github-personal/cozystack
1
0
Fork 0
mirror of https://github.com/outbackdingo/cozystack.git synced 2026-02-05 08:17:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #725 from cozystack/main

Browse Source 
Sync latest main version to proxmox intergation
This commit is contained in:
Marian Koreniuk
2025-03-29 22:49:07 +01:00
committed by GitHub
parent 22cf18ff0e 59aac50ebd
commit f1e60ce363
84 changed files with 897 additions and 229 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
packages/apps/http-cache/Chart.yaml
View File

@@ -16,7 +16,7 @@ type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.3.1
version: 0.4.0
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to

18
packages/apps/http-cache/README.md
View File

@@ -60,13 +60,17 @@ VTS module shows wrong upstream resonse time
### Common parameters
| Name | Description | Value |
| ------------------ | ----------------------------------------------- | ------- |
| `external` | Enable external access from outside the cluster | `false` |
| `size` | Persistent Volume size | `10Gi` |
| `storageClass` | StorageClass used to store the data | `""` |
| `haproxy.replicas` | Number of HAProxy replicas | `2` |
| `nginx.replicas` | Number of Nginx replicas | `2` |
| Name | Description | Value |
| ------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------- |
| `external` | Enable external access from outside the cluster | `false` |
| `size` | Persistent Volume size | `10Gi` |
| `storageClass` | StorageClass used to store the data | `""` |
| `haproxy.replicas` | Number of HAProxy replicas | `2` |
| `nginx.replicas` | Number of Nginx replicas | `2` |
| `haproxy.resources` | Resources | `{}` |
| `haproxy.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). | `nano` |
| `nginx.resources` | Resources | `{}` |
| `nginx.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). | `nano` |
### Configuration parameters

50
packages/apps/http-cache/templates/_resources.tpl Normal file
View File

@@ -0,0 +1,50 @@
{{/*
Copyright Broadcom, Inc. All Rights Reserved.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{/* vim: set filetype=mustache: */}}
{{/*
Return a resource request/limit object based on a given preset.
These presets are for basic testing and not meant to be used in production
{{ include "resources.preset" (dict "type" "nano") -}}
*/}}
{{- define "resources.preset" -}}
{{/* The limits are the requests increased by 50% (except ephemeral-storage and xlarge/2xlarge sizes)*/}}
{{- $presets := dict
"nano" (dict
"requests" (dict "cpu" "100m" "memory" "128Mi" "ephemeral-storage" "50Mi")
"limits" (dict "cpu" "150m" "memory" "192Mi" "ephemeral-storage" "2Gi")
)
"micro" (dict
"requests" (dict "cpu" "250m" "memory" "256Mi" "ephemeral-storage" "50Mi")
"limits" (dict "cpu" "375m" "memory" "384Mi" "ephemeral-storage" "2Gi")
)
"small" (dict
"requests" (dict "cpu" "500m" "memory" "512Mi" "ephemeral-storage" "50Mi")
"limits" (dict "cpu" "750m" "memory" "768Mi" "ephemeral-storage" "2Gi")
)
"medium" (dict
"requests" (dict "cpu" "500m" "memory" "1024Mi" "ephemeral-storage" "50Mi")
"limits" (dict "cpu" "750m" "memory" "1536Mi" "ephemeral-storage" "2Gi")
)
"large" (dict
"requests" (dict "cpu" "1.0" "memory" "2048Mi" "ephemeral-storage" "50Mi")
"limits" (dict "cpu" "1.5" "memory" "3072Mi" "ephemeral-storage" "2Gi")
)
"xlarge" (dict
"requests" (dict "cpu" "1.0" "memory" "3072Mi" "ephemeral-storage" "50Mi")
"limits" (dict "cpu" "3.0" "memory" "6144Mi" "ephemeral-storage" "2Gi")
)
"2xlarge" (dict
"requests" (dict "cpu" "1.0" "memory" "3072Mi" "ephemeral-storage" "50Mi")
"limits" (dict "cpu" "6.0" "memory" "12288Mi" "ephemeral-storage" "2Gi")
)
}}
{{- if hasKey $presets .type -}}
{{- index $presets .type | toYaml -}}
{{- else -}}
{{- printf "ERROR: Preset key '%s' invalid. Allowed values are %s" .type (join "," (keys $presets)) | fail -}}
{{- end -}}
{{- end -}}

5
packages/apps/http-cache/templates/haproxy/deployment.yaml
View File

@@ -33,6 +33,11 @@ spec:
containers:
- image: haproxy:latest
name: haproxy
{{- if .Values.haproxy.resources }}
resources: {{- toYaml .Values.haproxy.resources | nindent 10 }}
{{- else if ne .Values.haproxy.resourcesPreset "none" }}
resources: {{- include "resources.preset" (dict "type" .Values.haproxy.resourcesPreset "Release" .Release) | nindent 10 }}
{{- end }}
ports:
- containerPort: 8080
name: http

12
packages/apps/http-cache/templates/nginx/deployment.yaml
View File

@@ -52,6 +52,11 @@ spec:
shareProcessNamespace: true
containers:
- name: nginx
{{- if $.Values.nginx.resources }}
resources: {{- toYaml $.Values.nginx.resources | nindent 10 }}
{{- else if ne $.Values.nginx.resourcesPreset "none" }}
resources: {{- include "resources.preset" (dict "type" $.Values.nginx.resourcesPreset "Release" $.Release) | nindent 10 }}
{{- end }}
image: "{{ $.Files.Get "images/nginx-cache.tag" | trim }}"
readinessProbe:
httpGet:
@@ -83,6 +88,13 @@ spec:
- name: reloader
image: "{{ $.Files.Get "images/nginx-cache.tag" | trim }}"
command: ["/usr/bin/nginx-reloader.sh"]
resources:
limits:
cpu: 50m
memory: 50Mi
requests:
cpu: 50m
memory: 50Mi
#command: ["sleep", "infinity"]
volumeMounts:
- mountPath: /etc/nginx/nginx.conf

20
packages/apps/http-cache/values.schema.json
View File

@@ -24,6 +24,16 @@
"type": "number",
"description": "Number of HAProxy replicas",
"default": 2
},
"resources": {
"type": "object",
"description": "Resources",
"default": {}
},
"resourcesPreset": {
"type": "string",
"description": "Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production).",
"default": "nano"
}
}
},
@@ -34,6 +44,16 @@
"type": "number",
"description": "Number of Nginx replicas",
"default": 2
},
"resources": {
"type": "object",
"description": "Resources",
"default": {}
},
"resourcesPreset": {
"type": "string",
"description": "Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production).",
"default": "nano"
}
}
},

24
packages/apps/http-cache/values.yaml
View File

@@ -12,8 +12,32 @@ size: 10Gi
storageClass: ""
haproxy:
replicas: 2
## @param haproxy.resources Resources
resources: {}
# resources:
# limits:
# cpu: 4000m
# memory: 4Gi
# requests:
# cpu: 100m
# memory: 512Mi
## @param haproxy.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production).
resourcesPreset: "nano"
nginx:
replicas: 2
## @param nginx.resources Resources
resources: {}
# resources:
# limits:
# cpu: 4000m
# memory: 4Gi
# requests:
# cpu: 100m
# memory: 512Mi
## @param nginx.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production).
resourcesPreset: "nano"
## @section Configuration parameters

2
packages/apps/kafka/Chart.yaml
View File

@@ -16,7 +16,7 @@ type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.4.0
version: 0.5.0
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to

30
packages/apps/kafka/README.md
View File

@@ -4,20 +4,22 @@
### Common parameters
| Name | Description | Value |
| ------------------------ | ----------------------------------------------- | ------- |
| `external` | Enable external access from outside the cluster | `false` |
| `kafka.size` | Persistent Volume size for Kafka | `10Gi` |
| `kafka.replicas` | Number of Kafka replicas | `3` |
| `kafka.storageClass` | StorageClass used to store the Kafka data | `""` |
| `zookeeper.size` | Persistent Volume size for ZooKeeper | `5Gi` |
| `zookeeper.replicas` | Number of ZooKeeper replicas | `3` |
| `zookeeper.storageClass` | StorageClass used to store the ZooKeeper data | `""` |
| Name | Description | Value |
| --------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------- |
| `external` | Enable external access from outside the cluster | `false` |
| `kafka.size` | Persistent Volume size for Kafka | `10Gi` |
| `kafka.replicas` | Number of Kafka replicas | `3` |
| `kafka.storageClass` | StorageClass used to store the Kafka data | `""` |
| `zookeeper.size` | Persistent Volume size for ZooKeeper | `5Gi` |
| `zookeeper.replicas` | Number of ZooKeeper replicas | `3` |
| `zookeeper.storageClass` | StorageClass used to store the ZooKeeper data | `""` |
| `kafka.resources` | Resources | `{}` |
| `kafka.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). | `nano` |
| `zookeeper.resources` | Resources | `{}` |
| `zookeeper.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). | `nano` |
### Configuration parameters
| Name | Description | Value |
| ----------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------ |
| `topics` | Topics configuration | `[]` |
| `resources` | Resources | `{}` |
| `resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). | `nano` |
| Name | Description | Value |
| -------- | -------------------- | ----- |
| `topics` | Topics configuration | `[]` |

