(RUNTIME_NAMESPACE).svc {{- range .Values.sourceController.container.additionalArgs }} - {{ . }} {{- end}} diff --git a/packages/core/installer/images/cozystack.json b/packages/core/installer/images/cozystack.json index ebbb5138..68f3bc54 100644 --- a/packages/core/installer/images/cozystack.json +++ b/packages/core/installer/images/cozystack.json @@ -1,4 +1,4 @@ { - "containerimage.config.digest": "sha256:dac122af1e85d9d668e0a0260d08bb80892f1087b09fb4a4ace2e568257889d2", - "containerimage.digest": "sha256:bc9029117d985748290b88839082b65b28aaa718b694ff686d6cf49971be424f" + "containerimage.config.digest": "sha256:8726af130b534d259ae28a92d84fb866df045765739a59146974d85554e5f188", + "containerimage.digest": "sha256:bc9109b0ed072ecbb143ea74edb9bf8a801b4903e0b849aeaa79488c4a9fb7f2" } \ No newline at end of file diff --git a/packages/core/installer/images/cozystack.tag b/packages/core/installer/images/cozystack.tag index ac4f6a03..27f181d5 100644 --- a/packages/core/installer/images/cozystack.tag +++ b/packages/core/installer/images/cozystack.tag @@ -1 +1 @@ -ghcr.io/aenix-io/cozystack/cozystack:v0.5.0 +ghcr.io/aenix-io/cozystack/cozystack:v0.6.0 diff --git a/packages/extra/Makefile b/packages/extra/Makefile index 6b3ff995..5586c59e 100644 --- a/packages/extra/Makefile +++ b/packages/extra/Makefile @@ -11,7 +11,7 @@ repo: rm -rf "$(TMP)" fix-chartnames: - find . -name Chart.yaml -maxdepth 2 | awk -F/ '{print $$2}' | while read i; do sed -i "s/^name: .*/name: $$i/" "$$i/Chart.yaml"; done + find . -maxdepth 2 -name Chart.yaml | awk -F/ '{print $$2}' | while read i; do sed -i "s/^name: .*/name: $$i/" "$$i/Chart.yaml"; done gen-versions-map: fix-chartnames ../../hack/gen_versions_map.sh diff --git a/packages/extra/etcd/Chart.yaml b/packages/extra/etcd/Chart.yaml index 54c171e1..76d426a9 100644 --- a/packages/extra/etcd/Chart.yaml +++ b/packages/extra/etcd/Chart.yaml @@ -3,4 +3,4 @@ name: etcd description: Storage for Kubernetes clusters icon: https://www.svgrepo.com/show/353714/etcd.svg type: application -version: 2.0.0 +version: 2.1.0 diff --git a/packages/extra/etcd/templates/etcd-cluster.yaml b/packages/extra/etcd/templates/etcd-cluster.yaml index a1f05c89..6edf5616 100644 --- a/packages/extra/etcd/templates/etcd-cluster.yaml +++ b/packages/extra/etcd/templates/etcd-cluster.yaml @@ -1,9 +1,23 @@ +{{- define "calculateQuotaBackendBytes" -}} +{{- $units := dict "Ki" 1024 "Mi" 1048576 "Gi" 1073741824 -}} +{{- $value := regexFind "[0-9.]+" . -}} +{{- $unit := regexFind "[a-zA-Z]+" . -}} +{{- $numericValue := float64 $value -}} +{{- $bytes := mulf $numericValue (index $units $unit) -}} +{{- $result := mulf $bytes 0.95 -}} +{{- printf "%.0f" $result -}} +{{- end -}} --- apiVersion: etcd.aenix.io/v1alpha1 kind: EtcdCluster metadata: name: etcd spec: + options: + quota-backend-bytes: {{ include "calculateQuotaBackendBytes" .Values.size | quote }} + auto-compaction-mode: "periodic" + auto-compaction-retention: "5m" + snapshot-count: "10000" replicas: {{ .Values.replicas }} storage: volumeClaimTemplate: diff --git a/packages/extra/etcd/templates/etcd-defrag.yaml b/packages/extra/etcd/templates/etcd-defrag.yaml new file mode 100644 index 00000000..21a8e514 --- /dev/null +++ b/packages/extra/etcd/templates/etcd-defrag.yaml @@ -0,0 +1,31 @@ +apiVersion: batch/v1 +kind: CronJob +metadata: + name: {{ .Release.Name }}-defrag +spec: + schedule: "0 * * * *" + successfulJobsHistoryLimit: 3 + jobTemplate: + spec: + template: + spec: + containers: + - name: etcd-defrag + image: ghcr.io/ahrtr/etcd-defrag:v0.13.0 + args: + - --endpoints={{ range $i, $e := until (int .Values.replicas) }}{{ if $i }},{{ end }}https://{{ $.Release.Name }}-{{ $i }}.