From fde6e9cc737e774ea0d1f63b5d6e1f65c9b4a01f Mon Sep 17 00:00:00 2001 From: kklinch0 Date: Tue, 22 Apr 2025 13:05:45 +0300 Subject: [PATCH] [platform]: add migration for kube-rbac-proxy daemonset Signed-off-by: kklinch0 --- packages/core/platform/bundles/paas-full.yaml | 3 + .../core/platform/bundles/paas-hosted.yaml | 3 + packages/system/dashboard/templates/vpa.yaml | 80 +++++++++++++++++++ packages/system/dashboard/values.yaml | 2 + .../templates/configure-kk.yaml | 1 + scripts/migrations/10 | 12 +++ 6 files changed, 101 insertions(+) create mode 100644 packages/system/dashboard/templates/vpa.yaml create mode 100644 scripts/migrations/10 diff --git a/packages/core/platform/bundles/paas-full.yaml b/packages/core/platform/bundles/paas-full.yaml index ca5b3f64..74806d9e 100644 --- a/packages/core/platform/bundles/paas-full.yaml +++ b/packages/core/platform/bundles/paas-full.yaml @@ -270,7 +270,10 @@ releases: {{- end }} {{- end }} {{- end }} + frontend: + resourcesPreset: "none" dashboard: + resourcesPreset: "none" {{- $cozystackBranding:= lookup "v1" "ConfigMap" "cozy-system" "cozystack-branding" }} {{- $branding := dig "data" "branding" "" $cozystackBranding }} {{- if $branding }} diff --git a/packages/core/platform/bundles/paas-hosted.yaml b/packages/core/platform/bundles/paas-hosted.yaml index 8b59fd81..f082b3bb 100644 --- a/packages/core/platform/bundles/paas-hosted.yaml +++ b/packages/core/platform/bundles/paas-hosted.yaml @@ -168,7 +168,10 @@ releases: {{- end }} {{- end }} {{- end }} + frontend: + resourcesPreset: "none" dashboard: + resourcesPreset: "none" {{- $cozystackBranding:= lookup "v1" "ConfigMap" "cozy-system" "cozystack-branding" }} {{- $branding := dig "data" "branding" "" $cozystackBranding }} {{- if $branding }} diff --git a/packages/system/dashboard/templates/vpa.yaml b/packages/system/dashboard/templates/vpa.yaml new file mode 100644 index 00000000..6eff7036 --- /dev/null +++ b/packages/system/dashboard/templates/vpa.yaml @@ -0,0 +1,80 @@ +apiVersion: autoscaling.k8s.io/v1 +kind: VerticalPodAutoscaler +metadata: + name: dashboard-internal-dashboard + namespace: cozy-dashboard +spec: + targetRef: + apiVersion: "apps/v1" + kind: Deployment + name: dashboard-internal-dashboard + updatePolicy: + updateMode: "Auto" + resourcePolicy: + containerPolicies: + - containerName: dashboard + controlledResources: ["cpu", "memory"] + minAllowed: + cpu: 50m + memory: 64Mi + maxAllowed: + cpu: 500m + memory: 512Mi +--- +apiVersion: autoscaling.k8s.io/v1 +kind: VerticalPodAutoscaler +metadata: + name: dashboard-internal-kubeappsapis + namespace: cozy-dashboard +spec: + targetRef: + apiVersion: "apps/v1" + kind: Deployment + name: dashboard-internal-kubeappsapis + updatePolicy: + updateMode: "Auto" + resourcePolicy: + containerPolicies: + - containerName: kubeappsapis + controlledResources: ["cpu", "memory"] + minAllowed: + cpu: 50m + memory: 100Mi + maxAllowed: + cpu: 1000m + memory: 1Gi +--- +apiVersion: autoscaling.k8s.io/v1 +kind: VerticalPodAutoscaler +metadata: + name: dashboard-vpa + namespace: cozy-dashboard +spec: + targetRef: + apiVersion: "apps/v1" + kind: Deployment + name: dashboard + updatePolicy: + updateMode: "Auto" + resourcePolicy: + containerPolicies: + - containerName: nginx + controlledResources: ["cpu", "memory"] + minAllowed: + cpu: "50m" + memory: "64Mi" + maxAllowed: + cpu: "500m" + memory: "512Mi" + {{- $dashboardKCconfig := lookup "v1" "ConfigMap" "cozy-dashboard" "kubeapps-auth-config" }} + {{- $dashboardKCValues := dig "data" "values.yaml" "" $dashboardKCconfig }} + {{- if $dashboardKCValues }} + - containerName: auth-proxy + controlledResources: ["cpu", "memory"] + minAllowed: + cpu: "50m" + memory: "64Mi" + maxAllowed: + cpu: "500m" + memory: "512Mi" + {{- end }} diff --git a/packages/system/dashboard/values.yaml b/packages/system/dashboard/values.yaml index 828a5897..a6b91769 100644 --- a/packages/system/dashboard/values.yaml +++ b/packages/system/dashboard/values.yaml @@ -15,12 +15,14 @@ kubeapps: flux: enabled: true dashboard: + resourcesPreset: "none" image: registry: ghcr.io/cozystack/cozystack repository: dashboard tag: v0.30.2 digest: "sha256:a83fe4654f547469cfa469a02bda1273c54bca103a41eb007fdb2e18a7a91e93" kubeappsapis: + resourcesPreset: "none" image: registry: ghcr.io/cozystack/cozystack repository: kubeapps-apis diff --git a/packages/system/keycloak-configure/templates/configure-kk.yaml b/packages/system/keycloak-configure/templates/configure-kk.yaml index 3e32178d..adee11b6 100644 --- a/packages/system/keycloak-configure/templates/configure-kk.yaml +++ b/packages/system/keycloak-configure/templates/configure-kk.yaml @@ -216,6 +216,7 @@ data: values.yaml: | kubeapps: authProxy: + resourcesPreset: "none" enabled: true provider: "oidc" clientID: "kubeapps" diff --git a/scripts/migrations/10 b/scripts/migrations/10 new file mode 100644 index 00000000..6815d906 --- /dev/null +++ b/scripts/migrations/10 @@ -0,0 +1,12 @@ +#!/bin/sh +# Migration 10 --> 11 + +# Force reconcile hr keycloak-configure +if kubectl get helmrelease keycloak-configure -n cozy-keycloak; then + kubectl delete po -l app=source-controller -n cozy-fluxcd + timestamp=$(date --rfc-3339=ns) + kubectl annotate helmrelease keycloak-configure -n cozy-keycloak \ + reconcile.fluxcd.io/forceAt="$timestamp" \ + reconcile.fluxcd.io/requestedAt="$timestamp" \ + --overwrite +fi