13
packages/apps/kafka/templates/kafka.yaml
View File

@@ -8,10 +8,10 @@ metadata:
spec:
kafka:
replicas: {{ .Values.kafka.replicas }}
{{- if .Values.resources }}
resources: {{- toYaml .Values.resources | nindent 6 }}
{{- else if ne .Values.resourcesPreset "none" }}
resources: {{- include "resources.preset" (dict "type" .Values.resourcesPreset "Release" .Release) | nindent 6 }}
{{- if .Values.kafka.resources }}
resources: {{- toYaml .Values.kafka.resources | nindent 6 }}
{{- else if ne .Values.kafka.resourcesPreset "none" }}
resources: {{- include "resources.preset" (dict "type" .Values.kafka.resourcesPreset "Release" .Release) | nindent 6 }}
{{- end }}
listeners:
- name: plain
@@ -70,6 +70,11 @@ spec:
key: kafka-metrics-config.yml
zookeeper:
replicas: {{ .Values.zookeeper.replicas }}
{{- if .Values.zookeeper.resources }}
resources: {{- toYaml .Values.zookeeper.resources | nindent 6 }}
{{- else if ne .Values.zookeeper.resourcesPreset "none" }}
resources: {{- include "resources.preset" (dict "type" .Values.zookeeper.resourcesPreset "Release" .Release) | nindent 6 }}
{{- end }}
storage:
type: persistent-claim
{{- with .Values.zookeeper.size }}

30
packages/apps/kafka/values.schema.json
View File

@@ -24,6 +24,16 @@
"type": "string",
"description": "StorageClass used to store the Kafka data",
"default": ""
},
"resources": {
"type": "object",
"description": "Resources",
"default": {}
},
"resourcesPreset": {
"type": "string",
"description": "Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production).",
"default": "nano"
}
}
},
@@ -44,6 +54,16 @@
"type": "string",
"description": "StorageClass used to store the ZooKeeper data",
"default": ""
},
"resources": {
"type": "object",
"description": "Resources",
"default": {}
},
"resourcesPreset": {
"type": "string",
"description": "Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production).",
"default": "nano"
}
}
},
@@ -52,16 +72,6 @@
"description": "Topics configuration",
"default": [],
"items": {}
},
"resources": {
"type": "object",
"description": "Resources",
"default": {}
},
"resourcesPreset": {
"type": "string",
"description": "Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production).",
"default": "nano"
}
}
}

38
packages/apps/kafka/values.yaml
View File

@@ -14,10 +14,35 @@ kafka:
size: 10Gi
replicas: 3
storageClass: ""
## @param kafka.resources Resources
resources: {}
# resources:
# limits:
# cpu: 4000m
# memory: 4Gi
# requests:
# cpu: 100m
# memory: 512Mi
## @param kafka.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production).
resourcesPreset: "nano"
zookeeper:
size: 5Gi
replicas: 3
storageClass: ""
## @param zookeeper.resources Resources
resources: {}
# resources:
# limits:
# cpu: 4000m
# memory: 4Gi
# requests:
# cpu: 100m
# memory: 512Mi
## @param zookeeper.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production).
resourcesPreset: "nano"
## @section Configuration parameters
@@ -39,16 +64,3 @@ zookeeper:
## replicas: 3
##
topics: []
## @param resources Resources
resources: {}
# resources:
# limits:
# cpu: 4000m
# memory: 4Gi
# requests:
# cpu: 100m
# memory: 512Mi
## @param resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production).
resourcesPreset: "nano"

2
packages/apps/kubernetes/Chart.yaml
View File

@@ -16,7 +16,7 @@ type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.15.2
version: 0.17.0
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to

50
packages/apps/kubernetes/templates/_resources.tpl Normal file
View File

@@ -0,0 +1,50 @@
{{/*
Copyright Broadcom, Inc. All Rights Reserved.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{/* vim: set filetype=mustache: */}}
{{/*
Return a resource request/limit object based on a given preset.
These presets are for basic testing and not meant to be used in production
{{ include "resources.preset" (dict "type" "nano") -}}
*/}}
{{- define "resources.preset" -}}
{{/* The limits are the requests increased by 50% (except ephemeral-storage and xlarge/2xlarge sizes)*/}}
{{- $presets := dict
"nano" (dict
"requests" (dict "cpu" "100m" "memory" "128Mi" "ephemeral-storage" "50Mi")
"limits" (dict "cpu" "150m" "memory" "192Mi" "ephemeral-storage" "2Gi")
)
"micro" (dict
"requests" (dict "cpu" "250m" "memory" "256Mi" "ephemeral-storage" "50Mi")
"limits" (dict "cpu" "375m" "memory" "384Mi" "ephemeral-storage" "2Gi")
)
"small" (dict
"requests" (dict "cpu" "500m" "memory" "512Mi" "ephemeral-storage" "50Mi")
"limits" (dict "cpu" "750m" "memory" "768Mi" "ephemeral-storage" "2Gi")
)
"medium" (dict
"requests" (dict "cpu" "500m" "memory" "1024Mi" "ephemeral-storage" "50Mi")
"limits" (dict "cpu" "750m" "memory" "1536Mi" "ephemeral-storage" "2Gi")
)
"large" (dict
"requests" (dict "cpu" "1.0" "memory" "2048Mi" "ephemeral-storage" "50Mi")
"limits" (dict "cpu" "1.5" "memory" "3072Mi" "ephemeral-storage" "2Gi")
)
"xlarge" (dict
"requests" (dict "cpu" "1.0" "memory" "3072Mi" "ephemeral-storage" "50Mi")
"limits" (dict "cpu" "3.0" "memory" "6144Mi" "ephemeral-storage" "2Gi")
)
"2xlarge" (dict
"requests" (dict "cpu" "1.0" "memory" "3072Mi" "ephemeral-storage" "50Mi")
"limits" (dict "cpu" "6.0" "memory" "12288Mi" "ephemeral-storage" "2Gi")
)
}}
{{- if hasKey $presets .type -}}
{{- index $presets .type | toYaml -}}
{{- else -}}
{{- printf "ERROR: Preset key '%s' invalid. Allowed values are %s" .type (join "," (keys $presets)) | fail -}}
{{- end -}}
{{- end -}}

7
packages/apps/kubernetes/templates/cluster-autoscaler/deployment.yaml
View File

@@ -26,6 +26,13 @@ spec:
containers:
- image: "{{ $.Files.Get "images/cluster-autoscaler.tag" | trim }}"
name: cluster-autoscaler
resources:
limits:
cpu: 512m
memory: 512Mi
requests:
cpu: 125m
memory: 128Mi
command:
- /cluster-autoscaler
args:

27
packages/apps/kubernetes/templates/cluster.yaml
View File

@@ -102,12 +102,37 @@ metadata:
annotations:
kamaji.clastix.io/kubeconfig-secret-key: "super-admin.svc"
spec:
apiServer:
{{- if .Values.kamajiControlPlane.apiServer.resources }}
resources: {{- toYaml .Values.kamajiControlPlane.apiServer.resources | nindent 6 }}
{{- else if ne .Values.kamajiControlPlane.apiServer.resourcesPreset "none" }}
resources: {{- include "resources.preset" (dict "type" .Values.kamajiControlPlane.apiServer.resourcesPreset "Release" .Release) | nindent 6 }}
{{- end }}
controllerManager:
{{- if .Values.kamajiControlPlane.controllerManager.resources }}
resources: {{- toYaml .Values.kamajiControlPlane.controllerManager.resources | nindent 6 }}
{{- else if ne .Values.kamajiControlPlane.controllerManager.resourcesPreset "none" }}
resources: {{- include "resources.preset" (dict "type" .Values.kamajiControlPlane.controllerManager.resourcesPreset "Release" .Release) | nindent 6 }}
{{- end }}
scheduler:
{{- if .Values.kamajiControlPlane.scheduler.resources }}
resources: {{- toYaml .Values.kamajiControlPlane.scheduler.resources | nindent 6 }}
{{- else if ne .Values.kamajiControlPlane.scheduler.resourcesPreset "none" }}
resources: {{- include "resources.preset" (dict "type" .Values.kamajiControlPlane.scheduler.resourcesPreset "Release" .Release) | nindent 6 }}
{{- end }}
dataStoreName: "{{ $etcd }}"
addons:
coreDNS:
dnsServiceIPs:
- 10.95.0.10
konnectivity: {}
konnectivity:
server:
port: 8132
{{- if .Values.kamajiControlPlane.addons.konnectivity.server.resources }}
resources: {{- toYaml .Values.kamajiControlPlane.addons.konnectivity.server.resources | nindent 10 }}
{{- else if ne .Values.kamajiControlPlane.addons.konnectivity.server.resourcesPreset "none" }}
resources: {{- include "resources.preset" (dict "type" .Values.kamajiControlPlane.addons.konnectivity.server.resourcesPreset "Release" .Release) | nindent 10 }}
{{- end }}
kubelet:
cgroupfs: systemd
preferredAddressTypes:

28
packages/apps/kubernetes/templates/csi/deploy.yaml
View File

@@ -63,11 +63,21 @@ spec:
mountPath: /etc/kubernetes/kubeconfig
readOnly: true
resources:
limits:
cpu: 512m
memory: 512Mi
requests:
memory: 50Mi
cpu: 10m
cpu: 125m
memory: 128Mi
- name: csi-provisioner
image: quay.io/openshift/origin-csi-external-provisioner:latest
resources:
limits:
cpu: 512m
memory: 512Mi
requests:
cpu: 125m
memory: 128Mi
args:
- "--csi-address=$(ADDRESS)"
- "--default-fstype=ext4"
@@ -102,9 +112,12 @@ spec:
mountPath: /etc/kubernetes/kubeconfig
readOnly: true
resources:
limits:
cpu: 512m
memory: 512Mi
requests:
memory: 50Mi
cpu: 10m
cpu: 125m
memory: 128Mi
- name: csi-liveness-probe
image: quay.io/openshift/origin-csi-livenessprobe:latest
args:
@@ -115,9 +128,12 @@ spec:
- name: socket-dir
mountPath: /csi
resources:
limits:
cpu: 512m
memory: 512Mi
requests:
memory: 50Mi
cpu: 10m
cpu: 125m
memory: 128Mi
volumes:
- name: socket-dir
emptyDir: {}