{{ $.Release.Name }}-headless.{{ $.Release.Namespace }}.svc:2379{{ end }} + - --cacert=/etc/etcd/pki/client/cert/ca.crt + - --cert=/etc/etcd/pki/client/cert/tls.crt + - --key=/etc/etcd/pki/client/cert/tls.key + - --cluster + - --defrag-rule + - "dbQuotaUsage > 0.8 || dbSize - dbSizeInUse > 200*1024*1024" + volumeMounts: + - mountPath: /etc/etcd/pki/client/cert + name: client-certificate + readOnly: true + volumes: + - name: client-certificate + secret: + secretName: {{ .Release.Name }}-client-tls + restartPolicy: OnFailure diff --git a/packages/extra/versions_map b/packages/extra/versions_map index 551c0a11..6bc2b2f9 100644 --- a/packages/extra/versions_map +++ b/packages/extra/versions_map @@ -1,4 +1,6 @@ etcd 1.0.0 f7eaab0 -etcd 2.0.0 HEAD +etcd 2.0.0 a6d0f7cf +etcd 2.0.1 6fc1cc7d +etcd 2.1.0 HEAD ingress 1.0.0 HEAD monitoring 1.0.0 HEAD diff --git a/packages/system/Makefile b/packages/system/Makefile index 9162b1a4..e40b0bf1 100644 --- a/packages/system/Makefile +++ b/packages/system/Makefile @@ -9,4 +9,4 @@ repo: cd "$(OUT)" && helm repo index . fix-chartnames: - find . -name Chart.yaml -maxdepth 2 | awk -F/ '{print $$2}' | while read i; do sed -i "s/^name: .*/name: cozy-$$i/" "$$i/Chart.yaml"; done + find . -maxdepth 2 -name Chart.yaml | awk -F/ '{print $$2}' | while read i; do sed -i "s/^name: .*/name: cozy-$$i/" "$$i/Chart.yaml"; done diff --git a/packages/system/dashboard/Makefile b/packages/system/dashboard/Makefile index 7172288b..f7a66c71 100644 --- a/packages/system/dashboard/Makefile +++ b/packages/system/dashboard/Makefile @@ -14,6 +14,7 @@ update-chart: helm pull bitnami/kubeapps --untar --untardir charts rm -rf charts/kubeapps/charts/postgresql/ ln -s ../../images charts/kubeapps/images + sed -i 's/.cluster.local//g' charts/kubeapps/templates/kubeappsapis/deployment.yaml update-dockerfiles: tag=$$(git ls-remote --tags --sort="v:refname" https://github.com/vmware-tanzu/kubeapps | awk -F'[/^]' 'END{print $$3}') && \ diff --git a/packages/system/dashboard/charts/kubeapps/templates/kubeappsapis/deployment.yaml b/packages/system/dashboard/charts/kubeapps/templates/kubeappsapis/deployment.yaml index 61d6e603..5791a2f4 100644 --- a/packages/system/dashboard/charts/kubeapps/templates/kubeappsapis/deployment.yaml +++ b/packages/system/dashboard/charts/kubeapps/templates/kubeappsapis/deployment.yaml @@ -133,7 +133,7 @@ spec: # longer-term pass something to the plugins so that the plugins won't need to # know these details). Currently they're used directly by the flux plugin - name: REDIS_ADDR - value: {{ printf "%s-master.%s.svc.cluster.local:6379" (include "kubeapps.redis.fullname" .) .Release.Namespace }} + value: {{ printf "%s-master.%s.svc:6379" (include "kubeapps.redis.fullname" .) .Release.Namespace }} - name: REDIS_PASSWORD valueFrom: secretKeyRef: diff --git a/packages/system/kamaji/values.yaml b/packages/system/kamaji/values.yaml index 2ef13714..de677502 100644 --- a/packages/system/kamaji/values.yaml +++ b/packages/system/kamaji/values.yaml @@ -1,3 +1,8 @@ kamaji: etcd: deploy: false + + # Fix https://github.com/clastix/kamaji/pull/467 + image: + repository: ghcr.io/kvaps/test + tag: kamaji-v0.6.0-fix