3
packages/apps/kubernetes/templates/helmreleases/cert-manager-crds.yaml
View File

@@ -18,7 +18,8 @@ spec:
namespace: cozy-system
kubeConfig:
secretRef:
name: {{ .Release.Name }}-kubeconfig
name: {{ .Release.Name }}-admin-kubeconfig
key: super-admin.svc
targetNamespace: cozy-cert-manager-crds
storageNamespace: cozy-cert-manager-crds
install:

3
packages/apps/kubernetes/templates/helmreleases/cert-manager.yaml
View File

@@ -19,7 +19,8 @@ spec:
namespace: cozy-system
kubeConfig:
secretRef:
name: {{ .Release.Name }}-kubeconfig
name: {{ .Release.Name }}-admin-kubeconfig
key: super-admin.svc
targetNamespace: cozy-cert-manager
storageNamespace: cozy-cert-manager
install:

3
packages/apps/kubernetes/templates/helmreleases/cilium.yaml
View File

@@ -18,7 +18,8 @@ spec:
namespace: cozy-system
kubeConfig:
secretRef:
name: {{ .Release.Name }}-kubeconfig
name: {{ .Release.Name }}-admin-kubeconfig
key: super-admin.svc
targetNamespace: cozy-cilium
storageNamespace: cozy-cilium
install:

3
packages/apps/kubernetes/templates/helmreleases/csi.yaml
View File

@@ -18,7 +18,8 @@ spec:
namespace: cozy-system
kubeConfig:
secretRef:
name: {{ .Release.Name }}-kubeconfig
name: {{ .Release.Name }}-admin-kubeconfig
key: super-admin.svc
targetNamespace: cozy-csi
storageNamespace: cozy-csi
install:

3
packages/apps/kubernetes/templates/helmreleases/fluxcd.yaml
View File

@@ -19,7 +19,8 @@ spec:
namespace: cozy-system
kubeConfig:
secretRef:
name: {{ .Release.Name }}-kubeconfig
name: {{ .Release.Name }}-admin-kubeconfig
key: super-admin.svc
targetNamespace: cozy-fluxcd
storageNamespace: cozy-fluxcd
install:

3
packages/apps/kubernetes/templates/helmreleases/ingress-nginx.yaml
View File

@@ -19,7 +19,8 @@ spec:
namespace: cozy-system
kubeConfig:
secretRef:
name: {{ .Release.Name }}-kubeconfig
name: {{ .Release.Name }}-admin-kubeconfig
key: super-admin.svc
targetNamespace: cozy-ingress-nginx
storageNamespace: cozy-ingress-nginx
install:

3
packages/apps/kubernetes/templates/helmreleases/monitoring-agents.yaml
View File

@@ -21,7 +21,8 @@ spec:
namespace: cozy-system
kubeConfig:
secretRef:
name: {{ .Release.Name }}-kubeconfig
name: {{ .Release.Name }}-admin-kubeconfig
key: super-admin.svc
targetNamespace: cozy-monitoring-agents
storageNamespace: cozy-monitoring-agents
install:

3
packages/apps/kubernetes/templates/helmreleases/victoria-metrics-operator.yaml
View File

@@ -19,7 +19,8 @@ spec:
namespace: cozy-system
kubeConfig:
secretRef:
name: {{ .Release.Name }}-kubeconfig
name: {{ .Release.Name }}-admin-kubeconfig
key: super-admin.svc
targetNamespace: cozy-victoria-metrics-operator
storageNamespace: cozy-victoria-metrics-operator
install:

6
packages/apps/kubernetes/templates/kccm/manager.yaml
View File

@@ -36,8 +36,12 @@ spec:
#securityContext:
# privileged: true
resources:
limits:
cpu: 512m
memory: 512Mi
requests:
cpu: 100m
cpu: 125m
memory: 128Mi
volumeMounts:
- mountPath: /etc/kubernetes/kubeconfig
name: kubeconfig

60
packages/apps/kubernetes/values.yaml
View File

@@ -69,3 +69,63 @@ addons:
##
enabled: false
valuesOverride: {}
## @section Kamaji control plane
##
kamajiControlPlane:
apiServer:
## @param kamajiControlPlane.apiServer.resources Resources
resources: {}
# resources:
# limits:
# cpu: 4000m
# memory: 4Gi
# requests:
# cpu: 100m
# memory: 512Mi
## @param kamajiControlPlane.apiServer.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production).
resourcesPreset: "micro"
controllerManager:
## @param kamajiControlPlane.controllerManager.resources Resources
resources: {}
# resources:
# limits:
# cpu: 4000m
# memory: 4Gi
# requests:
# cpu: 100m
# memory: 512Mi
## @param kamajiControlPlane.controllerManager.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production).
resourcesPreset: "micro"
scheduler:
## @param kamajiControlPlane.scheduler.resources Resources
resources: {}
# resources:
# limits:
# cpu: 4000m
# memory: 4Gi
# requests:
# cpu: 100m
# memory: 512Mi
## @param kamajiControlPlane.scheduler.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production).
resourcesPreset: "micro"
addons:
konnectivity:
server:
## @param kamajiControlPlane.addons.konnectivity.server.resources Resources
resources: {}
# resources:
# limits:
# cpu: 4000m
# memory: 4Gi
# requests:
# cpu: 100m
# memory: 512Mi
## @param kamajiControlPlane.addons.konnectivity.server.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production).
resourcesPreset: "micro"

2
packages/apps/tcp-balancer/Chart.yaml
View File

@@ -16,7 +16,7 @@ type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.2.0
version: 0.3.0
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to

18
packages/apps/tcp-balancer/README.md
View File

@@ -19,11 +19,13 @@ Managed TCP Load Balancer Service efficiently utilizes HAProxy for load balancin
### Configuration parameters
| Name | Description | Value |
| -------------------------------- | ------------------------------------------------------------- | ------- |
| `httpAndHttps.mode` | Mode for balancer. Allowed values: `tcp` and `tcp-with-proxy` | `tcp` |
| `httpAndHttps.targetPorts.http` | HTTP port number. | `80` |
| `httpAndHttps.targetPorts.https` | HTTPS port number. | `443` |
| `httpAndHttps.endpoints` | Endpoint addresses list | `[]` |
| `whitelistHTTP` | Secure HTTP by enabling client networks whitelisting | `false` |
| `whitelist` | List of client networks | `[]` |
| Name | Description | Value |
| -------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------- |
| `httpAndHttps.mode` | Mode for balancer. Allowed values: `tcp` and `tcp-with-proxy` | `tcp` |
| `httpAndHttps.targetPorts.http` | HTTP port number. | `80` |
| `httpAndHttps.targetPorts.https` | HTTPS port number. | `443` |
| `httpAndHttps.endpoints` | Endpoint addresses list | `[]` |
| `whitelistHTTP` | Secure HTTP by enabling client networks whitelisting | `false` |
| `whitelist` | List of client networks | `[]` |
| `resources` | Resources | `{}` |
| `resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). | `nano` |

50
packages/apps/tcp-balancer/templates/_resources.tpl Normal file
View File

@@ -0,0 +1,50 @@
{{/*
Copyright Broadcom, Inc. All Rights Reserved.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{/* vim: set filetype=mustache: */}}
{{/*
Return a resource request/limit object based on a given preset.
These presets are for basic testing and not meant to be used in production
{{ include "resources.preset" (dict "type" "nano") -}}
*/}}
{{- define "resources.preset" -}}
{{/* The limits are the requests increased by 50% (except ephemeral-storage and xlarge/2xlarge sizes)*/}}
{{- $presets := dict
"nano" (dict
"requests" (dict "cpu" "100m" "memory" "128Mi" "ephemeral-storage" "50Mi")
"limits" (dict "cpu" "150m" "memory" "192Mi" "ephemeral-storage" "2Gi")
)
"micro" (dict
"requests" (dict "cpu" "250m" "memory" "256Mi" "ephemeral-storage" "50Mi")
"limits" (dict "cpu" "375m" "memory" "384Mi" "ephemeral-storage" "2Gi")
)
"small" (dict
"requests" (dict "cpu" "500m" "memory" "512Mi" "ephemeral-storage" "50Mi")
"limits" (dict "cpu" "750m" "memory" "768Mi" "ephemeral-storage" "2Gi")
)
"medium" (dict
"requests" (dict "cpu" "500m" "memory" "1024Mi" "ephemeral-storage" "50Mi")
"limits" (dict "cpu" "750m" "memory" "1536Mi" "ephemeral-storage" "2Gi")
)
"large" (dict
"requests" (dict "cpu" "1.0" "memory" "2048Mi" "ephemeral-storage" "50Mi")
"limits" (dict "cpu" "1.5" "memory" "3072Mi" "ephemeral-storage" "2Gi")
)
"xlarge" (dict
"requests" (dict "cpu" "1.0" "memory" "3072Mi" "ephemeral-storage" "50Mi")
"limits" (dict "cpu" "3.0" "memory" "6144Mi" "ephemeral-storage" "2Gi")
)
"2xlarge" (dict
"requests" (dict "cpu" "1.0" "memory" "3072Mi" "ephemeral-storage" "50Mi")
"limits" (dict "cpu" "6.0" "memory" "12288Mi" "ephemeral-storage" "2Gi")
)
}}
{{- if hasKey $presets .type -}}
{{- index $presets .type | toYaml -}}
{{- else -}}
{{- printf "ERROR: Preset key '%s' invalid. Allowed values are %s" .type (join "," (keys $presets)) | fail -}}
{{- end -}}
{{- end -}}

5
packages/apps/tcp-balancer/templates/deployment.yaml
View File

@@ -33,6 +33,11 @@ spec:
containers:
- image: haproxy:latest
name: haproxy
{{- if .Values.resources }}
resources: {{- toYaml .Values.resources | nindent 10 }}
{{- else if ne .Values.resourcesPreset "none" }}
resources: {{- include "resources.preset" (dict "type" .Values.resourcesPreset "Release" .Release) | nindent 10 }}
{{- end }}
ports:
{{- with .Values.httpAndHttps }}
- containerPort: 8080

10
packages/apps/tcp-balancer/values.schema.json
View File

@@ -57,6 +57,16 @@
"description": "List of client networks",
"default": [],
"items": {}
},
"resources": {
"type": "object",
"description": "Resources",
"default": {}
},
"resourcesPreset": {
"type": "string",
"description": "Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production).",
"default": "nano"
}
}
}

13
packages/apps/tcp-balancer/values.yaml
View File

@@ -43,3 +43,16 @@ httpAndHttps:
##
whitelistHTTP: false
whitelist: []
## @param resources Resources
resources: {}
# resources:
# limits:
# cpu: 4000m
# memory: 4Gi
# requests:
# cpu: 100m
# memory: 512Mi
## @param resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production).
resourcesPreset: "nano"

2
packages/apps/tenant/Chart.yaml
View File

@@ -4,4 +4,4 @@ description: Separated tenant namespace
icon: /logos/tenant.svg
type: application
version: 1.9.0
version: 1.9.1

1
packages/apps/tenant/templates/namespace.yaml
View File

@@ -41,6 +41,7 @@ metadata:
{{- end }}
{{- end }}
{{- include "cozystack.namespace-anotations" (list $ $existingNS) | nindent 4 }}
alpha.kubevirt.io/auto-memory-limits-ratio: "1.0"
ownerReferences:
- apiVersion: v1
blockOwnerDeletion: true

19
packages/apps/versions_map
View File

@@ -20,7 +20,8 @@ ferretdb 0.5.0 HEAD
http-cache 0.1.0 a956713
http-cache 0.2.0 5ca8823
http-cache 0.3.0 fab5940
http-cache 0.3.1 HEAD
http-cache 0.3.1 fab5940b
http-cache 0.4.0 HEAD
kafka 0.1.0 760f86d2
kafka 0.2.0 a2cc83d
kafka 0.2.1 3ac17018
@@ -30,7 +31,8 @@ kafka 0.3.0 c07c4bbd
kafka 0.3.1 b7375f73
kafka 0.3.2 b75aaf17
kafka 0.3.3 425ce77f
kafka 0.4.0 HEAD
kafka 0.4.0 0e10f952
kafka 0.5.0 HEAD
kubernetes 0.1.0 f642698
kubernetes 0.2.0 7cd7de73
kubernetes 0.3.0 7caccec1
@@ -52,7 +54,9 @@ kubernetes 0.14.0 bfbde07c
kubernetes 0.14.1 fde4bcfa
kubernetes 0.15.0 cb7b8158
kubernetes 0.15.1 43e593c7
kubernetes 0.15.2 HEAD
kubernetes 0.15.2 43e593c7
kubernetes 0.16.0 3d03b227
kubernetes 0.17.0 HEAD
mysql 0.1.0 f642698
mysql 0.2.0 8b975ff0
mysql 0.3.0 5ca8823
@@ -100,7 +104,8 @@ redis 0.4.0 abc8f082
redis 0.5.0 0e728870
redis 0.6.0 HEAD
tcp-balancer 0.1.0 f642698
tcp-balancer 0.2.0 HEAD
tcp-balancer 0.2.0 a9567139
tcp-balancer 0.3.0 HEAD
tenant 0.1.3 3d1b86c
tenant 0.1.4 d200480
tenant 0.1.5 e3ab858
@@ -122,7 +127,8 @@ tenant 1.6.7 06afcf27
tenant 1.6.8 4cc48e6f
tenant 1.7.0 6c73e3f3
tenant 1.8.0 e2369ba
tenant 1.9.0 HEAD
tenant 1.9.0 43e593c7
tenant 1.9.1 HEAD
virtual-machine 0.1.4 f2015d6
virtual-machine 0.1.5 7cd7de7
virtual-machine 0.2.0 5ca8823
@@ -147,4 +153,5 @@ vm-instance 0.5.1 HEAD
vpn 0.1.0 f642698
vpn 0.2.0 7151424
vpn 0.3.0 a2bcf100
vpn 0.3.1 HEAD
vpn 0.3.1 f7220f19
vpn 0.4.0 HEAD

2
packages/apps/vpn/Chart.yaml
View File

@@ -16,7 +16,7 @@ type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.3.1
version: 0.4.0
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to

12
packages/apps/vpn/README.md
View File

@@ -22,8 +22,10 @@ The VPN Service is powered by the Outline Server, an advanced and user-friendly
### Configuration parameters
| Name | Description | Value |
| ------------- | ------------------------------------------- | ----- |
| `host` | Host used to substitute into generated URLs | `""` |
| `users` | Users configuration | `{}` |
| `externalIPs` | List of externalIPs for service. | `[]` |
| Name | Description | Value |
| ----------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------ |
| `host` | Host used to substitute into generated URLs | `""` |
| `users` | Users configuration | `{}` |
| `externalIPs` | List of externalIPs for service. | `[]` |
| `resources` | Resources | `{}` |
| `resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). | `nano` |

50
packages/apps/vpn/templates/_resources.tpl Normal file
View File

@@ -0,0 +1,50 @@
{{/*
Copyright Broadcom, Inc. All Rights Reserved.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{/* vim: set filetype=mustache: */}}
{{/*
Return a resource request/limit object based on a given preset.
These presets are for basic testing and not meant to be used in production
{{ include "resources.preset" (dict "type" "nano") -}}
*/}}
{{- define "resources.preset" -}}
{{/* The limits are the requests increased by 50% (except ephemeral-storage and xlarge/2xlarge sizes)*/}}
{{- $presets := dict
"nano" (dict
"requests" (dict "cpu" "100m" "memory" "128Mi" "ephemeral-storage" "50Mi")
"limits" (dict "cpu" "150m" "memory" "192Mi" "ephemeral-storage" "2Gi")
)
"micro" (dict
"requests" (dict "cpu" "250m" "memory" "256Mi" "ephemeral-storage" "50Mi")
"limits" (dict "cpu" "375m" "memory" "384Mi" "ephemeral-storage" "2Gi")
)
"small" (dict
"requests" (dict "cpu" "500m" "memory" "512Mi" "ephemeral-storage" "50Mi")
"limits" (dict "cpu" "750m" "memory" "768Mi" "ephemeral-storage" "2Gi")
)
"medium" (dict
"requests" (dict "cpu" "500m" "memory" "1024Mi" "ephemeral-storage" "50Mi")
"limits" (dict "cpu" "750m" "memory" "1536Mi" "ephemeral-storage" "2Gi")
)
"large" (dict
"requests" (dict "cpu" "1.0" "memory" "2048Mi" "ephemeral-storage" "50Mi")
"limits" (dict "cpu" "1.5" "memory" "3072Mi" "ephemeral-storage" "2Gi")
)
"xlarge" (dict
"requests" (dict "cpu" "1.0" "memory" "3072Mi" "ephemeral-storage" "50Mi")
"limits" (dict "cpu" "3.0" "memory" "6144Mi" "ephemeral-storage" "2Gi")
)
"2xlarge" (dict
"requests" (dict "cpu" "1.0" "memory" "3072Mi" "ephemeral-storage" "50Mi")
"limits" (dict "cpu" "6.0" "memory" "12288Mi" "ephemeral-storage" "2Gi")
)
}}
{{- if hasKey $presets .type -}}
{{- index $presets .type | toYaml -}}
{{- else -}}
{{- printf "ERROR: Preset key '%s' invalid. Allowed values are %s" .type (join "," (keys $presets)) | fail -}}
{{- end -}}
{{- end -}}

5
packages/apps/vpn/templates/deployment.yaml
View File

@@ -42,6 +42,11 @@ spec:
containers:
- name: outline-vpn
image: quay.io/outline/shadowbox:stable
{{- if .Values.resources }}
resources: {{- toYaml .Values.resources | nindent 10 }}
{{- else if ne .Values.resourcesPreset "none" }}
resources: {{- include "resources.preset" (dict "type" .Values.resourcesPreset "Release" .Release) | nindent 10 }}
{{- end }}
ports:
- containerPort: 40000
protocol: TCP

10
packages/apps/vpn/values.schema.json
View File

@@ -24,6 +24,16 @@
"items": {
"type": "string"
}
},
"resources": {
"type": "object",
"description": "Resources",
"default": {}
},
"resourcesPreset": {
"type": "string",
"description": "Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production).",
"default": "nano"
}
}
}

13
packages/apps/vpn/values.yaml
View File

@@ -29,3 +29,16 @@ users: {}
## - "11.22.33.46"
##
externalIPs: []
## @param resources Resources
resources: {}
# resources:
# limits:
# cpu: 4000m
# memory: 4Gi
# requests:
# cpu: 100m
# memory: 512Mi
## @param resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production).
resourcesPreset: "nano"

2
packages/core/platform/bundles/paas-full.yaml
View File

@@ -205,7 +205,7 @@ releases:
releaseName: piraeus-operator
chart: cozy-piraeus-operator
namespace: cozy-linstor
dependsOn: [cilium,kubeovn,cert-manager]
dependsOn: [cilium,kubeovn,cert-manager,victoria-metrics-operator]
- name: linstor
releaseName: linstor

2
packages/extra/etcd/Chart.yaml
View File

@@ -3,4 +3,4 @@ name: etcd
description: Storage for Kubernetes clusters
icon: /logos/etcd.svg
type: application
version: 2.6.1
version: 2.7.0

3
packages/extra/etcd/templates/etcd-cluster.yaml
View File

@@ -46,6 +46,9 @@ spec:
- name: metrics
containerPort: 2381
protocol: TCP
{{- with .Values.resources }}
resources: {{- toYaml . | nindent 10 }}
{{- end }}
topologySpreadConstraints:
- maxSkew: 1
topologyKey: "kubernetes.io/hostname"

9
packages/extra/etcd/values.yaml
View File

@@ -7,3 +7,12 @@
size: 4Gi
storageClass: ""
replicas: 3
## @param resources Resources
resources:
limits:
cpu: 1000m
memory: 1Gi
requests:
cpu: 100m
memory: 512Mi

2
packages/extra/monitoring/Chart.yaml
View File

@@ -3,4 +3,4 @@ name: monitoring
description: Monitoring and observability stack
icon: /logos/monitoring.svg
type: application
version: 1.9.0
version: 1.9.1

7
packages/extra/monitoring/templates/alerta/alerta-db.yaml
View File

@@ -17,6 +17,13 @@ spec:
{{- with .Values.alerta.storageClassName }}
storageClass: {{ . }}
{{- end }}
resources:
limits:
cpu: "1"
memory: 2048Mi
requests:
cpu: 100m
memory: 512Mi
monitoring:
enablePodMonitor: true

1
packages/extra/monitoring/templates/alerta/alerta.yaml
View File

@@ -77,6 +77,7 @@ spec:
- name: alerta
image: "alerta/alerta-web:9.0.4"
imagePullPolicy: IfNotPresent
resources: {{- toYaml .Values.alerta.resources | nindent 12 }}
env:
- name: ADMIN_USERS
valueFrom:

8
packages/extra/monitoring/templates/grafana/db.yaml
View File

@@ -15,7 +15,13 @@ spec:
{{- end }}
monitoring:
enablePodMonitor: true
resources:
limits:
cpu: "1"
memory: 2048Mi
requests:
cpu: 100m
memory: 512Mi
inheritedMetadata:
labels:
policy.cozystack.io/allow-to-apiserver: "true"

1
packages/extra/monitoring/templates/grafana/grafana.yaml
View File

@@ -38,6 +38,7 @@ spec:
spec:
containers:
- name: grafana
resources: {{- toYaml .Values.grafana.resources | nindent 16 }}
image: "{{ $.Files.Get "images/grafana.tag" | trim }}"
securityContext:
allowPrivilegeEscalation: false

31
packages/extra/monitoring/templates/vm/vmcluster.yaml
View File

@@ -13,27 +13,10 @@ spec:
# it's usually more than default 30
maxLabelsPerTimeseries: "60"
replicaCount: 2
resources:
limits:
{{- with . | dig "vminsert" "resources" "limits" "cpu" nil }}
cpu: {{ . | quote }}
{{- end }}
memory: {{ . | dig "vminsert" "resources" "limits" "memory" "1000Mi" }}
requests:
cpu: {{ . | dig "vminsert" "resources" "requests" "cpu" "500m" }}
memory: {{ . | dig "vminsert" "resources" "requests" "memory" "500Mi" }}
resources: {}
vmselect:
replicaCount: 2
resources:
limits:
# if we don't set the cpu limit, victoriametrics-operator will set 500m here, which is ridiculous small
# see internal/config/config.go in victoriametrics-operator
# 2 vcpu is the bare minimum for **single** Grafana user
cpu: {{ . | dig "vmselect" "resources" "limits" "cpu" "2000m" }}
memory: {{ . | dig "vmselect" "resources" "limits" "memory" "1000Mi" }}
requests:
cpu: {{ . | dig "vmselect" "resources" "requests" "cpu" "500m" }}
memory: {{ . | dig "vmselect" "resources" "requests" "memory" "500Mi" }}
resources: {}
extraArgs:
search.maxUniqueTimeseries: "600000"
vmalert.proxyURL: http://vmalert-{{ .name }}.{{ $.Release.Namespace }}.svc:8080
@@ -50,15 +33,7 @@ spec:
storage: 2Gi
vmstorage:
replicaCount: 2
resources:
limits:
{{- with . | dig "vmstorage" "resources" "limits" "cpu" nil }}
cpu: {{ . | quote }}
{{- end }}
memory: {{ . | dig "vmstorage" "resources" "limits" "memory" "2048Mi" }}
requests:
cpu: {{ . | dig "vmstorage" "resources" "requests" "cpu" "100m" }}
memory: {{ . | dig "vmstorage" "resources" "requests" "memory" "500Mi" }}
resources: {}
storage:
volumeClaimTemplate:
spec:

39
packages/extra/monitoring/templates/vpa.yaml
View File

@@ -1,62 +1,89 @@
{{- range .Values.metricsStorages }}
---
apiVersion: autoscaling.k8s.io/v1
kind: VerticalPodAutoscaler
metadata:
name: vpa-vminsert
name: vpa-vminsert-{{ .name }}
spec:
targetRef:
apiVersion: apps/v1
kind: Deployment
name: vminsert-shortterm
name: vminsert-{{ .name }}
updatePolicy:
updateMode: Auto
resourcePolicy:
containerPolicies:
- containerName: vminsert
minAllowed:
{{- if and .vminsert .vminsert.minAllowed }}
{{- toYaml .vminsert.minAllowed | nindent 10 }}
{{- else }}
cpu: 250m
memory: 256Mi
{{- end }}
maxAllowed:
{{- if and .vminsert .vminsert.maxAllowed }}
{{- toYaml .vminsert.maxAllowed | nindent 10 }}
{{- else }}
cpu: 2000m
memory: 4Gi
{{- end }}
---
apiVersion: autoscaling.k8s.io/v1
kind: VerticalPodAutoscaler
metadata:
name: vpa-vmselect
name: vpa-vmselect-{{ .name }}
spec:
targetRef:
apiVersion: apps/v1
kind: StatefulSet
name: vmselect-shortterm
name: vmselect-{{ .name }}
updatePolicy:
updateMode: Auto
resourcePolicy:
containerPolicies:
- containerName: vmselect
minAllowed:
{{- if and .vmselect .vmselect.minAllowed }}
{{- toYaml .vmselect.minAllowed | nindent 10 }}
{{- else }}
cpu: 250m
memory: 256Mi
{{- end }}
maxAllowed:
{{- if and .vmselect .vmselect.maxAllowed }}
{{- toYaml .vmselect.maxAllowed | nindent 10 }}
{{- else }}
cpu: 4000m
memory: 8Gi
{{- end }}
---
apiVersion: autoscaling.k8s.io/v1
kind: VerticalPodAutoscaler
metadata:
name: vpa-vmstorage
name: vpa-vmstorage-{{ .name }}
spec:
targetRef:
apiVersion: apps/v1
kind: StatefulSet
name: vmstorage-shortterm
name: vmstorage-{{ .name }}
updatePolicy:
updateMode: Auto
resourcePolicy:
containerPolicies:
- containerName: vmstorage
minAllowed:
{{- if and .vmstorage .vmstorage.minAllowed }}
{{- toYaml .vmstorage.minAllowed | nindent 10 }}
{{- else }}
cpu: 100m
memory: 512Mi
{{- end }}
maxAllowed:
{{- if and .vmstorage .vmstorage.maxAllowed }}
{{- toYaml .vmstorage.maxAllowed | nindent 10 }}
{{- else }}
cpu: 4000m
memory: 8Gi
{{- end }}
{{- end }}

64
packages/extra/monitoring/values.yaml
View File

@@ -13,26 +13,26 @@ host: ""
## storage: 10Gi
## storageClassName: ""
## vminsert:
## resources:
## limits:
## memory: 1024Mi
## requests:
## cpu: 200m
## memory: 512Mi
## minAllowed:
## cpu: 200m
## memory: 512Mi
## maxAllowed:
## cpu: 1500m
## memory: 3Gi
## vmselect:
## resources:
## limits:
## memory: 2048Mi
## requests:
## cpu: 300m
## memory: 1Gi
## minAllowed:
## cpu: 300m
## memory: 1Gi
## maxAllowed:
## cpu: 3500m
## memory: 6Gi
## vmstorage:
## resources:
## limits:
## memory: 4096Mi
## requests:
## cpu: 500m
## memory: 2Gi
## minAllowed:
## cpu: 500m
## memory: 2Gi
## maxAllowed:
## cpu: 4000m
## memory: 8Gi
##
metricsStorages:
- name: shortterm
@@ -40,24 +40,11 @@ metricsStorages:
deduplicationInterval: "15s"
storage: 10Gi
storageClassName: ""
vminsert:
resources: {}
vmselect:
resources: {}
vmstorage:
resources: {}
- name: longterm
retentionPeriod: "14d"
deduplicationInterval: "5m"
storage: 10Gi
storageClassName: ""
vminsert:
resources: {}
vmselect:
resources: {}
vmstorage:
resources: {}
## @param logsStorages [array] Configuration of logs storage instances
##
@@ -74,7 +61,13 @@ logsStorages:
alerta:
storage: 10Gi
storageClassName: ""
resources:
limits:
cpu: "1"
memory: 1Gi
requests:
cpu: 100m
memory: 256Mi
alerts:
## @param alerta.alerts.telegram.token telegram token for your bot
## @param alerta.alerts.telegram.chatID specify multiple ID's separated by comma. Get yours in https://t.me/chatid_echo_bot
@@ -95,3 +88,10 @@ alerta:
grafana:
db:
size: 10Gi
resources:
limits:
cpu: "1"
memory: 1Gi
requests:
cpu: 100m
memory: 256Mi

2
packages/extra/seaweedfs/Chart.yaml
View File

@@ -16,7 +16,7 @@ type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.3.0
version: 0.4.0
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to

36
packages/extra/seaweedfs/templates/seaweedfs.yaml
View File

@@ -20,16 +20,27 @@ spec:
values:
global:
serviceAccountName: "{{ .Release.Namespace }}-seaweedfs"
seaweedfs:
master:
resources:
requests:
cpu: "100m"
memory: "128Mi"
limits:
cpu: "500m"
memory: "512Mi"
volume:
replicas: {{ .Values.replicas }}
resources:
requests:
cpu: "100m"
memory: "128Mi"
limits:
cpu: "500m"
memory: "512Mi"
# TODO: workaround for non-working online resize
podAnnotations:
volume-size: "{{ .Values.size }}"
dataDirs:
- name: data1
type: "persistentVolumeClaim"
@@ -38,11 +49,16 @@ spec:
storageClass: {{ . }}
{{- end }}
maxVolumes: 0
filer:
s3:
domainName: {{ .Values.host | default (printf "s3.%s" $host) }}
resources:
requests:
cpu: "100m"
memory: "128Mi"
limits:
cpu: "500m"
memory: "512Mi"
s3:
ingress:
className: {{ $ingress }}
@@ -56,10 +72,16 @@ spec:
- hosts:
- {{ .Values.host | default (printf "s3.%s" $host) }}
secretName: {{ .Release.Name }}-s3-ingress-tls
cosi:
driverName: "{{ .Release.Namespace }}.seaweedfs.objectstorage.k8s.io"
bucketClassName: "{{ .Release.Namespace }}"
resources:
requests:
cpu: "100m"
memory: "128Mi"
limits:
cpu: "500m"
memory: "512Mi"
---
apiVersion: cozystack.io/v1alpha1
kind: WorkloadMonitor

66
packages/extra/seaweedfs/templates/vpa.yaml Normal file
View File

@@ -0,0 +1,66 @@
apiVersion: autoscaling.k8s.io/v1
kind: VerticalPodAutoscaler
metadata:
name: {{ .Release.Name }}-filer
spec:
targetRef:
apiVersion: apps/v1
kind: StatefulSet
name: {{ .Release.Name }}-filer
updatePolicy:
updateMode: Auto
resourcePolicy:
containerPolicies:
- containerName: seaweedfs
minAllowed:
cpu: 250m
memory: 256Mi
maxAllowed:
cpu: "1"
memory: 2048Mi
---
apiVersion: autoscaling.k8s.io/v1
kind: VerticalPodAutoscaler
metadata:
name: {{ .Release.Name }}-master
spec:
targetRef:
apiVersion: apps/v1
kind: StatefulSet
name: {{ .Release.Name }}-master
updatePolicy:
updateMode: Auto
resourcePolicy:
containerPolicies:
- containerName: seaweedfs
minAllowed:
cpu: 250m
memory: 256Mi
maxAllowed:
cpu: "1"
memory: 2048Mi
---
apiVersion: autoscaling.k8s.io/v1
kind: VerticalPodAutoscaler
metadata:
name: {{ .Release.Name }}-volume
spec:
targetRef:
apiVersion: apps/v1
kind: StatefulSet
name: {{ .Release.Name }}-volume
updatePolicy:
updateMode: Auto
resourcePolicy:
containerPolicies:
- containerName: seaweedfs
minAllowed:
cpu: 250m
memory: 256Mi
maxAllowed:
cpu: "1"
memory: 2048Mi

9
packages/extra/versions_map
View File

@@ -8,7 +8,8 @@ etcd 2.3.0 b908400d
etcd 2.4.0 cb7b8158
etcd 2.5.0 861e6c46
etcd 2.6.0 a7425b0
etcd 2.6.1 HEAD
etcd 2.6.1 063439ac
etcd 2.7.0 HEAD
info 1.0.0 HEAD
ingress 1.0.0 f642698
ingress 1.1.0 838bee5d
@@ -31,8 +32,10 @@ monitoring 1.6.1 3bb97596
monitoring 1.7.0 749110aa
monitoring 1.8.0 80b4c151
monitoring 1.8.1 06daf341
monitoring 1.9.0 HEAD
monitoring 1.9.0 8267072d
monitoring 1.9.1 HEAD
seaweedfs 0.1.0 5ca8823
seaweedfs 0.2.0 9e33dc0
seaweedfs 0.2.1 249bf35
seaweedfs 0.3.0 HEAD
seaweedfs 0.3.0 0e728870
seaweedfs 0.4.0 HEAD

2
packages/system/capi-providers/templates/providers.yaml
View File

@@ -19,7 +19,7 @@ spec:
- name: manager
resources:
limits:
cpu: 1024m
cpu: "1"
memory: 1024Mi
---
apiVersion: operator.cluster.x-k8s.io/v1alpha2

4
packages/system/fluxcd-operator/charts/flux-operator/Chart.yaml
View File

@@ -8,7 +8,7 @@ annotations:
- name: Upstream Project
url: https://github.com/controlplaneio-fluxcd/flux-operator
apiVersion: v2
appVersion: v0.17.0
appVersion: v0.18.0
description: 'A Helm chart for deploying the Flux Operator. '
home: https://github.com/controlplaneio-fluxcd
icon: https://raw.githubusercontent.com/cncf/artwork/main/projects/flux/icon/color/flux-icon-color.png
@@ -25,4 +25,4 @@ sources:
- https://github.com/controlplaneio-fluxcd/flux-operator
- https://github.com/controlplaneio-fluxcd/charts
type: application
version: 0.17.0
version: 0.18.0

4
packages/system/fluxcd-operator/charts/flux-operator/README.md
View File

@@ -1,6 +1,6 @@
# flux-operator
![Version: 0.17.0](https://img.shields.io/badge/Version-0.17.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.17.0](https://img.shields.io/badge/AppVersion-v0.17.0-informational?style=flat-square)
![Version: 0.18.0](https://img.shields.io/badge/Version-0.18.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.18.0](https://img.shields.io/badge/AppVersion-v0.18.0-informational?style=flat-square)
The [Flux Operator](https://github.com/controlplaneio-fluxcd/flux-operator) provides a
declarative API for the installation and upgrade of CNCF [Flux](https://fluxcd.io) and the
@@ -46,11 +46,13 @@ see the Flux Operator [documentation](https://fluxcd.control-plane.io/operator/)
| marketplace | object | `{"account":"","license":"","type":""}` | Marketplace settings. |
| multitenancy | object | `{"defaultServiceAccount":"flux-operator","enabled":false}` | Enable [multitenancy lockdown](https://fluxcd.control-plane.io/operator/resourceset/#role-based-access-control) for the ResourceSet APIs. |
| nameOverride | string | `""` | |
| nodeSelector | object | `{}` | Pod Node Selector settings. |
| podSecurityContext | object | `{}` | Pod security context settings. |
| priorityClassName | string | `""` | Pod priority class name. Recommended value is system-cluster-critical. |
| rbac.create | bool | `true` | Grant the cluster-admin role to the flux-operator service account (required for the Flux Instance deployment). |
| rbac.createAggregation | bool | `true` | Grant the Kubernetes view, edit and admin roles access to ResourceSet APIs. |
| readinessProbe | object | `{"httpGet":{"path":"/readyz","port":8081},"initialDelaySeconds":5,"periodSeconds":10}` | Container readiness probe settings. |
| reporting | object | `{"interval":"5m"}` | Flux [reporting](https://fluxcd.control-plane.io/operator/fluxreport/) settings. |
| resources | object | `{"limits":{"cpu":"1000m","memory":"1Gi"},"requests":{"cpu":"100m","memory":"64Mi"}}` | Container resources requests and limits settings. |
| securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true,"runAsNonRoot":true,"seccompProfile":{"type":"RuntimeDefault"}}` | Container security context settings. The default is compliant with the pod security restricted profile. |
| serviceAccount | object | `{"automount":true,"create":true,"name":""}` | Pod service account settings. The name of the service account defaults to the release name. |

7
packages/system/fluxcd-operator/charts/flux-operator/templates/deployment.yaml
View File

@@ -61,6 +61,8 @@ spec:
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: REPORTING_INTERVAL
value: {{ .Values.reporting.interval }}
{{- with .Values.marketplace.type }}
- name: MARKETPLACE_TYPE
value: {{ . }}
@@ -108,3 +110,8 @@ spec:
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}

17
packages/system/fluxcd-operator/charts/flux-operator/values.schema.json
View File

@@ -194,6 +194,12 @@
"nameOverride": {
"type": "string"
},
"nodeSelector": {
"properties": {},
"type": [
"object"
]
},
"podSecurityContext": {
"default": {
"fsGroup": 1337
@@ -246,6 +252,17 @@
},
"type": "object"
},
"reporting": {
"properties": {
"interval": {
"type": "string"
}
},
"required": [
"interval"
],
"type": "object"
},
"resources": {
"properties": {
"limits": {

7
packages/system/fluxcd-operator/charts/flux-operator/values.yaml
View File

@@ -8,6 +8,10 @@ multitenancy:
enabled: false
defaultServiceAccount: "flux-operator" # @schema required: true
# -- Flux [reporting](https://fluxcd.control-plane.io/operator/fluxreport/) settings.
reporting:
interval: 5m # @schema required: true
# -- Install and upgrade the custom resource definitions.
installCRDs: true # @schema default: true
@@ -96,6 +100,9 @@ affinity: # @schema default: {"nodeAffinity":{"requiredDuringSchedulingIgnoredDu
# -- Pod tolerations settings.
tolerations: [ ] # @schema item: object ; uniqueItems: true
# -- Pod Node Selector settings.
nodeSelector: { } # @schema type: object
# -- If `true`, the container ports (`8080` and `8081`) are exposed on the host network.
hostNetwork: false # @schema default: false

4
packages/system/fluxcd/charts/flux-instance/Chart.yaml
View File

@@ -8,7 +8,7 @@ annotations:
- name: Upstream Project
url: https://github.com/controlplaneio-fluxcd/flux-operator
apiVersion: v2
appVersion: v0.17.0
appVersion: v0.18.0
description: 'A Helm chart for deploying a Flux instance managed by Flux Operator. '
home: https://github.com/controlplaneio-fluxcd
icon: https://raw.githubusercontent.com/cncf/artwork/main/projects/flux/icon/color/flux-icon-color.png
@@ -25,4 +25,4 @@ sources:
- https://github.com/controlplaneio-fluxcd/flux-operator
- https://github.com/controlplaneio-fluxcd/charts
type: application
version: 0.17.0
version: 0.18.0

2
packages/system/fluxcd/charts/flux-instance/README.md
View File

@@ -1,6 +1,6 @@
# flux-instance
![Version: 0.17.0](https://img.shields.io/badge/Version-0.17.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.17.0](https://img.shields.io/badge/AppVersion-v0.17.0-informational?style=flat-square)
![Version: 0.18.0](https://img.shields.io/badge/Version-0.18.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.18.0](https://img.shields.io/badge/AppVersion-v0.18.0-informational?style=flat-square)
This chart is a thin wrapper around the `FluxInstance` custom resource, which is
used by the [Flux Operator](https://github.com/controlplaneio-fluxcd/flux-operator)

6
packages/system/ingress-nginx/charts/ingress-nginx/Chart.yaml
View File

@@ -1,9 +1,9 @@
annotations:
artifacthub.io/changes: |
- Update Ingress-Nginx version controller-v1.11.1
- Update Ingress-Nginx version controller-v1.11.2
artifacthub.io/prerelease: "false"
apiVersion: v2
appVersion: 1.11.1
appVersion: 1.11.2
description: Ingress controller for Kubernetes using NGINX as a reverse proxy and
load balancer
home: https://github.com/kubernetes/ingress-nginx
@@ -22,4 +22,4 @@ maintainers:
name: ingress-nginx
sources:
- https://github.com/kubernetes/ingress-nginx
version: 4.11.1
version: 4.11.2

18
packages/system/ingress-nginx/charts/ingress-nginx/README.md
View File

@@ -2,7 +2,7 @@
[ingress-nginx](https://github.com/kubernetes/ingress-nginx) Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer
![Version: 4.11.1](https://img.shields.io/badge/Version-4.11.1-informational?style=flat-square) ![AppVersion: 1.11.1](https://img.shields.io/badge/AppVersion-1.11.1-informational?style=flat-square)
![Version: 4.11.2](https://img.shields.io/badge/Version-4.11.2-informational?style=flat-square) ![AppVersion: 1.11.2](https://img.shields.io/badge/AppVersion-1.11.2-informational?style=flat-square)
To use, add `ingressClassName: nginx` spec field or the `kubernetes.io/ingress.class: nginx` annotation to your Ingress resources.
@@ -253,11 +253,11 @@ As of version `1.26.0` of this chart, by simply not providing any clusterIP valu
| controller.admissionWebhooks.namespaceSelector | object | `{}` | |
| controller.admissionWebhooks.objectSelector | object | `{}` | |
| controller.admissionWebhooks.patch.enabled | bool | `true` | |
| controller.admissionWebhooks.patch.image.digest | string | `"sha256:36d05b4077fb8e3d13663702fa337f124675ba8667cbd949c03a8e8ea6fa4366"` | |
| controller.admissionWebhooks.patch.image.digest | string | `"sha256:a320a50cc91bd15fd2d6fa6de58bd98c1bd64b9a6f926ce23a600d87043455a3"` | |
| controller.admissionWebhooks.patch.image.image | string | `"ingress-nginx/kube-webhook-certgen"` | |
| controller.admissionWebhooks.patch.image.pullPolicy | string | `"IfNotPresent"` | |
| controller.admissionWebhooks.patch.image.registry | string | `"registry.k8s.io"` | |
| controller.admissionWebhooks.patch.image.tag | string | `"v1.4.1"` | |
| controller.admissionWebhooks.patch.image.tag | string | `"v1.4.3"` | |
| controller.admissionWebhooks.patch.labels | object | `{}` | Labels to be added to patch job resources |
| controller.admissionWebhooks.patch.networkPolicy.enabled | bool | `false` | Enable 'networkPolicy' or not |
| controller.admissionWebhooks.patch.nodeSelector."kubernetes.io/os" | string | `"linux"` | |
@@ -325,8 +325,8 @@ As of version `1.26.0` of this chart, by simply not providing any clusterIP valu
| controller.hostname | object | `{}` | Optionally customize the pod hostname. |
| controller.image.allowPrivilegeEscalation | bool | `false` | |
| controller.image.chroot | bool | `false` | |
| controller.image.digest | string | `"sha256:e6439a12b52076965928e83b7b56aae6731231677b01e81818bce7fa5c60161a"` | |
| controller.image.digestChroot | string | `"sha256:7cabe4bd7558bfdf5b707976d7be56fd15ffece735d7c90fc238b6eda290fd8d"` | |
| controller.image.digest | string | `"sha256:d5f8217feeac4887cb1ed21f27c2674e58be06bd8f5184cacea2a69abaf78dce"` | |
| controller.image.digestChroot | string | `"sha256:21b55a2f0213a18b91612a8c0850167e00a8e34391fd595139a708f9c047e7a8"` | |
| controller.image.image | string | `"ingress-nginx/controller"` | |
| controller.image.pullPolicy | string | `"IfNotPresent"` | |
| controller.image.readOnlyRootFilesystem | bool | `false` | |
@@ -334,7 +334,7 @@ As of version `1.26.0` of this chart, by simply not providing any clusterIP valu
| controller.image.runAsNonRoot | bool | `true` | |
| controller.image.runAsUser | int | `101` | |
| controller.image.seccompProfile.type | string | `"RuntimeDefault"` | |
| controller.image.tag | string | `"v1.11.1"` | |
| controller.image.tag | string | `"v1.11.2"` | |
| controller.ingressClass | string | `"nginx"` | For backwards compatibility with ingress.class annotation, use ingressClass. Algorithm is as follows, first ingressClassName is considered, if not present, controller looks for ingress.class annotation |
| controller.ingressClassByName | bool | `false` | Process IngressClass per name (additionally as per spec.controller). |
| controller.ingressClassResource | object | `{"aliases":[],"annotations":{},"controllerValue":"k8s.io/ingress-nginx","default":false,"enabled":true,"name":"nginx","parameters":{}}` | This section refers to the creation of the IngressClass resource. IngressClasses are immutable and cannot be changed after creation. We do not support namespaced IngressClasses, yet, so a ClusterRole and a ClusterRoleBinding is required. |
@@ -400,11 +400,11 @@ As of version `1.26.0` of this chart, by simply not providing any clusterIP valu
| controller.opentelemetry.containerSecurityContext.runAsUser | int | `65532` | The image's default user, inherited from its base image `cgr.dev/chainguard/static`. |
| controller.opentelemetry.containerSecurityContext.seccompProfile.type | string | `"RuntimeDefault"` | |
| controller.opentelemetry.enabled | bool | `false` | |
| controller.opentelemetry.image.digest | string | `"sha256:13bee3f5223883d3ca62fee7309ad02d22ec00ff0d7033e3e9aca7a9f60fd472"` | |
| controller.opentelemetry.image.digest | string | `"sha256:f7604ac0547ed64d79b98d92133234e66c2c8aade3c1f4809fed5eec1fb7f922"` | |
| controller.opentelemetry.image.distroless | bool | `true` | |
| controller.opentelemetry.image.image | string | `"ingress-nginx/opentelemetry"` | |
| controller.opentelemetry.image.image | string | `"ingress-nginx/opentelemetry-1.25.3"` | |
| controller.opentelemetry.image.registry | string | `"registry.k8s.io"` | |
| controller.opentelemetry.image.tag | string | `"v20230721-3e2062ee5"` | |
| controller.opentelemetry.image.tag | string | `"v20240813-b933310d"` | |
| controller.opentelemetry.name | string | `"opentelemetry"` | |
| controller.opentelemetry.resources | object | `{}` | |
| controller.podAnnotations | object | `{}` | Annotations to be added to controller pods # |

9
packages/system/ingress-nginx/charts/ingress-nginx/templates/_helpers.tpl
View File

@@ -244,15 +244,6 @@ Return the appropriate apiGroup for PodSecurityPolicy.
{{- end -}}
{{- end -}}
{{/*
Check the ingress controller version tag is at most three versions behind the last release
*/}}
{{- define "isControllerTagValid" -}}
{{- if not (semverCompare ">=0.27.0-0" .Values.controller.image.tag) -}}
{{- fail "Controller container image tag should be 0.27.0 or higher" -}}
{{- end -}}
{{- end -}}
{{/*
Extra modules.
*/}}

1
packages/system/ingress-nginx/charts/ingress-nginx/templates/controller-daemonset.yaml
View File

@@ -1,5 +1,4 @@
{{- if eq .Values.controller.kind "DaemonSet" -}}
{{- include "isControllerTagValid" . -}}
apiVersion: apps/v1
kind: DaemonSet
metadata:

1
packages/system/ingress-nginx/charts/ingress-nginx/templates/controller-deployment.yaml
View File

@@ -1,5 +1,4 @@
{{- if eq .Values.controller.kind "Deployment" -}}
{{- include "isControllerTagValid" . -}}
apiVersion: apps/v1
kind: Deployment
metadata:

10
packages/system/ingress-nginx/charts/ingress-nginx/tests/controller-daemonset_test.yaml
View File

@@ -138,3 +138,13 @@ tests:
values:
- controller
topologyKey: kubernetes.io/hostname
- it: should create a DaemonSet with a custom tag if `controller.image.tag` is set
set:
controller.kind: DaemonSet
controller.image.tag: my-little-custom-tag
controller.image.digest: sha256:faa2d18687f734994b6bd9e309e7a73852a81c30e1b8f63165fcd4f0a087e3cd
asserts:
- equal:
path: spec.template.spec.containers[0].image
value: registry.k8s.io/ingress-nginx/controller:my-little-custom-tag@sha256:faa2d18687f734994b6bd9e309e7a73852a81c30e1b8f63165fcd4f0a087e3cd

9
packages/system/ingress-nginx/charts/ingress-nginx/tests/controller-deployment_test.yaml
View File

@@ -160,3 +160,12 @@ tests:
values:
- controller
topologyKey: kubernetes.io/hostname
- it: should create a Deployment with a custom tag if `controller.image.tag` is set
set:
controller.image.tag: my-little-custom-tag
controller.image.digest: sha256:faa2d18687f734994b6bd9e309e7a73852a81c30e1b8f63165fcd4f0a087e3cd
asserts:
- equal:
path: spec.template.spec.containers[0].image
value: registry.k8s.io/ingress-nginx/controller:my-little-custom-tag@sha256:faa2d18687f734994b6bd9e309e7a73852a81c30e1b8f63165fcd4f0a087e3cd

16
packages/system/ingress-nginx/charts/ingress-nginx/values.yaml
View File

@@ -26,9 +26,9 @@ controller:
## for backwards compatibility consider setting the full image url via the repository value below
## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail
## repository:
tag: "v1.11.1"
digest: sha256:e6439a12b52076965928e83b7b56aae6731231677b01e81818bce7fa5c60161a
digestChroot: sha256:7cabe4bd7558bfdf5b707976d7be56fd15ffece735d7c90fc238b6eda290fd8d
tag: "v1.11.2"
digest: sha256:d5f8217feeac4887cb1ed21f27c2674e58be06bd8f5184cacea2a69abaf78dce
digestChroot: sha256:21b55a2f0213a18b91612a8c0850167e00a8e34391fd595139a708f9c047e7a8
pullPolicy: IfNotPresent
runAsNonRoot: true
# www-data -> uid 101
@@ -706,12 +706,12 @@ controller:
name: opentelemetry
image:
registry: registry.k8s.io
image: ingress-nginx/opentelemetry
image: ingress-nginx/opentelemetry-1.25.3
## for backwards compatibility consider setting the full image url via the repository value below
## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail
## repository:
tag: "v20230721-3e2062ee5"
digest: sha256:13bee3f5223883d3ca62fee7309ad02d22ec00ff0d7033e3e9aca7a9f60fd472
tag: v20240813-b933310d
digest: sha256:f7604ac0547ed64d79b98d92133234e66c2c8aade3c1f4809fed5eec1fb7f922
distroless: true
containerSecurityContext:
runAsNonRoot: true
@@ -804,8 +804,8 @@ controller:
## for backwards compatibility consider setting the full image url via the repository value below
## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail
## repository:
tag: v1.4.1
digest: sha256:36d05b4077fb8e3d13663702fa337f124675ba8667cbd949c03a8e8ea6fa4366
tag: v1.4.3
digest: sha256:a320a50cc91bd15fd2d6fa6de58bd98c1bd64b9a6f926ce23a600d87043455a3
pullPolicy: IfNotPresent
# -- Provide a priority class name to the webhook patching job
##

29
packages/system/ingress-nginx/values.yaml
View File

@@ -4,9 +4,9 @@ ingress-nginx:
enable-ssl-passthrough: ""
image:
registry: ghcr.io
image: kvaps/ingress-nginx-with-protobuf-exporter/controller
image: cozystack/ingress-nginx-with-protobuf-exporter/controller
tag: v1.11.2
digest: sha256:e80856ece4e30e9646d65c8d92c25a3446a0bba1c2468cd026f17df9e60d2c0f
digest: sha256:beba8869ee370599e1f26557a9669ebdc9481c07b34059f348eb3e17b647e7e0
allowSnippetAnnotations: true
replicaCount: 2
admissionWebhooks:
@@ -16,10 +16,17 @@ ingress-nginx:
enabled: true
extraContainers:
- name: protobuf-exporter
image: ghcr.io/kvaps/ingress-nginx-with-protobuf-exporter/protobuf-exporter:v1.11.2@sha256:25ed6a5f508bbc59134ad786f1e765d1c2187742075a4e828d68ef3f07a78e52
image: ghcr.io/kvaps/ingress-nginx-with-protobuf-exporter/protobuf-exporter:v1.11.2@sha256:6d9235a9ee6f2be1921db4687afbdcd85d145b087dd916b5a96455bdb5cff560
args:
- --server.telemetry-address=0.0.0.0:9090
- --server.exporter-address=0.0.0.0:9091
resources:
limits:
cpu: 100m
memory: 90Mi
requests:
cpu: 100m
memory: 90Mi
service:
#type: NodePort # ClusterIP
externalTrafficPolicy: "Local"
@@ -40,8 +47,22 @@ ingress-nginx:
upstream-keepalive-timeout: "60"
upstream-keepalive-connections: "320"
ssl-session-tickets: "true"
resources:
limits:
cpu: "1"
memory: 2048Mi
requests:
cpu: 100m
memory: 90Mi
defaultBackend:
##
enabled: true
resources:
limits:
cpu: 10m
memory: 20Mi
requests:
cpu: 10m
memory: 20Mi

1
packages/system/kubevirt/templates/kubevirt-cr.yaml
View File

@@ -14,6 +14,7 @@ spec:
- HotplugVolumes
- ExpandDisks
- LiveMigration
- AutoResourceLimitsGate
evictionStrategy: LiveMigrate
customizeComponents: {}
imagePullPolicy: IfNotPresent

2
packages/system/linstor/templates/satellites-plunger.yaml
View File

@@ -25,8 +25,6 @@ spec:
# make some room for live debugging
readOnlyRootFilesystem: false
volumeMounts:
- mountPath: /run
name: host-run
- mountPath: /dev
name: dev
- mountPath: /var/lib/drbd

9
packages/system/linstor/templates/satellites-talos.yaml
View File

@@ -22,11 +22,6 @@ spec:
$patch: delete
- name: drbd-module-loader
$patch: delete
containers:
- name: linstor-satellite
volumeMounts:
- mountPath: /run
name: host-run
volumes:
- name: run-systemd-system
$patch: delete
@@ -46,7 +41,3 @@ spec:
hostPath:
path: /var/etc/lvm/archive
type: DirectoryOrCreate
- name: host-run
hostPath:
path: /run
type: DirectoryOrCreate

5
packages/system/monitoring-agents/templates/vmagent.yaml
View File

@@ -10,7 +10,10 @@ spec:
promscrape.streamParse: "true"
promscrape.maxScrapeSize: 32MB
remoteWrite:
- url: {{ .Values.vmagent.remoteWrite.url | quote }}
{{- range .Values.vmagent.remoteWrite.urls }}
- url: {{ . | quote }}
{{- end }}
scrapeInterval: 30s
selectAllByDefault: true
additionalScrapeConfigs:

4
packages/system/monitoring-agents/values.yaml
View File

@@ -306,7 +306,9 @@ vmagent:
cluster: cozystack
tenant: tenant-root
remoteWrite:
url: http://vminsert-shortterm.tenant-root.svc:8480/insert/0/prometheus
urls:
- http://vminsert-shortterm.tenant-root.svc:8480/insert/0/prometheus
- http://vminsert-longterm.tenant-root.svc:8480/insert/0/prometheus
fluent-bit:
readinessProbe:

4
packages/system/seaweedfs/charts/seaweedfs/templates/cosi-deployment.yaml
View File

@@ -140,6 +140,10 @@ spec:
mountPath: /usr/local/share/ca-certificates/client/
{{- end }}
{{ tpl .Values.cosi.extraVolumeMounts . | nindent 12 | trim }}
{{- with .Values.cosi.resources }}
resources:
{{- toYaml . | nindent 12 }}
{{- end }}
- name: seaweedfs-cosi-sidecar
image: "{{ .Values.cosi.sidecar.image }}"
imagePullPolicy: {{ default "IfNotPresent" .Values.global.imagePullPolicy }}

8
packages/system/seaweedfs/templates/database.yaml
View File

@@ -10,7 +10,13 @@ spec:
monitoring:
enablePodMonitor: true
resources:
limits:
cpu: "1"
memory: 2048Mi
requests:
cpu: 100m
memory: 512Mi
inheritedMetadata:
labels:
policy.cozystack.io/allow-to-apiserver: "true"

1
packages/system/seaweedfs/values.yaml
View File

@@ -6,7 +6,6 @@ global:
WEED_CLUSTER_SW_FILER: "seaweedfs-filer-client:8888"
seaweedfs:
master:
replicas: 3
volumeSizeLimitMB: 100

4
packages/system/vertical-pod-autoscaler/Makefile
View File

@@ -1,11 +1,11 @@
export NAME=victoria-metrics-operator
export NAME=vertical-pod-autoscaler
export NAMESPACE=cozy-$(NAME)
include ../../../scripts/package.mk
update:
rm -rf charts
# VictoriaMetrics operator
# VirtualPodAutoscaler operator
helm repo add cowboysysop https://cowboysysop.github.io/charts/
helm repo update cowboysysop
helm pull cowboysysop/vertical-pod-autoscaler --untar --untardir charts